Re: [Tails-dev] Automated builds specification

[bertagaz]

On Wed, Jun 17, 2015 at 10:30:28AM +0200, anonym wrote:
> On 06/16/2015 02:41 PM, bertagaz wrote:
> > On Fri, May 29, 2015 at 01:59:06PM +0200, intrigeri wrote:
> >> anonym wrote (30 Mar 2015 07:48:28 GMT) :
> >>> On 29/03/15 15:04, bertagaz wrote:
> 
> >>> Wild (possibly unrelated) idea: instead of only notifying the author of
> >>> the last commit of a topic branch, what about notifying all authors of
> >>> the topic branch since it deviated from the base branch?
> [...]
> >>> Also, I guess we need to filter out authors that are not Tails "core"
> >>> developers, so they do not get build failure notifications. This applies
> >>> to both packages uploaded (when we upload a package built by a 3rd
> >>> party), and Git (patches). Hmm.
> >>sure.
> >> Why?
> > 
> > I think on the contrary it might be useful for people that are not core
> > devs to get notifications on build failure.
> 
> I'm not sure that contributors will appreciate these notifications.
> 
> Any way, at least some "core" member *must* be notified too since they
> have the power to actually fix it so...
>
> >>> This makes me think that we should perhaps look at Git committer
> >>> name/email in Git instead of the author.
> >>
> >> Indeed, Git has separate committer and author "metadata fields" for
> >> each commit. But I don't understand what exactly you're suggesting we
> >> use them for -- may you please elaborate on this idea?
> > 
> > I don't think it's that important. The only use case I see where it would
> > change who gets the notification would be when one of us import a patch
> > we received. Then, it is interesting still to use the author field, as it
> > means that the notification would be sent to the one who actually wrote
> > the patch, and not just to the one who merged it. Or maybe we want both of
> > them to be notified?
> 
> ... notifying both author and committer seems like a very nice idea.

Ok, as it's quite a change to our current specifications, and is a longer
discussion that might need to see live action going on to decide
something, I've tracked this discussion in a separate ticket:
https://labs.riseup.net/code/issues/9615

Thanks!

bert.
___
Tails-dev mailing list
Tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev
To unsubscribe from this list, send an empty email to 
tails-dev-unsubscr...@boum.org.

Re: [Tails-dev] Automated builds specification

[anonym]

On 06/16/2015 02:41 PM, bertagaz wrote:
> On Fri, May 29, 2015 at 01:59:06PM +0200, intrigeri wrote:
>> anonym wrote (30 Mar 2015 07:48:28 GMT) :
>>> On 29/03/15 15:04, bertagaz wrote:

>>> Wild (possibly unrelated) idea: instead of only notifying the author of
>>> the last commit of a topic branch, what about notifying all authors of
>>> the topic branch since it deviated from the base branch?
[...]
>>> Also, I guess we need to filter out authors that are not Tails "core"
>>> developers, so they do not get build failure notifications. This applies
>>> to both packages uploaded (when we upload a package built by a 3rd
>>> party), and Git (patches). Hmm.
>>sure.
>> Why?
> 
> I think on the contrary it might be useful for people that are not core
> devs to get notifications on build failure.

I'm not sure that contributors will appreciate these notifications.

Any way, at least some "core" member *must* be notified too since they
have the power to actually fix it so...

>>> This makes me think that we should perhaps look at Git committer
>>> name/email in Git instead of the author.
>>
>> Indeed, Git has separate committer and author "metadata fields" for
>> each commit. But I don't understand what exactly you're suggesting we
>> use them for -- may you please elaborate on this idea?
> 
> I don't think it's that important. The only use case I see where it would
> change who gets the notification would be when one of us import a patch
> we received. Then, it is interesting still to use the author field, as it
> means that the notification would be sent to the one who actually wrote
> the patch, and not just to the one who merged it. Or maybe we want both of
> them to be notified?

... notifying both author and committer seems like a very nice idea.

Cheers!

___
Tails-dev mailing list
Tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev
To unsubscribe from this list, send an empty email to 
tails-dev-unsubscr...@boum.org.

Re: [Tails-dev] Automated builds specification

[bertagaz]

Hi,

Just realized while searching for leftovers in this thread that this last
bit of the discussion was still not over.

On Fri, May 29, 2015 at 01:59:06PM +0200, intrigeri wrote:
> 
> [This is about builds triggered by uploads to our APT repository.]
> 
> anonym wrote (30 Mar 2015 07:48:28 GMT) :
> > On 29/03/15 15:04, bertagaz wrote:
> >> However, one point it raises (added to the blueprint) is determining who
> >> would be notified of this kind of build on failure.
> 
> Given the way we've chosen to implement post-APT-upload builds for
> this first iteration, I have my doubts wrt. whether we can distinguish
> such builds from other ones. It may be that we simply can't, so
> perhaps it doesn't make much sense to discuss failure notification for
> this case in isolation from the general case... because we won't be
> able to implement a different behaviour (yet). Did I miss something?

Agree it doesn't make much sense.

> So, below I'll discuss the general case of build failure notification.
> 
> > Wild (possibly unrelated) idea: instead of only notifying the author of
> > the last commit of a topic branch, what about notifying all authors of
> > the topic branch since it deviated from the base branch? E.g.
> 
> > git log --pretty="format:%an <%ae>" ${BASE_BRANCH}.. | sort -u
> 
> Interesting. I seem to remember having seen something like that
> available as an option in Jenkins' Git plugin. I suggest we start by
> notifying the author of the last commit, and keep this alternate idea
> in mind if that's not enough. Thoughts?

Added it to the blueprint as a future possible enhancement if we feel it's
needed.

> > Also, I guess we need to filter out authors that are not Tails "core"
> > developers, so they do not get build failure notifications. This applies
> > to both packages uploaded (when we upload a package built by a 3rd
> > party), and Git (patches). Hmm.
> 
> Why?

I think on the contrary it might be useful for people that are not core
devs to get notifications on build failure.

> > This makes me think that we should perhaps look at Git committer
> > name/email in Git instead of the author.
> 
> Indeed, Git has separate committer and author "metadata fields" for
> each commit. But I don't understand what exactly you're suggesting we
> use them for -- may you please elaborate on this idea?

I don't think it's that important. The only use case I see where it would
change who gets the notification would be when one of us import a patch
we received. Then, it is interesting still to use the author field, as it
means that the notification would be sent to the one who actually wrote
the patch, and not just to the one who merged it. Or maybe we want both of
them to be notified?

bert.
___
Tails-dev mailing list
Tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev
To unsubscribe from this list, send an empty email to 
tails-dev-unsubscr...@boum.org.

Re: [Tails-dev] Automated builds specification

[intrigeri]

Hi,

[This is about builds triggered by uploads to our APT repository.]

anonym wrote (30 Mar 2015 07:48:28 GMT) :
> On 29/03/15 15:04, bertagaz wrote:
>> However, one point it raises (added to the blueprint) is determining who
>> would be notified of this kind of build on failure.

Given the way we've chosen to implement post-APT-upload builds for
this first iteration, I have my doubts wrt. whether we can distinguish
such builds from other ones. It may be that we simply can't, so
perhaps it doesn't make much sense to discuss failure notification for
this case in isolation from the general case... because we won't be
able to implement a different behaviour (yet). Did I miss something?

So, below I'll discuss the general case of build failure notification.

>> Multiple options are maybe to consider:
>> 
>>  * Notify every core devs that has upload access on our reprepro.

> I think notifying the last Git committer would be correct 90+% of the
> time, instead of spamming everyone 100% of the time (=> will make people
> ignore build failure notifications). [...]

Full ACK. That's what the blueprint says for the general case already.

> Wild (possibly unrelated) idea: instead of only notifying the author of
> the last commit of a topic branch, what about notifying all authors of
> the topic branch since it deviated from the base branch? E.g.

> git log --pretty="format:%an <%ae>" ${BASE_BRANCH}.. | sort -u

Interesting. I seem to remember having seen something like that
available as an option in Jenkins' Git plugin. I suggest we start by
notifying the author of the last commit, and keep this alternate idea
in mind if that's not enough. Thoughts?

>>  * Change our packaging habits and put our emails in the changelog.

> It sounds good, but not without problems. Sometimes we upload packages
> we haven't built ourselves, e.g. I often upload I2P packages built by
> KillYourTV.

We're actually sending to reprepro the "who did the upload"
information, as part of the signature on the .changes file. However,
I think we're ditching this information as soon as the package is
imported. If we want to use this information in any way, we'll have to
keep it around somehow. Anyway, IMO that's long-term, and no idea if
it's worth bothering yet. Time will tell.

> Also, I guess we need to filter out authors that are not Tails "core"
> developers, so they do not get build failure notifications. This applies
> to both packages uploaded (when we upload a package built by a 3rd
> party), and Git (patches). Hmm.

Why?

> This makes me think that we should perhaps look at Git committer
> name/email in Git instead of the author.

Indeed, Git has separate committer and author "metadata fields" for
each commit. But I don't understand what exactly you're suggesting we
use them for -- may you please elaborate on this idea?

Cheers!
-- 
intrigeri
___
Tails-dev mailing list
Tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev
To unsubscribe from this list, send an empty email to 
tails-dev-unsubscr...@boum.org.

Re: [Tails-dev] Automated builds specification

[bertagaz]

Hi,

On Mon, Apr 06, 2015 at 06:53:35PM +0200, intrigeri wrote:
> bertagaz wrote (06 Apr 2015 16:44:30 GMT) :
> 
> > Was there any other topics to discuss on this subject? I kinda remember
> > this was the last review round, and we managed to answer to all the raised
> > questions.
> 
> No idea. I suggest quickly skimming over the thread again, looking for
> anything that hasn't been captured in the blueprint. (We may have the
> big picture in mind right now — wait, actually not apparently — but
> who knows where we'll be in a year or so?)

We should maybe call that landscapes. :)

I already did a last skimming before anonym had his last crazy good ideas.

I'll take another look at it quickly, maybe note the interesting msg-ids
in the blueprint, but I was asking because to me we're quite done on this.

bert.
___
Tails-dev mailing list
Tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev
To unsubscribe from this list, send an empty email to 
tails-dev-unsubscr...@boum.org.

Re: [Tails-dev] Automated builds specification

[intrigeri]

bertagaz wrote (06 Apr 2015 16:44:30 GMT) :
> How did you know I was confused? Long running threads are a bit hard to
> follow, and I tend to have more and more troubles getting the full
> picture. :)

> Removed it.

:)

> Was there any other topics to discuss on this subject? I kinda remember
> this was the last review round, and we managed to answer to all the raised
> questions.

No idea. I suggest quickly skimming over the thread again, looking for
anything that hasn't been captured in the blueprint. (We may have the
big picture in mind right now — wait, actually not apparently — but
who knows where we'll be in a year or so?)
___
Tails-dev mailing list
Tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev
To unsubscribe from this list, send an empty email to 
tails-dev-unsubscr...@boum.org.

Re: [Tails-dev] Automated builds specification

[bertagaz]

Hi,

On Mon, Mar 30, 2015 at 09:28:08PM +0200, intrigeri wrote:
> 
> Scenario 15 looks good.
> 
> I don't understand what scenario 14 is about, especially right after
> the discussion we've had on this thread. How could base branches be
> possibly affected by changes in topic branches?
> 
> Did I miss anything, or were you a little bit confused?

How did you know I was confused? Long running threads are a bit hard to
follow, and I tend to have more and more troubles getting the full
picture. :)

Removed it.

Was there any other topics to discuss on this subject? I kinda remember
this was the last review round, and we managed to answer to all the raised
questions.

bert.
___
Tails-dev mailing list
Tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev
To unsubscribe from this list, send an empty email to 
tails-dev-unsubscr...@boum.org.

Re: [Tails-dev] Automated builds specification

[intrigeri]

Hi,

bertagaz wrote (29 Mar 2015 13:04:11 GMT) :
> On Wed, Mar 25, 2015 at 04:44:32PM +0100, intrigeri wrote:
>> => bertagaz and Jurre, may you please capture this problem, and the
>> long-term solution ideas we had, in the "Future ideas" section of
>> the blueprint?

> Done in scenarios 14 and 15, please review.

Scenario 15 looks good.

I don't understand what scenario 14 is about, especially right after
the discussion we've had on this thread. How could base branches be
possibly affected by changes in topic branches?

  * by a commit to the Git topic branch: that's not the case unless
one then merges the topic branch into the base one, but then this
adds new commits to the topic branch, and is already dealt with by
other scenarios

  * by a package upload: as said earlier in this thread, one MUST NOT
upload new packages to a topic branch's APT suite once it has been
merged, so this should not happen (instead, I think we need
"something" to let us remember we should simply forbid such
dangerous actions with technical means)

Did I miss anything, or were you a little bit confused?

Cheers,
-- 
intrigeri
___
Tails-dev mailing list
Tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev
To unsubscribe from this list, send an empty email to 
tails-dev-unsubscr...@boum.org.

Re: [Tails-dev] Automated builds specification

[intrigeri]

Hi,

anonym wrote (25 Mar 2015 16:30:26 GMT) :
> On 25/03/15 16:44, intrigeri wrote:
>> anonym wrote (24 Mar 2015 16:50:06 GMT) :
>>> However, I think the reason I asked for this feature was to trigger
>>> rebuilds when the feature branch's APT suite has been updated. From
>>> reading the blueprint it only mentions "Git", so I assume the "watchdog"
>>> won't look at the feature branch's APT suite state?
>> [...]
>> Long-term: it seems quite clear to me that any upload to an APT suite
>> should trigger a rebuild of the *directly* affected base branch.

> I assume you didn't intend "base" to be there, right?

Right.

> This should fix all issues I came up with

Cool :)

> Sorry for the noise.

No problem, it forced me to clarify my vision, and thus gives more
ample opportunity to others to disagree while it's not too late.
(I'd hate to see the "OMG WTF?" effect in N months, when all this
is ready to go into production. I'm still bitter from last time it
happened, so better avoid it :)

Cheers!
-- 
intrigeri
___
Tails-dev mailing list
Tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev
To unsubscribe from this list, send an empty email to 
tails-dev-unsubscr...@boum.org.

Re: [Tails-dev] Automated builds specification

[anonym]

On 29/03/15 15:04, bertagaz wrote:
> Hi,
> 
> Sorry, lagging a bit one my emails.
> 
> On Wed, Mar 25, 2015 at 04:44:32PM +0100, intrigeri wrote:
>> Hi,
>>
>> anonym wrote (24 Mar 2015 16:50:06 GMT) :
>>> However, I think the reason I asked for this feature was to trigger
>>> rebuilds when the feature branch's APT suite has been updated. From
>>> reading the blueprint it only mentions "Git", so I assume the "watchdog"
>>> won't look at the feature branch's APT suite state?
> 
> That's right, good catch. I tried to add in the blueprint that we want
> builds triggered by uploads on APT suites.
> 
> However, one point it raises (added to the blueprint) is determining who
> would be notified of this kind of build on failure.
> 
> Multiple options are maybe to consider:
> 
>  * Notify every core devs that has upload access on our reprepro.

I think notifying the last Git committer would be correct 90+% of the
time, instead of spamming everyone 100% of the time (=> will make people
ignore build failure notifications). After all, most of the time only
one person works on any given branch, and with #8654 one will be forced
to modify Git in order to create (or at least activate) a branche's APT
suite, so there will be no "empty" Git topic branches that only modify
the APT suite any more.

Wild (possibly unrelated) idea: instead of only notifying the author of
the last commit of a topic branch, what about notifying all authors of
the topic branch since it deviated from the base branch? E.g.

git log --pretty="format:%an <%ae>" ${BASE_BRANCH}.. | sort -u

>  * Change our packaging habits and put our emails in the changelog.

It sounds good, but not without problems. Sometimes we upload packages
we haven't built ourselves, e.g. I often upload I2P packages built by
KillYourTV. Since it's KillYourTV's email in the last changelog entry,
should he,the package builder, be notified, or I, the branch owner? If
only one person should be notified, I think that should be me, the
branch owner, but both would be better, perhaps. I think that'd go well
with the "notify all authors of topic branch" idea I proposed above.

Also, I guess we need to filter out authors that are not Tails "core"
developers, so they do not get build failure notifications. This applies
to both packages uploaded (when we upload a package built by a 3rd
party), and Git (patches). Hmm. This makes me think that we should
perhaps look at Git committer name/email in Git instead of the author.

Cheers!

___
Tails-dev mailing list
Tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev
To unsubscribe from this list, send an empty email to 
tails-dev-unsubscr...@boum.org.

Re: [Tails-dev] Automated builds specification

[bertagaz]

Hi,

Sorry, lagging a bit one my emails.

On Wed, Mar 25, 2015 at 04:44:32PM +0100, intrigeri wrote:
> Hi,
> 
> anonym wrote (24 Mar 2015 16:50:06 GMT) :
> > However, I think the reason I asked for this feature was to trigger
> > rebuilds when the feature branch's APT suite has been updated. From
> > reading the blueprint it only mentions "Git", so I assume the "watchdog"
> > won't look at the feature branch's APT suite state?

That's right, good catch. I tried to add in the blueprint that we want
builds triggered by uploads on APT suites.

However, one point it raises (added to the blueprint) is determining who
would be notified of this kind of build on failure.

Multiple options are maybe to consider:

 * Notify every core devs that has upload access on our reprepro.
 * Change our packaging habits and put our emails in the changelog.

> Short-term mitigation:
> 
>  1. if anyone really want to trigger an immediate rebuild, they can do
> it manually in the Jenkins interface (people who have upload
> rights to our APT repo also have powerful-enough access to Jenkins
> to trigger builds);
>  2. the proposal says that all active branches are built daily, in
> addition to post-Git-push => worst case, the branch will be
> rebuilt within 24h;
>  3. if in a hurry, or for whatever reason, you can still force
> a rebuild by pushing a dummy commit (ugly, but it works).
> 
> Long-term: it seems quite clear to me that any upload to an APT suite
> should trigger a rebuild of the *directly* affected base branch.
> 
> And also, more generally: at some point, whenever a base branch's
> current build is marked as outdated and needing to be rebuilt, be it
> because the base branch was updated in Git or via its APT suite, we'll
> want to trigger rebuilds of indirectly affected active branches as
> well (e.g. topic branches based on that base branch) somehow.
> Note that our resource estimates (and thus, our last round of hardware
> shopping) didn't take this cascade of triggered builds, so we simply
> can't implement that at the moment.
> 
> BTW, I've read a bit about Zuul
> (http://ci.openstack.org/zuul/zuul.html) recently, and this made me
> aware of quite a few issues similar to the one you're raising here.
> Lots of food for thought, forwarded to bertagaz already.
> 
> Now, let's put things back into perspective: what bertagaz and Jurre
> are working on so far is expending what we currently have to all
> active branches. Of course it doesn't cover everything that should
> ideally be done yet, simply because what we have so far itself
> doesn't. That's merely yet another step towards implementing the ideal
> CI system we need :)
> 
> => bertagaz and Jurre, may you please capture this problem, and the
> long-term solution ideas we had, in the "Future ideas" section of
> the blueprint?

Done in scenarios 14 and 15, please review.

bert.
___
Tails-dev mailing list
Tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev
To unsubscribe from this list, send an empty email to 
tails-dev-unsubscr...@boum.org.

Re: [Tails-dev] Automated builds specification

[anonym]

On 25/03/15 16:44, intrigeri wrote:
> Hi,
> 
> anonym wrote (24 Mar 2015 16:50:06 GMT) :
>> However, I think the reason I asked for this feature was to trigger
>> rebuilds when the feature branch's APT suite has been updated. From
>> reading the blueprint it only mentions "Git", so I assume the "watchdog"
>> won't look at the feature branch's APT suite state?
> 
> Short-term mitigation:
> 
>  1. if anyone really want to trigger an immediate rebuild, they can do
> it manually in the Jenkins interface (people who have upload
> rights to our APT repo also have powerful-enough access to Jenkins
> to trigger builds);

Of course! Can't believe I forgot about this!

> [...]
> Long-term: it seems quite clear to me that any upload to an APT suite
> should trigger a rebuild of the *directly* affected base branch.

I assume you didn't intend "base" to be there, right? I mean, whatever
branch we're dealing with, feature or base, it should be rebuilt when
its APT suite is modified. If that's what you meant, great!

> And also, more generally: at some point, whenever a base branch's
> current build is marked as outdated and needing to be rebuilt, be it
> because the base branch was updated in Git or via its APT suite, we'll
> want to trigger rebuilds of indirectly affected active branches as
> well (e.g. topic branches based on that base branch) somehow.
> Note that our resource estimates (and thus, our last round of hardware
> shopping) didn't take this cascade of triggered builds, so we simply
> can't implement that at the moment.

Cool!

[...]
> On a more general note, all this discussion and thinking convinces me
> more and more that we should really capture in Git everything that
> matters for a given branch/build, including the state of the custom
> source packages it needs. Lots of technical details (Git submodules,
> when/where packages shall be built, etc.) clearly need more thinking,
> but the general concept, once implemented, will make most of this
> discussion moot.

Agreed.

>> Another thing that *just* struck me (and has a lot of consequences...
>> sorry for coming with this at this late stage) is that updates to the
>> base branch's APT suite will affect all feature branches based on it, so
>> a rebuild for all of them would make sense immediately after such an
>> update.
> 
> I agree in principle, but we can't do the "immediately" part yet, as
> explained above in more general terms (since the same is true for Git
> changes in a base branch).

Right. Take my "immediately":s with a grain of salt.

>> OTOH, they may lack important Git state (since the base branch
>> wasn't merged back) that otherwise will make the builds break. Luckily,
>> if we have #8654 and never modify any base branch's APT suite directly
>> but only add APT suites to the base branche's config file *in* *Git*, we
>> should be fine since a Git merge into the feature branch is needed to
>> make it aware of the APT changes.
> 
> (In what follows, I'm assuming we will have #8654 soonish, since
> otherwise the rest of the extended autobuild system wouldn't be
> very useful.)

For the record, everything I wrote was with the assumption that we have
#8654.

> I don't get what's the problem you're raising here. My understanding
> is that there are few potential problems:
> 
>  a) Changes made directly in the base branch' APT suite are not taken
> into account by a rebuild of a topic branch.
>  b) Changes made directly in the base branch' APT suite don't trigger
> a rebuild of the affected topic branches.
>  c) Changes made in the base branch' APT suites config file are not
> taken into account by a rebuild of a topic branch.
>  d) Changes made in the base branch' APT suites config file don't
> trigger a rebuild of the affected topic branches.
> 
> Triggering rebuilds (b and d) has been discussed above, and in short:
> we can't do that yet, too bad.
> 
> I believe that (a) and (c) are non-issues once we have #8654.

Urgh. I had forgotten this part of the build specification:

A topic branch may be lagging behind the base branch it's based
upon. What we're interested in is generally not whether a (possibly
outdated) topic branch builds fine, but whether it would build fine
once merged into its base branch:

This should fix all issues I came up with (except that already-merged
branches should be frozen and not reused). Sorry for the noise. I had
already written some answers below before realizing this, so I leave
them, but you can just ignore them.

>> There's a similar case that also needs some consideration, and changes
>> in how we work: imagine we have a feature branch F based on base branch
>> B. We upload a package to F's APT suite, all looks good at the moment,
>> and we merge F into B. Then a feature branch E has B merged into. All
>> good so far. However, at this point we discover an issue with F and have
>> to rebuild the package, or otherwise change F's APT suite. Then we
>> cannot do anythin

Re: [Tails-dev] Automated builds specification

[intrigeri]

Hi,

anonym wrote (24 Mar 2015 16:50:06 GMT) :
> However, I think the reason I asked for this feature was to trigger
> rebuilds when the feature branch's APT suite has been updated. From
> reading the blueprint it only mentions "Git", so I assume the "watchdog"
> won't look at the feature branch's APT suite state?

Short-term mitigation:

 1. if anyone really want to trigger an immediate rebuild, they can do
it manually in the Jenkins interface (people who have upload
rights to our APT repo also have powerful-enough access to Jenkins
to trigger builds);
 2. the proposal says that all active branches are built daily, in
addition to post-Git-push => worst case, the branch will be
rebuilt within 24h;
 3. if in a hurry, or for whatever reason, you can still force
a rebuild by pushing a dummy commit (ugly, but it works).

Long-term: it seems quite clear to me that any upload to an APT suite
should trigger a rebuild of the *directly* affected base branch.

And also, more generally: at some point, whenever a base branch's
current build is marked as outdated and needing to be rebuilt, be it
because the base branch was updated in Git or via its APT suite, we'll
want to trigger rebuilds of indirectly affected active branches as
well (e.g. topic branches based on that base branch) somehow.
Note that our resource estimates (and thus, our last round of hardware
shopping) didn't take this cascade of triggered builds, so we simply
can't implement that at the moment.

BTW, I've read a bit about Zuul
(http://ci.openstack.org/zuul/zuul.html) recently, and this made me
aware of quite a few issues similar to the one you're raising here.
Lots of food for thought, forwarded to bertagaz already.

Now, let's put things back into perspective: what bertagaz and Jurre
are working on so far is expending what we currently have to all
active branches. Of course it doesn't cover everything that should
ideally be done yet, simply because what we have so far itself
doesn't. That's merely yet another step towards implementing the ideal
CI system we need :)

=> bertagaz and Jurre, may you please capture this problem, and the
long-term solution ideas we had, in the "Future ideas" section of
the blueprint?

On a more general note, all this discussion and thinking convinces me
more and more that we should really capture in Git everything that
matters for a given branch/build, including the state of the custom
source packages it needs. Lots of technical details (Git submodules,
when/where packages shall be built, etc.) clearly need more thinking,
but the general concept, once implemented, will make most of this
discussion moot.

> Another thing that *just* struck me (and has a lot of consequences...
> sorry for coming with this at this late stage) is that updates to the
> base branch's APT suite will affect all feature branches based on it, so
> a rebuild for all of them would make sense immediately after such an
> update.

I agree in principle, but we can't do the "immediately" part yet, as
explained above in more general terms (since the same is true for Git
changes in a base branch).

> OTOH, they may lack important Git state (since the base branch
> wasn't merged back) that otherwise will make the builds break. Luckily,
> if we have #8654 and never modify any base branch's APT suite directly
> but only add APT suites to the base branche's config file *in* *Git*, we
> should be fine since a Git merge into the feature branch is needed to
> make it aware of the APT changes.

(In what follows, I'm assuming we will have #8654 soonish, since
otherwise the rest of the extended autobuild system wouldn't be
very useful.)

I don't get what's the problem you're raising here. My understanding
is that there are few potential problems:

 a) Changes made directly in the base branch' APT suite are not taken
into account by a rebuild of a topic branch.
 b) Changes made directly in the base branch' APT suite don't trigger
a rebuild of the affected topic branches.
 c) Changes made in the base branch' APT suites config file are not
taken into account by a rebuild of a topic branch.
 d) Changes made in the base branch' APT suites config file don't
trigger a rebuild of the affected topic branches.

Triggering rebuilds (b and d) has been discussed above, and in short:
we can't do that yet, too bad.

I believe that (a) and (c) are non-issues once we have #8654.

So, what's the remaining problem we should solve *now*?

> There's a similar case that also needs some consideration, and changes
> in how we work: imagine we have a feature branch F based on base branch
> B. We upload a package to F's APT suite, all looks good at the moment,
> and we merge F into B. Then a feature branch E has B merged into. All
> good so far. However, at this point we discover an issue with F and have
> to rebuild the package, or otherwise change F's APT suite. Then we
> cannot do anything with F's APT suite, because that would affect E
> without i

Re: [Tails-dev] Automated builds specification

[anonym]

On 01/03/15 12:49, intrigeri wrote:
> hi,
> 
> bertagaz wrote (27 Feb 2015 10:07:03 GMT) :
>> On Thu, Feb 26, 2015 at 08:46:17PM +0100, bertagaz wrote:
>>> On Thu, Feb 26, 2015 at 05:21:23PM +0100, anonym wrote:
 On 11/01/15 20:07, Jurre van Bergen wrote:
> Developers should be able to trigger automatic builds for a branch
> whose build was dropped (eg. last commit too old) by pushing a dumb
> commit on a timestamp file in that branch.

 Can't we make builds trigger via signed email too? Polluting the Git
 repo like that seems ugly to me.
> [...]
>> While discussing last night about this interesting point you raised, we
>> thought of an easy and obvious fix to that history pollution.
> 
>> In fact, that's even already implemented in the way we often work: after a
>> release, people working on a topic branch often merge stable or testing
>> back in it. So there *will* be new commits on their branches.
> 
>> Does that sound better to you?
> 
> At least it does sound better to me: the problem at hand is detecting
> the transition of a branch between inactive and active state.

It sounds better to me too.

However, I think the reason I asked for this feature was to trigger
rebuilds when the feature branch's APT suite has been updated. From
reading the blueprint it only mentions "Git", so I assume the "watchdog"
won't look at the feature branch's APT suite state? I think I mentioned
something about this during the sprint.

Another thing that *just* struck me (and has a lot of consequences...
sorry for coming with this at this late stage) is that updates to the
base branch's APT suite will affect all feature branches based on it, so
a rebuild for all of them would make sense immediately after such an
update. OTOH, they may lack important Git state (since the base branch
wasn't merged back) that otherwise will make the builds break. Luckily,
if we have #8654 and never modify any base branch's APT suite directly
but only add APT suites to the base branche's config file *in* *Git*, we
should be fine since a Git merge into the feature branch is needed to
make it aware of the APT changes.

There's a similar case that also needs some consideration, and changes
in how we work: imagine we have a feature branch F based on base branch
B. We upload a package to F's APT suite, all looks good at the moment,
and we merge F into B. Then a feature branch E has B merged into. All
good so far. However, at this point we discover an issue with F and have
to rebuild the package, or otherwise change F's APT suite. Then we
cannot do anything with F's APT suite, because that would affect E
without it merging B again. Hence, the fixup for F has to be made in a
new feature branch, say F-fixup. When F-fixup is merged into B, E won't
be affected (and need a rebuild) until B is merged into E.

To conclude, we should update our merge policy (or whatever) with the
following rules:

* Never upload packages directly to any base branch, not even during
during release time. Never!

* Once a feature branch has been merged into a base branch, the feature
branch's APT suite should be frozen forever. Any fixups that affect the
feature branch's APT suite *must* be done in the APT suite of a *new*
feature branch.

I also think we have some problems around release time when we merge all
APT suites of the feature branches that *have* been Git-merged into the
base branch being released (I'm gonna refer to this procedure simply as
"squashing" below). Specifically, all feature branches based on the
to-be-released base branch that has *not* been merged will be affected
by this. Example:

1. Let F1 and F2 be divergent feature branches based on base branch B.
2. F1 is merged into B.
3. B is released, so F1's APT suite is merged into B's APT suite, i.e.
the "squashing".
4. Note that at no point was F1 or B merged into F2, but right now it's
like the APT suite of F1 is merged into F2. Also note that F1's Git is
not merged into F2.

Now we have two issues:

* F2 has (indirectly, via the base branch's APT suite) been modified
without its Git state being changed at all.

* However, F2 doesn't have the Git changes made in F1, and it could very
well be that the APT stuff introduced by F1's APT suite depend on those
Git changes in a way so that builds will break without them.

The only way I see to resolve all this reliably is that: after we
"squash", then all branches based on B that have *not* been merged yet
must immediately have B merged into them, and all branches that *have*
been merged are killed (or at least marked in a way so they are not
rebuilt). This is a new step in our release process. However, it's quite
unfortunate to add this procedure at that stage, which already is a bit
stressful, so perhaps the "squashing" can be done in the APT suite T
that's created for the release tag, and then we reset the B to T's state
and merge B into the remaining feature branches based on B at
post-release time, when things are a bit calmer.

T

Re: [Tails-dev] Automated builds specification

[bertagaz]

Hi,

On Sun, Mar 01, 2015 at 12:49:35PM +0100, intrigeri wrote:
> bertagaz wrote (27 Feb 2015 10:07:03 GMT) :
> > Does that sound better to you?
> 
> At least it does sound better to me: the problem at hand is detecting
> the transition of a branch between inactive and active state.
> 
> When coming back to a branch after not having worked on it since 6+
> weeks, the first thing I do is indeed to make the branch up-to-date
> wrt. changes that happened in the last 6+ weeks, then making sure it
> still builds locally, and after that I would push the branch and it
> will become active again (from Jenkins' perspective), as
> bertagaz explained.
> 
> bertagaz, DrWhax: please explain this on the blueprint -- you now
> have two proposed wordings already so it should be easy :)

Done in e5d21e8.

bert.
___
Tails-dev mailing list
Tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev
To unsubscribe from this list, send an empty email to 
tails-dev-unsubscr...@boum.org.

Re: [Tails-dev] Automated builds specification

[intrigeri]

hi,

bertagaz wrote (27 Feb 2015 10:07:03 GMT) :
> On Thu, Feb 26, 2015 at 08:46:17PM +0100, bertagaz wrote:
>> On Thu, Feb 26, 2015 at 05:21:23PM +0100, anonym wrote:
>> > On 11/01/15 20:07, Jurre van Bergen wrote:
>> > > Developers should be able to trigger automatic builds for a branch
>> > > whose build was dropped (eg. last commit too old) by pushing a dumb
>> > > commit on a timestamp file in that branch.
>> > 
>> > Can't we make builds trigger via signed email too? Polluting the Git
>> > repo like that seems ugly to me.
[...]
> While discussing last night about this interesting point you raised, we
> thought of an easy and obvious fix to that history pollution.

> In fact, that's even already implemented in the way we often work: after a
> release, people working on a topic branch often merge stable or testing
> back in it. So there *will* be new commits on their branches.

> Does that sound better to you?

At least it does sound better to me: the problem at hand is detecting
the transition of a branch between inactive and active state.

When coming back to a branch after not having worked on it since 6+
weeks, the first thing I do is indeed to make the branch up-to-date
wrt. changes that happened in the last 6+ weeks, then making sure it
still builds locally, and after that I would push the branch and it
will become active again (from Jenkins' perspective), as
bertagaz explained.

bertagaz, DrWhax: please explain this on the blueprint -- you now
have two proposed wordings already so it should be easy :)

Cheers,
-- 
intrigeri
___
Tails-dev mailing list
Tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev
To unsubscribe from this list, send an empty email to 
tails-dev-unsubscr...@boum.org.

Re: [Tails-dev] Automated builds specification

[bertagaz]

Hi,

On Thu, Feb 26, 2015 at 08:46:17PM +0100, bertagaz wrote:
> On Thu, Feb 26, 2015 at 05:21:23PM +0100, anonym wrote:
> > On 11/01/15 20:07, Jurre van Bergen wrote:
> > > Developers should be able to trigger automatic builds for a branch
> > > whose build was dropped (eg. last commit too old) by pushing a dumb
> > > commit on a timestamp file in that branch.
> > 
> > Can't we make builds trigger via signed email too? Polluting the Git
> > repo like that seems ugly to me.
> 
> It surely isn't the best for the git history or commit point of view, but
> OTOH it express in git's semantic the fact that a branch is active for
> more people than Jenkins and the sender of the email. So for example the
> release manager can also easily get that info and add the branch on his
> radar.
> 
> Signed email could be an optional feature, like nice to have, but maybe
> not a blocker to deploy the automated builds. It will surely be a bit more
> tricky and might delay things a bit.

While discussing last night about this interesting point you raised, we
thought of an easy and obvious fix to that history pollution.

In fact, that's even already implemented in the way we often work: after a
release, people working on a topic branch often merge stable or testing
back in it. So there *will* be new commits on their branches.

Does that sound better to you?

bert.
___
Tails-dev mailing list
Tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev
To unsubscribe from this list, send an empty email to 
tails-dev-unsubscr...@boum.org.

Re: [Tails-dev] Automated builds specification

[bertagaz]

On Thu, Feb 26, 2015 at 05:21:23PM +0100, anonym wrote:
> On 11/01/15 20:07, Jurre van Bergen wrote:
> > https://tails.boum.org/blueprint/automated_builds_and_tests/autobuild_specs/
> 
> Sorry for joining in so late. All looks good, and I only have minor
> concerns.
> 
> > Developers should be able to trigger automatic builds for a branch
> > whose build was dropped (eg. last commit too old) by pushing a dumb
> > commit on a timestamp file in that branch.
> 
> Can't we make builds trigger via signed email too? Polluting the Git
> repo like that seems ugly to me.

It surely isn't the best for the git history or commit point of view, but
OTOH it express in git's semantic the fact that a branch is active for
more people than Jenkins and the sender of the email. So for example the
release manager can also easily get that info and add the branch on his
radar.

Signed email could be an optional feature, like nice to have, but maybe
not a blocker to deploy the automated builds. It will surely be a bit more
tricky and might delay things a bit.

> > How to build it
> > [...]
> > when building topic branch F, we need to build from branch F once
> > merged into branch B. However, this merge must only be done locally, >
> at least because Jenkins doesn't have push access to our Git repo.
> > [...]
> > This locally-merge-before-building process requires ticket #8654 to
> > be implemented [...]
> 
> The thing with #8654 is that it's gonna introduce a lot of merge
> conflicts. They will be simple for a human to resolve, so I'm not
> worried about that, but since jenkins will bail out if there's any
> conflict in the ocally-merge-before-building process, this will be annoying.
> 
> Here's an example of how the config/APT_suites may evolve for devel,
> feature/x and feature/y, which both have APT suite:
>
> [...]
> 
> In other words, for all branches based on B that modifies
> config/APT_suites, whenever one of them is merged, it will reduce merge
> conflicts for all other branches based on B. This will get problematic,
> so we probably will need a custom git merge conflict handler. It could
> probably be quite simple, since most of the time branches will just be
> added (not removed, renamed) so they can be automatically resolved by
> removing the merge conflict tags.

It seems that this kind of easy merges could be resolved by configuring
.gitattributes to use the union merge for config/APT_suites.

https://code.google.com/p/endgame-singularity/source/browse/.gitattributes

I'm not sure how it handles corner cases though, it might deserve some
tests to see how it fits. Otherwise intrigeri was mentionning another
possibility in Git.

Thanks for the meaningful feedbacks!

bert.
___
Tails-dev mailing list
Tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev
To unsubscribe from this list, send an empty email to 
tails-dev-unsubscr...@boum.org.

Re: [Tails-dev] Automated builds specification

[anonym]

On 11/01/15 20:07, Jurre van Bergen wrote:
> https://tails.boum.org/blueprint/automated_builds_and_tests/autobuild_specs/

Sorry for joining in so late. All looks good, and I only have minor
concerns.

> Developers should be able to trigger automatic builds for a branch
> whose build was dropped (eg. last commit too old) by pushing a dumb
> commit on a timestamp file in that branch.

Can't we make builds trigger via signed email too? Polluting the Git
repo like that seems ugly to me.

> How to build it
> [...]
> when building topic branch F, we need to build from branch F once
> merged into branch B. However, this merge must only be done locally, >
at least because Jenkins doesn't have push access to our Git repo.
> [...]
> This locally-merge-before-building process requires ticket #8654 to
> be implemented [...]

The thing with #8654 is that it's gonna introduce a lot of merge
conflicts. They will be simple for a human to resolve, so I'm not
worried about that, but since jenkins will bail out if there's any
conflict in the ocally-merge-before-building process, this will be annoying.

Here's an example of how the config/APT_suites may evolve for devel,
feature/x and feature/y, which both have APT suite:

devel:
--
devel

feature/x:
--
devel
feature-x

feature/y:
--
devel
feature-x

In this state, the locally-merge-before-building process will work fine
for all branches. However, let's say feature/x is merged (for real, not
locally!) into devel:

devel:
--
devel
feature-x

When jenkins want to build feature/y, it will locally merge feature/y
into devel, and then we'll have a merge conflict in config/APT_suites:

devel
 devel
feature-x

feature-y
 feature/y

The resolution is simple:

devel
feature-x
feature-y

In other words, for all branches based on B that modifies
config/APT_suites, whenever one of them is merged, it will reduce merge
conflicts for all other branches based on B. This will get problematic,
so we probably will need a custom git merge conflict handler. It could
probably be quite simple, since most of the time branches will just be
added (not removed, renamed) so they can be automatically resolved by
removing the merge conflict tags.

Cheers!

___
Tails-dev mailing list
Tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev
To unsubscribe from this list, send an empty email to 
tails-dev-unsubscr...@boum.org.

Re: [Tails-dev] Automated builds specification

[intrigeri]

bertagaz wrote (24 Feb 2015 16:04:14 GMT) :
> Yesterday, 40 ISOs were build on Jenkins...

I bet that the majority of those were triggered mistakenly, due to
https://labs.riseup.net/code/issues/8692. I recommend working on this
during the 1.3.1 cycle if possible, so that we have more useful data
to reason about.

___
Tails-dev mailing list
Tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev
To unsubscribe from this list, send an empty email to 
tails-dev-unsubscr...@boum.org.

Re: [Tails-dev] Automated builds specification

[intrigeri]

bertagaz wrote (24 Feb 2015 14:19:02 GMT) :
> On Sat, Feb 21, 2015 at 05:26:09PM +0100, intrigeri wrote:
>> bertagaz: I think it can now be clarified accordingly on the blueprint :)

> Done.

Thanks. I've clarified on the blueprint the fact that we're talking
about a *local* merge, since that's precisely where the
misunderstanding I had to clarify apparently was.
___
Tails-dev mailing list
Tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev
To unsubscribe from this list, send an empty email to 
tails-dev-unsubscr...@boum.org.

Re: [Tails-dev] Automated builds specification

[intrigeri]

Hi,

bertagaz wrote (24 Feb 2015 14:12:14 GMT) :
> On Fri, Feb 20, 2015 at 11:56:02AM +0100, intrigeri wrote:
>> It currently reads:
>> 
>>   For base branches:
>> 
>>   * When failing after a git push, notify the last commit author.
>>   * When failing after the daily trigger, notify the RM.
>> 
>> I say let's just always the RM to start with.

> I'm not sure about that still: if we proceed this way, we're not
> implementing the reviewer scenario, because the RM will be notified when a
> branch is merged and breaks the build, and not the one who did this merge.

It seems there's a serious misunderstanding here.

The way I understand the reviewer scenario has no specific provision
regarding whatever should happen *after* branch F was *really* merged
into branch B by the reviewer.

Reviewing happens *before* merging, and part of the review work is
ensuring that the resulting branch B (after branch F is merged into
it) will still build fine. Of course reviewers must not do this part
of their job *after* merging and pushing to the official repo, so this
is only meaningful if done *before*.

IMO the reviewer scenario we have is meant to address this specific
problem, to make the reviewers' work easier (hence the "I might want
to download the resulting ISO" part for example, which only makes
sense before merging for real), thanks to Jenkins and to your work.
The way I understand it (and the way I think it should be), in:

As a reviewer
When I'm asked to review branch F into branch B
Then I need to know if branch F builds fine
  once merged into branch B (fresh results!)
And I should be notified of the results
And if the build succeeded
  I might want to download the resulting ISO
  I might want to get the pkg list
  I want the Redmine ticket to be notified (optional)
Otherwise if it fails the developer who proposed the merge should be 
notified
  And the developer *needs* to see the build logs
  And the ticket should be reassigned to the branch submitter
  And QA check should be set to "Dev needed"

... "once merged into branch B" is a local merge, done in Jenkins
only, and *not* pushed to the official repo.

Otherwise the remaining steps don't make any sense to me: if the build
fails, we don't want to say "oh too bad, we have merged branch F
already, so our build is broken, but let's mark the ticket as dev
needed and reassign to the developer". Instead, we want to simply
*not* merge this branch yet, and then mark the ticket as dev needed
and reassign to the developer.

And, if the reviewer mistakenly merges something that breaks the
build, then of course I would consider it's their responsibility for
fixing it, ideally... but we can't count on reviewers to be around,
notice the failure and fix it in a timely manner: as you know,
reviewers come and go, and sometimes disappear for a week or more.
The only person we have on formal duty for such things, who's taking
care of the state of our base branches on which the next release(s)
will be based, is the RM. So IMO the only reliable solution is to
notify the RM whenever this situation happens (which should be pretty
rare anyway :)

Thoughts?

Cheers,
-- 
intrigeri
___
Tails-dev mailing list
Tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev
To unsubscribe from this list, send an empty email to 
tails-dev-unsubscr...@boum.org.

Re: [Tails-dev] Automated builds specification

[bertagaz]

On Wed, Feb 18, 2015 at 09:51:48AM +, sajolida wrote:
> > The Global build stats Jenkins plugin [1] seems interesting to display the
> > stats once more logs are kept. Shall I install it?
> 
> I would love to have stats about the number of branches and ISO built
> and tested each day to put in our reports to our funders.

Done, one that has access to our jenkins instance can go read some stats
there, and create new charts.

I've also updated the stat page in the blueprint section [1]

Yesterday, 40 ISOs were build on Jenkins...

bert.

[1] https://tails.boum.org/blueprint/automated_builds_and_tests/autobuild_stats/
___
Tails-dev mailing list
Tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev
To unsubscribe from this list, send an empty email to 
tails-dev-unsubscr...@boum.org.

Re: [Tails-dev] Automated builds specification

[bertagaz]

On Sat, Feb 21, 2015 at 05:26:09PM +0100, intrigeri wrote:
> bertagaz: I think it can now be clarified accordingly on the blueprint :)

Done.

bert.
___
Tails-dev mailing list
Tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev
To unsubscribe from this list, send an empty email to 
tails-dev-unsubscr...@boum.org.

Re: [Tails-dev] Automated builds specification

[bertagaz]

Hi,

On Fri, Feb 20, 2015 at 11:56:02AM +0100, intrigeri wrote:
> bertagaz wrote (19 Feb 2015 18:15:35 GMT) :
> > On Tue, Feb 17, 2015 at 10:32:59PM +0100, intrigeri wrote:
> 
> > I like this idea, simple and effective. :)
> 
> > So for the base branches, the RM would be the contact point for daily and
> > on push build failure notifications. And for topic branches, that would be
> > the last commiter.
> 
> Agreed. It seems that the blueprint doesn't reflect that, though.

Yeah, I think I was confused because we had different conlusions about
this in the two different sub-threads of this discussion that talked about
it.

> It currently reads:
> 
>   For base branches:
> 
>   * When failing after a git push, notify the last commit author.
>   * When failing after the daily trigger, notify the RM.
> 
> I say let's just always the RM to start with.

I'm not sure about that still: if we proceed this way, we're not
implementing the reviewer scenario, because the RM will be notified when a
branch is merged and breaks the build, and not the one who did this merge.

So, shall we ignore this, and assume that having the reviewer building
locally on her hardware is enough, meaning the RM is the contact point for
all build failures on the base branches?

bert.


___
Tails-dev mailing list
Tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev
To unsubscribe from this list, send an empty email to 
tails-dev-unsubscr...@boum.org.

Re: [Tails-dev] Automated builds specification

[intrigeri]

Alan wrote (21 Feb 2015 13:36:41 GMT) :
>> Most of us (including me) do the same as Alan, but IMO that's almost
>> irrelevant to the topic at hand. This same scenario reads:
>> 
>>And I need to know if my branch build is broken by something else
>>   possibly weeks after my last commit (by e.g Debian changes,
>>   changes in branch B, ...)
>>   ^^^
>> 
>> ... and we cannot possibly get this without locally merging the topic
>> branch F into B before building.
>> 
>> The important point here may be the *locally* word. This merge would
>> only be done in Jenkins own temporary Git checkout, and wouldn't
>> affect how we're handling our branches' Git history.
>> 
>> > But I agree this is not the best way to go, so if Alan doesn't come up with
>> > a block on this, I agree to add the clarification.
>> 
>> OK. But apparently, either I misunderstood why Alan had trouble with
>> this idea, or Alan has misunderstood the idea, so IMO it would be good
>> to have his opinion now that I've clarified what I think we should do,
>> and why. Alan?
>> 
> I do not see any issue with this local merge by our autobuilder. Looks
> to me like the right thing to do.

Thanks for the clarification!

bertagaz: I think it can now be clarified accordingly on the blueprint :)

Cheers,
-- 
intrigeri
___
Tails-dev mailing list
Tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev
To unsubscribe from this list, send an empty email to 
tails-dev-unsubscr...@boum.org.

Re: [Tails-dev] Automated builds specification

[Alan]

Hi,

intrigeri  wrote:
> bertagaz wrote (16 Feb 2015 14:32:57 GMT) :
> > On Wed, Feb 11, 2015 at 11:49:02PM +0100, intrigeri wrote:
> >> I have a few concerns, though:
> >> 
> >>   * "Scenario 2 : developer" doesn't make it clear if branch T is
> >> build *after being locally merged into branch B*, or not.
> >> Given that's what we're really interested in, and given
> >> "Scenario 1 : reviewer" is clearer (answer is: yes), I guess the
> >> answer is yes here too, but this should be clarified.
> 
> > IIRC that was something Alan had troubles with, as not being the way she
> > usually work on a feature branch, which I think was more close to "Work
> > work work on the branch, and then when the feature is ready, merge the base
> > branch in it." So she usually do not merge the base branch very often.
> 
> Most of us (including me) do the same as Alan, but IMO that's almost
> irrelevant to the topic at hand. This same scenario reads:
> 
>And I need to know if my branch build is broken by something else
>   possibly weeks after my last commit (by e.g Debian changes,
>   changes in branch B, ...)
>   ^^^
> 
> ... and we cannot possibly get this without locally merging the topic
> branch F into B before building.
> 
> The important point here may be the *locally* word. This merge would
> only be done in Jenkins own temporary Git checkout, and wouldn't
> affect how we're handling our branches' Git history.
> 
> > But I agree this is not the best way to go, so if Alan doesn't come up with
> > a block on this, I agree to add the clarification.
> 
> OK. But apparently, either I misunderstood why Alan had trouble with
> this idea, or Alan has misunderstood the idea, so IMO it would be good
> to have his opinion now that I've clarified what I think we should do,
> and why. Alan?
> 
I do not see any issue with this local merge by our autobuilder. Looks
to me like the right thing to do.

Cheers
___
Tails-dev mailing list
Tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev
To unsubscribe from this list, send an empty email to 
tails-dev-unsubscr...@boum.org.

Re: [Tails-dev] Automated builds specification

[intrigeri]

bertagaz wrote (19 Feb 2015 22:52:20 GMT) :
>> If you prefer, in the future I can dump such research results into the
>> blueprint instead of here. Just tell me where it should go.

> The blueprint/automated_builds_and_tests/jenkins page seems perfect for
> that.

Right => done.
___
Tails-dev mailing list
Tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev
To unsubscribe from this list, send an empty email to 
tails-dev-unsubscr...@boum.org.

Re: [Tails-dev] Automated builds specification

[intrigeri]

Hi,

bertagaz wrote (19 Feb 2015 18:15:35 GMT) :
> On Tue, Feb 17, 2015 at 10:32:59PM +0100, intrigeri wrote:
>> Now, I wonder if we could solve this quite simply by having the RM be
>> notified for *base* branch build failure only. The RM doesn't care
>> about topic branches that haven't been submitted for merging
>> yet, right?

> I like this idea, simple and effective. :)

> So for the base branches, the RM would be the contact point for daily and
> on push build failure notifications. And for topic branches, that would be
> the last commiter.

Agreed. It seems that the blueprint doesn't reflect that, though.
It currently reads:

  For base branches:

  * When failing after a git push, notify the last commit author.
  * When failing after the daily trigger, notify the RM.

I say let's just always the RM to start with.

Cheers,
-- 
intrigeri
___
Tails-dev mailing list
Tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev
To unsubscribe from this list, send an empty email to 
tails-dev-unsubscr...@boum.org.

Re: [Tails-dev] Automated builds specification

[intrigeri]

Hi,

bertagaz wrote (19 Feb 2015 21:39:25 GMT) :
> On Mon, Feb 16, 2015 at 04:39:22PM +0100, intrigeri wrote:
>> bertagaz wrote (16 Feb 2015 12:03:12 GMT) :
>> > Ack, sounds reasonable. However from what I've seen, it sometimes means a
>> > lot of branches so I wonder if we scaled our infra enough for that, as we
>> > didn't include this branches in our maths since the beginning of the
>> > discussion.
>> 
>> This seems like a serious bug in this discussion process. May you
>> please then provide example numbers that match what the proposed
>> algorithm would output, so that we can reason about it?

> I've added to the statistic page the doc branches that have been merged.
> Part of them were not in the output of the script because they often get
> merged in master. It seems to add 4 to 6 branches per release, but their
> development and integration flaw is a bit different.

I've modified my count-merges script locally to take into account
merges into master too, but it didn't catch any more merges.
No surprise, given e.g.:

  git log 1.1..1.3-rc1 --merges --pretty=oneline | grep master | grep doc

... returns no such merge. Possibly the doc branches are merged
without --no-ff into master? sajolida, any idea?

> So in the end, I'm not sure they'll add a lot more load, but we have to
> count them in our maths.

Yep. Too bad we can't really do that with good stats.

Cheers,
-- 
intrigeri
___
Tails-dev mailing list
Tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev
To unsubscribe from this list, send an empty email to 
tails-dev-unsubscr...@boum.org.

Re: [Tails-dev] Automated builds specification

[bertagaz]

On Tue, Feb 17, 2015 at 09:47:51PM +0100, intrigeri wrote:
> bertagaz wrote (16 Feb 2015 14:37:56 GMT) :
> > On Thu, Feb 12, 2015 at 12:22:45AM +0100, intrigeri wrote:
> >> Here's one more: the proposed notification mechanism makes sense to me
> >> for topic branches. But for "base" branches, it's more complicated:
> 
> >> Thoughts?
> 
> > Agree with that as stated in my previous email.
> 
> OK, good. Then I'll let you capture in the specification that problem,
> and our currently preferred solution.

Done.

> What follows is only interesting for Jenkins folks. I guess almost
> everyone but DrWhax and bertagaz can stop here.
> 
> > I think it is doable to differenciate them, by splitting the daily
> > and on git push job definiton maybe.
> 
> => I think this trick would make the overall thing hard to understand
> and draw conclusions from, for anyone not deeply involved in our
> Jenkins stuff.

That's my opinion too.

> > Having a look at plugins might help, as well as how other projects
> > do that (as you stated elsewhere).
> 
> Yep. At least the obvious candidate (Email-ext plugin) doesn't seem
> able to email different recipients depending on what triggered the
> build out-of-the-box. But apparently, one can set up two 'Script -
> After Build' email triggers in the Email-ext configuration: one emails
> the culprit, the other emails the RM. And then, they do something or
> not depending on a variable we set during the build, based on what
> triggered the build. Likely the cleaner and simpler solution.
> 
> Otherwise, we could have Jenkins email some pipe script that will
> forward to the right person depending on 1. whether it's a base
> branch; and 2. whether the build was triggered by a push or by
> something else. This should work if we can get the email notification
> to pass the needed info in it. E.g. the full console output currently
> has "Started by timer" or "Started by an SCM change", but this is not
> part of the email notification. Could work, but a bit hackish and all
> kinds of things can go wrong.
> 
> Also, I've seen lots of people documenting crazy similar things with
> some of these plugins: "Run Condition", "Conditional BuildStep",
> "Flexible Publish" and "Any Build step". But then it gets too
> complicated for me to dive into it right now.

Yes, feel also quite lost in all this big Jenkins ecosystem sometimes. But
it's certainly doable. I'll spend time digging into this too.

> If you prefer, in the future I can dump such research results into the
> blueprint instead of here. Just tell me where it should go.

The blueprint/automated_builds_and_tests/jenkins page seems perfect for
that.

bert.
___
Tails-dev mailing list
Tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev
To unsubscribe from this list, send an empty email to 
tails-dev-unsubscr...@boum.org.

Re: [Tails-dev] Automated builds specification

[bertagaz]

Hi,

On Mon, Feb 16, 2015 at 04:39:22PM +0100, intrigeri wrote:
> bertagaz wrote (16 Feb 2015 12:03:12 GMT) :
> > Ack, sounds reasonable. However from what I've seen, it sometimes means a
> > lot of branches so I wonder if we scaled our infra enough for that, as we
> > didn't include this branches in our maths since the beginning of the
> > discussion.
> 
> This seems like a serious bug in this discussion process. May you
> please then provide example numbers that match what the proposed
> algorithm would output, so that we can reason about it?

I've added to the statistic page the doc branches that have been merged.
Part of them were not in the output of the script because they often get
merged in master. It seems to add 4 to 6 branches per release, but their
development and integration flaw is a bit different.

So in the end, I'm not sure they'll add a lot more load, but we have to
count them in our maths.

bert.
___
Tails-dev mailing list
Tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev
To unsubscribe from this list, send an empty email to 
tails-dev-unsubscr...@boum.org.

Re: [Tails-dev] Automated builds specification

[bertagaz]

Hi,

On Tue, Feb 17, 2015 at 10:32:59PM +0100, intrigeri wrote:
> bertagaz wrote (16 Feb 2015 14:32:57 GMT) :
> > On Wed, Feb 11, 2015 at 11:49:02PM +0100, intrigeri wrote:
> 
> > That's a logical awesome idea I'm ashamed not to have had sooner.
> > Still, it seems that it comes too late, after some searching it appears
> > that our Jenkins don't keep much stats.
> 
> As discussed on IRC, we have about 10 days of logs on the filesystem
> currently, so you can still retrieve recent stats about it.
> The earlier, the better, as we're frozen and the more we wait, the
> less the numbers will be meaningful.

I've just pushed a new page in the blueprint section, that contains the
number of branches merged per release (as your script told us), and the
number of builds per day that happened since 2015-02-10.

https://tails.boum.org/blueprint/automated_builds_and_tests/autobuild_stats/

> > The Global build stats Jenkins plugin [1] seems interesting to display the
> > stats once more logs are kept. Shall I install it?
> 
> Let's give it a try, yes.

I'll do that soon then.

> >>   * "Scenario 3 : RM" says "I need to know when a branch FTBFS", but
> >> I see no notification mechanism planned, so... how is the RM
> >> supposed to know. Also, whenever stalled topic branches start
> >> failing, this can imply an avalanche of daily email to the RM, who
> >> will of course start ignoring all email from Jenkins and then
> >> we've lost. I'm particularly worried about this topic since anonym
> >> (our RM most of the time) didn't comment on this proposal yet, and
> >> has already expressed concerns about this kind of issues.
> 
> > I think anonym did comment on this proposal, he did a review of this
> > blueprint already.
> 
> OK. Let's keep in mind that he may not have thought of this potential
> problem yet.
> 
> Now, I wonder if we could solve this quite simply by having the RM be
> notified for *base* branch build failure only. The RM doesn't care
> about topic branches that haven't been submitted for merging
> yet, right?

I like this idea, simple and effective. :)

So for the base branches, the RM would be the contact point for daily and
on push build failure notifications. And for topic branches, that would be
the last commiter.

> > One thing that this question also raise is the fact that the RM is not
> > always the same person, so I'm wondering how to have jenkins notifying the
> > right email depending on who is the RM for the next release. First thing
> > that come in top of my mind is... a schleuder address. :)
> 
> Indeed, that's the kind of aliases the RMs can trivially update
> themselves, without asking the infra team to do anything.

Great, I'll add that to the specs and will open the corresponding tickets.

bert.
___
Tails-dev mailing list
Tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev
To unsubscribe from this list, send an empty email to 
tails-dev-unsubscr...@boum.org.

Re: [Tails-dev] Automated builds specification

[sajolida]

bertagaz:
>>   * I see no statistics about how many ISOs we are *currently*
>> building each day. So it's not clear to me if our current setup
>> can support building N more branches, once a day each. It would be
>> useful to have this number (e.g. raw number per day during the 1.3
>> release cycle, and daily average). Of course we can fix that later
>> (either by throwing more hardware at it, or by tweaking the branch
>> selection algorithm a bit, or by decreasing the build frequency
>> a bit for some branches based on some criteria), but if we can
>> know *right now* that the designed plan cannot possibly work, then
>> I would find it a bit sad to invest time into it.
> 
> That's a logical awesome idea I'm ashamed not to have had sooner.
> Still, it seems that it comes too late, after some searching it appears
> that our Jenkins don't keep much stats. I'll extend the jjb setting that
> remove build logs after 1 day.
> 
> The Global build stats Jenkins plugin [1] seems interesting to display the
> stats once more logs are kept. Shall I install it?

I would love to have stats about the number of branches and ISO built
and tested each day to put in our reports to our funders.

___
Tails-dev mailing list
Tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev
To unsubscribe from this list, send an empty email to 
tails-dev-unsubscr...@boum.org.

Re: [Tails-dev] Automated builds specification

[intrigeri]

Hi,

bertagaz wrote (16 Feb 2015 14:32:57 GMT) :
> On Wed, Feb 11, 2015 at 11:49:02PM +0100, intrigeri wrote:
>> I have a few concerns, though:
>> 
>>   * "Scenario 2 : developer" doesn't make it clear if branch T is
>> build *after being locally merged into branch B*, or not.
>> Given that's what we're really interested in, and given
>> "Scenario 1 : reviewer" is clearer (answer is: yes), I guess the
>> answer is yes here too, but this should be clarified.

> IIRC that was something Alan had troubles with, as not being the way she
> usually work on a feature branch, which I think was more close to "Work
> work work on the branch, and then when the feature is ready, merge the base
> branch in it." So she usually do not merge the base branch very often.

Most of us (including me) do the same as Alan, but IMO that's almost
irrelevant to the topic at hand. This same scenario reads:

   And I need to know if my branch build is broken by something else
  possibly weeks after my last commit (by e.g Debian changes,
  changes in branch B, ...)
  ^^^

... and we cannot possibly get this without locally merging the topic
branch F into B before building.

The important point here may be the *locally* word. This merge would
only be done in Jenkins own temporary Git checkout, and wouldn't
affect how we're handling our branches' Git history.

> But I agree this is not the best way to go, so if Alan doesn't come up with
> a block on this, I agree to add the clarification.

OK. But apparently, either I misunderstood why Alan had trouble with
this idea, or Alan has misunderstood the idea, so IMO it would be good
to have his opinion now that I've clarified what I think we should do,
and why. Alan?

>>   * I see no statistics about how many ISOs we are *currently*
>> building each day. So it's not clear to me if our current setup
>> can support building N more branches, once a day each. It would be
>> useful to have this number (e.g. raw number per day during the 1.3
>> release cycle, and daily average). Of course we can fix that later
>> (either by throwing more hardware at it, or by tweaking the branch
>> selection algorithm a bit, or by decreasing the build frequency
>> a bit for some branches based on some criteria), but if we can
>> know *right now* that the designed plan cannot possibly work, then
>> I would find it a bit sad to invest time into it.

> That's a logical awesome idea I'm ashamed not to have had sooner.
> Still, it seems that it comes too late, after some searching it appears
> that our Jenkins don't keep much stats.

As discussed on IRC, we have about 10 days of logs on the filesystem
currently, so you can still retrieve recent stats about it.
The earlier, the better, as we're frozen and the more we wait, the
less the numbers will be meaningful.

> The Global build stats Jenkins plugin [1] seems interesting to display the
> stats once more logs are kept. Shall I install it?

Let's give it a try, yes.

>>   * "Scenario 3 : RM" says "I need to know when a branch FTBFS", but
>> I see no notification mechanism planned, so... how is the RM
>> supposed to know. Also, whenever stalled topic branches start
>> failing, this can imply an avalanche of daily email to the RM, who
>> will of course start ignoring all email from Jenkins and then
>> we've lost. I'm particularly worried about this topic since anonym
>> (our RM most of the time) didn't comment on this proposal yet, and
>> has already expressed concerns about this kind of issues.

> I think anonym did comment on this proposal, he did a review of this
> blueprint already.

OK. Let's keep in mind that he may not have thought of this potential
problem yet.

Now, I wonder if we could solve this quite simply by having the RM be
notified for *base* branch build failure only. The RM doesn't care
about topic branches that haven't been submitted for merging
yet, right?

(So I'm skipping the rest of the discussion, that may actually
be moot.)

> One thing that this question also raise is the fact that the RM is not
> always the same person, so I'm wondering how to have jenkins notifying the
> right email depending on who is the RM for the next release. First thing
> that come in top of my mind is... a schleuder address. :)

Indeed, that's the kind of aliases the RMs can trivially update
themselves, without asking the infra team to do anything.

Cheers,
-- 
intrigeri
___
Tails-dev mailing list
Tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev
To unsubscribe from this list, send an empty email to 
tails-dev-unsubscr...@boum.org.

Re: [Tails-dev] Automated builds specification

[intrigeri]

Hi,

bertagaz wrote (16 Feb 2015 14:37:56 GMT) :
> On Thu, Feb 12, 2015 at 12:22:45AM +0100, intrigeri wrote:
>> Here's one more: the proposed notification mechanism makes sense to me
>> for topic branches. But for "base" branches, it's more complicated:
>> 
>> * when building after a Git push, [...]
>> 
>> * when building daily, on failure I don't see how it can be useful to
>>   notify the last person who merged something to into a base branch;
>>   so, who is responsible to keep these branches in a buildable
>>   state? [...]

>> Thoughts?

> Agree with that as stated in my previous email.

OK, good. Then I'll let you capture in the specification that problem,
and our currently preferred solution.

What follows is only interesting for Jenkins folks. I guess almost
everyone but DrWhax and bertagaz can stop here.

> I think it is doable to differenciate them, by splitting the daily
> and on git push job definiton maybe.

Looks a bit ugly a solution, and it would make the Jenkins config,
interface and reporting perhaps a bit too complicated. And we would
have two separate sources of information to answer the "does branch B
currently build fine?" question, which feels conceptually wrong.

E.g. consider the following scenario:

  1. Someone pushes something that breaks the build
  2. The post-push job is triggered, fails, and the person who pushed
 gets notified; so far, so good, except the daily job still
 pretends everything is fine
  3. The person who pushed doesn't fix their stuff before the next
 daily build
  4. The next daily build fails, and then the RM is notified; in the
 case of a base branch, this may be good to have the RM as
 a fallback here. But then, we have two jobs in fail state in
 Jenkins. Weird.
  5. The RM fixes the build and pushes.
  6. The post-push job is triggered, passes, and then the RM (who just
 pushed) is notified that the build is back to normal, *but* the
 person who pushed initially isn't notified that the problem has
 been fixed (so might do duplicate work), and the daily job is
 still in failing state until it is run again.

=> I think this trick would make the overall thing hard to understand
and draw conclusions from, for anyone not deeply involved in our
Jenkins stuff.

> Having a look at plugins might help, as well as how other projects
> do that (as you stated elsewhere).

Yep. At least the obvious candidate (Email-ext plugin) doesn't seem
able to email different recipients depending on what triggered the
build out-of-the-box. But apparently, one can set up two 'Script -
After Build' email triggers in the Email-ext configuration: one emails
the culprit, the other emails the RM. And then, they do something or
not depending on a variable we set during the build, based on what
triggered the build. Likely the cleaner and simpler solution.

Otherwise, we could have Jenkins email some pipe script that will
forward to the right person depending on 1. whether it's a base
branch; and 2. whether the build was triggered by a push or by
something else. This should work if we can get the email notification
to pass the needed info in it. E.g. the full console output currently
has "Started by timer" or "Started by an SCM change", but this is not
part of the email notification. Could work, but a bit hackish and all
kinds of things can go wrong.

Also, I've seen lots of people documenting crazy similar things with
some of these plugins: "Run Condition", "Conditional BuildStep",
"Flexible Publish" and "Any Build step". But then it gets too
complicated for me to dive into it right now.

If you prefer, in the future I can dump such research results into the
blueprint instead of here. Just tell me where it should go.

Cheers,
-- 
intrigeri
___
Tails-dev mailing list
Tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev
To unsubscribe from this list, send an empty email to 
tails-dev-unsubscr...@boum.org.

Re: [Tails-dev] Automated builds specification

[intrigeri]

bertagaz wrote (16 Feb 2015 12:03:12 GMT) :
> Ack, sounds reasonable. However from what I've seen, it sometimes means a
> lot of branches so I wonder if we scaled our infra enough for that, as we
> didn't include this branches in our maths since the beginning of the
> discussion.

This seems like a serious bug in this discussion process. May you
please then provide example numbers that match what the proposed
algorithm would output, so that we can reason about it?
___
Tails-dev mailing list
Tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev
To unsubscribe from this list, send an empty email to 
tails-dev-unsubscr...@boum.org.

Re: [Tails-dev] Automated builds specification

[bertagaz]

On Wed, Feb 11, 2015 at 11:29:45PM +0100, intrigeri wrote:
> Hi,
> 
> bertagaz wrote (18 Jan 2015 16:39:28 GMT) :
> > 0. Do we think we might also need or want a mechanism to blacklist a branch,
> > or we should just assume that our algos will only select the right ones
> > and not hit any corner cases?
> 
> I think this is a good question, that deserves more thought.
> 
> Unfortunately I've not found any discussion about it on the blueprint
> nor on the list, not even an example use case for such a blacklist, so
> right now — sorry to be harsh — it looks like a technical idea that's
> looking for a problem it might help solving.

It's just that, something that did pop up in my head while writing the
blueprint, but I didn't find much corresponding branches while watching
the unmerged ones during the 1.3 release cycle.

> So, what would be the use cases? I can think of a few potential ones:
> 
> 1. A branch that satisfies the criteria for automatic builds, but
>starts failing continuously, e.g. because its developer is on
>vacation for 2 weeks.
> 
>=> as far as I understood, only that branch's developer is nagged
>by failure notifications, so... who cares if it fails to build for
>2 weeks?
> 
> 2. Branches that modify only the doc or website
> 
>=> indeed, at first glance it seems a bit sad to spend CPU cycles
>on building and potentially testing such branches. OTOH, these
>branches, like any other, must not break the build, otherwise
>they're not fit for merging, so it makes sense to build an ISO
>(yes, an ISO, not only the website: we have quite a few things in
>the ISO build process that somewhat depend on the website, run `git
>grep usr/share/doc/tails/website -- config' if unconvinced).
>And they must not break functionality either, so IMO it makes sense
>to run the automated test suite on it too (again, we have quite
>a few runtime functionality that depends on the bundled static
>website).

Ack, sounds reasonable. However from what I've seen, it sometimes means a
lot of branches so I wonder if we scaled our infra enough for that, as we
didn't include this branches in our maths since the beginning of the
discussion.

> bertagaz, any other use case you were thinking of?

Not really at the moment.

bert.
___
Tails-dev mailing list
Tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev
To unsubscribe from this list, send an empty email to 
tails-dev-unsubscr...@boum.org.

Re: [Tails-dev] Automated builds specification

[bertagaz]

On Thu, Feb 12, 2015 at 12:22:45AM +0100, intrigeri wrote:
> Here's one more: the proposed notification mechanism makes sense to me
> for topic branches. But for "base" branches, it's more complicated:
> 
> * when building after a Git push, it does make sense to notify the
>   committer on failure -- that is, in theory, the person who merged
>   something into the branch, and apparently forgot to make sure it
>   builds before pushing
> 
> * when building daily, on failure I don't see how it can be useful to
>   notify the last person who merged something to into a base branch;
>   so, who is responsible to keep these branches in a buildable state?
>   In practice, quite often, by default it's me -- and I never
>   volunteered to do that. I'd rather see this formally put on the
>   release manager's plate, since these branches are only useful to
>   prepare the next release. So, IMO the RM should be notified in
>   this case.
> 
> Now, if it's too complicated, implementation-wise, to differenciate
> these two situations, and we have to choose between committer, RM, and
> tails-dev@, then I'd be in favour of notifying either the RM or
> tails-dev@, who are more likely to be/feel responsible for the failure
> than the last committer.
> 
> Thoughts?

Agree with that as stated in my previous email. I think it is doable to
differenciate them, by splitting the daily and on git push job definiton
maybe. Having a look at plugins might help, as well as how other projects
do that (as you stated elsewhere).

For consistency with our roles, I think it make more sense to have the RM
notified, but don't block on the tails-dev choice.

bert.
___
Tails-dev mailing list
Tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev
To unsubscribe from this list, send an empty email to 
tails-dev-unsubscr...@boum.org.

Re: [Tails-dev] Automated builds specification

[bertagaz]

Hi,

Thx for the extensive review!

On Wed, Feb 11, 2015 at 11:49:02PM +0100, intrigeri wrote:
> > We're already drafted some scenario's on:
> > https://tails.boum.org/blueprint/automated_builds_and_tests/autobuild_specs/
> 
> I have a few concerns, though:
> 
>   * "Scenario 2 : developer" doesn't make it clear if branch T is
> build *after being locally merged into branch B*, or not.
> Given that's what we're really interested in, and given
> "Scenario 1 : reviewer" is clearer (answer is: yes), I guess the
> answer is yes here too, but this should be clarified.

IIRC that was something Alan had troubles with, as not being the way she
usually work on a feature branch, which I think was more close to "Work
work work on the branch, and then when the feature is ready, merge the base
branch in it." So she usually do not merge the base branch very often.

But I agree this is not the best way to go, so if Alan doesn't come up with
a block on this, I agree to add the clarification.

>   * I see no statistics about how many ISOs we are *currently*
> building each day. So it's not clear to me if our current setup
> can support building N more branches, once a day each. It would be
> useful to have this number (e.g. raw number per day during the 1.3
> release cycle, and daily average). Of course we can fix that later
> (either by throwing more hardware at it, or by tweaking the branch
> selection algorithm a bit, or by decreasing the build frequency
> a bit for some branches based on some criteria), but if we can
> know *right now* that the designed plan cannot possibly work, then
> I would find it a bit sad to invest time into it.

That's a logical awesome idea I'm ashamed not to have had sooner.
Still, it seems that it comes too late, after some searching it appears
that our Jenkins don't keep much stats. I'll extend the jjb setting that
remove build logs after 1 day.

The Global build stats Jenkins plugin [1] seems interesting to display the
stats once more logs are kept. Shall I install it?

>   * "Scenario 3 : RM" says "I need to know when a branch FTBFS", but
> I see no notification mechanism planned, so... how is the RM
> supposed to know. Also, whenever stalled topic branches start
> failing, this can imply an avalanche of daily email to the RM, who
> will of course start ignoring all email from Jenkins and then
> we've lost. I'm particularly worried about this topic since anonym
> (our RM most of the time) didn't comment on this proposal yet, and
> has already expressed concerns about this kind of issues.

I think anonym did comment on this proposal, he did a review of this
blueprint already.

But I agree the RM notification part is not very clear.

We could make it so that the RM is emailed when a daily build job fails,
the "build failed on git push" one being sent to the commit author anyway,
according to our scenarios. Of course the commit author would also be
notified for the daily ones too.
If that's still too much from the RM point of view, we could have the RM
notified only the first time a daily job fails.

That seems to make sense to me: the RM gets a notification in the mailbox
once a day for failed jobs, and then he/she either fix it, or ask someone
to work on that. To have a developer claiming to Jenkins he/she is now
responsible of that branch (and thus is getting the next notifications),
he/she would just have to do a dumb commit on the branch.

One thing that this question also raise is the fact that the RM is not
always the same person, so I'm wondering how to have jenkins notifying the
right email depending on who is the RM for the next release. First thing
that come in top of my mind is... a schleuder address. :)

> I assume these concerns (except the 2nd one probably) are not blocking
> wrt. starting to implement stuff, so: Go!

Great!

> To end with, I find two things confusing in the rest of the document:
> 
>   * Scenario numbering is reset in the "Future ideas" section, so one
> cannot simply refer to "scenario 2" unambiguously, without making
> it clear if they're speaking of "scenario 2 in the Scenarios
> section", or of "scenario 2 in the Future ideas section";
> I suggest you avoid assigning duplicated scenario identifiers.

Fixed.

>   * The "tag T" notation (undefined) is somewhat conflicting with the
> "branch T" one that's defined earlier.

Fixed.

bert.

[1] https://wiki.jenkins-ci.org/display/JENKINS/Global+Build+Stats+Plugin
___
Tails-dev mailing list
Tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev
To unsubscribe from this list, send an empty email to 
tails-dev-unsubscr...@boum.org.

Re: [Tails-dev] Automated builds specification

[intrigeri]

intrigeri wrote (11 Feb 2015 22:49:02 GMT) :
> I have a few concerns, though:

Here's one more: the proposed notification mechanism makes sense to me
for topic branches. But for "base" branches, it's more complicated:

* when building after a Git push, it does make sense to notify the
  committer on failure -- that is, in theory, the person who merged
  something into the branch, and apparently forgot to make sure it
  builds before pushing

* when building daily, on failure I don't see how it can be useful to
  notify the last person who merged something to into a base branch;
  so, who is responsible to keep these branches in a buildable state?
  In practice, quite often, by default it's me -- and I never
  volunteered to do that. I'd rather see this formally put on the
  release manager's plate, since these branches are only useful to
  prepare the next release. So, IMO the RM should be notified in
  this case.

Now, if it's too complicated, implementation-wise, to differenciate
these two situations, and we have to choose between committer, RM, and
tails-dev@, then I'd be in favour of notifying either the RM or
tails-dev@, who are more likely to be/feel responsible for the failure
than the last committer.

Thoughts?
___
Tails-dev mailing list
Tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev
To unsubscribe from this list, send an empty email to 
tails-dev-unsubscr...@boum.org.

Re: [Tails-dev] Automated builds specification

[intrigeri]

Hi,

> We're already drafted some scenario's on:
> https://tails.boum.org/blueprint/automated_builds_and_tests/autobuild_specs/

I've finally looked at it. I've pushed minor typo/formatting fixes and
rephrasing, nothing important.

I'm very happy with basically everything in the "2. Scenarios"
section, which seems to be the most important one. Yay!

I have a few concerns, though:

  * "Scenario 2 : developer" doesn't make it clear if branch T is
build *after being locally merged into branch B*, or not.
Given that's what we're really interested in, and given
"Scenario 1 : reviewer" is clearer (answer is: yes), I guess the
answer is yes here too, but this should be clarified.

  * I see no statistics about how many ISOs we are *currently*
building each day. So it's not clear to me if our current setup
can support building N more branches, once a day each. It would be
useful to have this number (e.g. raw number per day during the 1.3
release cycle, and daily average). Of course we can fix that later
(either by throwing more hardware at it, or by tweaking the branch
selection algorithm a bit, or by decreasing the build frequency
a bit for some branches based on some criteria), but if we can
know *right now* that the designed plan cannot possibly work, then
I would find it a bit sad to invest time into it.

  * "Scenario 3 : RM" says "I need to know when a branch FTBFS", but
I see no notification mechanism planned, so... how is the RM
supposed to know. Also, whenever stalled topic branches start
failing, this can imply an avalanche of daily email to the RM, who
will of course start ignoring all email from Jenkins and then
we've lost. I'm particularly worried about this topic since anonym
(our RM most of the time) didn't comment on this proposal yet, and
has already expressed concerns about this kind of issues.

I assume these concerns (except the 2nd one probably) are not blocking
wrt. starting to implement stuff, so: Go!

To end with, I find two things confusing in the rest of the document:

  * Scenario numbering is reset in the "Future ideas" section, so one
cannot simply refer to "scenario 2" unambiguously, without making
it clear if they're speaking of "scenario 2 in the Scenarios
section", or of "scenario 2 in the Future ideas section";
I suggest you avoid assigning duplicated scenario identifiers.

  * The "tag T" notation (undefined) is somewhat conflicting with the
"branch T" one that's defined earlier.

Cheers,
-- 
intrigeri
___
Tails-dev mailing list
Tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev
To unsubscribe from this list, send an empty email to 
tails-dev-unsubscr...@boum.org.

Re: [Tails-dev] Automated builds specification

[intrigeri]

Hi,

bertagaz wrote (18 Jan 2015 16:39:28 GMT) :
> 0. Do we think we might also need or want a mechanism to blacklist a branch,
> or we should just assume that our algos will only select the right ones
> and not hit any corner cases?

I think this is a good question, that deserves more thought.

Unfortunately I've not found any discussion about it on the blueprint
nor on the list, not even an example use case for such a blacklist, so
right now — sorry to be harsh — it looks like a technical idea that's
looking for a problem it might help solving.

So, what would be the use cases? I can think of a few potential ones:

1. A branch that satisfies the criteria for automatic builds, but
   starts failing continuously, e.g. because its developer is on
   vacation for 2 weeks.

   => as far as I understood, only that branch's developer is nagged
   by failure notifications, so... who cares if it fails to build for
   2 weeks?

2. Branches that modify only the doc or website

   => indeed, at first glance it seems a bit sad to spend CPU cycles
   on building and potentially testing such branches. OTOH, these
   branches, like any other, must not break the build, otherwise
   they're not fit for merging, so it makes sense to build an ISO
   (yes, an ISO, not only the website: we have quite a few things in
   the ISO build process that somewhat depend on the website, run `git
   grep usr/share/doc/tails/website -- config' if unconvinced).
   And they must not break functionality either, so IMO it makes sense
   to run the automated test suite on it too (again, we have quite
   a few runtime functionality that depends on the bundled static
   website).

bertagaz, any other use case you were thinking of?

Cheers!
___
Tails-dev mailing list
Tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev
To unsubscribe from this list, send an empty email to 
tails-dev-unsubscr...@boum.org.

Re: [Tails-dev] Automated builds specification

[bertagaz]

Hi,

On Mon, Jan 26, 2015 at 01:33:25PM +0100, bertagaz wrote:
> 
> The blueprint has been updated with some proposalsi for each question. If
> you want to consider them, or propose another one, please have a look.

I've updated the blueprint again.

Revelant changes:

+Given a branch take around 45 minutes to be build on lizard (worth case),
+with two builders, lizard will be able to build something like 64 ISOs a
+day.

+As of 2015-02-02, there are 26 branches that would be automatically
+build as part of the next 1.3 release, following the for now defined
+criterias [complete list in the blueprint]

(this statistic has been collected with the script posted in
https://labs.riseup.net/code/issues/8657#note-7)

bert.
___
Tails-dev mailing list
Tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev
To unsubscribe from this list, send an empty email to 
tails-dev-unsubscr...@boum.org.

Re: [Tails-dev] Automated builds specification

[bertagaz]

Hi,

On Mon, Jan 19, 2015 at 08:14:55PM +0100, bertagaz wrote:
> 
> On Sun, Jan 18, 2015 at 08:07:46PM +, sajolida wrote:
> > bertagaz:
> > > 0. We might also want a mechanism for devs to pro-actively state they 
> > > want to
> > > keep their branches being build even if the last commit was older than the
> > > last release. IIRC
> > 
> > If I understand correctly, adding a dummy commit would bring back my
> > branch in the set of branches that are automatically built. So maybe we
> > don't need a dedicated mechanism handle those rare cases.
> 
> That's the idea, having a timestamp file that would be use for this dummy
> commit. But it comes for free, sure. :)

I had Alan having a look at the blueprint too, she fixed some issues in
the scenario and added one for the future.

The blueprint has been updated with some proposalsi for each question. If
you want to consider them, or propose another one, please have a look.

bert.
___
Tails-dev mailing list
Tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev
To unsubscribe from this list, send an empty email to 
tails-dev-unsubscr...@boum.org.

Re: [Tails-dev] Automated builds specification

[bertagaz]

Hi,

On Sun, Jan 18, 2015 at 08:07:46PM +, sajolida wrote:
> bertagaz:
> > 0. We might also want a mechanism for devs to pro-actively state they want 
> > to
> > keep their branches being build even if the last commit was older than the
> > last release. IIRC
> 
> If I understand correctly, adding a dummy commit would bring back my
> branch in the set of branches that are automatically built. So maybe we
> don't need a dedicated mechanism handle those rare cases.

That's the idea, having a timestamp file that would be use for this dummy
commit. But it comes for free, sure. :)

bert.
___
Tails-dev mailing list
Tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev
To unsubscribe from this list, send an empty email to 
tails-dev-unsubscr...@boum.org.

Re: [Tails-dev] Automated builds specification

[sajolida]

bertagaz:
> 0. We might also want a mechanism for devs to pro-actively state they want to
> keep their branches being build even if the last commit was older than the
> last release. IIRC

If I understand correctly, adding a dummy commit would bring back my
branch in the set of branches that are automatically built. So maybe we
don't need a dedicated mechanism handle those rare cases.

-- 
sajolida
___
Tails-dev mailing list
Tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev
To unsubscribe from this list, send an empty email to 
tails-dev-unsubscr...@boum.org.

Re: [Tails-dev] Automated builds specification

[bertagaz]

Hi,

Some thoughts and questions, raised in parts from past IRL discussions.
Consider it like a ping for this thread. :)

On Sun, Jan 11, 2015 at 08:07:13PM +0100, Jurre van Bergen wrote:
> Hi,
> 
> For the first iteration, which is automatically build of interesting
> branches, we need to specify:
> 
>  * Which branches we want to build?

We might want to use several algorithms / tricks to select the branches to
be build automatically.

One of this algo could be:

0. Build all {feature,bugfix} branch that are not merged in
stable, devel and testing, and had new commits since the last release.

I have a script that does this roughly and it says that currently, that
means 11 branches. [1]

That would make sense, but might require to have some stats about how much
it has meant for the past releases. I'm not sure how to do that though.

0. We might also want a mechanism for devs to pro-actively state they want to
keep their branches being build even if the last commit was older than the
last release. IIRC

0. Do we think we might also need or want a mechanism to blacklist a branch,
or we should just assume that our algos will only select the right ones
and not hit any corner cases?

Thoughts, answers, ideas?

bert.

[1] bugfix/8680-git-without-polipo
bugfix/8714-tor-is-ready-robustness
feature/6297-save-packages-list
feature/6992-whisperback-email-address
feature/7450-openpgp-applet-exit
feature/7779-revisit-touchpad-settings
feature/8681-test-suite-ramdisk
feature/8719-mount-output-in-bug-reports
feature/jessie
feature/linux-3.18
feature/torbrowser-alpha

___
Tails-dev mailing list
Tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev
To unsubscribe from this list, send an empty email to 
tails-dev-unsubscr...@boum.org.

[Tails-dev] Automated builds specification

[Jurre van Bergen]

Hi,

As some of you might know,  we'll spend quite some time this year seting
up automated builds and test using our Jenkins platform and make it
easier to extract information and data from it.

For the first iteration, which is automatically build of interesting
branches, we need to specify:

 * Which branches we want to build?
We already build the base branches (stables, testing, devel and
experimental + feature/jessie).
So the questions raised is mostly concern the feature/* and bugfix/*
branches (so topic branches)
The criterias to automatically select the branches to be build could be:
branches which are not merged to devel but has new commits since N weeks
time, 15 days or the previous release.

 * Which regularity if needed? (assuming it will be build when a push is
made on it)
 - Is a branch built everyday enough? Should it be built more often or
less often?
 * How should you be notified?
 - Direct e-mail?
 - IRC channel?

We're already drafted some scenario's on:
https://tails.boum.org/blueprint/automated_builds_and_tests/autobuild_specs/

Some of you might want to see other one's implemented , so please update
the blueprint accordingly.
Scenarios can range from release managers, developers, reviewers,
testers. Some of these suggestions might not make it this year but will
be looked at in the following year.

Need to keep in mind that the same question will be raised when we'll
design the automated tests.

All the best,
CI team

___
Tails-dev mailing list
Tails-dev@boum.org
https://mailman.boum.org/listinfo/tails-dev
To unsubscribe from this list, send an empty email to 
tails-dev-unsubscr...@boum.org.