Skip to content

Commit

Permalink
ci: Fix broken CI for ASWF 2021 and 2022 containers
Browse files Browse the repository at this point in the history 
The background here takes some explaining...

The ASWF's prepared Docker containers that reproduce a CentOS7-based
environment corresponding to VFX Platform 2021 and 2022 years contain
a glibc that is too old to run a newer version of "node" -- which
GitHub Actions themselves use. The old one is no longer receiving
support, and GitHub finally changed the policy that was allowing its
GHA runners to still run the old version that worked with those ASWF
containers.  The new node version that is happy on the GHA runners
requires a glibc newer than the one in the containers. So that breaks
all our CI runs in 2021 and 2022 VFX Platform configurations.

See this thread, if you dare:
https://academysoftwarefdn.slack.com/archives/C0169RX7MMK/p1732574400981949

Anyway, Jean-Francois Panisset proposed and tested a fix, which lets
us continue working (for now) by downloading an old node implemenation
(which is happy with the old glibc) and installing it atop the
conainers, so it's this old one that the GH actions will use. It feels
like it's all held together by chewing gum and duct tape, but it
unbreaks our CI and hopefully it will keep working until all the
studios have switched fully to RHEL/Alma/Rocky 9.x and we no longer
care about testing on CentOS-7 based containers or supporting the VFX
Platform years that are too old to be relevant to the new OS that the
studios are using.

Signed-off-by: Larry Gritz <[email protected]>
  • Loading branch information
@lgritz
lgritz committed Nov 28, 2024
1 parent ff0861f commit c73f2bb
Show file tree
Hide file tree
Showing 2 changed files with 293 additions and 143 deletions.
280 changes: 280 additions & 0 deletions .github/workflows/ci-oldcontainers.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,280 @@
# Copyright Contributors to the OpenImageIO project.
# SPDX-License-Identifier: Apache-2.0
# https://github.com/AcademySoftwareFoundation/OpenImageIO

name: CI-old-containers

on:
push:
# Skip jobs when only documentation files are changed
paths-ignore:
- '**.md'
- '**.rst'
- '**/analysis.yml'
- '**/docs.yml'
- '**.properties'
- 'docs/**'
pull_request:
paths-ignore:
- '**.md'
- '**.rst'
- 'docs/**'
schedule:
# Full nightly build
- cron: "0 8 * * *"
if: github.repository == 'AcademySoftwareFoundation/OpenImageIO'
workflow_dispatch:
# This allows manual triggering of the workflow from the web

permissions: read-all


jobs:

# Tests using the old (pre-2023) ASWF containers that take some special care
# to run on GHA these days. We need to download an older version of "node"
# because the ones on GHA runners now are incompatible with the glibc
# version in the old ASWF containers.
old_aswf:
name: "OLD VFX${{matrix.vfxyear}} ${{matrix.desc}}"
strategy:
fail-fast: false
matrix:
include:
- desc: gcc9/C++17 py3.7 exr3.1 ocio2.0
nametag: linux-vfx2021
runner: ubuntu-latest
container: aswf/ci-osl:2021
vfxyear: 2021
old_node: 1
cxx_std: 17
openexr_ver: v3.1.13
python_ver: 3.7
simd: "avx2,f16c"
fmt_ver: 7.1.0
pybind11_ver: v2.7.0
setenvs: export PUGIXML_VERSION=v1.9 WEBP_VERSION=v1.1.0 USE_OPENVDB=0
FREETYPE_VERSION=VER-2-10-0
- desc: clang10/C++17 avx2 exr3.1 ocio2.0
nametag: linux-clang10-cpp14
runner: ubuntu-latest
container: aswf/ci-osl:2021-clang10
vfxyear: 2021
old_node: 1
cc_compiler: clang
cxx_compiler: clang++
cxx_std: 17
openexr_ver: v3.1.13
pybind11_ver: v2.7.0
python_ver: 3.7
simd: "avx2,f16c"
fmt_ver: 8.1.1
setenvs: export USE_OPENVDB=0
FREETYPE_VERSION=VER-2-11-0
- desc: gcc9/C++17 py39 exr3.1 ocio2.1
nametag: linux-vfx2022
runner: ubuntu-latest
container: aswf/ci-osl:2022-clang11
vfxyear: 2022
old_node: 1
cxx_std: 17
python_ver: 3.9
simd: "avx2,f16c"
fmt_ver: 8.1.1
pybind11_ver: v2.9.0
setenvs: export FREETYPE_VERSION=VER-2-12-0
- desc: clang13/C++17 py39 avx2 exr3.1 ocio2.1
nametag: linux-vfx2022-clang13
runner: ubuntu-latest
container: aswf/ci-osl:2022-clang13
vfxyear: 2022
old_node: 1
cc_compiler: clang
cxx_compiler: clang++
cxx_std: 17
python_ver: 3.9
simd: "avx2,f16c"
fmt_ver: 9.1.0
pybind11_ver: v2.8.1
setenvs: export FREETYPE_VERSION=VER-2-12-0
- desc: icc/C++17 py3.9 exr3.1 ocio2.1 qt5.15
nametag: linux-vfx2022-icc
runner: ubuntu-latest
container: aswf/ci-osl:2022
vfxyear: 2022
old_node: 1
cxx_std: 17
opencolorio_ver: v2.2.1
python_ver: 3.9
# simd: "avx2,f16c"
fmt_ver: 7.1.3
# icc MUST use this older FMT version
pybind11_ver: v2.9.0
setenvs: export USE_ICC=1 USE_OPENVDB=0
OIIO_EXTRA_CPP_ARGS="-fp-model=precise"
FREETYPE_VERSION=VER-2-13-0
DISABLE_libuhdr=1
# For icc, use fp-model precise to eliminate needless LSB errors
# that make test results differ from other platforms.
- desc: icx/C++17 py3.9 exr3.1 ocio2.2 qt5.15
nametag: linux-vfx2022-icx
runner: ubuntu-latest
container: aswf/ci-osl:2022
vfxyear: 2022
old_node: 1
cc_compiler: icx
cxx_compiler: icpx
cxx_std: 17
opencolorio_ver: v2.3.2
python_ver: 3.9
pybind11_ver: v2.9.0
simd: "avx2,f16c"
setenvs: export USE_OPENVDB=0
OPENCOLORIO_CXX=g++
UHDR_CMAKE_C_COMPILER=gcc
UHDR_CMAKE_CXX_COMPILER=g++
# OCIO doesn't build with icx, so we have to force the ocio build
# to use g++.
# Building libuhdr with icx results in test failures
# so we force using gcc/g++.
- desc: oldest gcc9.3/C++17 py3.7 exr-3.1
# Oldest versions of the dependencies that we support.
nametag: linux-oldest
runner: ubuntu-latest
container: aswf/ci-osl:2021
vfxyear: 2021
old_node: 1
cxx_std: 17
fmt_ver: 7.0.1
opencolorio_ver: v2.2.1
openexr_ver: v3.1.0
pybind11_ver: v2.7.0
python_ver: 3.7
setenvs: export CMAKE_VERSION=3.18.2
PTEX_VERSION=v2.3.2
WEBP_VERSION=v1.1.0
depcmds: sudo rm -rf /usr/local/include/OpenEXR
- desc: hobbled gcc9.3/C++17 py3.7 exr-3.1 no-sse
# Use the oldest supported versions of required dependencies, and
# disable most optional dependencies and features (no SSE or
# OpenCV, don't embed plugins).
nametag: linux-disabled
runner: ubuntu-latest
container: aswf/ci-osl:2021
vfxyear: 2021
old_node: 1
cxx_std: 17
fmt_ver: 7.0.1
opencolorio_ver: v2.2.1
openexr_ver: v3.1.0
pybind11_ver: v2.4.2
python_ver: 3.7
simd: 0
setenvs: export EMBEDPLUGINS=0
CMAKE_VERSION=3.18.2
PTEX_VERSION=v2.3.2
WEBP_VERSION=v1.1.0
USE_JPEGTURBO=0
USE_OPENCV=0
FREETYPE_VERSION=VER-2-10-0
depcmds: sudo rm -rf /usr/local/include/OpenEXR


runs-on: ${{ matrix.runner }}
container:
image: ${{ matrix.container }}
volumes:
- /node20217:/node20217:rw,rshared
- /node20217:/__e/node20:ro,rshared
env:
CXX: ${{matrix.cxx_compiler}}
CC: ${{matrix.cc_compiler}}
CMAKE_CXX_STANDARD: ${{matrix.cxx_std}}
USE_SIMD: ${{matrix.simd}}
FMT_VERSION: ${{matrix.fmt_ver}}
OPENCOLORIO_VERSION: ${{matrix.opencolorio_ver}}
OPENEXR_VERSION: ${{matrix.openexr_ver}}
PYBIND11_VERSION: ${{matrix.pybind11_ver}}
PYTHON_VERSION: ${{matrix.python_ver}}
ABI_CHECK: ${{matrix.abi_check}}
ACTIONS_RUNNER_FORCE_ACTIONS_NODE_VERSION: node16
ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION: true
steps:
- name: install nodejs20glibc2.17
if: matrix.old_node == '1'
run: |
curl --silent https://unofficial-builds.nodejs.org/download/release/v20.18.1/node-v20.18.1-linux-x64-glibc-217.tar.xz | tar -xJ --strip-components 1 -C /node20217 -f -
# We would like to use harden-runner, but it flags too many false
# positives, every time we download a dependency. We should use it only
# on CI runs where we are producing artifacts that users might rely on.
# - name: Harden Runner
# uses: step-security/harden-runner@248ae51c2e8cc9622ecf50685c8bf7150c6e8813 # v1.4.3
# with:
# egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
- uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
# Note: can't upgrade to actions/checkout 4.0 because it needs newer
# glibc than these containers have.
- name: Prepare ccache timestamp
id: ccache_cache_keys
run: echo "date=`date -u +'%Y-%m-%dT%H:%M:%SZ'`" >> $GITHUB_OUTPUT
- name: ccache
id: ccache
uses: actions/cache@e12d46a63a90f2fae62d114769bbf2a179198b5c # v3.3.3
# Note: can't upgrade to actions/cache 4.0 because it needs newer
# glibc than these containers have.
with:
path: /tmp/ccache
key: ${{github.job}}-${{matrix.nametag}}-${{steps.ccache_cache_keys.outputs.date}}
restore-keys: ${{github.job}}-
- name: Build setup
run: |
${{matrix.setenvs}}
src/build-scripts/ci-startup.bash
- name: Dependencies
run: |
${{matrix.depcmds}}
src/build-scripts/gh-installdeps.bash
- name: Build
if: matrix.skip_build != '1'
run: src/build-scripts/ci-build.bash
- name: Testsuite
if: matrix.skip_tests != '1'
run: src/build-scripts/ci-test.bash
- name: Check out ABI standard
if: matrix.abi_check != ''
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
ref: ${{matrix.abi_check}}
path: abi_standard
- name: Build ABI standard
if: matrix.abi_check != ''
run: |
mkdir -p abi_standard/build
pushd abi_standard
src/build-scripts/ci-build.bash
popd
- name: Check ABI
if: matrix.abi_check != ''
run: |
src/build-scripts/ci-abicheck.bash ./build abi_standard/build libOpenImageIO libOpenImageIO_Util
- name: Build Docs
if: matrix.build_docs == '1'
run: |
cd src/doc
time make doxygen
time make sphinx
- uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
# Note: versions of upload-artifact >= 4.0 can't run on the ASWF
# containers because they need a newer glibc than they have.
if: ${{ failure() || matrix.build_docs == '1'}}
with:
name: oiio-${{github.job}}-${{matrix.nametag}}
path: |
build/cmake-save
build/compat_reports
build/sphinx
build/testsuite/*/*.*
!build/testsuite/oiio-images
!build/testsuite/openexr-images
!build/testsuite/fits-images
!build/testsuite/j2kp4files_v1_5
Loading

0 comments on commit c73f2bb

Please sign in to comment.