Add GitHub actions as an additional CI

[kyrcha]

Background: Add GHA as an additional CI since it generates a temporary token even for external PRs so we can run tests that require it.

Reference implementation: https://github.com/jfontan/gitcollector/blob/509f1d3f9bb3feba768cd53a8e58744877844711/.github/workflows/main.yml

[kyrcha]

Also: test is whether Windows and macOS builds support starting side services (e.g. Linux containers)

[kyrcha]

Research on GitHub Actions

Current state with respect to GITHUB_TOKEN and docker-compose

TL;DR

• Linux: works out of the box, auto-created GITHUB_TOKEN does not have permissions for org reading
• Windows: cannot run linux containers, problematic to add linux container support (LCOW) in GHA
• MacOS: no docker pre-installed - could not make docker installation solutions work in GHA

Linux

Docker compose works out of the box in Linux and the priviledged flag:

docker run -d --name bblfshd --privileged -p 9432:9432 bblfsh/bblfshd:latest-drivers

As for the GITHUB_TOKEN issue from the docs [ref] we have two things.

• With the exception of GITHUB_TOKEN, secrets are not passed to the runner when a workflow is triggered from a forked repository.
• GitHub automatically creates a GITHUB_TOKEN secret to use in your workflow.
• The token's permissions are limited to the repository that contains your workflow.

GHA behavior on the fork:

• when I use my own Personal Access Token (PAT) that has the right scopes ticked, then everything is completed as planned (i.e. GITHUB_TOKEN: ${{ secrets.METADATA_TEST_GH_TOKEN }})
• when I use the auto-generated one from GitHub I get the error:
  • organization query failed: Resource not accessible by integration.
  • Based on some research this is due to "The token's permissions are limited to the repository that contains your workflow." which means that does not have the scope admin:org > read:org but only repo [ref].
  • In this case the test of crawling an online organization will not complete.

---

For Windows and for MacOS after at least 90 trials the outcomes indicate that CI/CD (I would say in general) for these platforms does not come as easy :(

Windows

GHA has Windows Server 2016 R2 and 2019 and no desktop versions [ref].

Even though docker and docker compose are installed...a plain workflow leads to the following error:

latest: Pulling from library/postgres
no matching manifest for windows/amd64 10.0.17763 in the manifest list entries

This is the known Linux Containers on Windows (or LCOW) issue. There is the LCOW toolkit but besides being in experimental mode not yet officially supported by Docker or Microsoft in terms of SLA etc. it also needs the Hyper-V isolation [ref, [ref. After following some solution on the internet I got to the point where I could load LCOW but got anoterh error:

Creating metadata-retrieval_postgres_1 ... error

ERROR: for metadata-retrieval_postgres_1  Cannot create container for service postgres: failed to start service utility VM (createreadwrite): hcsshim::CreateComputeSystem e6209f8cd5e6490c6fb893d9e095cba8cb357407ca766bead4fc4679d5363ade_svm: The request is not supported.
(extra info: {"SystemType":"container","Name":"e6209f8cd5e6490c6fb893d9e095cba8cb357407ca766bead4fc4679d5363ade_svm","Layers":null,"HvPartition":true,"HvRuntime":{"ImagePath":"C:\\Program Files\\Linux Containers","LinuxInitrdFile":"initrd.img","LinuxKernelFile":"kernel"},"ContainerType":"linux","TerminateOnLastHandleClosed":true})

ERROR: for postgres  Cannot create container for service postgres: failed to start service utility VM (createreadwrite): hcsshim::CreateComputeSystem e6209f8cd5e6490c6fb893d9e095cba8cb357407ca766bead4fc4679d5363ade_svm: The request is not supported.
(extra info: {"SystemType":"container","Name":"e6209f8cd5e6490c6fb893d9e095cba8cb357407ca766bead4fc4679d5363ade_svm","Layers":null,"HvPartition":true,"HvRuntime":{"ImagePath":"C:\\Program Files\\Linux Containers","LinuxInitrdFile":"initrd.img","LinuxKernelFile":"kernel"},"ContainerType":"linux","TerminateOnLastHandleClosed":true})
Encountered errors while bringing up the project.
##[error]Process completed with exit code 1.

which basically accounts that I do not have the Hyper-V installed in GHA Windows Server 2019 version. Indeed according to the README of lcow "You also need to have Hyper-V and the Container feature enabled.". So the next step was to install them. But from my understanding (for example the non existance of the Install-WindowsFeature command to install the Hyper-V) the server spinned in GHA is a nano server with limited functionality and does not have the commands to install them (and from a quick search I could not find a way to install the commands that install things). So this is the current point reached.

There are solutions on the internet but:

• Are for the desktop windows 10 version and not the server versions
• Are for the full server version and not the nano
• Are GUI related
• Require restating the computer (tried it in GHA and it stuck)
• Requite the Hyper-V which I was not able to install on GHA

Another step is to use a native windows docker image, but official docker support for windows is still an open issue.

Next steps:

• Try to install Install-WindowsFeature command in a nano server
• Try an unofficial windows postgresql version (even though probably not recommended, the one I found is from 2017)

MacOS

MacOS does not have docker (nor compose) pre-installed so we install it [ref]

OK not problem let's install it...the problem is that I couldn't because as for Windows, Docker for macOS is mainly a GUI app and the solutions I found on the internet have not worked thus far. This is as far as I could go based on this SO answer but the service never starts:

- name: Set up docker in macOS
  run: |
    brew cask install docker
    ln -s /Applications/Docker.app/Contents/Resources/bin/docker /usr/local/bin/docker
    ln -s /Applications/Docker.app/Contents/Resources/bin/docker-compose /usr/local/bin/docker-compose
    open -g -a /Applications/Docker.app || exit
    # Wait for the server to start up, if applicable.  
    i=0
    while ! docker system info &>/dev/null; do
      (( i++ == 0 )) && printf %s '-- Waiting for Docker to finish starting up...' || printf '.'
      sleep 1
    done
    (( i )) && printf '\n'
    echo "-- Docker is ready."
  if: matrix.os == 'macOS-latest'

Next steps:

• Do more research for answers
• Debugging the installation procedure

Current workflow

Current workflow can be found here.

[kyrcha]

My proposal is to have both especially since: a) GitHub actions is good candidate for projects that do not require org data like gitbase so it will be adopted there and b) since src-d has worked with github actions like in hercules. So we could:

• use Travis as a main CI/CD at the moment due to the better integration of codecov
• use also GitHub at least for the autogenerated GITHUB_TOKEN for reading online repo data
• ask for extra software from GitHub here