Skip to content

perf: speed up container tests ~20x by eliminating redundant build #20

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
tyvsmith merged 2 commits into from
Mar 28, 2026
Merged

perf: speed up container tests ~20x by eliminating redundant build #20

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
a10a988
perf: speed up container tests ~20x by removing redundant in-containe…
tyvsmith Mar 28, 2026
e5483c5
ci: build release binaries in CI and pass as artifacts to container job
tyvsmith Mar 28, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 14 additions & 0 deletions .dockerignore
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
# Exclude build artifacts (huge — 43GB+)
target/
# Re-include the release binaries needed by Containerfiles
!target/release/facelock
!target/release/libpam_facelock.so
!target/release/facelock-polkit-agent

# Git history not needed in containers
.git/

# Editor swap files
*.swp
*.swo
*~
25 changes: 24 additions & 1 deletion .github/workflows/ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,20 @@ jobs:
- name: Run tests
run: cargo test --workspace

- name: Build release binaries
run: |
cargo build --release --workspace
cargo build --release -p facelock-cli --features tpm

- name: Upload release binaries
uses: actions/upload-artifact@v4
with:
name: release-binaries
path: |
target/release/facelock
target/release/libpam_facelock.so
retention-days: 1

tpm-tests:
name: TPM Tests (swtpm)
runs-on: ubuntu-latest
Expand Down Expand Up @@ -98,12 +112,21 @@ jobs:
steps:
- uses: actions/checkout@v4

- name: Download release binaries
uses: actions/download-artifact@v4
with:
name: release-binaries
path: target/release

- name: Make binaries executable
run: chmod +x target/release/facelock target/release/libpam_facelock.so

- name: Install system dependencies
run: |
sudo apt-get update
sudo apt-get install -y podman

- name: Build release in container
- name: Build test container
run: |
if [ ! -f test/Containerfile ]; then
echo "No Containerfile found, skipping"
Expand Down
25 changes: 9 additions & 16 deletions justfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,45 +33,38 @@ fmt:
# Run all checks (test + lint + format)
check: test lint fmt-check

# Build the PAM test container image (uses host-built release binaries)
_build-test-container: build-release
podman build -t facelock-pam-test -f test/Containerfile .

# Run container PAM smoke tests
test-pam: build-release
#!/usr/bin/env bash
set -euo pipefail
if [ -f test/Containerfile ]; then
podman build -t facelock-pam-test -f test/Containerfile .
podman run --rm facelock-pam-test
else
echo "No test/Containerfile found"
exit 1
fi
test-pam: _build-test-container
podman run --rm facelock-pam-test

# Run end-to-end integration tests in container (requires camera)
test-integration: build-release
test-integration: _build-test-container
#!/usr/bin/env bash
set -euo pipefail
podman build -t facelock-pam-test -f test/Containerfile .
devices=""
for d in /dev/video*; do
[ -e "$d" ] && devices="$devices --device $d"
done
podman run --rm $devices facelock-pam-test /run-integration-tests.sh

# Run oneshot (daemonless) end-to-end tests in container (requires camera)
test-oneshot: build-release
test-oneshot: _build-test-container
#!/usr/bin/env bash
set -euo pipefail
podman build -t facelock-pam-test -f test/Containerfile .
devices=""
for d in /dev/video*; do
[ -e "$d" ] && devices="$devices --device $d"
done
podman run --rm $devices facelock-pam-test /run-oneshot-tests.sh

# Open interactive shell in PAM test container (requires camera)
test-shell: build-release
test-shell: _build-test-container
#!/usr/bin/env bash
set -euo pipefail
podman build -t facelock-pam-test -f test/Containerfile .
devices=""
for d in /dev/video*; do
[ -e "$d" ] && devices="$devices --device $d"
Expand Down
30 changes: 14 additions & 16 deletions test/Containerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,13 +1,4 @@
# Stage 1: Build
FROM archlinux:latest AS builder

RUN pacman -Syu --noconfirm rust clang base-devel v4l-utils libxkbcommon wayland pam tpm2-tss && pacman -Scc --noconfirm

COPY . /build
WORKDIR /build
RUN cargo build --release --workspace

# Stage 2: Test image
# Single-stage test image — uses host-built release binaries (from `just build-release`)
FROM archlinux:latest

# Install dependencies
Expand All @@ -22,18 +13,25 @@ RUN curl -sL https://sourceforge.net/projects/pamtester/files/pamtester/0.1.2/pa
# Create test user
RUN useradd -m testuser && echo "testuser:test" | chpasswd

# Copy repo with pre-built binaries from builder stage
COPY --from=builder /build/target/release/facelock /build/target/release/facelock
COPY --from=builder /build/target/release/libpam_facelock.so /build/target/release/libpam_facelock.so
COPY . /build
# Copy host-built release binaries
COPY target/release/facelock /build/target/release/facelock
COPY target/release/libpam_facelock.so /build/target/release/libpam_facelock.so

# Copy project files needed for install
COPY justfile /build/justfile
COPY config/ /build/config/
COPY systemd/ /build/systemd/
COPY dbus/ /build/dbus/
COPY dist/ /build/dist/
COPY models/ /build/models/
WORKDIR /build

# Install using the real install path
RUN just install-files

# Copy models to the configured model_dir for integration tests
RUN cp models/*.onnx /var/lib/facelock/models/ 2>/dev/null || true
RUN cp models/manifest.toml /var/lib/facelock/models/ 2>/dev/null || true
RUN cp models/*.onnx /var/lib/facelock/models/ 2>/dev/null || true && \
cp models/manifest.toml /var/lib/facelock/models/ 2>/dev/null || true

# Override config for container testing
COPY test/container-config.toml /etc/facelock/config.toml
Expand Down
19 changes: 9 additions & 10 deletions test/Containerfile.fedora
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,16 +1,15 @@
FROM fedora:latest AS builder

RUN dnf -y install rust cargo clang-devel pam-devel libv4l-devel systemd-rpm-macros gcc gcc-c++ wayland-devel libxkbcommon-devel tpm2-tss-devel rpm-build && dnf clean all

COPY . /build
WORKDIR /build
RUN cargo build --release --workspace

# Single-stage test image — uses host-built release binaries (from `just build-release`)
FROM fedora:latest

RUN dnf -y install pam dbus rpm-build libxkbcommon python3 systemd binutils glibc && dnf clean all
RUN dnf -y install pam dbus rpm-build libxkbcommon python3 systemd binutils glibc tpm2-tss && dnf clean all

COPY --from=builder /build /build
# Copy host-built release binaries and project files
COPY target/release/facelock /build/target/release/facelock
COPY target/release/libpam_facelock.so /build/target/release/libpam_facelock.so
COPY config/ /build/config/
COPY systemd/ /build/systemd/
COPY dbus/ /build/dbus/
COPY dist/ /build/dist/

RUN install -Dm755 /build/target/release/facelock /usr/bin/facelock && \
if [ -f /build/target/release/facelock-polkit-agent ]; then install -Dm755 /build/target/release/facelock-polkit-agent /usr/bin/facelock-polkit-agent; fi && \
Expand Down
24 changes: 9 additions & 15 deletions test/Containerfile.ubuntu
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,23 +1,17 @@
FROM ubuntu:24.04 AS builder

ENV DEBIAN_FRONTEND=noninteractive

RUN apt-get update && apt-get install -y --no-install-recommends build-essential clang libpam0g-dev libv4l-dev libxkbcommon-dev libwayland-dev libtss2-dev pkg-config ca-certificates curl && rm -rf /var/lib/apt/lists/*

ENV PATH=/root/.cargo/bin:$PATH
RUN curl -sSf https://sh.rustup.rs | sh -s -- -y --profile minimal --default-toolchain stable

COPY . /build
WORKDIR /build
RUN cargo build --release --workspace

# Single-stage test image — uses host-built release binaries (from `just build-release`)
FROM ubuntu:24.04

ENV DEBIAN_FRONTEND=noninteractive

RUN apt-get update && apt-get install -y --no-install-recommends libpam-runtime dbus python3 systemd binutils libc6 libxkbcommon0 && rm -rf /var/lib/apt/lists/*
RUN apt-get update && apt-get install -y --no-install-recommends libpam-runtime dbus python3 systemd binutils libc6 libxkbcommon0 libtss2-esys-3.0.2-0t64 libtss2-tctildr0t64 && rm -rf /var/lib/apt/lists/*

COPY --from=builder /build /build
# Copy host-built release binaries and project files
COPY target/release/facelock /build/target/release/facelock
COPY target/release/libpam_facelock.so /build/target/release/libpam_facelock.so
COPY config/ /build/config/
COPY systemd/ /build/systemd/
COPY dbus/ /build/dbus/
COPY dist/ /build/dist/

RUN install -Dm755 /build/target/release/facelock /usr/bin/facelock && \
if [ -f /build/target/release/facelock-polkit-agent ]; then install -Dm755 /build/target/release/facelock-polkit-agent /usr/bin/facelock-polkit-agent; fi && \
Expand Down
Loading