On 03/08/2018 01:32 PM, Michael Cronenworth wrote:

Why must the process change? It seems every bit of Fedora in the past year has been changing... for the sake of change.

We've had extreme issues with stability in Rawhide lately that could have been prevented with automated testing. These issues cost a lot of time from infrastructure, QA, and release engineering members. They also caused us to be unable to compose Rawhide and Fedora 28 for quite some time. Not all of these issues would have been caught by package gating, but some would.

I'm going to speak up now and be a little more involved.

+1!

Do you want Rawhide used the same as Fedora N releases? If you want that I propose we remove Fedora N-1 releases. When branched occurs I have to switch branches four times. I'd much rather invest time in removing the need to support Fedora N-1 and if that means gating for Rawhide I can get on board.

I don't think making Rawhide used the same as Fedora N releases is the goal here, though I think it would also improve things for people who do choose to use Rawhide. I personally think we should continue to support N-1.

On 03/08/2018 11:11 AM, Richard Shaw wrote:

What about making side tags easily available to packagers directly? I could build my package that includes an ABI breaking update and rebuild the dependencies within that side tag and then submit when everything is complete.

Yes, teaching bodhi about side tag management was one idea talked about.

Then you would do:

* get a side tag from bodhi * build all your stuff, test it, etc. * submit update with all those builds * CI/automated tests run on it, and if all is ok goes out in the next rawhide compose. * If not ok, you could wave the results or build more things/edit the update until it passes.

The only downsides to this is that it means more code for bodhi, and more newrepos for koji.

kevin

Milan Crha wrote:

so it looks like you are going to remove chain-build from fedpkg, right? It's kind of pain it doesn't work for stable, but if you want to get rid of it for rawhide too, or add some unnecessary obstacles for its usage, then it's a downgrade like the kerberos usage (it's a pain to write my password all the time when I want to do something in packaging, with compare of once-per-year replace of the certificate, but that's another story, which only adds to the feeling of making process more and more painful instead of simpler (I heard some time ago something like this "security by obscurity", with which I fully agree)). I chain-build like this "A : B : C D", which means in stable that I build A, then fill override, then I build B, then fill an override, the I build C and D and then I fill the update. I hope the difference in stable and chain-build usage is obvious.

+1

Anyway, could you enlighten what you call "if all is ok"? That's pretty important measure.

What do I do if it's not ok?

I guess then you will need to fix whatever the gating is complaining about and start all over again. :-(

I do maintain a package which is in critpath. I'm not a proven packager, thus I cannot touch anyone's package (I hesitate to do it anyway, even there are cases where are not many other options). If my critpath package changes API and soname versions, then other packages, for which I do not have commit rights, will be broken by that update, but the update as such will build and look just fine. What do I do now? Will I hunt for respective maintainers and co-maintainers kindly asking them to do something about it? The paper work around this (finding who it is, their email addresses, writing them a mail) would be a pain on its own, but more painful would be the delay in the delivery. It will not be rawhide anymore, from my point of view.

+1

I did a soname version bump in one of my packages recently and announced it, with a list of "possibly affected packages". I know my work flow is wrong in this regard, but I kind of rely on the notifications of broken dependencies to rebuild what is really needed to be rebuilt, because the packages sometimes requires something bigger in the build time, which is not actually used in the run time (just my feeling, no prove available). I didn't receive any single notification of broken dependencies this time. While it's possible someone was just quicker than me, I believe it's highly unlikely. I also believe I didn't filter out any such "broken dependencies" mail notifications from my notification settings, they used to come in the past.

Broken dependency notifications are disabled because the scripts are broken: they still use yum, which does not support the boolean dependencies. It is sad that this was still not fixed after months. Instead of wasting their time on annoyances such as update batching and now Rawhide gating, the infrastructure team should instead spend it to fix the existing essential QA tools.

That's also another disadvantage of the gating. I recall seeing broken dependencies messages for package I've no commit rights for for weeks. Either the maintainer (or co-maintainer) didn't receive those messages similar like me, or they just didn't care. How would I force them to rebuild/correct (I am definitely willing to help to correct the packages when an API change requires it) their packages, when they already ignore/filter out broken dependencies notifications? Should I hunt for a proven packager to move things forward, thus other packages can rely on the provided change? Proven packagers have their own work to do to, they cannot be disrupted from their work every other day by hundreds of packages to help with the packages their update broke.

+1. As a provenpackager, I have other things to do than rebuilding packages 24/7 because everything blocks on the rebuild.

By the way, why was the compose of rawhide broken for several days?

Because a broken dependency in ANY package included on ANY release-critical deliverable now fails the ENTIRE compose process. It is clear that this does not scale.

Corresponding people/packagers not being available? It looks to me that you just want to move the issue to a slightly upper level, but then you'll have working rawhide compose, which will not use the recent/bleeding code. It is, from my point of view, the main credit of Rawhide, to be on the bleeding edge.

It would be very sad to turn Rawhide from 'package update' to 'people hunt' task.

And I have to +1 these last 2 paragraphs as well.

Kevin Kofler

Kevin Fenzi wrote:

On 03/09/2018 05:42 AM, Kevin Kofler wrote:

...

Because a broken dependency in ANY package included on ANY release-critical deliverable now fails the ENTIRE compose process. It is clear that this does not scale.

That is not what is causing the broken composes. See my last email.

At least one of the daily composes failed due to that (the last before things started working again). And I think several previous ones either also failed the same way, or the error was masked by a failure earlier in the process. The KDE Spin unfortunately had several issues with broken dependencies in those 2 weeks, e.g., I had to fight with a qt5-qtwebengine FTBFS caused by a GCC 8 regression that took us a few days to work around (and the GCC team a few more days to fix in GCC, but at least the workaround worked), which prevented rebuilding it for a new Qt and a new soname of some other library. (I do not follow the other release-blocking deliverables closely enough to know what their state was in those 2 weeks.)

Kevin Kofler

Kevin Fenzi wrote:

yeah, but you would have even better workflow with a side tag.

The problem with a workflow relying entirely on side tags is that it is going to increase the risk of conflicts with concurrent changes (a phenomenon already somewhat present where side tags are used, but using side tags for everything is going to make it worse).

If my package depends on liba and libb, and if we have side tags f29-liba and f29-libb at the same time, when they are merged, the rebuild merged later will replace the one merged earlier and we will still end up with a half-broken package, or if we're lucky, the gating will fail the second merge (but only if the gated merges are serialized, otherwise there is a possible race condition there too).

Kevin Kofler

Pierre-Yves Chibon wrote:

Do note that the uniqueness constraint that koji has will mitigate things there. For a package to be built for -liba and then -libb, the package will need to have its release field bumped twice.

Sure, but that has not prevented conflicts in the past either, because it does not ensure that the second bump is actually built against the new library for which the first bump was committed.

Kevin Kofler

On 03/12/2018 09:35 AM, Pierre-Yves Chibon wrote:

On Mon, Mar 12, 2018 at 03:58:13PM +0100, Kevin Kofler wrote:

...

Pierre-Yves Chibon wrote:

...

Do note that the uniqueness constraint that koji has will mitigate things there. For a package to be built for -liba and then -libb, the package will need to have its release field bumped twice.

Sure, but that has not prevented conflicts in the past either, because it does not ensure that the second bump is actually built against the new library for which the first bump was committed.

...snip...

Solutions:

• Do not allow one package to be in two side-tags at the same time?

I think this would be difficult...

• Ensure the tests for Case #2 would prevent the merge (doable?)

Yeah, that might be nice. In fact if it's a library so change it would easy because there would be broken deps.

• Figure out if between build and side-tag merge-request one of the package in that side tags has been part of another side-tag (definitely doable, "just" a little more logic)
• Another idea?

I think these cases are rare and also that maintainers should communicate, so they should be detected.

Notifications of builds and/or commits should definitely tell a maintainer that two people are rebuilding things in two side tags.

Perhaps when creating a side tag we could display the existing ones so you know if what you are trying to do might overlap with an existing one? For that we might need a short description of the side tag...

f29-kevin-xfce "Side tag to build the Xfce stack" or f29-exampleuser-boost "Side tag to rebuild against new boost x.y.z"

kevin

Hi,

On Fri, 2018-03-09 at 11:35 -0800, Kevin Fenzi wrote:

Sure, with this proposal you would:

• request a side tag
• build a, wait for it to be added to the repo, build b, etc.

You would not need to file overrides, just build them in the right order with wait-repo between them.

well, it's not better, it's worse. I could not just run one command and let the computers do the task on their own, I just check from time to time whether anything broken, but I'd be supposed to babysit whole build process with the packages from the "chain-build"? That's truly worse, needs more of my time, while the koji can do it on its own. Computers are here to help people, right? :)

By the way, I just successfully ran chain-build from an f28 branch. https://koji.fedoraproject.org/koji/taskinfo?taskID=25654934 That surprised me, I expected to be kicked of, as it used to do, but it didn't do it (it used to kick me off in the past, especially after branching/bodhi activation point). I wanted to try whether chain-build with --target would make the trick, it also used to work.

I'd like to see a 'no new broken deps' test/check... but we could change the tests over time.

Yeah, that's it, without such test you just make obstacles to packagers with no gain at all (if broken deps are recognized only after pushing the side tag into the Rawhide, then it's really only about unneeded obstacles).

You request a side tag,

Who is going to respond to it? Will it be automated, with no specific people being involved? Automated side tags sound wrong, from my point of view. Hunting for people in different timezones to let me do my duty sounds even worse.

build your new package in that, then tell all the dependent package maintainers to use that side tag to rebuild all their packages.

Oh, having multi-process synchronization is kind of unsolvable problem (if I recall my college study properly), how you'd like to synchronize the process between people in various countries and time zones in practice, while limiting the delay to a minimum?

All those people should be watching your package or at least easy to communicate to.

Watching a package and/or have commit rights usually brings in tons of unrelated stuff in your Inbox. Yes, there are settings, but I cannot decide which changes are relevant to my package and which not unless I read the info about the change. After some time one can just ignore most of the messages anyway (people do lack of time, the more those volunteers in the community).

...

That's also another disadvantage of the gating. I recall seeing broken dependencies messages for package I've no commit rights for for weeks.

Yep. Or longer.

Definitely, and it's the main point against gating Rawhide. If people cannot react in the timely manner right now, with already working infrastructure, how is the gating going to help and address this problem at the first place?

The gating will help to have buildable composes all the time. That's its main purpose, right? Then it'll help with what? What is it good for to have buildable composes, when they are using outdated software? All the QA work will be wasted on those composes, because of delay of some package update due to the gating.

You could ask for commit on those packages you need commit on. If those maintainers don't approve it, ask for unresponsive maintainer process and you will get commit rights.

Maybe they have a reason why they want to have as less people on the package as they can. Or they can miss some notification from "pkgdb" (I know, it's not pkgdb these days) or have it lost in the spam folder... And it's a bad idea to expect that other people have time to work on Fedora just at the moment when I decide to push in some giant API change, not talking that many of the packagers just do "proxies" for upstream, they possibly never touched the upstream code to be able to fix anything in the code, thus they rely on response from the upstream, which can add even more delay in some cases. Not talking that unresponsive maintainer process should be started only after some time of inactivity of the package maintainer.

If they still don't show up, you could look at retiring those packages so they drop from the collection and don't bother you anymore.

Oh, I'd not like to go that far, for basically the same reasons as in the previous paragraph.

It's been a long trail of things that needed to get worked out. it has nothing to do with availability. A number of people have been spending lots of time fixing things.

I see, that's understandable. How is rawhide gating going to help with this in practice? (Search for 'outdated software' above.) There will be still needed some people looking into the issue and spend their time on it, maybe they will be in less pressure, but I'm afraid it'll be just a feeling. Nobody should expect infrastructure folks understand each package (like you mentioned systemd here), at least I do not expect it, thus I'd expect you had some coordination with systemd package maintainer and its upstream to find out the root cause of the problem. Was it any smooth? Did it even happen? Might each maintainer of a crit- path package (or a package which has some users (libraries)) do the same round trip as you did for the last week?

• Bodhi enablement was also this week...

Yeah, I've been always wondering why the timing with Beta freeze and Bodhi activation is so bad. There is a GNOME stable release this Wednesday, the 3.28.0 version, and GNOME is the desktop environment of Fedora Workstation, still these two schedules collide in a way that the Beta contains development version of packages which turned into stable only few days after Beta freeze/Bodhi activation (I've here similar concerns as with 'outdated software' usage above). Anyway, I do not want to change subject of this (sub-)thread, there are other places where it had been discussed in the past, all of this only reminded me of it.

Well, more communication is better. If people aren't responding we should know that and fix it, not just toss packages over a wall and wander off.

Yes, definitely, though there are still legitimate cases when people do not have time and nobody can do with it anything. That's just life. Bye, Milan

Le 2018-03-12 12:10, Pierre-Yves Chibon a écrit :

On Mon, Mar 12, 2018 at 11:33:36AM +0100, Milan Crha wrote:

...

Hi,

On Fri, 2018-03-09 at 11:35 -0800, Kevin Fenzi wrote:

...

Sure, with this proposal you would:

• request a side tag
• build a, wait for it to be added to the repo, build b, etc.

You would not need to file overrides, just build them in the right order with wait-repo between them.

well, it's not better, it's worse. I could not just run one command and let the computers do the task on their own, I just check from time to time whether anything broken, but I'd be supposed to babysit whole build process with the packages from the "chain-build"? That's truly worse, needs more of my time, while the koji can do it on its own. Computers are here to help people, right? :)

Tooling can be built no? Why do you assume we can't make chain-build work with side-tags?

Also current chain-build is too primitive to handle complex chains

https://github.com/rpm-software-management/mock/issues/170

Regards,

Le lundi 12 mars 2018 à 14:51 +0100, Michael Šimáček a écrit :

On 2018-03-12 12:19, Nicolas Mailhot wrote:

...

Also current chain-build is too primitive to handle complex chains

https://github.com/rpm-software-management/mock/issues/170

Koji chain-builds and mockchain are unrelated (both are primitive, I don't disagree with that).

Yes that was mostly point to a document specifying how chain build should be implemented to handle boostraps and make sure the result is self-hosting.

If the rawhide workflow is going to depend on side tags and chain builds, they better be automated, robust and correct

Regards,

On Mon, Mar 12, 2018 at 12:48:02PM +0100, Milan Crha wrote:

Hi,

On Mon, 2018-03-12 at 12:10 +0100, Pierre-Yves Chibon wrote:

...

On Mon, Mar 12, 2018 at 11:33:36AM +0100, Milan Crha wrote:

...

On Fri, 2018-03-09 at 11:35 -0800, Kevin Fenzi wrote:

...

Sure, with this proposal you would:

• request a side tag
• build a, wait for it to be added to the repo, build b, etc.

You would not need to file overrides, just build them in the right order with wait-repo between them.

Tooling can be built no? Why do you assume we can't make chain-build work with side-tags?

That wasn't my suggestion, that's what Kevin Fenzi suggested and I sort of questioned it. :)

...

Seems to me much more interesting to say: I have a few packages to update, let's update them, ok I'm done, could you check if I missed any? yes -> fix, no -> merge

Yes, definitely. How that "checked if I missed any" question will be implemented is important. It's necessary to have it done before merging the side tag, otherwise there will be no gain in gating at all, right? The best time is to have done the final check automatically when the merge of the side tag is requested, if I understand it correctly.

The way I envision this would be: you request the side tag to be merged, the test will be run, report its outcome to you. If the outcome is positive (the test passed) it will automatically merge the tag, and otherwise it won't touch the tag, giving you the opportunity to fix the issue.

Does that sound right?

...

The difference is that during that week, we will still be able to compose rawhide tomorrow (and thus test all the other changes), while we can't today.

I see, that makes perfect sense. Some packages won't stop the rest of the distribution. I'm only afraid people will care less when the problem will be in a side tag, rather than in the main stream.

I guess that could happen, but on the other side, since the problem is isolated in a side-tag it's not in the main stream and thus not available, even to the people who started working on this.

Pierre

On 03/12/2018 04:48 AM, Milan Crha wrote:

Hi,

On Mon, 2018-03-12 at 12:10 +0100, Pierre-Yves Chibon wrote:

...

On Mon, Mar 12, 2018 at 11:33:36AM +0100, Milan Crha wrote:

...

On Fri, 2018-03-09 at 11:35 -0800, Kevin Fenzi wrote:

...

Sure, with this proposal you would:

• request a side tag
• build a, wait for it to be added to the repo, build b, etc.

You would not need to file overrides, just build them in the right order with wait-repo between them.

Tooling can be built no? Why do you assume we can't make chain-build work with side-tags?

That wasn't my suggestion, that's what Kevin Fenzi suggested and I sort of questioned it. :)

To be clear I didn't suggest chain build wouldn't work, I just outlined a workflow I could see myself using. I suspect chain build would work on a side tag just fine with --target passed to it. But of course we would want to test and note this use case.

So, thanks for bringing it up...

kevin

On Mon, 2018-03-12 at 12:12 +0100, Kalev Lember wrote:

On 03/12/2018 11:33 AM, Milan Crha wrote:

...

I wanted to try whether chain-build with --target would make the trick, it also used to work.

It should work if you use '--target f28-gnome'

Hi, yes, I know, that's why I wrote "it also used to work". I also used to be kicked off when trying chain-build after bodhi activation (something about "fXX-candidate not deriving from fXX-build", but I do not recall it precisely), which seems to be accepted right now, except after the build of the first package the next in the chain would wait "ad infinity" to have the first package appear in f28-build.

It's only that `koji cancel` doesn't work here (with python3, it does when using python2), thus it took me longer to find out what to do to stop the previous chain build, mark the one finished package with proper tag and start the chain-build in the side tag. Thanks and bye, Milan

Martin Kolman wrote:

That would be really nice! There are often cases where a fix or enhancement needs to land in at least two components at once (in our cases usually pykickstart & anaconda and/or blivet & anaconda) and the only "atomic" way of doing that is doing a chainbuild, which, frankly, sucks:

• cryptic CLI syntax, no Web UI
• totally different process from branched releases
• you need to have commit right to all involved packages
• no automated tests run on the results whatosoever
• no way to tell list inidividual scratchbuilds in the past (AFAIK)

So having the option to use Bodhi to group atomic package updates for Rawhide to a Bodho update would be really useful!

• consistent with branched Fedora process
• no need to be commiter for all packages, just tell the other maintainers

to add their new build to the update

• tests could be easily hooked to the update
• Web UI
• ability to see & link people to pending & past updates

I might be missing some of the technicalities but this really seems like a win-win solution while keeping the current process in place due to the updates being optional.

A chain build is much more effective than the Bodhi process though. See Milan Crha's reply.

Kevin Kofler

On 08/03/18 19:25, Mattia Verga wrote:

Il 08/03/2018 20:11, Richard Shaw ha scritto:

...

What about making side tags easily available to packagers directly? I could build my package that includes an ABI breaking update and rebuild the dependencies within that side tag and then submit when everything is complete.

+1

Maybe something like 'fedpkg build --side-tag=pkgname-abichange', that would mean to build that package using all packages already with the same side tag and tag the build with side-tag.

Well if a side tag exists then you can already choose to build in it using the --target switch

What would be needed is a way to create a side tag and then to merge it back.

Tom

On Thu, Mar 08, 2018 at 08:26:30PM -0800, Kevin Fenzi wrote:

On 03/08/2018 07:53 PM, Kevin Kofler wrote:

...

Randy Barlow wrote:

...

It may be possible to automate the process a bit to make it less heavy for developers, though there is some complication for multi-package updates

Some automation would help, sure. But if we are going to do things automatically, why bother with Bodhi at all?

Well, we don't currently have another tool to show results and allow waving of them. We could come up with another app and have yet a different place and workflow from regular releases, but why not stick to the same workflow and avoid making yet another app.

...

We are already building into a pending tag for the autosigning, from which the packages are moved into the final tag when they are signed. The same process should work for autotesting. Just add it before or after the autosigning in the pipeline, possibly with another intermediate tag.

I think that Bodhi is really the wrong tool for the job here. What you are trying to hit with your shiny hammer may look like a nail to you, but it is really a screw. ;-)

I don't think thats the case here, it's more than we don't want to build another different tool for something that could work with the hammer we have.

To be fair, there was a suggestion that we show results in pagure/src.fedoraproject.org, but to me, that definitely sounds like the wrong place for such things. We want tests tied to a specific update, not the entire package as a whole. (Even thought we could fudge this by having git tags or something to tie results to).

For regular Fedora releases I definitely agree with you, but for rawhide where the only time we bundle package together would be via side-tags, I think reporting test results to src.fp.o would be a valid approach.

Pierre

On Fri, Mar 09, 2018 at 10:12:37AM +0100, Mathieu Bridon wrote:

We could take a hint from how we make software upstream these days:

1. submit a pull request for the package in src.fp.o on the master branch
2. a CI automatically builds this package in Koji
3. merge the pull request into master
4. the build (from step 2) is tagged for Rawhide, without a rebuild

Gating is achieved by preventing merges if the build/tests fail.

This has been discussed but requires a way for koji to "promote" scratch builds to real builds and this isn't a small task. Long term, I do think this is a good idea anyway yes.

Pierre

On Fri, Mar 09, 2018 at 06:48:56PM +0100, Mathieu Bridon wrote:

On Fri, 2018-03-09 at 10:38 +0100, Pierre-Yves Chibon wrote:

...

On Fri, Mar 09, 2018 at 10:12:37AM +0100, Mathieu Bridon wrote:

...

We could take a hint from how we make software upstream these days:

1. submit a pull request for the package in src.fp.o on the master branch
2. a CI automatically builds this package in Koji
3. merge the pull request into master
4. the build (from step 2) is tagged for Rawhide, without a rebuild

Gating is achieved by preventing merges if the build/tests fail.

This has been discussed but requires a way for koji to "promote" scratch builds to real builds and this isn't a small task. Long term, I do think this is a good idea anyway yes.

It doesn't have to be scratch builds, it could be real builds in a side tag.

That would register in koji's DB the unique NEVRA which means, the PR can't be updated without bumping the release field.

Pierre

On 03/09/2018 04:06 AM, Pierre-Yves Chibon wrote:

...

To be fair, there was a suggestion that we show results in pagure/src.fedoraproject.org, but to me, that definitely sounds like the wrong place for such things. We want tests tied to a specific update, not the entire package as a whole. (Even thought we could fudge this by having git tags or something to tie results to).

For regular Fedora releases I definitely agree with you, but for rawhide where the only time we bundle package together would be via side-tags, I think reporting test results to src.fp.o would be a valid approach.

I think this would be great when the intended update has only one package in it. For times when we need to update n packages together it might be tricky, but perhaps we can think of a way to indicate that a set of patches to different repositories are meant to be a single atomic change.

On 03/08/2018 10:53 PM, Kevin Kofler wrote:

IMHO, this is highly impractical. Having to file Bodhi updates for every Rawhide build will make development cringe to a halt.

The proposal is to automate the filing of Bodhi updates, so in most cases you would not really interact with them unless tests fail. I hinted at a "perhaps 1 day", but it was suggested elsewhere that we could also not have any time restrictions and just send it to stable as soon as automated tests pass. I don't have strong feelings about the policy there, so if we went that direction you might not even notice Bodhi is involved unless the tests fail (in which case you should take action anyway).

Some automation would help, sure. But if we are going to do things automatically, why bother with Bodhi at all?

As nirik said, because we have it. Bodhi's mission in life is gating[0], and we want to gate Rawhide. We have a tool that does that now, and it's easier to use it (even if it would need a few changes) than it is to create another service.

We are already building into a pending tag for the autosigning, from which the packages are moved into the final tag when they are signed. The same process should work for autotesting. Just add it before or after the autosigning in the pipeline, possibly with another intermediate tag.

The "it" is the thing we don't have, outside of a conveniently already created tool.

I think that Bodhi is really the wrong tool for the job here. What you are trying to hit with your shiny hammer may look like a nail to you, but it is really a screw. ;-)

After having been in Bodhi's JSON rendering code today, it doesn't look so shiny to me, but thanks for the compliment.

As I said, Bodhi's mission is gating, and gating is the proposal here, so I think it is actually a good tool to use.

[0] I more generally think of Bodhi as a community driven Koji admin.

Thanks for starting this discussion and I really want to thank you for offering Bodhi to handle the Rawhide. It would be really sad I some other system was used for Rawhide then for stable versions.

Dne 9.3.2018 v 10:20 Pierre-Yves Chibon napsal(a):

On Thu, Mar 08, 2018 at 01:00:32PM -0500, Randy Barlow wrote:

...

I would like to kick off a general discussion about how we might gate packages in Rawhide. I think it would be nice to get something in place for the Fedora 29 timeframe.

I was waiting to have some more time to work on it to kick off that discussion. This is cool as it means there are more people interested in having this :)

...

As one of the Bodhi contributors, I am inclined to suggest that we could use Bodhi on Rawhide, similar to how we use it for our stable/branched releases, with more relaxed rules (perhaps 1 day in testing or something simple).

It may be possible to automate the process a bit to make it less heavy for developers, though there is some complication for multi-package updates (more on that in a bit). For simple package updates, we may be able to detect new commits on dist-git, and react to those by automatically starting a Koji build, and automatically filing a Bodhi update when that build is complete. I think that would be pretty nice, and pingou created a PoC[0] to do this about a year ago.

Multi-package updates won't be so easy though. It's not uncommon for us to need to update packages together, and the above workflow would be problematic since it would result in updates with single packages in them rather than updates with multiple packages. Of course, buildroot overrides would be a problem too, since multi-package updates often depend on each other at build time too.

We could create some way for packagers to indicate that a commit (or possibly even a whole repo) is not intended to be "autobuilt/updated". If the packager indicates this then their builds would go into a rawhide-pending (similar to what we do for f27 today). Once they have all their builds (and buildroot overrides) the way they want them, they can create the update.

Another idea that was tossed around in some chats I had with people about this involved a system for packagers to use to create Koji side tags. Bodhi manages BuildRoot Overrides today (with expirations), so perhaps Bodhi could be expanded to also manage Koji side tags (also with expirations). I can't remember all the details about this approach or why it was suggested over the former approach, but I wanted to list it to invite others to chew on it and see if it could work.

If you have other suggestions on how we might gate packages in Rawhide that are wildly different than the above, please feel free to share!

I had a different idea in mind, basically try to keep the experience as close as what it is now. for single package:

• packager commit
• packager build
• build is tagged into a specfic koji tag
• test are run on this tag -> results go to src.fp.o
• if tests pass
  • package is moved to another koji tag
  • package is signed
  • package is pushed to rawhide
• if tests do not pass
  • do nothing
  • if the user submits a waiver
    • move the package to the next koji tag for signing it

If a packager does not want to run the tests, we could have a fedpkg build --noci that would directly build the package in the koji tag used for signing the package (useful for mass-rebuild for example)

for multi-package:

• packager requests a new side-tag (I'd propose via bodhi)
• packager build all the different packages in that side-tag
• packager asks for the side tag to be merged
• tests are run on all these packages -> results go to src.fp.o --> We probably want to also report them on the bodhi request to merge the tag as otherwise the packager will have to go through all the package to find the one(s) that failed
• if tests pass -> cf above

I more or less like your proposal. But I have to highlight one danger of sidetags and that is you have use the "--target" option. If you forget it by accident (and it is quite easy to forget), you will unintentionally mess the main Rawhide repository. From this POV is much safer to use build overrides. Also, using buildroot overrides is probably more infrastructure resources friendly. BTW the buildroot overrides could be submitted automatically by "fedpkg build", with possible opt-in/out (depends what will qualify to be better default).

Also, using side-tags without appropriate branches is wasted opportunity. If I could have "master-mysidetag" branch, I would use to build my packages and side-tag merge would mean to merge dist-git as well as the repository, it would be even more meaningful.

For this to work we could need:

• one new koji tag on rawhide (easy)
• support for side-tags in bodhi
• likely improving the side-tags generation in koji
• a few services, likely fedmsg-based, to link the different services (tests results to src.fp.o/bodhi, migrate package to the next koji tag when test results is published, when a waiver is submitted push the package to the next koji tag...)

The idea to automatically build upon commit is neat and something we can look into, but I think it can be approached separately from gating rawhide, one doesn't require the other.

I really don't like the idea of building something based on commit. Each commit should be atomic and meaningful. If you will build based on commit, that could motivate maintainers to put more unrelated changes into single commit. And of course, you should be speaking rather about "build unpon push", since push can contain more commits.

V.

Speaking of both changes in one go might confuse things a little.

Pierre

---

devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-leave@lists.fedoraproject.org

Dne 9.3.2018 v 11:24 Pierre-Yves Chibon napsal(a):

On Fri, Mar 09, 2018 at 10:52:27AM +0100, Vít Ondruch wrote:

...

I had a different idea in mind, basically try to keep the experience as close as what it is now. for single package:

• packager commit
• packager build
• build is tagged into a specfic koji tag
• test are run on this tag -> results go to src.fp.o
• if tests pass
  • package is moved to another koji tag
  • package is signed
  • package is pushed to rawhide
• if tests do not pass
  • do nothing
  • if the user submits a waiver
    • move the package to the next koji tag for signing it

If a packager does not want to run the tests, we could have a fedpkg build --noci that would directly build the package in the koji tag used for signing the package (useful for mass-rebuild for example)

for multi-package:

• packager requests a new side-tag (I'd propose via bodhi)
• packager build all the different packages in that side-tag
• packager asks for the side tag to be merged
• tests are run on all these packages -> results go to src.fp.o --> We probably want to also report them on the bodhi request to merge the tag as otherwise the packager will have to go through all the package to find the one(s) that failed
• if tests pass -> cf above

I more or less like your proposal. But I have to highlight one danger of sidetags and that is you have use the "--target" option. If you forget it by accident (and it is quite easy to forget), you will unintentionally mess the main Rawhide repository. From this POV is much safer to use build

You wouldn't mess the main repo as it would not have been built against the new version of the library you updated and are trying to rebuild against.

It depends what you are building. If are building package foo with soname bump and its dependencies, the if you build the foo by accident into the official tag, then you are in troubles.

And for that dependencies, it depends. If you bum some dependency in the middle of the chain, to be compatible with the new soname, but it requires some other runtime dependencies, and you build it in the official tag instread of the side tag, you are in trouble again.

So for that package there is no change compared to what was already in rawhide. And for the side-tag when trying to merge it changes are that the tests would fail no?

...

overrides. Also, using buildroot overrides is probably more infrastructure resources friendly. BTW the buildroot overrides could be submitted automatically by "fedpkg build", with possible opt-in/out (depends what will qualify to be better default).

Buildroot override means we gate the packages for an unknown time. The buildroot override means: adding to the buildroot something that isn't already there. So how would we know when to wait (depending libraries need a rebuild) and when not to wait (single-package update)? If we always push, we end up with the current rawhide situation no?

The buildroot override can be sumbitted or expired. You can't do that in Rawhide now. So there are two possibilities:

1) We automatically submit override, but it could be expired based on testing. 2) If more packages are needed to build, the override can be submitted manually.

If we default to wait, we end up with what we have currently in stable releases and are changing quite our packaging workflow. I'm not saying it's not an option, just that it needs to be made clear to everyone.

...

Also, using side-tags without appropriate branches is wasted opportunity. If I could have "master-mysidetag" branch, I would use to build my packages and side-tag merge would mean to merge dist-git as well as the repository, it would be even more meaningful.

This seems a lot of work without necessary a lot of gain tbh.

It was just me dreaming :) I realize it is a lot of work so this would be just NTH.

V.

Pierre

---

devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-leave@lists.fedoraproject.org

On 03/09/2018 04:20 AM, Pierre-Yves Chibon wrote:

I had a different idea in mind, basically try to keep the experience as close as what it is now. for single package:

• packager commit
• packager build
• build is tagged into a specfic koji tag
• test are run on this tag -> results go to src.fp.o
• if tests pass
  • package is moved to another koji tag
  • package is signed
  • package is pushed to rawhide
• if tests do not pass
  • do nothing
  • if the user submits a waiver
    • move the package to the next koji tag for signing it

If a packager does not want to run the tests, we could have a fedpkg build --noci that would directly build the package in the koji tag used for signing the package (useful for mass-rebuild for example)

I would really like to have tests in src.fpo, but I think they would be most helpfully displayed on pull requests, rather than after I've already made a Koji build. This is more similar to the workflow I'm accustomed to when I work on Bodhi's upstream code - I submit a PR and CentOS CI (which is very nice btw) chews on it and tells me if I'm good to merge. For a single package update (which is most of what I personally do) it would be very nice to have this before I merge my PR in Pagure.

So all that to say that I like the above, but I'd like to propose that there also be some tests run before I commit (i.e., merge the PR) and build in Koji (for cases where we use PRs. I'm not proposing we require PRs, but that it be available for those of us who would like to use that workflow). PRs do get the simplekojici build today, which is cool. I'd really just like a few more tests than that to be run as well.

for multi-package:

• packager requests a new side-tag (I'd propose via bodhi)
• packager build all the different packages in that side-tag
• packager asks for the side tag to be merged
• tests are run on all these packages -> results go to src.fp.o

At this point there aren't pull requests, right? Where would we display this in src.fp.o that would make it clear which change the test results pertain to?

--> We probably want to also report them on the bodhi request to merge the
    tag as otherwise the packager will have to go through all the package to
    find the one(s) that failed

Do you mean that Bodhi would display them on a side tag page? Or in this scenario are you suggesting that a Bodhi update has been created? The update would be less friction since we already have code to display test results on Bodhi updates.

The idea to automatically build upon commit is neat and something we can look into, but I think it can be approached separately from gating rawhide, one doesn't require the other. Speaking of both changes in one go might confuse things a little.

True, it's orthogonal.

On Fri, Mar 09, 2018 at 10:20:12AM +0100, Pierre-Yves Chibon wrote:

On Thu, Mar 08, 2018 at 01:00:32PM -0500, Randy Barlow wrote:

...

I would like to kick off a general discussion about how we might gate packages in Rawhide. I think it would be nice to get something in place for the Fedora 29 timeframe.

I was waiting to have some more time to work on it to kick off that discussion. This is cool as it means there are more people interested in having this :)

...

As one of the Bodhi contributors, I am inclined to suggest that we could use Bodhi on Rawhide, similar to how we use it for our stable/branched releases, with more relaxed rules (perhaps 1 day in testing or something simple).

It may be possible to automate the process a bit to make it less heavy for developers, though there is some complication for multi-package updates (more on that in a bit). For simple package updates, we may be able to detect new commits on dist-git, and react to those by automatically starting a Koji build, and automatically filing a Bodhi update when that build is complete. I think that would be pretty nice, and pingou created a PoC[0] to do this about a year ago.

Multi-package updates won't be so easy though. It's not uncommon for us to need to update packages together, and the above workflow would be problematic since it would result in updates with single packages in them rather than updates with multiple packages. Of course, buildroot overrides would be a problem too, since multi-package updates often depend on each other at build time too.

We could create some way for packagers to indicate that a commit (or possibly even a whole repo) is not intended to be "autobuilt/updated". If the packager indicates this then their builds would go into a rawhide-pending (similar to what we do for f27 today). Once they have all their builds (and buildroot overrides) the way they want them, they can create the update.

Another idea that was tossed around in some chats I had with people about this involved a system for packagers to use to create Koji side tags. Bodhi manages BuildRoot Overrides today (with expirations), so perhaps Bodhi could be expanded to also manage Koji side tags (also with expirations). I can't remember all the details about this approach or why it was suggested over the former approach, but I wanted to list it to invite others to chew on it and see if it could work.

If you have other suggestions on how we might gate packages in Rawhide that are wildly different than the above, please feel free to share!

I had a different idea in mind, basically try to keep the experience as close as what it is now. for single package:

• packager commit
• packager build
• build is tagged into a specfic koji tag
• test are run on this tag -> results go to src.fp.o
• if tests pass
  • package is moved to another koji tag
  • package is signed
  • package is pushed to rawhide
• if tests do not pass
  • do nothing
  • if the user submits a waiver
    • move the package to the next koji tag for signing it

If a packager does not want to run the tests, we could have a fedpkg build --noci that would directly build the package in the koji tag used for signing the package (useful for mass-rebuild for example)

In the graphs, the red arrows are always full, i.e. signify manual steps. Is this an oversight, or are so many manual steps actually needed in that workflow?

for multi-package:

• packager requests a new side-tag (I'd propose via bodhi)
• packager build all the different packages in that side-tag
• packager asks for the side tag to be merged
• tests are run on all these packages

Are those tests run will all the packages in the side-tag, or with each package separately installed onto current rawhide? I assume the first, but please clarify that.

-> results go to src.fp.o
--> We probably want to also report them on the bodhi request to merge the
    tag as otherwise the packager will have to go through all the package to
    find the one(s) that failed

• if tests pass -> cf above

I see two advantages of the workflow with bodhi: - we can reuse existing reporting interfaces, for tests results, but also for user comments. In particular I expect that the integration of bodhi with greenwave and gating CI will keep changing and increasing, as required by updates for stable releases, and this would have to be duplicated in pagure, if bodhi is not used. Such features don't seem to be applicable to upstream pagure, but mostly to the src.fp.o, and it'll be an ongoing burden.

- using bodhi updates gives some additional flexibility, for example we (in the future) could make the "push bodhi updates" step *non*-automatic, so that for example a positive karma from another maintainer would be required. This could be used for example as "send mail to fedora-devel, ask for checking update FEDORA-1223345464" on especially tricky or big changes.

All in all, the simpler workflow looks attractive as first blush, but I wouldn't discard the more complicated option just yet. If all the steps were automated, the fact that bodhi is involved would not cause additional work to the maintainer.

Zbyszek

For this to work we could need:

• one new koji tag on rawhide (easy)
• support for side-tags in bodhi
• likely improving the side-tags generation in koji
• a few services, likely fedmsg-based, to link the different services (tests results to src.fp.o/bodhi, migrate package to the next koji tag when test results is published, when a waiver is submitted push the package to the next koji tag...)

The idea to automatically build upon commit is neat and something we can look into, but I think it can be approached separately from gating rawhide, one doesn't require the other. Speaking of both changes in one go might confuse things a little.

Pierre

---

devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-leave@lists.fedoraproject.org

Dne 9.3.2018 v 15:23 Colin Walters napsal(a):

A more modern architecture would be something closer to pull requests on dist-git; tests report into the PR the same way github works today.

May be if we had all .spec files in single repository .....

V.

This would work *particularly* well if it was easy to make a pull request across multiple packages, which would be obvious and easy if we just one git repo rather than thousands. (Or perhaps core/extras git repos).

Examples of systems that work this way:

https://github.com/NixOS/nixpkgs https://github.com/openembedded/openembedded-core https://github.com/clearlinux/clr-bundles _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-leave@lists.fedoraproject.org

On 03/15/2018 04:57 PM, Mohan Boddu wrote:

...

As one of the Bodhi contributors, I am inclined to suggest that we could use Bodhi on Rawhide, similar to how we use it for our stable/branched releases, with more relaxed rules (perhaps 1 day in testing or something simple).

We need a better approach for this, since I am not exactly sure what this solve as it just waiting for only 1 day.

It will introduce automated test gating, which will help identify a few common problems (like missing dependencies). As mentioned elsewhere in the thread, we wouldn't even have to make it wait a day if we don't want to - we could send it on its way once tests pass (this would simply be a matter of policy).

On Wed, Mar 28, 2018, 12:53 Pierre-Yves Chibon pingou@pingoured.fr wrote:

Good Morning Everyone,

Good morning!

Based on the outcome of this discussion, I started trying to draw how the process to update a package in rawhide would look like with rawhide being gated on tests.

There are currently two proposals:

• one that does not involve bodhi updates
• one that does

Both proposals have a different flow for single-package update and multi-packages update.

Here is what I came up with.

Without bodhi:

• Single package update https://pingou.fedorapeople.org/gating_rawhide/GatingRawhide.png
• Multi-packages update

https://pingou.fedorapeople.org/gating_rawhide/GatingRawhide_MultiplePkgs.pn...

With bodhi:

• Single package update https://pingou.fedorapeople.org/gating_rawhide/GatingRawhide_bodhi.png
• Multi-packages update

https://pingou.fedorapeople.org/gating_rawhide/GatingRawhide_MultiplePkgs_bo...

Outside of this workflow things we know we want to have/keep working:

• Keep chain-build working -> would one of the proposal facilitate that?
• Have a way to run tests against an entire side-tag before merging it
• Have a way to ask the tools to re-check greenwave's decision (so that

false negative can be waived and the process continued)

mizdebsk suggested on IRC two ideas which I think would be worth looking into a little bit down the road once we got the basis done:

• new side-tag could be automatically generated from fedpkg build command
• packagers could define a list of packages that should be rebuilt in the side-tag and when all of these packages have been successfully rebuilt,

the request to merge the side-tag is automatically created This would allow to use chain-build and let the entire process be automated.

What do you think?

Looking at your two(four) suggested workflows, they look very similar - there's just bodhi sitting between components in the second case, acting as a MITM, but not really adding anything useful compared to the case without bodhi (please correct me if I am wrong).

So, just to state my opinion (with my packager hat on), I would prefer the first case: without involving additional bodhi updates for rawhide builds. Additionally, these workflows also closely resemble the current workflows for submitting packages to rawhide, which is nice.

Whichever direction fedora will choose in the future, I think being able to test single updates before tagging them to rawhide, and especially being able to run tests against whole side-tags, would be a huge improvement over the status quo, and would especially improve the stability and "composability" of rawhide (and would probably cut down on the notorious number of fedora release delays, as a result).

Fabio

Pierre _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-leave@lists.fedoraproject.org

On Wed, Mar 28, 2018, 14:51 Pierre-Yves Chibon pingou@pingoured.fr wrote:

On Wed, Mar 28, 2018 at 11:16:35AM +0000, Fabio Valentini wrote:

...

On Wed, Mar 28, 2018, 12:53 Pierre-Yves Chibon pingou@pingoured.fr wrote: Based on the outcome of this discussion, I started trying to draw

how

...

 the
 process to update a package in rawhide would look like with rawhide
 being gated
 on tests.

 There are currently two proposals:
 - one that does not involve bodhi updates
 - one that does

 Both proposals have a different flow for single-package update and
 multi-packages update.

 Here is what I came up with.

 Without bodhi:
 - Single package update
 Â  https://pingou.fedorapeople.org/gating_rawhide/GatingRawhide.png
 - Multi-packages update
 Â

https://pingou.fedorapeople.org/gating_rawhide/GatingRawhide_MultiplePkgs.pn...

...

 With bodhi:
 - Single package update
 Â

https://pingou.fedorapeople.org/gating_rawhide/GatingRawhide_bodhi.png

...

 - Multi-packages update
 Â

https://pingou.fedorapeople.org/gating_rawhide/GatingRawhide_MultiplePkgs_bo...

...

 Outside of this workflow things we know we want to have/keep

working:

...

 - Keep chain-build working
 Â  -> would one of the proposal facilitate that?
 - Have a way to run tests against an entire side-tag before merging

it

...

 - Have a way to ask the tools to re-check greenwave's decision (so

that

...

 false
 Â  negative can be waived and the process continued)

 mizdebsk suggested on IRC two ideas which I think would be worth

looking

...

 into
 a little bit down the road once we got the basis done:
 - new side-tag could be automatically generated from fedpkg build
 command
 - packagers could define a list of packages that should be rebuilt

in

...

 the
 Â  side-tag and when all of these packages have been successfully
 rebuilt, the
 Â  request to merge the side-tag is automatically created
 Â  This would allow to use chain-build and let the entire process be
 automated.

 What do you think?

Looking at your two(four) suggested workflows, they look very similar

...

there's just bodhi sitting between components in the second case,

acting

...

as a MITM, but not really adding anything useful compared to the case without bodhi (please correct me if I am wrong).

They are quite close indeed.

...

So, just to state my opinion (with my packager hat on), I would

prefer the

...

first case: without involving additional bodhi updates for rawhide

builds.

...

Additionally, these workflows also closely resemble the current

workflows

...

for submitting packages to rawhide, which is nice.

That is also my take on it, but including bodhi has also some benefit, one of which is that test results for rawhide and stable releases end up there instead of having test results for rawhide in src.fp.o (and bodhi for the case of multi-packages) vs bodhi for stable releases.

That's true, but I'm not sure making the update process more complicated is worth the benefit of having test results in one place.

...

Whichever direction fedora will choose in the future, I think being

able

...

to test single updates before tagging them to rawhide, and especially being able to run tests against whole side-tags

I think being able to run tests on a side-tag before request for it to be merged is a good feature, I am less sure about this for single-package. Could you expand? My take is that for single package: you build it, if tests pass it goes into rawhide (as today) if they fail, it doesn't go anywhere and as packager we can either fix the issue, waive their results and/or fix the test.

One example where running tests against a single-package update would be nice IMO would be for toolchain and base packages, for example, updates to annobin or binutils, where the answer to "Does this update break compilation with GCC?" (which could be added as a test case) would be vital in determining if the package should be pushed to rawhide or not.

Hope that makes it more clear what I meant by "it also would be nice for single-package updates".

Pierre _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-leave@lists.fedoraproject.org

On Wed, Mar 28, 2018, 15:47 Pierre-Yves Chibon pingou@pingoured.fr wrote:

On Wed, Mar 28, 2018 at 01:39:34PM +0000, Fabio Valentini wrote:

...

One example where running tests against a single-package update would

be

...

nice IMO would be for toolchain and base packages, for example,

updates to

...

annobin or binutils, where the answer to "Does this update break compilation with GCC?" (which could be added as a test case) would be vital in determining if the package should be pushed to rawhide or

not.

...

Hope that makes it more clear what I meant by "it also would be nice

for

...

single-package updates".

I think I follow you there, what I don't follow is the difference between this and the build not landing in rawhide because it failed its tests.

Or are you referring to: pre-commit testing, in other words pull-request testing?

No, that's not what I meant (although testing PRs would be nice for the future, too).

I just wanted to express that gating rawhide updates depending on test results is meaningful not only for the proposed merging of side-tags, but also for single important packages.

Knowing if pushing annobin or binutils break compiling GCC before pushing

the commit into the git repo? So, opening a PR against annobin/binutils, running the tests and if they pass then push to the git repo and build in rawhide?

If that's what you have in mind, this is definitively in the roadmap (PR testing) but will be tracked separately from gating rawhide packages since PR testing will concern all branches not just rawhide.

Pierre _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-leave@lists.fedoraproject.org

Why are you stressing MultiplePkgs vs single pkgs. Single pgk process is just subcase of multiplepkgs process.

And if you can do chain build in Rawhide, I can't see any reason why it should not be possible for stable branch.

IOW the process for Rawhide should be as close to stable version as possible. Using buildroot override for stable while using sidetags for Rawhide does not make any sense.

Vít

Dne 28.3.2018 v 12:52 Pierre-Yves Chibon napsal(a):

Good Morning Everyone,

Based on the outcome of this discussion, I started trying to draw how the process to update a package in rawhide would look like with rawhide being gated on tests.

There are currently two proposals:

• one that does not involve bodhi updates
• one that does

Both proposals have a different flow for single-package update and multi-packages update.

Here is what I came up with.

Without bodhi:

• Single package update https://pingou.fedorapeople.org/gating_rawhide/GatingRawhide.png
• Multi-packages update https://pingou.fedorapeople.org/gating_rawhide/GatingRawhide_MultiplePkgs.pn...

With bodhi:

• Single package update https://pingou.fedorapeople.org/gating_rawhide/GatingRawhide_bodhi.png
• Multi-packages update https://pingou.fedorapeople.org/gating_rawhide/GatingRawhide_MultiplePkgs_bo...

Outside of this workflow things we know we want to have/keep working:

• Keep chain-build working -> would one of the proposal facilitate that?
• Have a way to run tests against an entire side-tag before merging it
• Have a way to ask the tools to re-check greenwave's decision (so that false negative can be waived and the process continued)

mizdebsk suggested on IRC two ideas which I think would be worth looking into a little bit down the road once we got the basis done:

• new side-tag could be automatically generated from fedpkg build command
• packagers could define a list of packages that should be rebuilt in the side-tag and when all of these packages have been successfully rebuilt, the request to merge the side-tag is automatically created This would allow to use chain-build and let the entire process be automated.

What do you think?

Pierre

---

devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-leave@lists.fedoraproject.org

Dne 28.3.2018 v 19:06 Pierre-Yves Chibon napsal(a):

On Wed, Mar 28, 2018 at 06:46:50PM +0200, Vít Ondruch wrote:

...

Why are you stressing MultiplePkgs vs single pkgs. Single pgk process is just subcase of multiplepkgs process.

And because it is just a subcase, it can be simplified.

...

And if you can do chain build in Rawhide, I can't see any reason why it should not be possible for stable branch.

I'm not entirely sure where I spoke about that.

You are proposing to use side tags for chain builds, which is not how the things are done in stable branches, unless you are proposing the same changes for stable branches.

...

IOW the process for Rawhide should be as close to stable version as possible. Using buildroot override for stable while using sidetags for Rawhide does not make any sense.

I believe we already discussed this and I provided some of the drawbacks this would have.

It is sad you still see Rawhide as something completely different then stable (and stabilizing) Fedoras. Rawhide should use the same process as other branches. Only the built in timeouts should be different, e.g. by default, the package should spent no time in testing etc.

So go with buildroot overrides or sidetags, but use them everywhere. If chainbuilds are testing of mutliple packages are important for Rawhide, they are of the same importance for other branches.

And please rename this thread to "Gating packages in Fedora", because Rawhide should be just Fedora.

V.

Dne 28.3.2018 v 19:55 Pierre-Yves Chibon napsal(a):

On Wed, Mar 28, 2018 at 07:34:51PM +0200, Vít Ondruch wrote:

...

And please rename this thread to "Gating packages in Fedora", because Rawhide should be just Fedora.

You do realize that there is already gating in place for stable releases right?

Yes I do.

So no this thread is specifically about rawhide.

And I want the same gating for Rawhide. Just the timing should be different.

V.

Le 2018-03-28 12:52, Pierre-Yves Chibon a écrit :

Hi

With bodhi:

• Single package update

https://pingou.fedorapeople.org/gating_rawhide/GatingRawhide_bodhi.png

• Multi-packages update

Not terribly fond of anything that offloads multi-build intellignece coordination on packagers, forcing everyone that needs multi-build to either do lots of manual operations, to reinvent its own local tooling, or just give up on some updates.

The correct packager-friendly way to do it is

eat-this <list of srpms> → ok/nok

With the tooling chain-building <list of srpms>, automatically applying boostrap sections when present, automatically rebuilding everything in the set against the final state of other parts of the set, and applying integration tests to the end result and not to the intermediary steps.

And it should not matter if <list of srpms> has a count of one or many.

Anything that posits list of srpms is a special case that can be bolted on the single srpm is broken by design and produces broken packaging, because people will try to workaround tooling defects by stashing everything in a single srpm to make tools happy.

(that's also a huge defect our the review workflow, unbundle and produce a clean and maintenable set of packages → lots of review and tooling misery, keep it all in a single srpm → no problems)

Regards,