Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Build and push nightly packages #1781

Merged
merged 1 commit into from
Feb 6, 2024
Merged

Build and push nightly packages #1781

merged 1 commit into from
Feb 6, 2024

Conversation

legoktm
Copy link
Member

@legoktm legoktm commented Feb 5, 2024
edited
Loading

Status

Ready for review

Description

As part of our monorepo consolidation, we're moving the nightly package building from the securedrop-builder repository to here. The overall process is the same, we build the packages for bullseye and bookworm, then push buildinfo files and then push debs.

Some changes:

  • nightlies will not be pushed if the bookworm job fails. This is largely to simplify the configuration and also because we're going to move to bookworm pretty soon.
  • Authentication will be done via a GitHub token, which will be configured by infra.
  • Running clean-old-packages will happen via the securedrop-apt-test repository itself instead of during nightly builds.

Fixes #1776.

Test Plan

Screenshot 2024-02-06 at 08-56-45 DNM Try running nightlies now · freedomofpress_securedrop-client@82d75f8

@legoktm legoktm requested a review from a team as a code owner February 5, 2024 19:55
@legoktm
Build and push nightly packages
35e743f 
As part of our monorepo consolidation, we're moving the nightly package
building from the securedrop-builder repository to here. The overall
process is the same, we build the packages for bullseye and bookworm,
then push buildinfo files and then push debs.

Some changes:
* nightlies will not be pushed if the bookworm job fails. This is
  largely to simplify the configuration and also because we're going to
  move to bookworm pretty soon.
* Authentication will be done via a GitHub token, which will be
  configured by infra.
* Running `clean-old-packages` will happen via the securedrop-apt-test
  repository itself instead of during nightly builds.

Fixes #1776.
@legoktm legoktm force-pushed the nightlies branch 2 times, most recently from 82d75f8 to 35e743f Compare February 6, 2024 13:56
@rocodes
Copy link
Contributor

rocodes commented Feb 6, 2024

Thanks so much @legoktm this is great. Just documenting for our future selves: the desired behaviour is to hold back all the day's packages if there's one that fails to build, yes? Is that true on bookworm and bullseye? Seems sensible in terms of keeping machines in sync, but definitely means we have to be proactive about flaky CI and failures in component repos (also desirable)

I was mildly confused about the usage of the builder repo, per my inline comment, but it makes sense (and not to be a monster but it makes me want to rename it to securedrop-localwheels or something)

@rocodes rocodes self-requested a review February 6, 2024 14:43
rocodes
rocodes approved these changes Feb 6, 2024
View reviewed changes
Copy link
Contributor

@rocodes rocodes left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, based on visual review and reviewing github workflow output. Left a couple of clarifying comments/questions just for future searchability.

@legoktm
Copy link
Member Author

legoktm commented Feb 6, 2024

the desired behaviour is to hold back all the day's packages if there's one that fails to build, yes? Is that true on bookworm and bullseye

Yes. Previously the behavior was if any bullseye build failed, all nightlies would be held up. But if any bookworm build failed, the bullseye nightlies would still be pushed. This made sense when we first implemented it because bookworm hadn't been released yet so build failures weren't unexpected and also we were pretty far away.

Now if any build, across either bullseye or bookworm fails, none of the nightlies will fail. I think this is reasonable since bullseye is stable and we're pretty close, relatively, to moving to it. I think if we added trixie CI post-bookworm, we'd want to have it be non-blocking as well.

but definitely means we have to be proactive about flaky CI and failures in component repos (also desirable)

Yep, there's also an icinga check for new nightlies as well.

@legoktm legoktm merged commit 4515a2e into main Feb 6, 2024
62 of 67 checks passed
@legoktm legoktm deleted the nightlies branch February 6, 2024 15:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rocodes rocodes rocodes approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Build nightlies from this repository
2 participants
@legoktm @rocodes