SA Bugzilla – Bug 8056
Explore using Github Actions for building and testing
Last modified: 2023-11-20 02:16:14 UTC
As of this writing, the arrangements between ASF and Github make it impractical to use Github Actions as a CI platform. The major hangup is the limit on resources to meet the demand from Apache projects. This issue is being opened to document efforts to set up Actions that will build and test on various platforms, and possibly perform some portion of the release process. Due to the existing limitations, these actions cannot be set up on the official Apache SpamAssassin read-only mirror on Github. I will start by exploring the issues and testing on my personal Github account.
Some documentation: Setup GitHub Actions for CPAN modules https://perlmaven.com/setup-github-actions ASF Wiki, Builds, GitHub Actions status: https://cwiki.apache.org/confluence/display/BUILDS/GitHub+Actions+status Note the security concerns mentioned in the latter that are not addressed in the examples of the former. Security concerns may be mitigated if the actions are only used for automated running of make test based on a read-only git mirror of our actual svn repository, i.e., no write access available to any exploiters.
Feel free to copy from my efforts: https://github.com/bigio/spamassassin/tree/tests Atm all tests are failing with: "/usr/bin/perl" -MExtUtils::MY -e 'MY->fixin(shift)' -- blib/script/sa-update PERL_DL_NONLAZY=1 "/usr/bin/perl" "-MExtUtils::Command::MM" "-MTest::Harness" "-e" "undef *Test::Harness::Switches; test_harness(0, 'blib/lib', 'blib/arch')" t/*.t Insecure directory in $ENV{PATH} while running with -T switch at t/SATest.pm line 1235. t/all_modules.t ...................
Notes on attempting to base action files on https://github.com/Perl/docker-perl-tester That uses the official perl docker images made from dockerfiles at https://github.com/docker-library/docs/tree/master/perl The officially supported omes only go back to perl 5.32. The docker images for older perl versions still exist, but were built on olber versions of Debian/Ubuntu. I got errors trying to install some of the SpamAssassin optional dependencies on those old versions. There is no reason to have to skip tests because dependencies can't be installed. It should be sufficient to test on current versions of Ubuntu as long as we test various perl versions. To do this, instead of using the perl version docker images as base, I'll use an Ubuntu image as base and build perl using the dockerfile that is used to build the latest perl docker image, but with different versions of perl.
I'm making progress on GitHub actions in a personal fork of our git-svn mirror on GitHub. Giovanni, the error you hit is the result of bad permissions on a directory in the Ubuntu runner, fixed by adding a suitable sudo chmod in the script setting up the build environment. There was a similar problem on macOS runners with privileges of the default user, and on Windows with a required change in .gitattributes. I'll make it all available at once after it is fully working. To document it in the public record, here is a copy/paste of a conversation I had a few minutes ago on the asf-infra slack channel, confirming that it should be ok to use our git mirror this way: ---------------- Sidney SpamAssassin project uses svn. Would it be possible and make sense to add a .gitattributes file and .github directory with some GitHub actions set for manual trigger only to allow someone to fork the git mirror and run tests in Actions? This would not use Apache resources on GitHub since this is not for automated CI actions on the mirror, just a convenient way for individual committers to test in their personal GitHub accounts. If we did that, would it work to add the files to the svn repo, or does the git-svn mirror process ignore git-repo-specific files, so Infra would have to add them to the git repo somehow? Humbedooh the mirror process should pick up any files you add Sidney Do you see any problems with doing this? Humbedooh we can't add anything to the git repo itself manually, as that would break mirroring I don't see any issues with it, as long as nothing writes or tries to write to the git repo itself there is already a .gitignore file in the repo for instance Sidney The actions would not even be set up to run on the mirror. As long as adding .github/workflow/*.yml files doesn't automatically enable Actions in the repo and then we can't change those automatic settings on a mirror. Is that a possible problem? Humbedooh I don't think anyone truly knows the answer to that question, no one has tried that before :slightly_smiling_face: Sidney OK, then I guess it is worth a try. Thanks! Humbedooh the settings can always be changed by infra manually if anything goes wonky
Committing files that can be used to run a Github Action that builds SpamAssassin and runs make test. To use: In your own Github account create a fork of the Github mirror of the SpamAssassin svn repo that is at https://github.com/apache/spamassassin Note: DO NOT run the action in the the apache Github repo, fork first. Apache does not have the resources on Github to add running these actions to everything else they are already doing. In the Github web page for your fork, in the settings for the repository, enable permissions to run the actions. When you want to run the regression tests in Actions, on the Github page for the fork, select the Actions tab, click on the One Native Runner Ci action in the left panel. Click on the Run Workflow dropdown that is in the right panel. Enter the appropriate runner platform, perl version, and make command for the tests your want to run, then click the Run Workflow button. Click the Actions tab again to see actions that are in progress and click on one and drill down to find the scrolling display of the log output. trunk % svn ci -m "Bug 8056 - commit Github Actions that can be used in a fork of our Github mirror to run regression tests on Github action runners" Adding .github Adding .github/actions Adding .github/actions/install_cpan_dependencies_for_sa Adding .github/actions/install_cpan_dependencies_for_sa/action.yml Adding .github/actions/setup_macos_for_sa_test Adding .github/actions/setup_macos_for_sa_test/action.yml Adding .github/actions/setup_ubuntu_for_sa_test Adding .github/actions/setup_ubuntu_for_sa_test/action.yml Adding .github/workflows Adding .github/workflows/makefile_one_native.yml Sending MANIFEST.SKIP Transmitting file data .....done Committing transaction... Committed revision 1905790. I'm not closing this issue yet. This commit is to get the files in the Github repository so I can use it to run tests for the 4.0.0 release, with the expectation that there will be things to clean up after the release. Since there are no code changes for production, this has been committed without an R-T-C vote.
trunk % svn ci -m "Bug 8056 - add .gitattributes required for Windows test Github Actions to work" .gitattributes Adding .gitattributes Transmitting file data .done Committing transaction... Committed revision 1905809.
trunk % svn ci -m "Bug 8056 - Add .gitattributes to MANIFEST.SKIP" MANIFEST.SKIP Sending MANIFEST.SKIP Transmitting file data .done Committing transaction... Committed revision 1905811.
.github % svn ci -m "Bug 8056 - fix typos in documentation lines in previous commit" Sending actions/install_cpan_dependencies_for_sa/action.yml Sending actions/setup_macos_for_sa_test/action.yml Sending actions/setup_ubuntu_for_sa_test/action.yml Transmitting file data ...done Committing transaction... Committed revision 1905817.
.github % svn ci -m "Bug 8056 - fix yet another typo in documentation line in earlier commit" Sending actions/setup_ubuntu_for_sa_test/action.yml Transmitting file data .done Committing transaction... Committed revision 1905818.
The .github directory in our repo now has a complete set of GitHub actions for running tests of SpamAssassin, with a README.md in that directory. trunk % svn ci -m "Bug 8056 - Update actions tests for SpamAssassin" Adding .github/README.md Sending .github/actions/install_cpan_dependencies_for_sa/action.yml Adding .github/actions/mysql Adding .github/actions/mysql/action.yml Adding .github/actions/postgres Adding .github/actions/postgres/action.yml Sending .github/actions/setup_macos_for_sa_test/action.yml Sending .github/actions/setup_ubuntu_for_sa_test/action.yml Deleting .github/workflows/makefile_one_native.yml Adding .github/workflows/spamassassin_make_test.yml Transmitting file data .......done Committing transaction... Committed revision 1906485.
So this is only for individual committers, to run an "extended" make test manually on many platforms when needed? Or is the intention to automate this in any way? I guess it wouldn't make sense to automate anything across many committer accounts, since they would be just running exact same tests wasting Github resources? Or is there some resource limits on Github side, and we could coordinate running different Perl versions etc with different committer accounts?
(In reply to Henrik Krohns from comment #11) > So this is only for individual committers, to run an "extended" make test > manually on many platforms when needed? That's the basic idea. It's something that I could use when I am preparing a release. It is set up for manual trigger only, and not to be run from our Apache GitHub repo because Apache has limited resources for such things, that are already oversubscribed by the early adopter projects. > Or is the intention to automate this in any way? I guess it wouldn't make > sense to automate anything across many committer accounts, since they would > be just running exact same tests wasting Github resources? I don't think it would be reasonable to automate the tests to run with every push, even if it were easy to filter out the rule update pushes. > Or is there some > resource limits on Github side, and we could coordinate running different > Perl versions etc with different committer accounts? I haven't hit a resource limit on my free personal account. There might be some kind of cap on network usage that I hit occasionally when running many jobs at once that is the cause of some network tests failing very sporadically. Actually, your mention of splitting up perl versions between people gave me an idea. Github Actions can have a cron trigger, We could run one perl version on three platforms each day, which would just be three make test runs per day and cycle through all perl versions every two weeks. I could do that on my personal account with no problem.
trunk % svn ci -m "Bug 8056 - Add install of pyzor to macOS and Windows test runners on GitHub" Sending .github/actions/setup_macos_for_sa_test/action.yml Adding .github/actions/setup_windows_for_sa_test Adding .github/actions/setup_windows_for_sa_test/action.yml Sending .github/workflows/spamassassin_make_test.yml Transmitting file data ...done Committing transaction... Committed revision 1906628.
trunk % svn ci -m "Big 8056 - Fix problem with our setup of Ubuntu runner when apt repo has some newer entries than runner image" .github/actions/setup_ubuntu_for_sa_test/action.yml Sending .github/actions/setup_ubuntu_for_sa_test/action.yml Transmitting file data .done Committing transaction... Committed revision 1906646.
Retargeting to some indefinite time. I never intended this to be tied to any particular release as a potential release blocker. It's just a convenience for ongoing testing that I can get working as well as possible.