Running the ci completely in a docker, without leaving any traces on the host system is not possible right now because the ccache and depends dir needs to be propagated back and picked up by the host for caching.
Fixes #17372
ci: Make ci system read-only on the git work tree #17423
pull MarcoFalke wants to merge 4 commits into bitcoin:master from MarcoFalke:1911-ciRo changing 6 files +39 −20-
MarcoFalke commented at 10:39 PM on November 8, 2019: member
- fanquake added the label Tests on Nov 8, 2019
- MarcoFalke force-pushed on Nov 8, 2019
- MarcoFalke force-pushed on Nov 8, 2019
-
DrahtBot commented at 12:14 AM on November 9, 2019: member
<!--e57a25ab6845829454e8d69fc972939a-->
The following sections might be updated with supplementary metadata relevant to reviewers and maintainers.
<!--174a7506f384e20aa4161008e828411d-->
Conflicts
Reviewers, this pull request conflicts with the following ones:
If you consider this pull request important, please also help to review the conflicting pull requests. Ideally, start with the one that should be merged first.
-
ci: Make all filesystem operations inside docker fa00393bce
-
ci: Remove git from required packages on host fab1333292
-
ci: Make ci system read-only on the git work tree fa493ef088
- MarcoFalke force-pushed on Nov 9, 2019
-
JeremyRubin commented at 11:18 PM on November 9, 2019: contributor
Concept Ack!
-
laanwj commented at 12:28 PM on November 10, 2019: member
I know nothing about docker but Concept ACK, making things that can be made read-only read-only tends to be a good idea both for determinism and to avoid build steps generating clutter in unexpected places.
-
ci: Extend docs fa7523d3aa
-
MarcoFalke commented at 5:53 PM on November 20, 2019: member
This should be easy to review. All it does it add some
DOCKER_EXEC, which means "execute everything that follows in this line in our docker thing". Also, it mounts the source dir readonly into the docker. -
laanwj commented at 7:02 PM on November 20, 2019: member
@JeremyRubin you brought this up, can you please give a tested ACK?
-
MarcoFalke commented at 7:06 PM on November 20, 2019: member
It was on my list of thing to improve either way. A code review should be sufficient, it is really straightforward. (And travis is testing it to some extend already)
-
JeremyRubin commented at 8:48 PM on November 20, 2019: contributor
Testing now...
Looks like you still need to run a make distclean before running? Would there be any reason to not have travis (now that it's RO on host) run make distclean first in case it's a dirty dir?
-
JeremyRubin commented at 9:37 PM on November 20, 2019: contributor
tested ACK fa7523d3aa75b0266015af59901c2397b52265b5
Ran
make distcleanandFILE_ENV=ci/test/00_setup_env_amd64_trusty.sh ./ci/test_run_all.shand was able to re-run
./autogen.sh && ./configure && makewithout hitting permissions errors.Would prefer, as noted, if the distclean could happen in the copied dir.
- MarcoFalke referenced this in commit 41162c0ba0 on Nov 20, 2019
- MarcoFalke merged this on Nov 20, 2019
- MarcoFalke closed this on Nov 20, 2019
-
MarcoFalke commented at 9:45 PM on November 20, 2019: member
Thanks for testing. I've merged this and left the suggestion as a follow up, see #17544.
- MarcoFalke deleted the branch on Nov 20, 2019
- sidhujag referenced this in commit f813bb5e43 on Nov 21, 2019
- sidhujag referenced this in commit 064f7896af on Nov 10, 2020
- MarcoFalke locked this on Dec 16, 2021
