Merge bitcoin/bitcoin#30193: ci: move ASan job to GitHub Actions from Cirrus CI

9eea51d905 ci: move Asan / LSan / USDT job to Github Actions (Max Edwards) 4b527fa93b ci: add IPV6 network to ci container (Max Edwards) Pull request description: PR for moving the ASAN + LSAN + USDT + friends job to github actions from Cirrus. The motivation for this PR is that this task needs a full VM (or bare metal) to function, because of the tracepoints. It can not run in a container on an arbitrary Linux, because the outside machine must exactly match the specification of the distro used in the CI task config. This requires more maintenance for the persistent worker, and I think moving to GHA will reduce the maintenance burden, or at least make it possible for anyone to work on. Also, it makes it easier to run the task on forks (bitcoin-inquisition, bitcoin-knots, devel forks, ...) without having to set-up a real machine. ACKs for top commit: maflcko: review ACK 9eea51d905 achow101: ACK 9eea51d905 hebasto: ACK 9eea51d905. Tree-SHA512: 1111c1c9e3a11e725dff1344643fff3c91fb9b4d7c1cc9a7d507a8f146f5223316a00272030b41ae37ecb59d044f2e90e1cd907450049b25f094f0b60643d4c7
2025-01-09 11:27:28 -03:00 · 2024-06-17 15:49:43 -04:00 · 2024-06-17 15:49:43 -04:00 · d97ddbe797
commit d97ddbe797
parent f011022d53 9eea51d905
4 changed files with 50 additions and 17 deletions
--- a/.cirrus.yml
+++ b/.cirrus.yml
@ -43,7 +43,6 @@ env:  # Global defaults
 # The following specific types should exist, with the following requirements:
 # - small: For an x86_64 machine, recommended to have 2 CPUs and 8 GB of memory.
 # - medium: For an x86_64 machine, recommended to have 4 CPUs and 16 GB of memory.
-# - noble: For a machine running the Linux kernel shipped with exaclty Ubuntu Noble 24.04. The machine is recommended to have 4 CPUs and 16 GB of memory.
 # - arm64: For an aarch64 machine, recommended to have 2 CPUs and 8 GB of memory.

 # https://cirrus-ci.org/guide/tips-and-tricks/#sharing-configuration-between-tasks
@ -159,19 +158,6 @@ task:
  env:
    FILE_ENV: "./ci/test/00_setup_env_native_msan.sh"

-task:
-  name: 'ASan + LSan + UBSan + integer, no depends, USDT'
-  enable_bpfcc_script:
-    # In the image build step, no external environment variables are available,
-    # so any settings will need to be written to the settings env file:
-    - sed -i "s|\${CIRRUS_CI}|true|g" ./ci/test/00_setup_env_native_asan.sh
-  << : *GLOBAL_TASK_TEMPLATE
-  persistent_worker:
-    labels:
-      type: noble  # Must use this specific worker (needed for USDT functional tests)
-  env:
-    FILE_ENV: "./ci/test/00_setup_env_native_asan.sh"
-
 task:
  name: 'fuzzer,address,undefined,integer, no depends'
  << : *GLOBAL_TASK_TEMPLATE
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@ -18,7 +18,6 @@ concurrency:
  cancel-in-progress: true

 env:
-  DANGER_RUN_CI_ON_HOST: 1
  CI_FAILFAST_TEST_LEAVE_DANGLING: 1  # GHA does not care about dangling processes and setting this variable avoids killing the CI script itself on error
  MAKEJOBS: '-j10'

@ -81,6 +80,7 @@ jobs:
    timeout-minutes: 120

    env:
+      DANGER_RUN_CI_ON_HOST: 1
      FILE_ENV: './ci/test/00_setup_env_mac_native.sh'
      BASE_ROOT_DIR: ${{ github.workspace }}

@ -304,3 +304,43 @@ jobs:
          BITCOINFUZZ: "${{ github.workspace}}\\src\\fuzz.exe"
        shell: cmd
        run: py -3 test\fuzz\test_runner.py --par %NUMBER_OF_PROCESSORS% --loglevel DEBUG %RUNNER_TEMP%\qa-assets\fuzz_seed_corpus
+
+  asan-lsan-ubsan-integer-no-depends-usdt:
+    name: 'ASan + LSan + UBSan + integer, no depends, USDT'
+    runs-on: ubuntu-24.04 # has to match container in ci/test/00_setup_env_native_asan.sh for tracing tools
+    # No need to run on the read-only mirror, unless it is a PR.
+    if: github.repository != 'bitcoin-core/gui' || github.event_name == 'pull_request'
+    timeout-minutes: 120
+    env:
+      FILE_ENV: "./ci/test/00_setup_env_native_asan.sh"
+      INSTALL_BCC_TRACING_TOOLS: true
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set Ccache directory
+        run: echo "CCACHE_DIR=${RUNNER_TEMP}/ccache_dir" >> "$GITHUB_ENV"
+
+      - name: Restore Ccache cache
+        id: ccache-cache
+        uses: actions/cache/restore@v4
+        with:
+          path: ${{ env.CCACHE_DIR }}
+          key: ${{ github.job }}-ccache-${{ github.run_id }}
+          restore-keys: ${{ github.job }}-ccache-
+
+      - name: Enable bpfcc script
+        # In the image build step, no external environment variables are available,
+        # so any settings will need to be written to the settings env file:
+        run: sed -i "s|\${INSTALL_BCC_TRACING_TOOLS}|true|g" ./ci/test/00_setup_env_native_asan.sh
+
+      - name: CI script
+        run: ./ci/test_run_all.sh
+
+      - name: Save Ccache cache
+        uses: actions/cache/save@v4
+        if: github.event_name != 'pull_request' && steps.ccache-cache.outputs.cache-hit != 'true'
+        with:
+          path: ${{ env.CCACHE_DIR }}
+          # https://github.com/actions/cache/blob/main/tips-and-workarounds.md#update-a-cache
+          key: ${{ github.job }}-ccache-${{ github.run_id }}
--- a/ci/test/00_setup_env_native_asan.sh
+++ b/ci/test/00_setup_env_native_asan.sh
@ -7,8 +7,10 @@
 export LC_ALL=C.UTF-8

 export CI_IMAGE_NAME_TAG="docker.io/ubuntu:24.04"
-# Only install BCC tracing packages in Cirrus CI.
-if [[ "${CIRRUS_CI}" == "true" ]]; then
+
+# Only install BCC tracing packages in CI. Container has to match the host for BCC to work.
+if [[ "${INSTALL_BCC_TRACING_TOOLS}" == "true" ]]; then
+  # Required for USDT functional tests to run
  BPFCC_PACKAGE="bpfcc-tools linux-headers-$(uname --kernel-release)"
  export CI_CONTAINER_CAP="--privileged -v /sys/kernel:/sys/kernel:rw"
 else
--- a/ci/test/02_run_container.sh
+++ b/ci/test/02_run_container.sh
@ -16,6 +16,7 @@ if [ -z "$DANGER_RUN_CI_ON_HOST" ]; then
  # System-dependent env vars must be kept as is. So read them from the container.
  docker run --rm "${CI_IMAGE_NAME_TAG}" bash -c "env | grep --extended-regexp '^(HOME|PATH|USER)='" | tee --append "/tmp/env-$USER-$CONTAINER_NAME"
  echo "Creating $CI_IMAGE_NAME_TAG container to run in"
+
  DOCKER_BUILDKIT=1 docker build \
      --file "${BASE_READ_ONLY_DIR}/ci/test_imagefile" \
      --build-arg "CI_IMAGE_NAME_TAG=${CI_IMAGE_NAME_TAG}" \
@ -23,11 +24,14 @@ if [ -z "$DANGER_RUN_CI_ON_HOST" ]; then
      --label="${CI_IMAGE_LABEL}" \
      --tag="${CONTAINER_NAME}" \
      "${BASE_READ_ONLY_DIR}"
+
  docker volume create "${CONTAINER_NAME}_ccache" || true
  docker volume create "${CONTAINER_NAME}_depends" || true
  docker volume create "${CONTAINER_NAME}_depends_sources" || true
  docker volume create "${CONTAINER_NAME}_previous_releases" || true

+  docker network create --ipv6 --subnet 1111:1111::/112 ci-ip6net || true
+
  if [ -n "${RESTART_CI_DOCKER_BEFORE_RUN}" ] ; then
    echo "Restart docker before run to stop and clear all containers started with --rm"
    podman container rm --force --all  # Similar to "systemctl restart docker"
@ -54,6 +58,7 @@ if [ -z "$DANGER_RUN_CI_ON_HOST" ]; then
                  --mount "type=volume,src=${CONTAINER_NAME}_previous_releases,dst=$PREVIOUS_RELEASES_DIR" \
                  --env-file /tmp/env-$USER-$CONTAINER_NAME \
                  --name "$CONTAINER_NAME" \
+                  --network ci-ip6net \
                  "$CONTAINER_NAME")
  export CI_CONTAINER_ID
  export CI_EXEC_CMD_PREFIX="docker exec ${CI_CONTAINER_ID}"