-
Notifications
You must be signed in to change notification settings - Fork 6
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support snapshots #19
base: master
Are you sure you want to change the base?
Conversation
Looks reasonable. A couple of things:
Do you plan to use this with the GitHub action [2] or are you only interested in building the image? [1] openbsd-builder/openbsd.pkr.hcl Lines 1 to 107 in 84346c3
|
Thanks for the quick feedback!
Not yet... still figuring out how I would. I need to eventually use this with https://github.com/cross-platform-actions/action, but I still don't have a very good handle about how to test these things locally. Also new to GH Actions in general. 😅
Ahh, probably. As I said I'm new to HCL! I'll update.
Yup, forgot about these. Considering the OpenBSD mirror site only uses SHA256, I think it's reasonable to hard-code it. I'll update.
My ultimate goal is to use this with https://github.com/cross-platform-actions/action, as I understand this a dependency there. My ultimate-ultimate goal is to build a rust binary for another open source project on GHA that requires rust v1.80, which is only available in snapshots currently. |
I don't mind trying! 😎 |
Ok. Think I addressed
I'd love some guidance on
|
I should have asked this from the beginning: do you plan to use a custom image with the GitHub action [1] or do you expect upstream to release snapshot images? A custom image is perfectly fine but unfortunately I do not have the capacity to release snapshot images. This leads to the next question: does this need to be supported in upstream or is this something that you can do in your fork? In general I would say it should go into a fork. But this has been asked before (#10), and it doesn't seem to complicate the code that much, so I guess I could accept this in upstream. [1] https://github.com/cross-platform-actions/action?tab=readme-ov-file#custom-vm-image-image_url |
Keep in mind that there's no guarantee that a custom version will work in the future, or at all. Custom images are intended for doing work ahead of time of existing supported operating systems and versions. |
I have an M1 Mac as well, so that's perfectly fine 😃. It's documented in the readme: https://github.com/cross-platform-actions/openbsd-builder?tab=readme-ov-file#building-locally. Please let me know if anything is not clear or missing and I can update the documentation. Packer and QEMU are available from Homebrew. |
The test is just building the image, which you already have added a job for 👍. Is the only difference the extra |
There's some documentation how to run the GH action locally in the action repository [1]. Please let me know if anything is not clear or missing and I can update the documentation. [1] https://github.com/cross-platform-actions/action?tab=readme-ov-file#local-development |
It fails to build the snapshot image: https://github.com/cross-platform-actions/openbsd-builder/actions/runs/10542423605/job/29213600586?pr=19#step:8:117. |
BTW, what is a snapshot? Is that like the next upcoming version? So now it's what will become OpenBSD 7.6 and eventually it will become 8.0? |
Yeah, I accidentally inverted the logic for using a snapshot URL, resulting in a 404. Updated. |
OpenBSD commits to releases every 6 months. These are 7.3, 7.4, 7.5, etc. Concurrently, they also release snapshot images at more frequent--yet less predictable--intervals between releases.
Snapshots contain more up-to-date ports and packages. In my case, the latest snapshot includes Rust v1.80, whereas the last release of OpenBSD includes v1.75. The project I'm trying to support on OpenBSD requires Rust >= v1.77, so building on OpenBSD 7.5 fails. The update to the test GHA workflows does present a bit of a problem for maintenance on this project, which is what I think you're getting at with your line of questioning, as that SHA will change as new snapshots are released, and this will happen more frequently than stable releases (though in my experience, they don't release too often... I feel like the cadence is measured more in weeks than days, but that is more frequent than 6 months). IMO it would be great to support this in upstream, though I confess I'm still a bit fuzzy about how your releases are structured, and how artifacts from this repo are consumed and used in I'm not sure I totally answered your question, but hopefully that made sense. |
Case in point, there is a new snapshot release since I opened this PR: - 536fda4f519359eebd092900b7ee27986cccb800aee321b3b5d4841d7ce42cd2
+ 92fe4343d60a963c1070ebd08f496070493bc9ea9c946b56d5dfb98fe880bb0a |
Installed |
Think this'll work: e195f91 |
Perhaps you should run the CI workflow on your fork and make sure it works there first. Since you're a first time contributor GitHub requires me to approve the workflow to be run and apparently I need to approve it every time you make a change. |
Ugh, sorry, that sounds annoying. Got them running on my repo, so I've got a more independent feedback loop now. My bad. I got the newer snapshots building in GHA; there are two failures for older stable releases that look like timeouts (eg., not related to my changes): https://github.com/neezer/openbsd-builder/actions/runs/10585228557 Think I'm ready for a proper re-review now. If the commit history is too spammy, I'm happy to close this PR and re-open with a collapsed git history. Lemme know. |
Yeah, that looks unrelated. |
Not anywhere reliable that I have found. I copied it out from a Docker container. |
The full process to add support for a new version of an existing operating system and architecture is, in a best case scenario:
Of course, if upstream did break something then I'm in for a debugging session to figure out what has changed and try to adopt for the new behavior, ideally without breaking any existing versions. It's this part I'm most worried about. It can require changes to the GitHub action as well. Another part I'm not entirely sure about is how to know when a new snapshot is available. Currently I'm subscribed to a couple of mailing lists which posts when a new version is available. But I have not seen any updates on new snapshots. I don't want to look every day if a new snapshot is available. Perhaps a scheduled GitHub action workflow could do that, but those will be disabled after 60 days if there's been no changes to the repository. |
For snapshots to work I need to figure out how to do this without having to update the Github action every time a new snapshot is available. |
Thanks for the detailed explanation. Is this because the Packer images are pre-compiled for use by |
I think the most reliable way is to schedule (eg., Anecdotally, I'd say it is 99.9% likely that there will be a new release within 60 days of the last one. If snapshots were built on-demand, then this complication is voided, as I understand it. |
Partly. I could point the action to the latest release of each operating system, instead of a hardcoding the version. But I'm working hard to not break the action. If you stick to a given version of the action it should ideally never break. I've worked very hard and spent a lot of time avoid breaking the action. GitHub has already broken the action a couple of times. Since things happen outside my control every time I build this repository there's a risk that something will break. I had to jump through hoops to avoid removing FreeBSD 12.x, because upstream had removed the package repository. Same with OpenBSD. I found a mirror that keeps old releases.
No, I don't think that's an acceptable trade-off. As you can see it takes between 15 and 20 minutes to build an image. If your job only takes a minute, or less, it's a huge overhead. Also, there are more moving parts, more dependencies outside my control. As you noticed, one of the jobs failed in a way unrelated to your change: https://github.com/neezer/openbsd-builder/actions/runs/10585228557. |
I prefer the scheduled approach better. I don't mind enabling the job if GitHub disables it every 60 days. I get an email when it happens. |
👏🏻 This is a great goal! Thanks for your effort! For stable releases I'm 💯 on board with this. I'm less convinced this level of effort is warranted (or even desired) for snapshots. I'm not aware of the official OpenBSD mirrors hosting snapshots older than whatever the current one is; I suppose your special mirror might.
If the images are persisted on the disk of the runner, they could be cached. Then you'd only pay the penalty on the initial build of a new snapshot release. Just trying to think of ways to reduce the operational complexity. To be clear, I intended my earlier suggestion to pertain only to snapshots, not stable releases. But perhaps this bifurcates the user experience of this action too much? |
No, definitely not. It's not something I ever considered.
Yeah, I understood that. I don't mind the snapshots not being a stable as the rest. It just needs to be clearly documented. The problem is, as the PR is implemented now, building a stable release can break due to a snapshot not building. The opposite is true as well, that is, building a snapshot could fail due to a stable release failing. Most likely an old release would fail. That's also one reason why the job, when it creates a release, it creates a draft release. Because I need to make sure that all jobs in the matrix has completed successfully before I can publish the release. Here's an idea how to fully automate this and still build the images ahead of time:
|
I'm no expert, but my understanding is that releases are intended to be immutable. Even if it were possible to rewrite assets for an existing release, I'm not sure it's advisable to do so if it bucks the well-understood mental model. I think rather than try to mutate an existing release, we should be creating new releases with some modifier, eg. Then we'd change this step
... to ...
This also changes the following step:
This probably means a touch more work in cross-platform-actions/action to implement "would always fetch the latest snapshot image available." Thoughts? |
The snapshot release in that project is a separate release. The snapshot release is attached to a tag called I don't know how you would access the latest release without doing this. You can access the latest release, but that might be a snapshot release or a stable release. |
It doesn't need to be a GitHub release. It just needs to be somewhere to store the images in the cloud with a stable URL. Something free and reliable. Perhaps a GitHub artifact could work. |
I was referring to the releases for I was thinking you could continue to do mainline releases with |
@jacob-carlborg Nudge on my last comment. 😎 |
Yeah, sorry, I've been really busy. I think your suggestion is more complicated than it needs to be. I want to explore other options. IIRC, GitHub has some artifact registry, perhaps that can be used. Do you have time to look that up? |
I know how that goes. Thanks again for your time and effort devoted to this project! 👏🏻
I can try. I think we're agreed on steps 1-5. Maybe we could move ahead with those changes while we continue to mull over the remaining steps? Seems like that automation would be useful to you regardless of what approach we think is best for snapshots specifically. |
The GitHub registry feature cannot be used. It's for package managers, like NPM, RubyGems, Debian packages and so on. Not for arbitrary files. |
I haven't used Packer or HCL before, but from what I can tell, it looks like this should work.
To install the latest snapshot:
closes #18