-
Notifications
You must be signed in to change notification settings - Fork 552
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Possible to use public readonly access with Azure storage? #2258
Comments
Hi, @ScottTodd. Thank you very much for these detailed issues. To support public access to Azure without credentials, we need efforts from both the opendal and sccache sides:
Would you like to cross post this issue to opendal side too? |
I'm not familiar with opendal or the implementation details of sccache, so I wouldn't really know what to say there 😅 Another option we're considering is running our own server to use with sccache, possibly hosted on Azure close to our build machines, instead of using Azure Blob Storage. That would give us more direct control over endpoints, authentication, etc. |
) This commit is part of this larger issue that is tracking our migration off the GCP runners, storage buckets, etc: #18238. This builds on #18381, which migrated * `linux_x86_64_release_packages` * `linux_x64_clang_debug` * `linux_x64_clang_tsan` Here, we move over the rest of the critical linux builder workflows off of the GCP runners: * `linux_x64_clang` * `linux_x64_clang_asan` This also drops all CI usage of the GCP cache (`http://storage.googleapis.com/iree-sccache/ccache`). Some workflows now use sccache backed by Azure Blob Storage as a replacement. There are few issues with this (mozilla/sccache#2258) that prevent us providing read only access to the cache in PRs created from forks, so **PRs from forks currently don't use the cache and will have slower builds**. We're covering for this slowdown by using larger runners, but if we can roll out caching to all builds then we might use runners with fewer cores. Along with the changes to the cache, usage of Docker is rebased on images in the https://github.com/iree-org/base-docker-images/ repo and the `build_tools/docker/docker_run.sh` script is now only used by unmigrated workflows (`linux_arm64_clang` and `build_test_all_bazel`). --------- Signed-off-by: saienduri <[email protected]> Signed-off-by: Elias Joseph <[email protected]> Co-authored-by: Scott Todd <[email protected]> Co-authored-by: Elias Joseph <[email protected]>
…e-org#18511) This commit is part of this larger issue that is tracking our migration off the GCP runners, storage buckets, etc: iree-org#18238. This builds on iree-org#18381, which migrated * `linux_x86_64_release_packages` * `linux_x64_clang_debug` * `linux_x64_clang_tsan` Here, we move over the rest of the critical linux builder workflows off of the GCP runners: * `linux_x64_clang` * `linux_x64_clang_asan` This also drops all CI usage of the GCP cache (`http://storage.googleapis.com/iree-sccache/ccache`). Some workflows now use sccache backed by Azure Blob Storage as a replacement. There are few issues with this (mozilla/sccache#2258) that prevent us providing read only access to the cache in PRs created from forks, so **PRs from forks currently don't use the cache and will have slower builds**. We're covering for this slowdown by using larger runners, but if we can roll out caching to all builds then we might use runners with fewer cores. Along with the changes to the cache, usage of Docker is rebased on images in the https://github.com/iree-org/base-docker-images/ repo and the `build_tools/docker/docker_run.sh` script is now only used by unmigrated workflows (`linux_arm64_clang` and `build_test_all_bazel`). --------- Signed-off-by: saienduri <[email protected]> Signed-off-by: Elias Joseph <[email protected]> Co-authored-by: Scott Todd <[email protected]> Co-authored-by: Elias Joseph <[email protected]>
We're trying to set up our GitHub project to use sccache with Azure Blob Storage to speed up our CMake builds in GitHub Actions running on
pull_request
andpush
events. We'd like for contributors sending pull requests from forks to be able to read from the shared cache without granting them write access.bearer-token
parameter in the URL and untrusted workflows instead passing theread-only
parameter.SCCACHE_S3_NO_CREDENTIALS
environment variable, documented here: https://github.com/mozilla/sccache/blob/main/docs/S3.mdWe configured an Azure Blob Storage container with "anonymous read access" then followed the docs here: https://github.com/mozilla/sccache/blob/main/docs/Azure.md. Here's what we've tried so far to get readonly / unauthenticated access to the shared cache:
SCCACHE_AZURE_BLOB_CONTAINER
andSCCACHE_AZURE_CONNECTION_STRING
environment variables to real values.SCCACHE_AZURE_CONNECTION_STRING
environment variable to a connection string withAccountKey=${THE_SECRET_KEY_HERE};
omitted, hoping that would fall back to anonymous/readonly access.SCCACHE_AZURE_BLOB_CONTAINER
andSCCACHE_AZURE_CONNECTION_STRING
environment variables then try to read from the storage by first downloading the files (e.g. withazcopy
), then treating the downloaded folder as a local storage cache by following instructions at https://github.com/mozilla/sccache/blob/main/docs/Local.md.Am I missing something? Would it be possible to add direct support for public readonly access? Any suggestions for other things to try?
Thanks!
The text was updated successfully, but these errors were encountered: