Skip to content

Commit

Permalink
bazel/ci: Improve flags/config (envoyproxy#28856)
Browse files Browse the repository at this point in the history
Signed-off-by: Ryan Northey <ryan@synca.io>
  • Loading branch information
phlax authored Aug 7, 2023
1 parent 0d05f75 commit 4580338
Show file tree
Hide file tree
Showing 44 changed files with 710 additions and 398 deletions.
4 changes: 1 addition & 3 deletions .azure-pipelines/bazel.yml
Original file line number Diff line number Diff line change
Expand Up @@ -195,9 +195,7 @@ steps:
${{ if parameters.rbe }}:
GCP_SERVICE_ACCOUNT_KEY: $(GcpServiceAccountKey)
ENVOY_RBE: "1"
BAZEL_BUILD_EXTRA_OPTIONS: "--config=remote-ci --jobs=$(RbeJobs) ${{ parameters.bazelBuildExtraOptions }}"
BAZEL_REMOTE_CACHE: grpcs://remotebuildexecution.googleapis.com
BAZEL_REMOTE_INSTANCE: projects/envoy-ci/instances/default_instance
BAZEL_BUILD_EXTRA_OPTIONS: "--config=remote-ci --config=rbe-google --jobs=$(RbeJobs) ${{ parameters.bazelBuildExtraOptions }}"
${{ if eq(parameters.rbe, false) }}:
BAZEL_BUILD_EXTRA_OPTIONS: "--config=ci ${{ parameters.bazelBuildExtraOptions }}"
BAZEL_REMOTE_CACHE: $(LocalBuildCache)
Expand Down
8 changes: 2 additions & 6 deletions .azure-pipelines/stage/prechecks.yml
Original file line number Diff line number Diff line change
Expand Up @@ -121,9 +121,7 @@ jobs:
env:
ENVOY_DOCKER_BUILD_DIR: $(Build.StagingDirectory)
ENVOY_RBE: "1"
BAZEL_BUILD_EXTRA_OPTIONS: "--config=remote-ci --jobs=$(RbeJobs)"
BAZEL_REMOTE_CACHE: grpcs://remotebuildexecution.googleapis.com
BAZEL_REMOTE_INSTANCE: projects/envoy-ci/instances/default_instance
BAZEL_BUILD_EXTRA_OPTIONS: "--config=remote-ci --config=rbe-google --jobs=$(RbeJobs)"
GCP_SERVICE_ACCOUNT_KEY: ${{ parameters.authGCP }}
GCS_ARTIFACT_BUCKET: ${{ parameters.bucketGCP }}
condition: eq(variables['CI_TARGET'], 'docs')
Expand Down Expand Up @@ -153,9 +151,7 @@ jobs:
env:
ENVOY_DOCKER_BUILD_DIR: $(Build.StagingDirectory)
ENVOY_RBE: "1"
BAZEL_BUILD_EXTRA_OPTIONS: "--config=remote-ci --jobs=$(RbeJobs)"
BAZEL_REMOTE_CACHE: grpcs://remotebuildexecution.googleapis.com
BAZEL_REMOTE_INSTANCE: projects/envoy-ci/instances/default_instance
BAZEL_BUILD_EXTRA_OPTIONS: "--config=remote-ci --config=rbe-google --jobs=$(RbeJobs)"
GCP_SERVICE_ACCOUNT_KEY: ${{ parameters.authGCP }}
GCS_ARTIFACT_BUCKET: ${{ parameters.bucketGCP }}
condition: eq(variables['CI_TARGET'], 'docs')
Expand Down
8 changes: 2 additions & 6 deletions .azure-pipelines/stage/publish.yml
Original file line number Diff line number Diff line change
Expand Up @@ -252,9 +252,7 @@ jobs:
env:
ENVOY_DOCKER_BUILD_DIR: $(Build.StagingDirectory)
ENVOY_RBE: "1"
BAZEL_BUILD_EXTRA_OPTIONS: "--config=remote-ci --jobs=$(RbeJobs)"
BAZEL_REMOTE_CACHE: grpcs://remotebuildexecution.googleapis.com
BAZEL_REMOTE_INSTANCE: projects/envoy-ci/instances/default_instance
BAZEL_BUILD_EXTRA_OPTIONS: "--config=remote-ci --config=rbe-google --jobs=$(RbeJobs)"
GCP_SERVICE_ACCOUNT_KEY: ${{ parameters.authGCP }}
GCS_ARTIFACT_BUCKET: ${{ parameters.bucketGCP }}
DOCKERHUB_USERNAME: ${{ parameters.authDockerUser }}
Expand All @@ -270,9 +268,7 @@ jobs:
env:
ENVOY_DOCKER_BUILD_DIR: $(Build.StagingDirectory)
ENVOY_RBE: "1"
BAZEL_BUILD_EXTRA_OPTIONS: "--config=remote-ci --jobs=$(RbeJobs)"
BAZEL_REMOTE_CACHE: grpcs://remotebuildexecution.googleapis.com
BAZEL_REMOTE_INSTANCE: projects/envoy-ci/instances/default_instance
BAZEL_BUILD_EXTRA_OPTIONS: "--config=remote-ci --config=rbe-google --jobs=$(RbeJobs)"
GCP_SERVICE_ACCOUNT_KEY: ${{ parameters.authGCP }}
GCS_ARTIFACT_BUCKET: ${{ parameters.bucketGCP }}
- script: ci/run_envoy_docker.sh 'ci/do_ci.sh docs-publish-latest'
Expand Down
6 changes: 2 additions & 4 deletions .azure-pipelines/stage/verify.yml
Original file line number Diff line number Diff line change
Expand Up @@ -29,8 +29,7 @@ jobs:
ENVOY_DOCKER_BUILD_DIR: $(Build.StagingDirectory)
ENVOY_DOCKER_IN_DOCKER: 1
ENVOY_RBE: 1
BAZEL_REMOTE_CACHE: grpcs://remotebuildexecution.googleapis.com
BAZEL_REMOTE_INSTANCE: projects/envoy-ci/instances/default_instance
BAZEL_BUILD_EXTRA_OPTIONS: "--config=remote-ci --config=rbe-google --jobs=$(RbeJobs)"
GCP_SERVICE_ACCOUNT_KEY: ${{ parameters.authGCP }}
displayName: "Verify packages"

Expand All @@ -54,8 +53,7 @@ jobs:
ENVOY_DOCKER_BUILD_DIR: $(Build.StagingDirectory)
ENVOY_DOCKER_IN_DOCKER: 1
ENVOY_RBE: 1
BAZEL_REMOTE_CACHE: grpcs://remotebuildexecution.googleapis.com
BAZEL_REMOTE_INSTANCE: projects/envoy-ci/instances/default_instance
BAZEL_BUILD_EXTRA_OPTIONS: "--config=remote-ci --config=rbe-google --jobs=$(RbeJobs)"
GCP_SERVICE_ACCOUNT_KEY: ${{ parameters.authGCP }}
displayName: "Verify packages"

Expand Down
4 changes: 1 addition & 3 deletions .azure-pipelines/stage/windows.yml
Original file line number Diff line number Diff line change
Expand Up @@ -32,9 +32,7 @@ jobs:
CI_TARGET: "windows"
ENVOY_DOCKER_BUILD_DIR: "$(Build.StagingDirectory)"
ENVOY_RBE: "true"
BAZEL_BUILD_EXTRA_OPTIONS: "--config=remote-ci --config=remote-msvc-cl --jobs=$(RbeJobs) --flaky_test_attempts=2"
BAZEL_REMOTE_CACHE: grpcs://remotebuildexecution.googleapis.com
BAZEL_REMOTE_INSTANCE: projects/envoy-ci/instances/default_instance
BAZEL_BUILD_EXTRA_OPTIONS: "--config=remote-ci --config=rbe-google --config=remote-msvc-cl --jobs=$(RbeJobs) --flaky_test_attempts=2"
GCP_SERVICE_ACCOUNT_KEY: ${{ parameters.authGCP }}

- task: PublishTestResults@2
Expand Down
87 changes: 74 additions & 13 deletions .bazelrc
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ startup --host_jvm_args=-Xmx3g
run --color=yes

build --color=yes
build --jobs=HOST_CPUS-1
build --workspace_status_command="bash bazel/get_workspace_status"
build --incompatible_strict_action_env
build --java_runtime_version=remotejdk_11
Expand Down Expand Up @@ -69,8 +70,6 @@ build --@com_googlesource_googleurl//build_config:system_icu=0
# Common flags for sanitizers
build:sanitizer --define tcmalloc=disabled
build:sanitizer --linkopt -ldl
build:sanitizer --build_tag_filters=-no_san
build:sanitizer --test_tag_filters=-no_san

# Common flags for Clang
build:clang --action_env=BAZEL_COMPILER=clang
Expand All @@ -90,6 +89,8 @@ build:asan --config=sanitizer
# ASAN install its signal handler, disable ours so the stacktrace will be printed by ASAN
build:asan --define signal_trace=disabled
build:asan --define ENVOY_CONFIG_ASAN=1
build:asan --build_tag_filters=-no_san
build:asan --test_tag_filters=-no_san
build:asan --copt -fsanitize=address,undefined
build:asan --linkopt -fsanitize=address,undefined
# vptr and function sanitizer are enabled in clang-asan if it is set up via bazel/setup_clang.sh.
Expand Down Expand Up @@ -150,6 +151,8 @@ build:clang-tsan --test_timeout=120,600,1500,4800
# with libc++ instruction and provide corresponding `--copt` and `--linkopt` as well.
build:clang-msan --action_env=ENVOY_MSAN=1
build:clang-msan --config=sanitizer
build:clang-msan --build_tag_filters=-no_san
build:clang-msan --test_tag_filters=-no_san
build:clang-msan --define ENVOY_CONFIG_MSAN=1
build:clang-msan --copt -fsanitize=memory
build:clang-msan --linkopt -fsanitize=memory
Expand Down Expand Up @@ -199,12 +202,14 @@ build:coverage --strategy=TestRunner=sandboxed,local
build:coverage --strategy=CoverageReport=sandboxed,local
build:coverage --experimental_use_llvm_covmap
build:coverage --collect_code_coverage
build:coverage --test_tag_filters=-nocoverage
build:coverage --instrumentation_filter="//source(?!/common/quic/platform)[/:],//envoy[/:],//contrib(?!/.*/test)[/:]"

build:test-coverage --test_arg="-l trace"
build:test-coverage --test_arg="--log-path /dev/null"
build:test-coverage --test_tag_filters=-nocoverage,-fuzz_target
build:fuzz-coverage --config=plain-fuzzer
build:fuzz-coverage --run_under=@envoy//bazel/coverage:fuzz_coverage_wrapper.sh
build:fuzz-coverage --test_tag_filters=-nocoverage

# Remote execution: https://docs.bazel.build/versions/master/remote-execution.html
build:rbe-toolchain --action_env=BAZEL_DO_NOT_DETECT_CPP_TOOLCHAIN=1
Expand Down Expand Up @@ -264,10 +269,6 @@ build:remote --spawn_strategy=remote,sandboxed,local
build:remote --strategy=Javac=remote,sandboxed,local
build:remote --strategy=Closure=remote,sandboxed,local
build:remote --strategy=Genrule=remote,sandboxed,local
build:remote --remote_timeout=7200
build:remote --google_default_credentials=true
build:remote --remote_download_toplevel
build:remote --nobuild_runfile_links

# Windows bazel does not allow sandboxed as a spawn strategy
build:remote-windows --spawn_strategy=remote,local
Expand Down Expand Up @@ -307,6 +308,25 @@ build:remote-clang-cl --config=remote-windows
build:remote-clang-cl --config=clang-cl
build:remote-clang-cl --config=rbe-toolchain-clang-cl

## Compile-time-options testing
# Right now, none of the available compile-time options conflict with each other. If this
# changes, this build type may need to be broken up.
build:compile-time-options --define=admin_html=disabled
build:compile-time-options --define=signal_trace=disabled
build:compile-time-options --define=hot_restart=disabled
build:compile-time-options --define=google_grpc=disabled
build:compile-time-options --define=boringssl=fips
build:compile-time-options --define=log_debug_assert_in_release=enabled
build:compile-time-options --define=path_normalization_by_default=true
build:compile-time-options --define=deprecated_features=disabled
build:compile-time-options --define=tcmalloc=gperftools
build:compile-time-options --define=zlib=ng
build:compile-time-options --define=uhv=enabled
build:compile-time-options --config=libc++20
build:compile-time-options --test_env=ENVOY_HAS_EXTRA_EXTENSIONS=true
build:compile-time-options --@envoy//bazel:http3=False
build:compile-time-options --@envoy//source/extensions/filters/http/kill_request:enabled

# Docker sandbox
# NOTE: Update this from https://github.com/envoyproxy/envoy-build-tools/blob/main/toolchains/rbe_toolchains_config.bzl#L8
build:docker-sandbox --experimental_docker_image=envoyproxy/envoy-build-ubuntu:41c5a05d708972d703661b702a63ef5060125c33
Expand Down Expand Up @@ -340,16 +360,13 @@ build:docker-tsan --config=rbe-toolchain-clang-libc++
build:docker-tsan --config=rbe-toolchain-tsan

# CI configurations
build:remote-ci --remote_cache=grpcs://remotebuildexecution.googleapis.com
build:remote-ci --remote_executor=grpcs://remotebuildexecution.googleapis.com
build:remote-ci --config=ci
build:remote-ci --remote_download_minimal

# Note this config is used by mobile CI also.
build:ci --noshow_progress
build:ci --noshow_loading_progress

# Build Event Service
build:google-bes --bes_backend=grpcs://buildeventservice.googleapis.com
build:google-bes --bes_results_url=https://source.cloud.google.com/results/invocations/
build:ci --test_output=errors

# Fuzz builds

Expand Down Expand Up @@ -440,6 +457,50 @@ build:windows --features=fully_static_link
build:windows --features=static_link_msvcrt
build:windows --dynamic_mode=off

# RBE (Google)
build:rbe-google --google_default_credentials=true
build:rbe-google --remote_cache=grpcs://remotebuildexecution.googleapis.com
build:rbe-google --remote_executor=grpcs://remotebuildexecution.googleapis.com
build:rbe-google --remote_timeout=7200
build:rbe-google --remote_instance_name=projects/envoy-ci/instances/default_instance

build:rbe-google-bes --bes_backend=grpcs://buildeventservice.googleapis.com
build:rbe-google-bes --bes_results_url=https://source.cloud.google.com/results/invocations/

# RBE (Engflow mobile)
build:rbe-engflow --google_default_credentials=false
build:rbe-engflow --remote_cache=grpcs://envoy.cluster.engflow.com
build:rbe-engflow --remote_executor=grpcs://envoy.cluster.engflow.com
build:rbe-engflow --bes_backend=grpcs://envoy.cluster.engflow.com/
build:rbe-engflow --bes_results_url=https://envoy.cluster.engflow.com/invocation/
build:rbe-engflow --experimental_credential_helper=%workspace%/bazel/engflow-bazel-credential-helper.sh
build:rbe-engflow --grpc_keepalive_time=30s
build:rbe-engflow --remote_timeout=3600s
build:rbe-engflow --bes_timeout=3600s
build:rbe-engflow --bes_upload_mode=fully_async

#############################################################################
# debug: Various Bazel debugging flags
#############################################################################
# debug/bazel
common:debug-bazel --announce_rc
common:debug-bazel -s
# debug/sandbox
common:debug-sandbox --verbose_failures
common:debug-sandbox --sandbox_debug
# debug/coverage
common:debug-coverage --action_env=VERBOSE_COVERAGE=true
common:debug-coverage --test_env=VERBOSE_COVERAGE=true
common:debug-coverage --test_env=DISPLAY_LCOV_CMD=true
common:debug-coverage --config=debug-tests
# debug/tests
common:debug-tests --test_output=all
# debug/everything
common:debug --config=debug-bazel
common:debug --config=debug-sandbox
common:debug --config=debug-coverage
common:debug --config=debug-tests

try-import %workspace%/clang.bazelrc
try-import %workspace%/user.bazelrc
try-import %workspace%/local_tsan.bazelrc
27 changes: 27 additions & 0 deletions .github/actions/diskspace/action.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
inputs:
to_remove:
type: string
default: |
/opt/hostedtoolcache
/usr/local/lib/android
/usr/local/.ghcup
runs:
using: composite
steps:
- id: remove_cruft
name: Cruft removal
run: |
echo "Disk space before cruft removal"
df -h
TO_REMOVE=(${{ inputs.to_remove }})
for removal in "${TO_REMOVE[@]}"; do
echo "Removing: ${removal} ..."
sudo rm -rf "$removal"
done
echo "Disk after before cruft removal"
df -h
shell: bash
2 changes: 1 addition & 1 deletion .github/workflows/POLICY.md
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ Do not allow any bots or app users to do so, unless this is specifically require
For example, you could add a `job` condition to prevent any bots from triggering the workflow:

```yaml
if: |
if: >-
${{
github.repository == 'envoyproxy/envoy'
&& (github.event.schedule
Expand Down
15 changes: 1 addition & 14 deletions .github/workflows/_ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -115,20 +115,7 @@ jobs:
run: git config --global --add safe.directory /__w/envoy/envoy

- if: ${{ inputs.diskspace_hack }}
name: Cruft removal
run: |
echo "Disk space before cruft removal"
df -h
TO_REMOVE=(
/opt/hostedtoolcache
/usr/local/lib/android
/usr/local/.ghcup)
for removal in "${TO_REMOVE[@]}"; do
echo "Removing: ${removal} ..."
sudo rm -rf "$removal"
done
uses: ./.github/actions/diskspace
- run: |
echo "disk space at beginning of build:"
df -h
Expand Down
2 changes: 2 additions & 0 deletions .github/workflows/_env.yml
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,8 @@ on:
default:

outputs:
debug:
value: false
agent_ubuntu:
value: ubuntu-22.04
build_image_ubuntu:
Expand Down
9 changes: 5 additions & 4 deletions .github/workflows/check-deps.yml
Original file line number Diff line number Diff line change
@@ -1,16 +1,17 @@
name: Check dependencies

permissions:
contents: read

on:
schedule:
- cron: '0 8 * * *'
- cron: '0 8 * * *'
workflow_dispatch:

permissions: read-all

jobs:
build:
runs-on: ubuntu-22.04
if: |
if: >-
${{
github.repository == 'envoyproxy/envoy'
&& (github.event.schedule
Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/envoy-publish.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,8 @@
name: Publish & verify

permissions:
contents: read

on:
# This runs untrusted code, do not expose secrets in the verify job
workflow_dispatch:
Expand All @@ -19,9 +22,6 @@ concurrency:
}}-${{ github.workflow }}
cancel-in-progress: true

permissions:
contents: read

jobs:
env:
if: |
Expand Down
Loading

0 comments on commit 4580338

Please sign in to comment.