build RPM for dom0 in nightly job #129
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
emkll
reviewed
Jan 21, 2020
There was a problem hiding this comment.
Reviewed this PR by first going through the test plan as described in the PR description, it all looks great to me.
- Check out test build here : test build/output LGTM
- Test rpm is here: Artifact looks good to me, and is correctly signed with the securedrop test key
Some minor comments inline, mostly for discussion. Other than adding a couple of comments for maintainability, this is good to merge from my perspective.
8 tasks
'-' is considered an illegal character in the version, so we're going to go with LATEST_TAG.YYMMDD.HHMMSS
also the changelog absense doesn't fail the build, so ignoring
Need to specify the image for the machine executor else it defaults to trusty git-lfs package is not available in xenial according to https://packages.ubuntu.com/xenial/git-lfs
we can either modify the rpmbuilder image in the containers image (though this signing process required additional packages and sudo), or we can leave this as is. Since it's running nightly, the additional time of the docker image build is not going to be a major annoyance.
and fix the repo name
@emkll pointed out during review that if we ran these steps on a per-PR job, we'd have a higher chance of catching breakage in the rpm CI build logic prior to merge
* specify key by fingerprint instead of uid * remove `| true` since gpg --import does return 0 if the key is already imported * add note where this FEDORA_PKGR_VER came from
redshiftzero
force-pushed
the
rpm-nightly
branch
from
bfc36a3
to
fb18e58
Compare
|
thanks for the detailed comments! I've rebased on latest, this should be ready for re-review |
emkll
approved these changes
Jan 23, 2020
There was a problem hiding this comment.
Thanks @redshiftzero, changes look good to me, confirmed the latest changes are working in https://circleci.com/gh/freedomofpress/securedrop-debian-packaging/2420
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
(reopened from #123 but from the shared remote)
Closes freedomofpress/securedrop-workstation#357
Testing
ci: commit rpm to test branch for review.0x4A3BE4A92211B03CNote: if you notice issues with the files in the rpm, and notice something is missing, please file those over in securedrop-workstation. The next step here will be actually using this rpm in freedomofpress/securedrop-workstation#406
Versioning
I had to deviate from our versioning strategy used for the debian package nightlies as
-is an invalid character, so I went with LATEST_TAG.dev.YYMMDD.HHMMSS which is as close as possible for consistency. I verified via this script which you can run in a Fedora AppVM that this versioning is what we want: