Continuous Integration
- General
- CI Requirements
- REQ1: Parallel Execution
- REQ2: Scheduling
- REQ3: Sharing Pipeline Code
- REQ4: View Test Results
- REQ5: Disable Concurrent Builds
- REQ6: Custom Docker Image
- REQ7: Parse pom.xml
- REQ8: Shell Scripts
- REQ9: Archive Artifacts
- REQ10: Build Parameters
- REQ11: Supports GitHub
- REQ12: Build PRs
- REQ13: Timeout
- REQ14: Secrets
- REQ15: Mail
- REQ16: Test Screenshots
- REQ17: Handle Flickers
- Jenkins Agent Image
- Maven settings
- Jenkins Pipelines
- Maintainer's guide
- CI infrastructure
General
XWiki has a Continuous Integration setup to ensure XWiki's code is built at all times (i.e at every code check in). This also allows developers to only build the module they want and they'll have the other XWiki module dependencies downloaded from the XWiki remote repository.
We use the following tools:
- GitHub is used as our SCM
- Maven is used for building XWiki
- Jenkins is used as our Continuous Integration (CI) tool (set up at http://ci.xwiki.org/)
- Docker is used to run Jenkins agents (and incidentally to execute some functional tests over various configurations)
We use a technique called binary dependency build which allows to check out only the module a developer wishes to work on and he'll automatically get the latest fresh binary dependencies built by our CI tool.
CI Requirements
We're currently using Jenkins as our CI tool but it's possible to change. We're listing here our requirements for a CI tool, and with some of the solutions we've evaluated or are still evaluating.
REQ1: Parallel Execution
Id | Requirement | Jenkins | GitLab CI | GitHub Actions | CircleCI |
---|---|---|---|---|---|
REQ1 | Ability to run parallel and serial builds, with different parameters |
- Jenkins: Using the parallel() step
- GitLab CI: Using trigger, rules and needs. See also multi-project triggering. See also Child pipelines. General doc for pipeline types.
- GitHub Actions: Using different YML files in .github/workflows (jobs run in parallel by default) and using job.needs.
- CircleCI: See https://circleci.com/blog/decrease-your-build-times-by-running-jobs-in-parallel-with-workflows/
REQ2: Scheduling
Id | Requirement | Jenkins | GitLab CI | GitHub Actions | CircleCI |
---|---|---|---|---|---|
REQ2 | Ability to schedule builds (e.g. for the various docker tests) and to run the build at least once per month even if there's been no changes to the source |
- Jenkins: Scheduling is supported but it's very complex to make it work automatically with a pipeline since a repo can have only a single pipeline (i.e. a single Jenkinsfile). Other solutions include using a Git submodule or another GitHub Organization Job.
- GitLab CI: It's possible to have schedules but note that the schedule is not part of the YML file but something you define in the GitLab CI configuration UI. However, it's also possible to use the API.
- Github Actions: Using the on element with a schedule.
- CircleCI: See https://circleci.com/docs/2.0/configuration-reference/#schedule
REQ3: Sharing Pipeline Code
Id | Requirement | Jenkins | GitLab CI | GitHub Actions | CircleCI |
---|---|---|---|---|---|
REQ3 | Ability to share pipeline code between builds for the same repositoryy and for different repositories. And ability to pass properties to this common code. |
- Jenkins: Using a shared pipeline
- GitLab CI: Using an include.
- GitHub Actions: With a custom action at least (feels a bit complex).
REQ4: View Test Results
Id | Requirement | Jenkins | GitLab CI | GitHub Actions | CircleCI |
---|---|---|---|---|---|
REQ4 | Ability to view test results and failing test logs (test logs + console/xwiki logs). |
- Jenkins: Built in.
- GitLab CI: Built in but not working ATM because of performance issues.
- GitHub Actions: Needs a custom action ATM. Found 2 but didn't work when I tested them: check run reporter (problem reported) and Scope (2 problems: unknown cost + got stuck when I tested it on commons and I had to kill the workflow after 1 hour).
- Update: new ScaCap surefire report action to test.
REQ5: Disable Concurrent Builds
Id | Requirement | Jenkins | GitLab CI | GitHub Actions | CircleCI |
---|---|---|---|---|---|
REQ5 | (optional) Ability to aggregate commits before a build is executed, i.e. disable concurrent builds. Note that this is more a limitation of the number of agents we can have vs the duration of the full xwiki build. If we get a large number of agents, it may be a less important requirement (or not one at all). | ?/) |
- Jenkins: Using the
- GitLab:
- GitHubActions:
- CircleCI: In the Project CI's configuration. It's called "Auto-cancel redundant builds".
REQ6: Custom Docker Image
Id | Requirement | Jenkins | GitLab CI | GitHub Actions | CircleCI |
---|---|---|---|---|---|
REQ6 | Supports using a custom docker build image since XWiki has one |
- Jenkins: Using the Docker Cloud plugin.
- GitLab CI: Built in using the image YML element.
- GitHub Actions: Buimt in using the #container YML element.
Notes:
- That this requirement allows use to control the Java, Maven and more generally our full build environment.
- With Jenkins and GitHub Actions the docker daemon socket is shared allowing our docker tests to work. Needs to be checked for GitLab CI.
REQ7: Parse pom.xml
Id | Requirement | Jenkins | GitLab CI | GitHub Actions | CircleCI |
---|---|---|---|---|---|
REQ7 | Ability to easily read/parse the current pom.xml to automatically find the version of Java to use and the memory parameters to set for the JVM. |
- Jenkins: Using the readMavenPom step.
REQ8: Shell Scripts
Id | Requirement | Jenkins | GitLab CI | GitHub Actions | CircleCI |
---|---|---|---|---|---|
REQ8 | Ability to execute shell scripts before/after the build, inside our custom build image. For example to execute VNC and export the DISPLAY (for the functional tests not based on Docker) |
- Jenkins: In the Jenkinsfile/shared pipeline
- GitLab CI: Built in, using the script step.
- GitHub Actions: Built in, using the run step.
REQ9: Archive Artifacts
Id | Requirement | Jenkins | GitLab CI | GitHub Actions | CircleCI |
---|---|---|---|---|---|
REQ9 | Ability to archive artifacts and ability to save the failing test screenshots and videos as artifacts. |
- Jenkins: Feature of the Maven plugin + archiveArtifacts step.
- GitLab CI: Using the artifacts step.
- GitHub Actions: Using the upload-artifact custom action.
REQ10: Build Parameters
Id | Requirement | Jenkins | GitLab CI | GitHub Actions | CircleCI |
---|---|---|---|---|---|
REQ10 | Ability to have different build parameters (different maven parameters for example) between master and branches/PR. For example, we want to run "mvn deploy" on master and "mvn install" on branches. |
- Jenkins: Using method parameters in custom pipeline steps.
- GitLab CI: Using variables
- GitHub Actions: Parameters of a custom action.
REQ11: Supports GitHub
Id | Requirement | Jenkins | GitLab CI | GitHub Actions | CircleCI |
---|---|---|---|---|---|
REQ11 | Must work with sources located on GitHub. |
- Jenkins: GitHub webhook.
- GitLab CI: Automatically creates a mirrored GitHub repo.
- GitHub Actions: By design
REQ12: Build PRs
Id | Requirement | Jenkins | GitLab CI | GitHub Actions | CircleCI |
---|---|---|---|---|---|
REQ12 | Ability to run the build on PRs. |
REQ13: Timeout
Id | Requirement | Jenkins | GitLab CI | GitHub Actions | CircleCI |
---|---|---|---|---|---|
REQ13 | Ability to kill builds after a given timeout. |
- Jenkins: Using the timeout step.
- GitLab CI: Using the timeout step.
- GitHub Actions:
REQ14: Secrets
Id | Requirement | Jenkins | GitLab CI | GitHub Actions | CircleCI |
---|---|---|---|---|---|
REQ14 | Handle secrets so that they are not in the pipeline scripts (e.g. we need to push to sonarcloud or deploy to nexus.xwiki.org or to maven central). |
REQ15: Mail
Id | Requirement | Jenkins | GitLab CI | GitHub Actions | CircleCI |
---|---|---|---|---|---|
REQ15 | Ability to send mail and customize the mail template. | ?) |
- Jenkins: Using the emailext step from the Extended Mail plugin.
- GitLab CI:
- GitHub Actions:
REQ16: Test Screenshots
Id | Requirement | Jenkins | GitLab CI | GitHub Actions | CircleCI |
---|---|---|---|---|---|
REQ16 | (Nice to have) Ability to attach failing test screenshot to failing test report pages |
REQ17: Handle Flickers
Id | Requirement | Jenkins | GitLab CI | GitHub Actions | CircleCI |
---|---|---|---|---|---|
REQ17 | Ability to check failing test (i.e. have an API to retrieve failing tests) so that we can compare with known flickers on our JIRA and decide to send a failing mail or not + mark the test as flickering in the CI Test Report UI. |
Jenkins Agent Image
XWiki has its own Jenkins Agent Docker image that is used by Jenkins master to spawn agents.
Maven settings
The Maven settings used during Jenkins builds are located in each agent and need to be kept in sync.
Among other things the settings.xml expose two "configurable" profiles:
- repository-all: the default profile which enable all Maven repositories used by Maven. It can be disabled with -P-repository-all
- repository-snapshots: not enabled by default. It's generally used when you disabled repository-all but still want to use XWiki own snapshots as dependencies
Jenkins Pipelines
Main Pipeline
We have developed a Jenkins Pipeline script to build XWiki projects (can be used for core and contrib projects). It has the following features:
- Automatically use the right version of Java (and proper memory configuration)
- Use Jenkins's Xvnc plugin to have a Display for functional tests
- Use the "deploy" maven goal for "master" and "stable-*" branches only and "install" for the rest
- Attach the screenshot of a failing XWiki Selenium test to the failed test's description
- Check for false positives for known cases of failures not related to code + check for test flickers
- Send mails for build failures
- Supports passing custom job properties. See below for an example of how to use this to trigger nightly build of Docker-based configuration tests.
Note that if you use a "Github Organization" job type in Jenkins you'll get branch management for free, i.e. automatically build branches when new branches are added (or Pull Requests), and automatically stop building branches when they are removed from the SCM.
To use is for a project, add a Jenkinsfile with the following minimal configuration:
* See the NOTICE file distributed with this work for additional
* information regarding copyright ownership.
*
* This is free software; you can redistribute it and/or modify it
* under the terms of the GNU Lesser General Public License as
* published by the Free Software Foundation; either version 2.1 of
* the License, or (at your option) any later version.
*
* This software is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this software; if not, write to the Free
* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
*/
// It's assumed that Jenkins has been configured to implicitly load the vars/xwikiModule.groovy library which exposes
// the "xwikiModule" global function/DSL.
// Note that the version used is the one defined in Jenkins but it can be overridden as follows:
// @Library("XWiki@<branch, tag, sha1>") _
// See https://github.com/jenkinsci/workflow-cps-global-lib-plugin for details.
xwikiModule {
}
Example with SonarQube execution (XWiki < 14.0):
goals = 'clean deploy jacoco:report sonar:sonar'
sonar = true
// Force Java 11 even though we depend on XS requiring only Java 8 because we run SonarQube and this requires
// Java 11.
javaTool = 'java11'
}
Example with SonarQube execution (XWiki >= 14.0):
goals = 'clean deploy jacoco:report sonar:sonar'
sonar = true
}
Example with Docker tests:
xwikiBuild {
xvnc = false
profiles = 'integration-tests,docker'
}
}
For more elaborate configuration, see:
Nightly Configuration Tests
Here's what we do in XWiki Platform to not only have a pipeline triggered whenever there's a commit but also to separate environment tests so that they are executed only during the night:
- Have 2 files, each containing the pipeline to execute, and define 2 "Organization Folder" jobs in Jenkins (each configured to execute a given Jenkins file):
- Jenkinsfile: the main pipeline that we use to run the build whenever there's a commit.
- JenkinsfileEnvironmentTests: the pipeline that executes the environment tests using a crontab
- The strategy for the JenkinsfileEnvironmentTests file is explained in details in this blog post. In short:
- Step 1: In the xwikiBuild step, pass the jobProperties configuration with some scheduler cron. For example:xwikiBuild(map.name) {
...
jobProperties = getCustomJobProperties()
...
}
private def getCustomJobProperties()
{
// Define a scheduler job to execute the Docker-based functional tests at regular intervals. We do this since they
// take time to execute and thus we cannot run them all the time.
// This scheduler job will pass the "type" parameter to this Jenkinsfile when it executes, allowing us to decide if
// we run the standard builds or the docker ones.
// Note: it's the xwikiBuild() calls from the standard builds that will set the jobProperties and thus set up the
// job parameter + the crons. It would be better to set the properties directly in this Jenkinsfile but we haven't
// found a way to merge properties and calling the properties() step will override any pre-existing properties.
return [
parameters([string(defaultValue: 'standard', description: 'Job type', name: 'type')]),
pipelineTriggers([
parameterizedCron('''@midnight %type=docker-latest
@weekly %type=docker-all
@monthly %type=docker-unsupported'''),
cron("@monthly")
])
]
} - Step 2: Based on the parametrized type value, decide to execute Docker-based tests:...
if (params.type && params.type == 'docker-latest') {
buildDocker('docker-latest')
}
...
private void buildDocker(type)
{
def dockerConfigurationList
def dockerModuleList
def customJobProperties
node() {
// Checkout platform to find all docker configurations and test modules so that we can then parallelize executions
// of configs and modules across Jenkins agents.
checkout skipChangeLog: true, scm: scm
dockerConfigurationList = dockerConfigurations(type)
if (type == 'docker-unsupported') {
dockerModuleList = ['xwiki-platform-core/xwiki-platform-menu']
} else {
dockerModuleList = dockerModules()
}
customJobProperties = getCustomJobProperties()
}
xwikiDockerBuild {
configurations = dockerConfigurationList
modules = dockerModuleList
// Make sure that we don't reset the job properties!
jobProperties = customJobProperties
}
} - Step 3: Configure the job to suppress being triggered when there's a commit (so that it's only triggered based on its crontab):
- Step 1: In the xwikiBuild step, pass the jobProperties configuration with some scheduler cron. For example:
Pros of this approach:
- No need to handle branches, done automatically by the Jenkins files (creation and deletion). Also works for PRs.
- No messy history that we would have if we were using only a single Jenkins file.
Clover Pipeline
Used to generate the global test coverage for XWiki (over all XWiki Standard repositories). See Test Coverage.
Maintainer's guide
Prerequisites
- You need to have an account on maven.xwiki.org (this is the machine hosting XWiki's remote repository) and you'll need a key setup on your account there so that you can ssh to it without having to enter username or password.
- You need to have an administrator account on ci.xwiki.org.
Functional tests
Debugging
Start remote Firefox
- For example, to start firefox on machine ks4: ssh -X <username>@<ks4 hostname>
- For this to work you need to ensure that X11Forwarding is set to yes in /etc/ssh/sshd_config on the remote machine:sudo vi /etc/ssh/sshd_config
Then reload sshd: sudo /etc/init.d/ssh reload
- For this to work you need to ensure that X11Forwarding is set to yes in /etc/ssh/sshd_config on the remote machine:
Connect to the XVNC server
- Establish a SSH tunnel between your computer and the server on port 5901 (ssh -L 5901:localhost:5901 <user@ip address>)
- Use your favorite VNC client to connect to the XVNC server
- Host : localhost
- Display : 1
- Password : same password as for XWiki SAS wifi access points
- See the functional tests live.
- Work in progress to try to connect to an agent not exposing an IP address externally (by going through maven.xwiki.org):
- ssh -L 5901:192.168.1.119:5901 -o ProxyCommand="ssh [email protected] nc -w1 %h %p" hudsonagent@192.168.1.119 -i ~/.ssh/id_rsa_mavenxwikiorg
- Where /.ssh/id_rsa_mavenxwikiorg is the private key on maven.xwiki.org, used to connect to 192.168.1.119 (ip of agent 2-4 in this example)
- Not working yet since I can't connect with my local vnc client.
CI infrastructure
Nodes requirements
Here's the minimum requirements for each CI node:
- 2 CPUs
- 8GB of memory
- SSD hard drive with XXXGB space
Current configurations
Our current CI is running with 7 docker nodes running each one docker build CI image (a1 to a7). Each agent has the following configuration:
- CPU:$ lscpu
Architecture: x86_64
CPU op-mode(s): 32-bit, 64-bit
Byte Order: Little Endian
Address sizes: 40 bits physical, 48 bits virtual
CPU(s): 4
On-line CPU(s) list: 0-3
Thread(s) per core: 1
Core(s) per socket: 1
Socket(s): 4
NUMA node(s): 1
Vendor ID: GenuineIntel
CPU family: 6
Model: 60
Model name: Intel Core Processor (Haswell, no TSX)
Stepping: 1
CPU MHz: 2599.990
BogoMIPS: 5199.98
Virtualization: VT-x
Hypervisor vendor: KVM
Virtualization type: full
L1d cache: 32K
L1i cache: 32K
L2 cache: 4096K
L3 cache: 16384K
NUMA node0 CPU(s): 0-3
Flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 syscall nx rdtscp lm constant_tsc rep_good nopl xtopology cpuid tsc_known_freq pni pclmulqdq vmx ssse3 fma cx16 pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm abm cpuid_fault invpcid_single pti tpr_shadow vnmi flexpriority ept vpid ept_ad fsgsbase bmi1 avx2 smep bmi2 erms invpcid xsaveopt arat md_clear - Disk:$ lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sda 8:0 0 160G 0 disk
└─sda1 8:1 0 160G 0 part /
Each agent needs to be properly configured.