[PATCH] gitlab-ci: disable realtime monitoring to unbreak Windows jobs

git.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH] gitlab-ci: disable realtime monitoring to unbreak Windows jobs
@ 2025-09-02 10:47 Patrick Steinhardt
  2025-09-02 16:35 ` Junio C Hamano
  0 siblings, 1 reply; 3+ messages in thread
From: Patrick Steinhardt @ 2025-09-02 10:47 UTC (permalink / raw)
  To: git

The GitLab CI runners using Windows machines have realtime monitoring
via Windows Defender enabled by default. This has just now started to
cause issues in our CI jobs using Microsoft Visual Studio:

    Program 'meson.exe' failed to run: Operation did not complete successfully because the file contains a virus or
    potentially unwanted softwareAt line:356 char:1
    + meson setup build --vsenv -Dperl=disabled -Dbackend_max_links=1 -Dcre ...
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~.
    At line:356 char:1
    + meson setup build --vsenv -Dperl=disabled -Dbackend_max_links=1 -Dcre ...
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : ResourceUnavailable: (:) [], ApplicationFailedException
        + FullyQualifiedErrorId : NativeCommandFailed

The detected issue is more likely than not completely bogus, but it
breaks the jobs.

Fix the issue by disabling realtime monitoring. Besides unbreaking CI,
it also improves our build times a bit:

  - Building Git goes from 26 to 22 minutes.

  - Executing tests goes from ~1h for one slice of tests to ~30 minutes.

This is still painfully slow, but the issue here is that the Windows
runners on GitLab CI are quite underwhelming overall.

Signed-off-by: Patrick Steinhardt <ps@pks.im>
---
Hi,

this patch fixes some issues that started to surface in our Windows
jobs. A CI run of these changes to demonstrate that this works as
intended can be found at [1].

Thanks!

Patrick

[1]: https://gitlab.com/gitlab-org/git/-/merge_requests/408
---
 .gitlab-ci.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index af10ebb59a..cf122e706f 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -119,6 +119,7 @@ build:mingw64:
   variables:
     NO_PERL: 1
   before_script:
+    - Set-MpPreference -DisableRealtimeMonitoring $true
     - ./ci/install-sdk.ps1 -directory "git-sdk"
   script:
     - git-sdk/usr/bin/bash.exe -l -c 'ci/make-test-artifacts.sh artifacts'
@@ -135,6 +136,7 @@ test:mingw64:
     - job: "build:mingw64"
       artifacts: true
   before_script:
+    - Set-MpPreference -DisableRealtimeMonitoring $true
     - git-sdk/usr/bin/bash.exe -l -c 'tar xf artifacts/artifacts.tar.gz'
     - New-Item -Path .git/info -ItemType Directory
     - New-Item .git/info/exclude -ItemType File -Value "/git-sdk"
@@ -148,6 +150,7 @@ test:mingw64:
   tags:
     - saas-windows-medium-amd64
   before_script:
+    - Set-MpPreference -DisableRealtimeMonitoring $true
     - choco install -y git meson ninja openssl
     - Import-Module $env:ChocolateyInstall\helpers\chocolateyProfile.psm1
     - refreshenv

---
base-commit: 6ad802182101d622e6a4132f48292ddfa79e2024
change-id: 20250902-b4-pks-gitlab-ci-windows-defender-a5d13da02c77


^ permalink raw reply related	[flat|nested] 3+ messages in thread

* Re: [PATCH] gitlab-ci: disable realtime monitoring to unbreak Windows jobs
  2025-09-02 10:47 [PATCH] gitlab-ci: disable realtime monitoring to unbreak Windows jobs Patrick Steinhardt
@ 2025-09-02 16:35 ` Junio C Hamano
  2025-09-03  4:39   ` Patrick Steinhardt
  0 siblings, 1 reply; 3+ messages in thread
From: Junio C Hamano @ 2025-09-02 16:35 UTC (permalink / raw)
  To: Patrick Steinhardt; +Cc: git

Patrick Steinhardt <ps@pks.im> writes:

> The GitLab CI runners using Windows machines have realtime monitoring
> via Windows Defender enabled by default. This has just now started to
> cause issues in our CI jobs using Microsoft Visual Studio:
>
>     Program 'meson.exe' failed to run: Operation did not complete successfully because the file contains a virus or
>     potentially unwanted softwareAt line:356 char:1
>     + meson setup build --vsenv -Dperl=disabled -Dbackend_max_links=1 -Dcre ...
>     + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~.
>     At line:356 char:1
>     + meson setup build --vsenv -Dperl=disabled -Dbackend_max_links=1 -Dcre ...
>     + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>         + CategoryInfo          : ResourceUnavailable: (:) [], ApplicationFailedException
>         + FullyQualifiedErrorId : NativeCommandFailed
>
> The detected issue is more likely than not completely bogus, but it
> breaks the jobs.
>
> Fix the issue by disabling realtime monitoring. Besides unbreaking CI,
> it also improves our build times a bit:
>
>   - Building Git goes from 26 to 22 minutes.
>
>   - Executing tests goes from ~1h for one slice of tests to ~30 minutes.

Interesting observation.  I didn't realize that we are shipping
virus or potentially unwanted software.

Does the same issue exist on other forges (like GitHub Actions), I
wonder?


^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH] gitlab-ci: disable realtime monitoring to unbreak Windows jobs
  2025-09-02 16:35 ` Junio C Hamano
@ 2025-09-03  4:39   ` Patrick Steinhardt
  0 siblings, 0 replies; 3+ messages in thread
From: Patrick Steinhardt @ 2025-09-03  4:39 UTC (permalink / raw)
  To: Junio C Hamano; +Cc: git

On Tue, Sep 02, 2025 at 09:35:09AM -0700, Junio C Hamano wrote:
> Patrick Steinhardt <ps@pks.im> writes:
> 
> > The GitLab CI runners using Windows machines have realtime monitoring
> > via Windows Defender enabled by default. This has just now started to
> > cause issues in our CI jobs using Microsoft Visual Studio:
> >
> >     Program 'meson.exe' failed to run: Operation did not complete successfully because the file contains a virus or
> >     potentially unwanted softwareAt line:356 char:1
> >     + meson setup build --vsenv -Dperl=disabled -Dbackend_max_links=1 -Dcre ...
> >     + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~.
> >     At line:356 char:1
> >     + meson setup build --vsenv -Dperl=disabled -Dbackend_max_links=1 -Dcre ...
> >     + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> >         + CategoryInfo          : ResourceUnavailable: (:) [], ApplicationFailedException
> >         + FullyQualifiedErrorId : NativeCommandFailed
> >
> > The detected issue is more likely than not completely bogus, but it
> > breaks the jobs.
> >
> > Fix the issue by disabling realtime monitoring. Besides unbreaking CI,
> > it also improves our build times a bit:
> >
> >   - Building Git goes from 26 to 22 minutes.
> >
> >   - Executing tests goes from ~1h for one slice of tests to ~30 minutes.
> 
> Interesting observation.  I didn't realize that we are shipping
> virus or potentially unwanted software.
> 
> Does the same issue exist on other forges (like GitHub Actions), I
> wonder?

I would assume that other forges already know to disable realtime
monitoring by default. These are throwaway machines anyway, so there
isn't much of a point in having it enabled in the first place. And as
mentioned in the commit message, the Windows runners for GitLab CI are
not exactly well-polished.

Patrick

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2025-09-03  4:39 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-09-02 10:47 [PATCH] gitlab-ci: disable realtime monitoring to unbreak Windows jobs Patrick Steinhardt
2025-09-02 16:35 ` Junio C Hamano
2025-09-03  4:39   ` Patrick Steinhardt

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).