Have a dedicated lockfile updater for testing-devel and next-devel #293
Labels
jira
for syncing to jira
Comments
|
Also need to watch for coreos-koji-tagger integration: coreos/fedora-coreos-releng-automation#32 |
A few questions:
|
This would be the Jenkins CI which already runs on PRs right now, not fedora-coreos-pipeline. They're related though, because we'll want to share much more between those to make gating more meaningful.
Hmm, maybe. Though it'd only be one branch per "locked" stream, so e.g. |
jlebon
added a commit
to jlebon/fedora-coreos-releng-automation
that referenced
this issue
Oct 8, 2019
This is meant to address a smarter way to bump lockfiles. See: coreos/fedora-coreos-tracker#293 Only supports `git push` for now. Working on making that smarter.
jlebon
added a commit
to jlebon/fedora-coreos-releng-automation
that referenced
this issue
Oct 8, 2019
This is meant to address a smarter way to bump lockfiles. See: coreos/fedora-coreos-tracker#293 Only supports `git push` for now. Working on making that smarter.
jlebon
added a commit
to jlebon/fedora-coreos-releng-automation
that referenced
this issue
Oct 8, 2019
This is meant to address a smarter way to bump lockfiles. See: coreos/fedora-coreos-tracker#293 Only supports `git push` for now. Working on making that smarter.
+1 - I think I'd much prefer using a fork! |
jlebon
added a commit
to jlebon/fedora-coreos-config
that referenced
this issue
Oct 9, 2019
coreos/fedora-coreos-tracker#290 The fix for this was merged, but it'll be some time before it makes it to the stable repos. This is a temporary hack to get updates going again into FCOS. Working on a cleaner approach to this in: coreos/fedora-coreos-tracker#293
jlebon
added a commit
to coreos/fedora-coreos-config
that referenced
this issue
Oct 9, 2019
coreos/fedora-coreos-tracker#290 The fix for this was merged, but it'll be some time before it makes it to the stable repos. This is a temporary hack to get updates going again into FCOS. Working on a cleaner approach to this in: coreos/fedora-coreos-tracker#293
jlebon
added a commit
to jlebon/fedora-coreos-config
that referenced
this issue
Nov 8, 2019
As discussed in coreos#104, we don't actually want the bodhi-updates stream to pull in newer packages from the pool. That said, bodhi-updates also current acts as our lockfile updater in testing-devel, so it's crucial that it keeps working. We're working to decouple that, see: coreos/fedora-coreos-tracker#293 coreos/fedora-coreos-releng-automation#48 But for now, the updates must flow...
jlebon
added a commit
to coreos/fedora-coreos-config
that referenced
this issue
Nov 8, 2019
As discussed in #104, we don't actually want the bodhi-updates stream to pull in newer packages from the pool. That said, bodhi-updates also current acts as our lockfile updater in testing-devel, so it's crucial that it keeps working. We're working to decouple that, see: coreos/fedora-coreos-tracker#293 coreos/fedora-coreos-releng-automation#48 But for now, the updates must flow...
jlebon
added a commit
to jlebon/fedora-coreos-config
that referenced
this issue
Apr 7, 2020
So... one thing I just realized is that now that we have a bunch of f32 packages in the pool, we really can't have `bodhi-updates` picking up packages from there unlocked. So this is sort of forcing our hand to get coreos/fedora-coreos-tracker#293 fixed very soon so that we can unblock package bumps again. As a first step and to prevent `testing-devel` ending up with a bunch of f32 packages, let's remove the pool from the list of repos here.
jlebon
added a commit
to coreos/fedora-coreos-config
that referenced
this issue
Apr 7, 2020
So... one thing I just realized is that now that we have a bunch of f32 packages in the pool, we really can't have `bodhi-updates` picking up packages from there unlocked. So this is sort of forcing our hand to get coreos/fedora-coreos-tracker#293 fixed very soon so that we can unblock package bumps again. As a first step and to prevent `testing-devel` ending up with a bunch of f32 packages, let's remove the pool from the list of repos here.
|
OK the relevant patches here are: coreos/rpm-ostree#2058 With those, we'll be able to make the updater code in coreos/fedora-coreos-releng-automation#48 simply just do |
jlebon
changed the title
jlebon
added a commit
to jlebon/coreos-assembler
that referenced
this issue
Apr 22, 2020
I'm working on a lockfile updater[1], and I'd like it to just be able to do `cosa fetch --update-lockfile` the same way a human would. This normally would run `rpm-ostree compose tree` without passing any lockfiles and blocking out the pool so that all packages come from the base repo. Sadly, that doesn't currently work for FCOS right now we have an override for crypto-policies from f32 so that we don't pull in Python, and also have an `exclude-packages` for Python. Which means that without the f32 crypto-policies, we can't get a depsolve from just the base f31 repos. (This is the same issue that killed bodhi-updates[2].) As a short-term hack, just include the overrides for now. This dillutes the meaning of a "base" lockfile of course, because it will now will include the same packages as the overrides. We can drop this hack once we move to f32, though I have some ideas too on how to solve this more correctly. [1] coreos/fedora-coreos-tracker#293 [2] coreos/fedora-coreos-config#335 (comment)
jlebon
added a commit
to jlebon/coreos-assembler
that referenced
this issue
Apr 22, 2020
I'm working on a lockfile updater[1], and I'd like it to just be able to do `cosa fetch --update-lockfile` the same way a human would. This normally would run `rpm-ostree compose tree` without passing any lockfiles and blocking out the pool so that all packages come from the base repo. Sadly, that doesn't currently work for FCOS right now because we have an override for crypto-policies from f32 so that we don't pull in Python. And because we also have an `exclude-packages` for Python, without the f32 crypto-policies, we can't get a depsolve from just the base f31 repos. (This is the same issue that killed bodhi-updates[2].) As a short-term hack, just include the overrides for now. This dillutes the meaning of a "base" lockfile of course, because it will now will include the same packages as the overrides. We can drop this hack once we move to f32, though I have some ideas too on how to solve this more correctly. [1] coreos/fedora-coreos-tracker#293 [2] coreos/fedora-coreos-config#335 (comment)
jlebon
added a commit
to jlebon/coreos-assembler
that referenced
this issue
Apr 22, 2020
I'm working on a lockfile updater[1], and I'd like it to just be able to do `cosa fetch --update-lockfile` the same way a human would. This normally would run `rpm-ostree compose tree` without passing any lockfiles and blocking out the pool so that all packages come from the base repo. Sadly, that doesn't currently work for FCOS right now because we have an override for crypto-policies from f32 so that we don't pull in Python. And because we also have an `exclude-packages` for Python, without the f32 crypto-policies, we can't get a depsolve from just the base f31 repos. (This is the same issue that killed bodhi-updates[2].) As a short-term hack, just include the overrides for now. This dillutes the meaning of a "base" lockfile of course, because it will now include the packages from the overrides. I don't think this really matters for now though (it does make the checking for whether overrides are still needed harder, but I'd like to automate dropping overrides eventually too). Anyway, we can drop this hack once we move to f32, though I have some ideas too on how to solve this more correctly. [1] coreos/fedora-coreos-tracker#293 [2] coreos/fedora-coreos-config#335 (comment)
openshift-merge-robot
pushed a commit
to coreos/coreos-assembler
that referenced
this issue
Apr 23, 2020
I'm working on a lockfile updater[1], and I'd like it to just be able to do `cosa fetch --update-lockfile` the same way a human would. This normally would run `rpm-ostree compose tree` without passing any lockfiles and blocking out the pool so that all packages come from the base repo. Sadly, that doesn't currently work for FCOS right now because we have an override for crypto-policies from f32 so that we don't pull in Python. And because we also have an `exclude-packages` for Python, without the f32 crypto-policies, we can't get a depsolve from just the base f31 repos. (This is the same issue that killed bodhi-updates[2].) As a short-term hack, just include the overrides for now. This dillutes the meaning of a "base" lockfile of course, because it will now include the packages from the overrides. I don't think this really matters for now though (it does make the checking for whether overrides are still needed harder, but I'd like to automate dropping overrides eventually too). Anyway, we can drop this hack once we move to f32, though I have some ideas too on how to solve this more correctly. [1] coreos/fedora-coreos-tracker#293 [2] coreos/fedora-coreos-config#335 (comment)
jlebon
added a commit
to jlebon/fedora-coreos-pipeline
that referenced
this issue
May 1, 2020
This job will implement lockfile bumping for testing-devel and next-devel: coreos/fedora-coreos-tracker#293. The original plan for this functionality was to have it in config-bot: coreos/fedora-coreos-releng-automation#48 But in the end, I think it's more natural to have it as a Jenkins job given that it does a lot of the same things as the pipeline/upstream CI jobs. So that way it looks and feels just like another job that runs cosa, and we get kola artifacts, we can re-use the shared library, it's easily inspectable, we can hook it to Slack, etc...
jlebon
added a commit
to jlebon/fedora-coreos-pipeline
that referenced
this issue
May 1, 2020
This job will implement lockfile bumping for testing-devel and next-devel: coreos/fedora-coreos-tracker#293. The original plan for this functionality was to have it in config-bot: coreos/fedora-coreos-releng-automation#48 But in the end, I think it's more natural to have it as a Jenkins job given that it does a lot of the same things as the pipeline/upstream CI jobs. So that way it looks and feels just like another job that runs cosa, and we get kola artifacts, we can re-use the shared library, it's easily inspectable, we can hook it to Slack, etc...
jlebon
added a commit
to jlebon/fedora-coreos-pipeline
that referenced
this issue
May 1, 2020
This job will implement lockfile bumping for testing-devel and next-devel: coreos/fedora-coreos-tracker#293. The original plan for this functionality was to have it in config-bot: coreos/fedora-coreos-releng-automation#48 But in the end, I think it's more natural to have it as a Jenkins job given that it does a lot of the same things as the pipeline/upstream CI jobs. So that way it looks and feels just like another job that runs cosa, and we get kola artifacts, we can re-use the shared library, it's easily inspectable, we can hook it to Slack, etc...
jlebon
added a commit
to jlebon/fedora-coreos-pipeline
that referenced
this issue
May 1, 2020
This job will implement lockfile bumping for testing-devel and next-devel: coreos/fedora-coreos-tracker#293. The original plan for this functionality was to have it in config-bot: coreos/fedora-coreos-releng-automation#48 But in the end, I think it's more natural to have it as a Jenkins job given that it does a lot of the same things as the pipeline/upstream CI jobs. So that way it looks and feels just like another job that runs cosa, and we get kola artifacts, we can re-use the shared library, it's easily inspectable, we can hook it to Slack, etc...
jlebon
added a commit
to jlebon/fedora-coreos-pipeline
that referenced
this issue
May 1, 2020
This job will implement lockfile bumping for testing-devel and next-devel: coreos/fedora-coreos-tracker#293. The original plan for this functionality was to have it in config-bot: coreos/fedora-coreos-releng-automation#48 But in the end, I think it's more natural to have it as a Jenkins job given that it does a lot of the same things as the pipeline/upstream CI jobs. So that way it looks and feels just like another job that runs cosa, and we get kola artifacts, we can re-use the shared library, it's easily inspectable, we can hook it to Slack, etc...
jlebon
added a commit
to jlebon/fedora-coreos-pipeline
that referenced
this issue
May 1, 2020
This job will implement lockfile bumping for testing-devel and next-devel: coreos/fedora-coreos-tracker#293. The original plan for this functionality was to have it in config-bot: coreos/fedora-coreos-releng-automation#48 But in the end, I think it's more natural to have it as a Jenkins job given that it does a lot of the same things as the pipeline/upstream CI jobs. So that way it looks and feels just like another job that runs cosa, and we get kola artifacts, we can re-use the shared library, it's easily inspectable, we can hook it to Slack, etc...
jlebon
added a commit
to jlebon/fedora-coreos-pipeline
that referenced
this issue
May 4, 2020
This job will implement lockfile bumping for testing-devel and next-devel: coreos/fedora-coreos-tracker#293. The original plan for this functionality was to have it in config-bot: coreos/fedora-coreos-releng-automation#48 But in the end, I think it's more natural to have it as a Jenkins job given that it does a lot of the same things as the pipeline/upstream CI jobs. So that way it looks and feels just like another job that runs cosa, and we get kola artifacts, we can re-use the shared library, it's easily inspectable, we can hook it to Slack, etc...
jlebon
added a commit
to jlebon/fedora-coreos-pipeline
that referenced
this issue
May 4, 2020
This job will implement lockfile bumping for testing-devel and next-devel: coreos/fedora-coreos-tracker#293. The original plan for this functionality was to have it in config-bot: coreos/fedora-coreos-releng-automation#48 But in the end, I think it's more natural to have it as a Jenkins job given that it does a lot of the same things as the pipeline/upstream CI jobs. So that way it looks and feels just like another job that runs cosa, and we get kola artifacts, we can re-use the shared library, it's easily inspectable, we can hook it to Slack, etc...
jlebon
added a commit
to jlebon/fedora-coreos-pipeline
that referenced
this issue
May 4, 2020
This job will implement lockfile bumping for testing-devel and next-devel: coreos/fedora-coreos-tracker#293. The original plan for this functionality was to have it in config-bot: coreos/fedora-coreos-releng-automation#48 But in the end, I think it's more natural to have it as a Jenkins job given that it does a lot of the same things as the pipeline/upstream CI jobs. So that way it looks and feels just like another job that runs cosa, and we get kola artifacts, we can re-use the shared library, it's easily inspectable, we can hook it to Slack, etc...
jlebon
added a commit
to jlebon/fedora-coreos-pipeline
that referenced
this issue
May 4, 2020
This job will implement lockfile bumping for testing-devel and next-devel: coreos/fedora-coreos-tracker#293. The original plan for this functionality was to have it in config-bot: coreos/fedora-coreos-releng-automation#48 But in the end, I think it's more natural to have it as a Jenkins job given that it does a lot of the same things as the pipeline/upstream CI jobs. So that way it looks and feels just like another job that runs cosa, and we get kola artifacts, we can re-use the shared library, it's easily inspectable, we can hook it to Slack, etc...
jlebon
added a commit
to coreos/fedora-coreos-pipeline
that referenced
this issue
May 5, 2020
This job will implement lockfile bumping for testing-devel and next-devel: coreos/fedora-coreos-tracker#293. The original plan for this functionality was to have it in config-bot: coreos/fedora-coreos-releng-automation#48 But in the end, I think it's more natural to have it as a Jenkins job given that it does a lot of the same things as the pipeline/upstream CI jobs. So that way it looks and feels just like another job that runs cosa, and we get kola artifacts, we can re-use the shared library, it's easily inspectable, we can hook it to Slack, etc...
|
This was fixed by coreos/fedora-coreos-pipeline#229. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
In #290, we discussed that the current model of inheriting the lockfile from
bodhi-updatesis limiting because it means that any regression causestesting-develto stop consuming all updates. Instead, we should have the ability to freeze troublesome packages and keep consuming everything else.One mentioned solution was to instead have a dedicated lockfile bumper. At which point,
bodhi-updatesreally just becomes a way to track FCOS - overrides.And of course, we really want the lockfile bump workflow to be CI gated. But having daily/multiple PRs per day would probably get noisy and tiring fast. So one middle ground here is something like this:
testing-develcosa fetch --update-lockfiletesting-devel-stagingtesting-devel(obviously being careful to handle races)@dustymabe mentioned also we could make it always open a PR under certain conditions, such as if some packages are added or dropped.
The text was updated successfully, but these errors were encountered: