ci: Use a self hosted runner

This change speeds up our current CI pipeline by a lot (20min -> 2min). We are using a self hosted S3 cache on hetzner and a single large server, also hosted on S3. The main reason our old CI system was slow is that we have a large amount of toolchains that are not installed by default on the github runners. That means that every job in the CI has to download about 10Gb of data, just for the toolchains. The new system is way faster, we have a single server with nix installed. On this server there are multiple github runners. Each of them share a single nix store. They also share the gradle caches in the home directory. The build artifacts are cached to S3 which is both local and cheap. Signed-off-by: Felix Hilgers <[email protected]>
amosproj · Dec 2, 2024 · f6579ff · f6579ff
1 parent f99c529
commit f6579ff
Show file tree

Hide file tree

Showing 5 changed files with 154 additions and 98 deletions.
diff --git a/.github/actions/setup-gradle-cache/action.yml b/.github/actions/setup-gradle-cache/action.yml
@@ -5,10 +5,27 @@
 name: "Setup Gradle Cache"
 description: "Sets up a cache for Gradle builds"
 
+inputs:
+  accessKey:
+    required: true
+  secretKey:
+    required: true
+
 runs:
   using: "composite"
   steps:
-    - name: Set up Gradle cache
-      uses: burrunan/gradle-cache-action@v1
+    - uses: tespkg/actions-cache@v1
       with:
-        build-root-directory: frontend
+        path: |
+          frontend/.gradle
+          frontend/app/build
+          frontend/client/build
+          frontend/build
+        key: ${{ github.repository }}-${{ runner.os }}-gradle-${{ github.job }}-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }}
+        restore-keys: |
+          ${{ github.repository }}-${{ runner.os }}-gradle-
+        bucket: actions-cache
+        accessKey: ${{ inputs.accessKey }}
+        secretKey: ${{ inputs.secretKey }}
+        endpoint: nbg1.your-objectstorage.com
+        use-fallback: false
diff --git a/.github/actions/setup-rust-cache/action.yml b/.github/actions/setup-rust-cache/action.yml
@@ -5,10 +5,26 @@
 name: "Setup Rust"
 description: "Sets up a rust action"
 
+inputs:
+  accessKey:
+    required: true
+  secretKey:
+    required: true
+  cacheKey:
+    required: false
+
 runs:
   using: "composite"
   steps:
-    - name: Set up Rust cache
-      uses: Swatinem/rust-cache@v2
+    - uses: tespkg/actions-cache@v1
       with:
-        workspaces: "rust -> rust/target"
+        path: |
+          rust/target
+        key: ${{ github.repository }}-${{ runner.os }}-cargo-${{ github.job }}-${{ inputs.cacheKey }}-${{ hashFiles('**/Cargo.lock') }}
+        restore-keys: |
+          ${{ github.repository }}-${{ runner.os }}-cargo-${{ github.job }}-${{ inputs.cacheKey }}-
+        bucket: actions-cache
+        accessKey: ${{ inputs.accessKey }}
+        secretKey: ${{ inputs.secretKey }}
+        endpoint: nbg1.your-objectstorage.com
+        use-fallback: false
diff --git a/.github/workflows/lint_build_test.yml b/.github/workflows/lint_build_test.yml
diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml
@@ -0,0 +1,113 @@
+# SPDX-FileCopyrightText: 2024 Felix Hilgers <[email protected]>
+#
+# SPDX-License-Identifier: MIT
+
+name: PR
+
+on:
+  workflow_dispatch:
+  pull_request:
+    branches: [main, dev]
+
+env:
+  RUSTFLAGS: "-Dwarnings"
+  CARGO_INCREMENTAL: 0
+
+jobs:
+
+  reuse-lint:
+    name: Reuse Lint
+    runs-on: self-hosted
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Reuse Lint
+        run: nix develop --command reuse lint
+
+  sbom:
+    name: Generate Sbom
+    runs-on: self-hosted
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Generate Sbom
+        run: nix develop --command python utils/generate_sbom.py
+
+  rust-lint:
+    name: Rust Lint
+    runs-on: self-hosted
+    needs: [reuse-lint]
+
+    steps:
+      - uses: actions/checkout@v4
+      - uses: ./.github/actions/setup-rust-cache
+        with:
+          accessKey: ${{ secrets.CACHE_ACCESS_KEY }}
+          secretKey: ${{ secrets.CACHE_SECRET_KEY }}
+
+      - name: Cargo Clippy
+        run: | 
+          cd rust
+          nix develop --command cargo clippy --all-targets --all-features
+  
+  rust-test:
+    name: Rust Tests
+    runs-on: self-hosted
+    needs: [rust-lint]
+
+    steps:
+      - uses: actions/checkout@v4
+      - uses: ./.github/actions/setup-rust-cache
+        with:
+          accessKey: ${{ secrets.CACHE_ACCESS_KEY }}
+          secretKey: ${{ secrets.CACHE_SECRET_KEY }}
+
+      - name: Cargo test
+        run: | 
+          cd rust
+          nix develop --command cargo test --workspace --all-targets --all-features --exclude backend-daemon
+
+  rust-build:
+    name: Rust Build
+    runs-on: self-hosted
+    needs: [rust-test]
+    strategy:
+      matrix:
+        target: [arm64-v8a, x86_64]
+
+    steps:
+      - uses: actions/checkout@v4
+      - uses: ./.github/actions/setup-rust-cache
+        with:
+          accessKey: ${{ secrets.CACHE_ACCESS_KEY }}
+          secretKey: ${{ secrets.CACHE_SECRET_KEY }}
+          cacheKey: ${{ matrix.target }}
+
+      - name: Cargo Build Daemon ${{ matrix.target }}
+        run: | 
+          cd rust
+          nix develop --command cargo ndk --target ${{ matrix.target }} build --package backend-daemon --package client
+
+
+  gradle-build:
+    name: Gradle Build
+    runs-on: self-hosted
+    needs: [reuse-lint]
+
+    steps:
+      - uses: actions/checkout@v4
+      - uses: ./.github/actions/setup-rust-cache
+        with:
+          accessKey: ${{ secrets.CACHE_ACCESS_KEY }}
+          secretKey: ${{ secrets.CACHE_SECRET_KEY }}      
+      - uses: ./.github/actions/setup-gradle-cache
+        with:
+          accessKey: ${{ secrets.CACHE_ACCESS_KEY }}
+          secretKey: ${{ secrets.CACHE_SECRET_KEY }}
+
+      - name: Gradle Lint
+        run: | 
+          cd frontend
+          nix develop --command ./gradlew build --no-daemon --parallel
diff --git a/flake.nix b/flake.nix
@@ -185,6 +185,7 @@
 
           toolsDevShell = pkgs.mkShell {
             packages = packageGroups.combined;
+            ANDROID_NDK_TOOLCHAIN_DIR = "${(pkgs.androidSdk (_: packageGroups.sdkPkgs))}/share/android-sdk/ndk";
           };
 
           generateSbom =
@@ -199,7 +200,7 @@
             '';
 
           rustCiPreamble = ''
-            export PATH=${pkgs.lib.makeBinPath (with pkgs; [ protobuf clang cargo-ndk bpf-linker ] ++ packageGroups.rustPkgs)}:$PATH
+            export PATH=${pkgs.lib.makeBinPath (with pkgs; [ protobuf clang cargo-ndk bpf-linker python3 ] ++ packageGroups.rustPkgs)}:$PATH
             set -euo pipefail
           '';
           frontendCiPreamble =