z ZvvNI4rJkmGvQrv8GjhJYoJx00ald0pAnR5WbLgYWeoPF1/e7O8Hz51jbpjqr0LMZNTa oZQlhLAwYD/cpaEazlnuJlrswn6W6s0rET6h1Qb13+WM9rL1Fq5afFF3LeHZa5gpGG65 R7PwdvPLC0Xvv/7dAhafiWiI00P7le6ZPBA6fLDY+JBIPLSZuw605p4Bj5CRQaqr6S3+ DLtA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version; bh=tePiblP7K3M4TCSQeaQg8OsWp/tzWjnA6Hu+wU0PRX0=; fh=Q5+nNXxcrG0R6xG8D7lSbUjGzOVfl6lDByH5OrB59eY=; b=Nn0JbYTvxZMQL51Z7sdVY18H3gc7f8yXuMfHQ5z/I0HJ2fVQMWO5d+MY6OG2cbWbXP S3gnDRlzG1dOceyvlYypAbzqbEsMkZqbHq73N5r5w95lxnYX8FMbuU2bYy2RylQapSkk c0Y+7qBhcAYmFvleqJFm+GV6bVLj7ipJ0F+YMpx0wNkGc0HXH+im0MOHpXID1ikwV4Hd IvcgJytoyCOlnq28HBFqXz9+AxXPnbW9gq3ZEC7zDB8WgJiJjG+H+osMBNQ9vaQDaVb0 It3bQs/3DbgMwI9NrkBcOdEyK/7IDBl53A2zYGaMAaVZQ4TjYrsUJ+B8/qv0PgscXBo9 llIw==; darn=freebsd.org ARC-Authentication-Results: i=1; mx.google.com; arc=none X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1776096504; x=1776701304; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=tePiblP7K3M4TCSQeaQg8OsWp/tzWjnA6Hu+wU0PRX0=; b=VzU0zjBteU++77+ynGcmVz3KFGrSmSldunh/RbF0R9NWAhqe+8H3EAdz22/urcoetx qM+xBkQ2SfVOspPqus/s2NOv97vBBSogeYk52XfEDw7Z9Y4i6osui/WYuFj617W9y5Mh TS3+QbZWfTAEFzrj7eUyxtRAjaf5YsnY+6+Yzu/yD3EHmzw0Z7L3JWnCWBpgLrHgU/9U EuZuNHZPylMoWdXguJnTx9//AFWw12XnaMVd+qqsXzUwMselU1MLppaTO6NE9Pb0tpUy yFvBEf2B19uNzR1vYOlZtfz1PRdx6aoieVRjnxRatE85Hj59v3jF8bcPrOUhXtKDNeJF 2UMA== X-Forwarded-Encrypted: i=1; AFNElJ8q0iY9EQ2jvQOYYWSzZphuzbCUVoV2pp57A6BwBfYKN/8fV7jFdk5zcMnDNrZENhlSq4TzNSsn0QNyunyFBoc=@freebsd.org X-Gm-Message-State: AOJu0Ywqu7H0nM7xhupFLTf4b7IQHg7aziyX6GPLyG4/v4CupbE8I1T0 taktgv4V5x5YYQh++3qAslCN+7CpBKvKt9Q6hF+sIwDz/ouX6ZFf+ETYiWlzcb5Ssvl30uNNmH+ HXiI6yvlbVnKDTdIvsSEQmiZaZTY1fzI= X-Gm-Gg: AeBDieuO2FS1K7WydIwLI76gRARDR6fAATYtqEWXu7Kg4HxuDU42pNrxdcUTjWUW3br GxsOMi5fjA/ilyF3+CJMmZaN4ej3c0XOcg8CqeBRO7hAiFPFTzeW7eKp6EOs9tf1JDmSd3sU+HV t9dT/ySYmWUDOlP5/UetfdspBY125hMThToyOAoPZbQykjMjrQj8jL1cS5jejjSfgK2DLDShvb6 BpBE9uqnICAr0ncV+LA4QO3flxSgtOK754ssSaNsjx9tQ6LBedoSW+YXxqxNtNSDyq3cfaeE0mW lsw0nWByLVXQplrlOxL6SULr3gchBJRRQ9cYHJplPTeXGV8c9VysTPugTzzBGlqmIwHK X-Received: by 2002:a05:6402:5041:b0:670:6b0f:f77f with SMTP id 4fb4d7f45d1cf-6707a854c50mr6450442a12.17.1776096503043; Mon, 13 Apr 2026 09:08:23 -0700 (PDT) List-Id: Technical discussions relating to FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-hackers List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-hackers@FreeBSD.org MIME-Version: 1.0 References: <942BC20E-1B5F-452E-BC57-397A367F7830@FreeBSD.org> In-Reply-To: From: Alan Somers Date: Mon, 13 Apr 2026 10:08:10 -0600 X-Gm-Features: AQROBzBKDksAWDvAbcNkQ-J6RZU6lulMfqqJ-jqQ0aik_7qtU-aMsYQ5memLok8 Message-ID: Subject: Re: Cirrus CI to shut down To: Moin Rahman Cc: David Chisnall , Joe Schaefer , Tomek CEDRO , FreeBSD Hackers Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:15169, ipnet:209.85.128.0/17, country:US] X-Rspamd-Queue-Id: 4fvXQ11BDxz47jv X-Spamd-Bar: ---- On Sun, Apr 12, 2026 at 10:52=E2=80=AFAM Moin Rahman wro= te: > > > > > On Apr 12, 2026, at 18:41, Alan Somers wrote: > > > > On Sun, Apr 12, 2026 at 6:17=E2=80=AFAM David Chisnall wrote: > >> > >> On 12 Apr 2026, at 12:56, Joe Schaefer wrote: > >>> > >>> Good points. But I don=E2=80=99t mean host your own build farm. I me= an use the laptop your company gave you. > >> > >> There are many reasons not to do this. The top ones: > >> > >> - Our builds are done in a pristine environment. An attacker who comp= romises a developer=E2=80=99s laptop can potentially commit malicious code = to the repo, but disabling force pushes means that we have an auditable vie= w of this. With builds done on the developers=E2=80=99 machine, they could= just inject malicious code into the binaries. > >> - PRs from external contributors may be malicious. Running them on a = cloud VM means that they have zero access to anything we care about and the= VM is destroyed at the end. Running them on a developer machine means you= =E2=80=99re just one container escape away from a flow from a GitHub PR to = a compromised developer laptop. > >> - Developer laptops are slower than big cloud machines. > >> - Developer laptops are a single architecture, doing cross builds is a= nnoying. > >> - Developer laptops have smaller disks, but ccache works *really* nice= ly if it has a lot of space to store caches for every branch. > >> - Developers often submit PRs at the end of the day and close their la= ptops, the cloud VM can start up when this happens. > >> > >> And you are talking about hosting your own build farm. That=E2=80=99s= the only other option. You=E2=80=99re just talking about running your bui= ld farm on machines that are not always on and hold sensitive data. > >> > >> David > > > > I'm considering three options to replace Cirrus: > > > > 1) https://github.com/cross-platform-actions/action . This lets you > > run FreeBSD (among other platforms) on github workflows using nested > > virtualization. That's not ideal, but at least it looks easy. And it > > doesn't solve the cost problem that David brought up. > > > > 2) https://sourcehut.org/ . It supports CI on FreeBSD/amd64 . The > > code is open source, so a dedicated user could probably add whatever > > features he needs. Or, self-host. However, it's still officially in > > alpha, and I don't know how well it works. And the pricing strategy > > suggests that they're focused on amateurs. Sourcehut is intended as a > > full code-hosting service, but it can also be used just for CI, for > > projects hosted on Github, with > > https://github.com/emersion/hottub?tab=3Dreadme-ov-file . > > > > 3) Cirrus-Ci itself. Cirrus labs claimed in their blog post that > > they're going to open-source all of their code. So anybody else could > > resurrect the project. Since Cirrus doesn't own any of its own > > infrastructure, instead reusing AWS or GCE, it should be easy to > > resurrect it. Still, that's too much work for me alone. But I might > > be willing to help if somebody else takes the lead. > > > > 4) A fully personalized, serverless, cloud-hosted CI. It seems like > > it should be possible to build a personalized CI service that uses AWS > > lambda functions for coordination and UI, and uses AWS or GCE virtual > > machines for the CI workers. Very scalable. It would cost money to > > use, but not very much. This doesn't count towards my list of three > > because it doesn't exist yet. But it seems like an obvious idea. > > I'll ask Santa Claus for this next Christmas. > > > > I think Option 3 is not correct. They are going opensource only for > some of their products which includes Tart, Vetu and Orchard. > > I am working with one of my ex-client about something that I built > for them ages ago if we can goopensource. I will keep this list posted. > > Kind regards, > Moin I just learned about an additional option. BuildKite has native support for FreeBSD. There's a devel/buildkite-agent port that can be used for self-hosted CI workers, paired with BuildKite's cloud-based orchestration. There's also the Elastic CI stack, which spins up cloud-based workers on demand. The docs only mention Linux and Windows, but a BuildKite support engineer assured me that it will work for FreeBSD too. This option would no doubt have better performance than the nested-virtualization stuff. And probably better pricing too. But damn if it isn't intimidating to get started. Maybe CheriBSD could use it, but I fear that it's beyond the reach of a hobbyist. https://buildkite.com/docs/agent/self-hosted/aws/elastic-ci-stack https://buildkite.com/docs/agent/self-hosted/gcp/elastic-ci-stack