From f6579ffd5feec19250f483c548302430b710084e Mon Sep 17 00:00:00 2001
From: Felix Hilgers <felix.hilgers@fau.de>
Date: Wed, 6 Nov 2024 11:34:53 +0100
Subject: [PATCH] ci: Use a self hosted runner

This change speeds up our current CI pipeline by a lot (20min -> 2min).

We are using a self hosted S3 cache on hetzner and a single large
server, also hosted on S3.

The main reason our old CI system was slow is that we have a large
amount of toolchains that are not installed by default on the github
runners. That means that every job in the CI has to download about 10Gb
of data, just for the toolchains.

The new system is way faster, we have a single server with nix
installed. On this server there are multiple github runners. Each of
them share a single nix store. They also share the gradle caches in the
home directory.

The build artifacts are cached to S3 which is both local and cheap.

Signed-off-by: Felix Hilgers <felix.hilgers@fau.de>
---
 .github/actions/setup-gradle-cache/action.yml |  23 +++-
 .github/actions/setup-rust-cache/action.yml   |  22 +++-
 .github/workflows/lint_build_test.yml         |  91 --------------
 .github/workflows/pull_request.yml            | 113 ++++++++++++++++++
 flake.nix                                     |   3 +-
 5 files changed, 154 insertions(+), 98 deletions(-)
 delete mode 100644 .github/workflows/lint_build_test.yml
 create mode 100644 .github/workflows/pull_request.yml

diff --git a/.github/actions/setup-gradle-cache/action.yml b/.github/actions/setup-gradle-cache/action.yml
index efa3fbb2..f120d828 100644
--- a/.github/actions/setup-gradle-cache/action.yml
+++ b/.github/actions/setup-gradle-cache/action.yml
@@ -5,10 +5,27 @@
 name: "Setup Gradle Cache"
 description: "Sets up a cache for Gradle builds"
 
+inputs:
+  accessKey:
+    required: true
+  secretKey:
+    required: true
+
 runs:
   using: "composite"
   steps:
-    - name: Set up Gradle cache
-      uses: burrunan/gradle-cache-action@v1
+    - uses: tespkg/actions-cache@v1
       with:
-        build-root-directory: frontend
\ No newline at end of file
+        path: |
+          frontend/.gradle
+          frontend/app/build
+          frontend/client/build
+          frontend/build
+        key: ${{ github.repository }}-${{ runner.os }}-gradle-${{ github.job }}-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }}
+        restore-keys: |
+          ${{ github.repository }}-${{ runner.os }}-gradle-
+        bucket: actions-cache
+        accessKey: ${{ inputs.accessKey }}
+        secretKey: ${{ inputs.secretKey }}
+        endpoint: nbg1.your-objectstorage.com
+        use-fallback: false
\ No newline at end of file
diff --git a/.github/actions/setup-rust-cache/action.yml b/.github/actions/setup-rust-cache/action.yml
index cfa96158..61c150a1 100644
--- a/.github/actions/setup-rust-cache/action.yml
+++ b/.github/actions/setup-rust-cache/action.yml
@@ -5,10 +5,26 @@
 name: "Setup Rust"
 description: "Sets up a rust action"
 
+inputs:
+  accessKey:
+    required: true
+  secretKey:
+    required: true
+  cacheKey:
+    required: false
+
 runs:
   using: "composite"
   steps:
-    - name: Set up Rust cache
-      uses: Swatinem/rust-cache@v2
+    - uses: tespkg/actions-cache@v1
       with:
-        workspaces: "rust -> rust/target"
\ No newline at end of file
+        path: |
+          rust/target
+        key: ${{ github.repository }}-${{ runner.os }}-cargo-${{ github.job }}-${{ inputs.cacheKey }}-${{ hashFiles('**/Cargo.lock') }}
+        restore-keys: |
+          ${{ github.repository }}-${{ runner.os }}-cargo-${{ github.job }}-${{ inputs.cacheKey }}-
+        bucket: actions-cache
+        accessKey: ${{ inputs.accessKey }}
+        secretKey: ${{ inputs.secretKey }}
+        endpoint: nbg1.your-objectstorage.com
+        use-fallback: false
\ No newline at end of file
diff --git a/.github/workflows/lint_build_test.yml b/.github/workflows/lint_build_test.yml
deleted file mode 100644
index 5097e01e..00000000
--- a/.github/workflows/lint_build_test.yml
+++ /dev/null
@@ -1,91 +0,0 @@
-# SPDX-FileCopyrightText: 2024 Felix Hilgers <felix.hilgers@fau.de>
-#
-# SPDX-License-Identifier: MIT
-
-name: Lint, Build, Test
-
-on:
-  pull_request:
-  push:
-    branches:
-      - dev
-  workflow_dispatch:
-
-jobs:
-  
-  reuse-lint:
-    name: Reuse Lint
-    runs-on: ubuntu-24.04
-
-    steps:
-      - uses: actions/checkout@v4
-      - uses: ./.github/actions/setup-base
-
-      - name: Lint
-        run: nix run .#reuseLint
-
-  documentation:
-    name: Build Documentation
-    runs-on: ubuntu-24.04
-
-    steps:
-      - uses: actions/checkout@v4
-      - uses: ./.github/actions/setup-base
-
-      - name: Asciidoctor
-        run: |
-          nix develop --command \
-            asciidoctor -r asciidoctor-diagram Documentation/asciidoc/main.adoc -o index.html
-        
-  gradle-lint:
-    name: Gradle Lint
-    runs-on: ubuntu-24.04
-    needs: [reuse-lint]
-
-    steps:
-      - uses: actions/checkout@v4
-      - uses: ./.github/actions/setup-base
-      - uses: ./.github/actions/setup-gradle-cache
-        
-      - name: Lint
-        run: nix run .#gradleLint
-        
-    
-  rust-lint:
-    name: Rust Lint
-    runs-on: ubuntu-24.04
-    needs: [reuse-lint]
-
-    steps:
-      - uses: actions/checkout@v4
-      - uses: ./.github/actions/setup-base
-      - uses: ./.github/actions/setup-rust-cache
-        
-      - name: Lint
-        run: nix run .#rustLint
-        
-  gradle-build-test:
-    name: Gradle Test
-    runs-on: ubuntu-24.04
-    needs: gradle-lint
-
-    steps:
-      - uses: actions/checkout@v4
-      - uses: ./.github/actions/setup-base
-      - uses: ./.github/actions/setup-gradle-cache
-        
-      - name: Build and Test
-        run: nix run .#gradleTest
-        
-  rust-build-test:
-    name: Rust Test
-    runs-on: ubuntu-24.04
-    needs: rust-lint
-
-    steps:
-      - uses: actions/checkout@v4
-      - uses: ./.github/actions/setup-base
-      - uses: ./.github/actions/setup-rust-cache
-        
-      - name: Build and Test
-        run: nix run .#rustTest
diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml
new file mode 100644
index 00000000..a7bb3834
--- /dev/null
+++ b/.github/workflows/pull_request.yml
@@ -0,0 +1,113 @@
+# SPDX-FileCopyrightText: 2024 Felix Hilgers <felix.hilgers@fau.de>
+#
+# SPDX-License-Identifier: MIT
+
+name: PR
+
+on:
+  workflow_dispatch:
+  pull_request:
+    branches: [main, dev]
+
+env:
+  RUSTFLAGS: "-Dwarnings"
+  CARGO_INCREMENTAL: 0
+
+jobs:
+
+  reuse-lint:
+    name: Reuse Lint
+    runs-on: self-hosted
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Reuse Lint
+        run: nix develop --command reuse lint
+  
+  sbom:
+    name: Generate Sbom
+    runs-on: self-hosted
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Generate Sbom
+        run: nix develop --command python utils/generate_sbom.py
+  
+  rust-lint:
+    name: Rust Lint
+    runs-on: self-hosted
+    needs: [reuse-lint]
+
+    steps:
+      - uses: actions/checkout@v4
+      - uses: ./.github/actions/setup-rust-cache
+        with:
+          accessKey: ${{ secrets.CACHE_ACCESS_KEY }}
+          secretKey: ${{ secrets.CACHE_SECRET_KEY }}
+
+      - name: Cargo Clippy
+        run: | 
+          cd rust
+          nix develop --command cargo clippy --all-targets --all-features
+  
+  rust-test:
+    name: Rust Tests
+    runs-on: self-hosted
+    needs: [rust-lint]
+
+    steps:
+      - uses: actions/checkout@v4
+      - uses: ./.github/actions/setup-rust-cache
+        with:
+          accessKey: ${{ secrets.CACHE_ACCESS_KEY }}
+          secretKey: ${{ secrets.CACHE_SECRET_KEY }}
+
+      - name: Cargo test
+        run: | 
+          cd rust
+          nix develop --command cargo test --workspace --all-targets --all-features --exclude backend-daemon
+
+  rust-build:
+    name: Rust Build
+    runs-on: self-hosted
+    needs: [rust-test]
+    strategy:
+      matrix:
+        target: [arm64-v8a, x86_64]
+
+    steps:
+      - uses: actions/checkout@v4
+      - uses: ./.github/actions/setup-rust-cache
+        with:
+          accessKey: ${{ secrets.CACHE_ACCESS_KEY }}
+          secretKey: ${{ secrets.CACHE_SECRET_KEY }}
+          cacheKey: ${{ matrix.target }}
+
+      - name: Cargo Build Daemon ${{ matrix.target }}
+        run: | 
+          cd rust
+          nix develop --command cargo ndk --target ${{ matrix.target }} build --package backend-daemon --package client
+
+
+  gradle-build:
+    name: Gradle Build
+    runs-on: self-hosted
+    needs: [reuse-lint]
+
+    steps:
+      - uses: actions/checkout@v4
+      - uses: ./.github/actions/setup-rust-cache
+        with:
+          accessKey: ${{ secrets.CACHE_ACCESS_KEY }}
+          secretKey: ${{ secrets.CACHE_SECRET_KEY }}      
+      - uses: ./.github/actions/setup-gradle-cache
+        with:
+          accessKey: ${{ secrets.CACHE_ACCESS_KEY }}
+          secretKey: ${{ secrets.CACHE_SECRET_KEY }}
+      
+      - name: Gradle Lint
+        run: | 
+          cd frontend
+          nix develop --command ./gradlew build --no-daemon --parallel
diff --git a/flake.nix b/flake.nix
index 7cffe910..84bd4891 100644
--- a/flake.nix
+++ b/flake.nix
@@ -185,6 +185,7 @@
 
           toolsDevShell = pkgs.mkShell {
             packages = packageGroups.combined;
+            ANDROID_NDK_TOOLCHAIN_DIR = "${(pkgs.androidSdk (_: packageGroups.sdkPkgs))}/share/android-sdk/ndk";
           };
 
           generateSbom =
@@ -199,7 +200,7 @@
             '';
 
           rustCiPreamble = ''
-            export PATH=${pkgs.lib.makeBinPath (with pkgs; [ protobuf clang cargo-ndk bpf-linker ] ++ packageGroups.rustPkgs)}:$PATH
+            export PATH=${pkgs.lib.makeBinPath (with pkgs; [ protobuf clang cargo-ndk bpf-linker python3 ] ++ packageGroups.rustPkgs)}:$PATH
             set -euo pipefail
           '';
           frontendCiPreamble =