Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add S3 cache #982

Merged
merged 2 commits into from
Aug 14, 2020
Merged

Add S3 cache #982

merged 2 commits into from
Aug 14, 2020

Conversation

iNikem
Copy link
Contributor

@iNikem iNikem commented Aug 14, 2020

Enables remote Gradle cache on S3, closes #490

First, S3 bucket permissions should be rechecked based on https://github.com/burrunan/gradle-s3-build-cache#s3-bucket-permissions-for-cache-population. Cache should be readable for everybody, without credentials. In order to write to cache, we have to provide credentials. Plugin does require its own pair of env variables (not to mess with default configs locally). GHA populate them from secrets, which are available only on master branch. This is automatically guarantee that only nighty build on master can populate cache. And all other builds, including local on developers machines, can read that cache.

This is complimentary to GHA Gradle cache that we already have. Both will do their part to, hopefully, reduce our build times .

anuraaga
anuraaga reviewed Aug 14, 2020
View reviewed changes
.github/workflows/nightly.yaml
@@ -34,6 +34,9 @@ jobs:

- name: Test with Gradle
uses: nick-invision/retry@v1
env:
S3_BUILD_CACHE_ACCESS_KEY_ID: ${{ secrets.S3_BUILD_CACHE_ACCESS_KEY_ID }}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Who's key is this? Hope it's CNCF's.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

right now - Trask :) We are still waiting on open-telemetry/community#392

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yeah, we should get CNCF's soon, but wanted to unblock us in the short term

@trask
Copy link
Member

trask commented Aug 14, 2020

Policy for the ACCESS_KEY_ID / SECRET_KEY:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:PutObject"
            ],
            "Resource": [
                "arn:aws:s3:::otel-gradle-cache-temp/*"
            ]
        }
    ]
}

And public access is not blocked, so I think that means anyone should be able to GetObject?

@iNikem iNikem merged commit f6ec1f5 into open-telemetry:master Aug 14, 2020
@iNikem iNikem deleted the remote-build-cache branch August 14, 2020 17:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@anuraaga anuraaga anuraaga left review comments

@trask trask trask approved these changes

@jkwatson jkwatson Awaiting requested review from jkwatson

@tylerbenson tylerbenson Awaiting requested review from tylerbenson

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Use Gradle build cache
3 participants
@iNikem @trask @anuraaga