// file : doc/manual.cli // copyright : Copyright (c) 2014-2017 Code Synthesis Ltd // license : MIT; see accompanying LICENSE file "\name=build2-build-bot-manual" "\subject=build bot" "\title=Build Bot" // NOTES // // - Maximum
line is 70 characters. // " \h0#preface|Preface| This document describes \c{bbot}, the \c{build2} build bot. \h1#intro|Introduction| \h1#arch|Architecture| The \c{bbot} architecture includes several layers for security and manageability. At the top we have a \c{bbot} running in the \i{controller} mode. The controller monitors various \i{build sources} for \i{build tasks}. For example, a controller may poll a \c{brep} instances for any new packages to built as well as monitor a \c{git} repository for any new commits to test. There can be several layers of controllers with \c{brep} being just a special kind. A machine running a \c{bbot} instance in the controller mode is called a \i{controller host}. Below the controllers we have a \c{bbot} running in the \i{agent} mode normally on Build OS. The agent polls its controllers for \i{build tasks} to perform. A machine running a \c{bbot} instance in the agent mode is called a \i{build host}. The actual building is performed in the virtual machines and/or containers that are executed on the build host. Inside virtual machines/containers, \c{bbot} is running in the \i{worker mode} and receives build tasks from its agent. Virtual machines and containers running a \c{bbot} instance in the worker mode are collectively called \i{build machines}. Let's now examine the workflow in the other direction, that is, from a worker to a controller. Once a build machine is booted (by the agent), the worker inside connects to the TFTP server running on the build host and downloads the \i{build task manifest}. It then proceeds to perform the build task and uploads the \i{build result manifest} (which includes build logs) to the TFTP server. Once an agent receives a build task for a specific build machine, it goes through the following steps. First, it creates a directory on its TFTP server with the \i{machine name} as its name and places the build task manifest inside. Next, it makes a throw-away snapshot of the build machine and boots it. After booting the build machine, the agent monitors the machine directory on its TFTP server for the build result manifest (uploaded by the worker once the build has completed). Once the result manifest is obtained, the agent shuts down the build machine and discards its snapshot. To obtains a build task the agent polls via HTTP/HTTPS one or more controllers. Before each poll request the agent enumerates the available build machines and sends this information as part of the request. The controller responds with a build task manifest that identifies a specific build machine to use. If the controller has higher-level controllers (for example, \c{brep}), then it aggregates the available build machines from its agents and polls these controllers (just as an agent would), forwarding build tasks to suitable agents. In this case we say that the \i{controller act as an agent}. The controller may also be configured to monitor build sources, such as SCM repositories, directly in which case it generates build tasks itself. In this architecture the build results are propagated up the chain: from a worker, to its agent, to its controller, and so on. A controller that is the final destination of a build result uses email to notify interested parties of the outcome. For example, \c{brep} would send a notification to the package owner if the build failed. Similarly, a \c{bbot} controller that monitors a \c{git} repository would send an email to a committer if their commit caused a build failure. The email would include a link (normally HTTP/HTTPS) to the build logs hosted by the controller. \h#arch-machine-config|Configurations| The \c{bbot} architecture distinguishes between a \i{machine configuration} and a \i{build configuration}. The machine configuration captures the operating system, installed compiler toolchain, and so on. The same build machine may be used to \"generate\" multiple \i{build configurations}. For example, the same machine can normally be used to produce 32/64-bit and debug/release builds. The machine configuration is \i{approximately} encoded in its \i{machine name}. The machine name is a list of components separated with \c{-}. Each component can contain alpha-numeric characters, underscores, dots, and pluses with the whole id being a portably-valid path component. The encoding is approximate in a sense that it captures only what's important to distinguish in a particular \c{bbot} deployment. The first component normally identifies the operating system and has the following recommended form: \ [_][ _] [_ ] \ For example: \ windows windows_10 windows_10.1607 i686_windows_xp bsd_freebsd_10 linux_centos_6.2 linux_ubuntu_16.04 macos_10.12 \ The second component normally identifies the installed compiler toolchain and has the following recommended form: \ [ ][ ] \ For example: \ gcc gcc_6 gcc_6.3 clang_3.9_libc++ clang_3.9_libstdc++ msvc_14 msvc_14u3 icc \ Some examples of complete machine names: \ windows_10-msvc_14u3 macos_10.12-clang linux_ubuntu_16.04-gcc_6.3 \ Similarly, the build configuration is encoded in a \i{configuration name} using the same format. As described in \l{#arch-controller Controller Logic}, build configurations are generated from machine configurations. As a result, it usually makes sense to have the first component identify the operating systems and the second component \- the toolchain with the rest identifying a particular build configuration. For example: \ windows-vc_14-32-debug linux-gcc_6-cross-arm-eabi \ \h#arch-machine-manifest|Machine Manifest| \ SYNOPSIS id: name: type: summary: \ The build machine manifest describes the build machine on the build host (see the Build OS documentation for their origin and location). A list of machine manifests is also sent by \c{bbot} agents to controllers. \dl| \li|\n\c{id: }\n The \i{machine-id} uniquely identifies a machine version/revision/build. For virtual machines this can be the disk image checksum. For a container this can be UUID that is re-generated every time a container filesystem is altered.| \li|\n\c{name: }\n The machine name as described above.| \li|\n\c{type: }\n The machine type. Valid values are \c{vm} and \c{container}. Note that this value is not sent by agents to controllers.| \li|\n\c{summary: }\n A one-line description of the machine. For example: \ name: windows_10-msvc_14 summary: Windows 10 build 1607 with VC 14 update 3 \ || \h#arch-task-manifest|Task Manifest| \ SYNOPSIS name: version: repository: #location: machine: target: config: \ The task manifest describes a build task. It consists of two groups of values. The first group defines the package to build. The second group defines the build configuration to use for building the package. \dl| \li|\n\c{name: }\n Package name to test.| \li|\n\c{version: }\n Package version to test.| \li|\n\c{repository: }\n The \c{bpkg} repository that contains the package and its dependencies.| \li|\n\c{machine: }\n The name of the build machine to use.| \li|\n\c{target: }\n The target triplet to build for. If not specified, then the default target for this machine is used (which is usually the machine itself). Compared to the autotools terminology, the \c{machine} value corresponds to \c{--build} (the machine we are building on) and \c{target} \- to \c{--host} (the machine we are building for). While we use essentially the same \i{target triplet} format as autotools for \c{target}, it is not flexible enough for \c{machine}.| \li|\n\c{config: }\n Additional build system configuration variables.|| \h#arch-result-manifest|Result Manifest| \ SYNOPSIS name: version: status: configure-status: update-status: test-status: configure-log: update-log: test-log: \ The result manifest describes a build result. \dl| \li|\n\c{name: }\n Package name from the task manifest.| \li|\n\c{version: }\n Package version from the task manifest.| \li|\n\c{status: }\n An overall (cumulative) build result status. Valid values are: \ success # All operations completed successfully. warning # One or more operations completed with warnings. error # One or more operations completed with errors. abort # One or more operations were aborted. abnormal # One or more operations terminated abnormally. \ The \c{abort} status indicates that the operation has been aborted by \c{bbot}, for example, because it was consuming too many resources and/or was taking too long. Note that a task can be aborted both by the \c{bbot} worker as well as the agent. In the later case the whole machine is shut down and no operation-specific status or logs will be included (@@ Maybe we should just include 'log:' with commands that start VM, for completeness?). The \c{abnormal} status indicates that the operation has terminated abnormally, for example, due to the package manager or build system crash. Note that the overall \c{status} value should appear before any per-operation \c{*-status} values.| \li|\n\c{*-status: }\n A per-operation result status. Note that the \c{*-status} values should appear in the same order as the corresponding operations were performed and for each \c{*-status} there should be a corresponding \c{*-log}.| \li|\n\c{*-log: }\n A per-operation result log. Note that the \c{*-log} values should appear last and in the same order as the corresponding \c{*-status} values.|| \h#arch-task-req-manifest|Task Request Manifest| \ SYNOPSIS agent: fingerprint: \ An agent (or controller acting as an agent) sends a task request to its controller via HTTP/HTTPS POST method (@@ URL/API endpoint). The task request starts with the task request manifest followed by a list of machine manifests. \dl| \li|\n\c{agent: }\n The name of the agent host (\c{hostname}). These should be unique in a particular \c{bbot} deployment.| \li|\n\c{fingerprint: }\n The SHA256 fingerprint of the agent's public key.|| \h#arch-task-res-manifest|Task Response Manifest| \ SYNOPSIS session: challenge: \ An agent (or controller acting as an agent) sends a task request to its controller via HTTP/HTTPS POST method (@@ URL/API endpoint). The task request starts with the task request manifest followed by a list of machine manifests. \dl| \li|\n\c{session: }\n An identifier assigned to this session by the controller. An empty value indicates that the controller has no tasks at this time in which case the task manifest is absent.| \li|\n\c{challenge: }\n A random text (nonce) used to challenge the agent's private key. If present, then the agent must sign this text with its private key and include the signature in the result request. The signature should be derived by calculating the SHA256 checksum of the text, encrypting it with the agent's private key, and then base64-encoding the result.|| \h#arch-result-req-manifest|Result Request Manifest| \ SYNOPSIS session: challenge: \ On completion of a task an agent (or controller acting as an agent) sends a result (upload) request to its controller via HTTP/HTTPS POST method (@@ URL/API endpoint). The result request starts with the result request manifest followed by a result manifest. Note that there is no result response and only a successful but empty POST result is returned. \dl| \li|\n\c{session: }\n The session id as returned by the controller in the task response.| \li|\n\c{challenge: }\n The answer to the private key challenge as posed by the controller in the task response.|| \h#arch-worker|Worker Logic| The \c{bbot} worker builds each package in a \i{build environment} that is established for a particular build target. The environment has three components: the execution environment (environment variables, etc), build system modules, and configuration variables. Setting up of the environment is performed by an executable (script, batch file, etc). Specifically, upon receiving a build task, the worker obtains its target and looks for the environment setup executable with this name in a specific directory. If not found or if the target is unspecified, then the worker looks for the executable called \c{default}. Not being able to locate the environment executable is an error. Once the environment setup executable is determined, the worker re-executes itself as that executable passing to it as command line arguments the target name (or empty value if not specified), the path to the \c{bbot} worker to be executed once the environment is setup, and the path to the build task manifest. The environment setup executable sets up the necessary execution environment for example by adjusting \c{PATH} or running a suitable \c{vcvars} batch file. It then re-executes itself as the \c{bbot} worker passing to it as command line arguments the path to the build task manifest followed by the list of build system modules (\c{ }) and the list of configuration variables (\c{ }). The re-executed \c{bbot} worker then proceeds to test the package from the repository by executing the following commands (\c{<>}-values are from the task manifest and environment): \ bpkg -v create bpkg -v add bpkg -v fetch bpkg -v build --yes --configure-only / bpkg -v update bpkg -v test \ As an example, the following bash script can be used to setup the environment for building C and C++ packages with GCC 6 on most Linux distributions. \ #! /usr/bin/env bash # $1 - target # $2 - bbot executable # $3 - task manifest trap \"exit 1\" ERR if [ -n \"$1\" ]; then echo \"unknown target $1\" 1>&2 exit 1 fi exec \"$2\" --build \"$3\" cc config.c=gcc-6 \ \h#arch-controller|Controller Logic| A \c{bbot} controller that issues own build tasks maps available build machines (as reported by agents) to \i{build configurations} according to the \c{conftab} configuration file. Blank lines and lines that start with \c{#} are ignored. All other lines in this file have the following format: \ [ ] [ ] \ Where \c{ } is filesystem wildcard pattern that is matched against available machine names, \c{ } is the configuration name, optional \c{ } is the build target, and optional \c{ } is a list of additional build system configuration variables. The matched machine name, the target, and configuration variables are included into the build task manifest. Note that each machine name is matched against every pattern and all the patterns that match produce a configuration. If a machine does not match any pattern, then it is ignored (meaning that this controller is not interested in testing its packages with this machine). If multiple machines match the same pattern, then only a single configuration using any of the machines is produced (meaning that this controller considers these machines equivalent). As an example, let's say we have a machine named \c{windows_10-vc_14u3}. If we wanted to test both 32 and 64-bit builds as well as debug and release, then we could have generated the following configurations: \ windows*-vc_14* windows-vc_14-32-debug i686-microsoft-win32-msvc14.0 config.cc.coptions=/Z7 config.cc.loptions=/DEBUG windows*-vc_14* windows-vc_14-32-release i686-microsoft-win32-msvc14.0 config.cc.coptions=\"/O2 /Oi\" windows*-vc_14* windows-vc_14-64-debug x86_64-microsoft-win32-msvc14.0 config.cc.coptions=/Z7 config.cc.loptions=/DEBUG windows*-vc_14* windows-vc_14-64-release x86_64-microsoft-win32-msvc14.0 config.cc.coptions=\"/O2 /Oi\" \ As another example, let's say we have \c{linux_fedora_25-gcc_6} and \c{linux_ubuntu_16.04-gcc_6}. If all we cared about it testing GCC 6 on Linux, then our configurations could look like this (note the missing target): \ linux*-gcc-6 linux-gcc_6-debug config.cc.coptions=-g linux*-gcc-6 linux-gcc_6-release config.cc.coptions=-O3 \ "