Page MenuHomePhabricator
Create Task
Maniphest T76304

Zuul-cloner should use git-clean to reset workspace
Closed, ResolvedPublic
Actions

Description

I noticed that the mediawiki-core-npm job (uses zuul-clone, runs in labs) does not clear the working space. The working directory is preserved by Jenkins (including the directories left behind by zuul-cloner), and zuul-cloner itself also does nothing to reset the working space.

This is causing a wide variety of issues:

  • node_modules persists between jobs. This is causing old versions to stay in memory even after a newer release was made upstream. It is also causing jobs that modify node_modules to affect future jobs. And no longer used modules (e.g. grunt-jscs-checker was renamed to grunt-jscs) to persist indefinitely in node_modules on the slaves.
  • Random files in random directories stay behind (e.g. files that used to be in version control in a past version but have been deleted from the repository).
  • Pattern detection is matching unexpected and invalid files (e.g. resources/src/**/*.js is now matching files that may be invalid or aren't supposed to be there anymore).
  • Files from future versions existing in tests against older branches.

The -npm job is declared with git-scm, (jenkins) wipe-workspace: false, (git) clean: true.

This is a regression.

Details

SubjectRepoBranchLines +/-
Reset & clean workspace repo for better hygieneintegration/zuulmaster+2 -2
npm-set-env.sh: Purge node_modulesintegration/jenkinsmaster+6 -0
Customize query in gerrit

Related Objects
Search...

Event Timeline

Krinkle created this task.Nov 30 2014, 7:57 PM
Krinkle assigned this task to hashar.
Krinkle raised the priority of this task from to Unbreak Now!.
Krinkle updated the task description. (Show Details)
Krinkle added projects: Release-Engineering-Team, Jenkins, Continuous-Integration-Infrastructure.
Krinkle changed Security from none to None.
Krinkle added subscribers: Krinkle, hashar.
hashar added a comment.Nov 30 2014, 8:46 PM

When preparing a repository, Zuul cloner does a checkout and force the working tree to match (discarding uncommitted changes) http://gitpython.readthedocs.org/en/stable/reference.html#git.refs.head.HEAD.reset

The reason is that for the mediawiki integration job, we would get core + vendor + extensions. On a first run, we clone all of them, on a second run, the workspace already contains the cloned repo so we just check them out. Using git clean for mediawiki/core would discard the previously cloned extensions (under /extensions/ ) which would force it to reclone all of them.

Can we just use npm prune to ensure we have an appropriate /node_module?

hashar edited projects, added Zuul; removed Jenkins.Dec 1 2014, 2:15 PM
Jhernandez mentioned this in T76354: mwext-MobileFrontend-npm is failing to complete on several commits (not verifying commits, can't merge).Dec 1 2014, 5:08 PM
Krinkle added a comment.Dec 8 2014, 4:47 PM

node_modules is just one of the many things that may stay behind. As I mentioned above, this also causes other untracked files to stay behind. Especially when switching between branches. Sooner or later causes test failures like we had last week (requiring one to manually purge workspaces on each slave). Or worse (and just as likely) it may prevent tests from failing that should be failing. Masking errors.

It also caused tests to fail due to js/css files from older branches to show up in newer branches that either used to be in an ignore list. Or don't pass newer rules (e.g. foo/bar.js exists in 1.22, deleted in 1.23, in 1.24 we added a stricter coding style rule, foo/bar.js naturally doesn't validate obviously shouldn't show up in a 1.24 build).

Instead of making an exception for the regular case (by hacking around npm, which is just one of many things that can and will go wrong), maybe try to preserve or optimise those extension clones somehow?

It seems wasteful anyway to have so many clones all over the place. On each Jenkins slave we have between 1 and 3 (concurrency) workspaces for each job, in each of them a clone for the main repository and its upstream/downstream dependencies. Which means an average slave will have 100s of clones of mediawiki-core and about a dozen clones of each extension.

Maybe we can do something like we do on prod slaves: Clone from local drive using hard links (instead of from Gerrit each time). Except without Gerrit replication of course (unless that's easy to do to labs). We would manually add any required repos to a local git cache and updating that first, then do a fast clone from there before fetching from Zuul?

Either way, I won't defend the need for clean workspaces. That should be obvious. It is already a massive sacrifice to preserve .git between builds (and use git-clean instead of Jenkins' rm -rf solution). Not even git-cleaning is an unacceptable regression. This was not an issue before Zuul-cloner.

Krinkle added a comment.EditedDec 8 2014, 4:52 PM

Other work arounds I can imagine: Inside Zuul-cloner, run git clean -dffx in each extension, and then run it dry in core, filter out extensions from the list and manually rm -rf those.

Or: Don't nest clones. Instead clone them next to each other and put symlinks in place.

As for performance, yes. We can't re-clone all of MediaWiki core each extension build. But how did we do this before Zuul-cloner? And how are we going to do this in disposable sandboxes? We need a different solution.

hashar added a comment.Dec 12 2014, 4:36 PM

I would use npm prune as a workaround for the npm job. I lack spare cycles to investigate the impact of having zuul-cloner to run git clean -xqdf (or -ff).

hashar removed hashar as the assignee of this task.Dec 12 2014, 4:36 PM
Krinkle added a comment.Jan 5 2015, 4:29 PM

@hashar That is not an option.

Both composer and npm have proven in the past that they do not support long-lived local directories. Things like trying to cover every possible edge case with different package versions over time is too much work. It is very likely that upgrading npm or composer (while keeping vendor and node_modules from previous builds) will result in left-behind files, cache conflict, or incompatible directory trees.

The battle field left behind after such failure is a pain to debug. For developers locally or production the solution is easy: "Just rm -rf it and re-run 'foo install'". And as such that is also the common response on bug reports about these. It's nearly impossible maintain package managers like these with infinite look-ahead and look-behind support, arbitrarily skipping versions etc. These kind of environments should use disposable sandboxes or at least properly clear the workspace.

Also as pointed out, this is not limited to composer or npm. Git itself is also terrible at it. And builds themselves also produc additional files.

In a perfect world these files are always cleaned up in teardown. But that's not the case in reality. We're dealing with draft commits and continuously iterated alpha software. The CI environment can not demand software to be bug-free as this very environment is the testing ground.

I don't want to waste time and time again debugging problems caused by bugs in upstream software or minor issues in unit tests, or projects switching to using a submodule having to notify us, or me clearing a flooded workspace or tmp directory. Those are valid bugs and they should be addressed upstream/downstream, but they should not result in a Jenkins slave becoming unstable. That is not necessary and easily prevented.

Zuul-cloner is too buggy at the moment. It should never have been merged upstream or deployed here whilst lacking essential git and CI aspects such as loading submodules and clearing the workspace.

hashar added a comment.Jan 5 2015, 9:29 PM

I acknowledged that Zuul cloner not cleaning the workspace can be problematic. I am not denying it, I simply lack cycles to add support for clearing the repositories and investigate the side effects that comes with it.

The example issue in this task is with node_module congaing extra packages from a previous run, which is exactly what npm prune is meant for and imho an acceptable workaround until zuul-cloner is taught to git clean.

Krinkle mentioned this in T86734: Zuul-cloner failing to acquire lock sometimes ("IOError: Lock for file .git/config did already exist, lock is illegal").Jan 14 2015, 2:40 AM
gerritbot added a project: Patch-For-Review.Jan 14 2015, 8:04 PM
gerritbot subscribed.

Change 184838 had a related patch set uploaded (by Krinkle):
Ensure the repository configuration lock is released

https://gerrit.wikimedia.org/r/184838

Patch-For-Review

gerritbot added a comment.Jan 18 2015, 5:57 PM

Change 185686 had a related patch set uploaded (by Ori.livneh):
Reset & clean workspace repo for better hygiene

https://gerrit.wikimedia.org/r/185686

Patch-For-Review

Krinkle assigned this task to ori.Jan 20 2015, 1:49 AM
Krinkle added a subscriber: ori.
Krinkle mentioned this in T87294: Nodepool images need Gerrit mirror for git-clone performance.Jan 21 2015, 1:52 AM
Krinkle mentioned this in T87666: npm tests intermittently fail; npm cache needs purging.Jan 29 2015, 3:04 AM
gerritbot added a comment.Feb 3 2015, 3:42 AM

Change 188291 had a related patch set uploaded (by Krinkle):
npm-set-env.sh: Purge node_modules

https://gerrit.wikimedia.org/r/188291

Patch-For-Review

gerritbot added a comment.Feb 3 2015, 3:50 AM

Change 188291 merged by jenkins-bot:
npm-set-env.sh: Purge node_modules

https://gerrit.wikimedia.org/r/188291

Krinkle mentioned this in rCIJE28f2ca8924c2: npm-set-env.sh: Purge node_modules.Feb 3 2015, 9:33 PM
gerritbot added a comment.Feb 12 2015, 4:11 PM

Change 185686 abandoned by Hashar:
Reset & clean workspace repo for better hygiene

Reason:
See upstream change https://review.openstack.org/148121

https://gerrit.wikimedia.org/r/185686

greg lowered the priority of this task from Unbreak Now! to High.Mar 27 2015, 4:57 PM
greg subscribed.

This is unbreak now! but no movement in a long time.... what should happen next here?

greg moved this task from INBOX to In-progress on the Release-Engineering-Team board.Mar 27 2015, 4:57 PM
Krinkle added a comment.Apr 5 2015, 7:58 PM

Probably backport https://review.openstack.org/148121, or upgrade our Zuul to a newer upstream.

Krinkle lowered the priority of this task from High to Lowest.Apr 7 2015, 2:07 PM
Krinkle raised the priority of this task from Lowest to High.
Krinkle moved this task from Untriaged to Backlog on the Continuous-Integration-Infrastructure board.
Krinkle moved this task from Backlog to Enhancements on the Zuul board.Apr 15 2015, 7:48 PM
Krinkle changed the task status from Open to Stalled.Apr 16 2015, 3:11 AM
Krinkle added a subtask: T94409: Upgrade Zuul server to latest upstream.
Krinkle removed a project: Patch-For-Review.
Krinkle removed a subscriber: gerritbot.
Krinkle moved this task from Backlog to Externally Blocked on the Continuous-Integration-Infrastructure board.Apr 17 2015, 3:53 PM
Krinkle mentioned this in T86730: Zuul-cloner failing to acquire .git lock sometimes.Apr 20 2015, 10:58 PM
Krinkle renamed this task from Zuul-cloner forgets to clear workspace to Zuul-cloner should use git-clean to reset workspace.Apr 20 2015, 11:02 PM
Krinkle mentioned this in T96627: Jenkins jobs must wipe workspace.Apr 20 2015, 11:08 PM
Krinkle mentioned this in T97106: Zuul-cloner should use hard links when fetching from cache-dir .Apr 24 2015, 2:56 AM
ori removed ori as the assignee of this task.Jun 19 2015, 5:32 PM
greg moved this task from In-progress to Backlog (ARCHIVED) on the Release-Engineering-Team board.Aug 4 2015, 5:41 PM
hashar closed subtask T94409: Upgrade Zuul server to latest upstream as Resolved.Nov 5 2015, 11:12 AM
hashar closed this task as Resolved.Nov 5 2015, 11:18 AM
hashar claimed this task.

I think I got Ori patch ( https://review.openstack.org/#/c/148121/ Reset & clean workspace repo for better hygiene
 ) cherry picked ages ago.

In below git branch --contains:

The patch has been merged upstream (origin/master)
It is included in our Precise and Trusty Debian packages (wikimedia/debian/{precise,trusty}-wikimedia)

$ git branch -r --contains 1403a9ee056eb4583566dbb58191d1d2556c18b3
  origin/HEAD -> origin/master
  origin/master
  wikimedia/debian/precise-wikimedia
  wikimedia/debian/trusty-wikimedia
  wikimedia/labs-tox-deployment
  wikimedia/patch-queue/debian/precise-wikimedia
  wikimedia/upstream
greg added a project: OKR-Work.Jan 11 2016, 10:57 PM
hashar mentioned this in T152351: wikimedia/portals repo might be using outdated and or deprecated tests in jenkins.Dec 4 2016, 10:20 PM
MarcoAurelio mentioned this in T152386: CI tests on wikimedia/portals repo: cache node_modules to save time.Dec 5 2016, 11:55 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL