Changes at TravisCI- affecting open source

Here's the place for discussion related to coding in FreeCAD, C++ or Python. Design, interfaces and structures.
Forum rules
Be nice to others! Respect the FreeCAD code of conduct!
openBrain
Veteran
Posts: 9034
Joined: Fri Nov 09, 2018 5:38 pm
Contact:

Re: Changes at TravisCI- affecting open source

Post by openBrain »

bernd wrote: Tue Sep 28, 2021 11:27 am All is done on a quad core i5 at my home. ATM we are fine with this machine. (due to ccache) But if it would envolve we need to think about more power.
FWIW, I ran some tests to compare "Make+GCC" build with "Ninja+Clang" build.
I ran the same compilations one after another for the 2 systems, which both built the same source tree in different out-source folders. Both have CCache enabled.
Below the raw results (in a raw format).

Code: Select all

Master 0afe01dc5e already compiled

Recompile same master 0afe01dc5e

->Make/GCC
real    0m3,153s
user    0m9,752s
sys     0m1,900s

->Ninja/Clang
real    0m0,266s
user    0m0,229s
sys     0m0,039s

Checkout PR4952 (raw, no rebasing)

->Make/GCC
real    43m8,760s
user    238m11,850s
sys     22m13,785s

->Ninja/Clang
real    24m13,313s
user    179m31,226s
sys     9m24,679s

Back to master updated at b8c1877133

->Make/GCC
real    3m21,477s
user    18m25,696s
sys     2m14,074s

->Ninja/Clang
real    2m18,222s
user    13m23,681s
sys     1m21,272s

Back to PR4952 (raw)

->Make/GCC
real    2m27,556s
user    13m6,548s
sys     1m44,797s

->Ninja/Clang
real    2m5,085s
user    11m47,028s
sys     1m16,159s

Back to master b8c1877133

->Make/GCC
real    2m25,116s
user    13m17,195s
sys     1m47,153s

->Ninja/Clang
real    2m2,533s
user    11m23,960s
sys     1m11,191s
Roughly Ninja+Clang is 25~50% faster than Make+GCC. ;)
User avatar
PrzemoF
Veteran
Posts: 3520
Joined: Fri Jul 25, 2014 4:52 pm
Contact:

Re: Changes at TravisCI- affecting open source

Post by PrzemoF »

yorik wrote: Tue Sep 28, 2021 9:41 am [...]
How much of it does actually use gitlab resources? I mean, if in some future they make it paid, what would we do?
Also: Is it possible to add more build servers to the system? What does it need? I could try to find some more horsepower for us.
Also 2: Could we produce daily builds with this?
Almost zero gitlab resources. No need for any plans or paid stuff.
Yes, there can be many builders - it was tested in my repo. I'm not sure how the jobs are distributed under heavy load.
With ccache very little horse power is needed. Bernd set up a laptop, mine has the docker builder running always when the laptop is on (it's currently linked to my repo, but can be re-registered to the official repo)

/security paranoia mode on/
We can produce daily builds, but it has not been investigated and it opens question of trusted builders. As long as we only do building/testing we can use any PC with docker that it registered as a builder. If we go with the daily builds we should limit the builders to trusted machines (like Bernd's laptop) to avoid situation that a malicious code is injected during the build.
/security paranoia mode off/

P.S. gitlab features for pull requests merging, approving, assigning responsible people etc, seem to be light years ahead of github. It might be something useful for us as FreeCAD grows.
User avatar
PrzemoF
Veteran
Posts: 3520
Joined: Fri Jul 25, 2014 4:52 pm
Contact:

Re: Changes at TravisCI- affecting open source

Post by PrzemoF »

bernd wrote: Tue Sep 28, 2021 2:13 pm automatically generated posts on PRs are no longer made by me but by a new born user the FreeCAD CI robot (freecadci)


Screenshot_20210928_161122.png
That is CLASS!!!!! :D
User avatar
chennes
Veteran
Posts: 3884
Joined: Fri Dec 23, 2016 3:38 pm
Location: Norman, OK, USA
Contact:

Re: Changes at TravisCI- affecting open source

Post by chennes »

PrzemoF wrote: Tue Sep 28, 2021 5:35 pm /security paranoia mode on/
We can produce daily builds, but it has not been investigated and it opens question of trusted builders.
/security paranoia mode off/
Yes, agreed. I very much would like to have dailies, but we definitely need to make sure that the people controlling those machines are trusted, we can't just open it up to anyone with spare cycles.

For me the highest-priority request is to get more OS coverage. In particular, an Ubuntu 18.04 LTS build (that's our oldest-supported target OS right now). Do we already have enough CPU power to add something like this, or would we need more hardware?
Chris Hennes
Pioneer Library System
GitHub profile, LinkedIn profile, chrishennes.com
User avatar
bernd
Veteran
Posts: 12849
Joined: Sun Sep 08, 2013 8:07 pm
Location: Zürich, Switzerland
Contact:

Re: Changes at TravisCI- affecting open source

Post by bernd »

chennes wrote: Tue Sep 28, 2021 11:54 pm For me the highest-priority request is to get more OS coverage. In particular, an Ubuntu 18.04 LTS build (that's our oldest-supported target OS right now). Do we already have enough CPU power to add something like this, or would we need more hardware?
as said before ATM we do have enough horse power. The CI runs at my home on a little quad core i5 HP EliteDesk. On this machine only runs the CI for FreeCAD. Most of the day its in idle. ATM men power is the problem ...
jais
Posts: 6
Joined: Wed Aug 18, 2021 7:53 am

Re: Changes at TravisCI- affecting open source

Post by jais »

PrzemoF wrote: Tue Sep 28, 2021 5:35 pm /security paranoia mode on/
We can produce daily builds, but it has not been investigated and it opens question of trusted builders. As long as we only do building/testing we can use any PC with docker that it registered as a builder. If we go with the daily builds we should limit the builders to trusted machines (like Bernd's laptop) to avoid situation that a malicious code is injected during the build.
/security paranoia mode off/
I think it would be very nice if people can just download the artifacts from pull requests to help with testing without having to make their own build, but if you turn security paranoia mode on, building pull requests is much worse than daily builds. I assume only a few trusted people are able to push directly to the repository and pull requests have to be merged (and reviewed) by those same people.

Pull requests on the other hand, can be made by anybody with a GitHub account, so the machine that runs the build agent should be treated like it has already been compromised and the artifacts from pull requests should come with a big fat warning.

GitHub write about the issue here.

I suspect that it is much more likely to be abused by crypto miners than for actual security attacks.

I personally think that the benefits of having pull request artifacts outweighs the risk, but that is not for me to decide.
jais
Posts: 6
Joined: Wed Aug 18, 2021 7:53 am

Re: Changes at TravisCI- affecting open source

Post by jais »

bernd wrote: Wed Sep 29, 2021 4:21 am as said before ATM we do have enough horse power. The CI runs at my home on a little quad core i5 HP EliteDesk. On this machine only runs the CI for FreeCAD. Most of the day its in idle. ATM men power is the problem ...
I have a new 12 core Ryzen server with NVMe I need to run burnin tests for the next few weeks, so why not let it do something useful ;)

It already have Docker installed, what is the current procedure to get it to run the build agent?

The server is planned to go into production in the middle of October, but as things usually go, I expect it will be November and by then I might have another server available.

EDIT: I quoted the "wrong" message, as in the one I didn't read ;) and see that another server is not needed.
User avatar
yorik
Founder
Posts: 13642
Joined: Tue Feb 17, 2009 9:16 pm
Location: Brussels
Contact:

Re: Changes at TravisCI- affecting open source

Post by yorik »

Fantastic guys! We are on our way to have a state-of-the-art build system. It's really cool the way it's decentralized.
Indeed official "daily builds" should only come from trusted builders. But I'm also not 100% certain that PR builds absolutely need to have their builds artifacts publicly available...

At some point, while we're still on github, that is, there might also be a way to tie the system to the github "CI test results" (that is currently still hooked to travis). Although I really liked the freecadci bot ;)
User avatar
bernd
Veteran
Posts: 12849
Joined: Sun Sep 08, 2013 8:07 pm
Location: Zürich, Switzerland
Contact:

Re: Changes at TravisCI- affecting open source

Post by bernd »

yorik wrote: Wed Sep 29, 2021 7:55 am At some point, while we're still on github, that is, there might also be a way to tie the system to the github "CI test results" (that is currently still hooked to travis). Although I really liked the freecadci bot ;)
yes there is. I am on this one too.
User avatar
bernd
Veteran
Posts: 12849
Joined: Sun Sep 08, 2013 8:07 pm
Location: Zürich, Switzerland
Contact:

Re: Changes at TravisCI- affecting open source

Post by bernd »

improved the freecadci message ...

https://github.com/FreeCAD/FreeCAD/pull ... -930615020


screen2.png
screen2.png (11.16 KiB) Viewed 2025 times
Post Reply