Installing Docker (with Buildkit)¶

You do not need to download or use Docker Desktop with Ferrocene. If you choose to use Docker Desktop, install it as directed on the Website and skip the rest of this section.

On Linux, install Docker and docker-buildx from your package manager. On Ubuntu 20.04 and up:

apt install docker.io docker-buildx

On some distributions, you may need to start the service with systemctl enable --now docker. If you just installed docker-buildx, restart the Docker service.

On MacOS, you can use the Docker CLI connected to a Lima host:

brew install lima docker docker-buildx
limactl start template://docker

After setting up the instance, Lima will inform you of how to configure Docker to use it instead with Docker.

On Windows, it’s generally recommended to do CI imitation within WSL2. Enable WSL2 from an administrator Powershell if you haven’t done so already, then setup ubuntu-24.04.

wsl --install
wsl --install -d Ubuntu-24.04

From there, follow the Linux instructions above.

Using Python scripts and tools¶

Ferrocene uses uv to manage Python and its dependencies. uv can be considered as a mix of rustup and cargo for Python, and all of our Python usage depends on it.

Installation instructions are available in the uv documentation. You don’t need to install a recent Python separately, as uv manages its own installations of Python.

Thanks to uv, you can just invoke any script to execute it, without worrying about dependencies:

ferrocene/ci/scripts/detect-conflict-markers.py

For that to work, all of our Python scripts meant to be executed by CI must have the following shebang:

#!/usr/bin/env -S uv run

This will instruct the OS to invoke the script using uv, which will make sure the correct Python version is used. It’s also possible to use uv’s script support to install (isolated) dependencies whenever the script is executed, by adding the following comment at the top of the Python file:

# /// script
# requires-python = ">= 3.12"
# dependencies = ["requests ~= 2.32"]
# ///

When multiple scripts need to share code, please setup a library project (with its own dependencies in the library’s pyproject.toml) and depend on it from the script:

# /// script
# requires-python = ">= 3.12"
# dependencies = ["local-package"]
#
# [tool.uv.sources]
# local-package = { path = "relative/path/to/the/project", editable = true }
# ///

To run standalone tools written in Python (like REUSE), you can use uvx to download and execute them:

uvx reuse lint

Using the CI config.toml¶

To create the config.toml used by the CI, set FERROCENE_HOST to your host triple, then run the configure.sh:

CI=true FERROCENE_HOST=aarch64-unknown-linux-gnu ./ferrocene/ci/configure.sh

Using the CI Docker images¶

Docker images used in CI can be found in ferrocene/ci/docker-images. Each image documents how to build it at the top of the Dockerfile.

To build the most common image, ubuntu-20:

cd $FERROCENE_REPO
docker build --tag ubuntu-20 --file ferrocene/ci/docker-images/ubuntu-20/Dockerfile .

Reproducing CI jobs¶

Most CI jobs are formatted similar to this:

x86_64-linux-dist-targets:
  executor: docker-ubuntu-20
  resource_class: large # 4-core
  environment:
    FERROCENE_HOST: x86_64-unknown-linux-gnu
    FERROCENE_TARGETS: << pipeline.parameters.targets--x86_64-unknown-linux-gnu--std-only >>
    SCRIPT: |
      ./x.py --stage 2 dist rust-std
  steps:
    - ferrocene-job-dist:
        restore-from-job: x86_64-linux-build

Jobs can only be reproduced on the host triple specified in FERROCENE_HOST. Ensure your host is correct.

If FERROCENE_TARGETS is different than your host triple, update your config.toml’s [build] section’s host and target to reflect that.

For Mac or Windows jobs, you can coarsely reproduce the CI by running the lines in SCRIPT, line by line if desired.

For Linux jobs, enter the Docker container specified by the executor line:

docker run --rm --tty --interactive --workdir /ferrocene \
   --mount "type=bind,src=$(pwd),dst=/ferrocene" \
   ubuntu-20 bash

Inside the container, run ./x clean then run the lines of the SCRIPT of the job:

./x clean
./x --stage 2 dist rust-std

docker run --rm --tty --interactive --workdir /ferrocene \
   --mount "type=bind,src=$(pwd),dst=/ferrocene" \
   --mount "type=bind,src=$(pwd)/container-build,dst=/ferrocene/build" \
   ubuntu-20 bash

docker run --rm --tty --interactive --workdir /ferrocene \
   --mount "type=bind,src=$(pwd),dst=/ferrocene" \
   --mount "type=bind,src=$HOME/.aws,dst=/home/ci/.aws" \
   ubuntu-20 bash

Tooling Pragmatism¶

The tooling chosen for our CI is not necessarily borne out of preference, but practicality. If you are adding new components to the CI, choose practical and simple over fancy and interesting.

Ferrocene’s CI should, as a rule, be unremarkable, boring, and reliable.

In general, Python scripts are preferred over Bash scripts, as Python is more portable.

New scripts should be written in Python unless they are trivial and only run on Linux/macOS jobs.

Before attempting to fix a bug in a Bash script, evaluate if it would make sense to convert it to Python. During evaluation, check for these signals that a bash script should be rewritten in Python:

• The script runs in Windows jobs at all

  • bash.exe on Windows is problematic and has been the source of a number of bugs.

• The script calls shasum or other hashing related functionality

  • There are tangible differences between Linux, macOS, and Windows’ Bash implementations.

• The script deals with .tar files

  • Windows’ tar implementations (both BSDtar and GNUtar) are problematic with symlinks and slow, while Python’s implementation has proven more reliable.