Gitlab CI Debian packaging pipeline

Introduction

The Linaro gitlab-ci is based upon Debian Salsa-CI pipeline https://salsa.debian.org/salsa-ci-team/pipeline The main documentation from README is valid for Linaro as well, as the core changes are simply to accommodate building ARM64 and ARMHF packages.

The starting point is a standard Debian package git repository https://gitlab.com/Linaro/qcom/alsa-ucm-conf , with an debian/master and upstream/master branches. The branches can be named something else in https://manpages.debian.org/testing/git-buildpackage/gbp.conf.5.en.html such as here: https://gitlab.com/Linaro/qcom/alsa-ucm-conf/-/blob/debian/master/debian/gbp.conf .

debian/salsa-ci.yml

Triggering the builds is started by creating a https://gitlab.com/Linaro/qcom/alsa-ucm-conf/-/blob/debian/master/debian/salsa-ci.yml file. In this file you can set a range of variable to tune the pipeline. After setting this as the gitlab-ci config file in the project settings, you get green check-mark (or a red cross) for the commits in debian/ branches.

Clicking on the check you get to the pipeline view.

Extract-source

This makes the debian source package from the upstream and debian branches in the repository. Uses standard git-buildpackage tools.

Build

Builds the arm64 packages. These are used at the test stages later. Also the arch-all packages come from this repository.

Build-armhf

Builds armhf packages. This target has been based on the i386 target from salsa-ci, with arch-all package option removed. For arm64 only packages, you can set SALSA_CI_DISABLE_BUILD_PACKAGE_ARMHF: true in the respective packages debian/salsa-ci.yml package.

Build-source

Builds an source-only package.

Aptly

Builds and apt repository for the current build. This can be used for testing etc. See the index.html in https://gitlab.com/Linaro/qcom/alsa-ucm-conf/-/jobs/1896386193/artifacts/browse/aptly/ for instructions.

Repo

Linaro-specific job that uploads packages to http://deb.ctt.linaro.org/ . This functions by executing https://gitlab.com/Linaro/qcom/pipeline/-/blob/master/upload-to-repo.py which uses the environment variables provided by gitlab-ci to find all “build” jobs of the current pipeline, their artifact URLs and triggering the https://ci.linaro.org/job/upload-deb-package/ job in Linaro jenkins.

Note: Currently it is hardcoded to upload to linaro-overlay-staging repository. It is left as an exercise to add an optional variable to the debian/salsa-ci.yml and to pass it as the repo parameter to the python script

Test stage

The jobs come from salsa-ci, and are integration tests that test the quality of generated packages. For Linaro purposes, they may not be of the highest priority (our old CI has done none of that).

  1. BLHC - tests for missing security/hardening options https://packages.debian.org/sid/utils/blhc

  2. Lintian. Standard debian package linting tool https://manpages.debian.org/testing/lintian/lintian.1.en.html

  3. Reprotest: tests reproducibility of the package build

  4. test-build-all: tests that the build-all target builds

  5. test-build-any: tests that build-any target works

Disabled tests. In the Linaro-specific setup we have disabled two tests in https://gitlab.com/Linaro/qcom/pipeline/-/blob/master/vars/linaro.yml

  1. autopkgtest. Tests the packages internal autopkgtest. Fails due to infrastructure problems.

  2. piuparts. Tests installing/uninstalling the package. Again, fails due to infrastructure problems.

  3.