saluki/.gitlab-ci.yml at main · DataDog/saluki · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
include:
  - .gitlab/*.yml

stages:
  - test
  - build
  - e2e
  - benchmark
  - release
  - internal

# Our workflow rules let us override specific variables, in a consistent way, depending on whether this is an "internal"
# run (we consider all non-tagged pipeline triggers to be "internal") or a "release" run.
#
# This mostly controls how we tag our ADP container images and set various bits of metadata.
workflow:
  # Auto-cancel any interruptible jobs from a previous pipeline when a new commit lands on the
  # same ref. The default ('conservative') only cancels the pipeline if no non-interruptible
  # job has started yet — since our Linux jobs are non-interruptible and start immediately,
  # that mode effectively never cancels anything. 'interruptible' cancels just the jobs marked
  # interruptible: true (currently the macOS unit + integration jobs, which run on scarce
  # bare-metal runner capacity); non-interruptible jobs continue to completion as before.
  # https://docs.gitlab.com/ci/yaml/#workflowauto_cancelon_new_commit
  auto_cancel:
    on_new_commit: interruptible
  rules:
    - if: $CI_COMMIT_TAG == null
      variables:
        BASE_ADP_IMAGE_VERSION: "v${CI_PIPELINE_ID}-${CI_COMMIT_SHORT_SHA}"
        APP_DEV_BUILD: "true"
        BUILD_PROFILE: "release"

    - if: $CI_COMMIT_TAG
      variables:
        BASE_ADP_IMAGE_VERSION: ${CI_COMMIT_TAG}
        APP_DEV_BUILD: "false"
        BUILD_PROFILE: "optimized-release"

variables:
  # High-level repository paths we build off of, and dedicated images needed for various jobs.
  IMAGE_REGISTRY: "registry.ddbuild.io"
  DOCKER_BUILD_IMAGE: "${IMAGE_REGISTRY}/docker:27.3.1"
  GBI_BASE_IMAGE: "${IMAGE_REGISTRY}/images/base/gbi-ubuntu_2404:release"
  PUBLIC_BASE_IMAGE: "${IMAGE_REGISTRY}/images/mirror/ubuntu:24.04"

  # Base repository paths for where our CI images go, whether they're helper images or actual
  # output artifacts like ADP itself.
  SALUKI_IMAGE_REPO_PREFIX: "saluki"
  SALUKI_IMAGE_REPO_BASE: "${IMAGE_REGISTRY}/${SALUKI_IMAGE_REPO_PREFIX}"
  SALUKI_BUILD_CI_IMAGE: "${SALUKI_IMAGE_REPO_BASE}/build-ci:latest"
  SALUKI_GENERAL_CI_IMAGE: "${SALUKI_IMAGE_REPO_BASE}/general-ci:latest"
  SALUKI_SMP_CI_IMAGE: "${SALUKI_IMAGE_REPO_BASE}/smp-ci:latest"
  SALUKI_BUILDCACHE_CI_IMAGE: "${SALUKI_IMAGE_REPO_BASE}/buildcache-ci:latest"
  SALUKI_SPDX_LICENSES_CI_IMAGE: "${SALUKI_IMAGE_REPO_BASE}/spdx-licenses-ci:latest"

  # Converged Datadog Agent-specific variables, which control how we build the converged Datadog Agent image that we
  # publicly publish.
  PUBLIC_DSD_VERSION: "7.79.1"
  PUBLIC_DD_AGENT_VERSION: "7.79.1-jmx"

  # Base images to copy Agent Data Plane into, depending on whether the image is meant for our internal environment or
  # public registries.
  ADP_INTERNAL_BASE_IMAGE: "${GBI_BASE_IMAGE}"
  ADP_PUBLIC_BASE_IMAGE: "${PUBLIC_BASE_IMAGE}"

  # We use our specific build image as it's built to have the right (specifically: old enough) version of glibc, and
  # other necessary tooling, to build ADP for the target platforms we need it to be able to run on.
  ADP_BUILD_IMAGE: "${SALUKI_BUILD_CI_IMAGE}"

  ADP_IMAGE_REPO_NAME: "${SALUKI_IMAGE_REPO_PREFIX}/agent-data-plane"
  ADP_IMAGE_REPO_BASE: "${SALUKI_IMAGE_REPO_BASE}/agent-data-plane"

  # The image version depending on whether this is an official release or not: v3727183-d55fef5a (not official) va
  # 0.1.10 (official), etc.
  ADP_IMAGE_VERSION: "${BASE_ADP_IMAGE_VERSION}"
  ADP_IMAGE_VERSION_FIPS: "${BASE_ADP_IMAGE_VERSION}-fips"

  # The tagged image, minus the registry portion.
  #
  # Used for specifying the image repository to use when publishing the ADP container images, as the registry will be
  # varied depending on where it's being pushed.
  ADP_IMAGE_TAG: "agent-data-plane:${ADP_IMAGE_VERSION}"
  ADP_IMAGE_TAG_FIPS: "agent-data-plane:${ADP_IMAGE_VERSION_FIPS}"

  # The full image path.
  #
  # Used to specifically reference the built ADP image in certain jobs.
  ADP_FULL_IMAGE_TAG: "${IMAGE_REGISTRY}/saluki/agent-data-plane:${ADP_IMAGE_VERSION}"
  ADP_FULL_IMAGE_TAG_FIPS: "${IMAGE_REGISTRY}/saluki/agent-data-plane:${ADP_IMAGE_VERSION_FIPS}"

default:
  tags: ["arch:amd64"]

# Run a job on official releases (i.e. tagged).
.on_official_release:
  rules:
    if: $CI_COMMIT_TAG

# Run a job on development branches.
.on_development_branch:
  rules:
    if: $CI_COMMIT_BRANCH != "main" && $CI_COMMIT_TAG == null

# We're running on an MQ branch.
.on_mq_branch:
  rules:
    if: $CI_COMMIT_BRANCH =~ /^mq-working-branch/

# Common build-specific variables that need to be shared across stages.
.build-common-variables:
  variables:
    BUILD_FEATURES: "default"
    KUBERNETES_CPU_REQUEST: "24"
    KUBERNETES_MEMORY_REQUEST: "24Gi"
    KUBERNETES_MEMORY_LIMIT: "48Gi"

.build-amd64-variables:
  variables:
    BUILD_ARCH: amd64
    BUILD_TARGET: x86_64-unknown-linux-musl

.build-arm64-variables:
  variables:
    BUILD_ARCH: arm64
    BUILD_TARGET: aarch64-unknown-linux-musl
    # There's an issue with cross-compiling for ARM64 from the GNU toolchain
    # due to MUSL's lack of support for `__getauxval`, which is needed for
    # "outline atomics", which involves runtime detection of LSE instructions
    # used for atomics.
    #
    # Without this, `jemalloc` fails to compile due to how it detects support
    # for different atomic operations.
    BUILD_CFLAGS: "-mno-outline-atomics"

.linux-test-job:
  image: "${SALUKI_BUILD_CI_IMAGE}"

.linux-amd64-test-job:
  extends: .linux-test-job
  tags: ["arch:amd64"]

.linux-amd64-test-job-heavy:
  extends: .linux-amd64-test-job
  variables:
    # Compiling Saluki is intensive, so we want to make sure we get
    # a beefy-enough runner.
    KUBERNETES_CPU_REQUEST: "16"
    KUBERNETES_MEMORY_REQUEST: "8Gi"
    KUBERNETES_MEMORY_LIMIT: "12Gi"

.linux-arm64-test-job:
  extends: .linux-test-job
  tags: ["arch:arm64"]

.linux-arm64-test-job-heavy:
  extends: .linux-arm64-test-job
  variables:
    # Compiling Saluki is intensive, so we want a beefy runner.
    KUBERNETES_CPU_REQUEST: "16"
    KUBERNETES_MEMORY_REQUEST: "8Gi"
    KUBERNETES_MEMORY_LIMIT: "12Gi"

# Shared mixins for macOS runner jobs.
#
# arm64 jobs use the shared virtualized macOS Tart runner pool (`macos:tart`). Each job runs
# in a fresh VM, which gives clean isolation between pipelines, decouples the host toolchain,
# and lets two jobs share a single `mac2.metal` host. amd64 still uses the dedicated bare-metal
# pool (`macos:sonoma-amd64`); migrating it requires equivalent infra that isn't yet in place.
#
# `interruptible: true` is set here so every macOS job inherits it. macOS runner capacity in
# the GitLab fleet is finite; auto-cancelling superseded pipelines (for example, after a quick
# fixup push to an open PR) frees the runner immediately instead of holding the slot for the
# duration of the now-stale run. See:
# https://docs.gitlab.com/ci/yaml/#interruptible
.macos-amd64-test-job:
  tags: ["macos:sonoma-amd64", "specific:true"]
  interruptible: true

.macos-arm64-test-job:
  tags: ["macos:tart"]
  image: 486234852809.dkr.ecr.us-east-1.amazonaws.com/ci/ci-platform-machine-images/tart-vm:saluki-sonoma-latest
  interruptible: true