Details

Reviewers

varun
atul
bartek
ashoat

Group Reviewers

Restricted Owners Package

(Owns No Changed Paths)

Commits

rCOMM71a3b71d0cda: [Nix] Package blob

Summary

Example of packaging rust comm services with nix

Test Plan

nix build .#comm-blob # for linux, or any mac

https://linear.app/comm/issue/ENG-2305

Diff Detail

Repository

rCOMM Comm

Branch

jonringer/blob-nix-docker

Lint

No Lint Coverage

Unit

No Test Coverage

Event Timeline

• jon created this revision.Nov 25 2022, 4:32 PM

Owners added a reviewer: Restricted Owners Package.Nov 25 2022, 4:32 PM

Herald added subscribers: tomek, ashoat. · View Herald TranscriptNov 25 2022, 4:32 PM

Harbormaster returned this revision to the author for changes because remote builds failed.Nov 25 2022, 4:39 PM

Harbormaster failed remote builds in B13761: Diff 18846!

Add @bartek as blocking since this is a build for the blob service. I love how clean this is!!

ashoat mentioned this in D5725: [services][blob] Use Rust implementation in Dockerfile.Nov 27 2022, 9:03 AM

Harbormaster completed remote builds in B13761: Diff 18846.Nov 27 2022, 9:15 AM

• jon requested review of this revision.Nov 27 2022, 9:15 AM

Getting the following when I run nix build .#comm-blob: https://gist.githubusercontent.com/atulsmadhugiri/2b3a2ceb09ff44f221c40f1d70b0eeb7/raw/653b5e77ef7b6fde5d9a49936dae29da9ea0b9cb/gistfile1.txt
Getting the following when I run nix build .#comm-blob.dockerImage: https://gist.githubusercontent.com/atulsmadhugiri/27c0d928f57638183618bd7c584b93ea/raw/55d2d0e32d1b9081a86065cd4d42f53d35b391ab/gistfile1.txt

(Also adding @ashoat as blocking to make sure he signs off on license)

nix/blob.nix
30–33	I think we generally use the BSD license? CC @ashoat

This revision now requires changes to proceed.Nov 28 2022, 3:41 PM

It seems like a really common issue that @jon's test plans don't reproduce in @atul's environment. I wonder how many of those issues happen because of macOS vs. NixOS, versus because of @atul having already ran through the whole mainline instructions

nix/blob.nix
30–33	Yeah let's stay consistent to what's in the root `LICENSE` file

This was meant to show a rough level of complexity that would be involved with packaging rust comm services with Nix, wasn't sure if we wanted to travel down this path.

Wrote this quickly on linux before having to go to a play with my wife. I shouldn't have made it ready for review.

Fix darwin build

• jon edited the test plan for this revision. (Show Details)Nov 29 2022, 11:38 AM

Can we update the Test Plan to include what operating systems and architectures the diff was tested on

Harbormaster completed remote builds in B13851: Diff 18972.Nov 29 2022, 11:55 AM

Checked it out on aarch64-darwin

This works:

nix build .#comm-blob
./result/bin/blob

This does NOT:

nix build .#comm-blob.dockerImage
docker load -i ./result
docker run -i comm-blob

It fails with exec /bin/blob: exec format error

It looks like the image is built for a different architecture than mine. Am I missing something?

Yeah getting the following:

2022-11-29T20:34:15.301285632Z standard_init_linux.go:228: exec user process caused: exec format error

atul requested changes to this revision.Nov 29 2022, 12:38 PM

This revision now requires changes to proceed.Nov 29 2022, 12:38 PM

@jon it would save the whole team SO MUCH time if you started testing ALL OF your diffs on the same environment that literally everybody else uses: macOS

@jon it would save the whole team SO MUCH time if you started testing ALL OF your diffs on the same environment that literally everybody else uses: macOS

I'll be more clear about platform compatibility, never used the dockerImage with mac.

It looks like the image is built for a different architecture than mine. Am I missing something?

No, it's creating an oci container with the contents from the blob build, so if you're on an m1 mac, then you're creating container which has aarch64-darwin binary contents, but docker only understands linux.

Docker for mac creates a linux VM for you, and launches the containers inside of it.

• jon edited the test plan for this revision. (Show Details)Nov 30 2022, 7:18 PM

Don't expose docker image on non-linux platforms

Add back darwin fixes

Harbormaster completed remote builds in B13907: Diff 19059.Nov 30 2022, 7:35 PM

Harbormaster completed remote builds in B13908: Diff 19060.Nov 30 2022, 7:38 PM

Remove commSrc as it rebuilds everything. Fix typo

Harbormaster completed remote builds in B13909: Diff 19062.Nov 30 2022, 8:10 PM

Thanks @jon!! I'm really excited about this work – will be great if we can unify builds on Nix.

Can you amend the Test Plan to include testing this on macOS, both Apple-based and Intel-based?

This revision now requires changes to proceed.Dec 1 2022, 8:14 AM

• jon edited the test plan for this revision. (Show Details)Dec 6 2022, 4:40 PM

Can you amend the Test Plan to include testing this on macOS, both Apple-based and Intel-based?

You should be able to build the binary on macos (e.g. `nix build .#comm-blob1), but the docker image will only be available on a linux host.

If you did want to do build the docker image on mac, then you would need to create a linux environment like starting a nix docker container, then attempting the build from within the docker image; this way nix will perceive the host as a linux machine. I'll add this to the test.

Ah dang, @bartek will that affect your work? I figure it's better for developer velocity to be able to build the Docker image without needing to manually stand up a VM for the build

It doesn't affect the blob service development as I'm doing it outside of Docker anyway.
It might affect other services development which depend on blob service. This is because our current yarn scripts (in services/ dir) build and run our services in docker. If running images wasn't possible anymore, they would need to be modified to run services directly/with Nix instead of Docker (this particular thing should be much easier when I'll get rid of last C++ service).

My opinion is that service Docker images should be only used to deploy services to staging/prod and they can be built on CI.

On the other hand, this particular diff doesn't conflict with any existing solution - it just adds another way to build the image so it doesn't break anything. So I'm totally OK with this one.

Do you foresee any need for developers to test building the Docker image locally? For keyserver development, I've found that if a diff causes a failure in the Docker keyserver CI job, it's easier for developers if they can locally test the Docker keyserver build, so they don't need to update the diff every time they want to test if a new approach works

I agree with @bartek on this one. The existing docker solutions work together for also the dev environment. We should update how those work first as that's that only environment which we have integration tests working currently. Once https://linear.app/comm/issue/ENG-1697, https://linear.app/comm/issue/ENG-1696 land, maybe https://linear.app/comm/issue/ENG-1792; then we can revisit the options, as we should have a "purely" native way to run the service test suite.

It doesn't hurt to have more options, I know that having more than one way to do something isn't great as now there is "split brain", but well engineered services should be able to handle being deployed in many different environments.

Do you foresee any need for developers to test building the Docker image locally?

The integration tests currently run docker compose, which target the existing docker files.

For unit tests and writing code, this isn't necessary.

I don't think we should land this if we're not going to put it into CI, and I don't think we can land this with a CI job since people don't really have a way to iterate on it / test it. In my 1:1 with @jon today he had some ideas on how to run the Nix Docker build on macOS, but they seemed pretty expensive in terms of complexity and engineering time. My instinct is that we should stick with Dockerfile builds in the short-term, until we're in a position to prioritize the aforementioned "Nix Docker build on macOS" stuff. Open to being convinced

This revision now requires changes to proceed.Dec 8 2022, 10:33 AM

I'll scope this down to remove the docker image, it's a nice-to-have. It will be easy to add it back.

Remove docker image

• jon edited the test plan for this revision. (Show Details)Dec 12 2022, 7:18 AM

I don't think we should land this if we're not going to put it into CI, and I don't think we can land this with a CI job since people don't really have a way to iterate on it / test it.

Building the package can be done on any platform, I've reduced the scope to just include the binary package itself. Just building the package with nix has some advantages, as nix will cache all successful builds, and cargo support in nixpkgs right now allows for all the dependencies to be cached in the nix store as well, so iterating "clean" builds, is very quick. cargo fetch is skipped if the lock file hasn't changed, and the entire build will be skipped if the proto and blob directories are the same.

My instinct is that we should stick with Dockerfile builds in the short-term, until we're in a position to prioritize the aforementioned "Nix Docker build on macOS" stuff. Open to being convinced

Seems fine with me.

Harbormaster completed remote builds in B14090: Diff 19290.Dec 12 2022, 7:31 AM

Code and test plan look fine, but didn't execute test plan myself

@jon wrote:

Building the package can be done on any platform, I've reduced the scope to just include the binary package itself. Just building the package with nix has some advantages, as nix will cache all successful builds, and cargo support in nixpkgs right now allows for all the dependencies to be cached in the nix store as well, so iterating "clean" builds, is very quick. cargo fetch is skipped if the lock file hasn't changed, and the entire build will be skipped if the proto and blob directories are the same.

Played with this a bit, works really smoothly.

ashoat accepted this revision.Dec 13 2022, 6:34 AM

• jon added 1 blocking reviewer(s): atul.Dec 13 2022, 7:01 AM

• jon edited the summary of this revision. (Show Details)Dec 13 2022, 7:04 AM

atul accepted this revision.Dec 14 2022, 10:44 AM

This revision is now accepted and ready to land.Dec 14 2022, 10:44 AM

Closed by commit rCOMM71a3b71d0cda: [Nix] Package blob (authored by • jon). · Explain WhyDec 14 2022, 2:30 PM

This revision was automatically updated to reflect the committed changes.

• jon added a commit: rCOMM71a3b71d0cda: [Nix] Package blob.