Paul Wise
2019-09-13 02:30:02 UTC
Package: developers-reference
Severity: wishlist
X-Debbugs-CC: Philiip Kern <***@debian.org>, debian-wb-***@lists.debian.org
In the section about wanna-build, please document the new self-service
givebacks in the wanna-build section of devref:
https://www.debian.org/doc/manuals/developers-reference/ch05.en.html#wanna-build
Here is a copy of the announcement and blog post for your reference:
https://lists.debian.org/msgid-search/***@debian.org
Self-service buildd givebacks
-----------------------------
Philipp Kern has created[1] an *experimental* service that allows Debian
members to perform self-service retries of failed package builds (aka
give-backs). This service aims to reduce the time it takes for give-back
requests to be processed, which was done manually by the wanna-build
admins until now. The service is authenticated using the Debian Single
Signon[2] service. Debian members are still expected to act responsibly
when looking at build failures; do your due diligence and try reproducing
the issue on a porterbox first. Access to this service is logged and logs
will be audited by the admins.
-- Paul Wise
[1] https://debblog.philkern.de/2019/08/alpha-self-service-buildd-givebacks.html
[2] https://sso.debian.org/
https://debblog.philkern.de/2019/08/alpha-self-service-buildd-givebacks.html
Alpha: Self-service buildd givebacks
Builds on Debian's build farm sometimes fail transiently. Sometimes
those failures are legitimate flakes, for instance when an in-
progress build happens to exhaust its resources because of other
builds on the same machine. Until now, you always needed to mail the
buildd, wanna-build admins or the Release Team directly in order to
get the builds re-queued.
As an alpha trial I implemented self-service givebacks as a web
script. As SSO for Debian developers is now a thing, it is trivial
to add authentication in a way that a role account can use to act on
your behalf. While at work this would all be an RPC service, I
figured that a little CGI script would do the job just as well. So
lo and behold, accessing
https://buildd.debian.org/auth/giveback.cgi?pkg=<package>&suite=<suite>&arch=<arch>
with the right parameters set:
You are authenticated as pkern. â
Working on package fife, suite sid and architecture mipsel. â
Package version 0.4.2-1 in state Build-Attempted, can be given back. â
Successfully given back the package. â
Note that you need to be a Debian developer with a valid SSO client
certificate to access this service.
So why do I say alpha? We still expect Debian developers to act
responsibly when looking at build failures. A lot of times there is
a legitimate bug in the package and the last thing we would like to
see as a project is someone addressing flakiness by continuously
retrying a build. Access to this service is logged. Most people
coming to us today did their due diligence and tried reproducing the
issue on a porterbox. We still expect these things to happen but
this aims to cut on the round-trip time until an admin gets around
to process your request, which have been longer than necessary
recently. We will audit the logs and see if particular packages
stand out.
There can also still be bugs. Please file them against
buildd.debian.org when you see them. Please include a copy of the
output, which includes validation and important debugging
information when requests are rejected. Also this all only works for
packages in Build-Attempted. If the build has been marked as Failed
(which is a manual process), you still need to mail us. And lastly
the API can still change. Luckily the state change can only happen
once, so it's not much of a problem for the GET request to be
retried. But it should likely move to POST anyhow. In that case I
will update this post to reflect the new behavior.
Thanks to DSA for making sure that I run the service sensibly using
a dedicated role account as well as WSGI and doing the work to set
up the necessary bits.
Severity: wishlist
X-Debbugs-CC: Philiip Kern <***@debian.org>, debian-wb-***@lists.debian.org
In the section about wanna-build, please document the new self-service
givebacks in the wanna-build section of devref:
https://www.debian.org/doc/manuals/developers-reference/ch05.en.html#wanna-build
Here is a copy of the announcement and blog post for your reference:
https://lists.debian.org/msgid-search/***@debian.org
Self-service buildd givebacks
-----------------------------
Philipp Kern has created[1] an *experimental* service that allows Debian
members to perform self-service retries of failed package builds (aka
give-backs). This service aims to reduce the time it takes for give-back
requests to be processed, which was done manually by the wanna-build
admins until now. The service is authenticated using the Debian Single
Signon[2] service. Debian members are still expected to act responsibly
when looking at build failures; do your due diligence and try reproducing
the issue on a porterbox first. Access to this service is logged and logs
will be audited by the admins.
-- Paul Wise
[1] https://debblog.philkern.de/2019/08/alpha-self-service-buildd-givebacks.html
[2] https://sso.debian.org/
https://debblog.philkern.de/2019/08/alpha-self-service-buildd-givebacks.html
Alpha: Self-service buildd givebacks
Builds on Debian's build farm sometimes fail transiently. Sometimes
those failures are legitimate flakes, for instance when an in-
progress build happens to exhaust its resources because of other
builds on the same machine. Until now, you always needed to mail the
buildd, wanna-build admins or the Release Team directly in order to
get the builds re-queued.
As an alpha trial I implemented self-service givebacks as a web
script. As SSO for Debian developers is now a thing, it is trivial
to add authentication in a way that a role account can use to act on
your behalf. While at work this would all be an RPC service, I
figured that a little CGI script would do the job just as well. So
lo and behold, accessing
https://buildd.debian.org/auth/giveback.cgi?pkg=<package>&suite=<suite>&arch=<arch>
with the right parameters set:
You are authenticated as pkern. â
Working on package fife, suite sid and architecture mipsel. â
Package version 0.4.2-1 in state Build-Attempted, can be given back. â
Successfully given back the package. â
Note that you need to be a Debian developer with a valid SSO client
certificate to access this service.
So why do I say alpha? We still expect Debian developers to act
responsibly when looking at build failures. A lot of times there is
a legitimate bug in the package and the last thing we would like to
see as a project is someone addressing flakiness by continuously
retrying a build. Access to this service is logged. Most people
coming to us today did their due diligence and tried reproducing the
issue on a porterbox. We still expect these things to happen but
this aims to cut on the round-trip time until an admin gets around
to process your request, which have been longer than necessary
recently. We will audit the logs and see if particular packages
stand out.
There can also still be bugs. Please file them against
buildd.debian.org when you see them. Please include a copy of the
output, which includes validation and important debugging
information when requests are rejected. Also this all only works for
packages in Build-Attempted. If the build has been marked as Failed
(which is a manual process), you still need to mail us. And lastly
the API can still change. Luckily the state change can only happen
once, so it's not much of a problem for the GET request to be
retried. But it should likely move to POST anyhow. In that case I
will update this post to reflect the new behavior.
Thanks to DSA for making sure that I run the service sensibly using
a dedicated role account as well as WSGI and doing the work to set
up the necessary bits.
--
bye,
pabs
https://wiki.debian.org/PaulWise
bye,
pabs
https://wiki.debian.org/PaulWise