Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Consider moving pagure.io/workstation-ostree-config to GitHub or to Fedora's GitLab #334

Closed
travier opened this issue Aug 21, 2022 · 19 comments
Labels
enhancement New feature or request kinoite Also affect Fedora Kinoite

Comments

@travier
Copy link
Member

travier commented Aug 21, 2022

Consider moving https://pagure.io/workstation-ostree-config to GitHub (here) or to Fedora's GitLab namespace (https://gitlab.com/fedora).

The main advantage of this change would be that it would be much easier for us to setup CI to validate changes to this repo.

We can setup Zuul based CI for repos in pagure.io (https://fedoraproject.org/wiki/Zuul-based-ci) but I don't think that we have contributors with knowledge about Zuul and we have much more contributors with GitHub or GitLab CI knowledge.

@travier travier added the enhancement New feature or request label Aug 21, 2022
@travier
Copy link
Member Author

travier commented Aug 21, 2022

@dustymabe
Copy link

dustymabe commented Aug 21, 2022

You might be blocked from doing this because of fedora/infra and/or pungi requirements. I don't know if it can pull from GitHub or GitLab when doing the OSTree composes.

@travier
Copy link
Member Author

travier commented Aug 22, 2022

I think we should be able to keep the pagure repo as a mirror of the one in GitHub/GitLab if that's an issue (pushing from here to Pagure for each commit).

@tpopela
Copy link
Contributor

tpopela commented Aug 22, 2022

As I've already shared with Timothee in the past, my long term vision is to move everything from the fedora-silverblue organization here on GitHub to Fedora's GitLab (when it's really ready).

@travier
Copy link
Member Author

travier commented Aug 22, 2022

Do we have any approximative timeline for when it should be ready? Some projects are already there. What's missing for it to be ready?

@tpopela
Copy link
Contributor

tpopela commented Aug 22, 2022

No AFAIK - I'm waiting for someone to figure out how the whole situation with "mentions" will look/work like. Because I want to be able to mention anyone in the Fedora Project with their FAS and the user should get the notification (even though they might not use Fedora's GitLab). Let me ask mattdm about this again and if it will be somehow addressed.

@travier
Copy link
Member Author

travier commented Aug 31, 2022

@travier
Copy link
Member Author

travier commented Sep 2, 2022

It's likely doable:

It would need changes to allowed scms in the kojid config: https://pagure.io/fedora-infra/ansible/blob/main/f/roles/koji_builder/templates/kojid.conf#_81

And also changes to the builder's firewalls to allow them to reach it over the net.

I think this is doable, but we want to make sure we don't open all of gitlab, only specific repos.

@travier
Copy link
Member Author

travier commented Sep 7, 2022

And we now have https://gitlab.com/fedora/ostree. Feel free to request access by opening an issue there.

@travier
Copy link
Member Author

travier commented Sep 28, 2022

See #359 (comment) for an update.

@travier
Copy link
Member Author

travier commented Sep 28, 2022

You can use the following command to try them:

$ sudo rpm-ostree rebase --experimental ostree-unverified-registry:quay.io/fedora-ostree-desktops/silverblue:rawhide.20220928.0.29c1e070

@travier travier added kinoite Also affect Fedora Kinoite rawhide f38 Related to Fedora 38 labels Sep 28, 2022
@AdamWill
Copy link

AdamWill commented Oct 25, 2022

We can setup Zuul based CI for repos in pagure.io (https://fedoraproject.org/wiki/Zuul-based-ci) but I don't think that we have contributors with knowledge about Zuul and we have much more contributors with GitHub or GitLab CI knowledge.

I think you're kinda overstating this part, FWIW. I don't know a whole lot about Zuul either, but the integration has been set up to be very very simple. The first time I onboarded a project to the Zuul-based CI for Pagure it took me about two hours with zero prior knowledge of Zuul.

This might vary a bit depending on how specific the requirements are for running your test suite, but it's really not difficult. There are docs and example configs and what you wind up with is a VM or containerized Fedora environment in which to run the test suite.

edit: I revised the wiki page you linked to be a bit better (I hope, at least). Asked Tristan to check it for accuracy.

@travier
Copy link
Member Author

travier commented Oct 26, 2022

@travier
Copy link
Member Author

travier commented Nov 9, 2022

@AdamWill Do you know if it is possible to trigger a Zuul job daily on a Pagure repo?

@AdamWill
Copy link

AdamWill commented Nov 9, 2022

Not sure about that, fbo or tristan might know.

@travier
Copy link
Member Author

travier commented Nov 15, 2022

I've setup nightly builds for Silverblue & Kinoite in https://gitlab.com/fedora/ostree/ci-test (repo name expected to change).
Testing those from an existing installation is:

$ sudo rpm-ostree rebase ostree-unverified-registry:quay.io/fedora-ostree-desktops/silverblue:rawhide
$ sudo rpm-ostree rebase ostree-unverified-registry:quay.io/fedora-ostree-desktops/silverblue:37

and similarly for F36 and Kinoite. You can find all builds (tags as they are container images) on Quay.io (repo names also expected to change): https://quay.io/repository/fedora-ostree-desktops/silverblue?tab=tags & https://quay.io/repository/fedora-ostree-desktops/kinoite?tab=tags.

I'm still having issues building installer ISOs with lorax: https://gitlab.com/fedora/ostree/ci-test/-/issues/1. Will have to give it a try again soon.

@travier travier removed the f38 Related to Fedora 38 label Nov 28, 2022
@travier travier removed the rawhide label May 15, 2023
@travier
Copy link
Member Author

travier commented Jan 22, 2024

Closing this issue in favor of the one in the Fedora Atomic Desktop issue tracker: https://gitlab.com/fedora/ostree/sig/-/issues/4

@jmpolom
Copy link

jmpolom commented Mar 11, 2024

We should consider signing those images. A few links for reference:

Going to add some info on this closed issue because I don't see any other place to reference this. There is a discussion in an rpm-ostree issue (coreos/rpm-ostree#4272 (comment)) about a deficiency in the container library related to supporting cosign/sigstore signatures. Right now all that works is boring old static on disk keyfiles (questionable security).

There was a draft PR submitted to correct this in the containers/image library but there were some issues with the submitted PR and other unresolved contention about how to actually achieve the needed features: containers/image#2235

I think this an area of future needed cooperation and coordination amongst the respective Red Hat sponsored projects.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request kinoite Also affect Fedora Kinoite
Projects
None yet
Development

No branches or pull requests

5 participants