search

QMSTR / qmstr

QMSTR compliance tool
https://qmstr.org
31 stars 1 forks source link

Make the CMake pipeline work on Kubernetes #553

Open marcomicera opened 3 years ago

marcomicera commented 3 years ago

Prerequisites

Basic understanding of how Quartermaster works (see this presentation).

Problem

The CMake pipeline is supposed to:

  1. git clone and build a CMake repository;
  2. detect its licenses;
  3. report its findings back.

Currently, the pipeline for CMake is broken when being run locally, and it has never worked on Kubernetes.

Goal

Make it work on Kubernetes. Personally, I wouldn't make the effort to try to make it run locally, but I would concentrate on making it run in Docker containers, as we ultimately want to deploy Quartermaster on Kubernetes.

A possible workflow

See how the pipeline for Maven works on Kubernetes

1. Start by deploying Quartermaster for Maven on Kubernetes.\ Worth mentioning:

Inspect the CMake local demos

The demos submodule contains attempts of license detection of all sorts of projects, including C ones.\ This paragraph contains instructions on how to run these demos locally:

Running the demos is Makefile based. Running just make it will compile all the projects located in the demos/ directory with Quartermaster:

$ make
...

Should you want to compile a specific project run make followed by the name of the project you want to compile e.g.:

$ make curl
...

For more information and updates you can visit the Quartermaster project.

This is a tedious, but maybe necessary step

Several problems arise when trying to run those locally, though: these demos require you to build the qmstr/master (huge and inefficient) image via the Quartermaster's main Makefile (last step):

$ make --dry-run
echo /usr/local/bin/docker
go test ./clients/qmstrctl
go build  -ldflags "-X github.com/QMSTR/qmstr/lib/go-qmstr/cli.QmstrVersion=0.5" -o out/qmstrctl ./clients/qmstrctl
go test ./clients/qmstr
go build -o out/qmstr ./clients/qmstr
go test ./modules/builders/qmstr-wrapper
go build -o out/builders/qmstr-wrapper ./modules/builders/qmstr-wrapper
docker build -f masterserver/Dockerfile -t qmstr/master --target master  --build-arg QMSTR_VERSION=0.5 --build-arg GRPCIO_VERSION=1.20.0 --build-arg DGRAPH_VERSION=1.1.0 --build-arg HUGO_VERSION=0.39 --build-arg SCANCODE_VERSION=3.1.1 --build-arg GO_VERSION=1.12.4 .

Against all good practices, its (huge) Dockerfile masterserver/Dockerfile contains several big components inside, such as the DGraph database itself: this makes the image build take forever to complete.\ I'm afraid, though, that this step is necessary to be able to run these demos in a local environment.

That big image is just for demos

Please note that in production, however, a complete different set of images is being used, which reside under the docker folder.

How the Kubernetes version should look like

The qmstr-client is the image that is in charge of building the project (note the mvn package command):

https://github.com/QMSTR/qmstr/blob/77f29045f45c7109e34130e6f468f4b7b287f604/deploy/qmstr/base/job.yaml#L25-L37

This means that it is also language-dependent (note its name endocodeci/qmstr-client-mvn, which should really just be a tag in my opinion, i.e., endocodeci/qmstr-client:mvn), as the Maven version should contain the mvn binary, the Cmake version the cmake and make binaries, and so on. For that matter, the qmstr-client Dockerfile should contain a target specifically for CMake projects (this is the Maven target for reference).

How does the build system interact with Quartermaster

As you can see from this example, cmake and make are wrapped by the qmstr binary, that makes this communication possible (the qmstrctl --verbose spawn qmstr/curldemo part only spawns a container locally and runs all the commands that follow inside it).

Please note that this does not happen with Maven:

https://github.com/QMSTR/qmstr/blob/77f29045f45c7109e34130e6f468f4b7b287f604/deploy/qmstr/base/job.yaml#L27

qmstr does not wrap the mvn package command, as the pom.xml file is being previously patched by an initContainer in order for Maven to be able to send build information to Quartermaster.

Other useful information

marcomicera commented 3 years ago

Feel free to reach out to me in case you have questions!