WIP: Repackage .deb builds as mozillavpn-beta #9820
Conversation
oskirby
force-pushed
the
deb-repackage-beta
branch
from
25b6c99 to
7424bb3
Compare
After having a read through of the official Debian package format (see man deb(5)) it seems there are a couple of nuances to how the archive is created. We should probably be using the official tool, dpkg-deb, to manipulate packages to ensure that we create it correctly.
oskirby
force-pushed
the
deb-repackage-beta
branch
from
27ae26d to
33f3b18
Compare
oskirby
changed the title
|
|
||
| # If this is a beetmover promotion job, change the version to "beta" instead | ||
| if config.kind == "beetmover-promote": | ||
| version = "beta" |
There was a problem hiding this comment.
Does apt upgrade still work when the version doesn't change? (Do we care if it doesn't?)
There was a problem hiding this comment.
This transform here is actually just changing the filename of the artifacts from mozillavpn.deb to either mozillavpn-beta.deb for promotion or mozillavpn-<version number>.deb for shipping. The version that apt sees is a value embedded in the package control file and isn't being changed by this transform. This comment is really referring to the string that we're going to tack onto the filename.
There was a problem hiding this comment.
This may not have been 100% necessary to add, but I wanted there to be at least some ways to distinguish between the .deb files that came out of the build tasks and those that had been touched by repackaging, so I opted to go with a filename suffix like this.
There was a problem hiding this comment.
ah, right, sure, that's fine
| is_production = ( | ||
| config.params["level"] == "3" and config.params["tasks_for"] == "action" | ||
| ) | ||
| bucket = "release" if is_production else "dep" |
There was a problem hiding this comment.
Just to be 100% clear: the idea is that both the promote and apt tasks will push to the exact same debian repo (but with different package names)? If so, this block looks like it ought to be fine. (We'll be able to verify the dep path in the staging repo, but the release one obviously can only be fully tested in a real release.)
There was a problem hiding this comment.
So, my understanding is that beetmover-promote and beetmover-ship send packages to the production archive.mozilla.org site whenever they are triggered by shipit and we want to follow the same logic for the beetmover-apt task.
The promotion and shipping phases on archive.mozilla.org are distinguished by different directory paths (eg: promotion puts artifacts into the candidates directory). The objective of this PR is to distinguish promotion and shipping in the APT repository by changing the package name.
There was a problem hiding this comment.
Are we talking about uploading to archive.m.o, the debian repository, or both? (Both are handled by beetmover, but they are distinct things can be done or not done independently AFAIK.)
| cwd = os.path.dirname(os.path.realpath(__file__)) | ||
| with open(os.path.join(cwd, '..', '..', '..', 'version.txt'), 'r') as fp: | ||
| version = fp.readline().strip() |
There was a problem hiding this comment.
The usual pattern is to use config.params["version"] instead of reading version.txt from transforms.
| command: >- | ||
| ./taskcluster/scripts/build/dpkg-repack.py ${MOZ_FETCHES_DIR}/mozillavpn.deb \ | ||
| --set provides=mozillavpn --set version=$(cat version.txt) \ | ||
| -o /builds/worker/artifacts/mozillavpn-$(cat version.txt).deb |
There was a problem hiding this comment.
I have some concerns about modifying the artifact in between promote and ship. That means if the repack script fails or otherwise introduces a bug somehow, you'll only catch it after shipping.
So my preference/advice would be for us to have 2 apt repos, one for release candidates and one for releases, and publish the exact same artifact to both (similar to how we have candidates and releases dirs on archive.m.o); that said, I don't actually want to block your work if this is the way y'all want to go.
| cwd: '{checkout}' | ||
| command: >- | ||
| ./taskcluster/scripts/build/dpkg-repack.py ${MOZ_FETCHES_DIR}/mozillavpn.deb \ | ||
| --set provides=mozillavpn --set replaces=mozillavpn --set package=mozillavpn-beta \ |
There was a problem hiding this comment.
You'll want to set Conflicts in addition to Provides and Replaces.
Description
We have had much recurring pain trying to upload release candidates to the staging APT repository, and it would be nice if we could find a better way to package and upload release candidates. This PR attempts to accomplish just that. We attempt this by doing the following:
.debfile, edit itscontrolfile and repack it. There are two such jobs:repackage-deb-beta: SetsReplacesandProvidestomozillavpnand renames the package tomozillvpn-beta. This ensures that it will be considered an alternate version ofmozillavpnas far as the Debian packaging world is concerned.repackage-deb-release: Changes the package version to the contents ofversion.txt, thereby stripping out the build suffix (eg:2.26.0~build20241129becomes2.26.0) and we also add the version to the filename.release-artifactto append a version number. This should allow the release jobs to pick up the repackaged.debfiles rather than the one output by the build tasks.repackage-deb-betaand shipping depends onrepackage-deb-release.beetmover-apttask so that it pushes to the release bucket for bothpromoteandshiptasks. This was done by copying thein_productioncheck frombeetmover-promoteand this is where I get a bit fuzzy on what the correct thing to do is.Thus we wind up with a chain of tasks that should go something like this:
Reference
JIRA Issue: RELENG-1062
Checklist