[ci] Try to use GCP Bazel cache for more jobs #20836
Conversation
Signed-off-by: James Wainwright <[email protected]>
|
Thanks @jwnrt for looking at this, this looks like a great idea. It seems that now we will have many instances of - task: DownloadSecureFile@1
condition: eq(variables['Build.SourceBranchName'], 'master')
name: GCP_BAZEL_CACHE_KEY
inputs:
secureFile: "bazel_cache_gcp_key.json"which is quite error-prone and very specific to our workflow. What do you think about having a yaml file that we can include so we can do instead something like: - template: ci/use-bazel-remove-cache.yamland maybe add a parameter to specific whether access is just read, or read-write? |
Signed-off-by: James Wainwright <[email protected]>
|
I've extracted this step into a template but haven't added an r/rw parameter since these credentials are only for writing. The GCP bucket is always read if using the I've tried to make this clearer by giving the template the name |
|
Oh also I should mention that even with this change, I don't think the Bazel cache is working in CI at all. Before this PR, the I tried to set up a local environment to read from the cache too, but no success. These are the (convoluted) steps I used (thanks to @nbdd0121 for helping with this):
We did not observe the cache being used at all. There must be something else contributing to the cache that we didn't account for. |
Signed-off-by: James Wainwright <[email protected]>
jwnrt
force-pushed
the
ci-bazel-cache
branch
3 times, most recently
from
d236951 to
73b8d77
Compare
| @@ -15,12 +15,13 @@ echo "Running bazelisk in $(pwd)." | |||
|
|
|||
| # An additional bazelrc must be synthesized to specify precisely how to use the | |||
| # GCP bazel cache. | |||
| GCP_CREDS_FILE="$GCP_BAZEL_CACHE_KEY_SECUREFILEPATH" | |||
There was a problem hiding this comment.
I am assuming that the _SECUREFILEPATH is added by DownloadSecureFile to the name? It's not really clear in the documentation https://learn.microsoft.com/en-us/azure/devops/pipelines/tasks/reference/download-secure-file-v1?view=azure-pipelines
There was a problem hiding this comment.
DownloadSecureFile will store the path to the file in a variable called $(GCP_BAZEL_CACHE_KEY.secureFilePath), and Azure also has a rule that you can access $(AZURE_VARIABLES.WITH.SCOPES) variables through environment variables by replacing .s with _s
|
Thanks for reviewing, I asked @nbdd0121 to look over the Bash and we simplified it a bit more |
These flags need to come _before_ the subcommand, i.e.:
```
bazel --bazelrc=... cquery # VALID
bazel cquery --bazelrc=... # INVALID
```
which is done in this script by pushing flags that come before the
subcommand name into an array and re-applying them in the correct order
later.
If these Bash arrays are confusing and you've come across this commit in
a `git blame` then hopefully this will help:
1. Bash supports arrays defined using parentheses: `array=("foo" "bar")`
2. Arrays can't be passed as arguments to functions, they are expanded
and get mixed into other arguments, so we use a global instead.
4. the syntax for expanding an array into its elements with correct
quoting on each is: `"${array[@]}"`.
Signed-off-by: James Wainwright <[email protected]>
Summary
This change lets more jobs read from the cache, and also allows more jobs to write to the cache when running for the
masterbranch.It's being tested in this Azure run which will write to the cache. A second run will need to be triggered to see if we actually read from the cache.
Details
This change:
./bazelisk.shtoci/bazelisk.shin pipelines.GCP_BAZEL_CACHE_KEYvariable is set, it also writes to the cache.GCP_BAZEL_CACHE_KEY_SECUREFILEPATHenvironment variable.masterbranch, however I have changed this for this test run to show that the cache can be written to.