Verify pure-rust-build has limited tools/headers, use stable-slim
#1665
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This verifies the absence of utilities and libraries `max-pure` should not need, but that are needed for building `max`. When `pure-rust-build` was introduced in ed4deac (GitoxideLabs#624), the goal was to test that a C toolchain was not needed. Currently, we are installing a C toolchain, by installing `gcc` and `libc-dev`, so that the Rust toolchain will use the linker, which it may invoke through `cc`/`gcc`. Nonetheless, the test is effective, as verified in GitoxideLabs#1664, becuase it uses an environment free of several packages that `max-pure` would likely inadverently require for building, if it failed to be "pure". Utilities could, in principle, be installed as part of a package other than the package(s) that usually provide them. So a `$PATH` search is performed. However, `libssl-dev` is a library (and more libraries might be listed in the future), with no executable tool to do a `$PATH` search for. Furthermore, it may be possible for a utility to be installed, such that software in a Rust toolchain might find and use it, while not being in a `$PATH` directory. So this checks for known DEB packages as well as searching `$PATH`.
This changes `bookworm` to `bookworm-slim`. Information about the Debian "slim" images is available in the "Image Variants" section of the "About" page at https://hub.docker.com/_/debian. Which files are removed changes over time, but I don't think files not present in the non-slim image will be added to the slim image. Even if something like that were to happen, the check in the previous commit should identify an environment that has become unsuitable for this job. Using the smaller image should make the job a bit faster, since that image should be a bit faster to download.
With the "Verify environment is sufficiently minimal for the test" step, if a new stable release of Debian has software that makes the environment too extensive for `pure-rust-build` to produce accurate results, then that should be discovered.
EliahKagan
changed the title
pure-rust-build software and use stable-slimpure-rust-build environment is limited, and use stable-slim
EliahKagan
changed the title
pure-rust-build environment is limited, and use stable-slimpure-rust-build software is limited, and use stable-slim
EliahKagan
changed the title
pure-rust-build software is limited, and use stable-slimpure-rust-build has limited tools/libs, use stable-slim
EliahKagan
changed the title
pure-rust-build has limited tools/libs, use stable-slimpure-rust-build has limited tools/headers, use stable-slim
EliahKagan
changed the title
pure-rust-build has limited tools/headers, use stable-slimpure-rust-build has limited tools/headers, use stable-slim
Byron
approved these changes
Nov 10, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
As suggested in #1664 (review), this checks that packages that are intended to be absent, for the
pure-rust-buildtest's results to be trusted, really are absent. As detailed in 71ba940, it also checks if commands such asg++are available in the$PATH, in case they are provided in an unexpected way.With that check in place, we can more easily change what Docker image we use for this job. Of the changes that are useful, I think the safest is to change from
bookwormtobookworm-slim. The "slim" images vary in what they omit, but they shouldn't add anything extra, and in any case, the check should catch anything unexpected. See c84c17e. This passed.A somewhat greater risk, but I think reasonable given the presence of the new steps that checks what's installed, is to use the
stablelabel instead ofbookworm, so that when a new stable release comes out, it is automatically used. I did this, withstable-slim. See 2a791c8. This also passed. This is the current state on the feature branch, as I open this PR. However, that commit can be dropped or reverted if specific-release labels are prefered.