[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#940930: devscripts: add new script for self-service give-backs

Package: devscripts
Severity: wishlist
X-Debbugs-CC: Philiip Kern <pkern@debian.org>, debian-wb-team@lists.debian.org

Please add a new script for contributors to do self-service give-backs
from the command-line, perhaps something like this:

   wanna-build-sso gb --packages foo bar baz --architectures amd64 i386 --suites unstable experimental

Here is a copy of the announcement and blog post for your reference:


   Self-service buildd givebacks

    Philipp Kern has created[1] an *experimental* service that allows Debian
    members to perform self-service retries of failed package builds (aka
    give-backs). This service aims to reduce the time it takes for give-back
    requests to be processed, which was done manually by the wanna-build
    admins until now. The service is authenticated using the Debian Single
    Signon[2] service. Debian members are still expected to act responsibly
    when looking at build failures; do your due diligence and try reproducing
    the issue on a porterbox first. Access to this service is logged and logs
    will be audited by the admins.

     -- Paul Wise

    [1] https://debblog.philkern.de/2019/08/alpha-self-service-buildd-givebacks.html
    [2] https://sso.debian.org/


    Alpha: Self-service buildd givebacks

   Builds on Debian's build farm sometimes fail transiently. Sometimes
   those failures are legitimate flakes, for instance when an in-
   progress build happens to exhaust its resources because of other
   builds on the same machine. Until now, you always needed to mail the
   buildd, wanna-build admins or the Release Team directly in order to
   get the builds re-queued.

   As an alpha trial I implemented self-service givebacks as a web
   script. As SSO for Debian developers is now a thing, it is trivial
   to add authentication in a way that a role account can use to act on
   your behalf. While at work this would all be an RPC service, I
   figured that a little CGI script would do the job just as well. So
   lo and behold, accessing
   with the right parameters set:

      You are authenticated as pkern. ✓
      Working on package fife, suite sid and architecture mipsel. ✓
      Package version 0.4.2-1 in state Build-Attempted, can be given back. ✓
      Successfully given back the package. ✓

   Note that you need to be a Debian developer with a valid SSO client
   certificate to access this service.

   So why do I say alpha? We still expect Debian developers to act
   responsibly when looking at build failures. A lot of times there is
   a legitimate bug in the package and the last thing we would like to
   see as a project is someone addressing flakiness by continuously
   retrying a build. Access to this service is logged. Most people
   coming to us today did their due diligence and tried reproducing the
   issue on a porterbox. We still expect these things to happen but
   this aims to cut on the round-trip time until an admin gets around
   to process your request, which have been longer than necessary
   recently. We will audit the logs and see if particular packages
   stand out.

   There can also still be bugs. Please file them against
   buildd.debian.org when you see them. Please include a copy of the
   output, which includes validation and important debugging
   information when requests are rejected. Also this all only works for
   packages in Build-Attempted. If the build has been marked as Failed
   (which is a manual process), you still need to mail us. And lastly
   the API can still change. Luckily the state change can only happen
   once, so it's not much of a problem for the GET request to be
   retried. But it should likely move to POST anyhow. In that case I
   will update this post to reflect the new behavior.

   Thanks to DSA for making sure that I run the service sensibly using
   a dedicated role account as well as WSGI and doing the work to set
   up the necessary bits.



Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: