ci: extract "slim" container to run functional tests and add multiprocess and tsan, drop unneeded packages

[kwvg]

Motivation

dash#6583 introduced functional tests to GitHub Actions and due to a combination of limited disk space available on runners and restrictions on ways to free up said disk space (as described in dash#6583), multiprocess and tsan builds had to be excluded (commit).

Despite measures to reign in disk usage (source), we are experiencing sporadic failures due to space exhaustion (build, build). To take care of this, we are going to extract portions of our ci container into ci-slim, containing only the parts needed to run (sanitizer-enabled) binaries, functional tests and (some) linters.

Additional Information

• We have used edrevo/dockerfile-plus to allow container definitions inherit other container definitions, which has allowed for a ready-to-use interactive container (develop) to be built on top of our CI container (ci) with ease (introduced in dash#4336).

  Unfortunately, since then, there has been little activity at edrevo/dockerfile-plus, last code contribution was ~4 years ago (commit) and as this PR splits off ci to ci-slim, it appears dockerfile-plus has difficulty in working with Dockerfiles that inherit other Dockerfiles (see below).

  Error message:

  $ docker-compose build
  #0 building with "default" instance using docker driver
  [...]
  #1 [container internal] load build definition from Dockerfile
  #1 transferring dockerfile: 1.57kB done
  #1 DONE 0.0s
  [...]
  #7 [container internal] load build definition from Dockerfile
  #7 DONE 0.0s
  failed to solve: failed to create LLB definition: dockerfile parse error line 9: unknown instruction: INCLUDE+
  

  To mitigate this, we are switching over to devthefuture/dockerfile-x, which come with minor changes in syntax.

  • As devthefuture/dockerfile-x (like edrevo/dockerfile-plus) relies on BuildKit, it has been explicitly enabled for GitLab, without which, it fails (build).

• As scoping in Dockerfiles are relative to the Dockerfile itself (source), develop/Dockerfile can include ci/Dockerfile by setting the context one directory behind (which is possible for the root Dockerfile) but when ci/Dockerfile is parsed, it will search within the ci folder and not from the context folder set earlier and so, including ci-slim/Dockerfile would come up empty as it would resolve to ci/ci-slim/Dockerfile, which doesn't exist.

  To work around this, both ci and ci-slim definitions need to share the same directory and to allow for that, ci/Dockerfile is now ci/ci.Dockerfile, so that develop/Dockerfile can set the context a directory behind, find ci/ci.Dockerfile, which will search within ci for ./ci-slim.Dockerfile, which will be found successfully.

• We have switched away from using the official LLVM installation script to importing the repository manually as we need only a select few packages to run sanitizer-enabled builds and functional tests and the script only gives you a choice between default packages and all packages.

  • While avoiding LLVM packages entirely in the ci-slim container was most desirable, doing so breaks sanitizer builds (build)
  • Switching over to manual import also let us drop a few packages as the script has to probe and work around bugs while our base environment remains relatively similar.

• Space occupied by containers.

  Calculated by modifying develop/docker-compose.yml to point at different Dockerfiles and building them with docker compose, then passing them to dive v0.12.0.

  Name	Commit	Size	Efficiency Score	Potential Waste
  ci	develop (26ea618)	4.4 GB	99%	74 MB
  develop	develop (26ea618)	4.5 GB	99%	78 MB
  ci-slim	This PR (db6a3fd)	1.6 GB	97%	64 MB
  ci	This PR (db6a3fd)	4.3 GB	99%	70 MB
  develop	This PR (db6a3fd)	4.3 GB	99%	74 MB

Checklist

• I have performed a self-review of my own code
• I have commented my code, particularly in hard-to-understand areas
• I have added or updated relevant unit/integration/functional/e2e tests (note: N/A)
• I have made corresponding changes to the documentation
• I have assigned this pull request to a milestone (for repository code-owners and collaborators only)

[kwvg]

GitHub Actions run for 55a0d0d, https://github.com/kwvg/dash/actions/runs/13594731463

[coderabbitai]

Walkthrough

This pull request implements updates across container configuration files, CI workflows, and build scripts. In the .dockerignore file, the inclusion rules for Dockerfiles have been modified to reference ci.Dockerfile and ci-slim.Dockerfile instead of the previous file. GitHub Actions workflows now include new input parameters for context, file, and container name, and they update cache keys and job dependencies to align with the revised Dockerfile paths. The build workflow introduces new jobs such as container-slim and modifies dependency links among testing jobs. In addition, GitLab CI has been updated to enable BuildKit and to use the updated Dockerfile reference. Changes in several bash scripts adjust file operations and integrate a new linting process via the newly added lint-tidy.sh script. Dockerfiles have been updated or introduced, with adjustments to syntax directives, base images, and the installation of additional dependencies.

✨ Finishing Touches

• 📝 Generate Docstrings

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (4)

ci/dash/test_integrationtests.sh (1)

67-67: Log File Handling: Switching from cp to mv
Changing from copying to moving the log files is acceptable if you intend to remove the source files after processing. Please verify that no subsequent process relies on the original log files remaining in the source directory.

ci/dash/build_src.sh (1)

69-73: Conditional Linting Execution
Delegating linting to ${BASE_ROOT_DIR}/ci/dash/lint-tidy.sh when RUN_TIDY is true and not running in GitHub Actions is a cleaner approach. Please ensure that the linting script correctly propagates any errors so that lint failures aren’t silently ignored.

contrib/containers/README.md (1)

3-4: Documentation Grammar Correction
The sentence “Containers that depends on other containers require BuildKit…” should be updated to “Containers that depend on other containers require BuildKit…” for correct subject-verb agreement.

🧰 Tools

🪛 LanguageTool

[grammar] ~3-~3: The plural noun “Containers” expects the verb form “depend”.
Context: ...n files for containers. Containers that depends on other containers require BuildKit to...

(NNS_THAT_VBZ)

contrib/containers/ci/ci.Dockerfile (1)

36-39: Update Alternatives Command Chain
The block that sets alternatives for MinGW compilers includes an exit 0 at the end. This command is unnecessary and might mask potential errors in the preceding commands. Consider removing exit 0 to ensure proper error propagation during the build.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 26ea618 and c63f5d8.

📒 Files selected for processing (15)

• .dockerignore (1 hunks)
• .github/workflows/build-container.yml (2 hunks)
• .github/workflows/build-depends.yml (1 hunks)
• .github/workflows/build-src.yml (2 hunks)
• .github/workflows/build.yml (2 hunks)
• .gitlab-ci.yml (3 hunks)
• ci/dash/build_src.sh (3 hunks)
• ci/dash/lint-tidy.sh (1 hunks)
• ci/dash/slim-workspace.sh (1 hunks)
• ci/dash/test_integrationtests.sh (1 hunks)
• contrib/containers/README.md (1 hunks)
• contrib/containers/ci/Dockerfile (0 hunks)
• contrib/containers/ci/ci-slim.Dockerfile (1 hunks)
• contrib/containers/ci/ci.Dockerfile (1 hunks)
• contrib/containers/develop/Dockerfile (2 hunks)

💤 Files with no reviewable changes (1)

• contrib/containers/ci/Dockerfile

✅ Files skipped from review due to trivial changes (1)

• ci/dash/slim-workspace.sh

🧰 Additional context used

🪛 LanguageTool

contrib/containers/README.md

[grammar] ~3-~3: The plural noun “Containers” expects the verb form “depend”.
Context: ...n files for containers. Containers that depends on other containers require BuildKit to...

(NNS_THAT_VBZ)

🔇 Additional comments (28)

.dockerignore (1)

2-3: Dockerfile Inclusion Update
The explicit inclusion of ci.Dockerfile and ci-slim.Dockerfile aligns with the updated container build processes. Ensure that these are the only Dockerfiles meant to be included in the build context.

ci/dash/build_src.sh (1)

14-14: Environment Cleanup Simplification
Combining the unsetting of CC, CXX, and DISPLAY into a single line improves conciseness and clarity.

contrib/containers/README.md (1)

6-12: Container Table Clarity
The table clearly outlines the dependencies and purposes of the containers, which aids in understanding the build configuration.

contrib/containers/ci/ci.Dockerfile (5)

1-4: Dockerfile Inheritance and Syntax Directive
Starting with the syntax directive and inheriting from ./ci-slim.Dockerfile is correctly done. Please verify that the relative path is accurate within the build context.

---

41-55: Clang/LLVM Installation and Alternatives Setup
The installation commands for Clang, LLVM, and related tools are comprehensive. Just ensure that the package names and the variable ${LLVM_VERSION} reflect the intended versions available in the base image.

---

65-67: LD_LIBRARY_PATH and IWYU Build Process
Setting LD_LIBRARY_PATH and building “include-what-you-use” is well organized. Verify that removing the cloned repository post-installation does not impact any debugging needs.

---

75-81: Cache Directory and Ownership Setup
The creation of cache directories and adjusting ownership using ${USER_ID} and ${GROUP_ID} is implemented correctly. Double-check that these variables are set appropriately to avoid permission issues.

---

82-84: Reverting to Non-Privileged User
Switching back to the non-privileged user dash is a sound security practice once all required installations are completed.

ci/dash/lint-tidy.sh (5)

1-9: Initialization and Environment Setup Are Clear

The shebang, copyright notice, locale setting, and strict bash options are set up correctly. These early lines ensure portability and robust error handling.

---

10-13: Clear Warning and Prerequisite Guidance

The warning comments (lines 10–12) clearly notify users about the need to generate the compilation database and set the correct build parameters before executing the script.

---

14-15: Directory Navigation and Linting Execution

The change directory command using ${BASE_ROOT_DIR} and ${BUILD_TARGET} (line 14) and the subsequent execution of run-clang-tidy piped through grep (line 15) are implemented correctly.
Suggestion: Ensure that environment variables like BASE_ROOT_DIR and MAKEJOBS are reliably defined in all runtime contexts.

---

17-25: IWYU Analysis Integration

The use of iwyu_tool.py with multiple paths and the mapping file (lines 18–25) is well structured. Redirecting the output to a temporary file using tee is appropriate for subsequent processing.

---

27-29: Automatic Include Fixing and Diff Reporting

Calling fix_includes.py with the IWYU output and displaying the differences via git diff (lines 27–29) provides a streamlined post-processing step.

.github/workflows/build-src.yml (2)

73-76: Updated CCache Key with New Dockerfile Reference

The cache key now references contrib/containers/ci/ci.Dockerfile along with other dynamic inputs (lines 73–76), ensuring proper cache invalidation when the Dockerfile or dependent packages change.

---

90-97: Addition of Linting Step for Multiprocess Builds

The new “Run linters” step (lines 90–97) for builds with the linux64_multiprocess target is integrated correctly. It correctly exports BUILD_TARGET, sources the matrix script, and calls the new lint-tidy.sh script.

.github/workflows/build.yml (3)

173-178: Transition to Slim Container for Testing

Updating the test-linux64 job (lines 173–178) to depend on container-slim and using its output for container-path is a well-aligned change to leverage the slimmer build environment.
Follow-up: Verify that the slim container includes all the necessary binaries and dependencies for running these tests.

---

179-187: Addition of Multiprocess Test Job

The new test-linux64_multiprocess job (lines 179–187) follows a similar pattern by sourcing the container path from container-slim. This change is consistent and supports the refactored CI strategy for multiprocess builds.

---

207-214: TSAN Test Job Using Slim Container

The configuration for the test-linux64_tsan job (lines 207–214) correctly uses container-slim. This ensures that TSAN-specific tests run in the intended environment.

.gitlab-ci.yml (2)

32-33: Enablement of Docker BuildKit

The export of the environment variable DOCKER_BUILDKIT=1 (line 32) is an important addition that enables BuildKit for improved build performance and capabilities on GitLab CI.

---

60-61: Correct Dockerfile Reference for Cache Key

Updating the cache key to reference contrib/containers/ci/ci.Dockerfile (lines 60–61) assures that caching is based on the correct, updated Dockerfile.

.github/workflows/build-container.yml (2)

5-17: Introduction of Dynamic Inputs for Build Context

The addition of new required input parameters (context, file, and name) (lines 5–17) significantly enhances configurability. This allows dynamic specification of the build context and Dockerfile, which improves maintainability and reusability of the workflow.

---

60-70: Dynamic Docker Build and Caching Configuration

The modified “Build and push Docker image” step (lines 57–72) now dynamically references the inputs for context and file, sets multiple tags using both the repository and provided container name, and updates caching options. This flexibility supports a more robust CI process.

.github/workflows/build-depends.yml (1)

73-77: Updated Cache Keys Alignment

The cache key and restore keys in the “Restore cached depends” step have been updated to reference contrib/containers/ci/ci.Dockerfile instead of the old path. This change correctly aligns the caching mechanism with the new Dockerfile naming convention. Please verify that any similar references in other workflows have also been updated for consistency.

contrib/containers/ci/ci-slim.Dockerfile (2)

1-19: Effective Multi-Stage Build for Cppcheck

The builder stage effectively compiles Cppcheck from source using a lightweight Debian-based image. The use of set -ex and subsequent cleanup (removal of temporary files and apt cache) are well implemented, ensuring a minimal build stage.

---

20-119: Comprehensive Setup for CI Slim Container

The final image stage uses ubuntu:noble as its base and correctly integrates the compiled Cppcheck binary, configuration files, and environment settings. The Dockerfile installs the essential packages, sets up Python via Pyenv, adds tools such as ShellCheck, and configures LLVM for sanitizer builds. Cleanup commands are in place to reduce image size.

Optional improvement: Consider combining certain RUN commands to further minimize image layers, though the current implementation is already effective.

contrib/containers/develop/Dockerfile (3)

1-4: Syntax Directive and Base Image Update

The syntax directive is now updated to devthefuture/dockerfile-x and the base image is set to ./ci/ci.Dockerfile. This change is essential for proper Dockerfile inheritance and aligns with the objectives of the PR.

---

9-33: Enhanced Package Installation for Dash Qt Support

The updated RUN command now installs additional libraries (e.g., various libxcb packages) required for supporting Dash Qt. The command sequence—including package installation with ${APT_ARGS}, followed by cleanup—is well-structured and clear.

---

42-47: GDB Configuration and Non-Privileged User Setup

The consolidated RUN step now handles several tasks: adding the docker group, appending a sudoers entry for password-less sudo access, creating the GDB configuration directory, setting the auto-load safe path, and ensuring correct ownership of the home directory. This approach streamlines the configuration process.

Suggestion: If more commands are added in the future, consider splitting them into separate RUN instructions to ease debugging and enhance readability.