feat: support reloading workflows at runtime

[didier-wenzek]

Proposed changes

In order to support dynamic reloading of workflow, without breaking a running workflow,
the proposal is to:

• use a hash of the workflow definition file to distinguish workflow versions
• persist a copy of each version for a given operation
• make the copy when a command instance is triggered
• use reference-counting to remove copies when no more in-use.

Plan:

• Attach a version to each workflow, this version being a hash of the definition file.
• Attach a version to each operation instance, taking the version of the workflow definition in use.
• Refactor the agent to group the workflow loading logic in a single place.
• When a new operation instance is created, copy its definition in a persisted directory of workflows in-use.
• On-start load not only the user-provided workflow definition, but also those of the workflows in-use.
• Reload workflow definitions on file change using inotify.
• On file change, reload the workflow definition (without erasing any definition still in-use).
• When a user-defined workflow is removed, clear the associated capability (letting any still running operation run to completion).
• When a builtin workflow specialization is removed, restore the builtin version if any.
• When a workflow definition is removed, keep a copy of that definition if still in-use.

Types of changes

• Bugfix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Improvement (general improvements like code refactoring that doesn't explicitly fix a bug or add any new functionality)
• Documentation Update (if none of the other choices apply)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)

Paste Link to the issue

#3156

Checklist

• I have read the CONTRIBUTING doc
• I have signed the CLA (in all commits with git commit -s)
• I ran cargo fmt as mentioned in CODING_GUIDELINES
• I used cargo clippy as mentioned in CODING_GUIDELINES
• I have added tests that prove my fix is effective or that my feature works
• I have added necessary documentation (if appropriate)

Further comments

[codecov]

Codecov Report

Attention: Patch coverage is 41.17647% with 340 lines in your changes missing coverage. Please review.

Files with missing lines	Patch %	Lines
...ore/tedge_agent/src/operation_workflows/persist.rs	34.22%	210 Missing and 11 partials ⚠️
crates/core/tedge_api/src/workflow/supervisor.rs	38.60%	93 Missing and 4 partials ⚠️
.../core/tedge_agent/src/operation_workflows/actor.rs	45.45%	17 Missing and 1 partial ⚠️
...core/tedge_agent/src/operation_workflows/config.rs	0.00%	3 Missing ⚠️
...tes/core/tedge_agent/src/state_repository/state.rs	93.33%	0 Missing and 1 partial ⚠️

Additional details and impacted files

📢 Thoughts on this report? Let us know!

[github-actions]

Robot Results

✅ Passed	❌ Failed	⏭️ Skipped	Total	Pass %	⏱️ Duration
520	0	2	520	100	1h39m10.086467s

[didier-wenzek]

Using md5 should be enough here - as there is no crypto concerns.

[didier-wenzek]

I have to revert this change. Indeed, this might be a source of issue if the agent is updated whilst there is a pending operation. If the previous agent was not featuring command versions, then the resumed operation should not be rejected by the new agent: the current version of the workflow must be used.

[albinsuresh]

LGTM.

[albinsuresh]

Opinion: Although I understand that WorkflowSource being a generic type allows such generic usages, but this one with the directory path seems slightly overloaded. I agree that we can still defend it since the directory roots are also linked to the source type.

[Bravo555]

suggestion: the test fails if run by itself and not part of the test suite, because this file is created by the previous test case. Could we instead use Transfer to Device everywhere so that there are no dependencies between the test cases? I'd expect Transfer to Device to overwrite the file if it already exists, so it should be okay to use that?

[didier-wenzek]

I have a mix feeling here. On one side, you are correct, it would be handy to have independent tests. But, on the other side, this test suite represents well a scenario where a user creates and iterate updating a workflow file.

Concretely, replacingFile Should Exist assertion by a Transfer to Device command would lead to a different test while running the suite vs the isolated test. Indeed, in the suite case, one checks that a user can update a workflow while, in the isolated case, one checks that the user can create a workflow (i.e. Update User-Defined Operation doing the same test as Create User-Defined Operation).

[Bravo555]

Some nits, but LGTM overall.

[Bravo555]

nit(non-blocking): actual SHA256 is an implementation detail, we don't need to compare full value, only that it changed between different versions of the workflow

Also if the toml file changes this value will have to be updated.

It's a bit of a nitpick, but a comment would help because it's not obvious that it's SHA256 hash of user-command-v1.toml and why we're comparing it

[Bravo555]

Suggested change

	use log::error;
	use tracing::error;

[didier-wenzek]

Fixed 41f4208

[Bravo555]

thought: this module has quite a bit of functionality but doesn't have any unit tests - codecov reports 210 missed lines and 34.2% patch coverage (from other workflow-related tests)

[didier-wenzek]

I can only acknowledge that the unit test coverage is poor. However, this code is quit extensively tested by the system test suite added by this PR (Dynamic Workflow Reloading). I opted for system-tests instead of unit-tests because the features introduced by this module are heavily related to the file system and inotify as well as sequence of user actions (adding/updating/removing files while the agent is running/restarted. One place where unit tests can be improved is the tedge_api::workflow::supervisor module which provide the in-memory representation of the uploaded workflow definitions.