Continuous Integration

Last modified by Vincent Massol on 2023/04/25 14:02

General

XWiki has a Continuous Integration setup to ensure XWiki's code is built at all times (i.e at every code check in). This also allows developers to only build the module they want and they'll have the other XWiki module dependencies downloaded from the XWiki remote repository.

We use the following tools:

We use a technique called binary dependency build which allows to check out only the module a developer wishes to work on and he'll automatically get the latest fresh binary dependencies built by our CI tool.

CI Requirements

We're currently using Jenkins as our CI tool but it's possible to change. We're listing here our requirements for a CI tool, and with some of the solutions we've evaluated or are still evaluating.

REQ1: Parallel Execution

IdRequirementJenkinsGitLab CIGitHub ActionsCircleCI
REQ1Ability to run parallel and serial builds, with different parametersacceptacceptacceptaccept

REQ2: Scheduling

IdRequirementJenkinsGitLab CIGitHub ActionsCircleCI
REQ2Ability to schedule builds (e.g. for the various docker tests) and to run the build at least once per month even if there's been no changes to the sourceerrorerroracceptaccept

REQ3: Sharing Pipeline Code

IdRequirementJenkinsGitLab CIGitHub ActionsCircleCI
REQ3Ability to share pipeline code between builds for the same repositoryy and for different repositories. And ability to pass properties to this common code.acceptacceptacceptaccept
  • Jenkins: Using a shared pipeline
  • GitLab CI: Using an include.
  • GitHub Actions: With a custom action at least (feels a bit complex).

REQ4: View Test Results

IdRequirementJenkinsGitLab CIGitHub ActionsCircleCI
REQ4Ability to view test results and failing test logs (test logs + console/xwiki logs).acceptcancelerrorhelp

REQ5: Disable Concurrent Builds

IdRequirementJenkinsGitLab CIGitHub ActionsCircleCI
REQ5(optional) Ability to aggregate commits before a build is executed, i.e. disable concurrent builds. Note that this is more a limitation of the number of agents we can have vs the duration of the full xwiki build. If we get a large number of agents, it may be a less important requirement (or not one at all).accepthelp?/)accept
  • Jenkins: Using the
  • GitLab: help
  • GitHubActions: help
  • CircleCI: In the Project CI's configuration. It's called "Auto-cancel redundant builds".

REQ6: Custom Docker Image

IdRequirementJenkinsGitLab CIGitHub ActionsCircleCI
REQ6Supports using a custom docker build image since XWiki has oneacceptacceptacceptaccept
  • Jenkins: Using the Docker Cloud plugin.
  • GitLab CI: Built in using the image YML element.
  • GitHub Actions: Buimt in using the #container YML element.

Notes:

  • That this requirement allows use to control the Java, Maven and more generally our full build environment.
  • With Jenkins and GitHub Actions the docker daemon socket is shared allowing our docker tests to work. Needs to be checked for GitLab CI.

REQ7: Parse pom.xml

IdRequirementJenkinsGitLab CIGitHub ActionsCircleCI
REQ7Ability to easily read/parse the current pom.xml to automatically find the version of Java to use and the memory parameters to set for the JVM.accepthelphelphelp
  • Jenkins: Using the readMavenPom step.

REQ8: Shell Scripts

IdRequirementJenkinsGitLab CIGitHub ActionsCircleCI
REQ8Ability to execute shell scripts before/after the build, inside our custom build image. For example to execute VNC and export the DISPLAY (for the functional tests not based on Docker)acceptacceptacceptaccept
  • Jenkins: In the Jenkinsfile/shared pipeline
  • GitLab CI: Built in, using the script step.
  • GitHub Actions: Built in, using the run step.

REQ9: Archive Artifacts

IdRequirementJenkinsGitLab CIGitHub ActionsCircleCI
REQ9Ability to archive artifacts and ability to save the failing test screenshots and videos as artifacts.acceptacceptacceptaccept
  • Jenkins: Feature of the Maven plugin + archiveArtifacts step.
  • GitLab CI: Using the artifacts step.
  • GitHub Actions: Using the upload-artifact custom action.

REQ10: Build Parameters

IdRequirementJenkinsGitLab CIGitHub ActionsCircleCI
REQ10Ability to have different build parameters (different maven parameters for example) between master and branches/PR. For example, we want to run "mvn deploy" on master and "mvn install" on branches.acceptacceptaccepthelp
  • Jenkins: Using method parameters in custom pipeline steps.
  • GitLab CI: Using variables
  • GitHub Actions: Parameters of a custom action.

REQ11: Supports GitHub

IdRequirementJenkinsGitLab CIGitHub ActionsCircleCI
REQ11Must work with sources located on GitHub.acceptacceptacceptaccept

REQ12: Build PRs

IdRequirementJenkinsGitLab CIGitHub ActionsCircleCI
REQ12Ability to run the build on PRs.acceptacceptacceptaccept

REQ13: Timeout

IdRequirementJenkinsGitLab CIGitHub ActionsCircleCI
REQ13Ability to kill builds after a given timeout.acceptaccepthelphelp
  • Jenkins: Using the timeout step.
  • GitLab CI: Using the timeout step.
  • GitHub Actions: help

REQ14: Secrets

IdRequirementJenkinsGitLab CIGitHub ActionsCircleCI
REQ14Handle secrets so that they are not in the pipeline scripts (e.g. we need to push to sonarcloud or deploy to nexus.xwiki.org or to maven central).acceptacceptaccepthelp

REQ15: Mail

IdRequirementJenkinsGitLab CIGitHub ActionsCircleCI
REQ15Ability to send mail and customize the mail template.accepthelphelp?)
  • Jenkins: Using the emailext step from the Extended Mail plugin.
  • GitLab CI: help
  • GitHub Actions: help

REQ16: Test Screenshots

IdRequirementJenkinsGitLab CIGitHub ActionsCircleCI
REQ16(Nice to have) Ability to attach failing test screenshot to failing test report pagesaccepthelphelphelp

REQ17: Handle Flickers

IdRequirementJenkinsGitLab CIGitHub ActionsCircleCI
REQ17Ability to check failing test (i.e. have an API to retrieve failing tests) so that we can compare with known flickers on our JIRA and decide to send a failing mail or not + mark the test as flickering in the CI Test Report UI.accepthelphelphelp

Jenkins Agent Image

XWiki has its own Jenkins Agent Docker image that is used by Jenkins master to spawn agents.

Maven settings

The Maven settings used during Jenkins builds are located in each agent and need to be kept in sync.

Among other things the settings.xml expose two "configurable" profiles:

  • repository-all: the default profile which enable all Maven repositories used by Maven. It can be disabled with -P-repository-all
  • repository-snapshots: not enabled by default. It's generally used when you disabled repository-all but still want to use XWiki own snapshots as dependencies

Jenkins Pipelines

Main Pipeline

We have developed a Jenkins Pipeline script to build XWiki projects (can be used for core and contrib projects). It has the following features:

  • Automatically use the right version of Java (and proper memory configuration)
  • Use Jenkins's Xvnc plugin to have a Display for functional tests
  • Use the "deploy" maven goal for "master" and "stable-*" branches only and "install" for the rest
  • Attach the screenshot of a failing XWiki Selenium test to the failed test's description
  • Check for false positives for known cases of failures not related to code + check for test flickers
  • Send mails for build failures
  • Supports passing custom job properties. See below for an example of how to use this to trigger nightly build of Docker-based configuration tests.

Note that if you use a "Github Organization" job type in Jenkins you'll get branch management for free, i.e. automatically build branches when new branches are added (or Pull Requests), and automatically stop building branches when they are removed from the SCM.

To use is for a project, add a Jenkinsfile with the following minimal configuration:

/*
 * See the NOTICE file distributed with this work for additional
 * information regarding copyright ownership.
 *
 * This is free software; you can redistribute it and/or modify it
 * under the terms of the GNU Lesser General Public License as
 * published by the Free Software Foundation; either version 2.1 of
 * the License, or (at your option) any later version.
 *
 * This software is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
 * License along with this software; if not, write to the Free
 * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
 * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
 */


// It's assumed that Jenkins has been configured to implicitly load the vars/xwikiModule.groovy library which exposes
// the "xwikiModule" global function/DSL.
// Note that the version used is the one defined in Jenkins but it can be overridden as follows:
// @Library("XWiki@<branch, tag, sha1>") _
// See https://github.com/jenkinsci/workflow-cps-global-lib-plugin for details.

xwikiModule {
}

Example with SonarQube execution (XWiki < 14.0):

xwikiModule {
  goals = 'clean deploy jacoco:report sonar:sonar'
  sonar = true
 // Force Java 11 even though we depend on XS requiring only Java 8 because we run SonarQube and this requires
 // Java 11.
 javaTool = 'java11'
}

Example with SonarQube execution (XWiki >= 14.0):

xwikiModule {
  goals = 'clean deploy jacoco:report sonar:sonar'
  sonar = true
}

Example with Docker tests:

node('docker') {
  xwikiBuild {
    xvnc = false
    profiles = 'integration-tests,docker'
 }
}

For more elaborate configuration, see:

Nightly Configuration Tests

Here's what we do in XWiki Platform to not only have a pipeline triggered whenever there's a commit but also to separate environment tests so that they are executed only during the night:

  • Have 2 files, each containing the pipeline to execute, and define 2 "Organization Folder" jobs in Jenkins (each configured to execute a given Jenkins file):
  • The strategy for the JenkinsfileEnvironmentTests file is explained in details in this blog post. In short:
    • Step 1: In the xwikiBuild step, pass the jobProperties configuration with some scheduler cron. For example:
      xwikiBuild(map.name) {
       ...
        jobProperties = getCustomJobProperties()
       ...
      }

      private def getCustomJobProperties()
      {
       // Define a scheduler job to execute the Docker-based functional tests at regular intervals. We do this since they
       // take time to execute and thus we cannot run them all the time.
       // This scheduler job will pass the "type" parameter to this Jenkinsfile when it executes, allowing us to decide if
       // we run the standard builds or the docker ones.
       // Note: it's the xwikiBuild() calls from the standard builds that will set the jobProperties and thus set up the
       // job parameter + the crons. It would be better to set the properties directly in this Jenkinsfile but we haven't
       // found a way to merge properties and calling the properties() step will override any pre-existing properties.
       return [
          parameters([string(defaultValue: 'standard', description: 'Job type', name: 'type')]),
          pipelineTriggers([
            parameterizedCron('''@midnight %type=docker-latest
      @weekly %type=docker-all
      @monthly %type=docker-unsupported'''
      ),
            cron("@monthly")
         ])
       ]
      }
    • Step 2: Based on the parametrized type value, decide to execute Docker-based tests:
      ...
      if (params.type && params.type == 'docker-latest') {
        buildDocker('docker-latest')
      }
      ...
      private void buildDocker(type)
      {
       def dockerConfigurationList
       def dockerModuleList
       def customJobProperties
       node() {
         // Checkout platform to find all docker configurations and test modules so that we can then parallelize executions
         // of configs and modules across Jenkins agents.
         checkout skipChangeLog: true, scm: scm
          dockerConfigurationList = dockerConfigurations(type)
         if (type == 'docker-unsupported') {
            dockerModuleList = ['xwiki-platform-core/xwiki-platform-menu']
         } else {
            dockerModuleList = dockerModules()
         }
          customJobProperties = getCustomJobProperties()
       }

        xwikiDockerBuild {
          configurations = dockerConfigurationList
          modules = dockerModuleList
         // Make sure that we don't reset the job properties!
         jobProperties = customJobProperties
       }
      }
    • Step 3: Configure the job to suppress being triggered when there's a commit (so that it's only triggered based on its crontab):

      scm-trigger-suppress.png

Pros of this approach:

  • No need to handle branches, done automatically by the Jenkins files (creation and deletion). Also works for PRs.
  • No messy history that we would have if we were using only a single Jenkins file.

Clover Pipeline

Used to generate the global test coverage for XWiki (over all XWiki Standard repositories). See Test Coverage.

Maintainer's guide

Prerequisites

  • You need to have an account on maven.xwiki.org (this is the machine hosting XWiki's remote repository) and you'll need a key setup on your account there so that you can ssh to it without having to enter username or password.
  • You need to have an administrator account on ci.xwiki.org.

Functional tests

Debugging

Start remote Firefox

  • For example, to start firefox on machine ks4: ssh -X <username>@<ks4 hostname>
    • For this to work you need to ensure that X11Forwarding is set to yes in /etc/ssh/sshd_config on the remote machine:
      sudo vi /etc/ssh/sshd_config

      Then reload sshd: sudo /etc/init.d/ssh reload

Connect to the XVNC server

  • Establish a SSH tunnel between your computer and the server on port 5901 (ssh -L 5901:localhost:5901 <user@ip address>)
  • Use your favorite VNC client to connect to the XVNC server
    • Host : localhost
    • Display : 1
    • Password : same password as for XWiki SAS wifi access points
  • See the functional tests live.
  • Work in progress to try to connect to an agent not exposing an IP address externally (by going through maven.xwiki.org):
    • ssh -L 5901:192.168.1.119:5901 -o ProxyCommand="ssh [email protected] nc -w1 %h %p" hudsonagent@192.168.1.119 -i ~/.ssh/id_rsa_mavenxwikiorg
    • Where /.ssh/id_rsa_mavenxwikiorg is the private key on maven.xwiki.org, used to connect to 192.168.1.119 (ip of agent 2-4 in this example)
    • Not working yet since I can't connect with my local vnc client.

CI infrastructure

Nodes requirements

Here's the minimum requirements for each CI node:

  • 2 CPUs
  • 8GB of memory
  • SSD hard drive with XXXGB space

Current configurations

Our current CI is running with 7 docker nodes running each one docker build CI image (a1 to a7). Each agent has the following configuration:

  • CPU:
    $ lscpu
    Architecture:        x86_64
    CPU op-mode(s):      32-bit, 64-bit
    Byte Order:          Little Endian
    Address sizes:       40 bits physical, 48 bits virtual
    CPU(s):              4
    On-line CPU(s) list: 0-3
    Thread(s) per core:  1
    Core(s) per socket:  1
    Socket(s):           4
    NUMA node(s):        1
    Vendor ID:           GenuineIntel
    CPU family:          6
    Model:               60
    Model name:          Intel Core Processor (Haswell, no TSX)
    Stepping:            1
    CPU MHz:             2599.990
    BogoMIPS:            5199.98
    Virtualization:      VT-x
    Hypervisor vendor:   KVM
    Virtualization type: full
    L1d cache:           32K
    L1i cache:           32K
    L2 cache:            4096K
    L3 cache:            16384K
    NUMA node0 CPU(s):   0-3
    Flags:               fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 syscall nx rdtscp lm constant_tsc rep_good nopl xtopology cpuid tsc_known_freq pni pclmulqdq vmx ssse3 fma cx16 pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm abm cpuid_fault invpcid_single pti tpr_shadow vnmi flexpriority ept vpid ept_ad fsgsbase bmi1 avx2 smep bmi2 erms invpcid xsaveopt arat md_clear
  • Disk:
    $ lsblk
    NAME   MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
    sda      8:0    0  160G  0 disk
    └─sda1   8:1    0  160G  0 part /

Each agent needs to be properly configured.

Get Connected