-
Notifications
You must be signed in to change notification settings - Fork 20
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
An improved workflow for maintaining Salt #96
base: master
Are you sure you want to change the base?
Conversation
00367fd
to
a8616ca
Compare
|
||
As mentioned this is now at `pkg/suse/salt.changes` in `openSUSE/salt` GitHub repo. | ||
|
||
When creating a PR to `openSUSE/salt` the user must also include the corresponding changes to the spec file, that can be generated as usual with `osc vc`. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not sure if I get this point right. Maybe it says spec file
but the actual meaning is different, not sure, could you please clarify it?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Woops, sorry. I meant "changelog" file 😄
Let me fix this
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do I understand it right, that in this case we will add changelog entries manually to the changelog file or manually but with osc vc
, still not fully clear here. With the osc services there is way to use commit messages as a changlog items, don't we want to use it this way?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm proposing here to manually add the changelog entry to salt.changes
by using the osc vc
command directly in your Git tree, so the generated changelog entry (and header) can be included together with the code changes in the PR to openSUSE/salt
repo.
This way a single PR to openSUSE/salt
repo could contain all possible different bits: code changes, specfile changes, changelog entries, artifacts changes.
See this example PR: https://github.com/meaksh/salt/pull/10/files
Now that you mentioned the "osc services" for the changelog, I realized that the current proposal is not covering the fact that we need to maintain different changelogs depending on the targeted codestreams (as they are not aligned).
I'll have some thoughts and clarify this on the RFC text.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've added more text to the RFC on how to deal with different maintained changelogs
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I generally like this design. I left a few questions in line but saved the big one for now: How do we package the Salt Bundle? Currently we have a split-brain problem where some of the sources are just in OBS. Can we integrate them into this workflow?
|
||
As mentioned this is now at `pkg/suse/salt.changes` in `openSUSE/salt` GitHub repo. | ||
|
||
When creating a PR to `openSUSE/salt` the user must also include the corresponding changes to the changes file, that can be generated as usual with `osc vc`. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Does this work for the different changelogs we currently maintain in parallel?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I missed to cover on the current proposal our requirement on maintaining different changelogs for the different target codestream we maintain.
I'll add some more text to cover these cases.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've added more text to the RFC on how to deal with different maintained changelogs
|
||
When creating a PR to `openSUSE/salt` the user must also include the corresponding changes to the changes file, that can be generated as usual with `osc vc`. | ||
|
||
Similarly to the main Uyuni repository, we should add a GitHub action to warn the user in case no changelog entry is added in the PR. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Are we also merging the changelog like we do in Uyuni or do we need to resolve merge conflicts manually?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This should be now clarified on the RFC text
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I can't find it, can you help me out with the line number or a link? With the list of "backported PRs" in the spec file, we might hit this issue in two places.
|
||
#### `systemsmanagement:saltstack:github/salt` | ||
|
||
This OBS package will only contain `_multibuild` file and a `_service` file that should look like: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we have the _multibuild
in git as well?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hmmm, indeed probably yes. I'll check and adjust this.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
After latest changes on the RFC, now _multibuild
would be also included in the Git repo.
* package building according to PR branch. | ||
* branched and removed automatically from `systemsmanagement:saltstack:github/salt` by OBS workflow. | ||
|
||
The same OBS structure will apply to all our OBS targets: `products`, `products:testing` and `products:next`. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you explain how the structure applies to these projects concretely? I would have thought products:testing
or products:next
don't need a separate github
subproject.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hmmm, actually for products
we don't really needed, as we just copypac whatever is in products:testing
to products
.
But for products:testing
and products:next
I will also consider the github
structure, to be able to have different Salt versions if necessary ensuring those packages are also ready to be consumed (even if those are never be directly released) but we would prevent enabled services can run unexpectely on targets that are linked to products:testing
and products:next
(like i.a. Uyuni:Master or D:G:M:*)
<param name="scm">git</param> | ||
<param name="versionformat">@PARENT_TAG@</param> | ||
<param name="versionrewrite-pattern">v(.*)</param> | ||
<param name="revision">openSUSE/devel/master</param> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I was not aware we used an openSUSE/devel/master
branch. Is this a new branch we will use?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I used openSUSE/devel/master
here just as an example, it should point to the eventual openSUSE/release/3008.x
branch. I'll fix this on the RFC text.
Currently openSUSE/devel/master
is just the devel branch I created with upstream master
branch + our patches partially rebased on top (excluding patches to extensions).
|
||
### Salt Extensions | ||
|
||
#### Builtin extensions |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This has been part of the other RFC, but for me it's still not so clear that we can have "builtin extensions". How do we publish these to PyPI from the main repository? How do we get them to show up on https://extensions.saltproject.io/?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
These "builtin extensions" I introduced it as an optional way for us to be able to provide extensions that do not have yet a proper Salt Extension package.
This could happen for example in these cases:
- Not officially published as Salt Extensions yet (sources would come from "salt-extensions-holding" repository) that we want to include but do not want to maintain upstream.
- Salt Extensions published but not packaged yet in OBS. (in this case we should probably go an package it p)
might not be necessary but it is an option we have.
Builtin extenions would reduce, if necessary, the number of Salt Extensions packages we want to deal with.
It would be up to us to decide whether we want to have any builtin extensions or we just go with all needed extensions as separeted packages if they are already migrated to Salt Extensions.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In the other RFC, the list of built-in extension includes zypperpkg
and transactional_update
. These are extensions we want to maintain, i.e. we will need to publish them on PyPI. What's the workflow for maintaining these built-in extensions? Do we have the same rules wrt. pull requests and what they have to contain? How do we publish them to PyPI? What's the plan here?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
looks good to me, just a few questions to help me better understand the solution
All current extra "Sources" files in our RPM package, together with spec file and changelog file will go now to a `pkg/suse/` directory in `openSUSE/salt`: | ||
|
||
``` | ||
pkg/suse/README.SUSE |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just to make is clear, any patch that we want to apply on top of salt code base should go to this folder pkg/suse/
right?
So basically you are moving all the content from the github project openSUSE/salt-packaging
(subfolder salt) to this noew pkg/suse
folder (at the start we will not have patches since we start from the same base as upstream)?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not really. We won't be carrying patch files anymore in our new OBS packages, as any code change will automatically inside the source tarball by the obs_scm
integration.
The exception to this would be EMBARGOED bugs, where we cannot proceed publicly via GitHub, so we will put a patch file manually in IBS than will be removed the bug is public and we push the changes to GitHub.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A side question; currently, we have a lot of commits that are not in upstream, due to various reasons. With salt-packaging
, we can easily check which patches are in upstream, and which patches are not. With removing the patch workflow, we're losing this insight.
Do you perceive this as a problem? Are we still sticking with the "fork & cherrypick commits" development style, or are we moving towards rebasing more frequently?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is a good point! We should probably want to have a way to easily identify what is upstreamed and what is not.
I'll elaborate this a bit on the RFC text. Thanks for the note 👍
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
thank you @m-czernek , that was exactly my concern when I made the comment. Commits that are not yet upstrem, and currently are maintained on salt-packaging project.
We we start merging commit to our salt project that are not merge upstream yet, it can make it harder to integrate upstream version and know what is merge already or not.
@meaksh thank you for look into this topic.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've added a section in to RFC to clarify this.
Co-authored-by: Marek Czernek <marek.czernek@suse.com>
|
||
1. Stick to our current workflow based on "salt-packaging" -> The workflow doesn't currently fit with Salt Extensions and we don't want to have different workflows between Salt and Salt Extensions. | ||
1. One dedicated GitHub repository and OBS package per each Salt Extension -> It won't save resources and will cause more submissions. | ||
2. The usage of "git submodules" as an alternative to adding the Salt Extensions sources manually would make it tricky to generate patches manually and also to integrate with "obs_scm". |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you expand on those points a bit? In particular, what makes it tricky to generate patches when sources live in separate repositories opposed to separated sub-directories in a single repository? And why is that harder to integrate separate repositories?
I'm not saying we should go that way, I just want to understand the trade-offs.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let say we need to prepare a patch in OBS/IBS to fix some code in one extension or even in many of them in a single shot.
Assuming that we use "git submodules" in our Salt Extension repository and we have a sub-directory per extensions which is a "git submodule":
Then if you run git format-patch
command on your Git repository root, then you won't get any diff for any of the "git submodules". You have to run git format-patch
inside each "git submodule" directory to get a patch file which is actually not relative to your main Git repo but to the submodule repository, so we won't be able to apply that generated patch directly in our spec file but we would need to manually adjust it.
This is why I say that "git submodules" are not really straight forward when it come to generate patches.
When it comes to the obs_scm
service (as we want to have a unified workflow for Salt and its extensions), I have not really tested how it behaves with "git submodules".
Hth!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you, I understand what you mean now. I agree that using sub-modules in that way is not a good approach. I don't really get the point about patches though, I thought we don't create them anymore with this RFC?
JFI, in the new "SUSE Packaging Git Workflow" git sub-modules are used in "project repositories". Each package that's inside the project is it's own git repository (somewhere else) and they exist inside the project as sub-modules.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For the general mainteance, we don't use patches anymore but there are some cases where patches are still needed, like the embargoed bugs, where the fixes are manually pushed to IBS, using a patch file, and not via GitHub repository until the bug is public.
This "openSUSE/salt-extensions" repository will contain: | ||
- a common salt-extension spec file that will generate all RPM packages | ||
- The sources for each Salt Extension we package | ||
- A changelog file |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Here we'll need to be careful with merge conflicts. Maybe it won't be a big issue, we probably won't change the extensions that often. On the other hand, we probably update them in batches which could lead to changelog merge conflicts.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actually, I just changed this as we would have multiple changelog files, one per maintained workflow.
Of course, merge conflicts could happen for PRs that are introducing different changelog entries at the same, then we would need to rebase the PR before merging it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you for the updates. For me there are two areas that are not very clear, it would be great if we could clarify them:
- How do we maintain "our" salt extensions?
- The current state of the RFC includes two places that will likely cause merge conflicts on every pull request.
|
||
For the regular Salt maintenance, this means it won't be needed anymore to manually produce patch files to add them to the spec file, as the tarball now contains the updated sources (with the exception of EMBARGOED bugs, where patches are still needed as we cannot push any fix to public GitHub repositories). | ||
|
||
To avoid losing the useful labeling of "PATCH-FIX_UPSTREAM" and "PATCH-FIX_OPENSUSE" (with a direct link to the origin PR on the spec file for each new patch we introduced into our Salt package), we will keep adding this information to the spec file on every new PR but this time without adding the patch itself, only the comment. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Won't this cause a lot of merge conflicts?
|
||
When creating a PR to `openSUSE/salt` the user must also include the corresponding changes to the changes file, that can be generated as usual with `osc vc`. | ||
|
||
Similarly to the main Uyuni repository, we should add a GitHub action to warn the user in case no changelog entry is added in the PR. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I can't find it, can you help me out with the line number or a link? With the list of "backported PRs" in the spec file, we might hit this issue in two places.
|
||
Similarly to the main Uyuni repository, we should add a GitHub action to warn the user in case no changelog entry is added in the PR. | ||
|
||
NOTE: I think it is better to decouple commit messages (focus on developers) from changelog entries (focus on users/customers), so I prefer to not use commit messages from "openSUSE/salt" to autogenerate the changelog entries but rather to manually write a meaningful changelog message to be included in your PR as part of your changes. Similarly to what we do in other Uyuni repositories. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Totally agree. In openSUSE/salt, we can't afford to lose meaningful commit messages
salt.spec | ||
``` | ||
|
||
Since services are disabled here, to allow submissions to openSUSE and SLE, this OBS package will be automatically synced with `openSUSE/release/xxxx` by a Jenkins job. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Something is unclear about the workflow to me. You write that we use systemsmanagement:saltstack:github/salt
as the devel project. Does that mean the changes go "Github" -> systemsmanagement:saltstack:github/salt
-> systemsmanagement:saltstack/salt
-> openSUSE:Factory
? What exactly is this Jenkins job doing?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Does that mean the changes go "Github" ->
systemsmanagement:saltstack:github/salt
->systemsmanagement:saltstack/salt
->openSUSE:Factory
?
Yes, that's correct. Essentially:
systemsmanagement:saltstack:github/salt
-> services must be enabled here in order to automatically gets the changes from the corresponding GitHub branch, therefore we cannot use this source to submit toFactory
(services MUST be disabled when submitting). (poc example: https://build.opensuse.org/package/show/home:PSuarezHernandez:tests:github/salt)systemsmanagement:saltstack/salt
-> this is expected to contain same codebase as the above package but in a way that is "ready-to-be-submitted". This means, with the services disabled, and containing the actual spec file, changelog and obsinfo/obscpio files. (poc example: https://build.opensuse.org/package/show/home:PSuarezHernandez:tests/salt)
What exactly is this Jenkins job doing?
The jenkins jobs takes care of automatically pushing any new change that is added to systemsmanagement:saltstack:github/salt
via OBS services to the package "ready-to-be-submitted" package at systemsmanagement:saltstack/salt
. It disables the services by adjusting the _service
, then it manually runs the services to get the spec file, changelog and obsinfo/obscpio files. So after Jenkins runs, the package at systemsmanagement:saltstack/salt
contains the same codebase than the :github
package and it is ready to be submitted, i.a. to openSUSE:Factory
or Maintenance.
I'll try to clarify this better on the RFC text.
|
||
### Salt Extensions | ||
|
||
#### Builtin extensions |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In the other RFC, the list of built-in extension includes zypperpkg
and transactional_update
. These are extensions we want to maintain, i.e. we will need to publish them on PyPI. What's the workflow for maintaining these built-in extensions? Do we have the same rules wrt. pull requests and what they have to contain? How do we publish them to PyPI? What's the plan here?
Read the RFC here