CI/CD overhaul
This MR overhauls our CI/CD pipeline, moving the relevant Dockerfiles into the new knot/knot-resolver-ci repository, which builds the images in its own CI/CD pipeline, removing the need to build the images locally.
The images have been largely cleaned up, removing unnecessary layering, and have also been de-duplicated - different Knot DNS versions are built using the same parent image, which already has all the required dependencies, shortening the build times.
Another advantage is that the images are properly tagged, so we can use separate versions for different branches of Knot Resolver.
The pipeline in that repository is also ready for nightly rebuilds of Knot DNS master, so we can continously test against that (it currently fails, but !1509 (merged) should fix that). 
Merge request reports
Activity
- Resolved by Oto Šťáva
I'm not completely sure what causes the
build-stable-asanfailure. It seems to me it must be something that has always been there, but a new ASan version got better at detecting it. I haven't touched any of the actual Knot Resolver code, so it must be something like that. - Last reply by Vladimír Čunát
added 1 commit
- 05ffb6cb - .gitlab-ci: barebones image to request macOS build
added 1 commit
- 21828f1d - .gitlab-ci: barebones image to request macOS build
TODO: Install faketime from Git into the images to overcome incompatibility with Python >=3.11 (causing thedeckardfailures)Edited by Oto ŠťávaWhen I run
scan-buildlocally, it shows completely different warnings. None of the ones that appear in CI, but pretty much all of them are false positives because it does not understand__attribute__((cleanup(...))), so it says we are leaking memory when in fact we are not.I understand that the difference is probably due to a version difference (LLVM 14 in CI vs LLVM 18 in my OpenSUSE), but seeing as both versions probably report false positives, I don't think chasing after scan-build's reports is something we want to waste our time with, especially when there is no good way of silencing them individually.
I'm kind of inclined towards getting rid of it. Clang-Tidy seems to catch some of the same errors, and we also have Coverity Scan (which we could finally start using for the
6.0branch), which seems to have been doing a slightly better job.Edited by Oto Šťávaadded 2 commits
added 1 commit
- bd9d705f - fixup! .gitlab-ci.yml, tests: adapt to new knot-resolver-ci repo
added 1 commit
- a539d168 - EXPERIMENT: try sanitizers with GCC and different settings
added 1 commit
- 856b7be3 - EXPERIMENT: try sanitizers with GCC and different settings
added 1 commit
- d578ecb9 - EXPERIMENT: try sanitizers with GCC and different settings
added 1 commit
- 47cc6e21 - .github/workflows/macOS: fix prefix for ARM macOS
added 1 commit
- de0e8f2b - .github/workflows/macOS: fix prefix for ARM macOS
added 1 commit
- 2d4f4346 - .github/workflows/macOS: fix prefix for ARM macOS
added 1 commit
- fb418fcd - modules/*/meson.build: add missing dependencies
added 1 commit
- 281f5079 - modules/*/meson.build: add missing dependencies
added 1 commit
- a0f95677 - modules/*/meson.build: add missing dependencies
added 1 commit
- 29cd0331 - modules/*/meson.build: add missing dependencies
added 1 commit
- bd107579 - modules/*/meson.build: add missing dependencies
added 1 commit
- 272688e4 - modules/*/meson.build: add missing dependencies
added 1 commit
- 4dfec0ec - modules/*/meson.build: add missing dependencies
added 1 commit
- 60d9b515 - modules/*/meson.build: add missing dependencies
added 1 commit
- d2a391ab - modules/*/meson.build: add missing dependencies
added 1 commit
- 28d2af88 - modules/*/meson.build: add missing dependencies
added 1 commit
- d6d90dda - modules/*/meson.build: add missing dependencies
added 1 commit
- 37cfc355 - modules/*/meson.build: add missing dependencies
mentioned in merge request !1537 (merged)
added 16 commits
-
37cfc355...c7f0032f - 3 commits from branch
master - c7f0032f...b88e040c - 3 earlier commits
- 369093f4 - .gitlab-ci: changed image name
- 8e947ceb - .gitlab-ci: build against Knot DNS master as well
- 6f3ad7ff - .gitlab-ci: reorganize Knots, fix master
- df9737c8 - .gitlab-ci: use default image to build the docs
- 888b8954 - .gitlab-ci: disable dnstap test for Debian 11
- 1fa4bb3d - .gitlab-ci: make Knot master build failure less intimidating
- 92cf3860 - ci/images: remove
- a1a27b7b - .gitlab-ci: barebones image to request macOS build
- 9b9145eb - Silence Clang-Tidy
- 96e0d277 - EXPERIMENT: try sanitizers with GCC and different settings
Toggle commit list-
37cfc355...c7f0032f - 3 commits from branch
added 1 commit
- 9fa779b9 - fixup! EXPERIMENT: try sanitizers with GCC and different settings
added 1 commit
- c8fa7864 - fixup! EXPERIMENT: try sanitizers with GCC and different settings
added 1 commit
- 8dc9a709 - fixup! .gitlab-ci: check if image is set to a Git tag
added 1 commit
- 9963fed0 - fixup! EXPERIMENT: try sanitizers with GCC and different settings
added 1 commit
- 17f2c6bf - fixup! EXPERIMENT: try sanitizers with GCC and different settings
added 1 commit
- f1e737f7 - fixup! EXPERIMENT: try sanitizers with GCC and different settings
added 12 commits
- f1e737f7...a7f065c3 - 2 earlier commits
- 5dc156ea - .gitlab-ci: build against Knot DNS master as well
- cce477a9 - .gitlab-ci: reorganize Knots, fix master
- 702d7710 - .gitlab-ci: use default image to build the docs
- 5550f174 - .gitlab-ci: disable dnstap test for Debian 11
- f251f5a4 - .gitlab-ci: make Knot master build failure less intimidating
- f079c42a - ci/images: remove
- 5687751d - .gitlab-ci: barebones image to request macOS build
- cbf8faa2 - Silence Clang-Tidy
- fca3481c - EXPERIMENT: try sanitizers with GCC and different settings
- b86a76b0 - .gitlab-ci: get rid of scan-build
Toggle commit listadded 1 commit
- 7c2516d4 - fixup! tests/pytests: remove deprecated calls
- Resolved by Vladimír Čunát
Outstanding issue:
pytests- This is something that has been happening consistently on newer distros for quite some time already. I don't think the behaviour ofkresdis necessarily incorrect, it seems to close the TLS connection when the client sends garbage. It also happens on 6.xI believe we have these options:
- Just make sure that kresd does not crash after it gets garbage from the client and adapt the test accordingly.
- Stop
kresdfrom closing the connection. This may not even be worth the effort, though, as it seems pretty unrealistic for actual good traffic to come after the garbage, which is what the test seems to be checking for.
Edited by Oto Šťáva - Last reply by Vladimír Čunát
Outstanding issue:build-deb12-knot-master- Will be fixed by !1509 (merged). I already checked.Edited by Oto Šťávaadded 18 commits
-
7c2516d4...fe607b35 - 3 commits from branch
master - fe607b35...f5f423b4 - 5 earlier commits
- e92888a3 - .gitlab-ci: reorganize Knots, fix master
- 7ac7c768 - .gitlab-ci: use default image to build the docs
- 50d31600 - .gitlab-ci: disable dnstap test for Debian 11
- 09a490da - .gitlab-ci: make Knot master build failure less intimidating
- 95a6403e - ci/images: remove
- c77932a8 - .gitlab-ci: barebones image to request macOS build
- 6f73a3d7 - Silence Clang-Tidy
- b98b9e77 - EXPERIMENT: try sanitizers with GCC and different settings
- 6f6311d6 - .gitlab-ci: get rid of scan-build
- f2ca927c - tests/pytests: remove deprecated calls
Toggle commit list-
7c2516d4...fe607b35 - 3 commits from branch