DevHeads.net

Tagging commit hashes of Koji builds in dist-git

Is there a reason why we do not tag dist-git commits, using a name which
is derived from the NEVR from a Koji build?

How well does Git scale with thousands of tags?

Thanks,
Florian

Comments

Re: Tagging commit hashes of Koji builds in dist-git

By clime at 06/07/2019 - 07:33

On Thu, 6 Jun 2019 at 13:53, Florian Weimer < ... at redhat dot com> wrote:
Interesting idea. I am soon coming with a proposal of the annotated tags
being created by packagers and storing changelog automatically in them.

These tags would have name derived automatically from Name-Version-Release
put in the spec file and constitute a basically a package release
record in DistGit.

The information in Koji would then be derivative of it. I guess this is another
way how to go around things.

clime

Re: Tagging commit hashes of Koji builds in dist-git

By King InuYasha at 06/07/2019 - 08:25

On Fri, Jun 7, 2019 at 8:09 AM clime < ... at fedoraproject dot org> wrote:
This is very similar to what Igor and I had been thinking of doing, too.

Re: Tagging commit hashes of Koji builds in dist-git

By King InuYasha at 06/06/2019 - 08:10

On Thu, Jun 6, 2019 at 7:53 AM Florian Weimer < ... at redhat dot com> wrote:
We used to back in the CVS days, because we needed it for plague. Koji
blocks duplicate submissions anyway, so it stopped being needed when
we transitioned to Git.

We're going to probably introduce it for some automation in the near
future, though.

Git is not great with thousands of any kind of refs, be it branches or
tags. It still works, it's just things like 'git log' get kind of
expensive.

Re: Tagging commit hashes of Koji builds in dist-git

By Dennis Gilmore at 06/06/2019 - 15:07

On Thu, Jun 6, 2019 at 7:11 AM Neal Gompa < ... at gmail dot com> wrote:
it was not plague that needed it, using tags was the only way to
cjeckout the intended output, they had the problem that they were not
immutable, if you made a typo you forced in a new tag so you did not
need to bump the nvr

koji stores the git hash for all builds, writing a script to get the
hash for a given nvr would be trivial. it just means you have to be
online to retrieve the data than being able to get the date while
disconnected, if it was stored in git.

Dennis

Re: Tagging commit hashes of Koji builds in dist-git

By Pierre-Yves at 06/07/2019 - 03:42

On Thu, Jun 06, 2019 at 02:07:18PM -0500, Dennis Gilmore wrote:
I'd also point out that the link is also made in pagure, for example:
<a href="https://src.fedoraproject.org/rpms/kernel/c/ead55fdbc7606e96fb1436249e4d121c5119218b?branch=master" title="https://src.fedoraproject.org/rpms/kernel/c/ead55fdbc7606e96fb1436249e4d121c5119218b?branch=master">https://src.fedoraproject.org/rpms/kernel/c/ead55fdbc7606e96fb1436249e4d...</a>

Basically, we listen for koji build results and "flag" the commit which was used
for the build with the outcome (success/failure) of the build.
Here is another example who both succeeded and failed to build in koji:
<a href="https://src.fedoraproject.org/rpms/0ad/c/d43ffc4721e7c5d6af33e9bc26b739ec6802cb76?branch=master" title="https://src.fedoraproject.org/rpms/0ad/c/d43ffc4721e7c5d6af33e9bc26b739ec6802cb76?branch=master">https://src.fedoraproject.org/rpms/0ad/c/d43ffc4721e7c5d6af33e9bc26b739e...</a>

If this needs to be made more easily discoverable via the API, we can adjust
pagure for this.

Pierre

Re: Tagging commit hashes of Koji builds in dist-git

By Stephen Gallagher at 06/06/2019 - 15:57

On Thu, Jun 6, 2019 at 3:08 PM Dennis Gilmore < ... at ausil dot us> wrote:
Might be worth asking if there's a reason to need this offline. If the
exact commit ID is stored in Koji and is authoritative, also tagging
it into git might be convenient for offline purposes. The fact that
it's not immutable is probably not an issue as long as the
authoritative site *is*. (e.g. The same script that gets the hash from
Koji could also detect if someone manually changed it in git, which
would probably qualify as suspicious behavior.)

Re: Tagging commit hashes of Koji builds in dist-git

By Petr Pisar at 06/07/2019 - 04:37

On 2019-06-06, Stephen Gallagher < ... at redhat dot com> wrote:
If tags in dist-git could disagree with Koji, people could not rely on
them and would use Koji instead rendering tags in dist-tag useless.

-- Petr

Re: Tagging commit hashes of Koji builds in dist-git

By Bruno Wolff III at 06/07/2019 - 04:38

On Fri, Jun 07, 2019 at 08:37:57 -0000,
Petr Pisar < ... at redhat dot com> wrote:
Would having signed tags help?

Re: Tagging commit hashes of Koji builds in dist-git

By Florian Weimer at 06/07/2019 - 04:48

* Bruno Wolff, III:

No, the tags must recide in a namespace, and dist-git (i.e.,
src.fedoraproject.org) must restrict who can push into that namespace.

Thanks,
Florian

Re: Tagging commit hashes of Koji builds in dist-git

By Pierre-Yves at 06/06/2019 - 08:08

On Thu, Jun 06, 2019 at 01:52:20PM +0200, Florian Weimer wrote:
One of the issue is that currently tags are not immutable, ei packagers could
override them.

Pierre

Re: Tagging commit hashes of Koji builds in dist-git

By Thomas Moschny at 06/06/2019 - 09:41

Am Do., 6. Juni 2019 um 14:12 Uhr schrieb Pierre-Yves Chibon
< ... at pingoured dot fr>:
Tags could be signed, and also pagure could reject removal of tags.
Immutability is a feature of the repository, not the tags themselves,
I think.

- Thomas

Re: Tagging commit hashes of Koji builds in dist-git

By Florian Weimer at 06/06/2019 - 11:48

* Thomas Moschny:

Yes, I think you can have a Git hook which updates certain tag updates,
just like you would reject branch updates. It probably makes sense to
put the Koji tags into a separate namespace anyway, so filtering it by
prefix string should be possible. (It would also stop people from
pushing misleading tags that don't correspond to Koji builds, but look
that way.)

Tagging would have to happen upon successful completion of the build
(for a failed build, the NVR can be reused), which is slightly annoying,
but still better than having no tags at all, ever.

Thanks,
Florian

Re: Tagging commit hashes of Koji builds in dist-git

By Igor Gnatenko at 06/06/2019 - 08:04

We actually talked about this on oSC19 with Neal Gompa and Florian
Festi. And we'd need it for automation we are planning to work on...
Then I spoke to pingou and he told me that tags are easy to delete and
you need some special hook to prevent that...

I did not have time to look at it though.

On Thu, Jun 6, 2019 at 2:02 PM Florian Weimer < ... at redhat dot com> wrote: