Build in Azure Pipelines with cached vcpkg artifacts #114
Conversation
lukka
requested review from
barcharcraz,
BillyONeal,
CaseyCarter and
StephanTLavavej
as code owners
|
We are absolutely interested in setting up an Azure Pipelines (or maybe GitHub Actions) script for this repo, but we are looking into solutions for hosting the build agents. The default provided "hosted" agents are little dual core boxes, and once we get our tests in here you'd likely be waiting 8+ hours for an answer. Unfortunately, with a self hosted build agent system, there don't appear to be good options to handle untrusted pull request submissions. We may just put Azure DevOps in "manually initiated" mode but we'd like to give people more immediate feedback (before review) if possible. I've asked the Pipelines team if they have any ideas but haven't gotten reasonable answers back yet. Thanks for your contribution! |
|
Just a thought, there could be a thing running on the hosted agents which only builds the tests to do basic validity checking and then use a GitHub bot to trigger the full test suite internally. |
|
@BillyONeal self hosted agents are the way to go indeed (the Microsoft hosted agents do not have the prerequisites to build anyway). |
That wouldn't prevent a PR from sending malicious code to our internal test infrastructure that isn't prepared to deal with that.
That would work fine but I don't think there's a great way to get Azure DevOps to recycle the machine upon completion (which is necessary if we want to build and run arbitrary internet submitted code).
Just because the machine isn't on the corporate network doesn't mean there aren't serious problems with letting an attacker gain persistence. For example, using Azure bandwidth to attack other Internet entities, or mining bitcoins on our hardware. Azure DevOps does have an "OK to test check" thing ( https://docs.microsoft.com/en-us/azure/devops/pipelines/repos/github?view=azure-devops&tabs=yaml#comment-triggers ) we'll probably end up using for now. |
|
I meant a manually triggered GitHub bot, basically like the comment triggers of DevOps. |
|
Running the build agent on a docker image stored in Azure Container Registry (and that contains all pre-reqs for building) could be a good fit, as long it is going to be cached locally on the host to start up quickly. Have not tried this scenario yet though. |
|
@StephanTLavavej @CaseyCarter @barcharcraz Are you OK with the submodule to get vcpkg here? Since we're using a self-hosted agent I can just put that in the agent setup instructions but given that we already have a contribution that does that setup for us which will work if/when we can use the hosted system, I'm reluctant to throw that work away. |
| @@ -0,0 +1,5 @@ | |||
| boost-build:x86-windows | |||
There was a problem hiding this comment.
why do we need boost build explicitly listed?
There was a problem hiding this comment.
in my experience, when running 'vcpkg install boost-math:x86-windows', it failed asking me to install 'boost-build:x86-windows' as well. And doing this failed with same error: 'vcpkg install boost-build:x86-windows boost-math:x86-windows'. I had to run first the installation of boost-build:x86-windows, and then run the installation of boost-math:x86-windows separately to succeed.
There was a problem hiding this comment.
this might be a issue worth reporting in vcpkg, but I'm not sure.
Also, I'm OK with it as long as we know it can work with the new caching feature. VCPKG itself is pretty small, it's the built artifacts that take a long time. |
|
Hmmm this PR was created without the ability for us to edit it, so I can't try it out to see if it'll work on our self-hosted agent. Do you mind if I recreate this in my fork? Thanks for your contribution! |
|
/AzurePipelines run STL |
|
No pipelines are associated with this pull request. |
|
i can also do the requested changes here, just let me know what works better for you @BillyONeal |
Despite my earlier private comments that we should avoid adding a submodule, I'm now in favor of whatever gets us up and running the quickest. We can refine things later if we find improvements, but for now we shouldn't let the perfect be the enemy of the good. |
If you merge with master (please preserve the clang-format validation in at least one configuration) it should have the bits working. Note that it won't actually attempt to run the changes automatically without pre-review from us. |
If you merge with |
|
/AzurePipelines run |
|
Azure Pipelines failed to run 1 pipeline(s). |
|
That agent was set up like this: https://github.com/microsoft/STL/wiki/Setting-up-an-Azure-Pipelines-Agent |
|
@BillyONeal the tasks needs to be installed from the marketplace |
| @@ -0,0 +1,51 @@ | |||
| parameters: | |||
| targetPlatform: 'x64' | |||
There was a problem hiding this comment.
Why have a parameters block here when the parameters come from azure-pipelines.yml?
There was a problem hiding this comment.
Here is declaration and default value of accepted params. The actual value is indeed in a-p.yml
There was a problem hiding this comment.
Rephrasing: do we need to have this declaration here, or can we leave it out so this template will fail when it's not used correctly? It would be a shame if someone accidentally introduced a typo in the parameter names (e.g., targetP1atform) in azure-pipelines.yml and we consequently build x64 four times for every PR.
There was a problem hiding this comment.
I suppose if it MUST be here we could give it an invalid value like potato to ensure it will fail very loudly.
|
/azp run |
|
Azure Pipelines successfully started running 1 pipeline(s). |
| [string]$bootstrapperExe = Join-Path ${env:Temp} ([System.IO.Path]::GetRandomFileName() + ".exe") | ||
| Invoke-WebRequest -Uri $VSBootstrapperURL -OutFile $bootstrapperExe | ||
|
|
||
| $Arguments = ('/c', $bootstrapperExe, $WorkLoads, '--quiet', '--norestart', '--wait', '--nocache' ) |
There was a problem hiding this comment.
Nitpick: Why is there a space before the final )?
| } | ||
| else | ||
| { | ||
| Write-Host -Object "Non zero exit code returned by the installation process : $exitCode." |
There was a problem hiding this comment.
Nitpick: Nonzero or Non-zero.
| } | ||
|
|
||
| # Invalidate the standard installation of VS on the hosted agent. | ||
| Move-Item "C:/Program Files (x86)/Microsoft Visual Studio/2019/Enterprise/" "C:/Program Files (x86)/Microsoft Visual Studio/2019/nouse/" -Verbose |
There was a problem hiding this comment.
This seems highly invasive. Is it desirable? Could we simply fail if we detect an existing installation of VS?
There was a problem hiding this comment.
This script is only run on the "hosted" machines which are blown away after each build, so invasive changes are fine/normal.
There was a problem hiding this comment.
then you would always fail on the hosted one.
| '--add Microsoft.VisualStudio.Component.VC.Tools.x86.x64 ' + ` | ||
| '--add Microsoft.VisualStudio.Component.VC.Tools.ARM64 ' + ` | ||
| '--add Microsoft.VisualStudio.Component.VC.Tools.ARM ' + ` | ||
| '--add Microsoft.VisualStudio.Component.Windows10SDK.18362 ' |
There was a problem hiding this comment.
Is there any way to request the latest Win10 SDK, instead of encoding this version number here that might need to be updated?
| inputs: | ||
| cmakeListsTxtPath: 'CMakeSettings.json' | ||
| useVcpkgToolchainFile: true | ||
| configurationRegexFilter: '.*${{ parameters.targetPlatform }}.*' |
There was a problem hiding this comment.
Is this doing a whole-string or a substring match? If the latter, the .* at the front and back are unnecessary.
There was a problem hiding this comment.
I'm not positive which it is but I also think it doesn't matter. (And we should merge this as-is)
azure-pipelines.yml
Outdated
| # Copyright (c) Microsoft Corporation. | ||
| # SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception | ||
|
|
||
| # Build STL targeting x64, arm64, x86, arm. |
There was a problem hiding this comment.
Our usual order is x86, x64, arm, arm64. Is this order significant in some way?
vcpkg_windows.txt
Outdated
| boost-math:x64-windows | ||
| boost-math:x86-windows | ||
| boost-math:arm-windows | ||
| boost-math:arm64-windows |
There was a problem hiding this comment.
Does this file have to be in the root of the repo? Would azure-devops be a better location? It's mentioned by azure-devops/run_build.yml.
|
/azp run |
|
Azure Pipelines successfully started running 1 pipeline(s). |
azure-pipelines.yml
Outdated
| parameters: | ||
| targetPlatform: x64 | ||
|
|
||
|
|
There was a problem hiding this comment.
Is there a reason for there to be two newlines here?
| @@ -0,0 +1,5 @@ | |||
| boost-build:x86-windows | |||
| boost-math:x64-windows | |||
| boost-math:x86-windows | |||
There was a problem hiding this comment.
I observe that this mentions x64 before x86.
|
/azp run |
|
Azure Pipelines successfully started running 1 pipeline(s). |
This is provided by azure-pipelines.yml. See: microsoft#114 (comment)
Please note that acceptance of community PRs will be delayed while we are
bringing our test and CI systems online. For more information, see the
README.md.
Description
I hope this PR is either useful and could be an inspiration on how to set up a CI system.
This PR is not meant to be merged as is, but it is created in order to show how it is possible to run a build using CMake and Ninja with cached vcpkg artifacts on Hosted Build Agents.
Hosted agents do not have the required MSVC 14.23, hence the build also install that toolset on the fly (considerably increasing build time).
The build time on Hosted agents with cached vcpkg artifacts is about:
See here for all build samples.
No tests are run.
Also, this PR shows how to explicitly define which vcpkg version is to be used by using a git submodule.
Checklist:
by an STL maintainer before CI is online, leave this unchecked for initial
submission).