You are browsing a read-only backup copy of Wikitech. The live site can be found at wikitech.wikimedia.org

Debian Glue: Difference between revisions

From Wikitech-static
Jump to navigation Jump to search
imported>Hashar
(bunch of basic documentation)
 
imported>Hashar
(document support for multiple distributions)
 
Line 1: Line 1:
We have Jenkins jobs able to build a Debian package in a cowbuilder image. The job uses a serie of shell wrapper which streamline the environment setup and debian toolchain: http://jenkins-debian-glue.org/.
We have Jenkins jobs able to build a Debian package in a cowbuilder image. The jobs use a serie of shell wrapper which streamline the environment setup and debian toolchain: http://jenkins-debian-glue.org/.


As of September 2016, the jobs are running on Jessie jenkins agents. cobuilder images are provisioned by our Puppet modules <code>package_builder</code> which:
The jobs are running on dedicated Jenkins agents hosted on WMCS. They come with cowbuilder images provisioned by our Puppet modules <code>package_builder</code> which:
* create images for the distribution we care about (ex: trusty, jessie, unstable)
* create images for the distribution we care about (ex: trusty, jessie, unstable)
* auto update the images on a daily basis
* auto update the images on a daily basis
* provides hook to support injecting apt.wikimedia.org components and the jessie-backports
* provides hook to support injecting apt.wikimedia.org components and the <release>-backports distribution (example: buster-backports).


For Gerrit repositories having Debian packages, the Jenkins job is registered in Zuul workflow to trigger:
For Gerrit repositories having Debian packages, the Jenkins job is registered in Zuul workflow to trigger:
Line 15: Line 15:
</syntaxhighlight>
</syntaxhighlight>


Will cause any patchset proposed to that Gerrit repository to trigger the Jenkins job <code>debian-glue</code>. The job:
It instructs CI to run the <code>debian-glue</code> job for any patchset proposed to that Gerrit repository. '''But it only triggers if the change touches a file under the <code>debian</code> directory. The job then:
* clone the repository
* clones the repository
* checkout the patch merged against tip of the branch
* checkouts the patch that has been merged by CI against the tip of the targeted branch
* set <code>distribution</code> to the distribution mentioned in <code>debian/changelog</code>
* sets <code>distribution</code> to the distribution mentioned in <code>debian/changelog</code> (see [#distributions] below).
* invoke Jenkins Debian Glue.
* invokes Jenkins Debian Glue.


Jenkins Debian Glue will set <code>DIST</code> based on <code>distribution</code>. Then trigger the build process in the matching cowbuilder image. When pbuilder is run, the Wikimedia hooks are invoked and whenever the <code>debian/changelog</code> distribution is suffixed with <code>-wikimedia</code>, Wikimedia more specific components (eg: thirdparty) will be added.
Jenkins Debian Glue will set <code>DIST</code> based on <code>distribution</code>. Then it triggers the build process in the matching cowbuilder image. When <code>pbuilder</code> is run, the Wikimedia hooks are invoked and whenever the <code>debian/changelog</code> distribution is suffixed with <code>-wikimedia</code>, Wikimedia more specific components (eg: thirdparty) will be added.


As of September 2016, setting <code>BACKPORTS</code> to inject the Ubuntu updates component or Debian backports components is NOT SUPPORTED.


Specific env variables can be injected by Zuul. This is done by altering a python script executed by Zuul whenever it triggers  a job.  Example as of September 2016:
Specific env variables can be injected by Zuul. This is done by altering a python script executed by Zuul whenever it triggers  a job. That can be used to set <code>BACKPORTS</code> which instruct our hooks to inject the release-backports components, tweak the build timeout with <code>BUILD_TIMEOUT</code> or pass <code>DEB_BUILD_OPTIONS</code>.  Example as of May 2020:
; integration/config.git /zuul/parameter_functions.py
; integration/config.git /zuul/parameter_functions.py
<syntaxhighlight lang=python>
<syntaxhighlight lang=python>
if 'debian-glue' in job.name:
    if 'debian-glue' in job.name:
    # Always set the value to be safe (T144094)
 
    params['BUILD_TIMEOUT'] = 30  # minutes
        # XXX
    # Finely tweak jenkins-debian-glue parameters
        # When adding new paramters, make sure the env variable is added as an
    if params['ZUUL_PROJECT'] == 'integration/zuul':
        # env_keep in the sudo policy:
        # Uses dh_virtualenv which needs access to pypy.python.org
        # https://horizon.wikimedia.org/project/sudo/
        params['PBUILDER_USENETWORK'] = 'yes'
        #
         params['DEB_BUILD_OPTIONS'] = 'nocheck'
 
    elif (params['ZUUL_PROJECT'] ==
        if 'nocheck' in job.name:
             'operations/debs/contenttranslation/giella-sme'):
            params['DEB_BUILD_OPTIONS'] = 'nocheck'
        # Heavy build T143546
        if 'backports' in job.name:  # T173999
        params['BUILD_TIMEOUT'] = 180  # minutes
            params['BACKPORTS'] = 'yes'
        # Always set the value to be safe (T144094)
        params['BUILD_TIMEOUT'] = 30  # minutes
        # Finely tweak jenkins-debian-glue parameters
        if params['ZUUL_PROJECT'] == 'integration/zuul':
            # Uses dh_virtualenv which needs access to pypy.python.org
            params['PBUILDER_USENETWORK'] = 'yes'
         elif (params['ZUUL_PROJECT'] == 'operations/debs/varnish4'):
            # VTC tests take forever
            params['BUILD_TIMEOUT'] = 60  # minutes
            params['DEB_BUILD_OPTIONS'] = 'parallel=12'
        elif (params['ZUUL_PROJECT']
              == 'operations/software/varnish/varnishkafka'):
            # needed for librdkafka1 >= 0.11.5
            params['BACKPORTS'] = 'yes'
        elif (params['ZUUL_PROJECT'] == 'operations/software/atskafka'):
            # needed by go build to access gopkg.in
            params['PBUILDER_USENETWORK'] = 'yes'
        elif (params['ZUUL_PROJECT'] == 'operations/debs/trafficserver'):
            # Building ATS takes a while
            params['BUILD_TIMEOUT'] = 60  # minutes
            # Backports needed on stretch for libbrotli-dev and a recent
            # debhelper version (>= 11)
             params['BACKPORTS'] = 'yes'
        elif (params['ZUUL_PROJECT']
              == 'operations/debs/contenttranslation/giella-sme'):
            # Heavy build T143546
            params['BUILD_TIMEOUT'] = 180  # minutes
</syntaxhighlight>
</syntaxhighlight>


Line 65: Line 91:
| <code>DEB_BUILD_OPTIONS</code> || Defined by Debian Policy, let you change behavior of the build process if proper support is added in <code>debian/rules</code>. A typical example is to bypass tests: <code>DEB_BUILD_OPTIONS=nocheck</code>. If needed, must be injected by Zuul.
| <code>DEB_BUILD_OPTIONS</code> || Defined by Debian Policy, let you change behavior of the build process if proper support is added in <code>debian/rules</code>. A typical example is to bypass tests: <code>DEB_BUILD_OPTIONS=nocheck</code>. If needed, must be injected by Zuul.
|}
|}
== distributions ==
Jenkins debian glue parses the <code>debian/changelog</code> to find the target distribution. When the changelog entry targets <code>UNRELEASED</code>, CI picks the distribution from the previous changelog entry.
In some case ones want to set both <code>WIKIMEDIA</code> and <code>BACKPORTS</code>, but both can not be set in the changelog entry. Our convention is to suffix the distribution with <code>-wikimedia</code> in the changelog and then trigger the more specific job <code>debian-glue-backports</code> which cause CI to set <code>BACKPORT=yes</code>.
Some repository want a single branch to support multiple distributions. We thus have a set of jobs that hardcode the distribution and do not extract it from <code>debian/changelog</code>. Examples:
* debian-glue-stretch
* debian-glue-buster
* debian-glue-unstable
This is example for <code>labs/toollabs</code> which in </code>zuul/layout.yaml</code> has:
<syntaxhighlight lang=yaml>
  - name: labs/toollabs
    test:
    # Single branch supporting multiple distributions T210780
      - debian-glue-unstable
      - debian-glue-stretch
      - debian-glue-buster
    gate-and-submit:
      - debian-glue-unstable
      - debian-glue-stretch
      - debian-glue-buster
</syntaxhighlight>


== References ==
== References ==

Latest revision as of 16:01, 25 May 2020

We have Jenkins jobs able to build a Debian package in a cowbuilder image. The jobs use a serie of shell wrapper which streamline the environment setup and debian toolchain: http://jenkins-debian-glue.org/.

The jobs are running on dedicated Jenkins agents hosted on WMCS. They come with cowbuilder images provisioned by our Puppet modules package_builder which:

  • create images for the distribution we care about (ex: trusty, jessie, unstable)
  • auto update the images on a daily basis
  • provides hook to support injecting apt.wikimedia.org components and the <release>-backports distribution (example: buster-backports).

For Gerrit repositories having Debian packages, the Jenkins job is registered in Zuul workflow to trigger:

integration/config.git /zuul/layout.yaml
  - name: operations/debs/contenttranslation/apertium
      test:
         - 'debian-glue'

It instructs CI to run the debian-glue job for any patchset proposed to that Gerrit repository. But it only triggers if the change touches a file under the debian directory. The job then:

  • clones the repository
  • checkouts the patch that has been merged by CI against the tip of the targeted branch
  • sets distribution to the distribution mentioned in debian/changelog (see [#distributions] below).
  • invokes Jenkins Debian Glue.

Jenkins Debian Glue will set DIST based on distribution. Then it triggers the build process in the matching cowbuilder image. When pbuilder is run, the Wikimedia hooks are invoked and whenever the debian/changelog distribution is suffixed with -wikimedia, Wikimedia more specific components (eg: thirdparty) will be added.


Specific env variables can be injected by Zuul. This is done by altering a python script executed by Zuul whenever it triggers a job. That can be used to set BACKPORTS which instruct our hooks to inject the release-backports components, tweak the build timeout with BUILD_TIMEOUT or pass DEB_BUILD_OPTIONS. Example as of May 2020:

integration/config.git /zuul/parameter_functions.py
    if 'debian-glue' in job.name:

        # XXX
        # When adding new paramters, make sure the env variable is added as an
        # env_keep in the sudo policy:
        # https://horizon.wikimedia.org/project/sudo/
        #

        if 'nocheck' in job.name:
            params['DEB_BUILD_OPTIONS'] = 'nocheck'
        if 'backports' in job.name:  # T173999
            params['BACKPORTS'] = 'yes'
        # Always set the value to be safe (T144094)
        params['BUILD_TIMEOUT'] = 30  # minutes
        # Finely tweak jenkins-debian-glue parameters
        if params['ZUUL_PROJECT'] == 'integration/zuul':
            # Uses dh_virtualenv which needs access to pypy.python.org
            params['PBUILDER_USENETWORK'] = 'yes'
        elif (params['ZUUL_PROJECT'] == 'operations/debs/varnish4'):
            # VTC tests take forever 
            params['BUILD_TIMEOUT'] = 60  # minutes
            params['DEB_BUILD_OPTIONS'] = 'parallel=12'
        elif (params['ZUUL_PROJECT']
              == 'operations/software/varnish/varnishkafka'):
            # needed for librdkafka1 >= 0.11.5
            params['BACKPORTS'] = 'yes'
        elif (params['ZUUL_PROJECT'] == 'operations/software/atskafka'):
            # needed by go build to access gopkg.in
            params['PBUILDER_USENETWORK'] = 'yes'
        elif (params['ZUUL_PROJECT'] == 'operations/debs/trafficserver'):
            # Building ATS takes a while
            params['BUILD_TIMEOUT'] = 60  # minutes
            # Backports needed on stretch for libbrotli-dev and a recent
            # debhelper version (>= 11)
            params['BACKPORTS'] = 'yes'
        elif (params['ZUUL_PROJECT']
              == 'operations/debs/contenttranslation/giella-sme'):
            # Heavy build T143546
            params['BUILD_TIMEOUT'] = 180  # minutes

Since the build is done with a sudo cowbuilder, each new environment variable has to be whitelisted in the sudo policy of the integration labs project.

Non exhaustive list as of September 2016:


Env Description
DEB_* ???
DIST Distribution used by cowbuilder, pbuilder and Wikimedia pbuilder hook
ARCH Architecture (i386, amd64)
BUILDRESULT Debian glue setting
distribution Debian glue setting. Set by the job to the distribution in debian/changelog
WORKSPACE Base directory of the Jenkins job. Set by Jenkins.
DEB_BUILD_OPTIONS  Defined by Debian Policy, let you change behavior of the build process if proper support is added in debian/rules. A typical example is to bypass tests: DEB_BUILD_OPTIONS=nocheck. If needed, must be injected by Zuul.

distributions

Jenkins debian glue parses the debian/changelog to find the target distribution. When the changelog entry targets UNRELEASED, CI picks the distribution from the previous changelog entry.

In some case ones want to set both WIKIMEDIA and BACKPORTS, but both can not be set in the changelog entry. Our convention is to suffix the distribution with -wikimedia in the changelog and then trigger the more specific job debian-glue-backports which cause CI to set BACKPORT=yes.

Some repository want a single branch to support multiple distributions. We thus have a set of jobs that hardcode the distribution and do not extract it from debian/changelog. Examples:

  • debian-glue-stretch
  • debian-glue-buster
  • debian-glue-unstable

This is example for labs/toollabs which in zuul/layout.yaml has: 

  - name: labs/toollabs
    test:
     # Single branch supporting multiple distributions T210780
      - debian-glue-unstable
      - debian-glue-stretch
      - debian-glue-buster
    gate-and-submit:
      - debian-glue-unstable
      - debian-glue-stretch
      - debian-glue-buster


References

Retrieved from "https://wikitech-static.wikimedia.org/w/index.php?title=Debian_Glue&oldid=481997"