Gitlab CI Debian packaging pipeline


The Linaro gitlab-ci is based upon Debian Salsa-CI pipeline The main documentation from README is valid for Linaro as well, as the core changes are simply to accommodate building ARM64 and ARMHF packages.

The starting point is a standard Debian package git repository , with an debian/master and upstream/master branches. The branches can be named something else in such as here: .


Triggering the builds is started by creating a file. In this file you can set a range of variable to tune the pipeline. After setting this as the gitlab-ci config file in the project settings, you get green check-mark (or a red cross) for the commits in debian/ branches.

Clicking on the check you get to the pipeline view.


This makes the debian source package from the upstream and debian branches in the repository. Uses standard git-buildpackage tools.


Builds the arm64 packages. These are used at the test stages later. Also the arch-all packages come from this repository.


Builds armhf packages. This target has been based on the i386 target from salsa-ci, with arch-all package option removed. For arm64 only packages, you can set SALSA_CI_DISABLE_BUILD_PACKAGE_ARMHF: true in the respective packages debian/salsa-ci.yml package.


Builds an source-only package.


Builds and apt repository for the current build. This can be used for testing etc. See the index.html in for instructions.


Linaro-specific job that uploads packages to . This functions by executing which uses the environment variables provided by gitlab-ci to find all “build” jobs of the current pipeline, their artifact URLs and triggering the job in Linaro jenkins.

Note: Currently it is hardcoded to upload to linaro-overlay-staging repository. It is left as an exercise to add an optional variable to the debian/salsa-ci.yml and to pass it as the repo parameter to the python script

Test stage

The jobs come from salsa-ci, and are integration tests that test the quality of generated packages. For Linaro purposes, they may not be of the highest priority (our old CI has done none of that).

  1. BLHC - tests for missing security/hardening options

  2. Lintian. Standard debian package linting tool

  3. Reprotest: tests reproducibility of the package build

  4. test-build-all: tests that the build-all target builds

  5. test-build-any: tests that build-any target works

Disabled tests. In the Linaro-specific setup we have disabled two tests in

  1. autopkgtest. Tests the packages internal autopkgtest. Fails due to infrastructure problems.

  2. piuparts. Tests installing/uninstalling the package. Again, fails due to infrastructure problems.