Basic AL4 support in CI#7972
Conversation
b606ef9 to
e990329
Compare
There was a problem hiding this comment.
Pull request overview
This PR introduces minimal Azure Linux 4 (AL4) coverage in CI (nightly on main and on-demand via the azure-linux-4 label) and makes a handful of small compatibility adjustments across C++, tests, and build tooling to get the codebase building and exercising unit/e2e tests on AL4.
Changes:
- Add a new AL4 GitHub Actions workflow plus an AL4-specific dependency installation script.
- Update a few code paths for AL4 toolchain/library differences (Arrow Parquet reader API, OpenSSL header deprecations, QUIC session member cleanup).
- Minor test harness robustness tweaks (curl
-margument formatting, tolerate additional transient connection errors).
Custom instructions used:
.github/copilot-instructions.md.github/instructions/reviewing.instructions.md
Reviewed changes
Copilot reviewed 13 out of 13 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
.github/workflows/ci-al4.yml |
Adds AL4 CI workflow with VMSS jobs to build and run unit/e2e buckets, with artifact upload of logs. |
scripts/setup-ci-al4.sh |
New AL4 bootstrap script installing build/test deps, Node, h2spec, and Python tooling (uv). |
tests/perf-system/submitter/submit.cpp |
Adds Arrow version gating for Parquet reader creation (Arrow ≥ 19 API change). |
tests/infra/clients.py |
Fixes curl timeout argument formatting by passing -m and its value as separate argv entries. |
tests/connections.py |
Expands transient exception handling to include BrokenPipeError during polling. |
src/quic/quic_session.h |
Removes redundant/shadowing session_id member in derived QUIC session type. |
src/enclave/enclave.h |
Drops OpenSSL engine.h include to align with OpenSSL 3 deprecations. |
include/ccf/crypto/openssl/openssl_wrappers.h |
Drops OpenSSL engine.h include from wrapper header. |
src/crypto/openssl/ec_public_key.cpp |
Drops OpenSSL engine.h include. |
src/crypto/openssl/ec_key_pair.cpp |
Drops OpenSSL engine.h include. |
src/ds/test/openapi.cpp |
Adds std::hash<Baz> specialization to enable schema generation for std::unordered_set<Baz>. |
src/crypto/openssl/hash.cpp |
Adjusts HKDF salt pointer handling for empty salts (review comment raised on semantics risk). |
samples/apps/logging/logging.cpp |
Simplifies unauthenticated caller detection by removing an unused dynamic_cast result variable. |
| DECLARE_JSON_OPTIONAL_FIELDS(Baz, x, y); | ||
|
|
||
| namespace std | ||
| { |
There was a problem hiding this comment.
I am surprised we suddenly need this, do you know why?
| // and 3.5 both pass the pointer and salt_size through to HKDF, so no salt | ||
| // bytes are read and the derived key is unchanged. | ||
| const uint8_t empty_salt = 0; | ||
| const auto* salt_data = salt.empty() ? &empty_salt : salt.data(); |
There was a problem hiding this comment.
Is it possible for the span to have a null ptr despite being non empty?
|
|
||
| install_source_control() { | ||
| # Source control and tools used by this script. | ||
| tdnf -y install \ |
There was a problem hiding this comment.
I thought azl4 used dnf rather than tdnf? If we are going to split the script anyway, we might as well avoid aliases?
| libstdc++-devel | ||
| # Azure Linux 4 beta does not publish libbacktrace-static yet; the Azure | ||
| # Linux 3.0 RPM contains only backtrace.h and libbacktrace.a and works here. | ||
| tdnf install -y https://packages.microsoft.com/azurelinux/3.0/prod/base/x86_64/Packages/l/libbacktrace-static-13.2.0-7.azl3.x86_64.rpm |
There was a problem hiding this comment.
Can we request this asap, we've just added this as a dependency, and we do not want to have this hack for an indefinite period of time.
| git config --global --add safe.directory /__w/CCF/CCF | ||
| mkdir build | ||
| cd build | ||
| cmake -GNinja -DCMAKE_BUILD_TYPE=Debug "-DCMAKE_CXX_FLAGS=-Wno-error=deprecated-declarations -Wno-error=#warnings" .. |
There was a problem hiding this comment.
This feels like it should be in cmake, maybe gated on compiler version detection, but definitely not inline in the CI, this will make it too easy for local runs to diverge from CI.
|
|
||
| jobs: | ||
| vmss-virtual-a: | ||
| if: &check_trigger_conditions ${{ (github.event.action == 'labeled' && github.event.label.name == 'azure-linux-4') || (github.event.action != 'labeled' && contains(github.event.pull_request.labels.*.name, 'azure-linux-4')) || github.event_name == 'workflow_dispatch' || github.event_name == 'schedule' }} |
There was a problem hiding this comment.
It seems to me that if the CI passes, we ought to run it every time and not use labels. Happy to discuss.
Minimal AL4 support
azure-linux-4label