Conversation
8beae4d to
87c8b4c
Compare
87c8b4c to
5f8eee7
Compare
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as resolved.
This comment was marked as resolved.
|
Alright so average per system is ~6m40s with the actually correct check: https://github.com/winterqt/nixpkgs/actions/runs/15007089150 |
5f8eee7 to
4f15b39
Compare
|
IMO the ~doubled eval time here is worth it for peace of mind that we’re catching issues upfront, but it does make it important to replace the existing eval job entirely so that we’re not trashing our concurrency by doubling the number of jobs and having half of them take twice as long. |
4f15b39 to
25509d1
Compare
This change reimplements `pkgs/top-level/nixpkgs-basic-release-checks.nix` using the chunked evaluator function, in order for it to be efficient enough to run in CI.
I feel like I've done enough work on this that I can effectively review any changes going forward. :)
Ran into this when comparing two `quickTest` evals.
Currently, the `get-merge-commit` job is inherently racey, as we can't control whether these jobs will run at the same time, so it's possible that the merge/target commits will change if the target gets updated in between `get-merge-commit` runs. This is bad enough in theory (and maybe has even caused some oddities in the CI setup in the past), but it essentially makes the release checks untentable on days where lots of people are merging things. So, this change fixes it by electing the eval workflow as the "leader," and having all other jobs wait for it to determine which commits will be checked.
b266cf0 to
be3b40f
Compare
| @@ -5,6 +5,14 @@ on: | |||
| paths: | |||
| - .github/workflows/get-merge-commit.yml | |||
There was a problem hiding this comment.
Might want to consider removing this now that this requires inputs (and apparently defaults don’t apply to non-workflow_run triggers…).
|
The Knowing this, we should just not run those in different workflows anymore. But I think with #406825 (comment), we might not need to anyway. I have thought about this a bit more, and it's quite simple in theory:
For the big majority of PRs, with only a handful of changed attributes, this will make the purity test take a few seconds maximum. Think about it, with the current approach we are comparing 70k attributes per PR, although only 1 (or none!) might have changed. Once this is not a big check anymore, we can move it into the main eval workflow. The effect of running on undrafting can thus be ignored for now. Yes, this has consequences: We need to run this after the comparison, which is exactly what I had opposed earlier, because of start-to-finish time for nixpkgs-review. But that's not a problem, if it doesn't take long. It will take much longer on staging, when you cause many rebuilds - but also you're not going to use nixpkgs-review there anyway. With how eval is currently set up, we'd need to:
Running an extra 4x mini jobs, which only re-eval a single package in the extreme case on master seems like waste, though. Thus, I am currently working on my idea mentioned in #406825 (comment), namely switching up the order of "combine" and "compare". The new workflow would look like this:
This has a few benefits, because we'll be able to eventually get rid of a whole job (process), but also we could add the purity release-check into those 4x jobs for eval as well - the numbers for which attributes to run the check would already be known. |
Right, but I think this is a desirable change for consistency, mainly avoiding weird results in the kind of conditions we just observed. I’d be willing to split it into a separate PR. WDYT? Regarding your idea: I like it in theory, but I’ll need to think about it a bit more. |
I'm hoping to go into a different direction instead, but that's currently only an idea and not fully sketched out, yet:
If we go this way, then there is no other get-merge-commit workflow / job to wait on, so the artifact idea won't work. However, I think that's not really a problem - we just need to make sure that different workflows don't depend on each other like we tried here. |
| /.github/workflows @NixOS/Security @Mic92 @zowoq @infinisil @azuwis @wolfgangwalther | ||
| /.github/workflows @NixOS/Security @Mic92 @zowoq @infinisil @azuwis @winterqt @wolfgangwalther | ||
| /.github/workflows/check-format.yml @infinisil @wolfgangwalther | ||
| /.github/workflows/codeowners-v2.yml @infinisil @wolfgangwalther | ||
| /.github/workflows/nixpkgs-vet.yml @infinisil @philiptaron @wolfgangwalther | ||
| /ci @infinisil @philiptaron @NixOS/Security @wolfgangwalther | ||
| /ci @infinisil @philiptaron @NixOS/Security @winterqt @wolfgangwalther |
There was a problem hiding this comment.
You might want to merge this commit separately already. I'm trying to already request reviews from you in CI PRs, so that you are aware of all the changes happening, but sometimes I forget :D
You can see the new outpaths jobs in #410852. They already produce a diff of attrpaths, which is what you could use to decide which paths to do the purity check against. |
|
Does that work if the problem is that the existence of attribute paths in some way depends on the value of |
Interesting. Correct - this would not be caught. Attrpath generation takes ~ 20-30s per system. Thus, doing this with both paths for all systems in sequence would take max 4 mins. I'd say we could run this as a separate job, independent of everything else. This would make it easy to only run this in the merge queue later, which should be enough for what is probably very much an edge case. |
We can do even better: attrpath generation is using a single core only. Thus, we could run both attrpath generations at the same time in the main eval job. Then we do the purity check for attrpaths already and can error out early in case of a mismatch. Then we do main eval, then the diff against master, and then we run eval again on the changed attrpaths for purity. For PRs with 0 rebuilds, the overhead will be 0. And the overhead for release checks scales with the number of changed packages, which is nice. |
|
At one point I was tracking with the back-and-forth on this PR, but I've lost the plot. Where are we with this effort, @winterqt and @wolfgangwalther? |
I think all the pre-requisites have been merged to do #406825 (comment) for This will still leave us with the |
|
Good news: I'm (one of) the maintainer of I'll have time to work on that in a few weeks. |
This PR reimplements
pkgs/top-level/nixpkgs-basic-release-checks.nixusing the chunked evaluator function, in order for it to be efficient enough to run in CI.Things done
nix.conf? (See Nix manual)sandbox = relaxedsandbox = truenix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage./result/bin/)Add a 👍 reaction to pull requests you find important.