secp256k1
secp256k1 copied to clipboard
bitcoin-core
ci: Future of CI after Cirrus pricing change
Roadmap (keeping this up to date):
I think the natural way forward for us is:
- [x] Move native Windows tasks to GitHub Actions (#1389 and #1397)
- [x] Move SageMath task to GitHub Actions (#1399)
- [x] Move native macOS tasks to GitHub Actions, this will convert them to x86_64 unfortunately (#1394, #1404)
- Move Linux tasks to the Bitcoin Core persistent workers or alternatively to GitHub Actions
- [x] wine/msvc tasks (converting them to native windows in #1401)
- [x] wine/mingw tasks (#1398)
- [x] actual normal Linux tasks (#1396)
- [x] special tasks like qemu/sanitizers (#1406, #1409)
Possible follow-ups:
- ~Consider using artifacts to move the Docker image from the Docker build job to the actual CI job (for Linux tasks).~ (Not worth the hassle, the current approach seems to work well.)
Details
This should be a cleaner solution, but it adds some complexity. It's also worth checking if this avoids network issues. In terms of delay, this adds about 12 min uploading time to the Docker build job, but avoids about 1 min delay in the actual CI jobs as compared to the current solution that relies purely on the GHA cache (#1398). So this will speed up CI if we could avoid re-uploading existing artifacts, e.g., have another digest file that just stores the SHA256, and re-upload only if the SHA does not match. But all of this is probably not worth the complexity if the current approach with the cache turns out to be good enough. - [x] Enable Valgrind on macOS again now that the macOS tasks run on x86_64 (#1151, #1412)
- Bring back some ARM testing (see for details: https://github.com/bitcoin-core/secp256k1/pull/1394#issuecomment-1682321329)
- [x] Add a task for ctimetest on ARM64/Linux/Valgrind on Cirrus CI using free minutes or the self-hosted runner (#1426)
- [x] Add more ARM64 tests on QEMU (#1414)
- [ ] Add ARM32 tests (https://github.com/bitcoin-core/secp256k1/pull/1426#issuecomment-1728543515)
- [x] Consider moving the
gitsafe directory stuff torun-in-docker-action(https://github.com/bitcoin-core/secp256k1/pull/1411) - [ ] After the migration, check if the build matrix still makes sense
- [ ] cosmetics: Job names could need a rework
- [ ] cosmetics: Printing of log files could be improved
Other related PRs:
- [x] https://github.com/bitcoin-core/secp256k1/pull/1403
- [x] https://github.com/bitcoin-core/secp256k1/pull/1410
Corresponding Bitcoin Core issue: https://github.com/bitcoin/bitcoin/issues/28098
Cirrus CI will cap the community cluster, see cirrus-ci.org/blog/2023/07/17/limiting-free-usage-of-cirrus-ci. As with Core, the pricing model makes it totally unreasonable to pay for compute credits (multiple thousand USD / month).
The plan in Bitcoin Core is to move native Windows+macOS tasks to GitHub Actions, and move Linux tasks to persistent workers (=self-hosted). If I read the Bitcoin Core IRC meeting notes correctly, @MarcoFalke said these workers will also be available for libsecp256k1.
But the devil is in the details:
For macOS, we need to take also #1153 into account. It seems that GitHub-hosted macOS runners are on x86_64. The good news is that Valgrind should work again then, but the (very) bad is that this will reduce our number of native ARM tasks to zero. We still have some QEMU tasks, but we can't even the run the Valgrind cttimetests on them (maybe this would now work with MSan?!) @MarcoFalke Are the self-hosted runners only x86_64?
For Linux tasks, the meeting notes say that the main reason for using persistent workers is that some tasks require a very specific environment (e.g., the USDT ASan job). I don't think we have such requirements, so I tend to think that moving everything to GitHub Actions is a bit cleaner for us. With a persistent worker, Cirrus CI anyway acts only as a "coordination layer" between the worker and GitHub. Yet another way is to the self-hosted runners with GitHub Actions, see my comment https://github.com/bitcoin/bitcoin/issues/28098#issuecomment-1665661274).
