MOD-13779 | MOD-13574 | MOD-13811 Dockerize CI, add AL2023 and macos-…#1503
MOD-13779 | MOD-13574 | MOD-13811 Dockerize CI, add AL2023 and macos-…#1503AvivDavid23 merged 3 commits into2.4from
Conversation
…26 (#1494) * MOD-13779 Dockerize CI * MOD-13574 AL2023 * MOD-13811 MACOS-26
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
|
|
||
| # Install git and build tools first | ||
| RUN dnf install -y git make wget openssl openssl-devel which \ | ||
| rsync unzip clang tar |
There was a problem hiding this comment.
Missing gcc compiler in Amazon Linux 2023 Dockerfile
High Severity
The Dockerfile.amazonlinux2023 installs clang but not gcc. The install_redis.sh script runs make to build Redis, which defaults to using gcc as the compiler. Without gcc installed, the Redis build step will fail, causing the entire Docker image build to fail. All other Dockerfiles in this PR (e.g., Dockerfile.jammy, Dockerfile.bionic, Dockerfile.rocky9) explicitly install gcc or a package that provides it.
| RUN yum install -y wget git which devtoolset-11-gcc devtoolset-11-gcc-c++ devtoolset-11-make \ | ||
| rsync unzip tar awscli clang curl openssl11 openssl11-devel | ||
|
|
||
| RUN source /opt/rh/devtoolset-11/enable |
There was a problem hiding this comment.
Devtoolset gcc not enabled for Redis build
High Severity
The RUN source /opt/rh/devtoolset-11/enable command on line 19 runs in its own shell, and environment changes don't persist to subsequent RUN commands. When install_redis.sh runs at line 29, devtoolset-11-gcc isn't in PATH because each Docker RUN starts a fresh shell. Since no base gcc package is installed (only devtoolset-11-gcc which requires enabling), the Redis build will fail with gcc not found.
Additional Locations (1)
| ENV DEBIAN_FRONTEND=noninteractive | ||
| RUN dnf update -y | ||
| RUN dnf install -y gcc-toolset-13-gcc gcc-toolset-13-gcc-c++ make wget git openssl openssl-devel which rsync unzip cargo clang | ||
| RUN cp /opt/rh/gcc-toolset-13/enable /etc/profile.d/gcc-toolset-13.sh |
There was a problem hiding this comment.
gcc-toolset not enabled for Redis build
High Severity
Line 7 installs gcc-toolset-13-gcc (located at /opt/rh/gcc-toolset-13/) but no base gcc package. Line 8 copies the enable script to profile.d which only works for login shells. When install_redis.sh runs at line 16 in a non-login shell, gcc isn't in PATH, causing the Redis build to fail. Unlike Dockerfile.rocky8 which installs the "Development Tools" group (including base gcc), Rocky 9 has no system gcc available.
Additional Locations (1)
| RUN dnf install -y gcc-toolset-11-gcc gcc-toolset-11-gcc-c++ gcc-toolset-11-libatomic-devel make wget git openssl openssl-devel \ | ||
| bzip2-devel libffi-devel zlib-devel tar xz which rsync cargo clang curl | ||
|
|
||
| RUN cp /opt/rh/gcc-toolset-11/enable /etc/profile.d/gcc-toolset-11.sh |
There was a problem hiding this comment.
gcc-toolset copied to profile.d but never sourced
Medium Severity
The RUN cp /opt/rh/gcc-toolset-*/enable /etc/profile.d/*.sh commands copy the toolset enable script expecting it to be sourced automatically, but profile.d scripts are only sourced by login shells. Docker RUN commands and the workflow's bash -c commands are non-login shells, so the gcc-toolset is never activated. Redis at lines 20 (Rocky 8) and 16 (Rocky 9) is built with system GCC (8.x and 11.x respectively) instead of the installed gcc-toolset (11.x and 13.x).
Additional Locations (1)
| needs: [prepare-values] | ||
| with: | ||
| arch: arm64 | ||
| redis-ref: ${{needs.prepare-values.outputs.redis-ref}} |
There was a problem hiding this comment.
CI matrix expanded from 4 to 11 OSes without documentation
Medium Severity
The os parameter was removed from build-linux-x64 and build-linux-arm64 jobs, causing them to use defaults from flow-linux.yml. This expands the CI matrix from 4 OSes (jammy, rocky9, amazonlinux2, azurelinux3) to 11 OSes for x64, and from 3 OSes to 7 for arm64. Total CI builds increase from ~7 to ~18, potentially slowing PR feedback loops significantly. The linux-valgrind job still explicitly sets os: jammy, suggesting the original limiting pattern was intentional for CI speed.
2 participants
…26 (#1494)
MOD-13779 Dockerize CI
MOD-13574 AL2023
MOD-13811 MACOS-26
Note
Medium Risk
Replaces core GitHub Actions build/test/pack/upload workflows with a Docker-based matrix across many OS images and architectures, which can break CI in subtle platform-specific ways. Also changes packaging/upload paths (new in-container S3 uploader) and dependency pinning, affecting release artifact generation.
Overview
Dockerizes the Linux CI pipeline by replacing the legacy
flow-linux-x86,flow-ubuntu-arm, andflow-alpineworkflows with a unifiedflow-linux.ymlthat builds/tests/packs inside per-OS Docker images acrossx64andarm64matrices.Adds new Dockerfiles for supported distros (including Alpine and Amazon Linux 2023) plus a shared
.install/install_redis.shused during image builds, and introducessbin/upload-artifacts-s3to perform S3 uploads from within the container (including optional beta uploads).Updates event workflows (
event-ci,event-nightly,event-tag) to call the new linux workflow, expands the tagged-release OS set, updates macOS CI to ARM-only acrossmacos-14/15/26, and pins Python tooling tosetuptools<81(also added to test requirements).Written by Cursor Bugbot for commit 06a26b6. This will update automatically on new commits. Configure here.