Skip to content

Commit 1f91c87

Browse files
authored
update PR validation and daily runs to reduce PR dependance on ARM64 runners (#1603)
* update PR validation and daily runs to reduce PR dependance on ARM64 runners Signed-off-by: Simon Davies <simongdavies@users.noreply.github.com> * updtes after copilot review Signed-off-by: Simon Davies <simongdavies@users.noreply.github.com> * review feedback Signed-off-by: Simon Davies <simongdavies@users.noreply.github.com> --------- Signed-off-by: Simon Davies <simongdavies@users.noreply.github.com>
1 parent e8ce68e commit 1f91c87

4 files changed

Lines changed: 135 additions & 22 deletions

File tree

.github/workflows/DailyArm64.yml

Lines changed: 109 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,109 @@
1+
# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
2+
3+
name: Daily aarch64
4+
5+
# Full aarch64 coverage runs here on a schedule rather than on every PR, because
6+
# there are only limited aarch64 runners. PRs run a reduced aarch64
7+
# build-test (build + default Rust tests only) and skip aarch64 examples; this
8+
# workflow restores Miri, the single-driver tests, and the examples once a day.
9+
10+
on:
11+
schedule:
12+
- cron: '0 5 * * *' # Runs at 05:00 UTC every day
13+
workflow_dispatch: # Allow manual triggering
14+
15+
env:
16+
CARGO_TERM_COLOR: always
17+
RUST_BACKTRACE: full
18+
19+
permissions:
20+
contents: read
21+
22+
defaults:
23+
run:
24+
shell: bash
25+
26+
jobs:
27+
# Build aarch64 guest binaries once and upload them as artifacts for the
28+
# build-test and run-examples jobs to download.
29+
build-guests:
30+
strategy:
31+
fail-fast: false
32+
matrix:
33+
config: [debug, release]
34+
uses: ./.github/workflows/dep_build_guests.yml
35+
secrets: inherit
36+
with:
37+
arch: arm64
38+
config: ${{ matrix.config }}
39+
40+
# Full aarch64 build-and-test. full_aarch64: "true" re-enables the Miri and
41+
# single-driver steps that are skipped on PRs.
42+
build-test:
43+
needs: build-guests
44+
strategy:
45+
fail-fast: false
46+
matrix:
47+
config: [debug, release]
48+
uses: ./.github/workflows/dep_build_test.yml
49+
secrets: inherit
50+
with:
51+
hypervisor: kvm
52+
cpu_vendor: apple
53+
arch: arm64
54+
config: ${{ matrix.config }}
55+
full_aarch64: "true"
56+
57+
run-examples:
58+
needs: build-guests
59+
strategy:
60+
fail-fast: false
61+
matrix:
62+
config: [debug, release]
63+
uses: ./.github/workflows/dep_run_examples.yml
64+
secrets: inherit
65+
with:
66+
hypervisor: kvm
67+
cpu_vendor: apple
68+
arch: arm64
69+
config: ${{ matrix.config }}
70+
71+
# Fuzz on aarch64. This coverage was removed from PRs in #1594 to conserve the
72+
# limited arm64 runners, and runs here daily instead. The tracing
73+
# fuzzers (fuzz_guest_trace, fuzz_guest_estimate_trace_event) are x86_64-only
74+
fuzzing:
75+
needs: build-guests
76+
strategy:
77+
fail-fast: false
78+
matrix:
79+
target: ['fuzz_host_print', 'fuzz_guest_call', 'fuzz_host_call']
80+
uses: ./.github/workflows/dep_fuzzing.yml
81+
secrets: inherit
82+
with:
83+
target: ${{ matrix.target }}
84+
arch: arm64
85+
max_total_time: 300 # 5 minutes in seconds
86+
87+
# File (or update) a release-blocking GitHub issue if any job fails. The first
88+
# label (area/ci-periodics-aarch64) is the de-duplication key used by
89+
# notify-ci-failure.sh, so this workflow maintains its own issue lineage and is
90+
# guaranteed to carry release-blocker, instead of commenting on another periodic
91+
# job's issue. NOTE: that label must exist in the repo (Issues -> Labels) or the
92+
# `gh issue create` call will fail.
93+
notify-failure:
94+
runs-on: ubuntu-latest
95+
needs: [build-guests, build-test, run-examples, fuzzing]
96+
if: always() && (needs.build-guests.result == 'failure' || needs.build-test.result == 'failure' || needs.run-examples.result == 'failure' || needs.fuzzing.result == 'failure')
97+
permissions:
98+
# Job-level permissions replace (not merge with) the workflow-level grant,
99+
# so contents:read must be re-declared for actions/checkout to work.
100+
contents: read
101+
issues: write
102+
steps:
103+
- name: Checkout code
104+
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
105+
106+
- name: Notify Daily aarch64 Failure
107+
run: ./dev/notify-ci-failure.sh --title="Daily aarch64 Failure - ${{ github.run_number }}" --labels="area/ci-periodics-aarch64,area/ci-periodics,area/testing,lifecycle/needs-review,release-blocker"
108+
env:
109+
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/ValidatePullRequest.yml

Lines changed: 6 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -129,21 +129,12 @@ jobs:
129129
strategy:
130130
fail-fast: true
131131
matrix:
132+
# aarch64 examples are exercised by the daily schedule (DailyArm64.yml)
133+
# only, to keep the limited arm64 runners free on PRs.
132134
hypervisor: ['hyperv-ws2025', mshv3, kvm]
133-
cpu_vendor: [amd, intel, apple]
134-
arch: [X64, arm64]
135+
cpu_vendor: [amd, intel]
136+
arch: [X64]
135137
config: [debug, release]
136-
exclude:
137-
- cpu_vendor: apple
138-
hypervisor: hyperv-ws2025
139-
- cpu_vendor: apple
140-
hypervisor: mshv3
141-
- cpu_vendor: amd
142-
arch: arm64
143-
- cpu_vendor: intel
144-
arch: arm64
145-
- cpu_vendor: apple
146-
arch: X64
147138
uses: ./.github/workflows/dep_run_examples.yml
148139
secrets: inherit
149140
with:
@@ -166,13 +157,8 @@ jobs:
166157
target: ['fuzz_host_print', 'fuzz_guest_call', 'fuzz_host_call', 'fuzz_guest_estimate_trace_event', 'fuzz_guest_trace']
167158
arch:
168159
- X64
169-
# arm64 disabled to conserve the limited self-hosted Apple runners.
170-
# - arm64
171-
# exclude:
172-
# - arch: arm64
173-
# target: fuzz_guest_trace
174-
# - arch: arm64
175-
# target: fuzz_guest_estimate_trace_event
160+
# arm64 fuzzing runs on the daily schedule (DailyArm64.yml) instead of on
161+
# PRs, to conserve the limited arm64 runners.
176162
uses: ./.github/workflows/dep_fuzzing.yml
177163
secrets: inherit
178164
with:

.github/workflows/dep_build_test.yml

Lines changed: 18 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -26,6 +26,16 @@ on:
2626
description: CPU architecture for the build (passed from caller matrix)
2727
required: true
2828
type: string
29+
full_aarch64:
30+
description: >-
31+
When "true", also run the Miri and single-driver tests on aarch64.
32+
PRs leave this "false" so the aarch64 runner only builds and runs the
33+
default Rust tests; the daily schedule (DailyArm64.yml) sets it "true".
34+
This input only affects aarch64: it does not change X64, where those
35+
tests already run on Linux and are skipped on Windows regardless.
36+
required: false
37+
type: string
38+
default: "false"
2939

3040
env:
3141
CARGO_TERM_COLOR: always
@@ -94,7 +104,10 @@ jobs:
94104
run: just build ${{ inputs.config }}
95105

96106
- name: Run Miri tests
97-
if: runner.os == 'Linux'
107+
# Linux-only. Skipped on aarch64 PRs to conserve the limited runners;
108+
# the daily schedule (full_aarch64 == 'true') restores it. On X64 Linux
109+
# it always runs.
110+
if: runner.os == 'Linux' && (inputs.arch == 'X64' || inputs.full_aarch64 == 'true')
98111
run: env -u RUSTC_WRAPPER just miri-tests
99112

100113
- name: Run Rust tests
@@ -103,7 +116,10 @@ jobs:
103116
just test ${{ inputs.config }}
104117
105118
- name: Run Rust tests with single driver
106-
if: runner.os == 'Linux'
119+
# Linux-only. Skipped on aarch64 PRs to conserve the limited runners;
120+
# the daily schedule (full_aarch64 == 'true') restores it. On X64 Linux
121+
# it always runs.
122+
if: runner.os == 'Linux' && (inputs.arch == 'X64' || inputs.full_aarch64 == 'true')
107123
run: |
108124
# with only one driver enabled (kvm/mshv3 features are unix-only, no-op on Windows)
109125
just test ${{ inputs.config }} ${{ inputs.hypervisor == 'mshv3' && 'mshv3' || 'kvm' }}

docs/github-labels.md

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -48,6 +48,8 @@ In addition to lifecycle labels, we use the following labels to further categori
4848
In addition to **kind/*** labels, we use optional **area/*** labels to specify the focus of a PR or issue. These labels are purely for categorization, and are not mandatory.
4949

5050
- **area/API** - Related to the API or public interface.
51+
- **area/ci-periodics** - Applied to issues that track failures from scheduled (periodic) CI jobs. These issues are opened automatically by the CI failure notifier (`dev/notify-ci-failure.sh`).
52+
- **area/ci-periodics-aarch64** - De-duplication label for failures from the daily aarch64 workflow (`.github/workflows/DailyArm64.yml`). It keeps those failures on their own dedicated, release-blocking issue instead of sharing the general `area/ci-periodics` issue.
5153
- **area/dependencies** - Concerns dependencies or related components. This label is different from **kind/dependencies**, which should only used for PRs.
5254
- **area/documentation** - Related to documentation updates or improvements.
5355
- **area/infrastructure** - Concerns infrastructure rather than core functionality.

0 commit comments

Comments
 (0)