studio/tuwunel
2
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Docker Bake Harness

Browse Source 
Co-authored-by: Nineko <cnotsomark@gmail.com>
Signed-off-by: Jason Volk <jason@zemos.net>
This commit is contained in:
Jason Volk
2025-03-15 04:23:24 +00:00
parent d32bc5ed2a
commit c5de46e3e1
18 changed files with 2418 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
.dockerignore
View File

@@ -1,27 +1,31 @@
# Local build and dev artifacts # Local build and dev artifacts
target target/
tests #tests
# Docker files # Docker files
Dockerfile* Dockerfile*
docker/
# IDE files # IDE files
.vscode .vscode
.idea .idea
*.iml *.iml
.
# Git folder # Git folder
.git #.git
.gitea #.gitea
.gitlab #.gitlab
.github #.github
# Dot files # Dot files
.env .env
.gitignore #.gitignore
# Toml files # Toml files
rustfmt.toml #rustfmt.toml
# Documentation # Documentation
#*.md #*.md
*.hcl

90
.github/workflows/bake.yml vendored Normal file
View File

@@ -0,0 +1,90 @@
name: Bakery
on:
workflow_call:
inputs:
bake_targets:
type: string
required: false
default: '["default"]'
description: Bake targets
cargo_profiles:
type: string
required: false
default: '["test", "bench"]'
description: Cargo profiles
docker_id:
type: string
required: false
description: Dockerhub acct/repo identity.
feat_sets:
type: string
required: false
default: '["none", "default", "all"]'
description: Cargo feature groups
machines:
type: string
required: false
default: '["x86_64"]'
description: Hardware platform vector
rust_targets:
type: string
required: false
default: '["x86_64-unknown-linux-gnu"]'
description: Rust targets
rust_toolchains:
type: string
required: false
default: '["nightly", "stable"]'
description: Rust toolchains
sys_names:
type: string
required: false
default: '["debian"]'
description: System names
sys_targets:
type: string
required: false
default: '["x86_64-linux-gnu"]'
description: System targets
sys_versions:
type: string
required: false
default: '["testing-slim"]'
description: System versions
env:
docker_id: ${{inputs.docker_id}}
jobs:
task:
runs-on: ${{matrix.machine}}
strategy:
fail-fast: false
matrix:
bake_target: ${{fromJSON(inputs.bake_targets)}}
cargo_profile: ${{fromJSON(inputs.cargo_profiles)}}
feat_set: ${{fromJSON(inputs.feat_sets)}}
machine: ${{fromJSON(inputs.machines)}}
rust_target: ${{fromJSON(inputs.rust_targets)}}
rust_toolchain: ${{fromJSON(inputs.rust_toolchains)}}
sys_name: ${{fromJSON(inputs.sys_names)}}
sys_target: ${{fromJSON(inputs.sys_targets)}}
sys_version: ${{fromJSON(inputs.sys_versions)}}
steps:
- uses: actions/checkout@v3
- name: Task
env:
bake_target: ${{matrix.bake_target}}
cargo_profile: ${{matrix.cargo_profile}}
feat_set: ${{matrix.feat_set}}
machine: ${{matrix.machine}}
rust_target: ${{matrix.rust_target}}
rust_toolchain: ${{matrix.rust_toolchain}}
sys_name: ${{matrix.sys_name}}
sys_target: ${{matrix.sys_target}}
sys_version: ${{matrix.sys_version}}
run: |
docker/bake.sh ${{matrix.bake_target}}

165
.github/workflows/build.yml vendored Normal file
View File

@@ -0,0 +1,165 @@
name: Build
on:
push:
branches:
- main
workflow_dispatch:
inputs:
bake:
type: string
required: false
description: JSON Object of inputs passed to the environment
concurrency:
group: ${{github.workflow}}-${{github.ref}}
cancel-in-progress: true
env:
docker_id: ${{vars.DOCKER_ID}}
inputs: ${{github.event.inputs}}
jobs:
systems:
name: Base Environment
uses: ./.github/workflows/bake.yml
with:
bake_targets: '["systems"]'
cargo_profiles: ${{vars.CARGO_PROFILES}}
docker_id: ${{github.env.docker_id}}
feat_sets: ${{vars.FEAT_SETS}}
machines: ${{vars.MACHINES}}
rust_targets: ${{vars.RUST_TARGETS}}
rust_toolchains: ${{vars.RUST_TOOLCHAINS}}
sys_names: ${{vars.SYS_NAMES}}
sys_targets: ${{vars.SYS_TARGETS}}
sys_versions: ${{vars.SYS_VERSIONS}}
buildsys:
name: Build Environment
uses: ./.github/workflows/bake.yml
needs: [systems]
with:
bake_targets: '["buildsys"]'
cargo_profiles: ${{vars.CARGO_PROFILES}}
docker_id: ${{github.env.docker_id}}
feat_sets: ${{vars.FEAT_SETS}}
machines: ${{vars.MACHINES}}
rust_targets: ${{vars.RUST_TARGETS}}
rust_toolchains: ${{vars.RUST_TOOLCHAINS}}
sys_names: ${{vars.SYS_NAMES}}
sys_targets: ${{vars.SYS_TARGETS}}
sys_versions: ${{vars.SYS_VERSIONS}}
sources:
name: Acquire Source
uses: ./.github/workflows/bake.yml
needs: [buildsys]
with:
bake_targets: '["sources"]'
cargo_profiles: ${{vars.CARGO_PROFILES}}
docker_id: ${{github.env.docker_id}}
feat_sets: ${{vars.FEAT_SETS}}
machines: ${{vars.MACHINES}}
rust_targets: ${{vars.RUST_TARGETS}}
rust_toolchains: ${{vars.RUST_TOOLCHAINS}}
sys_names: ${{vars.SYS_NAMES}}
sys_targets: ${{vars.SYS_TARGETS}}
sys_versions: ${{vars.SYS_VERSIONS}}
rocksdb:
name: Build RocksDB
uses: ./.github/workflows/bake.yml
needs: [sources]
with:
bake_targets: '["rocksdb"]'
cargo_profiles: ${{vars.CARGO_PROFILES}}
docker_id: ${{github.env.docker_id}}
feat_sets: ${{vars.FEAT_SETS}}
machines: ${{vars.MACHINES}}
rust_targets: ${{vars.RUST_TARGETS}}
rust_toolchains: ${{vars.RUST_TOOLCHAINS}}
sys_names: ${{vars.SYS_NAMES}}
sys_targets: ${{vars.SYS_TARGETS}}
sys_versions: ${{vars.SYS_VERSIONS}}
deps:
name: Build Dependencies
uses: ./.github/workflows/bake.yml
needs: [rocksdb]
with:
bake_targets: '["deps"]'
cargo_profiles: ${{vars.CARGO_PROFILES}}
docker_id: ${{github.env.docker_id}}
feat_sets: ${{vars.FEAT_SETS}}
machines: ${{vars.MACHINES}}
rust_targets: ${{vars.RUST_TARGETS}}
rust_toolchains: ${{vars.RUST_TOOLCHAINS}}
sys_names: ${{vars.SYS_NAMES}}
sys_targets: ${{vars.SYS_TARGETS}}
sys_versions: ${{vars.SYS_VERSIONS}}
clippy:
name: Clippy Lints
uses: ./.github/workflows/bake.yml
needs: [deps]
with:
bake_targets: '["clippy"]'
cargo_profiles: ${{vars.CARGO_PROFILES}}
docker_id: ${{github.env.docker_id}}
feat_sets: ${{vars.FEAT_SETS}}
machines: ${{vars.MACHINES}}
rust_targets: ${{vars.RUST_TARGETS}}
rust_toolchains: ${{vars.RUST_TOOLCHAINS}}
sys_names: ${{vars.SYS_NAMES}}
sys_targets: ${{vars.SYS_TARGETS}}
sys_versions: ${{vars.SYS_VERSIONS}}
install:
name: Install
uses: ./.github/workflows/bake.yml
needs: [deps]
with:
bake_targets: '["install"]'
cargo_profiles: ${{vars.CARGO_PROFILES}}
docker_id: ${{github.env.docker_id}}
feat_sets: ${{vars.FEAT_SETS}}
machines: ${{vars.MACHINES}}
rust_targets: ${{vars.RUST_TARGETS}}
rust_toolchains: ${{vars.RUST_TOOLCHAINS}}
sys_names: ${{vars.SYS_NAMES}}
sys_targets: ${{vars.SYS_TARGETS}}
sys_versions: ${{vars.SYS_VERSIONS}}
tests-unit:
name: Unit Tests
uses: ./.github/workflows/bake.yml
needs: [deps]
with:
bake_targets: '["tests-unit"]'
cargo_profiles: ${{vars.CARGO_PROFILES}}
docker_id: ${{github.env.docker_id}}
feat_sets: ${{vars.FEAT_SETS}}
machines: ${{vars.MACHINES}}
rust_targets: ${{vars.RUST_TARGETS}}
rust_toolchains: ${{vars.RUST_TOOLCHAINS}}
sys_names: ${{vars.SYS_NAMES}}
sys_targets: ${{vars.SYS_TARGETS}}
sys_versions: ${{vars.SYS_VERSIONS}}
smoketest:
name: Smoke Tests
uses: ./.github/workflows/bake.yml
needs: [install]
with:
bake_targets: '["tests-smoke"]'
cargo_profiles: ${{vars.CARGO_PROFILES}}
docker_id: ${{github.env.docker_id}}
feat_sets: ${{vars.FEAT_SETS}}
machines: ${{vars.MACHINES}}
rust_targets: ${{vars.RUST_TARGETS}}
rust_toolchains: ${{vars.RUST_TOOLCHAINS}}
sys_names: ${{vars.SYS_NAMES}}
sys_targets: ${{vars.SYS_TARGETS}}
sys_versions: ${{vars.SYS_VERSIONS}}

26
Cargo.toml
View File

@@ -668,7 +668,8 @@ lto = "fat"
codegen-units = 1 codegen-units = 1
panic = "abort" panic = "abort"
# do not use without profile-rustflags enabled # do not use without profile-rustflags enabled. uncomment ALL the sections for
# profile.release-max-perf
[profile.release-max-perf] [profile.release-max-perf]
inherits = "release" inherits = "release"
strip = "symbols" strip = "symbols"
@@ -710,7 +711,8 @@ inherits = "release-max-perf.build-override"
#] #]
[profile.bench] [profile.bench]
inherits = "release" debug = "limited"
strip = false
#rustflags = [ #rustflags = [
# "-Cremark=all", # "-Cremark=all",
# '-Ztime-passes', # '-Ztime-passes',
@@ -731,10 +733,6 @@ inherits = "release"
[profile.dev] [profile.dev]
debug = "full" debug = "full"
opt-level = 0
panic = "unwind"
debug-assertions = true
incremental = true
#rustflags = [ #rustflags = [
# '--cfg', 'tuwunel_mods', # '--cfg', 'tuwunel_mods',
# '-Ztime-passes', # '-Ztime-passes',
@@ -794,7 +792,7 @@ inherits = "dev"
[profile.dev.package.'*'] [profile.dev.package.'*']
inherits = "dev" inherits = "dev"
debug = 'limited' debug = "limited"
incremental = false incremental = false
codegen-units = 1 codegen-units = 1
opt-level = 'z' opt-level = 'z'
@@ -813,19 +811,13 @@ opt-level = 'z'
# primarily used for CI # primarily used for CI
[profile.test] [profile.test]
inherits = "dev" debug = "limited"
strip = false
opt-level = 0
codegen-units = 16
incremental = false
[profile.test.package.'*'] [profile.test.package.'*']
inherits = "dev" inherits = "test"
debug = 0
strip = false
opt-level = 0
codegen-units = 16
incremental = false incremental = false
codegen-units = 1
opt-level = 'z'
############################################################################### ###############################################################################
# #

37
docker/Dockerfile.cargo Normal file
View File

@@ -0,0 +1,37 @@
# syntax = docker/dockerfile:1.11-labs
FROM input AS cargo
ARG sys_target
ARG rust_toolchain
ARG RUSTUP_HOME
ARG CARGO_HOME
ARG CARGO_TARGET
ARG CARGO_TARGET_DIR
ARG cargo_profile
ARG cargo_features
ARG cargo_cmd
ARG cargo_args=""
WORKDIR /usr/lib/${sys_target}
COPY --link --from=rocksdb . .
WORKDIR /usr/src/tuwunel
RUN \
--mount=type=cache,dst=${RUSTUP_HOME},sharing=locked \
--mount=type=cache,dst=${CARGO_HOME},sharing=locked \
--mount=type=cache,dst=${CARGO_TARGET_DIR},sharing=shared \
<<EOF
env
set -eux
rustup run ${rust_toolchain} \
cargo ${cargo_cmd} \
--frozen \
--workspace \
--no-default-features \
--features "${cargo_features}" \
--profile "${cargo_profile}" \
--target "${CARGO_TARGET}" \
--target-dir "${CARGO_TARGET_DIR}" \
--manifest-path Cargo.toml \
${cargo_args}
EOF

269
docker/Dockerfile.complement Normal file
View File

@@ -0,0 +1,269 @@
# syntax = docker/dockerfile:1.11-labs
FROM input AS key-gen-base
ARG var_cache
ARG var_lib_apt
RUN \
--mount=type=cache,dst=${var_cache},sharing=locked \
--mount=type=cache,dst=${var_lib_apt},sharing=locked \
<<EOF
set -eux
apt-get -y -U install --no-install-recommends openssl gawk
EOF
FROM key-gen-base AS key-gen
WORKDIR /complement
COPY <<EOF v3.ext
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = hs1
DNS.2 = hs2
DNS.3 = hs3
EOF
RUN <<EOF
set -eux
mkdir ca
openssl genrsa \
-out private_key.pem \
2048
openssl req \
-new \
-sha256 \
-key private_key.pem \
-subj "/C=US/ST=CA/O=MyOrg, Inc./CN=hs1" \
-addext "subjectAltName = DNS:hs1, DNS:hs2, DNS:hs3" \
-out signing_request.csr
openssl x509 \
-req \
-extfile v3.ext \
-in signing_request.csr \
-key private_key.pem \
-out certificate.crt \
-days 1 \
-sha256
EOF
RUN [ -f certificate.crt ] && [ -f private_key.pem ]
FROM scratch AS complement-config
WORKDIR /complement
COPY --from=key-gen /complement/* .
COPY --from=source /usr/src/tuwunel/tests/test_results/complement/test_results.jsonl old_results.jsonl
COPY <<EOF complement.toml
[global]
address = "0.0.0.0"
allow_device_name_federation = true
allow_guest_registration = true
allow_public_room_directory_over_federation = true
allow_public_room_directory_without_auth = true
allow_registration = true
database_path = "/database"
log = "debug,tuwunel=trace,h2=warn,hyper=warn"
port = [8008, 8448]
trusted_servers = []
only_query_trusted_key_servers = false
query_trusted_key_servers_first = false
query_trusted_key_servers_first_on_join = false
yes_i_am_very_very_sure_i_want_an_open_registration_server_prone_to_abuse = true
ip_range_denylist = []
url_preview_domain_contains_allowlist = ["*"]
url_preview_domain_explicit_denylist = ["*"]
media_compat_file_link = false
media_startup_check = true
prune_missing_media = true
log_colors = false
admin_room_notices = false
allow_check_for_updates = false
intentionally_unknown_config_option_for_testing = true
rocksdb_log_level = "debug"
rocksdb_max_log_files = 1
rocksdb_recovery_mode = 0
rocksdb_paranoid_file_checks = true
log_guest_registrations = false
allow_legacy_media = true
startup_netburst = true
startup_netburst_keep = -1
# valgrind makes things so slow
dns_timeout = 60
dns_attempts = 20
request_conn_timeout = 60
request_timeout = 120
well_known_conn_timeout = 60
well_known_timeout = 60
federation_idle_timeout = 300
sender_timeout = 300
sender_idle_timeout = 300
sender_retry_backoff_limit = 300
allow_invalid_tls_certificates_yes_i_know_what_the_fuck_i_am_doing_with_this_and_i_know_this_is_insecure = true
[global.tls]
certs = "/complement/certificate.crt"
dual_protocol = true
key = "/complement/private_key.pem"
EOF
FROM input AS complement-testee
EXPOSE 8008 8448
RUN mkdir /database
COPY --from=complement-config * /complement/
ENV TUWUNEL_CONFIG="/complement/complement.toml"
ENTRYPOINT tuwunel -Oserver_name=\""$SERVER_NAME\""
FROM input AS complement-testee-valgrind
EXPOSE 8008 8448
RUN mkdir /database
COPY --from=complement-config * /complement/
ENV TUWUNEL_CONFIG="/complement/complement.toml"
ENTRYPOINT valgrind \
--leak-check=no \
--undef-value-errors=no \
--exit-on-first-error=yes \
--error-exitcode=1 \
tuwunel \
-Oserver_name=\""$SERVER_NAME\""
FROM input AS complement-base
ARG var_cache
ARG var_lib_apt
ARG complement_tags="tuwunel_blacklist"
ARG complement_tests="./tests/..."
ARG complement_run=".*"
WORKDIR /
RUN \
--mount=type=cache,dst=${var_cache},sharing=locked \
--mount=type=cache,dst=${var_lib_apt},sharing=locked \
--mount=type=cache,dst=/go/pkg/mod/cache,sharing=locked \
<<EOF
set -eux
apt-get -y -U install --no-install-recommends golang-go jq
EOF
WORKDIR /usr/src
ADD https://github.com/matrix-construct/complement.git complement
WORKDIR /usr/src/complement
ENV COMPLEMENT_BASE_IMAGE="complement-testee"
RUN \
--mount=type=cache,dst=/go/pkg/mod/cache,sharing=locked \
<<EOF
env
set -eux
go test -tags="$complement_tags" -list="$complement_run" $complement_tests
EOF
FROM input AS complement-tester
ARG complement_debug=0
ARG complement_count=1
ARG complement_parallel=16
ARG complement_shuffle=1337
ARG complement_timeout="1h"
ARG complement_run=".*"
ARG complement_skip=""
ARG complement_tags="tuwunel_blacklist"
ARG complement_tests="./tests/..."
ARG complement_base_image
ENV COMPLEMENT_DEBUG=$complement_debug
ENV complement_parallel="$complement_parallel"
ENV complement_shuffle="$complement_shuffle"
ENV complement_tags="$complement_tags"
ENV complement_timeout="$complement_timeout"
ENV complement_count="$complement_count"
ENV complement_tests="$complement_tests"
ENV complement_skip="$complement_skip"
ENV complement_run="$complement_run"
ENV complement_tests="$complement_tests"
ENV COMPLEMENT_HOSTNAME_RUNNING_COMPLEMENT="host.docker.internal"
ENV COMPLEMENT_HOST_MOUNTS="/var/run/docker.sock:/var/run/docker.sock"
ENV jq_res='{Action: .Action, Test: .Test}'
ENV jq_sel='select((.Action == \"pass\" or .Action == \"fail\" or .Action == \"skip\") and .Test != null)'
ENV jq_tab='([\"RESULT\",\"TEST\"] | (., map(length*\"-\"))), (.[] | [.Action, .Test]) | @tsv'
WORKDIR /usr/src/complement
COPY --from=complement-config /complement/old_results.jsonl .
COPY <<EOF uwu.sh
env;
set -eux;
COMPLEMENT_BASE_IMAGE="\${1:-$complement_base_image}"
go test
-json
-shuffle="${complement_shuffle}"
-parallel="${complement_parallel}"
-timeout="${complement_timeout}"
-count="${complement_count}"
-tags="${complement_tags}"
-skip="${complement_skip}"
-run="${complement_run}"
"${complement_tests}"
| jq -c "${jq_sel} | ${jq_res}"
| tee results.jsonl
| jq -s -r "${jq_tab}"
;
jq -s -c "sort_by(.Test)[]" < results.jsonl | uniq > new_results.jsonl;
wc -l old_results.jsonl new_results.jsonl;
diff -w -y -t --width=275 --suppress-common-lines old_results.jsonl new_results.jsonl;
EOF
RUN echo $(tr -d '\n' < uwu.sh) > uwu.sh
ENTRYPOINT ["/bin/bash", "/usr/src/complement/uwu.sh"]
FROM input AS complement-tester-valgrind
ARG complement_debug=0
ARG complement_count=1
ARG complement_parallel=16
ARG complement_shuffle=1337
ARG complement_timeout="1h"
ARG complement_run=".*"
ARG complement_skip=""
ARG complement_tags="tuwunel_blacklist"
ARG complement_tests="./tests/..."
ARG complement_base_image
ENV COMPLEMENT_DEBUG=$complement_debug
ENV complement_parallel="$complement_parallel"
ENV complement_shuffle="$complement_shuffle"
ENV complement_tags="$complement_tags"
ENV complement_timeout="$complement_timeout"
ENV complement_count="$complement_count"
ENV complement_tests="$complement_tests"
ENV complement_skip="$complement_skip"
ENV complement_run="$complement_run"
ENV complement_tests="$complement_tests"
ENV COMPLEMENT_HOSTNAME_RUNNING_COMPLEMENT="host.docker.internal"
ENV COMPLEMENT_HOST_MOUNTS="/var/run/docker.sock:/var/run/docker.sock"
WORKDIR /usr/src/complement
COPY <<EOF valgrind.sh
env;
set -eux;
COMPLEMENT_BASE_IMAGE="\${1:-$complement_base_image}"
go test
-shuffle="${complement_shuffle}"
-parallel="${complement_parallel}"
-timeout="${complement_timeout}"
-count="${complement_count}"
-tags="${complement_tags}"
-skip="${complement_skip}"
-run="${complement_run}"
"${complement_tests}"
EOF
RUN echo $(tr -d '\n' < valgrind.sh) > valgrind.sh
ENTRYPOINT ["/bin/bash", "/usr/src/complement/valgrind.sh"]

63
docker/Dockerfile.cookware Normal file
View File

@@ -0,0 +1,63 @@
# syntax = docker/dockerfile:1.11-labs
FROM input AS cookware
ARG rust_toolchain
ARG RUSTUP_HOME
ARG CARGO_HOME
ARG CARGO_TARGET
ARG rustup_version="1.28.1"
WORKDIR /opt
RUN \
--mount=type=cache,dst=${RUSTUP_HOME},sharing=locked \
--mount=type=cache,dst=${CARGO_HOME},sharing=locked \
<<EOF
env
set -eux
url="https://static.rust-lang.org/rustup/archive/${rustup_version}/${CARGO_TARGET}/rustup-init"
curl -S -O -s "$url"
chmod o+x rustup-init
./rustup-init -y \
--verbose \
--profile minimal \
--no-modify-path \
--no-update-default-toolchain \
--default-host ${CARGO_TARGET} \
--default-toolchain ${rust_toolchain}
chmod -R go+rw $CARGO_HOME $RUSTUP_HOME
rm rustup-init
EOF
ENV PATH="${CARGO_HOME}/bin:$PATH"
RUN \
--mount=type=cache,dst=${RUSTUP_HOME},sharing=locked \
--mount=type=cache,dst=${CARGO_HOME},sharing=locked \
<<EOF
env
set -eux
rustup component add \
--toolchain ${rust_toolchain} \
--target ${CARGO_TARGET} \
clippy
EOF
FROM input AS chef
ARG rust_toolchain
ARG RUSTUP_HOME
ARG CARGO_HOME
ARG CARGO_TARGET
RUN \
--mount=type=cache,dst=${RUSTUP_HOME},sharing=locked \
--mount=type=cache,dst=${CARGO_HOME},sharing=locked \
<<EOF
env
set -eux
rustup run --install ${rust_toolchain} \
cargo install \
--locked \
--target ${CARGO_TARGET} \
cargo-chef
EOF

47
docker/Dockerfile.deps Normal file
View File

@@ -0,0 +1,47 @@
# syntax = docker/dockerfile:1.11-labs
FROM input AS deps
ARG sys_target
ARG rust_toolchain
ARG RUSTUP_HOME
ARG CARGO_HOME
ARG CARGO_TARGET
ARG CARGO_TARGET_DIR
ARG cargo_profile
ARG cargo_features
ARG cook_args
ARG git_checkout
WORKDIR /usr/lib/${sys_target}
COPY --from=rocksdb . .
WORKDIR /usr/src/tuwunel
COPY --link --from=recipe recipe.json .
RUN \
--mount=type=cache,dst=${RUSTUP_HOME},sharing=locked \
--mount=type=cache,dst=${CARGO_HOME},sharing=locked \
--mount=type=cache,dst=${CARGO_TARGET_DIR},sharing=locked \
<<EOF
env
set -eux
rustup run ${rust_toolchain} \
cargo chef cook ${cook_args} \
--frozen \
--workspace \
--no-default-features \
--features "${cargo_features}" \
--profile "${cargo_profile}" \
--target "${CARGO_TARGET}" \
--target-dir "${CARGO_TARGET_DIR}" \
--manifest-path Cargo.toml \
--recipe-path recipe.json
# If this image is further reused with other cargo commands, all
# modifications made by cargo chef cook outside of target-dir have to be
# cleared. If not, resulting build artifacts will link incorrectly, even
# without error. For example, a target executable may be produced which
# does nothing except exit(0). If you have observed a smoketest failing in
# such a manner, investigate this as a cause of the issue.
git restore -W -S --source=${git_checkout} .
EOF

53
docker/Dockerfile.diner Normal file
View File

@@ -0,0 +1,53 @@
# syntax = docker/dockerfile:1.11-labs
ARG sys_name=debian
ARG sys_version=testing-slim
FROM ${sys_name}:${sys_version} AS system
FROM input AS diner
ARG var_cache
ARG var_lib_apt
ARG packages
ENV packages="ca-certificates ${packages}"
RUN \
--mount=type=cache,dst=${var_cache},sharing=locked \
--mount=type=cache,dst=${var_lib_apt},sharing=locked \
<<EOF
echo $(uname -a) $0 $-
set -eux
keep_downloaded='Binary::apt::APT::Keep-Downloaded-Packages "true";'
echo "$keep_downloaded" > /etc/apt/apt.conf.d/keep-downloaded
rm -f /etc/apt/apt.conf.d/docker-clean
apt-get -y -U install --no-install-recommends ${packages}
EOF
FROM input AS valgrind
ARG var_cache
ARG var_lib_apt
RUN \
--mount=type=cache,dst=${var_cache},sharing=locked \
--mount=type=cache,dst=${var_lib_apt},sharing=locked \
<<EOF
set -eux
apt-get -y -U install --no-install-recommends valgrind
EOF
FROM input AS perf
ARG var_cache
ARG var_lib_apt
RUN \
--mount=type=cache,dst=${var_cache},sharing=locked \
--mount=type=cache,dst=${var_lib_apt},sharing=locked \
<<EOF
set -eux
apt-get -y -U install --no-install-recommends perf-tools-unstable
EOF

83
docker/Dockerfile.ingredients Normal file
View File

@@ -0,0 +1,83 @@
# syntax = docker/dockerfile:1.11-labs
FROM input AS source
ARG git_checkout
ADD --keep-git-dir . /usr/src/tuwunel
WORKDIR /usr/src/tuwunel
RUN <<EOF
env
set -eux
git reset \
--hard \
--no-recurse-submodules \
${git_checkout}
EOF
FROM input AS ingredients
ARG sys_target
ARG rust_toolchain
ARG RUSTUP_HOME
ARG CARGO_HOME
ARG CARGO_TARGET
ARG CARGO_TARGET_DIR
WORKDIR /usr/src/tuwunel
COPY --link --from=source /usr/src/tuwunel .
RUN \
--mount=type=cache,dst=${RUSTUP_HOME},sharing=locked \
--mount=type=cache,dst=${CARGO_HOME},sharing=locked \
--mount=type=cache,dst=${CARGO_TARGET_DIR},sharing=locked \
<<EOF
env
set -eux
git submodule update \
--remote \
--no-fetch \
--recursive \
--checkout \
--init
rustup run ${rust_toolchain} \
cargo fetch \
--locked \
--target ${CARGO_TARGET}
EOF
FROM input AS preparing
ARG rust_toolchain
ARG RUSTUP_HOME
ARG CARGO_HOME
ARG CARGO_TARGET
ARG CARGO_TARGET_DIR
WORKDIR /usr/src/tuwunel
RUN \
--mount=type=cache,dst=${RUSTUP_HOME},sharing=locked \
--mount=type=cache,dst=${CARGO_HOME},sharing=locked \
--mount=type=cache,dst=${CARGO_TARGET_DIR},sharing=locked \
<<EOF
env
set -euxo pipefail
rustup run ${rust_toolchain} \
cargo chef prepare \
--recipe-path recipe.json
manifest="Cargo.toml"
package="rust-librocksdb-sys"
cmd="cargo tree --manifest-path ${manifest} -f {r} -p ${package}"
url="$(rustup run ${rust_toolchain} ${cmd} | head -n 1)"
echo "$url" > rocksdb.url
sha1sum recipe.json rocksdb.url
EOF
FROM scratch AS recipe
WORKDIR /
COPY --from=preparing /usr/src/tuwunel/recipe.json .
COPY --from=preparing /usr/src/tuwunel/rocksdb.url .

75
docker/Dockerfile.install Normal file
View File

@@ -0,0 +1,75 @@
# syntax = docker/dockerfile:1.11-labs
FROM input AS installer
ARG sys_target
ARG rust_toolchain
ARG RUSTUP_HOME
ARG CARGO_HOME
ARG CARGO_TARGET
ARG CARGO_TARGET_DIR
ARG cargo_profile
ARG cargo_features
ARG cargo_args=""
ARG crate_path="src/main"
ARG crate_ident=""
ARG install_temp="/usr/src/tuwunel/install"
WORKDIR /usr/lib/${sys_target}
COPY --link --from=rocksdb . .
WORKDIR /usr/src/tuwunel
RUN \
--mount=type=cache,dst=${RUSTUP_HOME},sharing=locked \
--mount=type=cache,dst=${CARGO_HOME},sharing=locked \
--mount=type=cache,dst=${CARGO_TARGET_DIR},sharing=shared \
<<EOF
env
set -eux
case "$cargo_profile" in
"dev") profile_dir="debug";;
"test") profile_dir="debug";;
"release") profile_dir="release";;
"bench") profile_dir="release";;
*) profile_dir="$cargp_profile";;
esac
rustup run ${rust_toolchain} \
cargo install \
--locked \
--no-track \
--no-default-features \
--features "${cargo_features}" \
--profile "${cargo_profile}" \
--target "${CARGO_TARGET}" \
--target-dir "${CARGO_TARGET_DIR}" \
--root "${install_temp}" \
--path "${crate_path}" \
${cargo_args} \
${crate_ident}
EOF
RUN [ -f "${install_temp}/bin/tuwunel" ]
FROM input AS install
ARG sys_target
ARG CARGO_INSTALL_ROOT
ARG install_temp="/usr/src/tuwunel/install"
WORKDIR /usr/lib/${sys_target}
COPY --from=rocksdb --exclude=librocksdb.a . .
WORKDIR /
RUN \
--mount=type=bind,from=output,src=${install_temp},dst=/mnt/install \
<<EOF
env
set -eux
cp -ndR --preserve=all -t ${CARGO_INSTALL_ROOT} /mnt/install/*
EOF
ENV bin_path="${CARGO_INSTALL_ROOT}/bin/tuwunel"
RUN <<EOF
set -eux
ldd -v ${bin_path}
du -h ${bin_path}
sha1sum ${bin_path}
EOF

30
docker/Dockerfile.kitchen Normal file
View File

@@ -0,0 +1,30 @@
# syntax = docker/dockerfile:1.11-labs
FROM input AS kitchen
ARG var_cache
ARG var_lib_apt
ARG packages
ENV DEBIAN_FRONTEND="noninteractive"
ENV packages="\
bzip2 \
ca-certificates \
clang \
cmake \
curl \
git \
libc6-dev \
make \
pkg-config \
pkgconf \
xz-utils \
${packages} \
"
RUN \
--mount=type=cache,dst=${var_cache},sharing=locked \
--mount=type=cache,dst=${var_lib_apt},sharing=locked \
<<EOF
set -eux
apt-get -y -U install --no-install-recommends ${packages}
EOF

77
docker/Dockerfile.rocksdb Normal file
View File

@@ -0,0 +1,77 @@
# syntax = docker/dockerfile:1.11-labs
FROM input AS rocksdb-fetch
WORKDIR /usr/src
COPY --link --from=recipe rocksdb.url .
RUN <<EOF
set -eux
submodule="librocksdb-sys/rocksdb"
url="$(cat rocksdb.url)"
git clone \
--depth 1 \
--recurse-submodules="${submodule}" \
"${url}" \
/usr/src/rocksdb
EOF
FROM input AS rocksdb-build
ARG rocksdb_shared=0
ARG rocksdb_portable=1
ARG rocksdb_opt_level="3"
ARG rocksdb_build_type="Release"
ARG rocksdb_cxx_flags="-ftls-model=initial-exec"
ARG rocksdb_make_verbose="ON"
ARG rocksdb_make_rule_messages="OFF"
ARG rocksdb_jemalloc=1
ARG rocksdb_iouring=1
ARG rocksdb_zstd=1
ARG rocksdb_lz4=0
ARG rocksdb_bz2=0
ARG rocksdb_zlib=0
ARG rocksdb_snappy=0
ARG nprocs
ENV CC="clang"
ENV CXX="clang++"
WORKDIR /usr/src/rocksdb/librocksdb-sys/rocksdb
ENV nprocs=${nprocs}
RUN <<EOF
set -eux
LDFLAGS="-Wl,--strip-all" \
cmake -H. -Bbuild \
"-DCMAKE_RULE_MESSAGES:BOOL=${rocksdb_make_rule_messages}" \
"-DCMAKE_VERBOSE_MAKEFILE:BOOL=${rocksdb_make_verbose}" \
"-DCMAKE_BUILD_TYPE=${rocksdb_build_type}" \
"-DBUILD_SHARED_LIBS=${rocksdb_shared}" \
"-DCMAKE_CXX_FLAGS:STRING=${rocksdb_cxx_flags}" \
"-DCMAKE_CXX_FLAGS_RELEASE:STRING=-g0 -O${rocksdb_opt_level}" \
"-DPORTABLE=${rocksdb_portable}" \
"-DFAIL_ON_WARNINGS=0" \
"-DUSE_RTTI=1" \
"-DWITH_JNI=0" \
"-DWITH_BENCHMARK_TOOLS=0" \
"-DWITH_TRACE_TOOLS=0" \
"-DWITH_CORE_TOOLS=0" \
"-DWITH_TOOLS=0" \
"-DWITH_TESTS=0" \
"-DWITH_GFLAGS=0" \
"-DWITH_LIBURING=${rocksdb_iouring}" \
"-DWITH_JEMALLOC=${rocksdb_jemalloc}" \
"-DWITH_ZSTD=${rocksdb_zstd}" \
"-DWITH_LZ4=${rocksdb_lz4}" \
"-DWITH_BZ2=${rocksdb_bz2}" \
"-DWITH_ZLIB=${rocksdb_zlib}" \
"-DWITH_SNAPPY=${rocksdb_snappy}"
nprocs=${nprocs:=$(nproc)}
cmake \
--build build \
--target install \
--parallel ${nprocs}
EOF
FROM scratch AS rocksdb
COPY --from=input /usr/src/rocksdb/librocksdb-sys/rocksdb/build/librocksdb.* .

69
docker/Dockerfile.smoketest Normal file
View File

@@ -0,0 +1,69 @@
# syntax = docker/dockerfile:1.11-labs
FROM input AS smoketest-version
RUN <<EOF
set -eux
tuwunel -V
version=$(tuwunel -V)
/bin/test -n "$version"
EOF
FROM input AS smoketest-startup
ENV TUWUNEL_LOG="info"
ENV TUWUNEL_DATABASE_PATH="/tmp/smoketest.db"
RUN <<EOF
set -eux
tuwunel \
-Otest='["smoke"]' \
-Oserver_name=\"localhost\" \
-Odatabase_path=\"${TUWUNEL_DATABASE_PATH}\"
rm -rf "${TUWUNEL_DATABASE_PATH}"
EOF
FROM input AS smoketest-valgrind
WORKDIR /
COPY --link --from=valgrind . .
ENV TUWUNEL_LOG="info"
ENV TUWUNEL_DATABASE_PATH="/tmp/smoketest.db"
RUN <<EOF
set -eux
valgrind \
--leak-check=no \
--undef-value-errors=no \
--exit-on-first-error=yes \
--error-exitcode=1 \
tuwunel \
-Otest='["smoke"]' \
-Oserver_name=\"localhost\" \
-Odatabase_path=\"${TUWUNEL_DATABASE_PATH}\"
rm -rf "${TUWUNEL_DATABASE_PATH}"
EOF
FROM input AS smoketest-perf
WORKDIR /
COPY --link --from=perf . .
ENV TUWUNEL_LOG="error"
ENV TUWUNEL_DATABASE_PATH="/tmp/smoketest.db"
RUN <<EOF
set -eux
perf stat \
-j \
-ddd \
tuwunel \
-Otest='["smoke"]' \
-Oserver_name=\"localhost\" \
-Odatabase_path=\"${TUWUNEL_DATABASE_PATH}\"
rm -rf "${TUWUNEL_DATABASE_PATH}"
EOF

1188
docker/bake.hcl Normal file
View File

File diff suppressed because it is too large Load Diff

118
docker/bake.sh Executable file
View File

@@ -0,0 +1,118 @@
#!/bin/bash
set -eo pipefail
default_docker_id="jevolk/tuwunel"
docker_id=${docker_id:=$default_docker_id}
docker_acct=${docker_acct:=$(echo $docker_id | cut -d"/" -f1)}
docker_repo=${docker_repo:=$(echo $docker_id | cut -d"/" -f2)}
CI="${CI:-true}"
BASEDIR=$(dirname "$0")
default_cargo_profiles='["test", "bench"]'
default_feat_sets='["none", "default", "all"]'
default_rust_toolchains='["nightly", "stable"]'
default_rust_targets='["x86_64-unknown-linux-gnu"]'
default_sys_names='["debian"]'
default_sys_targets='["x86_64-linux-gnu"]'
default_sys_versions='["testing-slim"]'
if test ! -z "$cargo_profile"; then
env_cargo_profiles="[\"${cargo_profile}\"]"
fi
if test ! -z "$feat_set"; then
env_feat_sets="[\"${feat_set}\"]"
fi
if test ! -z "$rust_target"; then
env_rust_targets="[\"${rust_target}\"]"
fi
if test ! -z "$rust_toolchain"; then
env_rust_toolchains="[\"${rust_toolchain}\"]"
fi
if test ! -z "$sys_name"; then
env_sys_name="[\"${sys_name}\"]"
fi
if test ! -z "$sys_target"; then
env_sys_target="[\"${sys_target}\"]"
fi
if test ! -z "$sys_version"; then
env_sys_version="[\"${sys_version}\"]"
fi
set -a
bake_target="${bake_target:-$@}"
cargo_profiles="${env_cargo_profiles:-$default_cargo_profiles}"
feat_sets="${env_feat_sets:-$default_feat_sets}"
rust_targets="${env_rust_targets:-$default_rust_targets}"
rust_toolchains="${env_rust_toolchains:-$default_rust_toolchains}"
sys_names="${env_sys_names:-$default_sys_names}"
sys_targets="${env_sys_targets:-$default_sys_targets}"
sys_versions="${env_sys_versions:-$default_sys_versions}"
runner_name=$(echo $RUNNER_NAME | cut -d"." -f1)
runner_num=$(echo $RUNNER_NAME | cut -d"." -f2)
rocksdb_opt_level=3
rocksdb_portable=1
git_checkout="HEAD"
use_chef="true"
complement_count=1
complement_skip="TestPartialStateJoin.*"
complement_skip="${complement_skip}|TestRoomDeleteAlias/Pa.*/Can_delete_canonical_alias"
complement_skip="${complement_skip}|TestUnbanViaInvite.*"
complement_skip="${complement_skip}|TestRoomDeleteAlias/Pa.*/Regular_users_can_add_and_delete_aliases_when.*"
complement_skip="${complement_skip}|TestToDeviceMessagesOverFederation/stopped_server"
complement_run=".*"
set +a
###############################################################################
export DOCKER_BUILDKIT=1
if test "$CI" = "true"; then
export BUILDKIT_PROGRESS="plain"
echo "plain"
fi
uwu_docker_build_args=""
args="$uwu_docker_build_args"
args="$args --builder owo"
args="$args --set *.platform=${sys_platform}"
if test ! -z "$runner_num"; then
#cpu_num=$(expr $runner_num % $(nproc))
#args="$args --cpuset-cpus=${cpu_num}"
#args="$args --set *.args.nprocs=1"
# https://github.com/moby/buildkit/issues/1276
:
else
nprocs=$(nproc)
args="$args --set *.args.nprocs=${nprocs}"
:
fi
trap 'set +x; date; echo -e "\033[1;41;37mFAIL\033[0m"' ERR
env
date
arg="$args -f $BASEDIR/bake.hcl"
if test "$BUILDKIT_PROGRESS" = "plain"; then
echo "PRINTING"
docker buildx bake --print $arg $bake_target
fi
if test "$NO_BAKE" = "1"; then
exit 0
fi
trap '' ERR
set -ux
docker buildx bake $arg $bake_target
set +x
echo -e "\033[1;42;37mPASS\033[0m"

31
docker/run.sh Executable file
View File

@@ -0,0 +1,31 @@
#!/bin/bash
set -eo pipefail
default_uwu_id="jevolk/tuwunel"
uwu_id=${uwu_id:=$default_uwu_id}
uwu_acct=${uwu_acct:=$(echo $uwu_id | cut -d"/" -f1)}
uwu_repo=${uwu_repo:=$(echo $uwu_id | cut -d"/" -f2)}
CI="${CI:-0}"
BASEDIR=$(dirname "$0")
runner_name=$(echo $RUNNER_NAME | cut -d"." -f1)
runner_num=$(echo $RUNNER_NAME | cut -d"." -f2)
###############################################################################
tester_image="complement-tester--none--debian--testing-slim--x86_64-linux-gnu"
testee_image="complement-testee--test--nightly--x86_64-unknown-linux-gnu--none--debian--testing-slim--x86_64-linux-gnu"
name="complement_tester_nightly"
sock="/var/run/docker.sock"
arg="--rm --name $name -v $sock:$sock --network=host $tester_image ${testee_image}"
trap 'set +x; date; echo -e "\033[1;41;37mFAIL\033[0m"' ERR
date
env
set -x -e
cid=$(docker run -d $arg)
set +x
trap 'docker container stop $cid; set +x; date; echo -e "\033[1;41;37mFAIL\033[0m"' INT
docker wait "$cid" 2>/dev/null
echo -e "\033[1;42;37mPASS\033[0m"

4
tests/test_results/complement/test_results.jsonl
View File

@@ -502,6 +502,7 @@
{"Action":"pass","Test":"TestRoomDeleteAlias/Parallel/Deleting_a_non-existent_alias_should_return_a_404"} {"Action":"pass","Test":"TestRoomDeleteAlias/Parallel/Deleting_a_non-existent_alias_should_return_a_404"}
{"Action":"pass","Test":"TestRoomDeleteAlias/Parallel/Regular_users_can_add_and_delete_aliases_in_the_default_room_configuration"} {"Action":"pass","Test":"TestRoomDeleteAlias/Parallel/Regular_users_can_add_and_delete_aliases_in_the_default_room_configuration"}
{"Action":"pass","Test":"TestRoomDeleteAlias/Parallel/Users_can't_delete_other's_aliases"} {"Action":"pass","Test":"TestRoomDeleteAlias/Parallel/Users_can't_delete_other's_aliases"}
{"Action":"pass","Test":"TestRoomDeleteAlias/Parallel/Users_with_sufficient_power-level_can_delete_other's_aliases"}
{"Action":"fail","Test":"TestRoomForget"} {"Action":"fail","Test":"TestRoomForget"}
{"Action":"fail","Test":"TestRoomForget/Parallel"} {"Action":"fail","Test":"TestRoomForget/Parallel"}
{"Action":"pass","Test":"TestRoomForget/Parallel/Can't_forget_room_you're_still_in"} {"Action":"pass","Test":"TestRoomForget/Parallel/Can't_forget_room_you're_still_in"}
@@ -606,10 +607,9 @@
{"Action":"fail","Test":"TestThreadedReceipts"} {"Action":"fail","Test":"TestThreadedReceipts"}
{"Action":"fail","Test":"TestThreadsEndpoint"} {"Action":"fail","Test":"TestThreadsEndpoint"}
{"Action":"pass","Test":"TestToDeviceMessages"} {"Action":"pass","Test":"TestToDeviceMessages"}
{"Action":"fail","Test":"TestToDeviceMessagesOverFederation"} {"Action":"pass","Test":"TestToDeviceMessagesOverFederation"}
{"Action":"pass","Test":"TestToDeviceMessagesOverFederation/good_connectivity"} {"Action":"pass","Test":"TestToDeviceMessagesOverFederation/good_connectivity"}
{"Action":"pass","Test":"TestToDeviceMessagesOverFederation/interrupted_connectivity"} {"Action":"pass","Test":"TestToDeviceMessagesOverFederation/interrupted_connectivity"}
{"Action":"fail","Test":"TestToDeviceMessagesOverFederation/stopped_server"}
{"Action":"fail","Test":"TestTxnIdWithRefreshToken"} {"Action":"fail","Test":"TestTxnIdWithRefreshToken"}
{"Action":"fail","Test":"TestTxnIdempotency"} {"Action":"fail","Test":"TestTxnIdempotency"}
{"Action":"pass","Test":"TestTxnIdempotencyScopedToDevice"} {"Action":"pass","Test":"TestTxnIdempotencyScopedToDevice"}