search

open-telemetry / opentelemetry-cpp

The OpenTelemetry C++ Client
https://opentelemetry.io/
Apache License 2.0
815 stars 391 forks source link

[CI] Use platform CMake #2627

Closed marcalff closed 3 months ago

marcalff commented 3 months ago

Use platform CMake

Changes

In CI, the build scripts used to:

to install CMake version 3.16.3 by default, or CMake version 3.20.6

All the platforms used in CI have already have CMake, for a more recent version.

Testing on old versions instead of testing with the version that comes with the platform provides little value, since users are more likely to run into issues that were not detected in CI.

Also, downloading a script and executing it is a bad practice.

This fix uses the CMake version already installed on the github runner image.

For significant contributions please make sure you have completed the following items:

ThomsonTan commented 3 months ago

The scripts like "tools/setup-cmake.sh" can also be used in non CI environment, such as setting up the CMake to a given machine in dev environment?

marcalff commented 3 months ago

The scripts like "tools/setup-cmake.sh" can also be used in non CI environment, such as setting up the CMake to a given machine in dev environment?

I don't know any dev who would go out of his way to install something like this, instead of using the natural packaging commands available with the OS distribution, for example:

sudo apt install cmake

This tools/setup-cmake.sh script installs under /usr/local with a make install, which imply that to run, the whole script must be executed as root, including the make part.

It builds from code downloaded in /tmp, which may have been poisoned before the script with an extra payload.

It installs CMake 3.18.4 by default, which is ancient.

It is not documented, one has to read the code to know how to invoke it.

It is not referenced anywhere in the opentelemetry-cpp documentation, one has to find it to know it exists.

This is a long list of red flags in my opinion.

Restoring the file for now because it appear to be used from tools/setup-buildtools.sh and tools/build-docker.cmd which I missed, but I still think this should be removed at some point.

To clarify:

I don't doubt tools/setup-cmake.sh was useful and used at some point in the past, when cmake (of the proper version) was not ubiquitous, but the landscape has chanced since, making this script no longer relevant.