--- include: - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/salsa-ci.yml - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/pipeline-jobs.yml variables: # don't bother with irrelevant tests SALSA_CI_DISABLE_BUILD_PACKAGE_I386: 1 SALSA_CI_DISABLE_BLHC: 1 SALSA_CI_DISABLE_CROSSBUILD_ARM64: 1 # In the normal pipeline, we run `build` as usual, and then provide a # `Test with openQA` job for launching some openQA tests of the mini-ISO # result. (on salsa, building anything more than a mini-ISO exceeds limits) # # If this pipeline is triggered from a `branch2repo` based job, the mini-ISO we # build should include udebs found in the parent pipeline's `aptly` job. The job # that does this is called `mini-ISO` and conditionally replaces `build` in the # pipeline. # # `$CI_PIPELINE_SOURCE` is checked to see which scenario we're in, as it should # only be set to `"parent_pipeline"` when triggered by a branch2repo parent # pipeline. .di-build-definition: extends: .build-package variables: # gen-sources.list.udeb does not grok deb822 format (as used on salsa), # so we need this to tell the build from where to get udebs: MIRROR: "http://deb.debian.org/debian" before_script: - export after_script: - | for BUILD_JOB_ISO in $(realpath --relative-base=. $WORKING_DIR)/*.iso; do break; done cat >> ${CI_PROJECT_DIR}/salsa.env <<-EOF BUILD_JOB_URL=$CI_JOB_URL BUILD_JOB_ISO=$BUILD_JOB_ISO BUILD_JOB_DEBIAN_BUILD_ID=$(echo $BUILD_JOB_ISO|sed -nE 's%.*/debian-(.*)-gtkmini.iso%\1%p') EOF - head -v ${CI_PROJECT_DIR}/salsa.env extract-source: extends: .provisioning-extract-source after_script: - export - head -v ${CI_PROJECT_DIR}/salsa.env - | set -x source ${CI_PROJECT_DIR}/salsa.env # Make sure that we don't exceed salsa's artifact limit when building in CI cat >> ${CI_PROJECT_DIR}/salsa.env <<-EOF BUILD_TARGETS=build_netboot-gtk ADDITIONAL_BUILD_PRODUCT=miniiso EOF arch=$(dpkg-architecture -qDEB_HOST_ARCH) cfg_abi=$(sed -ne 's/^LINUX_KERNEL_ABI\s*?=\s*\([0-9.-]*\)\s*$/\1/p' ${WORKING_DIR}/${SOURCE_DIR}/build/config/common) # use available rather than configured ABI when things are skewed (allowing salsa builds to continue working) avail_abi=$(apt-cache show linux-headers-${arch}/${RELEASE} | sed -ne 's/Depends: linux-headers-\([0-9.-]*\)-amd64.*$/\1/p') if [ "${avail_abi}" != "${cfg_abi}" ]; then printf "warning: Using available ABI (%s) instead of the one set in the source (%s)\n" "$avail_abi" "$cfg_abi" sed -i -e "1 s/)/+ABI~${avail_abi/-/\~})/;1 a \ \n [ Salsa-CI ]\n * WARNING: automatically modified to use ABI = ${avail_abi}\n This needs to be updated in the source to work for normal builds" ${WORKING_DIR}/${SOURCE_DIR}/debian/changelog sed -i -E "s/^(\s*linux-image-)${cfg_abi}/\1${avail_abi}/" ${WORKING_DIR}/${SOURCE_DIR}/debian/control echo "LINUX_KERNEL_ABI=${avail_abi}" >> ${CI_PROJECT_DIR}/salsa.env # check for unsigned version of configured ABI if apt-cache show linux-image-${avail_abi}-${arch} | grep -q 'No packages found'; then printf "warning: Using unsigned kernel, as the signed kernel has not yet been released\n" sed -i -e "1 s/)/+unsigned)/;/Salsa-CI/ a \ * WARNING: automatically modified to build-depend upon the unsigned kernel while we await the signed version" ${WORKING_DIR}/${SOURCE_DIR}/debian/changelog sed -i -E "s/^(\s*linux-image-${avail_abi}-\S*\b)/\1-unsigned/" ${WORKING_DIR}/${SOURCE_DIR}/debian/control echo "LINUX_KERNEL_UNSIGNED=1" >> ${CI_PROJECT_DIR}/salsa.env fi fi - head -v ${CI_PROJECT_DIR}/salsa.env build: extends: .di-build-definition rules: - if: $CI_PIPELINE_SOURCE == "parent_pipeline" when: never - when: on_success # no need for us to build source or aptly when running under branch2repo aptly: extends: .publish-aptly rules: - if: $APTLY_REPO when: never - !reference [.publish-aptly, rules] build source: extends: .build-source-only rules: - if: $APTLY_REPO == null mini-ISO: extends: .di-build-definition rules: - if: $CI_PIPELINE_SOURCE != "parent_pipeline" when: never - if: $APTLY_REPO variables: # this variable setting is available to debian/rules: build-image: make PRESEED: $CI_PROJECT_DIR/devel_repo_preseed.cfg - when: on_success before_script: - export - | if [ "$APTLY_REPO" ]; then # decode & save the repo's base64-encoded key keyfile=/usr/share/keyrings/salsaCI_aptly_tmp_key.gpg printf '%s' "$APTLY_REPO_KEY_BASE64" | base64 -d > "$keyfile" # create a sources.list.udeb.local so that the aptly repo gets used at build time. # FIXME: the deb.debian.org line should probably be generated from /etc/apt/sources.list** cat > $WORKING_DIR/source_dir/build/sources.list.udeb.local <<-EOF # created in salsa-ci.yml:build:before_script in order to add aptly repo as an extra source deb [trusted=yes] copy:$WORKING_DIR/source_dir/build/ localudebs/ deb http://deb.debian.org/debian unstable main/debian-installer deb [signed-by=$keyfile] $APTLY_REPO/debian-installer EOF # I'm not sure if we want to put this repo into the salsa-CI job's sources or not # I guess one might want to test that a new version works here too? # If gen-sources.list.udeb learns about signed-by, # doing the following might also be a cleaner option than the above .local: #echo "deb [signed-by=$keyfile] $APTLY_REPO" > /etc/apt/sources.list.d/salsaCI_aptly_tmp_repo.list # also create a preseed file that will enable the use of the aptly repo in the created mini-ISO cat > "$PRESEED" <<-EOF d-i auto-install/cloak_initrd_preseed boolean true d-i apt-setup/_DEVEL_/comment string NOT FOR PRODUCTION USE! (preseed: apt-setup/_DEVEL_/...) d-i apt-setup/_DEVEL_/repository string $APTLY_REPO d-i apt-setup/_DEVEL_/key string base64://$APTLY_REPO_KEY_BASE64 EOF fi .openqa-link-definition: stage: test inherit: variables: false variables: OQA_ISO_URL: '$BUILD_JOB_URL/artifacts/raw/$BUILD_JOB_ISO' OQA_ISO: 'salsa-$CI_PIPELINE_ID-gtk-mini.iso' OQA_BUILD: '-salsa-$CI_PIPELINE_ID:$CI_PROJECT_PATH:$CI_COMMIT_REF_NAME' OQA_CI_PIPELINE_URL: '$CI_SERVER_URL/$CI_PROJECT_PATH/-/pipelines/$CI_PIPELINE_ID' # OQA_SALSA_RESULT_LINK: "$CI_API_V4_URL/projects/$CI_PROJECT_ID/statuses/$CI_COMMIT_SHA?pipeline_id=$CI_PIPELINE_ID&name=openqa&target_url=:target_url&state=:state" CLONE_NAME_SUFFIX: '$CI_PROJECT_NAMESPACE-$CI_COMMIT_REF_SLUG' OQA_JOBSTOCLONE: $DI_OQA_JOBSTOCLONE OQA_CLONE_EXTRA_ARGS: $DI_OQA_CLONE_EXTRA_ARGS trigger: project: $GITLAB_USER_LOGIN/openqa-link Test with openQA: extends: .openqa-link-definition rules: - if: $CI_PIPELINE_SOURCE == "parent_pipeline" when: never - when: manual variables: OPENQALINK_MANUALLY_TRIGGERED: 1 needs: - job: build artifacts: true openqa-link: extends: .openqa-link-definition rules: - if: $CI_PIPELINE_SOURCE != "parent_pipeline" when: never - when: on_success needs: - job: mini-ISO artifacts: true allow_failure: true # the deb822 problem breaks these tests, so let's allow them to fail for now: reprotest: extends: .test-reprotest allow_failure: true test-build-any: extends: .test-build-package-any allow_failure: true ABI-check: stage: test image: $SALSA_CI_IMAGES_BASE script: - | if [ "$LINUX_KERNEL_ABI" ]; then cat <<-EOF ############################[ KERNEL SKEW ]############################ LINUX_KERNEL_ABI has been set ($LINUX_KERNEL_ABI) in the extract-source job which indicates that we had to kludge the ABI version to make the build work. . That being the case, this test will fail in order to indicate that something unusual is occuring here. ####################################################################### EOF exit 1 elif [ "$LINUX_KERNEL_UNSIGNED" ]; then cat <<-EOF ######################[ UNSIGNED KERNEL IN USE ]####################### The extract-source job noticed that the signed kernel is not yet available, so we've used the unsigned version in order to let the D-I build succeed. . That being the case, this test will fail in order to indicate that something unusual is occuring here. ####################################################################### EOF exit 1 fi echo "Normal, non-ABI-skewed build." variables: GIT_STRATEGY: none needs: - job: extract-source