-
Notifications
You must be signed in to change notification settings - Fork 19
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add apt wrapper scripts #216
Conversation
- Improve error reporting (previous version always succeeded) - Handle keyserver URLs
The first thought which comes to mind, is that this is a bash script calling a bash script. It could be inline, instead of creating external wrapper scripts. When developing Drone, the feedback I got was to reduce the number of scripts to the absolute maximum. The reason there is more than one is due to multiple languages: Python/Starlark calling Bash or powershell. Perhaps each option has pros and cons. We have seen multiple situations where Perhaps the new functions here are more generalized. They can install any SOURCES or SOURCE_KEYS. We specifically need to install "ppa:ubuntu-toolchain-r/test". With that ppa in mind, it's possible to completely remove On the other hand, any bugs reported about ubuntu:14.04 shouldn't be taken too seriously because the operating system is close to end-of-life. |
This allows reuse across CIs. Otherwise we'd need to copy those functions and the calling code to each CIs config file obfuscating the actual testing logic by adding those ~30 lines of code I see that as big pros for this option.
I see in https://github.com/boostorg/boost-ci/blob/master/ci/drone/linux-cxx-install.sh that there is a special
Yes. Again the centralized approach also allows centralized feature addition for e.g. adding keys from keyserver-URLs instead of only path-like URLs as before which would otherwise need updates to all existing configs.
Sorry I don't understand that: We (may) not only add that single PPA but others too and for that we do need/are able to use BTW: I've seen even Ubuntu 18.04 failing strangly with a similar error. |
If you had drone jobs configured on boostorg/locale then we could compare if linux-cxx-install.sh was more successful than the regular github actions using apt-add-repository during the same timeframe.
Yes, it's possible. Check to see that single PPA, and take customized steps only for that one. |
I started trying to add drone jobs some time ago but it was a bit more difficult than I could handle in the available time back then as locale needed a bit of other stuff too for CI. We have this repo here for comparison but CI here doesn't run often due to few changes... The changes here are an improvement as they fix actual issues aren't they? |
Option 1: The following seems like the most robust solution. In
Option 2: Merge the current PR without the above mentioned logic, is also ok. |
Update: I see it's actually more than two lines of code, it must compute VERSION_CODENAME. My suggestion is to place that logic in |
I would merge that now and improve the script in a separate PR if all are fine with the script-approach. What might need discussing: In the GHA CI file I added
to explicitly download the key to avoid apt-add-repository failing. With
Why a regex and not a direct match on "ppa:ubuntu-toolchain-r/test"? Or did you wanted to also allow e.g. "ppa:ubuntu-toolchain-r/ppa"? |
The functionality of add-apt-keys.sh and add-apt-repositories.sh is closely enough related that it could all be merged in one wrapper file, instead of having two wrapper files. If that occurred, logic surrounding ubuntu-toolchain-r could be handled more simply instead of breaking it into multiple parts. When the toolchain is detected, add both keys and repos, at the same moment. Otherwise proceed to the other steps. At least an idea.
I did not investigate if the ppa is 100% consistently named and thus a direct match is better than a regex. Maybe I was thinking that a "partial match" on "ubuntu-toolchain-r" would catch everything. Whichever you find to be better. |
But adding keys and repositories are different ops and the current CI files do use them separately (
For that specific case one file can call the other. But if we merged them, how would we handle (existing) uses cases of e.g. adding LLVM repos? See e.g. https://github.com/boostorg/test/blob/a6063692a714d87584e9b9a940a8633b8cb6479a/.github/workflows/ci.yml#L245-L248 My idea was to provide those wrapper scripts as simple replacements of the underlying command with minor additions commonly used, e.g. retry & adding multiple "elements", such that Boost authors have good flexibility. |
Perhaps merging them in one wrapper script doesn't match the idea you have in mind, and isn't the ideal solution. That is fine. If it were done, the "how" is to pass in multiple arguments such as SOURCE_KEYS & SOURCES via multiple command-line arguments to the function, or global variables or environment variables.
alright. |
Add scripts to securely add APT keys and repositories as wrappers over the raw commands. This fixes various issues with the approach in the current CI script. E.g. in
sudo
applies to the command, not the redirection and hence doesn't help here asgpg --dearmor
runs fine without it. One would need to pipe it intosudo tee
or usegpg -o
parameter (which I chose)basename
can't extract something meaningful