gh-136728: Refactor build.yml CI config and multissltests.py

[WillChilds-Klein]

Notes

Please see #136728. Changes to build.yml are directly adapted from @hugovk's proof-of-concept here.

Testing

• this PR's CI
• PR CI on my fork.

• Issue: Refactor build.yml CI ssltests config and multissltests.py #136728

[picnixz]

If possible, I want multissltests to be refactored separately.

[picnixz]

You can remove the os from the include and have:

matrix:
  os: [ubuntu-24.04]
  include:
    - { ssl: openssl, ssl_ver: 3.0.16 }
    - ...

It would be possible to merge two matrices but we'll need a pre-step and I don't think it's more maintainable.

[AA-Turner]

Could we do ssl_lib: openssl | awslc? It would be easier to follow later on than just matrix.ssl everywhere.

[picnixz]

I'm sorry but what would ssl_lib: openssl | awslc in this case? does it run on both and if it doesn't work for one, it picks the other? (also, how would we use it below?)

[AA-Turner]

@picnixz I'm not sure I follow, the suggestion is just to rename matrix.ssl to matrix.ssl_lib. openssl | awslc are the valid values for either name.

[picnixz]

Oh! I thought you suggested something like this:

matrix:
  os: [ubuntu-24.04]
  include:
    - { ssl_lib: openssl | awslc, ssl_ver: 3.0.16 }

and I didn't know what it would means. Yes, we can have matrix.ssl_lib

[picnixz]

Can we populate a variable called "CONFIGURE_FLAGS" instead and use a switch/case so that we exactly match the SSL libname. It will become easier in the future if we add BoringSSL or LibreSSL tests.

[AA-Turner]

At this point I'd almost suggest using a small Python script to calculate flags. We should avoid complex shell logic in workflow files as much as possible, I don't want to read a bash switch-case in YAML! An if-statement is simpler to understand here for me, though the ${CMD[@]} syntax is arcane.

[picnixz]

Oh yeah, a small Python script is also fine; here what matters to me is to be able to easily add a new library without having 3km long of options. As for ${CMD[@]}, it expands the array's content, so you end up with ./configure [...]. Usually, it's more common to expand the options and hardcode the command rather than expand the entire array containing the command as well.

[picnixz]

With steps.cache-openssl here, we won't be hitting the cache-ssl entry right? maybe it's better to store a cache hit with steps.cache-${{ matrix.ssl }} if it's possible?

[picnixz]

Please revert this. As we can't have abstract class methods, I prefer having real class variables where we would raise if they are not set.

[AA-Turner]

Yep, better to raise NotImplementedError. That's treated equivalently to an abstract method.

[picnixz]

I think it's just better to have abstract class variables here. The reason is that I don't think we would ever need a non-static computation for most of those abstract properties. If they must be abstract class properties that are represented by dynamic values that need a bit more work to compute (but only needed to be computed once), just a @classmethod together with NotImplementedError.

[picnixz]

Please, don't use this. It's harder to maintain if we do it like this. Just hardcode the classes.

[picnixz]

You could have a dict of classes to a list of versions instead of storing a tuple of (class, version)

[AA-Turner]

All jobs run on the same OS, this is simpler:

Suggested change

	runs-on: ${{ matrix.os }}
	runs-on: ubuntu-24.04

[hugovk]

We use matrix.os in the cache key so better not hardcode it here?

[AA-Turner]

Again I'd suggest --ssl-library or etc

[WillChilds-Klein]

Hi folks, sorry for my delayed responses. Hoping to incorporate feedback here later this week or next.

[hugovk]

Oh yuck, sorry for the pings, this knotty merge resolution pulled in a lot of code...

I'll apply some of the suggestions to the branch, then close the PR and open a new one.

[hugovk]

Let's continue in #143940.