-
Notifications
You must be signed in to change notification settings - Fork 67
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Replace prometheus-builder by promrunner #163
Conversation
Instead of rebuilding the prometheus binary from sources, promrunner downloads the build artifact directly from CircleCI. Signed-off-by: Simon Pasquier <spasquie@redhat.com>
b709fd4
to
3113e0a
Compare
yep in general very good idea, but adding another dependency would make running tests without Prow more difficult #160 another idea is to push a docker image for every PR, but than how do we cleanup these when we are done or maybe use promu or golang-builder with a multi stage docker - 1 stage build , 2 stage run |
You can use a CircleCI account token instead of a project token (in fact this is what I used for testing). Anybody with a GitHub or BitBucket account can login to CircleCI, request a token and download build artifacts from the prometheus project (I've just checked with a BitBucket account and it works fine). The difference between and account and project token is that the project token isn't tied to a user and is limited in scope (it can only read data, no risk to modify something if it leaks).
I'd say that if we were to replace CircleCI, the substitute would need to offer a similar feature for downloading artifacts.
There is prometheus/prometheus#4453 but as you said, I'm not sure how to keep things clean.
It would still be required to maintain this specific build process in sync with the prometheus CI. |
cc @SuperQ which might be interested by the discussion too. |
I don't see any dependence on prow for promrunner. The circelci token is passed as a volume-mount.
|
my point is to keep things as simple as possible for people wanting to run tests from the cli.
If we can select the version in the golang-builded why do we even need to involve circle?
or whichever format would be easier to parse maybe even where we wouldn't have to remember the arguments order The only disadvantage is that it would still build it on every run. At the moment it takes less than a minute to clone/build/run Prometheus so not a big deal. |
I don't understand what you mean here, my idea is to use |
Using the artifacts from the upstream CI, we don't have to think about how to build the binary. That being said, I understand your concerns so maybe I can add an option to either get the binary from the CircleCI build or build it from the PR sources? |
I am really anti adding more depenancies in any form, but let me read the discussion again in few days and will see what I think then 👍
but that would mean knowing the circle API to be able to troubleshoot and review the @sipian what do you think? @simonpasquier |
I have one question.
It might happen that a user starts benchmarking after a long time -> when the artifacts are no longer there in circle-ci. |
OTOH, passing the go version in the github comment seems a bit tedious from the user point of view. The user might expect prombench to take care of this on its own. |
In 99% cases it wont be needed. When no go version is provided it will use the default |
The information I've found when looking at artifacts was that they are able for "months" [1]. But I guess the real answer is that there's no official SLA. If the artifacts are gone, you can still kick another build though. [1] https://circleci.com/docs/2.0/concepts/#workspaces-and-artifacts I agree with @sipian that passing the Go version is cumbersome. Personally I don't like that prombench tries to mimic the original build process while we could just use its output. And it would even better if we could just use the resulting container image. |
I also don't like that we are building the image and I am all in for using a container image pushed from the CI. I guess all we need to figure out is about the cleanup of obsolete PR images. Only if docker hub or any other registry had some settings to expire images based on some criteria. |
@simonpasquier |
if we use docker images this would make it possible to run local benchmarks even without opening a PR. so instead of
we would have
|
Even if not for prombench, it can be useful sometime to have the PR image available for people to test (this has been brought up in prometheus/prometheus#4453 too). Again taking the go1.10 -> go1.11 migration as an example, prombench might not be enough to assert that nothing is broken as it doesn't test all possible configurations (see prometheus/prometheus#4626 (comment)). What I can imagine is the ability for the team to trigger a CI job that would publish the PR image to DockerHub and/or Quay. By having it at the discretion of the maintainers, it won't require special cleaning. Then prombench could trigger this job when a benchmark is started. |
yep that sounds possible , if you can do some research and see what we can come up that would be great. |
I've dug further and it isn't feasible with CircleCI to push a container image from a forked PR (neither with Travis btw). This boils down to security concerns: to push the image, the CI system needs access to the hub's credentials and if this data were available to forked PRs, a malicious user could potentially expose it to 3rd party services. That being said, there's still ways to address the problem. I can imagine the following process:
Obviously there should be a configuration flag to skip these steps when testing locally. |
@simonpasquier |
Now that we are working on migrating to github actions I think we can have a step to build and push an image at To continue supporting local tests without a CI would need to refactor prombench to take docker images as parameters instead of a so instead of we would have and the tests will use these specified docker images. Now for running tests locally without a CI it means that people would need to push an images to a docker registry manually, but this would also enable them to run tests even without opening a PR so I think it is a good trade off. |
Here's an approach that can get us rid of the prometheus-builder, following @krasi-georgiev 's comment on building a docker image and using circle ci artifacts as @simonpasquier suggested:
The value of Now about how to build this image,
When using Github Actions
When cc @krasi-georgiev @simonpasquier @sipian let me know what you think of this approach. |
yes that sounds like a good idea, will try it. |
👋🏽 Looks like there was no activity on this PR for some time, closing for now, we can always reopen if still relevant/to-be-reviewed. Thanks! |
This PR introduces the
promrunner
program: it takes a PR number (+ CircleCI token), downloads theprometheus
binary from the CircleCI artifact (see prometheus/prometheus#4685) and replaces itself with theprometheus
program.The main advantage is that it doesn't require to rebuild the
prometheus
binary from sources andprombench
uses the exact same binary that should be delivered to our users. One concrete example is that it would allow to compare performances between binaries compiled with go1.10 and go1.11 (see prometheus/prometheus#4626).