Skip to content

Commit 3e5a20e

Browse files
gzgz
committed
Switch to k8s runners.
Also switch to dynamic tokens. Signed-off-by: Gerd Zellweger <mail@gerdzellweger.com>
1 parent 5e66878 commit 3e5a20e

16 files changed

+225
-121
lines changed

.github/workflows/build-docker-dev.yml

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -13,21 +13,24 @@ jobs:
1313
strategy:
1414
matrix:
1515
include:
16-
- runner: [self-hosted, skylake40]
16+
- runner: [k8s-runners-amd64]
1717
rust_target: x86_64-unknown-linux-gnu
1818
docker_arch: amd64
1919
docker_platform: linux/amd64
20-
- runner: [self-hosted, alteram128]
20+
- runner: [k8s-runners-arm64]
2121
rust_target: aarch64-unknown-linux-gnu
2222
docker_arch: arm64
2323
docker_platform: linux/arm64
2424
runs-on: ${{ matrix.runner }}
25+
container:
26+
image: ghcr.io/feldera/feldera-dev:sha-8781162739b57966b50e89e85730d522d08d3d87
2527

2628
steps:
2729
- name: Checkout Repository
2830
uses: actions/checkout@v4
2931

3032
- name: Prepare Platform Environment Variable
33+
shell: bash
3134
run: |
3235
platform=${{ matrix.docker_platform }}
3336
echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV

.github/workflows/build-docker.yml

Lines changed: 10 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -24,15 +24,17 @@ jobs:
2424
strategy:
2525
matrix:
2626
include:
27-
- runner: [self-hosted, skylake40]
27+
- runner: [k8s-runners-amd64]
2828
rust_target: x86_64-unknown-linux-gnu
2929
docker_arch: amd64
3030
docker_platform: linux/amd64
31-
- runner: [self-hosted, alteram128]
31+
- runner: [k8s-runners-arm64]
3232
rust_target: aarch64-unknown-linux-gnu
3333
docker_arch: arm64
3434
docker_platform: linux/arm64
3535
runs-on: ${{ matrix.runner }}
36+
container:
37+
image: ghcr.io/feldera/feldera-dev:sha-8781162739b57966b50e89e85730d522d08d3d87
3638

3739
steps:
3840
- name: Checkout Repository
@@ -64,6 +66,7 @@ jobs:
6466
ls -la ${{ steps.binaries.outputs.download-path }}
6567
6668
- name: Prepare Platform Environment Variable
69+
shell: bash
6770
run: |
6871
platform=${{ matrix.docker_platform }}
6972
echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV
@@ -102,12 +105,14 @@ jobs:
102105
cache-from: type=gha
103106
cache-to: type=gha,mode=max
104107

108+
# If you wonder why this needs to be $RUNNER_TEMP here
109+
# and not ${{ runner.temp }}: https://github.com/actions/runner/issues/2498
105110
- name: Export digest
106111
run: |
107-
rm -rf ${{ runner.temp }}/digests
108-
mkdir -p ${{ runner.temp }}/digests
112+
rm -rf $RUNNER_TEMP/digests
113+
mkdir -p $RUNNER_TEMP/digests
109114
digest="${{ steps.build.outputs.digest }}"
110-
touch "${{ runner.temp }}/digests/${digest#sha256:}"
115+
touch "$RUNNER_TEMP/digests/${digest#sha256:}"
111116
112117
- name: Upload digest
113118
uses: actions/upload-artifact@v4

.github/workflows/build-java.yml

Lines changed: 2 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -6,10 +6,9 @@ on:
66
jobs:
77
build-jar:
88
name: Build Compiler
9-
runs-on: [self-hosted, skylake40]
9+
runs-on: [k8s-runners-amd64]
1010
container:
11-
image: ghcr.io/feldera/feldera-dev:sha-cfae3f2af7e7676dde51af39ed76332f67d91b6a
12-
options: --user=ubuntu
11+
image: ghcr.io/feldera/feldera-dev:sha-8781162739b57966b50e89e85730d522d08d3d87
1312
steps:
1413
- name: Checkout repository
1514
uses: actions/checkout@v4

.github/workflows/build-rust.yml

Lines changed: 32 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -7,8 +7,12 @@ env:
77
CARGO_FLAGS: "--release --locked --all-targets --features pubsub-emulator-test,iceberg-tests-fs,iceberg-tests-glue"
88
FELDERA_PLATFORM_VERSION_SUFFIX: ${{ github.sha }}
99
RUSTC_WRAPPER: sccache
10-
SCCACHE_DIR: /sccache
11-
SCCACHE_CACHE_SIZE: 512G
10+
SCCACHE_CACHE_SIZE: ${{ vars.SCCACHE_CACHE_SIZE }}
11+
SCCACHE_BUCKET: ${{ vars.SCCACHE_BUCKET }}
12+
SCCACHE_ENDPOINT: ${{ vars.SCCACHE_ENDPOINT }}
13+
SCCACHE_REGION: ${{ vars.SCCACHE_REGION }}
14+
AWS_ACCESS_KEY_ID: "${{ secrets.CI_K8S_MINIO_ACCESS_KEY_ID }}"
15+
AWS_SECRET_ACCESS_KEY: "${{ secrets.CI_K8S_MINIO_SECRET_ACCESS_KEY }}"
1216

1317
jobs:
1418
build-rust:
@@ -18,32 +22,48 @@ jobs:
1822
strategy:
1923
matrix:
2024
include:
21-
- runner: [self-hosted, skylake40]
25+
- runner: [k8s-runners-amd64]
2226
arch: x86_64
2327
target: x86_64-unknown-linux-gnu
24-
- runner: [self-hosted, alteram128]
28+
- runner: [k8s-runners-arm64]
2529
arch: aarch64
2630
target: aarch64-unknown-linux-gnu
2731
runs-on: ${{ matrix.runner }}
2832

2933
container:
30-
image: ghcr.io/feldera/feldera-dev:sha-cfae3f2af7e7676dde51af39ed76332f67d91b6a
31-
options: --user=ubuntu
32-
volumes:
33-
- /sccache:/sccache
34+
image: ghcr.io/feldera/feldera-dev:sha-8781162739b57966b50e89e85730d522d08d3d87
3435

3536
steps:
3637
- name: Checkout repository
3738
uses: actions/checkout@v4
3839

40+
- name: Cache Cargo registry and index
41+
uses: actions/cache@v4
42+
with:
43+
path: |
44+
~/.cargo/registry
45+
~/.cargo/git
46+
key: cargo-registry-${{ runner.os }}-${{ matrix.target }}-${{ hashFiles('**/Cargo.lock') }}
47+
restore-keys: |
48+
cargo-registry-${{ runner.os }}-${{ matrix.target }}-
49+
50+
# Thanks to rust cargo non-sense it's too hard to split this into test job
51+
#
52+
# limiting jobs with --test-threads 18: doc test call the linker for every test, on arm machines
53+
# this can lead up to 128 parallel linkers being used OOM'ing the pod
54+
# https://github.com/rust-lang/cargo/issues/10702
55+
- name: Run Rust doc tests
56+
if: matrix.arch == 'x86_64'
57+
run: |
58+
# Don't build the webconsole again for rust tests
59+
export WEBCONSOLE_BUILD_DIR="$(mktemp -d)"
60+
touch $WEBCONSOLE_BUILD_DIR/index.html
61+
cargo test --locked --doc --workspace -- --test-threads 18
62+
3963
- name: Build Rust binaries
4064
run: |
4165
cargo build ${{ env.CARGO_FLAGS }} --target=${{ matrix.target }}
4266
43-
# Thanks to rust cargo non-sense it's too hard to split this into separate build and test jobs
44-
- name: Run Rust doc tests
45-
run: cargo test --locked --doc --workspace
46-
4767
- name: Print sccache stats
4868
run: |
4969
sccache --show-stats

.github/workflows/ci-post-release.yml

Lines changed: 8 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,12 @@ on:
66

77
env:
88
RUSTC_WRAPPER: sccache
9-
SCCACHE_DIR: /sccache
9+
SCCACHE_CACHE_SIZE: ${{ vars.SCCACHE_CACHE_SIZE }}
10+
SCCACHE_BUCKET: ${{ vars.SCCACHE_BUCKET }}
11+
SCCACHE_ENDPOINT: ${{ vars.SCCACHE_ENDPOINT }}
12+
SCCACHE_REGION: ${{ vars.SCCACHE_REGION }}
13+
AWS_ACCESS_KEY_ID: "${{ secrets.CI_K8S_MINIO_ACCESS_KEY_ID }}"
14+
AWS_SECRET_ACCESS_KEY: "${{ secrets.CI_K8S_MINIO_SECRET_ACCESS_KEY }}"
1015

1116
jobs:
1217
publish-python:
@@ -19,12 +24,9 @@ jobs:
1924
secrets: inherit
2025

2126
adjust-versions:
22-
runs-on: [self-hosted, skylake40]
27+
runs-on: [k8s-runners-amd64]
2328
container:
24-
image: ghcr.io/feldera/feldera-dev:sha-cfae3f2af7e7676dde51af39ed76332f67d91b6a
25-
options: --user=ubuntu
26-
volumes:
27-
- /sccache:/sccache
29+
image: ghcr.io/feldera/feldera-dev:sha-8781162739b57966b50e89e85730d522d08d3d87
2830
steps:
2931
- uses: actions/checkout@v4
3032
with:

.github/workflows/ci-pre-mergequeue.yml

Lines changed: 42 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -6,31 +6,58 @@ on:
66

77
env:
88
RUSTC_WRAPPER: sccache
9-
SCCACHE_DIR: /sccache
10-
SCCACHE_CACHE_SIZE: 512G
11-
12-
permissions:
13-
contents: write
9+
SCCACHE_CACHE_SIZE: ${{ vars.SCCACHE_CACHE_SIZE }}
10+
SCCACHE_BUCKET: ${{ vars.SCCACHE_BUCKET }}
11+
SCCACHE_ENDPOINT: ${{ vars.SCCACHE_ENDPOINT }}
12+
SCCACHE_REGION: ${{ vars.SCCACHE_REGION }}
13+
AWS_ACCESS_KEY_ID: "${{ secrets.CI_K8S_MINIO_ACCESS_KEY_ID }}"
14+
AWS_SECRET_ACCESS_KEY: "${{ secrets.CI_K8S_MINIO_SECRET_ACCESS_KEY }}"
1415

1516
jobs:
1617
# This job needs to be called main (the same as the ci.yml workflow)
1718
# because of how merge queues work: https://stackoverflow.com/a/78030618
1819
main:
1920
container:
20-
image: ghcr.io/feldera/feldera-dev:sha-cfae3f2af7e7676dde51af39ed76332f67d91b6a
21-
options: --user=ubuntu
22-
volumes:
23-
- /sccache:/sccache
24-
runs-on: [self-hosted]
21+
image: ghcr.io/feldera/feldera-dev:sha-8781162739b57966b50e89e85730d522d08d3d87
22+
runs-on: [k8s-runners-amd64]
2523
steps:
24+
- name: Generate GitHub App token
25+
id: app-token
26+
uses: actions/create-github-app-token@v2
27+
with:
28+
app-id: ${{ vars.CI_ACCESS_APP_ID }}
29+
private-key: ${{ secrets.CI_ACCESS_APP_PKEY }}
30+
permission-contents: write
31+
2632
- uses: actions/checkout@v4
2733
with:
28-
token: ${{ secrets.CI_RELEASE }}
29-
- uses: actions/cache@v4
34+
# This needs to be set to a token to trigger a follow-up workflow
35+
# in case some changes were corrected.
36+
token: ${{ steps.app-token.outputs.token }}
37+
38+
- name: Cache uv pre-commit environments
39+
uses: actions/cache@v4
3040
with:
31-
path: ~/.cache/pre-commit
32-
key: pre-commit-3|${{ hashFiles('.pre-commit-config.yaml') }}
33-
- run: pre-commit run --show-diff-on-failure --color=always --all-files
41+
path: |
42+
~/.cache/pre-commit
43+
~/.cache/uv
44+
key: pre-commit-uv-1|${{ hashFiles('.pre-commit-config.yaml') }}
45+
46+
- name: Cache Cargo registry and index
47+
uses: actions/cache@v4
48+
with:
49+
path: |
50+
~/.cargo/registry
51+
~/.cargo/git
52+
key: cargo-registry-${{ runner.os }}-${{ matrix.target }}-${{ hashFiles('**/Cargo.lock') }}
53+
restore-keys: |
54+
cargo-registry-${{ runner.os }}-${{ matrix.target }}-
55+
56+
- run: |
57+
# Don't build the webconsole for rust checks
58+
export WEBCONSOLE_BUILD_DIR="$(mktemp -d)"
59+
touch $WEBCONSOLE_BUILD_DIR/index.html
60+
pre-commit run --show-diff-on-failure --color=always --all-files
3461
shell: bash
3562
if: ${{ vars.CI_DRY_RUN != 'true' }}
3663
- name: Print sccache stats

.github/workflows/ci-release.yml

Lines changed: 12 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,15 @@ jobs:
1111
release:
1212
runs-on: ubuntu-latest
1313
steps:
14+
- name: Generate GitHub App token
15+
id: app-token
16+
uses: actions/create-github-app-token@v2
17+
with:
18+
app-id: ${{ vars.CI_ACCESS_APP_ID }}
19+
private-key: ${{ secrets.CI_ACCESS_APP_PKEY }}
20+
owner: ${{ github.repository_owner }}
21+
permission-contents: write
22+
1423
- name: Set SHA_TO_RELEASE and CURRENT_VERSION
1524
run: |
1625
echo "CURRENT_VERSION=${{ github.event.client_payload.version }}" >> $GITHUB_ENV
@@ -63,7 +72,7 @@ jobs:
6372
sql2dbsp-jar-with-dependencies-v${{ env.CURRENT_VERSION }}.jar
6473
# A custom token is necessary so the ci-post-release.yml workflow is triggered
6574
# see also https://github.com/softprops/action-gh-release/issues/59
66-
token: ${{ secrets.CI_RELEASE }}
75+
token: ${{ steps.app-token.outputs.token }}
6776

6877
- name: Configure AWS Credentials
6978
uses: aws-actions/configure-aws-credentials@v4
@@ -84,10 +93,10 @@ jobs:
8493

8594
- name: Deploy docs.feldera.com
8695
if: ${{ vars.RELEASE_DRY_RUN == 'false' }}
87-
uses: JamesIves/github-pages-deploy-action@v4
96+
uses: JamesIves/github-pages-deploy-action@6c2d9db40f9296374acc17b90404b6e8864128c8
8897
with:
8998
folder: docs
90-
token: ${{ secrets.CI_RELEASE }}
99+
token: ${{ steps.app-token.outputs.token }}
91100
branch: ${{ vars.DOCS_PUBLISH_BRANCH }}
92101
git-config-name: feldera-ci
93102
git-config-email: dev@feldera.com

.github/workflows/ci.yml

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,7 @@ jobs:
88
invoke-build-rust:
99
name: Build Rust
1010
uses: ./.github/workflows/build-rust.yml
11+
secrets: inherit
1112

1213
invoke-build-java:
1314
name: Build Java
@@ -17,11 +18,13 @@ jobs:
1718
invoke-build-docs:
1819
name: Build Docs
1920
uses: ./.github/workflows/build-docs.yml
21+
secrets: inherit
2022

2123
invoke-tests-unit:
2224
name: Unit Tests
2325
needs: [invoke-build-rust, invoke-build-java]
2426
uses: ./.github/workflows/test-unit.yml
27+
secrets: inherit
2528

2629
invoke-tests-adapter:
2730
name: Adapter Tests
@@ -33,16 +36,19 @@ jobs:
3336
name: Build Docker
3437
needs: [invoke-build-rust, invoke-build-java]
3538
uses: ./.github/workflows/build-docker.yml
39+
secrets: inherit
3640

3741
invoke-tests-integration:
3842
name: Integration Tests
3943
needs: [invoke-build-docker]
4044
uses: ./.github/workflows/test-integration.yml
45+
secrets: inherit
4146

4247
invoke-tests-java:
4348
name: Java Tests
4449
needs: [invoke-build-java]
4550
uses: ./.github/workflows/test-java.yml
51+
secrets: inherit
4652

4753
# This job needs to be called main (the same as the ci-pre-mergequeue.yml workflow)
4854
# because of how merge queues work: https://stackoverflow.com/a/78030618
@@ -62,5 +68,5 @@ jobs:
6268
steps:
6369
- name: Finalize Workflow
6470
run: echo "All tasks completed!"
65-
- if: ${{ contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled') || contains(needs.*.result, 'skipped') }}
71+
- if: ${{ contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled') }}
6672
run: exit 1

.github/workflows/publish-crates.yml

Lines changed: 2 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -9,12 +9,9 @@ on:
99

1010
jobs:
1111
deploy:
12-
runs-on: [self-hosted, skylake40]
12+
runs-on: [k8s-runners-amd64]
1313
container:
14-
image: ghcr.io/feldera/feldera-dev:sha-cfae3f2af7e7676dde51af39ed76332f67d91b6a
15-
options: --user=ubuntu
16-
volumes:
17-
- /sccache:/sccache
14+
image: ghcr.io/feldera/feldera-dev:sha-8781162739b57966b50e89e85730d522d08d3d87
1815
steps:
1916
- uses: actions/checkout@v4
2017

0 commit comments

Comments
 (0)