commit ce28d72f54588e26e2db0dba132cc428a704a865
Merge: 149e9f938 0c75b58c0
Author: Colin Watson <cjwatson@debian.org>
Date: Fri May 15 09:25:07 2026 +0000
Enable Ruff UP007, UP037, and UP045 (MR !3042)
This MR enables Ruff’s modern typing upgrade rules (`UP007`, `UP037`, and `UP045`) and updates the affected annotations to use modern Python typing syntax compatible with the project’s Python 3.13+ requirement.
Merge-Request: https://salsa.debian.org/freexian-team/debusine/-/merge_requests/3042
commit 0c75b58c0fd9c0d9680d61294b217bbf8d2cf84d
Author: Nikil Paul S <snikilpaul@gmail.com>
Date: Fri May 15 06:24:01 2026 +0000
Remove UP007 and UP045
commit 318201c161d619bea11d8959bba82041f1d9086c
Author: Nikil Paul S <snikilpaul@gmail.com>
Date: Fri May 15 06:08:55 2026 +0000
Remove UP037
commit 149e9f9386d12e687830e6e95c4264853c0f2bba
Merge: 0e9a32094 cd7ebffb8
Author: Carles Pina i Estany <carles@pina.cat>
Date: Thu May 14 13:26:36 2026 +0000
debusine.client: workspace inheritance: refactor YAML edit/apply error handling (related: #1271) (MR !3023)
collection relation: print the new relation after setting it with the editor
Merge-Request: https://salsa.debian.org/freexian-team/debusine/-/merge_requests/3023
commit cd7ebffb8544ae806d2d638e358948e51c0487eb
Author: Carles Pina i Estany <carles@pina.cat>
Date: Thu May 7 15:48:32 2026 +0100
debusine.client: workspace inheritance: refactor YAML edit/apply error handling
collection relation: print the new relation after setting it with the editor
commit 0e9a32094a49d61963470876a6a054447c460ce3
Merge: 1e60cf9a9 5aa21bae5
Author: Colin Watson <cjwatson@debian.org>
Date: Thu May 14 10:42:48 2026 +0000
Enforce work request specific Artifact permissions (MR !3034)
Merge-Request: https://salsa.debian.org/freexian-team/debusine/-/merge_requests/3034
commit 5aa21bae507fbf213d6533257549f8f8210ae09b
Author: Colin Watson <cjwatson@debian.org>
Date: Thu May 14 11:11:27 2026 +0100
Add news fragment
commit fa0830b4ea2f667a902a8cb0e2d9a3d1eab5a616
Author: Colin Watson <cjwatson@debian.org>
Date: Thu May 14 11:09:40 2026 +0100
Retroactively add news fragment for !3032
commit bdb017acd2b6e8eadfcb7051d93afd91b000a92d
Author: Enrico Zini <enrico@enricozini.org>
Date: Tue May 12 17:13:05 2026 +0200
Enforce work request specific Artifact permissions
commit 1e60cf9a93d662aeb2fac594070182c1b7183ffa
Merge: 30ed86a1e 48d6bd3b7
Author: Enrico Zini <enrico@debian.org>
Date: Wed May 13 20:28:55 2026 +0000
Disallow worker tokens, allow work request tokens (MR !3032)
This partly supersedes !2959
Merge-Request: https://salsa.debian.org/freexian-team/debusine/-/merge_requests/3032
commit 48d6bd3b78140144db4a0729c1facee05d88cc80
Author: Enrico Zini <enrico@enricozini.org>
Date: Wed May 13 18:59:09 2026 +0200
Removed unneeded permissions
commit 30ed86a1e40ef20ddd26b7c6344aba2337f4a1de
Merge: 5acc426ca 05d55b01b
Author: Colin Watson <cjwatson@debian.org>
Date: Tue May 12 19:25:49 2026 +0000
Further optimize join strategies in workflow tables (MR !3031)
Django's `__in` lookup operator clears the ordering from subqueries "if
the query allows that without side effects". Adding `DISTINCT ON` to
the subquery is the simplest way to suppress that, and means that the
optimization I attempted in c361ffc60abe8e677965c6c207f3374064ef912d is
actually effective.
Part of #1206.
Merge-Request: https://salsa.debian.org/freexian-team/debusine/-/merge_requests/3031
commit c666f781d40d45f8882a9e5390b5dd31a47dbfe7
Author: Enrico Zini <enrico@enricozini.org>
Date: Tue May 12 14:02:52 2026 +0200
Remove Allow.ALWAYS
commit 4ccecbf9f6a7bc391da48c5b955acdc65dd57e0c
Author: Enrico Zini <enrico@enricozini.org>
Date: Tue May 12 13:07:58 2026 +0200
Disallow worker tokens in favour of work request tokens
commit 05d55b01b565df8f6b249340acf2579e00a48fbc
Author: Colin Watson <cjwatson@debian.org>
Date: Tue May 12 13:03:14 2026 +0100
Further optimize join strategies in workflow tables
Django's `__in` lookup operator clears the ordering from subqueries "if
the query allows that without side effects". Adding `DISTINCT ON` to
the subquery is the simplest way to suppress that, and means that the
optimization I attempted in c361ffc60abe8e677965c6c207f3374064ef912d is
actually effective.
Part of #1206.
commit 5acc426ca5964ddce247e8a2baef91eb158ab088
Merge: d8c865b88 cc2ee660d
Author: Enrico Zini <enrico@debian.org>
Date: Mon May 11 19:29:05 2026 +0000
Restructure PermissionContext to match the elements currently used for authorization (MR !3028)
Merge-Request: https://salsa.debian.org/freexian-team/debusine/-/merge_requests/3028
commit d8c865b8873d2f87a3846b0f4f6258037fa57875
Merge: 79cfa9b74 ee459ae1a
Author: Enrico Zini <enrico@debian.org>
Date: Mon May 11 18:48:17 2026 +0000
Pass PermissionContext instead of PermissionUser to permission predicates (MR !3015)
This MR includes Colin's !3003 as GitLab doesn't support building on top of it.
This is as much as possible a bare refactoring of the status quo, intended to be a base from which to actual start implementing intended changes.
For simplicity it restores the fact that permission predicates may need to deal with user being `None`. The relevant assertions are easy to grep, and my intention is to think through them for furhter consolidation after this perspective shift
Merge-Request: https://salsa.debian.org/freexian-team/debusine/-/merge_requests/3015
commit cc2ee660d022c5c4b18e8f2961d71128f9186e45
Author: Enrico Zini <enrico@enricozini.org>
Date: Mon May 11 20:47:22 2026 +0200
Added overloads for PermissionContext.for_work_request
commit 443aa6d2fd0b471d8e214332b37a55535c9f97c7
Author: Enrico Zini <enrico@enricozini.org>
Date: Mon May 11 14:25:13 2026 +0200
Simplify code now that we have pc.work_request
commit 5b8ebd6e8a0918dc4f48ccee0cab724218120a4a
Author: Enrico Zini <enrico@enricozini.org>
Date: Mon May 11 14:17:08 2026 +0200
Remove bits that dealt with pc.user possibly being None
commit a0529c8341bc882c294eb29005bf25b2a1518bcd
Author: Enrico Zini <enrico@enricozini.org>
Date: Fri May 8 10:06:49 2026 +0200
Use unified use-specific methods to set up context. context.user now is never None
commit d7e5869b3879b202c1de4ef2d6dc3c0a4aeb99db
Author: Enrico Zini <enrico@enricozini.org>
Date: Wed May 6 11:13:27 2026 +0200
Make the application context contain a PermissionContext instead of being it
commit 79cfa9b744c6a243506544db2540d1b91e7b59d7
Merge: 0c9a893d4 6e9e2aad7
Author: Colin Watson <cjwatson@debian.org>
Date: Mon May 11 15:59:15 2026 +0000
Fix stuck workers when failing to mark work requests as completed (MR !3027)
This is a bit fiddly because the transaction may have been aborted, so
we need to take care to do the retry in a separate transaction.
Fixes: #1462
Closes #1462
Merge-Request: https://salsa.debian.org/freexian-team/debusine/-/merge_requests/3027
commit ee459ae1ad782c5164109ff2bd9dfb59c772903d
Author: Enrico Zini <enrico@enricozini.org>
Date: Wed May 6 10:41:04 2026 +0200
Document token types
commit fde442ebb8262c5221df8d8892540ac2f8f91181
Author: Enrico Zini <enrico@enricozini.org>
Date: Wed May 6 10:06:11 2026 +0200
Use request.user instead of context.user in views
commit 18f7ade1aaf6aff7d400dfed9c3a55f3324192f9
Author: Enrico Zini <enrico@enricozini.org>
Date: Tue May 5 10:48:29 2026 +0200
Refactored permission predicates passing a self-contained RequestContext instead of a mix of a user and token info from the application context
commit 639bf37bd28a89b86f283600886e252129a4fb13
Author: Enrico Zini <enrico@enricozini.org>
Date: Mon May 4 17:35:15 2026 +0200
Moved PermissionUser to debusine.db.permissioncontext, and add a PermissionContext
commit 6e9e2aad7f4456c1f5ca1d19c3c0cbf59e9de210
Author: Colin Watson <cjwatson@debian.org>
Date: Mon May 11 12:23:36 2026 +0100
Fix stuck workers when failing to mark work requests as completed
This is a bit fiddly because the transaction may have been aborted, so
we need to take care to do the retry in a separate transaction.
Fixes: #1462
commit 0c9a893d4526fb7e3d8e1eda872542d5b7b8ca76
Merge: cb24f5695 d6971b4f1
Author: Colin Watson <cjwatson@debian.org>
Date: Sun May 10 13:51:37 2026 +0000
Update the total size of file stores via a journal table (MR !3024)
This means that transactions don't block on other transactions that are
adding files to the same store.
Fixes: #1459
Closes #1459
Merge-Request: https://salsa.debian.org/freexian-team/debusine/-/merge_requests/3024
commit cb24f569533e99686643827e2504db71f3f2f1b9
Merge: e639b51e3 e0a651b4f
Author: Colin Watson <cjwatson@debian.org>
Date: Sun May 10 13:50:57 2026 +0000
vacuum_storage: Reduce database queries performed during full scans (MR !3026)
I happened to notice that the method to get entries for all files in the
database makes one query per file, and that this could be easily
avoided. `debusine-admin vacuum_storage` calls this method twice per
store, so this should be a substantial saving for large stores.
Part of #724.
Merge-Request: https://salsa.debian.org/freexian-team/debusine/-/merge_requests/3026
commit e639b51e32438fcf5c6963aed83068b13c8051d3
Merge: f613fc7db 150971b16
Author: Stefano Rivera <stefanor@debian.org>
Date: Fri May 8 14:00:20 2026 +0000
Handle race in task statistics collection in unshare backend. (MR !3020)
The other implementation (only `incus` implements it) looks like it already handles this kind of problem. And has a test to cover that already.
So, I think the right thing to do is not add a general exception swallower, but simply fix the bug.
Fixes: #1458
Closes #1458
Merge-Request: https://salsa.debian.org/freexian-team/debusine/-/merge_requests/3020
commit 150971b16124250a801ad90828520c1617277ab5
Author: Stefano Rivera <stefano@freexian.com>
Date: Wed May 6 17:50:41 2026 -0400
Handle race in task statistics collection in unshare backend.
Fixes: #1458
commit e0a651b4f06506c44203b536d03d18a6e55cd56f
Author: Colin Watson <cjwatson@debian.org>
Date: Fri May 8 13:42:25 2026 +0100
vacuum_storage: Reduce database queries performed during full scans
I happened to notice that the method to get entries for all files in the
database makes one query per file, and that this could be easily
avoided. `debusine-admin vacuum_storage` calls this method twice per
store, so this should be a substantial saving for large stores.
Part of #724.
commit f613fc7db15287667b14d7bd0847963c43064a72
Merge: 72bc3b66b 513da01d7
Author: Colin Watson <cjwatson@debian.org>
Date: Fri May 8 09:46:21 2026 +0000
pre-commit: Upgrade to ruff 0.15.12 (MR !3025)
Merge-Request: https://salsa.debian.org/freexian-team/debusine/-/merge_requests/3025
commit 72bc3b66b1e0c9ea05d7e49c0c3f005c3f37572d
Merge: 09c7bc54d 52db675db
Author: Colin Watson <cjwatson@debian.org>
Date: Fri May 8 09:45:10 2026 +0000
Set user token in context (MR !3003)
Part of #1392, since that will introduce more cases where we need to
inspect tokens in permission predicates.
Merge-Request: https://salsa.debian.org/freexian-team/debusine/-/merge_requests/3003
commit 513da01d792b86efe1a368c6d8255365fe63e8b7
Author: Colin Watson <cjwatson@debian.org>
Date: Fri May 8 02:13:59 2026 +0100
pre-commit: Upgrade to ruff 0.15.12
commit d6971b4f1e1ec707e8a1c309da9b459ec2e8392e
Author: Colin Watson <cjwatson@debian.org>
Date: Thu May 7 18:20:51 2026 +0100
Update the total size of file stores via a journal table
This means that transactions don't block on other transactions that are
adding files to the same store.
Fixes: #1459
commit 09c7bc54d98e8a4e92f640e7d9e6f2974fcc1be0
Merge: 74cc5666c 1907526cc
Author: Carles Pina i Estany <carles@pina.cat>
Date: Thu May 7 13:31:54 2026 +0000
Suite relationships client (MR !2996)
Merge-Request: https://salsa.debian.org/freexian-team/debusine/-/merge_requests/2996
commit 74cc5666cf341da2d5bc18b9c5f6d04432758fe2
Merge: fc3d42c6d af3a02d49
Author: Carles Pina i Estany <carles@pina.cat>
Date: Thu May 7 13:30:32 2026 +0000
Quote workspace workflow template name path (MR !3022)
Merge-Request: https://salsa.debian.org/freexian-team/debusine/-/merge_requests/3022
commit fc3d42c6d96ddc9662a57b4282e71bbea64a2777
Merge: 89c37ebe8 ccccc92cb
Author: Colin Watson <cjwatson@debian.org>
Date: Thu May 7 12:37:26 2026 +0000
Optimize subqueries used in workflow views (MR !3021)
This should trim seconds off some of the slow workflow list cases seen in #1206. There's no semantic difference, but adding `ORDER BY` to some subqueries and refactoring role checks to use `EXISTS` rather than `IN` produces significantly better query plans.
Part of #1206.
Merge-Request: https://salsa.debian.org/freexian-team/debusine/-/merge_requests/3021
commit af3a02d49858ad1d4be78daac7aa29d8c9f2668d
Author: Carles Pina i Estany <carles@pina.cat>
Date: Thu May 7 13:17:38 2026 +0100
Debusine.workflow_template_get(): avoid quoating workflow template's name twice
commit d19331911ff85da7335448cdf2546067054eb455
Author: Carles Pina i Estany <carles@pina.cat>
Date: Thu May 7 13:14:49 2026 +0100
Debusine.artifact_get(): quote "workspace" in path
commit ccccc92cb49fb03d13d1e9bbd135d133041edeb6
Author: Colin Watson <cjwatson@debian.org>
Date: Thu May 7 12:53:39 2026 +0100
Optimize subqueries used for role filtering
The previous approach caused PostgreSQL to fetch all rows where the user
has the role, deduplicate them, and then internally join the main query
against the results. This could be quite slow if there were a lot of
matching rows, and it's unnecessary since all we care about is whether
the user has the role on each of the particular rows being considered by
the main query. `EXISTS` is the right tool for the job here, and
performs an order of magnitude better in some common cases.
Part of #1206.
commit c361ffc60abe8e677965c6c207f3374064ef912d
Author: Colin Watson <cjwatson@debian.org>
Date: Thu May 7 12:48:39 2026 +0100
Optimize join strategies in workflow tables
Adding `ORDER BY` to these subqueries causes PostgreSQL to use a merge
join rather than a nested loop join, which is much faster for large
result sets.
Part of #1206.
commit 89c37ebe850caa5c172d473a46c71d5cdce73670
Merge: 04b22f8a2 6920a1b02
Author: Stefano Rivera <stefanor@debian.org>
Date: Wed May 6 21:30:04 2026 +0000
refactor: restrict artifact creation to registered categories (MR !2944)
following up on #173 and the discussion as in https://salsa.debian.org/freexian-team/debusine/-/merge_requests/2773#note_733280.
this change restricts artifact creation to only registered categories (from `LocalArtifact.artifact_categories()`). Previously, unknown categories were allowed and skipped validation
now:
- Artifact creation fails for unknown categories
- Validation (`full_clean`) is always applied
Tests were updated to replace the unregistered "testing" category with the registered "debusine:test" artifact and to use valid data for it.
This ensures that all created artifacts are validated and consistent.
closes #1390.
Closes #1390
Merge-Request: https://salsa.debian.org/freexian-team/debusine/-/merge_requests/2944
commit 6920a1b024022b74dcd7730f15afd5ae9c764dce
Author: Ayush Sharma <ayushhardeniya.grid@gmail.com>
Date: Thu May 7 03:00:04 2026 +0530
refactor: restrict artifact creation to registered categories
commit 1907526cc34d78ac94fea61c390cb8dc1478b01f
Author: Carles Pina i Estany <carles@pina.cat>
Date: Thu Apr 30 13:32:32 2026 +0100
Adjust blueprint (align CLI options with the blueprint's requirements)
commit 47f8289cc23aa0dea36f1a8b8dffb7f8ea7d8536
Author: Carles Pina i Estany <carles@pina.cat>
Date: Tue Apr 28 16:46:00 2026 +0100
Suite relationships: add client support for listing and editing the relationships
commit bdfb08e2aa5fbe81e26c7bfcce6d191e2c624111
Author: Carles Pina i Estany <carles@pina.cat>
Date: Tue Apr 28 16:44:27 2026 +0100
Suite relationships: add server support for listing and setting the relationships
commit 04b22f8a2a33da738d69e82a8ae6d791fe90792d
Merge: cb4386aae 1245556ea
Author: Carles Pina i Estany <carles@pina.cat>
Date: Wed May 6 15:13:30 2026 +0000
collection-detail.html: add "suite-based-on" (MR !3010)
Merge-Request: https://salsa.debian.org/freexian-team/debusine/-/merge_requests/3010
commit cb4386aae7473373e4ba17b3632a3b877dff5f1a
Merge: 57dd4bd89 61a72f9a7
Author: Colin Watson <cjwatson@debian.org>
Date: Wed May 6 12:36:25 2026 +0000
Use Debusine-Linkcheck User-Agent for wiki.debian.org (MR !3018)
Otherwise we now run into anti-scraper challenges.
Merge-Request: https://salsa.debian.org/freexian-team/debusine/-/merge_requests/3018
commit 61a72f9a78d666f289adfaddc2a883a26c0c9bda
Author: Colin Watson <cjwatson@debian.org>
Date: Wed May 6 10:45:46 2026 +0100
Use Debusine-Linkcheck User-Agent for wiki.debian.org
Otherwise we now run into anti-scraper challenges.
commit 1245556ead6b73daf0dbda5d074139c086fc7b74
Author: Carles Pina i Estany <carles@pina.cat>
Date: Mon Mar 30 10:57:25 2026 +0100
collection-detail.html: add "suite-based-on"
commit 57dd4bd89b11cc74e9da7e0a5f08abe524c3cbc0
Merge: 3af44acd3 8932fa0cf
Author: Stefano Rivera <stefanor@debian.org>
Date: Tue May 5 17:29:44 2026 +0000
Migration to add work-request token type to db_token_valid_type (MR !3016)
The previous migration that created the `db_token_valid_type` directly referenced the enum in the model, this caused the addition to be missed in `0053_workrequesttoken`, which broke upgrades.
While we're here, fix a spurious migration.
Merge-Request: https://salsa.debian.org/freexian-team/debusine/-/merge_requests/3016
commit 8932fa0cf7c2d651ecfd7458d314390ae069bdef
Author: Stefano Rivera <stefano@freexian.com>
Date: Tue May 5 12:39:39 2026 -0400
Sort constraint options to avoid generating spurious migrations
commit c131dc927b13e6eb9589758dceee58bc245a7f80
Author: Stefano Rivera <stefano@freexian.com>
Date: Tue May 5 12:43:02 2026 -0400
Migration to add work-request token type to db_token_valid_type
The previous migration that created the `db_token_valid_type` directly
referenced the enum in the model, this caused the addition to be missed
in 0053_workrequesttoken, which broke upgrades.
commit fa7c57e389cf6a411b0e948e943cec6b34d963d2
Author: Stefano Rivera <stefano@freexian.com>
Date: Tue May 5 12:08:54 2026 -0400
Use a static ENUM for token_types in migration 50
commit 3af44acd3dfa2d3e2891579978e8efa1094e7e37
Merge: e595c348c af5da96b3
Author: Carles Pina i Estany <carles@pina.cat>
Date: Mon May 4 12:08:12 2026 +0000
Delete unused setting WSGI_APPLICATION (MR !3014)
Merge-Request: https://salsa.debian.org/freexian-team/debusine/-/merge_requests/3014
commit e595c348c53f457593402deb4095cf92570a61f9
Merge: e8d1d55c3 b51b75263
Author: Colin Watson <cjwatson@debian.org>
Date: Mon May 4 10:01:41 2026 +0000
debusine.artifacts: Use @override where relevant (MR !3012)
Part of #1442.
Merge-Request: https://salsa.debian.org/freexian-team/debusine/-/merge_requests/3012
commit af5da96b3dd26e9f7215d2bad529754edbcbfcaf
Author: Carles Pina i Estany <carles@pina.cat>
Date: Mon May 4 09:45:11 2026 +0100
Delete unused setting WSGI_APPLICATION
commit b51b7526357900505b8b70952cd3a6648e87d357
Author: Colin Watson <cjwatson@debian.org>
Date: Sun May 3 19:27:41 2026 +0100
debusine.artifacts: Use @override where relevant
Part of #1442.
commit e8d1d55c3ce3958fb76c2a6fb5c191da4f9d632c
Merge: db6c5d474 317a0a5c3
Author: Colin Watson <cjwatson@debian.org>
Date: Fri May 1 09:43:37 2026 +0000
Update YubiHSM 2 documentation link (MR !3009)
They seem to have reorganized their documentation slightly again.
Merge-Request: https://salsa.debian.org/freexian-team/debusine/-/merge_requests/3009
commit db6c5d474e62d60565df2dbd2810e5ccddbdebce
Merge: 230f517dd 0670913bd
Author: Colin Watson <cjwatson@debian.org>
Date: Fri May 1 09:43:03 2026 +0000
Remove wsgi.py, we require ASGI (MR !3011)
Clearly it's not used, because it names the wrong project settings.
Merge-Request: https://salsa.debian.org/freexian-team/debusine/-/merge_requests/3011
commit 0670913bd37cb54e814f891dc4cba4c4dd60bb18
Author: Stefano Rivera <stefano@freexian.com>
Date: Thu Apr 30 22:26:41 2026 -0400
Remove wsgi.py, we require ASGI
Clearly it's not used, because it names the wrong project settings.
commit 230f517dda94313b5c47f52e09d1fb290604c0e6
Merge: e80bf0ae6 2dcbb6ef4
Author: Stefano Rivera <stefanor@debian.org>
Date: Thu Apr 30 22:32:28 2026 +0000
Cloud Workers: Provision from debusine.freexian.com repos (MR !2982)
1. Replace the gitlab pages snapshot repository with debusine.freexian.com
2. Add support for the debusine enterprise APT sources for provisioning cloud workers
3. Add support for arbitrary custom APT sources for provisioning cloud workers
4. Modify APT Authentication assets to allow system-wide assets for debusine install sources.
Merge-Request: https://salsa.debian.org/freexian-team/debusine/-/merge_requests/2982
commit 2dcbb6ef4828f85873060233f021fba47933502d
Author: Stefano Rivera <stefano@freexian.com>
Date: Sat Apr 25 18:12:26 2026 -0400
Store credentials for the Worker Pool installation repositories in an asset
commit 49c1ef8ec6118f9ce25a78c59c6dd34928d209c8
Author: Stefano Rivera <stefano@freexian.com>
Date: Mon Apr 27 12:10:57 2026 -0400
Allow APT Credential assets to live outside of workspaces.
commit b65e98493164035d210517ee27ee72e599a4c0da
Author: Stefano Rivera <stefano@freexian.com>
Date: Mon Apr 27 11:37:50 2026 -0400
Worker Pools: Add install sources for custom repos
commit bdcf0c984ba1c69585ea942fead2e22faa4faefe
Author: Stefano Rivera <stefano@freexian.com>
Date: Sat Apr 25 17:23:30 2026 -0400
Worker Pools: Add install sources for the debusine-enterprise repos
commit 12873b340e5a22e450c4fe1efa8e3d1a4aedfdf4
Author: Stefano Rivera <stefano@freexian.com>
Date: Sat Apr 25 16:21:00 2026 -0400
APTAuthenticationData is discriminated by auth_scheme
commit bec1d3135eaa8887dbd4989f2ce5dc0645f07dd0
Author: Stefano Rivera <stefano@freexian.com>
Date: Sat Apr 25 16:12:02 2026 -0400
Replace the gitlab pages snapshot repository with debusine.freexian.com
We'll probabably keep the gitlab pages repository in parallel for a
while, but now that we're migrating to a debusine repository for our own
deployments, it should probably be the recommended source.
commit 317a0a5c39e69fac6c0781b3de5a691e03dacf23
Author: Colin Watson <cjwatson@debian.org>
Date: Thu Apr 30 16:03:14 2026 +0100
Update YubiHSM 2 documentation link
They seem to have reorganized their documentation slightly again.
commit e80bf0ae6d2bd4671c21c984537dd4c17b023774
Merge: cfa95cb2b 215fe3de0
Author: Colin Watson <cjwatson@debian.org>
Date: Thu Apr 30 15:02:06 2026 +0000
Fix infinite loop in Worker.objects.create_with_fqdn (MR !3008)
It's possible for there to be constraint failures here other than a
non-unique name.
Fixes: #600
Closes #600
Merge-Request: https://salsa.debian.org/freexian-team/debusine/-/merge_requests/3008
commit cfa95cb2b40762644a8ba50a45e34ab05d89d937
Merge: e8e4485da d7c3d39ad
Author: Stefano Rivera <stefanor@debian.org>
Date: Thu Apr 30 14:34:52 2026 +0000
Avoid slow callback processing log messages breaking tests (MR !3004)
More of: #1447
Merge-Request: https://salsa.debian.org/freexian-team/debusine/-/merge_requests/3004
commit e8e4485da19b95d9c574b0526f0de335672e99df
Merge: 4bad42058 ab125494f
Author: Stefano Rivera <stefanor@debian.org>
Date: Thu Apr 30 14:34:32 2026 +0000
Don't fail to retry workflows that were aborted before becoming pending (MR !3006)
Fixes: #1153
Closes #1153
Merge-Request: https://salsa.debian.org/freexian-team/debusine/-/merge_requests/3006
commit 215fe3de0e4e43a3493255c0d3552d0072b571db
Author: Colin Watson <cjwatson@debian.org>
Date: Thu Apr 30 12:55:44 2026 +0100
Fix infinite loop in Worker.objects.create_with_fqdn
It's possible for there to be constraint failures here other than a
non-unique name.
Fixes: #600
commit 4bad42058cf40a994940e3e6e13b01910acfd0fc
Merge: 61b020e57 d6c7bb149
Author: Colin Watson <cjwatson@debian.org>
Date: Thu Apr 30 10:05:34 2026 +0000
Add an `observer` role on scopes (MR !3005)
This implies the `viewer` role on all the scope's workspaces.
Fixes: #1292
Closes #1292
Merge-Request: https://salsa.debian.org/freexian-team/debusine/-/merge_requests/3005
commit d6c7bb14914cb1ffb039c30bfc0e8555ad5eebd3
Author: Colin Watson <cjwatson@debian.org>
Date: Wed Apr 29 22:30:27 2026 +0100
Add an `observer` role on scopes
This implies the `viewer` role on all the scope's workspaces.
Fixes: #1292
commit ab125494fdd62c25177823aca0ead4e0cffe94a6
Author: Stefano Rivera <stefano@freexian.com>
Date: Wed Apr 29 18:48:57 2026 -0400
Don't fail to retry workflows that were aborted before becoming pending
Fixes: #1153
commit d7c3d39adeaa5585460a53510a992f7ed25f206f
Author: Stefano Rivera <stefano@freexian.com>
Date: Wed Apr 29 12:40:04 2026 -0400
Avoid slow callback processing log messages breaking tests
More of: #1447
commit 61b020e5748fc9bd313f86e7cd6c2477a79b0e27
Merge: 9c3e141f0 080f89e3a
Author: Stefano Rivera <stefanor@debian.org>
Date: Wed Apr 29 16:54:20 2026 +0000
Update configure-manage-worker to explain how to configure worker architecture tags (MR !3001)
SlavekB lost the ability to run tasks for the non-native architectures after upgrading to tag-based scheduling.
Merge-Request: https://salsa.debian.org/freexian-team/debusine/-/merge_requests/3001
commit 080f89e3abbba41fa2f4291ba5966ec350febf7d
Author: Stefano Rivera <stefano@freexian.com>
Date: Tue Apr 28 19:40:22 2026 -0400
Update configure-manage-worker to explain how to configure worker architecture tags
commit 9c3e141f0aaa2b6b21b5218b6f4e4d9d21ec8b36
Merge: 16f6d868c 333884976
Author: Colin Watson <cjwatson@debian.org>
Date: Wed Apr 29 16:05:59 2026 +0000
Drop signing journal configuration in integration tests (MR !3002)
This is done by default now (!2968).
Merge-Request: https://salsa.debian.org/freexian-team/debusine/-/merge_requests/3002
commit 52db675dbcca8b4204c83c229c8cd062222ebe9f
Author: Colin Watson <cjwatson@debian.org>
Date: Wed Apr 29 15:46:18 2026 +0100
Set user token in context
Part of #1392, since that will introduce more cases where we need to
inspect tokens in permission predicates.
commit 3338849765d20a0dc1a8b39942df852e804fe31e
Author: Colin Watson <cjwatson@debian.org>
Date: Wed Apr 29 14:25:06 2026 +0100
Drop signing journal configuration in integration tests
This is done by default now (!2968).
commit 16f6d868c5cba99cae6db6afb9d492dc2f4e7190
Merge: 1812f59c7 190125ab4
Author: Colin Watson <cjwatson@debian.org>
Date: Wed Apr 29 13:21:38 2026 +0000
Add `error_on_empty` option to dictionary lookups (MR !2984)
If True, the lookup must match at least one item.
Part of #1301.
Merge-Request: https://salsa.debian.org/freexian-team/debusine/-/merge_requests/2984
commit 1812f59c7984a336d2ffdc895e908efa6c1bedfd
Merge: e4fa71a7e 09c8206cd
Author: Colin Watson <cjwatson@debian.org>
Date: Wed Apr 29 13:15:58 2026 +0000
Integrate systemd JournalHandler for worker and signing logging (MR !2968)
This merge request transitions logging for both workers and signing components to systemd’s journal. It replaces file-based logging in the signing service (previously using Django handlers) and moves worker logging from standard error output to journal-based logging.
**Feedback requested**
* Is using a single `JournalHandler` with the current log levels sufficient, or should different handlers/levels be retained for finer control?
**Note**:
* systemd-python library lacks static type checking support and has no available stub files.
Opened in regards to : freexian-team/debusine#597
Merge-Request: https://salsa.debian.org/freexian-team/debusine/-/merge_requests/2968
commit e4fa71a7e642b7317f82faddfd77b7626e8dd3fb
Merge: 5bc8e0be0 5b1d2085a
Author: Colin Watson <cjwatson@debian.org>
Date: Wed Apr 29 13:10:38 2026 +0000
Implement `update_qa_results: "force"` (MR !2987)
This will allow `debci` to be able to force updates of reference runs
when needed.
I could have just done this for the `autopkgtest` workflow, but the
definition of the `update_qa_results` parameter was already defined in a
model common to all the regression-tracking workflows, so that indicated
doing the same thing for all of them. It will probably come in handy
elsewhere.
Part of #1301.
Merge-Request: https://salsa.debian.org/freexian-team/debusine/-/merge_requests/2987
commit 190125ab4cfb0f5f7dcb215f62269a8de0fc1f62
Author: Colin Watson <cjwatson@debian.org>
Date: Mon Apr 27 11:26:09 2026 +0100
Add `error_on_empty` option to dictionary lookups
If True, the lookup must match at least one item.
Part of #1301.
commit 5b1d2085ae17711a4e32dbbad7e622fdfa5c55bf
Author: Colin Watson <cjwatson@debian.org>
Date: Mon Apr 27 17:44:06 2026 +0100
Implement `update_qa_results: "force"`
This will allow `debci` to be able to force updates of reference runs
when needed.
I could have just done this for the `autopkgtest` workflow, but the
definition of the `update_qa_results` parameter was already defined in a
model common to all the regression-tracking workflows, so that indicated
doing the same thing for all of them. It will probably come in handy
elsewhere.
Part of #1301.
commit 5bc8e0be04bcc3e25ded509d82634cbb81372635
Merge: 57552b9dc 1a385651c
Author: Stefano Rivera <stefanor@debian.org>
Date: Tue Apr 28 23:54:08 2026 +0000
Update `test_completion_in_progress` to use POST (MR !3000)
A logical conflict between !2967 and !2903 caused tests to fail on `devel` after merging !2903.
Merge-Request: https://salsa.debian.org/freexian-team/debusine/-/merge_requests/3000
commit 1a385651c4c56225c58cb93cc4789ea755ec9f50
Author: Stefano Rivera <stefano@freexian.com>
Date: Tue Apr 28 19:21:27 2026 -0400
Update `test_completion_in_progress` to use POST
Conflict between !2967 and !2903
commit 57552b9dc538a1b560ec840363c59e8b25d76cfb
Merge: 6a1f2708b 3c0539e54
Author: Stefano Rivera <stefanor@debian.org>
Date: Tue Apr 28 22:50:09 2026 +0000
Short lived work request tokens (MR !2884)
This involves some heavy refactoring.
1. Issue a WorkRequestToken when a worker gets its next assignment
2. Require WorkRequestTokens for any action that is performed on behalf of a work request.
3. Limit WorkRequestTokens access to work request inputs, as narrowly as possible.
Fixes: #523
Closes #523
Merge-Request: https://salsa.debian.org/freexian-team/debusine/-/merge_requests/2884
commit 6a1f2708b0eb2588372bb1042ea5752553cba24e
Merge: 207cf96f0 0455770e4
Author: Stefano Rivera <stefanor@debian.org>
Date: Tue Apr 28 22:49:48 2026 +0000
Use `POST` for `/api/1.0/work-request/get-next-for-worker/`, rather than `GET`. (MR !2903)
We should merge this with !2884 to minimize worker API breakage. We're changing things enough in both of these MRs, that a single big API break seems worth it, rather than spreading the changes out over a release.
Fixes: #1398
Closes #1398
Merge-Request: https://salsa.debian.org/freexian-team/debusine/-/merge_requests/2903
commit 207cf96f0568bd6905ade2a54162b1a85ee9bd02
Merge: 417c001fd 44605b9fd
Author: Stefano Rivera <stefanor@debian.org>
Date: Tue Apr 28 19:33:45 2026 +0000
Show the number of distinct files stored in ``debusine-admin scope show`` (MR !2999)
Rather than counting duplicates across artifacts.
Merge-Request: https://salsa.debian.org/freexian-team/debusine/-/merge_requests/2999
commit 44605b9fd55e485d40d40e9b31b9e42f0db91c3d
Author: Stefano Rivera <stefanor@debian.org>
Date: Tue Apr 28 19:33:44 2026 +0000
Show the number of distinct files store in ``debusine-admin scope show``
Rather than counting duplicates across artifacts.
commit 417c001fd2f33fe1716b33c8d173ab3044eb5089
Merge: 6d58c2ad3 bf7834f76
Author: Stefano Rivera <stefanor@debian.org>
Date: Tue Apr 28 18:58:55 2026 +0000
Don't delete an empty file store directory in `vacuum_storage` (MR !2997)
Fixes: #1455
Closes #1455
Merge-Request: https://salsa.debian.org/freexian-team/debusine/-/merge_requests/2997
commit 6d58c2ad3ac10a2627ebbceb8ceb9ecf8cc5f373
Merge: 66519de89 418185a45
Author: Stefano Rivera <stefanor@debian.org>
Date: Tue Apr 28 18:58:51 2026 +0000
Add missing debusine-server: Depends: libjs-sortable (MR !2998)
Missed in !2916
Merge-Request: https://salsa.debian.org/freexian-team/debusine/-/merge_requests/2998
commit 66519de897533bc78c301ced67e96a851819a1d0
Merge: ff561f58e db6a7bb0a
Author: Enrico Zini <enrico@debian.org>
Date: Tue Apr 28 18:00:19 2026 +0000
Added blueprint for workflow template permissions (#634) (MR !2939)
Merge-Request: https://salsa.debian.org/freexian-team/debusine/-/merge_requests/2939
commit db6a7bb0a64315642a378eaf97500ee13e7d0df5
Author: Enrico Zini <enrico@enricozini.org>
Date: Mon Apr 13 17:20:49 2026 +0200
Added blueprint for workflow template permissions
Automatic checks made by the Debian l10n team found some issues with the translations contained in this package. You should check the l10n status report for more information.
Issues can be things such as missing translations, problematic translated strings, outdated PO files, unknown languages, etc.
![[bug history graph]](https://qa.debian.org/data/bts/graphs/d/debusine.png){kind=link}