-
Notifications
You must be signed in to change notification settings - Fork 4.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
VAULT-28638: Cost optimize the Security scan
workflow
#28067
Merged
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ryancragun
added
do-not-merge
pr/no-changelog
pr/no-milestone
backport/ent/1.15.x+ent
Changes are backported to 1.15.x+ent
backport/ent/1.16.x+ent
Changes are backported to 1.16.x+ent
backport/1.17.x
labels
Aug 13, 2024
github-actions
bot
added
the
hashicorp-contributed-pr
If the PR is HashiCorp (i.e. not-community) contributed
label
Aug 13, 2024
CI Results: |
ryancragun
force-pushed
the
vault-29893
branch
2 times, most recently
from
August 13, 2024 18:28
e6f4fdb
to
b45d080
Compare
Optimize the cost of the Security `scan` workflow by utilizing a different runner. Previously this workflow would use the `custom-linux-xl` in `vault` vs. the `c6a.4xlarge` on-demand runner in `vault-enterprise. This resulted in the `vault` workflow costing an order of magnitude more each month. I tested with the following instances sizes to compare cost to execution time: | Runnner | Estimated Time | Cost Factor | Cost Score | |---------|-----------------|-------------|-------------| |ubuntu-latest|19m|1|19| |custom-linux-small|21.5m|2|43| |custom-linux-medium|11.5m|4|46| |custom-linux-xl|8.5m|16|136| Currently the `CI` and `build` require workflows take anywhere from 16-20 minutes on `vault`. Our goal is to not exceed that. At this time we're going to try out `ubuntu-latest` as it gives us ~85% savings and by far the best bang for our buck. If it ends up being a burden we can switch to `custom-linux-medium` for ~66% cost savings but still a reasonable runtime. Signed-off-by: Ryan Cragun <me@ryan.ec>
ryancragun
force-pushed
the
vault-29893
branch
from
August 13, 2024 22:02
b45d080
to
193f79a
Compare
Build Results: |
ryancragun
changed the title
VAULT-28638: Cost optimize the
VAULT-28638: Cost optimize the Security Aug 13, 2024
security-scan
workflowscan
workflow
rebwill
approved these changes
Aug 14, 2024
ltcarbonell
approved these changes
Aug 14, 2024
ryancragun
added
backport/ent/1.15.x+ent
Changes are backported to 1.15.x+ent
backport/ent/1.16.x+ent
Changes are backported to 1.16.x+ent
and removed
backport/ent/1.15.x+ent
Changes are backported to 1.15.x+ent
backport/ent/1.16.x+ent
Changes are backported to 1.16.x+ent
labels
Aug 14, 2024
I ended up deciding to backport this to 1.15.x+ent and 1.16.x+ent just to keep things in sync, not because it was really necessary |
6 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
backport/ent/1.15.x+ent
Changes are backported to 1.15.x+ent
backport/ent/1.16.x+ent
Changes are backported to 1.16.x+ent
backport/1.17.x
hashicorp-contributed-pr
If the PR is HashiCorp (i.e. not-community) contributed
pr/no-changelog
pr/no-milestone
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Optimize the cost of the Security
scan
workflow by utilizing adifferent runner. Previously this workflow would use the
custom-linux-xl
invault
vs. thec6a.4xlarge
on-demand runner invault-enterprise
. This resulted in thevault
workflow costing anorder of magnitude more each month.
I tested with the following instances sizes to compare cost to execution
time:
Currently the
CI
andbuild
require workflows take anywhere from16-20 minutes on
vault
. Our goal is to not exceed that.At this time we're going to try out
ubuntu-latest
as it gives us ~85%savings and by far the best bang for our buck. If it ends up being a
burden we can switch to
custom-linux-medium
for ~66% cost savings butstill a reasonable runtime.
TODO only if you're a HashiCorp employee
getting backported to N-2, use the new style
backport/ent/x.x.x+ent
labelsinstead of the old style
backport/x.x.x
labels.the normal
backport/x.x.x
label (there should be only 1).of a public function, even if that change is in a CE file, double check that
applying the patch for this PR to the ENT repo and running tests doesn't
break any tests. Sometimes ENT only tests rely on public functions in CE
files.
in the PR description, commit message, or branch name.
description. Also, make sure the changelog is in this PR, not in your ENT PR.