Add support for Cirrus CI

[real-or-random]

On top of #862.

This PR adds Cirrus CI integration. For now this is intended to replicate the functionality that we have in Travis currently. These are a lot of builds, we should also rethink the build matrix. Moreover, the CI shell script could have some refactoring and cleaning but these issues tasks are for another PR (see also #707).

Cirrus CI is relies on Docker images for Linux builds. We make use of this extensively by building our own Docker images (with necessary packages) on which CI then runs (https://cirrus-ci.org/guide/docker-builder-vm/#dockerfile-as-a-ci-environment), see the dockerfile setting in .cirrus.yml. The image is recreated for every build and then all "tasks" run on this image.

For the Linux builds, NixOs is used. This is a rather uncommon choice. My intention of this is that it gives you an easy way of opening a shell on your local machine that has the build tools exactly as in the CI environment. (Just install the nix package manager on top of your distro and run the command from the .cirrus.yml. Now after playing around with Nix, I'm not so convinced anymore:

• Not many people are familiar with Nix (these is my first usage of Nix), only @jonasnick here knows more.
• Support for cross-compilers is somewhat limited.
• As we anyway have docker, there's already a nice way to replicate the CI environment locally.

Still, I kept Nix for now since it's working now.

Debian is already used for a s390x big-endian qemu test. I choose s390x over the more common PowerPC and others because s390x is the only officially supported big-endian port of Debian (https://www.debian.org/ports/).

On the MacOS builds, we use a forked valgrind version which support newer macOS versions (https://github.com/LouisBrunner/valgrind-macos). It's not great but it works and this was change was overdue anyway.

Todo (in this PR):

• Add build badge
• Enable caching of brew binaries for macOS (note that the macOS builds on Cirrus don't use Docker)

Todo (other PRs)

• Reduce/reorganize jobs
• Tidy cirrus.sh script
• Add windows/MSVC
• Maybe add "bleeding edge" jobs that are allowed to fail and test against latest compilers.

[real-or-random]

Ok I've added a proper description. It's still a draft PR but please have a look.

[sipa]

@theuni Care to have a look at the buildsystem stuff here?

[real-or-random]

@theuni Care to have a look at the buildsystem stuff here?

If you want to look at this, please look at #862 . All the buildsystem stuff is there, and this PR is not yet rebased on #862.

[jonasnick]

Thanks! Looks good overall. In particular, should have the same set of tests as before.

For the Linux builds, NixOs is used

It's not NixOS but Alpine with the Nix package manager. That should also be reflected in the new files (e.g. NixOS shell -> Nix shell).

This sounds great but one drawback is that there is currently no way to invalidate the cache except for pushing a change to .cirrus.yml or the Dockerfile

Yeah would be nice to have this and I'm seeing you're experimenting with that in this PR.

Now after playing around with Nix, I'm not so convinced anymore:

There's an advantage of using Nix, namely you can reproduce the exact same dependencies locally by pinning the nixpkgs. When rebuilding the debian docker image you may get newer versions than in CI. Historically we didn't have problems with reproducing test failures. Either way is fine for me, but if we keep nix we should output the nixpkgs commit to actually be able to reproduce it.

I'll probably change the 32-bit i686 builds back to Debian, I had some issues with them.

i686 is only a "limitedSupportedSystem" in Nix which means that the nix cache only contains only a "minimal" package set. Best would be to either just use clang instead of clang_11 or switch to debian for i686.

Since we're on a rolling-release channel, it's rather easy to get the latest compilers for example and see miscompilations early for example.

Not sure about this, but we can try it out.

[theuni]

If you want to look at this, please look at #862 . All the buildsystem stuff is there, and this PR is not yet rebased on #862.

Roger, will have a look this week.

[jonasnick]

Since I'm just noticing that Travis is still pending, I'm wondering if this PR wouldn't also be the right time to remove it.

[sipa]

Concept ACK. The NixOS approach doesn't seem to add much overhead, and not too hard to replace if it's an issue.

It seems Travis is acting up again, is there something left to get this to an minimal viable mergable state?

[real-or-random]

Yes, this slipped out of my focus...

I talked to a few people including @MarcoFalke and I'm considering a different approach for "bleeding edge" builds, namely regular (e.g., nightly) builds (of master) that won't get in the way of contributors working on their PRs. AFAIC this is supported by Cirrus (https://cirrus-ci.org/guide/writing-tasks/#cron-builds).

Also I think that Debian experimental would be a nice platform for this, and this would then probably obsolete the last reason to NixOs, so I'm also considering switching back to Debian for the stable builds.

But all of this can be done in a separate PR. Since this is currently working, let's get this merged. I've added a commit that removes Travis as suggested above.

[jonasnick]

ACK eb16650 mod nits

[real-or-random]

Ready for review again (when the checks pass).

[sipa]

ACK cc2a545. Tested by introducing bugs: #883, #884, #885, #886, #887.

[jonasnick]

ACK cc2a545

[real-or-random]

Argh, the "clang" builds use GCC in fact [0] because nix-shell redefines $CC. [1] There's a lot of "wrapper" stuff in general. https://nixos.wiki/wiki/C I feel all of this may be great for users but not what we want in CI, where we want a pure environment.

Until now, my position was that nix doesn't really give us the benefits I hoped for but it was working, so I kept it. But now that's a real disadvantage. I think it's better to get of rid, which is somewhat sad given that I spent some time on it.

[0] https://cirrus-ci.com/task/5368525575421952?command=test#L164
[1] https://github.com/NixOS/nixpkgs/blob/master/pkgs/build-support/cc-wrapper/setup-hook.sh#L110

[real-or-random]

We should also consider implementing the hack from Core (cirruslabs/cirrus-ci-docs#662 (comment)) in order to run CI on the merge commit instead of the source branch (in the case of PRs).