10082
Comment:
|
11246
Link to SalsaCI team
|
Deletions are marked like this. | Additions are marked like this. |
Line 6: | Line 6: |
= Users: Login and Registration = * [[DebianDeveloper|Debian Developers]] can login with their Debian email address * you need to use your official Debian email address in order to gain specific permissions for Debian Developers * Use password recovery on https://salsa.debian.org/users/sign_in to get a password for your account. Please don't use your Debian password. Salsa has its own password database. |
= Support = <<Include(Salsa/support)>> |
Line 12: | Line 9: |
* everyone else can register an account with an implicitly added suffix {{{-guest}}}. There is a a self service webfrontend for doing so at https://signup.salsa.debian.org/ |
= Users = |
Line 15: | Line 11: |
= Namespace concepts (Users, Teams) = | Register an account at https://salsa.debian.org/users/sign_in#register-pane |
Line 17: | Line 13: |
== Debian Developers == | == Unused accounts for DD before May 2020 == |
Line 19: | Line 15: |
Debian Developers get synced every 6 hours from LDAP and retain their Debian login as salsa username. | Before May 2020 all Debian Developers had accounts created for them using their Debian user name. Accounts that had never been used and never had a password set are deactivated. Those accounts can only be used after being activated properly. Please use any of the [[Salsa/Doc#Support|support channels]]. After being reactivated a new password can be set via the [[https://salsa.debian.org/users/password/new|password reset]]. |
Line 21: | Line 21: |
== External Users == To avoid clash with the Debian LDAP Usernames, external users get a suffix of -guest to their username. == Groups == |
= Groups = |
Line 31: | Line 27: |
== Collaborative Maintenance: "Debian" group == The `debian` group is for CollaborativeMaintenance (the old `collab-maint` on [[Alioth]]). The group is accessible to all Debian developers by default, who are automatically added with `Maintainer` access levels. Direct commits to repositories in the Debian group by any Debian developer are implicitly welcome. No pre-commit coordination (e.g. merge-request or mail) is expected. External users (non-Debian Developers) need to request write access to repositories inside `debian` group from a Debian developer they know, or their sponsor. Access should be granted to single projects and not the whole Debian group. Projects under `debian` group cannot be transferred or deleted by anyone except Salsa administrators. In case you need to delete a project or have it transferred out into other namespaces, please contact Salsa administrators via support channel. See [[#Support]] section for contact information. == Canonical URLs == The canonical URLs for use in `debian/control` are: {{{ Vcs-Browser: https://salsa.debian.org/<user-or-team>/<package> Vcs-Git: https://salsa.debian.org/<user-or-team>/<package>.git }}} where `<user-or-team>` is * '''alice''' for DD Alice Developer <alice@debian.org> * '''bob-guest''' for non-DD Bob Coder <bobc@example.com> * '''debian''' for the Debian/ namespace (the equivalent to collab-maint on alioth) * '''foobar-team''' for the Foobar Packaging Team You can instruct git to rewrite URLs into pushable ssh URLs: {{{ git config --global url."git@salsa.debian.org:".pushInsteadOf "https://salsa.debian.org/" }}} This will work for all salsa repositories checked out via https:// URLs in the present, past or future. You can also use a shortcut for all Salsa repositories: {{{ git config --global url."git@salsa.debian.org:".insteadOf salsa: }}} This way you can use a shorter commandline like this: {{{ git clone salsa:debian/htop }}} |
|
Line 33: | Line 69: |
A project = a repository. You can create several projects in the same namespace (user or group). Debian Developers are able to create projects in the Debian/ Namespace. It's the Salsa equivalent of 'collab-maint' on Alioth, and non-DDs (DMs or external contributors) need to be explicitly granted commit privileges for single projects. |
In GitLab, a project is one Git repository, and each Git repository needs a project. You can create several projects in the same namespace (user or group). |
Line 42: | Line 74: |
To do so, go the project settings → integrations → project services → email on push and configure the list of recipients you want to send emails to. | To do so, go the project settings → integrations → project services → emails on push and configure the list of recipients you want to send emails to. |
Line 46: | Line 78: |
Take into account that the current implementation sends a single mail per push with all commits lumped together, which makes it rather useless for any post-review workflow. This is tracked upstream at https://gitlab.com/gitlab-org/gitlab-ce/issues/19901. = Information on manipulating bugs by email = GitLab has quite a lot of [[https://docs.gitlab.com/ee/user/project/quick_actions.html|text commands aka "quick actions"]] which can be used when interacting with GitLab via email. Most things can be done via email by replying to the [[https://docs.gitlab.com/ee/workflow/notifications.html|email notifications]]. There are special email addresses for creating new [[https://docs.gitlab.com/ee/user/project/merge_requests/#create-new-merge-requests-by-email|merge requests]] and [[https://docs.gitlab.com/ee/user/project/issues/create_new_issue.html#new-issue-via-email|issues]] via email. |
|
Line 47: | Line 85: |
== Irker == | |
Line 52: | Line 90: |
* Default IRC URI: irc://irc.oftc.net:6667/ | * Default IRC URI: ircs://irc.oftc.net:6697/ |
Line 57: | Line 95: |
== KGB == KGB supports gitlab webhooks. To use the kgb instances provided by dam, tincho, and gregoa from salsa, set a webhook in your project: {{{http://kgb.debian.net:9418/webhook/?channel=<irc-channel-name-without-#>}}} For details, additional parameters, and helper scripts see the KGB documentation at https://salsa.debian.org/kgb-team/kgb/wikis/usage |
|
Line 60: | Line 106: |
-> integrations" and add a URL (see below), then click save. No secret | → Webhooks" and add a URL (see below), then click save. No secret |
Line 69: | Line 115: |
Replace SOURCENAME with the name of your sourcepackage and chose either close or tagpending, depending on the action you want to get. |
Replace SOURCENAME with the name of your source package and chose either close or tag pending, depending on the action you want to get. |
Line 72: | Line 118: |
= Hints for previous users of Alioth = ''Salsa'' provides services which partially replace some features of the former [[Alioth]] service. The following hints may help you to move your packaging collaboration effort from ''Alioth'' to ''Salsa''. |
You can ignore a branch or pattern, say wip/*, by providing the ignored-namespaces parameter. See the README in code for more details. |
Line 75: | Line 121: |
Many [[Alioth]] features are (intentionally) not provided by the ''Salsa'' platform. You may want to take a look at the [[Sprints/2017/Alioth/MeetingMinutes|related discussion during a sprint]] for the detailed reasons for this decision. | Code: https://salsa.debian.org/salsa/salsa-webhook. |
Line 77: | Line 123: |
{{{#!wiki important There is significant overlap between this section and the [[Alioth#Deprecation_of_Alioth]] documentation. Those should be merged, somehow. -- TheAnarcat <<DateTime(2017-09-23T18:41:36Z)>> }}} |
= Deployment keys = |
Line 81: | Line 125: |
== Custom Hooks == | For automating task FIXME |
Line 83: | Line 127: |
For security reasons it is not allowed to run arbitrary custom hooks on repositories. You may want to write yourself a webhook receiver and put your custom actions into such a one. |
= Runners = |
Line 87: | Line 129: |
Alternatively you may use the common webhook receiver or even enhance it with new features, see https://salsa.debian.org/salsa/webhook for details on it. |
Salsa provides [[https://docs.gitlab.com/ce/ci/runners/#shared-specific-and-group-runners|shared runners]] for all projects to use. All jobs without more specific tags run within a privileged Docker container on one-time-use VM. Outbound connections from the shared runner VMs are limited to http & https. |
Line 91: | Line 133: |
== Import git repository == | You may also add group runners for your group or specific runners and configure them for your project. |
Line 93: | Line 135: |
This is currently done by hand but Christopher Berg's wrote a handy [[http://www.df7cb.de/blog/2017/Salsa_batch_import.html|batch import script]] that you can use to import your projects semi-automatically. | Configuration files and tools are maintained by the [[Teams/SalsaCI|SalsaCI team]] |
Line 95: | Line 137: |
== Import non-git version control repository == Only git repositories are supported by the ''Salsa'' platform. |
= Web page hosting = |
Line 98: | Line 139: |
You may want to take a look at the [[Sprints/2017/Alioth/MeetingMinutes/VCS|reasons for not supporting other version control systems]] within ''Salsa''. == Import mailing list == ''Salsa'' does not offer any mailinglist features on its own (see [[Sprints/2017/Alioth/MeetingMinutes/Mailinglists|discussion]]). There are, however, discussions about migrating the old Alioth lists in [[Alioth/MailingListContinuation]]. Some mailing lists that were formerly hosted on Alioth may be eligible for being hosted on [[https://lists.debian.org|lists.debian.org]]. The lists eligible for migration must follow the requirements outlined on the [[https://www.debian.org/MailingLists/HOWTO_start_list|"How to ask a mailing list" guide]]. The process is also the same as outlined on the guide. The following kind of lists are probably acceptable for [[https://lists.debian.org|lists.debian.org]]: * The list is expected to be useful, to have a purpose and an audience. * Public discussion or support lists are probably OK. * Commit or bug notifications lists are not OK. You should use the dedicated features of gitlab instead. If you're interested in a package's bug, you're expected to subscribe to it using the [[http://bugs.debian.org/|BTS]] features. Short version: file a bug on the [[https://bugs.debian.org/lists.debian.org|pseudo-package lists.debian.org]] with the severity 'wishlist', with the following information: * List Name * Rationale (why do you need this list, stating that you had one on Alioth is not enough!) * Short Description (for display in list indices) * Long Description (targeted to people that need to decide if they want to join) * Category Lists migrated from Alioth are expected to be open, that is: * Open Subscription Policy (no closed lists) * Open Post Policy (anybody can post) * Open Archive If you do want the archive and/or the subscribers to be imported into your new mailing list, please: * on alioth, using your ssh access, run 'sudo /usr/local/bin/export-list <mailing_list_name>' to get gzipped tar archive (on stdout) containing: * mbox file of the archive * subscribers list in simple text file * import the resulting mbox file in your favorite e-mail reader and clean the spam, * attach the compressed archive and/or the list of subscribers to your request. Also, please understand that the requirements and features for lists on lists.debian.org are not the same as for a mailing list on Alioth, and the listmaster might reject your request. Lists.debian.org is not supposed to replace all mailing lists and aliases on Alioth. == Import members of a team == It is not possible to transfer the members of an Alioth team to ''Salsa''. You will need to ask the members of your team to join your team on ''Salsa'' individually. == Host project web pages == Gitlab offer the "Gitlab Pages" feature, and it is enabled on Salsa both as '''`https://pages.debian.net/<namespace>/<project>`''' or '''`http://<namespace>.pages.debian.net/<project>`''' |
Gitlab offer the "Gitlab Pages" feature, and it is enabled on Salsa as '''`https://<namespace>.pages.debian.net/<project>`''' |
Line 140: | Line 143: |
See https://docs.gitlab.com/ce/user/project/pages/index.html for a detailed documentation and HOWTOs. | See [[https://docs.gitlab.com/ce/user/project/pages/|the official documentation]] for details. Note that hosting pages on arbitrary domains — whilst [[https://docs.gitlab.com/ee/user/project/pages/getting_started_part_three.html|supported by upstream]] — is not supported on Salsa due to lack of bandwidth within [[Teams/DSA|DSA]] to support that feature (see [[https://rt.debian.org/Ticket/Display.html?id=7045|RT #7045]]). |
Line 142: | Line 145: |
* '''''Note:''' there is no SSL for <namespace>.pages.debian.net, since Let's Encrypt doesn't provide wildcard certificates yet.'' | [[ChrisLamb]] has created a number of [[https://lamby.pages.debian.net/salsa-ribbons/||Github-esque "fork me on Salsa" image ribbons]] that you can add to your site. |
Line 144: | Line 147: |
Should you want to access the pages with your own domain name and your own certificate, it is possible via ''''Settings > Pages > New Domain'''' in your project. | {{{#!wiki note https://<namespace>.pages.debian.net should work, thanks to Let's Encrypt new [[https://letsencrypt.org/2017/07/06/wildcard-certificates-coming-jan-2018.html|wildcard certificate support]]. }}} |
Line 146: | Line 151: |
=== Quick start === | == Quick start == |
Line 148: | Line 153: |
1. On your project Home, use '''`Set up CI`''' button | 1. On your project Home, use '''`Set up CI/CD`''' button. (If your project is empty, select '''`New file`''' instead.) |
Line 151: | Line 156: |
* '''''Note:''' To limit the load on Runners, we limit the actual runs on projects tagged with "pages". So you need to add it to your .gitlab-ci.yml: '' {{{ tags: - pages |
1. Push something to the repository. You will see there is a CI Job pending 1. Wait a few minutes for the job to run. When it's '''`Passed`''' you can see your pages at https://<namespace>.pages.debian.net/<project>/) {{{#!wiki important Even though we plan to support simple page generators like Jekyll or Hugo in the future, in most cases, you should content yourself with the `HTML` template, and generate the pages locally to push them afterward, in order to save the resources on the runner. Some templates might require commands not available on the server anyway. |
Line 155: | Line 162: |
1. Push something to the repository. You will see there is a CI Job pending 1. Wait a few minutes for the job to run. When it's '''`Passed`''' you can see your pages at https://pages.debian.net/<namespace>/project (or http://<namespace>.pages.debian.net/<project>/) |
|
Line 158: | Line 163: |
* '''''Note:''' Even though we plan to support simple page generators like Jekyll or Hugo in the future, in most cases, you should content yourself with the `HTML` template, and generate the pages locally to push them afterward, in order to save the resources on the runner. Some templates might require commands not available on the server anyway.'' * '''''Note 2: We mean that. Really.''' Be nice to the server. At some point in the future we hope to add some dedicated Runners servers - Sponsors welcome! ;).'' |
{{{#!wiki important '''We mean that. Really.''' Be nice to the server. ;) }}} |
Line 161: | Line 167: |
'''important''': (at least for static pages deployment) your artifacts must be stored in a directory named `public/`; if they are currently in a different location, use the `script` section in `.gitlab-ci.yml` to create that dir and copy the content there. | |
Line 164: | Line 171: |
== Hints for previous users of Alioth == See [[Salsa/AliothMigration]]. = API Usage Best practises = * if you want to know if a project exists, access the project by name, authenticated, if you get a 404 then it doesn't exists. * do not search for getting an id. If you need the id, access the project by name and use path-encoding https://docs.gitlab.com/ee/api/#namespaced-path-encoding * do not request all projects in a group unless you really have. If you really have to get the list, for i.e. looping, use simple=true (https://docs.gitlab.com/ee/api/groups.html#list-a-group-s-projects). * Implement proper pagination, please do not just requests a few hundreds elements per page * set an `User-Agent` header with information about the project; don't make requests with generic user agent headers * if you use a lib, ensure the lib does implement the api properly * do not run extensive jobs too often * please consider to use vcswatch or other data gathering projects * do not regularly poll things * if in doubt, talk to us before you code and talk to us before you put your code into production = SSH Host Keys = When connecting to Salsa to fetch or push a Git repo for the first time, it is essential to verify host's `ssh` keys. The keys for Salsa have been published as SSHFP DNS records as well as in the Debian [[https://db.debian.org/debian_known_hosts|known_hosts]] file. This is a one time operation. From now on ssh will trust the keys in the local `known_hosts` file. |
Contents
Salsa Documentation
Salsa is a collaborative development platform within Debian.
Support
In case you encounter any problems with Salsa, to get support you may want to join us:
at #salsa on OFTC (webchat)
or create an issue in our support tracker
or send a mail to salsa-admin@debian.org.
... they may help you.
Users
Register an account at https://salsa.debian.org/users/sign_in#register-pane
Unused accounts for DD before May 2020
Before May 2020 all Debian Developers had accounts created for them using their Debian user name. Accounts that had never been used and never had a password set are deactivated. Those accounts can only be used after being activated properly. Please use any of the support channels. After being reactivated a new password can be set via the password reset.
Groups
Users and Group share the same namespace. To prevent clashes with usernames we enforce groups to a '-team' suffix, with the exception being the 'Debian' group, of which all Debian Developers are members.
To create a group, log in and go to the team registration page. There is also a link to it from the registration page: if you're not logged in yet, you will be asked to do so and be redirected afterwards.
Collaborative Maintenance: "Debian" group
The debian group is for CollaborativeMaintenance (the old collab-maint on Alioth). The group is accessible to all Debian developers by default, who are automatically added with Maintainer access levels. Direct commits to repositories in the Debian group by any Debian developer are implicitly welcome. No pre-commit coordination (e.g. merge-request or mail) is expected.
External users (non-Debian Developers) need to request write access to repositories inside debian group from a Debian developer they know, or their sponsor. Access should be granted to single projects and not the whole Debian group.
Projects under debian group cannot be transferred or deleted by anyone except Salsa administrators. In case you need to delete a project or have it transferred out into other namespaces, please contact Salsa administrators via support channel. See #Support section for contact information.
Canonical URLs
The canonical URLs for use in debian/control are:
Vcs-Browser: https://salsa.debian.org/<user-or-team>/<package> Vcs-Git: https://salsa.debian.org/<user-or-team>/<package>.git
where <user-or-team> is
alice for DD Alice Developer <alice@debian.org>
bob-guest for non-DD Bob Coder <bobc@example.com>
debian for the Debian/ namespace (the equivalent to collab-maint on alioth)
foobar-team for the Foobar Packaging Team
You can instruct git to rewrite URLs into pushable ssh URLs:
git config --global url."git@salsa.debian.org:".pushInsteadOf "https://salsa.debian.org/"
This will work for all salsa repositories checked out via https:// URLs in the present, past or future.
You can also use a shortcut for all Salsa repositories:
git config --global url."git@salsa.debian.org:".insteadOf salsa:
This way you can use a shorter commandline like this:
git clone salsa:debian/htop
Projects and Repositories
In GitLab, a project is one Git repository, and each Git repository needs a project. You can create several projects in the same namespace (user or group).
Email notifications
Every project owner can enable "email on push". To do so, go the project settings → integrations → project services → emails on push and configure the list of recipients you want to send emails to.
In particular, to forward emails to tracker.debian.org, you should add dispatch@tracker.debian.org to the recipients (or, if for some not good reason the project name is not the name of the source package, dispatch+${package}_vcs@tracker.debian.org (where ${package} is the source package name)).
Take into account that the current implementation sends a single mail per push with all commits lumped together, which makes it rather useless for any post-review workflow. This is tracked upstream at https://gitlab.com/gitlab-org/gitlab-ce/issues/19901.
Information on manipulating bugs by email
GitLab has quite a lot of text commands aka "quick actions" which can be used when interacting with GitLab via email. Most things can be done via email by replying to the email notifications. There are special email addresses for creating new merge requests and issues via email.
IRC notifications
Irker
Alexander Wirt is sponsoring an Irker instance. It can be enabled with the irker integration available under Settings/Integrations/Irker. Please use the following settings:
- Server host: ruprecht.snow-crash.org
- Server port: 6659
Default IRC URI: ircs://irc.oftc.net:6697/
Under recipients add a newline separated list of recipients/channels. If your channel is protected by a key, use the syntax channel-name?key=whatever omitting the leading # sign (failing to omit the # sign will result in Irker joining a channel literally named #channel-name?key=whatever and doing so making your channel key public as it is visible in the bot's /whois.
Currently only Push events are supported.
KGB
KGB supports gitlab webhooks. To use the kgb instances provided by dam, tincho, and gregoa from salsa, set a webhook in your project:
http://kgb.debian.net:9418/webhook/?channel=<irc-channel-name-without-#>
For details, additional parameters, and helper scripts see the KGB documentation at https://salsa.debian.org/kgb-team/kgb/wikis/usage
Dealing with Debian BTS from commit messages
We run a webhook receiver that can modify the Debian BTS based on commit messages. If you want to use it, go to your project, "Settings → Webhooks" and add a URL (see below), then click save. No secret token is needed, and currently it only deals with push events.
Possible URLs:
https://webhook.salsa.debian.org/close/SOURCENAME https://webhook.salsa.debian.org/tagpending/SOURCENAME
Replace SOURCENAME with the name of your source package and chose either close or tag pending, depending on the action you want to get.
You can ignore a branch or pattern, say wip/*, by providing the ignored-namespaces parameter. See the README in code for more details.
Code: https://salsa.debian.org/salsa/salsa-webhook.
Deployment keys
For automating task FIXME
Runners
Salsa provides shared runners for all projects to use. All jobs without more specific tags run within a privileged Docker container on one-time-use VM. Outbound connections from the shared runner VMs are limited to http & https.
You may also add group runners for your group or specific runners and configure them for your project.
Configuration files and tools are maintained by the SalsaCI team
Web page hosting
Gitlab offer the "Gitlab Pages" feature, and it is enabled on Salsa as https://<namespace>.pages.debian.net/<project>
This feature makes use of Gitlab-CI to generate static pages in a public directory, on every push.
See the official documentation for details. Note that hosting pages on arbitrary domains — whilst supported by upstream — is not supported on Salsa due to lack of bandwidth within DSA to support that feature (see RT #7045).
ChrisLamb has created a number of https://lamby.pages.debian.net/salsa-ribbons/ that you can add to your site.
https://<namespace>.pages.debian.net should work, thanks to Let's Encrypt new wildcard certificate support.
Quick start
On your project Home, use Set up CI/CD button. (If your project is empty, select New file instead.)
Choose a Gitlab CI Yaml template (Pages templates are at the end)
- Edit the template to suit your needs and save it
- Push something to the repository. You will see there is a CI Job pending
Wait a few minutes for the job to run. When it's Passed you can see your pages at https://<namespace>.pages.debian.net/<project>/)
Even though we plan to support simple page generators like Jekyll or Hugo in the future, in most cases, you should content yourself with the HTML template, and generate the pages locally to push them afterward, in order to save the resources on the runner. Some templates might require commands not available on the server anyway.
We mean that. Really. Be nice to the server.
important: (at least for static pages deployment) your artifacts must be stored in a directory named public/; if they are currently in a different location, use the script section in .gitlab-ci.yml to create that dir and copy the content there.
Getting Help
See the Salsa maintenance description.
Hints for previous users of Alioth
API Usage Best practises
- if you want to know if a project exists, access the project by name, authenticated, if you get a 404 then it doesn't exists.
do not search for getting an id. If you need the id, access the project by name and use path-encoding https://docs.gitlab.com/ee/api/#namespaced-path-encoding
do not request all projects in a group unless you really have. If you really have to get the list, for i.e. looping, use simple=true (https://docs.gitlab.com/ee/api/groups.html#list-a-group-s-projects).
- Implement proper pagination, please do not just requests a few hundreds elements per page
set an User-Agent header with information about the project; don't make requests with generic user agent headers
- if you use a lib, ensure the lib does implement the api properly
- do not run extensive jobs too often
- please consider to use vcswatch or other data gathering projects
- do not regularly poll things
- if in doubt, talk to us before you code and talk to us before you put your code into production
SSH Host Keys
When connecting to Salsa to fetch or push a Git repo for the first time, it is essential to verify host's ssh keys. The keys for Salsa have been published as SSHFP DNS records as well as in the Debian known_hosts file. This is a one time operation. From now on ssh will trust the keys in the local known_hosts file.