From: Thomas Huth <thuth@redhat.com>
To: "Daniel P. Berrangé" <berrange@redhat.com>, qemu-devel@nongnu.org
Cc: "Philippe Mathieu-Daudé" <f4bug@amsat.org>,
"Wainer dos Santos Moschetta" <wainersm@redhat.com>,
"Alex Bennée" <alex.bennee@linaro.org>
Subject: Re: [PATCH 2/2] gitlab: don't run CI jobs by default on push to user forks
Date: Tue, 10 May 2022 10:51:09 +0200 [thread overview]
Message-ID: <89103e61-3ff0-c374-2317-585ebfb93e6f@redhat.com> (raw)
In-Reply-To: <20210812180403.4129067-3-berrange@redhat.com>
On 12/08/2021 20.04, Daniel P. Berrangé wrote:
> Currently pushes to user forks run the same set of build / test jobs as
> pushes to the main repo. This results in creation of 120+ individual
> jobs. While it is useful for subsystem maintainers, and even regular
> contributors to be able to run the full set of jobs, it is wasteful to
> run all of them all the time.
Hi Daniel!
Now that gitlab introduces limits for the CI for all users, I think we
should revisit this topic ... could you maybe respin your patch to the
current git master branch?
Thomas
> In addition, with the expected change in GitLab to set a finite CI
> minute allowance on all users we need to be much more conservative.
>
> This patch thus sets up rules so that no CI jobs will run by default
> on push, except
>
> - Pushes to branch name prefix 'staging' on 'qemu-project' repo
> run full set of jobs
> - Pushes to 'master' branch, only run jobs needed to publish
> the website.
>
> In any pushes to users forks, CI is now strictly opt-in. The pipeline
> will always be created by every singe job will be marked manual. You
> can then use the web UI to start individual jobs.
>
> For more convenience there are three levels of increasing comprehensive
> CI job sets that can be chosen between
>
> - Gating - run exactly the same as pushes to 'staging' branch
> (except for jobs needing custom runners)
>
> Push to 'ci-gating-xxx' branch, or set env QEMU_CI_GATING=1
>
> - Full - same as 'Gating', except that acceptance tests don't
> get run. This is equivalent to historical CI behaviour
> for pushes to user forks.
>
> Push to 'ci-full-xxx' branch, or set env QEMU_CI_FULL=1
>
> - Minimal - a significantly cut down set of jobs to get a
> decent sanity check of builds without burning
> massive amounts of CI time.
>
> Push to 'ci-min-xxx' branch, or set env QEMU_CI=1
>
> The minimal job set covers:
>
> * Fedora, CentOS, Ubuntu & Debian system emulator builds
> to cover all arch targets.
> * Linux user static build
> * Cross build i386 (to identify any 32-bit build issues)
> * Cross build s390x (to identify any big endian build issues)
> * Containers needed for the above
> * Cirrus CI FreeBSD 12 and macOS 11 (to identify non-Linux issues)
> * Simple checks - python unittests, DCO check, checkpatch.pl, etc
>
> This gives about 30 jobs instead of 120 from the "Full" group. It
> is likely reasonable to cut the minimal set down even more, as IMHO
> there are too many system emulator jobs there.
>
> This is all controlled by defining a set of 'rules' entries that
> apply to (almost) all jobs in the CI pipeline. The exceptions are
> those using custom runners, and the firmware build jobs.
>
> Using inherited templates together with rules, doesn't work in
> the way you might expect. Any rules defined in the child completely
> replace those from the parent, rather than augmenting them. Thus we
> need to avoid having rules defined in any jobs at all, by inheriting
> from a parent job template that contains the rules. The characteristics
> of individual jobs are then defined by variables set against the job.
> This is described in the updated content for the docs/devel/ci-jobs.rst
> file.
>
> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
> ---
> .gitlab-ci.d/buildtest-template.yml | 17 +--
> .gitlab-ci.d/buildtest.yml | 43 ++++----
> .gitlab-ci.d/cirrus.yml | 6 +-
> .gitlab-ci.d/container-core.yml | 4 +
> .gitlab-ci.d/container-cross.yml | 9 +-
> .gitlab-ci.d/container-template.yml | 1 +
> .gitlab-ci.d/containers.yml | 4 +
> .gitlab-ci.d/crossbuild-template.yml | 3 +
> .gitlab-ci.d/crossbuilds.yml | 3 +
> .gitlab-ci.d/qemu-project.yml | 1 +
> .gitlab-ci.d/rules.yml | 116 ++++++++++++++++++++
> .gitlab-ci.d/static_checks.yml | 18 ++--
> .gitlab-ci.yml | 4 -
> docs/devel/ci-jobs.rst | 155 ++++++++++++++++++++++++---
> 14 files changed, 317 insertions(+), 67 deletions(-)
> create mode 100644 .gitlab-ci.d/rules.yml
>
> diff --git a/.gitlab-ci.d/buildtest-template.yml b/.gitlab-ci.d/buildtest-template.yml
> index fcbcc4e627..8578b3ed11 100644
> --- a/.gitlab-ci.d/buildtest-template.yml
> +++ b/.gitlab-ci.d/buildtest-template.yml
> @@ -1,4 +1,6 @@
> +
> .native_build_job_template:
> + extends: .job_rules
> stage: build
> image: $CI_REGISTRY_IMAGE/qemu/$IMAGE:latest
> before_script:
> @@ -27,6 +29,7 @@
> fi
>
> .native_test_job_template:
> + extends: .job_rules
> stage: test
> image: $CI_REGISTRY_IMAGE/qemu/$IMAGE:latest
> script:
> @@ -67,15 +70,5 @@
> after_script:
> - cd build
> - du -chs ${CI_PROJECT_DIR}/avocado-cache
> - rules:
> - # Only run these jobs if running on the mainstream namespace,
> - # or if the user set the QEMU_CI_AVOCADO_TESTING variable (either
> - # in its namespace setting or via git-push option, see documentation
> - # in /.gitlab-ci.yml of this repository).
> - - if: '$CI_PROJECT_NAMESPACE == "qemu-project"'
> - when: on_success
> - - if: '$QEMU_CI_AVOCADO_TESTING'
> - when: on_success
> - # Otherwise, set to manual (the jobs are created but not run).
> - - when: manual
> - allow_failure: true
> + variables:
> + QEMU_JOB_GATING: 1
> diff --git a/.gitlab-ci.d/buildtest.yml b/.gitlab-ci.d/buildtest.yml
> index 903ee65f32..c8e03373c5 100644
> --- a/.gitlab-ci.d/buildtest.yml
> +++ b/.gitlab-ci.d/buildtest.yml
> @@ -40,6 +40,7 @@ build-system-ubuntu:
> needs:
> job: amd64-ubuntu2004-container
> variables:
> + QEMU_JOB_MINIMAL: 1
> IMAGE: ubuntu2004
> CONFIGURE_ARGS: --enable-docs --enable-fdt=system --enable-slirp=system
> TARGETS: aarch64-softmmu alpha-softmmu cris-softmmu hppa-softmmu
> @@ -56,6 +57,7 @@ check-system-ubuntu:
> - job: build-system-ubuntu
> artifacts: true
> variables:
> + QEMU_JOB_MINIMAL: 1
> IMAGE: ubuntu2004
> MAKE_CHECK_ARGS: check
>
> @@ -73,6 +75,7 @@ build-system-debian:
> needs:
> job: amd64-debian-container
> variables:
> + QEMU_JOB_MINIMAL: 1
> IMAGE: debian-amd64
> CONFIGURE_ARGS: --enable-fdt=system
> TARGETS: arm-softmmu avr-softmmu i386-softmmu mipsel-softmmu
> @@ -89,6 +92,7 @@ check-system-debian:
> - job: build-system-debian
> artifacts: true
> variables:
> + QEMU_JOB_MINIMAL: 1
> IMAGE: debian-amd64
> MAKE_CHECK_ARGS: check
>
> @@ -106,6 +110,7 @@ build-system-fedora:
> needs:
> job: amd64-fedora-container
> variables:
> + QEMU_JOB_MINIMAL: 1
> IMAGE: fedora
> CONFIGURE_ARGS: --disable-gcrypt --enable-nettle --enable-docs
> --enable-fdt=system --enable-slirp=system --enable-capstone=system
> @@ -123,6 +128,7 @@ check-system-fedora:
> - job: build-system-fedora
> artifacts: true
> variables:
> + QEMU_JOB_MINIMAL: 1
> IMAGE: fedora
> MAKE_CHECK_ARGS: check
>
> @@ -140,6 +146,7 @@ build-system-centos:
> needs:
> job: amd64-centos8-container
> variables:
> + QEMU_JOB_MINIMAL: 1
> IMAGE: centos8
> CONFIGURE_ARGS: --disable-nettle --enable-gcrypt --enable-fdt=system
> --enable-modules --enable-trace-backends=dtrace
> @@ -157,6 +164,7 @@ check-system-centos:
> - job: build-system-centos
> artifacts: true
> variables:
> + QEMU_JOB_MINIMAL: 1
> IMAGE: centos8
> MAKE_CHECK_ARGS: check
>
> @@ -325,6 +333,7 @@ build-user-static:
> needs:
> job: amd64-debian-user-cross-container
> variables:
> + QEMU_JOB_MINIMAL: 1
> IMAGE: debian-all-test-cross
> CONFIGURE_ARGS: --disable-tools --disable-system --static
> MAKE_CHECK_ARGS: check-tcg
> @@ -411,17 +420,15 @@ build-cfi-aarch64:
> --enable-safe-stack --enable-slirp=git
> TARGETS: aarch64-softmmu
> MAKE_CHECK_ARGS: check-build
> + # FIXME: This job is often failing, likely due to out-of-memory problems in
> + # the constrained containers of the shared runners. Thus this is marked as
> + # manual until the situation has been solved.
> + QEMU_JOB_MANUAL: 1
> timeout: 70m
> artifacts:
> expire_in: 2 days
> paths:
> - build
> - rules:
> - # FIXME: This job is often failing, likely due to out-of-memory problems in
> - # the constrained containers of the shared runners. Thus this is marked as
> - # manual until the situation has been solved.
> - - when: manual
> - allow_failure: true
>
> check-cfi-aarch64:
> extends: .native_test_job_template
> @@ -453,17 +460,15 @@ build-cfi-ppc64-s390x:
> --enable-safe-stack --enable-slirp=git
> TARGETS: ppc64-softmmu s390x-softmmu
> MAKE_CHECK_ARGS: check-build
> + # FIXME: This job is often failing, likely due to out-of-memory problems in
> + # the constrained containers of the shared runners. Thus this is marked as
> + # manual until the situation has been solved.
> + QEMU_JOB_MANUAL: 1
> timeout: 70m
> artifacts:
> expire_in: 2 days
> paths:
> - build
> - rules:
> - # FIXME: This job is often failing, likely due to out-of-memory problems in
> - # the constrained containers of the shared runners. Thus this is marked as
> - # manual until the situation has been solved.
> - - when: manual
> - allow_failure: true
>
> check-cfi-ppc64-s390x:
> extends: .native_test_job_template
> @@ -657,6 +662,7 @@ build-without-default-features:
> MAKE_CHECK_ARGS: check-unit
>
> build-libvhost-user:
> + extends: .job_rules
> stage: build
> image: $CI_REGISTRY_IMAGE/qemu/fedora:latest
> needs:
> @@ -676,6 +682,8 @@ build-tools-and-docs-debian:
> needs:
> job: amd64-debian-container
> variables:
> + QEMU_JOB_MINIMAL: 1
> + QEMU_JOB_PUBLISH: 1
> IMAGE: debian-amd64
> MAKE_CHECK_ARGS: check-unit check-softfloat ctags TAGS cscope
> CONFIGURE_ARGS: --disable-system --disable-user --enable-docs --enable-tools
> @@ -698,10 +706,14 @@ build-tools-and-docs-debian:
> # that users can see the results of their commits, regardless
> # of what topic branch they're currently using
> pages:
> + extends: .native_build_job_template
> image: $CI_REGISTRY_IMAGE/qemu/debian-amd64:latest
> stage: test
> needs:
> - job: build-tools-and-docs-debian
> + variables:
> + QEMU_JOB_MINIMAL: 1
> + QEMU_JOB_PUBLISH: 1
> script:
> - mkdir -p public
> # HTML-ised source tree
> @@ -715,10 +727,3 @@ pages:
> artifacts:
> paths:
> - public
> - rules:
> - - if: '$CI_PROJECT_NAMESPACE == "qemu-project" && $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
> - when: on_success
> - - if: '$CI_PROJECT_NAMESPACE == "qemu-project"'
> - when: never
> - - if: '$CI_PROJECT_NAMESPACE != "qemu-project"'
> - when: on_success
> diff --git a/.gitlab-ci.d/cirrus.yml b/.gitlab-ci.d/cirrus.yml
> index 675db69622..4334736796 100644
> --- a/.gitlab-ci.d/cirrus.yml
> +++ b/.gitlab-ci.d/cirrus.yml
> @@ -11,6 +11,7 @@
> # special care, because we can't just override it at the GitLab CI job
> # definition level or we risk breaking it completely.
> .cirrus_build_job:
> + extends: .job_rules
> stage: build
> image: registry.gitlab.com/libvirt/libvirt-ci/cirrus-run:master
> needs: []
> @@ -39,8 +40,6 @@
> <.gitlab-ci.d/cirrus/build.yml >.gitlab-ci.d/cirrus/$NAME.yml
> - cat .gitlab-ci.d/cirrus/$NAME.yml
> - cirrus-run -v --show-build-log always .gitlab-ci.d/cirrus/$NAME.yml
> - rules:
> - - if: "$CIRRUS_GITHUB_REPO && $CIRRUS_API_TOKEN"
>
> x64-freebsd-12-build:
> extends: .cirrus_build_job
> @@ -61,6 +60,8 @@ x64-freebsd-12-build:
> x64-freebsd-13-build:
> extends: .cirrus_build_job
> variables:
> + QEMU_JOB_SOFT_FAIL: 1
> + QEMU_JOB_MINIMAL: 1
> NAME: freebsd-13
> CIRRUS_VM_INSTANCE_TYPE: freebsd_instance
> CIRRUS_VM_IMAGE_SELECTOR: image_family
> @@ -74,6 +75,7 @@ x64-freebsd-13-build:
> x64-macos-11-base-build:
> extends: .cirrus_build_job
> variables:
> + QEMU_JOB_MINIMAL: 1
> NAME: macos-11
> CIRRUS_VM_INSTANCE_TYPE: osx_instance
> CIRRUS_VM_IMAGE_SELECTOR: image
> diff --git a/.gitlab-ci.d/container-core.yml b/.gitlab-ci.d/container-core.yml
> index e8dd1f476a..8983c32b3b 100644
> --- a/.gitlab-ci.d/container-core.yml
> +++ b/.gitlab-ci.d/container-core.yml
> @@ -4,14 +4,18 @@ include:
> amd64-centos8-container:
> extends: .container_job_template
> variables:
> + QEMU_JOB_MINIMAL: 1
> NAME: centos8
>
> amd64-fedora-container:
> extends: .container_job_template
> variables:
> + QEMU_JOB_MINIMAL: 1
> NAME: fedora
>
> amd64-debian10-container:
> extends: .container_job_template
> variables:
> + QEMU_JOB_MINIMAL: 1
> + QEMU_JOB_PUBLISH: 1
> NAME: debian10
> diff --git a/.gitlab-ci.d/container-cross.yml b/.gitlab-ci.d/container-cross.yml
> index 0fcebe363a..ef316668eb 100644
> --- a/.gitlab-ci.d/container-cross.yml
> +++ b/.gitlab-ci.d/container-cross.yml
> @@ -50,13 +50,11 @@ armhf-debian-cross-container:
> # We never want to build hexagon in the CI system and by default we
> # always want to refer to the master registry where it lives.
> hexagon-cross-container:
> + extends: .job_rules
> image: docker:stable
> stage: containers
> - rules:
> - - if: '$CI_PROJECT_NAMESPACE == "qemu-project"'
> - when: never
> - - when: always
> variables:
> + QEMU_JOB_MANUAL: 1
> NAME: debian-hexagon-cross
> GIT_DEPTH: 1
> services:
> @@ -143,6 +141,7 @@ s390x-debian-cross-container:
> stage: containers-layer2
> needs: ['amd64-debian10-container']
> variables:
> + QEMU_JOB_MINIMAL: 1
> NAME: debian-s390x-cross
>
> sh4-debian-cross-container:
> @@ -179,11 +178,13 @@ cris-fedora-cross-container:
> i386-fedora-cross-container:
> extends: .container_job_template
> variables:
> + QEMU_JOB_MINIMAL: 1
> NAME: fedora-i386-cross
>
> win32-fedora-cross-container:
> extends: .container_job_template
> variables:
> + QEMU_JOB_MINIMAL: 1
> NAME: fedora-win32-cross
>
> win64-fedora-cross-container:
> diff --git a/.gitlab-ci.d/container-template.yml b/.gitlab-ci.d/container-template.yml
> index 1baecd9460..e2954e4ed3 100644
> --- a/.gitlab-ci.d/container-template.yml
> +++ b/.gitlab-ci.d/container-template.yml
> @@ -1,4 +1,5 @@
> .container_job_template:
> + extends: .job_rules
> image: docker:stable
> stage: containers
> services:
> diff --git a/.gitlab-ci.d/containers.yml b/.gitlab-ci.d/containers.yml
> index cd06d3f5f4..6948923892 100644
> --- a/.gitlab-ci.d/containers.yml
> +++ b/.gitlab-ci.d/containers.yml
> @@ -17,6 +17,8 @@ amd64-debian-container:
> stage: containers-layer2
> needs: ['amd64-debian10-container']
> variables:
> + QEMU_JOB_MINIMAL: 1
> + QEMU_JOB_PUBLISH: 1
> NAME: debian-amd64
>
> amd64-ubuntu1804-container:
> @@ -27,6 +29,7 @@ amd64-ubuntu1804-container:
> amd64-ubuntu2004-container:
> extends: .container_job_template
> variables:
> + QEMU_JOB_MINIMAL: 1
> NAME: ubuntu2004
>
> amd64-ubuntu-container:
> @@ -42,4 +45,5 @@ amd64-opensuse-leap-container:
> python-container:
> extends: .container_job_template
> variables:
> + QEMU_JOB_MINIMAL: 1
> NAME: python
> diff --git a/.gitlab-ci.d/crossbuild-template.yml b/.gitlab-ci.d/crossbuild-template.yml
> index 7d3ad00a1e..997ec02f79 100644
> --- a/.gitlab-ci.d/crossbuild-template.yml
> +++ b/.gitlab-ci.d/crossbuild-template.yml
> @@ -1,4 +1,5 @@
> .cross_system_build_job:
> + extends: .job_rules
> stage: build
> image: $CI_REGISTRY_IMAGE/qemu/$IMAGE:latest
> timeout: 80m
> @@ -23,6 +24,7 @@
> # KVM), and set extra options (such disabling other accelerators) via the
> # $EXTRA_CONFIGURE_OPTS variable.
> .cross_accel_build_job:
> + extends: .job_rules
> stage: build
> image: $CI_REGISTRY_IMAGE/qemu/$IMAGE:latest
> timeout: 30m
> @@ -35,6 +37,7 @@
> - make -j$(expr $(nproc) + 1) all check-build $MAKE_CHECK_ARGS
>
> .cross_user_build_job:
> + extends: .job_rules
> stage: build
> image: $CI_REGISTRY_IMAGE/qemu/$IMAGE:latest
> script:
> diff --git a/.gitlab-ci.d/crossbuilds.yml b/.gitlab-ci.d/crossbuilds.yml
> index 4ff3aa3cfc..9fcd2ac567 100644
> --- a/.gitlab-ci.d/crossbuilds.yml
> +++ b/.gitlab-ci.d/crossbuilds.yml
> @@ -48,6 +48,7 @@ cross-i386-system:
> needs:
> job: i386-fedora-cross-container
> variables:
> + QEMU_JOB_MINIMAL: 1
> IMAGE: fedora-i386-cross
> MAKE_CHECK_ARGS: check-qtest
>
> @@ -129,6 +130,7 @@ cross-s390x-system:
> needs:
> job: s390x-debian-cross-container
> variables:
> + QEMU_JOB_MINIMAL: 1
> IMAGE: debian-s390x-cross
>
> cross-s390x-user:
> @@ -159,6 +161,7 @@ cross-win32-system:
> needs:
> job: win32-fedora-cross-container
> variables:
> + QEMU_JOB_MINIMAL: 1
> IMAGE: fedora-win32-cross
> artifacts:
> paths:
> diff --git a/.gitlab-ci.d/qemu-project.yml b/.gitlab-ci.d/qemu-project.yml
> index b3d79bc429..7007193fc0 100644
> --- a/.gitlab-ci.d/qemu-project.yml
> +++ b/.gitlab-ci.d/qemu-project.yml
> @@ -2,6 +2,7 @@
> # https://gitlab.com/qemu-project/qemu/-/pipelines
>
> include:
> + - local: '/.gitlab-ci.d/rules.yml'
> - local: '/.gitlab-ci.d/stages.yml'
> - local: '/.gitlab-ci.d/edk2.yml'
> - local: '/.gitlab-ci.d/opensbi.yml'
> diff --git a/.gitlab-ci.d/rules.yml b/.gitlab-ci.d/rules.yml
> new file mode 100644
> index 0000000000..3399722ca9
> --- /dev/null
> +++ b/.gitlab-ci.d/rules.yml
> @@ -0,0 +1,116 @@
> +
> +# This defines rules used to control individual job execution
> +# See docs/devel/ci-jobs.rst for an explanation of the various
> +# variables and branch naming conventions applied here.
> +#
> +.job_rules:
> + rules:
> + # ======================================================================
> + # Rules that apply regardless of whether the primary qemu repo or a fork
> + # ======================================================================
> +
> + # Skip any cirrus job if either repo or api token are missing
> + # as we won't be able to talk to cirrus
> + - if: '$CIRRUS_VM_INSTANCE_TYPE && ($CIRRUS_GITHUB_REPO == null || $CIRRUS_API_TOKEN == null)'
> + when: never
> +
> + # Any jobs marked as manual, never get automatically run in any scenario
> + # and don't contribute to pipeline status
> + - if: '$QEMU_JOB_MANUAL'
> + when: manual
> + allow_failure: true
> +
> + # For the main repo, tags represent official releases.
> + # The branch associated with the release will have passed
> + # a CI pipeline already
> + #
> + # For user forks, tags are tyically added by tools like
> + # git-publish at the same time as pushing the branch prior
> + # to sending out for review
> + #
> + # In neither case do we wish to run CI pipelines for tags
> + - if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_TAG'
> + when: never
> +
> +
> + # ==================================================
> + # Rules to control what happens in primary qemu repo
> + # ==================================================
> +
> + # The 'pages' job must never run on a non-default branch as we don't
> + # want to publish the website from pre-merged content
> + - if: '$CI_PIPELINE_SOURCE == "push" && $CI_PROJECT_NAMESPACE == "qemu-project" && $CI_COMMIT_BRANCH != $CI_DEFAULT_BRANCH && $CI_JOB_NAME == "pages"'
> + when: never
> +
> + # Run all jobs for main repo staging branch
> + - if: '$CI_PIPELINE_SOURCE == "push" && $CI_PROJECT_NAMESPACE == "qemu-project" && $CI_COMMIT_BRANCH == "staging"'
> + when: on_success
> +
> + # Run jobs needed to support website publishing on the main branch
> + - if: '$CI_PIPELINE_SOURCE == "push" && $CI_PROJECT_NAMESPACE == "qemu-project" && $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH && $QEMU_JOB_PUBLISH'
> + when: on_success
> +
> + # Prevent jobs from running on pushes to any other branch / tag
> + - if: '$CI_PIPELINE_SOURCE == "push" && $CI_PROJECT_NAMESPACE == "qemu-project" && $CI_COMMIT_BRANCH != "staging"'
> + when: never
> +
> +
> + # Remainining pipeline sources follow the same rules as for fork repos
> +
> +
> +
> + # ====================================
> + # Rules for running jobs in user forks
> + # ====================================
> +
> + # Part 1: gating jobs
> + # -------------------
> +
> + # If on a branch with name prefix 'ci-acceptance-', then run
> + # everything, just as a gating job on 'staging' branch would
> + - if: '$CI_COMMIT_BRANCH =~ /^ci-gating-/'
> + when: on_success
> +
> + # If user set QEMU_CI_GATING=1, then run everything just as
> + # a gating job on 'staging' branch would
> + - if: '$QEMU_CI_GATING'
> + when: on_success
> +
> + # Otherwise never run jobs marked as gating, but allow manual trigger
> + # without affecting pipeline status
> + - if: '$QEMU_JOB_GATING'
> + when: manual
> + allow_failure: true
> +
> +
> + # =============================================
> + # Part 2: opt-in for all CI, except gating jobs
> + # =============================================
> +
> + # If pushing to a branch with name prefix 'ci-all', then run all jobs
> + - if: '$CI_COMMIT_BRANCH =~ /^ci-all/'
> + when: on_success
> +
> + # If user QEMU_CI_ALL=1, then run all jobs
> + - if: '$QEMU_CI_ALL'
> + when: on_success
> +
> +
> + # ===============================
> + # Part 3: the minimal set of jobs
> + # ===============================
> +
> + # If pushing to a branch with name prefix 'ci-min', then run
> + # only a minimal set of jobs
> + - if: '$CI_COMMIT_BRANCH =~ /^ci-min/ && $QEMU_JOB_MINIMAL'
> + when: on_success
> +
> + # If user set QEMU_CI=1, then run only a minimal set of jobs
> + - if: '$QEMU_CI && $QEMU_JOB_MINIMAL'
> + when: on_success
> +
> + # Any other scenario, let the jobs be manually triggered only.
> + # Set to be non-fatal, so that pending manual jobs don't
> + # affect overall pipeline status
> + - when: manual
> + allow_failure: true
> diff --git a/.gitlab-ci.d/static_checks.yml b/.gitlab-ci.d/static_checks.yml
> index 96dbd9e310..4ba3e038dd 100644
> --- a/.gitlab-ci.d/static_checks.yml
> +++ b/.gitlab-ci.d/static_checks.yml
> @@ -1,4 +1,5 @@
> check-patch:
> + extends: .job_rules
> stage: build
> image: $CI_REGISTRY_IMAGE/qemu/centos8:latest
> needs:
> @@ -6,42 +7,41 @@ check-patch:
> script:
> - .gitlab-ci.d/check-patch.py
> variables:
> + QEMU_JOB_MINIMAL: 1
> GIT_DEPTH: 1000
> - rules:
> - - if: '$CI_PROJECT_NAMESPACE == "qemu-project" && $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
> - when: never
> - - when: on_success
> - allow_failure: true
> + allow_failure: true
>
> check-dco:
> + extends: .job_rules
> stage: build
> image: $CI_REGISTRY_IMAGE/qemu/centos8:latest
> needs:
> job: amd64-centos8-container
> script: .gitlab-ci.d/check-dco.py
> variables:
> + QEMU_JOB_MINIMAL: 1
> GIT_DEPTH: 1000
> - rules:
> - - if: '$CI_PROJECT_NAMESPACE == "qemu-project" && $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
> - when: never
> - - when: on_success
>
> check-python-pipenv:
> + extends: .job_rules
> stage: test
> image: $CI_REGISTRY_IMAGE/qemu/python:latest
> script:
> - make -C python check-pipenv
> variables:
> + QEMU_JOB_MINIMAL: 1
> GIT_DEPTH: 1
> needs:
> job: python-container
>
> check-python-tox:
> + extends: .job_rules
> stage: test
> image: $CI_REGISTRY_IMAGE/qemu/python:latest
> script:
> - make -C python check-tox
> variables:
> + QEMU_JOB_MINIMAL: 1
> GIT_DEPTH: 1
> QEMU_TOX_EXTRA_ARGS: --skip-missing-interpreters=false
> needs:
> diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
> index 9762dda2ee..d5bd31f294 100644
> --- a/.gitlab-ci.yml
> +++ b/.gitlab-ci.yml
> @@ -15,10 +15,6 @@
> #
> # QEMU CI jobs are based on templates. Some templates provide
> # user-configurable options, modifiable via configuration variables.
> -#
> -# See https://qemu-project.gitlab.io/qemu/devel/ci.html#custom-ci-cd-variables
> -# for more information.
> -#
>
> include:
> - local: '/.gitlab-ci.d/qemu-project.yml'
> diff --git a/docs/devel/ci-jobs.rst b/docs/devel/ci-jobs.rst
> index 9cd9819786..6d3f13d495 100644
> --- a/docs/devel/ci-jobs.rst
> +++ b/docs/devel/ci-jobs.rst
> @@ -1,22 +1,49 @@
> -Custom CI/CD variables
> -======================
> +CI Job Rules
> +============
>
> -QEMU CI pipelines can be tuned by setting some CI environment variables.
> +The following documents how CI rules control execution of jobs in a pipeline
>
> -Set variable globally in the user's CI namespace
> -------------------------------------------------
> +Job variable naming
> +-------------------
>
> -Variables can be set globally in the user's CI namespace setting.
> +The rules for controlling jobs in a pipeline will be driven by a number of
> +variables:
> +
> + - ``CI_XXX``, ``GITLAB_XXX`` - variables defined by GitLab:
> +
> + https://docs.gitlab.com/ee/ci/variables/predefined_variables.html
> +
> + - ``QEMU_JOB_XXX`` - variables defined in the YAML files that express
> + characteristics of the job used to control default behaviour
> +
> + - ``QEMU_CI_XXX`` - variables defined by the user that are used to fine
> + tune which jobs are run dynamically
> +
> +and in some cases based on the branch name prefixes.
> +
> +Job fine tuning strategies
> +--------------------------
> +
> +Using a combination of the ``QEMU_CI_XXX`` variables and ``ci-``
> +branch name prefix, users can fine tune what jobs are run.
> +
> +Set variable globally in the gitlab repository CI config
> +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> +
> +Variables can be set globally in the user's gitlab repository CI config.
> +These variables will apply to all pipelines associated with the repository
> +thereafter. This is useful for fine tuning the jobs indefinitely.
>
> For further information about how to set these variables, please refer to::
>
> https://docs.gitlab.com/ee/ci/variables/#add-a-cicd-variable-to-a-project
>
> -Set variable manually when pushing a branch or tag to the user's repository
> ----------------------------------------------------------------------------
> +Set variable manually when pushing to git
> +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> Variables can be set manually when pushing a branch or tag, using
> -git-push command line arguments.
> +git-push command line arguments. This is useful for fine tuning the
> +jobs on an adhoc basis.
>
> Example setting the QEMU_CI_EXAMPLE_VAR variable:
>
> @@ -28,13 +55,107 @@ For further information about how to set these variables, please refer to::
>
> https://docs.gitlab.com/ee/user/project/push_options.html#push-options-for-gitlab-cicd
>
> -Here is a list of the most used variables:
> +Pushing to specially named branches
> +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> +
> +Branch names starting with a 'ci-' prefix can be used as an alternative
> +to setting variables. Details of supported branch names are detailed
> +later in this document.
> +
> +Provide a custom gitlab CI configuration
> +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> +
> +The above strategies all provide a way to fine tune the jobs defined by the
> +standard QEMU gitlab CI configuration file. If this is not sufficient it is
> +possible to completely replace the CI configuration file with a custom
> +version. This allows the contributor to achieve essentially anything they
> +desire, within the scope of what GitLab supports.
> +
> +Replacing the ``.gitlab-ci.yml`` file is done in the repository settings:
> +
> + https://docs.gitlab.com/ee/ci/pipelines/settings.html#specify-a-custom-cicd-configuration-file
> +
> +Note that it is possible to reference an arbitrary URL. This could point
> +to a replacement .gitlab-ci.yml on a specific branch in the same repo,
> +or can point to any external site.
> +
> +
> +Job grouping sets
> +-----------------
> +
> +There are many different jobs defined in the GitLab CI pipeline used by QEMU.
> +It is not practical to run all jobs in every scenario, so there are a set of
> +rules defined that control which jobs are executed on each pipeline run. At
> +a high level the jobs can be grouped into a number of mutually exclusive
> +sets.
> +
> + - Manual jobs
> +
> + This is a set of jobs that will never be run automatically in any scenario.
> + The reason a job will be marked manual is if it is known to exhibit some
> + non-deterministic failures, or liable to trigger timeouts. Ideally jobs are
> + only present in this set for a short period of time while the problems are
> + investigated and resolved. Users can manually trigger these jobs from the
> + the pipelines web UI if desired, but they will never contribute to the
> + overall pipeline status.
> +
> + Identified by the variable ``QEMU_JOB_MANUAL: 1``
> +
> +
> + - Minimal jobs
> +
> + This is a minimal set of jobs that give a reasonable build and test sanity
> + check, which will be run by default in all possible scenarios. This set of
> + jobs is intended to be controlled fairly strictly to avoid wasting CI
> + minutes of maintainers/contributors. The intent is to get 80-90% coverage
> + of build and unit tests across the most important host platforms and
> + architectures.
> +
> + Identified by the variable ``QEMU_JOB_MINIMAL: 1``
> +
> + Run by setting the variable ``QEMU_CI: 1`` or pushing to a branch
> + named ``ci-min-XXX``.
> +
> +
> + - Gating jobs
> +
> + This is a set of jobs will will always run as a gating test prior to code
> + merging into the default branch of the primary QEMU git repository. In user
> + forks the jobs will not run by default, but the user can opt-in to trigger
> + their execution. These jobs may run a particularly thorough set of scenarios
> + that maintainers are not normally going to exercise before sending series.
> +
> + Identified by the variable ``QEMU_JOB_GATING: 1``
> +
> + Run by setting the variable ``QEMU_CI_GATING: 1`` or pushing to a branch
> + named ``ci-gating-XXX``
> +
> +
> + - Optional jobs
> +
> + This is all remaining jobs that don't fall into one of the above buckets.
> + These jobs will always be run as a gating test prior to code merging into
> + the default branch of the primary QEMU git repository. In user forks the
> + jobs will not run by default, but the user can opt-in to trigger their
> + execution. These jobs will aim to expand the host/platform build coverage
> + gaps left by the default jobs.
> +
> + Identified by not having any of the above variables set.
> +
> + Run by setting the variable ``QEMU_CI_ALL: 1`` or pushing to a branch
> + named ``ci-all-XXXX``
> +
> +Since the sets are mutually exclusive, if more than one of the variables above
> +is set, then only one of them will be honoured. The precedence matches the
> +ordering of the above docs.
> +
> +In addition to the above, there are some special extra sets that can augment
> +any of the above sets
> +
> + - Publishing jobs
>
> -QEMU_CI_AVOCADO_TESTING
> -~~~~~~~~~~~~~~~~~~~~~~~
> -By default, tests using the Avocado framework are not run automatically in
> -the pipelines (because multiple artifacts have to be downloaded, and if
> -these artifacts are not already cached, downloading them make the jobs
> -reach the timeout limit). Set this variable to have the tests using the
> -Avocado framework run automatically.
> + These are jobs that are needed to publish the QEMU website. For user fork
> + repos these follow the normal rules set out above. For the primary QEMU
> + repo, however, the jobs will also run on the default branch.
>
> + Identified by the variable ``QEMU_JOB_PUBLISH: 1``
next prev parent reply other threads:[~2022-05-10 9:10 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-08-12 18:04 [PATCH 0/2] gitlab: prepare for limited CI minutes by not running by default Daniel P. Berrangé
2021-08-12 18:04 ` [PATCH 1/2] docs: split the CI docs into two files Daniel P. Berrangé
2021-08-16 11:02 ` Philippe Mathieu-Daudé
2021-08-24 16:29 ` Willian Rampazzo
2021-08-12 18:04 ` [PATCH 2/2] gitlab: don't run CI jobs by default on push to user forks Daniel P. Berrangé
2021-08-16 10:44 ` Cornelia Huck
2021-08-16 11:03 ` Daniel P. Berrangé
2021-08-16 11:20 ` Philippe Mathieu-Daudé
2021-08-16 11:35 ` Daniel P. Berrangé
2021-08-16 11:45 ` Philippe Mathieu-Daudé
2021-08-16 11:47 ` Cornelia Huck
2021-08-16 12:01 ` Daniel P. Berrangé
2021-08-16 13:19 ` Cornelia Huck
2021-08-16 13:23 ` Daniel P. Berrangé
2021-08-16 15:16 ` Philippe Mathieu-Daudé
2021-08-25 10:42 ` Thomas Huth
2021-09-15 14:45 ` Daniel P. Berrangé
2022-05-10 8:51 ` Thomas Huth [this message]
2022-05-10 9:13 ` Daniel P. Berrangé
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=89103e61-3ff0-c374-2317-585ebfb93e6f@redhat.com \
--to=thuth@redhat.com \
--cc=alex.bennee@linaro.org \
--cc=berrange@redhat.com \
--cc=f4bug@amsat.org \
--cc=qemu-devel@nongnu.org \
--cc=wainersm@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.