Otto Kekäläinen <otto@debian.org> writes:

Hi!

Salsa CI is a great system for all aspiring Debian packagers to test
their packages before requesting review from mentors

However, as there are still packages not using Salsa CI, I wonder is
it straightforward enough for everyone?

I think the best solution would be to make it opt-in rather than
opt-out?

i think the barrier is likely to be "i didnt know you could do that?"
rather than "how do i use that?"

Salsa CI is and has always been opt-in.

oops - i meant the oppposite, ie make people have to opt out of having
it run, rather than have to enable it

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Salsa CI is a great system for all aspiring Debian packagers to test
their packages before requesting review from mentors

However, as there are still packages not using Salsa CI, I wonder is
it straightforward enough for everyone?

I think the best solution would be to make it opt-in rather than
opt-out?

i think the barrier is likely to be "i didnt know you could do that?"
rather than "how do i use that?"

Salsa CI is and has always been opt-in.

oops - i meant the oppposite, ie make people have to opt out of having
it run, rather than have to enable it

A human needs to verify that the pipeline passes when it is activated,
fix disable it or fix things if the CI isn't green. It does not make
sense to activate it unattended, as it would risk causing a lot of
failing pipelines and useless noise and a culture where people loose
respect for "pipeline greenness".

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Hi,

i think the barrier is likely to be "i didnt know you could do that?" >> >> rather than "how do i use that?"

Salsa CI is and has always been opt-in.

oops - i meant the oppposite, ie make people have to opt out of having
it run, rather than have to enable it

A human needs to verify that the pipeline passes when it is activated,
fix disable it or fix things if the CI isn't green. It does not make
sense to activate it unattended, as it would risk causing a lot of
failing pipelines and useless noise and a culture where people loose respect for "pipeline greenness".

I dont really understand this point -- is it based on some empirical evidence?

Yes, I don't have any hard evidence to back up a claim about culture
or "respect for greenness", but I hold this view strongly based on
experiences on working in software development both as an engineer and
manager in several very large projects and operations, and
unfortunately have witnessed more than once CI systems loosing their
usefulness and becoming time sinks after respect eroded and people got
used to failing pipelines. I also have the opposite experience from projects/businesses that did value pipeline greenness highly, and saw
how much less bugs they had and how much faster any new regressions
were fixed in an environment where greenness was respected.

my opinion is that
- other than the first "enabling", every pipeline runs unattended
- people are not going to gain any "respect" for "pipeline greenness" by hiding the pipeline
- commits that fail the pipeline are still bad if the pipeline didnt run, so why hide that information?
- if you want people to "respect the pipeline" you want more noise on such bad commits, not less?

CI is a feedback system. Having unattained runs that fail for a long
time is worse than having a situation where a person starts working on
a project, realizes there is no CI, and then activates it before doing
other changes, and potentially uses the feedback to fix some initial
issues or scope down the CI to exclude failures that are unreasonable
for them to fix. If you start off with a CI that has been failing for
a long time, you are kind of forced to do a lot of detective work
regarding the pipeline to check why it was failing yesterday, a month
ago and a year ago and then piece together what the sources of the
regressions were and how to fix it. It is mentally also much harder to
decrease the scope of what testing the CI did if somebody else enabled
it in full earlier, as you need quite a lot of evidence to have the
confidence to disable some jobs. If you are the person activating the
CI in the first place, you will be much faster in fixing it and have
better confidence in doing the right engineering decisions to make it
green.

Also, enabling Salsa CI is very easy: just put commit the template debian/salsa-ci.yml on a dev branch and push. If it works right away
you can then just merge that commit on debian/latest, and you are
done. The actual time consuming part if fixing the detected failures,
and that is not accelerated by enabling Salsa CI Debian-wide - in fact
the work of getting a CI green is more likely slowed down if the
person who enabled it and the person who is responsible for fixing it
are different people.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Otto Kekäläinen <otto@debian.org> writes:

i think the barrier is likely to be "i didnt know you could do that?"
rather than "how do i use that?"

Salsa CI is and has always been opt-in.

oops - i meant the oppposite, ie make people have to opt out of having
it run, rather than have to enable it

A human needs to verify that the pipeline passes when it is activated,
fix disable it or fix things if the CI isn't green. It does not make
sense to activate it unattended, as it would risk causing a lot of
failing pipelines and useless noise and a culture where people loose
respect for "pipeline greenness".

I dont really understand this point -- is it based on some empirical evidence?

my opinion is that
- other than the first "enabling", every pipeline runs unattended
- people are not going to gain any "respect" for "pipeline greenness" by hiding the pipeline
- commits that fail the pipeline are still bad if the pipeline didnt run, so why hide that information?
- if you want people to "respect the pipeline" you want more noise on such bad commits, not less?

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Richard Lewis
<richard.lewis.debian-gM/Ye1E23mwN+BqQ9rBEUg@public.gmane.org> writes:

Otto KekΣlΣinen <otto-8fiUuRrzOP0dnm+yROfE0A@public.gmane.org> writes:

Hi!

Salsa CI is a great system for all aspiring Debian packagers to test
their packages before requesting review from mentors

However, as there are still packages not using Salsa CI, I wonder is
it straightforward enough for everyone?

I think the best solution would be to make it opt-in rather than
opt-out?

i think the barrier is likely to be "i didnt know you could do that?"
rather than "how do i use that?"

Salsa CI is and has always been opt-in.

oops - i meant the oppposite, ie make people have to opt out of having
it run, rather than have to enable it

Is it possible to configure Salsa so instead of using the GitLab default
of .gitlab-ci.yml it uses debian/salsa-ci.yml if that file exists but
otherwise falls back to recipes/debian.yml@salsa-ci-team/pipeline? That
seems like a sensible global configuration for Salsa.

If we make the default value "debian/salsa-ci.yml" maintainers have to
create that file in their packages and some may not know about it.

Using "recipes/debian.yml@salsa-ci-team/pipeline" as the default value
make things just work, but for fine tuning the maintainer have to
manually override the configuration to use debian/salsa-ci.yml.

I note that having bare git repository with only debian/ in them (no
upstream source code) allows for using the default GitLab behaviour of a .gitlab-ci.yml.

/Simon



--=-=-Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iIoEARYIADIWIQSjzJyHC50xCrrUzy9RcisI/kdFogUCZ3BzOhQcc2ltb25Aam9z ZWZzc29uLm9yZwAKCRBRcisI/kdFoh+4AP9wZib5XpEhsTgdGnq4//z8K3YlzEPW wbZNfA83Uxf4sQD/X6zEbn9cS1goHRO+KiaDKJxGhHx1jPhfIfh0JeuW8ww=GI5y
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Hi!

Salsa CI is a great system for all aspiring Debian packagers to test
their packages before requesting review from mentors, and also for
experienced packagers to ensure there are no easily testable lapses
before uploading to Debian.

Anyone with a Salsa account can use it. Simply follow the README at https://salsa.debian.org/salsa-ci-team/pipeline to get started and to
find the optimal settings for your specific package.

However, as there are still packages not using Salsa CI, I wonder is
it straightforward enough for everyone?

I am in the process of doing a round of updates to the README. All
feedback on how to improve the documentation so it is easy to digest
in particular for newcomers is welcome as replies to this email or as
comments at https://salsa.debian.org/salsa-ci-team/pipeline/-/merge_requests/563.

- Otto

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Am 30. Dezember 2024 11:40:31 MEZ schrieb Thomas Goirand <zigo@debian.org>:

On 12/28/24 22:52, Simon Josefsson wrote:

Is it possible to configure Salsa so instead of using the GitLab default
of .gitlab-ci.yml it uses debian/salsa-ci.yml if that file exists but
otherwise falls back to recipes/debian.yml@salsa-ci-team/pipeline? That
seems like a sensible global configuration for Salsa.

As much as I know, that's not possible currently (I browsed Salsa's setting as admin and didn't find such an option). If you're willing to write a patch and upstream it though ... :)

Cheers,

Thomas Goirand (zigo)

It is possible to set a default configuration file (and I've been using this on my poke own gitlab-ce instance for several years now).
I don't know whether this also works for shared recipes.
I'm pretty sure, there's no way to specify both a preferred ci-config *and* a fallback.


However, in any case changing the config only affects *new* projects (created after configuring that setting).



mfh.her.fsr
IOhannes

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Sunday, December 29, 2024 12:39:59 PM MST Richard Lewis wrote:

Otto Kekäläinen <otto@debian.org> writes:

i think the barrier is likely to be "i didnt know you could do that?" >> >> rather than "how do i use that?"

Salsa CI is and has always been opt-in.

oops - i meant the oppposite, ie make people have to opt out of having
it run, rather than have to enable it

A human needs to verify that the pipeline passes when it is activated,
fix disable it or fix things if the CI isn't green. It does not make
sense to activate it unattended, as it would risk causing a lot of
failing pipelines and useless noise and a culture where people loose respect for "pipeline greenness".

I dont really understand this point -- is it based on some empirical

evidence?

my opinion is that
- other than the first "enabling", every pipeline runs unattended
- people are not going to gain any "respect" for "pipeline greenness" by hiding the pipeline - commits that fail the pipeline are still bad if the pipeline didnt run, so why hide that information? - if you want people to "respect the pipeline" you want more noise on such bad commits, not less?

My concern about auto-enabling it is that there are a number of projects for which the current default timeouts will always fail.

I recently packaged pyinstaller.

https://salsa.debian.org/python-team/packages/pyinstaller

The default Salsa CI runners have a 3 hour timeout and the default salsa- ci.yml has a 2.75 hour timeout. For pyinstaller, these are insufficient. I ended up registering my own runner and editing the salsa-ci.yml to increase the timeouts. Note that my runner hardware is much quicker than the default Salsa CI runners, but even with that I needed to increase the timeouts.

I don’t know how many packages would have this problem, but at the minimum the
ones I am familiar with would include:

qtwebengine-opensource-src
qt6-webengine
chromium

I would recommend that if we want to enable Salsa CI by default we need to increase the timeouts to be able to handle large packages.

--
Soren Stoutner
soren@debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEJKVN2yNUZnlcqOI+wufLJ66wtgMFAmdy53gACgkQwufLJ66w tgMS9w/+PCrOvbBuM9Mut3WNsJj7exAYAJ4Ajls6vYb8MBOvMyzKyDD7pGlVbOy8 mCXAvMvWV4oZE7WIq5aJHuKLzT1HFm8dL6mUarbuAyQBRTDWiWUzzMpDkwS+r2l0 uw9qTwgCJxce507RViBNoJ/Dp5/W/fSYT95j8HqFUpDwqHpbKIRT0D8QJiCF/twS TE5c1A69RRnCVgiCtrPo7vUXo27SHxgPxrGS5gzgNrot3CWDr+ZpddXHrIFVkay0 kReqzfgAmFyfVV2HefU4bFYztRjCGZ6ntjO4vO2m5xAmV3OrhteWgaHvkKuxkd2V ySaMhp0TmVvpdBI7P+lSdDkLUjoIGPl7VaMdiV+nq+hmMi818a17pNSXTdNiGwWz m+QP8INIlQKleST9+L2udyNuvKk09io4vTtvLV2htyPZdN6Znhl/YpL54LTrh0k8 NIuClIlpbIUeeoYMlmeFXHzo8/7tSU732eeSJbGUUIHBRxl2h/a8lox5wHEPYG8d nd/nP2/LhWap+60QcdsvHOYu5W/a0us6o3jhJ1YSMIoINKF4tvV1cxFia1HdrpjU zPRRPOCl0TcaBGqkA6IHV2voIaibMmvMkCaMuplzS+kPmMCOdMfGjtzaLpu8tJI4 Q7MD2PnmfrTl/tJVjJ8nxiOe5G3Czvj4m88PyRW+ylcZESIGA/Y=
=Rxw9
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

To: debian-devel@lists.debian.org (Debian Developers)

This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------vZUgR0zvbc9haXsi50Hxh4Gy
Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: base64

SWwgMjMvMTIvMjAyNCAxODowOSwgT3R0byBLZWvDpGzDpGluZW4gaGEgc2NyaXR0bzoNCj4g SGkhDQo+DQo+IFNhbHNhIENJIGlzIGEgZ3JlYXQgc3lzdGVtIGZvciBhbGwgYXNwaXJpbmcg RGViaWFuIHBhY2thZ2VycyB0byB0ZXN0DQo+IHRoZWlyIHBhY2thZ2VzIGJlZm9yZSByZXF1 ZXN0aW5nIHJldmlldyBmcm9tIG1lbnRvcnMsIGFuZCBhbHNvIGZvcg0KPiBleHBlcmllbmNl ZCBwYWNrYWdlcnMgdG8gZW5zdXJlIHRoZXJlIGFyZSBubyBlYXNpbHkgdGVzdGFibGUgbGFw c2VzDQo+IGJlZm9yZSB1cGxvYWRpbmcgdG8gRGViaWFuLg0KPg0KPiBBbnlvbmUgd2l0aCBh IFNhbHNhIGFjY291bnQgY2FuIHVzZSBpdC4gU2ltcGx5IGZvbGxvdyB0aGUgUkVBRE1FIGF0 DQo+IGh0dHBzOi8vc2Fsc2EuZGViaWFuLm9yZy9zYWxzYS1jaS10ZWFtL3BpcGVsaW5lIHRv IGdldCBzdGFydGVkIGFuZCB0bw0KPiBmaW5kIHRoZSBvcHRpbWFsIHNldHRpbmdzIGZvciB5 b3VyIHNwZWNpZmljIHBhY2thZ2UuDQo+DQo+IEhvd2V2ZXIsIGFzIHRoZXJlIGFyZSBzdGls bCBwYWNrYWdlcyBub3QgdXNpbmcgU2Fsc2EgQ0ksIEkgd29uZGVyIGlzDQo+IGl0IHN0cmFp Z2h0Zm9yd2FyZCBlbm91Z2ggZm9yIGV2ZXJ5b25lPw0KPg0KPiBJIGFtIGluIHRoZSBwcm9j ZXNzIG9mIGRvaW5nIGEgcm91bmQgb2YgdXBkYXRlcyB0byB0aGUgUkVBRE1FLiBBbGwNCj4g ZmVlZGJhY2sgb24gaG93IHRvIGltcHJvdmUgdGhlIGRvY3VtZW50YXRpb24gc28gaXQgaXMg ZWFzeSB0byBkaWdlc3QNCj4gaW4gcGFydGljdWxhciBmb3IgbmV3Y29tZXJzIGlzIHdlbGNv bWUgYXMgcmVwbGllcyB0byB0aGlzIGVtYWlsIG9yIGFzDQo+IGNvbW1lbnRzIGF0IGh0dHBz Oi8vc2Fsc2EuZGViaWFuLm9yZy9zYWxzYS1jaS10ZWFtL3BpcGVsaW5lLy0vbWVyZ2VfcmVx dWVzdHMvNTYzLg0KPg0KPiAtIE90dG8NCj4NClRoYW5rcyBmb3IgeW91ciB3b3JrcywgYmFz aWNhbGx5IGl0IHNlZW1zIHF1aXRlIHNpbXBsZSB0byBtZS4NCg0KIEZyb20gbXkgZXhwZXJp ZW5jZSB0aGUgcHJvYmxlbXMgZW5jb3VudGVyZWQgYXJlIG9jY2FzaW9uYWwgcmVncmVzc2lv bnMsIA0Kb2Z0ZW4gbm90IG9mIGEgc2Fsc2EtY2kgaXRzZWxmLCB0aGF0IGNhdXNlIGFsbCBi dWlsZHMgdG8gZmFpbCBmb3IgMSBvciANCm1vcmUgZGF5cy4NCg0KSSBhbHNvIGhhZCBkaWZm aWN1bHQgdG8gdXNlIGV4dHJhIHJlcG8sdGhlIGRvY3VtZW50YXRpb24gY291bGQgcGVyaGFw cyANCmJlIGltcHJvdmVkIGluIHRoaXMgcmVnYXJkLCBmb3IgY2lubmFtb24gcGFja2FnZXMg SSBoYWQgaXQgd29ya2luZyB1c2luZyANCmRlYm9tYXRpYyByZXBvc2l0b3J5IGJ1dCBvbiBy ZWNlbnRseSB0ZXN0cyBmb3IgbmV4dCBtYWpvciB2ZXJzaW9uIHVzaW5nIA0KZXh0cmEgcmVw byB3YXMgbm90IHdvcmtpbmcsIGFuZCBJJ20gbm90IHN1cmUgb2YgdGhlIGNhdXNlIGZyb20g YSBmYXN0IA0KbG9vazogDQpodHRwczovL3NhbHNhLmRlYmlhbi5vcmcvY2lubmFtb24tdGVh bS9jaW5uYW1vbi1zZXR0aW5ncy1kYWVtb24vLS9qb2JzLzY4MTUxNzUNCg0KaW4gdGhlIGRv Y3VtZW50YXRpb24gaXQgY291bGQgYmUgYWRkZWQgZm9yIGV4YW1wbGUgd2hpY2ggdGVzdHMg ZG8gbm90IA0Kc3VwcG9ydCB0aGUgZXh0cmEgcmVwb3MgdG8gYmUgZGlzYWJsZWQgb3Igd2hp Y2ggcmVxdWlyZSBhZGRpdGlvbmFsIA0KY2hhbmdlcywgZm9yIGV4YW1wbGUgd2hlbiB3YXMg d29ya2luZyBJIGhhZCB0byBhZGQgYSBwaXVwYXJ0cyBwcmUgc2NyaXB0IA0KKHRvIGhhdmUg cGl1cGFydHMgd29ya2luZykgYW5kIGRpc2FibGVkIHJlcHJvdGVzdCBhbmQgQlVJTERfUEFD S0FHRV9JMzg2Lg0KDQpBIG1pbm9yIHRoaW5nIHVzZWZ1bCBjYW4gYmUgdG8gZGlzYWJsZSBj cm9zcyBidWlsZCBieSBkZWZhdWx0IGFzIHlvdSANCmFscmVhZHkgZGlkIGFuIE1SOiANCmh0 dHBzOi8vc2Fsc2EuZGViaWFuLm9yZy9zYWxzYS1jaS10ZWFtL3BpcGVsaW5lLy0vbWVyZ2Vf cmVxdWVzdHMvNTcwDQoNCg==

--------------vZUgR0zvbc9haXsi50Hxh4Gy--

-----BEGIN PGP SIGNATURE-----

wsF5BAABCAAjFiEELEHRfLe4S9D5+1GzaAZorpB/EB0FAmdsQEUFAwAAAAAACgkQaAZorpB/EB3w pw//fKIFoORJ/rQtHGzsKF9zb9rwwdpf24laG0xS/nReGEYQIgKLMLcKD7UECDRT8L41rl0Ny9fc 9JMVAxL4MqFUil6klFALLdKTfgvVSiok5HpnINRBAZz7mHcapb+4syqnpvqhi0zQE70t1RBSHE6Z ucRVygwJtOg3LX1nHqhE4WLZLFJlmQUIE/GYPxgLOF0dRuFi3Y0Yt3GShxWfE85Pk5/KiuzIFyf5 PuDpXmeIgkgfBETsnWMaKjsugGUAuwqhqYvEUGUczHWOXeirpxjbJrrV5sbzPspG+7GruTA1CAoq /ZSuED+oYhZmIwCmlZ/RyUsfN6UPUxnwFsslwO6eGKS+Xn32MhdMMbx7JJiYnPd0EN5B3KULqHkY JLHs692B4WOj1zfCH6ixq3gRx3Hj8vZLoT211+D2BBjMDKf6Gsh1YcBTR0xxBD8emNPK62lU1vV7 WX0OoDm+1rNTcfEJb3ccxuhAHSlGqUCnRjflU1VMvOpzvMvCEVUvlPhjEyzH7ziGmRzZ2ZIgChNM Dxe1C4te5CNDmk+b+0VOy6aYAvntNGFcDO36Y/EMTKQnDKu09bQpYxPCB8nhplamoQkktCQAoJ1A +frZRQq8KQH2NIOTvhEJiAwPLuibiOnRAVHeQZaczXvQdhCaQKvTdsYUwe49bOcFijLD+NUbXkL2 oFc=
=by/d
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Otto Kekäläinen <otto@debian.org> writes:

Salsa CI is a great system for all aspiring Debian packagers to test
their packages before requesting review from mentors

However, as there are still packages not using Salsa CI, I wonder is
it straightforward enough for everyone?

I think the best solution would be to make it opt-in rather than
opt-out?

i think the barrier is likely to be "i didnt know you could do that?"
rather than "how do i use that?"

I am in the process of doing a round of updates to the README. All
feedback on how to improve the documentation so it is easy to digest
in particular for newcomers is welcome as replies to this email or as comments at https://salsa.debian.org/salsa-ci-team/pipeline/-/merge_requests/563.

I added some comments, clearer docs are always worthwhile

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Hi!

Salsa CI is a great system for all aspiring Debian packagers to test
their packages before requesting review from mentors

However, as there are still packages not using Salsa CI, I wonder is
it straightforward enough for everyone?

I think the best solution would be to make it opt-in rather than
opt-out?

i think the barrier is likely to be "i didnt know you could do that?"
rather than "how do i use that?"

Salsa CI is and has always been opt-in. One needs to add a `debian/salsa-ci.yml` file to the Debian packaging repository for it
to run:

---
include:
- https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/recipes/debian.yml

AND additionally enable CI in the project settings in web ui or by running:

salsa update_projects $NAMESPACE/$PROJECT --jobs yes --ci-config-path debian/salsa-ci.yml

If it is running somewhere without a `debian/salsa-ci.yml` file it is
probably because at some point people considered adding that
salsa-ci.yml file too much work, and enabled Salsa CI via reference to `recipes/debian.yml@salsa-ci-team/pipeline` which is no longer
recommended practice. I will clarify the README on this point and why
skipping the salsa-ci.yml file is likely causing extra work for people
in the long run.

I am in the process of doing a round of updates to the README. All
feedback on how to improve the documentation so it is easy to digest
in particular for newcomers is welcome as replies to this email or as comments at https://salsa.debian.org/salsa-ci-team/pipeline/-/merge_requests/563.

I adde