[Pulp-dev] Moving to Github Actions

Daniel Alley dalley at redhat.com
Wed Feb 5 17:09:55 UTC 2020

I think we should start by discussing what we ultimately want our CI to
look like.  Do we want to replace all of our CI with Centos CI, universally
and exclusively?  Do we want to run some tests on Centos CI nightly but
retain something simpler for our standard PR test matrix?

I definitely agree that we will want to test FIPS and SELinux, and those
things will probably need to be tested on Centos CI, and as such supporting
Centos CI is a really good goal to have, and something we will likely need
to do.  I think it's probably a fair statement though that the different CI
platforms have different strengths, and that even if switching exclusively
to Centos CI would be good for us (which I'm not sure that I believe), it
might not be the best thing for community members.

If one of our goals is to give plugin writers the means to test their
plugins as easily as possible, as you mention, then I would argue that
adding Github Actions support to the plugin template is one of the best
possible things we can do, as would start working instantly with zero setup
required (assuming the user's repo is hosted on github).  Whereas, Centos
CI requires a manually-approved signup request
to have your project added and also, the UI is simply more difficult to
use, not just in terms of complexity but in terms of
clicks-necessary-to-reach-useful-information.  I think it's likely that
most plugin writers would care about these things moreso than being able to
test FIPS or SELinux configs, which is important to us but not necessarily
to them.

And if we want to support instant, simple CI for plugin writers, which it
doesn't look like Centos CI really satisfies... then we should probably
additionally support something like Travis or (preferably) Github Actions,
and if we want it to actually be maintained appropriately then we need to
be also using it ourselves to some degree.

There are other benefits to using GHA as our "standard" CI as well -- on
Jenkins/CentosCI, it would not be so simple to set up a matrix of different
versions of Python or Postgresql or Redis to test against, whereas in GHA
it is dead simple.

I'm not arguing against Centos CI, but, do you think it would make sense to
run the jobs to test FIPS and SELinux nightly, as opposed to with every PR?

On Wed, Feb 5, 2020 at 10:31 AM Brian Bouterse <bmbouter at redhat.com> wrote:

> I'm concerned about the move to GH actions and also the timing. The
> benefits of lowering the CI runtime are really great, but I'm worried it
> isn't helping us towards our goals and even takes us further from them.
> I'm worried about double the outage risk. There are outages, and
> structurally repo CI pipelines that require more services are at more risk
> for total outage. This raises the risk of "total CI pipelines halting" in a
> concerning way for me. Trading runtime for risk I don't think is an overall
> win; I'd like to find a way to lower the runtime and keep risk the same or
> lower.
> Whatever we do I want to make sure we're doing it fully through the plugin
> template. Is this through the plugin template? If it isn't, or it requires
> additional steps to configure it than they had before, then I'm concerned
> about it taking us further from our goals of having the plugin writer take
> as much burden from the plugin writer as possible. I use this thinking to
> answer the question posed from daviddavis. My take is that the plugin
> template's goal is to make writing a plugin with great CI as easy as
> possible. It's design to be a quality improver and a time saver.
> Having the lower runtime is nice, but if we're going to put effort in the
> CI, I'd like to bring up prioritizing getting the plugin_template
> integrated with https://ci.centos.org/ as a high-value goal. I'm
> concerned that we're about to ship the SELinux policy and we have no way to
> test it. Similar concerns with certguard's dependency and its dependencies
> not being packaged on Ubuntu (so it's hard to run on Travis). Also, I'm
> concerned we don't have an environment to evaluate FIPS compatibility with.
> Relatively speaking if we can only do one of these two initiatives at this
> time, I believe we should do the CentOS CI.
> Lowering the runtime I'm really in favor of, so I hope these concerns
> prompt discussion more than stop the initiative. What do you all think?
> On Wed, Feb 5, 2020 at 9:05 AM David Davis <daviddavis at redhat.com> wrote:
>> Great question. IMO the main benefit in continuing to support Travis is
>> that we could better separate our test/deployment code from the CI specific
>> bits so that most of the plugin_template code could be CI agnostic. That
>> said, this would be more work. I think it comes down to whether we want our
>> plugin_template to be more opinionated or more configurable.
>> David
>> On Wed, Feb 5, 2020 at 8:18 AM Dana Walker <dawalker at redhat.com> wrote:
>>> +1 to moving to Github Actions.
>>> Can anyone think of reasons a plugin would want to stay with Travis
>>> specifically?  As fao89 pointed out on the issue, at least each plugin that
>>> does choose to move takes some of the workload with them to free up job
>>> runners for plugins that choose to remain.
>>> Dana Walker
>>> She / Her / Hers
>>> Software Engineer, Pulp Project
>>> Red Hat <https://www.redhat.com>
>>> dawalker at redhat.com
>>> <https://www.redhat.com>
>>> On Tue, Feb 4, 2020 at 10:26 AM David Davis <daviddavis at redhat.com>
>>> wrote:
>>>> Over the past year, we've experienced several growing pains with using
>>>> Travis as our CI/CD environment. Perhaps the biggest has been the
>>>> limitation of having only 3 concurrent job runners[0] across our entire
>>>> Pulp organization. At times, it has slowed development by bottlenecking the
>>>> merging of PRs and delayed numerous releases of Pulp.
>>>> Last year, Github introduced Github Actions which offers open source
>>>> projects 20 concurrent jobs[1]. I've filed an issue here to get feedback on
>>>> moving our repos and plugins to Github Actions:
>>>> https://pulp.plan.io/issues/6065
>>>> Also, @fao89 has opened a couple PoC PRs to demonstrate using Github
>>>> Actions:
>>>> https://github.com/pulp/pulp_file/pull/353
>>>> https://github.com/pulp/ansible-pulp/pull/217
>>>> You'll notice for example that the ansible-pulp build time went from
>>>> more than 1 hour[2] to 27 minutes[3] as all the jobs ran in parallel on
>>>> Github Actions.
>>>> Unless there are objections, we plan to merge the ansible-pulp PR this
>>>> week since it's CI configuration is independent from other pulp and plugin
>>>> repos (ie it doesn't use the plugin_template's Travis files).
>>>> We're hoping though to get feedback on whether we should move pulpcore
>>>> and plugin repos to Github Actions. If so, should we provide plugins with
>>>> the option to continue using Travis if they want?
>>>> If there's no objections by February 11, 2020, we'll proceed with
>>>> moving pulp_file to Github Actions and look at updating plugin_template.
>>>> [0] https://travis-ci.com/plans
>>>> [1]
>>>> https://help.github.com/en/actions/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#usage-limits
>>>> [2] https://travis-ci.org/pulp/ansible-pulp/builds/645651353
>>>> [3]
>>>> https://github.com/fabricio-aguiar/ansible-pulp/actions/runs/33601847
>>>> David
>>>> _______________________________________________
>>>> Pulp-dev mailing list
>>>> Pulp-dev at redhat.com
>>>> https://www.redhat.com/mailman/listinfo/pulp-dev
>>> _______________________________________________
>> Pulp-dev mailing list
>> Pulp-dev at redhat.com
>> https://www.redhat.com/mailman/listinfo/pulp-dev
> _______________________________________________
> Pulp-dev mailing list
> Pulp-dev at redhat.com
> https://www.redhat.com/mailman/listinfo/pulp-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pulp-dev/attachments/20200205/d529d634/attachment.htm>

More information about the Pulp-dev mailing list