// file : doc/manual.cli // copyright : Copyright (c) 2014-2017 Code Synthesis Ltd // license : MIT; see accompanying LICENSE file "\name=build2-build-bot-manual" "\subject=build bot" "\title=Build Bot" // NOTES // // - Maximum 
 line is 70 characters.
//

"
\h0#preface|Preface|

This document describes \c{bbot}, the \c{build2} build bot.

\h1#intro|Introduction|

\h1#arch|Architecture|

The \c{bbot} architecture includes several layers for security and
manageability. At the top we have a \c{bbot} running in the \i{controller}
mode. The controller monitors various \i{build sources} for \i{build
tasks}. For example, a controller may poll a \c{brep} instances for any new
packages to built as well as monitor a \c{git} repository for any new commits
to test. There can be several layers of controllers with \c{brep} being just a
special kind. A machine running a \c{bbot} instance in the controller mode is
called a \i{controller host}.

Below the controllers we have a \c{bbot} running in the \i{agent} mode
normally on Build OS. The agent polls its controllers for \i{build tasks} to
perform. A machine running a \c{bbot} instance in the agent mode is called a
\i{build host}.

The actual building is performed in the virtual machines and/or containers
that are executed on the build host. Inside virtual machines/containers,
\c{bbot} is running in the \i{worker mode} and receives build tasks from its
agent. Virtual machines and containers running a \c{bbot} instance in the
worker mode are collectively called \i{build machines}.

Let's now examine the workflow in the other direction, that is, from a worker
to a controller. Once a build machine is booted (by the agent), the worker
inside connects to the TFTP server running on the build host and downloads the
\i{build task manifest}. It then proceeds to perform the build task and
uploads the \i{build result manifest} (which includes build logs) to the TFTP
server.

Once an agent receives a build task for a specific build machine, it goes
through the following steps. First, it creates a directory on its TFTP server
with the \i{machine name} as its name and places the build task manifest
inside. Next, it makes a throw-away snapshot of the build machine and boots
it. After booting the build machine, the agent monitors the machine directory
on its TFTP server for the build result manifest (uploaded by the worker once
the build has completed). Once the result manifest is obtained, the agent
shuts down the build machine and discards its snapshot.

To obtains a build task the agent polls via HTTP/HTTPS one or more
controllers. Before each poll request the agent enumerates the available build
machines and sends this information as part of the request. The controller
responds with a build task manifest that identifies a specific build machine
to use.

If the controller has higher-level controllers (for example, \c{brep}), then
it aggregates the available build machines from its agents and polls these
controllers (just as an agent would), forwarding build tasks to suitable
agents. In this case we say that the \i{controller act as an agent}. The
controller may also be configured to monitor build sources, such as SCM
repositories, directly in which case it generates build tasks itself.

In this architecture the build results are propagated up the chain: from a
worker, to its agent, to its controller, and so on. A controller that is the
final destination of a build result uses email to notify interested parties of
the outcome. For example, \c{brep} would send a notification to the package
owner if the build failed. Similarly, a \c{bbot} controller that monitors a
\c{git} repository would send an email to a committer if their commit caused a
build failure. The email would include a link (normally HTTP/HTTPS) to the
build logs hosted by the controller.

\h2#arch-machine-config|Machine Configuration|

A build machine has a notion of a \i{machine configuration} that captures the
operating system, installed compiler toolchain, and so on. Note that the same
build machine may be used for multiple \i{build configurations}. For example,
the same machine can normally be used to produce 32/64-bit and debug/release
builds.

The machine configuration is \i{approximately} encoded in its \i{machine
name}. The machine name is a list of components separated with \c{-}. Each
component can contain alpha-numeric characters, underscores, dots, and pluses
with the whole id being a portably-valid path component.

The encoding is approximate in a sense that it captures only what's important
to distinguish in a particular \c{bbot} deployment.

The first component normally identifies the operating system and has the
following recommended form:

\
[_][_]
\

For example:

\
windows
windows_10
windows_10.1607
i686_windows_xp
freebsd_10
centos_6.2
ubuntu_16.04
macos_10.12
\

The second component normally identifies the installed compiler toolchain and
has the following recommended form:

\
[][]
\

For example:

\
gcc
gcc_6
gcc_6.3
clang_3.9_libc++
clang_3.9_libstdc++
msvc_14
msvc_14u3
icc
\

Some examples of complete machine names:

\
windows_10-msvc_14u3
macos_10.12-clang
ubuntu_16.04-gcc_6.3
\

\h2#arch-machine-manifest|Machine Manifest|

The build machine manifest describes the build machine on the build host (see
the Build OS documentation for their origin and location). A list of machine
manifests is also sent by \c{bbot} agents to controllers.

\
SYNOPSIS

id:      
name:    
type:    
summary: 
\

\dl|

\li|\n\c{id: }\n

  The \i{machine-id} uniquely identifies a machine version/revision/build.
  For virtual machines this can be the disk image checksum. For a container
  this can be UUID that is re-generated every time a container filesystem
  is altered.|

\li|\n\c{name: }\n

  The machine name as described above.|

\li|\n\c{type: }\n

  The machine type. Valid values are \c{vm} and \c{container}. Note that this
  value is not sent by agents to controllers.|

\li|\n\c{summary: }\n

  A one-line description of the machine. For example:

  \
  name: windows_10-msvc_14
  summary: Windows 10 build 1607 with VC 14 update 3
  \

||


\h2#arch-task-manifest|Task Manifest|

The task manifest describes a build task.

\
SYNOPSIS

name:       
version:    
repository: 
#location:  
\

\dl|

\li|\n\c{name: }\n

  Package name to test.|

\li|\n\c{version: }\n

  Package version to test.|

\li|\n\c{repository: }\n

  The \c{bpkg} repository that contains the package and its dependencies.||

To test a package from a repository the \c{bbot} worker would execute
the following commands:

\
bpkg -v create [cxx config.cxx=g++-6]
bpkg -v add 
bpkg -v fetch
bpkg -v build --yes --configure-only /
bpkg -v update 
bpkg -v test 
\

\h2#arch-result-manifest|Result Manifest|

The result manifest describes a build result.

\
SYNOPSIS

name:     
version:  

status:           
configure-status: 
update-status:    
test-status:      

configure-log: 
update-log:    
test-log:      
\

\dl|

\li|\n\c{name: }\n

  Package name from the task manifest.|

\li|\n\c{version: }\n

  Package version from the task manifest.|

\li|\n\c{status: }\n

  An overall (cumulative) build result status. Valid values are:

  \
  success    # All operations completed successfully.
  warning    # One or more operations completed with warnings.
  error      # One or more operations completed with errors.
  abort      # One or more operations were aborted.
  abnormal   # One or more operations terminated abnormally.
  \

  The \c{abort} status indicates that the operation has been aborted by
  \c{bbot}, for example, because it was consuming too many resources and/or
  was taking too long. Note that a task can be aborted both by the \c{bbot}
  worker as well as the agent. In the later case the whole machine is shut
  down and no operation-specific status or logs will be included (@@ Maybe
  we should just include 'log:' with commands that start VM, for
  completeness?).

  The \c{abnormal} status indicates that the operation has terminated
  abnormally, for example, due to the package manager or build system crash.

  Note that the overall \c{status} value should appear before any
  per-operation \c{*-status} values.|

\li|\n\c{*-status: }\n

  A per-operation result status. Note that the \c{*-status} values should
  appear in the same order as the corresponding operations were performed
  and for each \c{*-status} there should be a corresponding \c{*-log}.|

\li|\n\c{*-log: }\n

  A per-operation result log. Note that the \c{*-log} values should appear
  last and in the same order as the corresponding \c{*-status} values.||


\h2#arch-task-req-manifest|Task Request Manifest|

An agent (or controller acting as an agent) sends a task request to its
controller via HTTP/HTTPS POST method (@@ URL/API endpoint). The task request
starts with the task request manifest followed by a list of machine manifests.

\
SYNOPSIS

agent:       
fingerprint: 
\

\dl|

\li|\n\c{agent: }\n

  The name of the agent host (\c{hostname}). These should be unique in a
  particular \c{bbot} deployment.|

\li|\n\c{fingerprint: }\n

  The SHA256 fingerprint of the agent's public key.||


\h2#arch-task-res-manifest|Task Response Manifest|

A controller sends the task response manifest in response to the task request
initiated by an agent. The response is delivered as a result of the POST
method. The task response starts with the task response manifest optionally
followed by a task manifest.

\
SYNOPSIS

session:   
challenge: 
\

\dl|

\li|\n\c{session: }\n

  An identifier assigned to this session by the controller. An empty value
  indicates that the controller has no tasks at this time in which case the
  task manifest is absent.|

\li|\n\c{challenge: }\n

  A random text (nonce) used to challenge the agent's private key. If present,
  then the agent must sign this text with its private key and include the
  signature in the result request.

  The signature should be derived by calculating the SHA256 checksum of the
  text, encrypting it with the agent's private key, and then base64-encoding
  the result.||


\h2#arch-result-req-manifest|Result Request Manifest|

On completion of a task an agent (or controller acting as an agent) sends a
result (upload) request to its controller via HTTP/HTTPS POST method (@@
URL/API endpoint). The result request starts with the result request manifest
followed by a result manifest. Note that there is no result response and
only a successful but empty POST result is returned.

\
SYNOPSIS

session:   
challenge: 
\

\dl|

\li|\n\c{session: }\n

  The session id as returned by the controller in the task response.|

\li|\n\c{challenge: }\n

  The answer to the private key challenge as posed by the controller in the
  task response.||
"