From 8658a4c2d009c627b305af08b8e296f41f3bc1c5 Mon Sep 17 00:00:00 2001
From: June Clementine Strawberry <strawberry@puppygock.gay>
Date: Tue, 28 Jan 2025 19:25:56 -0500
Subject: [PATCH] misc nix CI fixes that might speed it up a bit
Signed-off-by: June Clementine Strawberry <strawberry@puppygock.gay>
Signed-off-by: strawberry <strawberry@puppygock.gay>
---
.github/workflows/ci.yml | 4 +--
bin/complement | 4 ++-
flake.nix | 6 ++---
nix/pkgs/complement/config.toml | 19 +++++++++++---
nix/pkgs/complement/default.nix | 14 ++++++++--
nix/pkgs/main/default.nix | 45 ++++++++++++++++++++-------------
src/router/serve/tls.rs | 4 +--
7 files changed, 65 insertions(+), 31 deletions(-)
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 35d60aa1..9a3d518d 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -88,8 +88,8 @@ jobs:
ssh -q website "echo test" || ssh -q website "echo test"
echo "Creating commit rev directory on web server"
- ssh -q website "rm -rf /var/www/girlboss.ceo/~strawberry/conduwuit/ci-bins/${WEBSERVER_DIR_NAME}/" || ssh -q website "rm -rf /var/www/girlboss.ceo/~strawberry/conduwuit/ci-bins/${WEBSERVER_DIR_NAME}/"
- ssh -q website "mkdir -v /var/www/girlboss.ceo/~strawberry/conduwuit/ci-bins/${WEBSERVER_DIR_NAME}/" || ssh -q website "mkdir -v /var/www/girlboss.ceo/~strawberry/conduwuit/ci-bins/${WEBSERVER_DIR_NAME}/"
+ ssh -q website "rm -rf /var/www/girlboss.ceo/~strawberry/conduwuit/ci-bins/${WEBSERVER_DIR_NAME}/" || ssh -q website "rm -rf /var/www/girlboss.ceo/~strawberry/conduwuit/ci-bins/${WEBSERVER_DIR_NAME}/" || true
+ ssh -q website "mkdir -v /var/www/girlboss.ceo/~strawberry/conduwuit/ci-bins/${WEBSERVER_DIR_NAME}/" || ssh -q website "mkdir -v /var/www/girlboss.ceo/~strawberry/conduwuit/ci-bins/${WEBSERVER_DIR_NAME}/" || true
echo "SSH_WEBSITE=1" >> "$GITHUB_ENV"
diff --git a/bin/complement b/bin/complement
index a1db4b32..118a4df3 100755
--- a/bin/complement
+++ b/bin/complement
@@ -34,7 +34,9 @@ toplevel="$(git rev-parse --show-toplevel)"
pushd "$toplevel" > /dev/null
-bin/nix-build-and-cache just .#linux-complement
+#bin/nix-build-and-cache just .#linux-complement
+bin/nix-build-and-cache just .#complement
+#nom build .#complement
docker load < result
popd > /dev/null
diff --git a/flake.nix b/flake.nix
index 920d3d14..165cf372 100644
--- a/flake.nix
+++ b/flake.nix
@@ -169,10 +169,10 @@
# used for rust caching in CI to speed it up
sccache
-
- # needed so we can get rid of gcc and other unused deps that bloat OCI images
- removeReferencesTo
]
+ # valgrind is unavailable in static contexts
+ # used for CI and complement
+ ++ (if !stdenv.hostPlatform.isStatic then [ "valgrind" ] else [])
# liburing is Linux-exclusive
++ lib.optional stdenv.hostPlatform.isLinux liburing
# needed to build Rust applications on macOS
diff --git a/nix/pkgs/complement/config.toml b/nix/pkgs/complement/config.toml
index f20abee2..039f9c97 100644
--- a/nix/pkgs/complement/config.toml
+++ b/nix/pkgs/complement/config.toml
@@ -17,19 +17,30 @@ ip_range_denylist = []
url_preview_domain_contains_allowlist = ["*"]
url_preview_domain_explicit_denylist = ["*"]
media_compat_file_link = false
-media_startup_check = false
-prune_missing_media = false
+media_startup_check = true
+prune_missing_media = true
log_colors = false
admin_room_notices = false
allow_check_for_updates = false
-allow_unstable_room_versions = true
rocksdb_log_level = "debug"
rocksdb_max_log_files = 1
rocksdb_recovery_mode = 0
rocksdb_paranoid_file_checks = true
log_guest_registrations = false
allow_legacy_media = true
-startup_netburst = false
+startup_netburst = true
+
+# valgrind makes things so slow
+dns_timeout = 60
+dns_attempts = 20
+request_conn_timeout = 60
+request_timeout = 120
+well_known_conn_timeout = 60
+well_known_timeout = 60
+federation_idle_timeout = 300
+sender_timeout = 300
+sender_idle_timeout = 300
+sender_retry_backoff_limit = 300
[global.tls]
certs = "/certificate.crt"
diff --git a/nix/pkgs/complement/default.nix b/nix/pkgs/complement/default.nix
index e35cbf04..d7407ad9 100644
--- a/nix/pkgs/complement/default.nix
+++ b/nix/pkgs/complement/default.nix
@@ -9,19 +9,22 @@
, openssl
, stdenv
, tini
+, valgrind
, writeShellScriptBin
}:
let
main' = main.override {
profile = "test";
+ #profile = "release-debuginfo";
all_features = true;
disable_release_max_log_level = true;
disable_features = [
- # no reason to use jemalloc for complement, just has compatibility/build issues
"jemalloc"
"jemalloc_stats"
"jemalloc_prof"
+ "jemalloc_conf"
+ "io_uring"
# console/CLI stuff isn't used or relevant for complement
"console"
"tokio_console"
@@ -29,7 +32,7 @@ let
"sentry_telemetry"
"perf_measurements"
# the containers don't use or need systemd signal support
- "systemd"
+ #"systemd"
# this is non-functional on nix for some reason
"hardened_malloc"
# dont include experimental features
@@ -44,6 +47,13 @@ let
"url_preview"
];
};
+ # TODO: figure out why a suspicious amounnt of complement tests fail with valgrind only under complement.
+ # maybe issue with direct TLS mode?
+ #${lib.getExe' valgrind "valgrind"} \
+ #--leak-check=no \
+ #--undef-value-errors=no \
+ #--exit-on-first-error=yes \
+ #--error-exitcode=1 \
start = writeShellScriptBin "start" ''
set -euxo pipefail
diff --git a/nix/pkgs/main/default.nix b/nix/pkgs/main/default.nix
index d7424d11..26f4d1a4 100644
--- a/nix/pkgs/main/default.nix
+++ b/nix/pkgs/main/default.nix
@@ -82,7 +82,7 @@ rust-jemalloc-sys' = (rust-jemalloc-sys.override {
buildDepsOnlyEnv =
let
rocksdb' = (rocksdb.override {
- jemalloc = rust-jemalloc-sys';
+ jemalloc = lib.optional (featureEnabled "jemalloc") rust-jemalloc-sys';
# rocksdb fails to build with prefixed jemalloc, which is required on
# darwin due to [1]. In this case, fall back to building rocksdb with
# libc malloc. This should not cause conflicts, because all of the
@@ -103,6 +103,11 @@ buildDepsOnlyEnv =
++ [ "-DPORTABLE=haswell" ]) else ([ "-DPORTABLE=1" ])
)
++ old.cmakeFlags;
+ # outputs has "tools" which we dont need or use
+ outputs = [ "out" ];
+
+ # preInstall hooks has stuff for messing with ldb/sst_dump which we dont need or use
+ preInstall = "";
});
in
{
@@ -156,6 +161,19 @@ commonAttrs = {
];
};
+ # This is redundant with CI
+ doCheck = false;
+
+ cargoTestCommand = "cargo test --locked ";
+ cargoExtraArgs = "--no-default-features --locked "
+ + lib.optionalString
+ (features'' != [])
+ "--features " + (builtins.concatStringsSep "," features'');
+ cargoTestExtraArgs = "--no-default-features --locked "
+ + lib.optionalString
+ (features'' != [])
+ "--features " + (builtins.concatStringsSep "," features'');
+
dontStrip = profile == "dev" || profile == "test";
dontPatchELF = profile == "dev" || profile == "test";
@@ -181,9 +199,6 @@ commonAttrs = {
# differing values for `NIX_CFLAGS_COMPILE`, which contributes to spurious
# rebuilds of bindgen and its depedents.
jq
-
- # needed so we can get rid of gcc and other unused deps that bloat OCI images
- removeReferencesTo
]
# needed to build Rust applications on macOS
++ lib.optionals stdenv.hostPlatform.isDarwin [
@@ -195,13 +210,6 @@ commonAttrs = {
# https://discourse.nixos.org/t/compile-a-rust-binary-on-macos-dbcrossbar/8612
pkgsBuildHost.darwin.apple_sdk.frameworks.Security
];
-
- # for some reason gcc and other weird deps are added to OCI images and bloats it up
- #
- # <https://github.com/input-output-hk/haskell.nix/issues/829>
- postInstall = with pkgsBuildHost; ''
- find "$out" -type f -exec remove-references-to -t ${stdenv.cc} -t ${gcc} -t ${llvm} -t ${rustc.unwrapped} -t ${rustc} '{}' +
- '';
};
in
@@ -210,15 +218,18 @@ craneLib.buildPackage ( commonAttrs // {
env = buildDepsOnlyEnv;
});
- cargoExtraArgs = "--no-default-features "
+ # This is redundant with CI
+ doCheck = false;
+
+ cargoTestCommand = "cargo test --locked ";
+ cargoExtraArgs = "--no-default-features --locked "
+ + lib.optionalString
+ (features'' != [])
+ "--features " + (builtins.concatStringsSep "," features'');
+ cargoTestExtraArgs = "--no-default-features --locked "
+ lib.optionalString
(features'' != [])
"--features " + (builtins.concatStringsSep "," features'');
-
- # This is redundant with CI
- cargoTestCommand = "";
- cargoCheckCommand = "";
- doCheck = false;
env = buildPackageEnv;
diff --git a/src/router/serve/tls.rs b/src/router/serve/tls.rs
index 9d3fbd3b..f8e903c6 100644
--- a/src/router/serve/tls.rs
+++ b/src/router/serve/tls.rs
@@ -20,11 +20,11 @@ pub(super) async fn serve(
let certs = tls
.certs
.as_ref()
- .ok_or(err!(Config("tls.certs", "Missing required value in tls config section")))?;
+ .ok_or_else(|| err!(Config("tls.certs", "Missing required value in tls config section")))?;
let key = tls
.key
.as_ref()
- .ok_or(err!(Config("tls.key", "Missing required value in tls config section")))?;
+ .ok_or_else(|| err!(Config("tls.key", "Missing required value in tls config section")))?;
// we use ring for ruma and hashing state, but aws-lc-rs is the new default.
// without this, TLS mode will panic.