Git log: commit e966137cffdc78997156b6f54b8672a98f7f9e7e
Merge: 1b0ea059 d7ecbd28
Author: Colin Watson <cjwatson@debian.org>
Date: Fri Jul 26 11:43:34 2024 +0000
Merge branch 'collection-manager-bare-data' into 'devel'
Add collection manager support for adding/removing bare items
See merge request freexian-team/debusine!1037
commit d7ecbd28bf27fdeaf4ee805a2e06ba1bf90ac91f
Author: Colin Watson <cjwatson@debian.org>
Date: Thu Jul 25 18:01:44 2024 +0100
Add collection manager support for adding/removing bare items
Needed as part of #429. For now I've just added trivial support to the
`debusine:workflow-internal` category, which already documented that it
supported bare items but didn't implement that.
commit 1b0ea059fe8624291ac74a156c32534892e20056
Merge: c1eeb6f2 9544d6c3
Author: Colin Watson <cjwatson@debian.org>
Date: Fri Jul 26 10:46:51 2024 +0000
Merge branch 'tighten-event-reaction-validation' into 'devel'
Tighten up validation of event_reactions for new work requests
See merge request freexian-team/debusine!1036
commit c1eeb6f2fee5d1c61a423dc0e8fbdea37f4cd524
Author: Sylvain Beucler <beuc@beuc.net>
Date: Thu Jul 25 20:55:12 2024 +0200
Typo
commit 5e7dcf04e5737e4445cc52125c105f95df2067f2
Merge: 0086cde4 3aade39e
Author: Sylvain Beucler <beuc@beuc.net>
Date: Thu Jul 25 16:27:04 2024 +0000
Merge branch 'doc-path-sbin' into 'devel'
Document that workers need 'sbin' dirs in their PATH
See merge request freexian-team/debusine!1033
commit 9544d6c36eb68229143c159ddb059b4a188aa9b4
Author: Colin Watson <cjwatson@debian.org>
Date: Thu Jul 25 17:02:43 2024 +0100
Tighten up validation of event_reactions for new work requests
Data format validation belongs in the serializer, which lets us reduce
the amount of error handling we have to write out explicitly in the
view. I think it probably still makes sense to check for disallowed
actions at the view level, since that's specific to this view rather
than to the (de)serialization of work requests in general.
We now reject attempts to create a work request with actions other than
"send-notification", rather than just silently ignoring the disallowed
actions.
I noticed this while prototyping some ideas related to #429.
commit 3aade39e3cde8b89529cd9f397b75e398377cdf5
Author: Sylvain Beucler <beuc@beuc.net>
Date: Thu Jul 25 17:34:59 2024 +0200
Worker dev doc: extend PATH rather than replace it
commit 0086cde4167e01a9409820660a7612376f68bbb4
Merge: 4e3df362 c53005d7
Author: Colin Watson <cjwatson@debian.org>
Date: Thu Jul 25 12:01:55 2024 +0000
Merge branch 'reduce-file-hash-digest' into 'devel'
Remove most uses of writing to File.hash_digest
Closes #447
See merge request freexian-team/debusine!1035
commit c53005d7ccfe3143a792ffeb09300b5ff2d7d0b7
Author: Colin Watson <cjwatson@debian.org>
Date: Thu Jul 25 11:21:40 2024 +0100
Remove most uses of writing to File.hash_digest
Code such as `File.objects.create(hash_digest=..., size=...)` caused
mypy errors that seem to be unfixable at the moment without changes
elsewhere (https://github.com/typeddjango/django-stubs/issues/1034), and
some of the other places that wrote to `File.hash_digest` were dubious
because they weren't really as algorithm-agile as they claimed to be.
I backed off from my initial position that the setter should be removed
entirely. Instead, I replaced all uses of `File.objects.create` with
direct or indirect calls to `File.objects.get_or_create` (which doesn't
have the same type annotation problem), except for one call that doesn't
pass a `hash_digest` argument and so isn't a problem; and I went through
all the places where we write to `hash_digest` and ensured that they use
`_calculate_hash_from_data` or `File.calculate_hash`. The only
remaining exception is in `ArtifactView.post`, which would require much
more extensive work to make it easy to change the hash algorithm.
Fixes: #447
commit 4e3df362eb7cdadc2ed3e393f2618a442f19c617
Merge: 851b6f32 a1f7c2a1
Author: Colin Watson <cjwatson@debian.org>
Date: Thu Jul 25 10:10:58 2024 +0000
Merge branch 'avoid-objects-first' into 'devel'
Avoid Model.objects.first() in tests
See merge request freexian-team/debusine!1027
commit 851b6f32363a3c61b67fdeb2eadfc6fdcc02ce8b
Merge: 977aff27 7fb5c2ed
Author: Enrico Zini <enrico@debian.org>
Date: Thu Jul 25 08:36:41 2024 +0000
Merge branch 'nocows' into 'devel'
Disable cowsay in ansible output in playground-vm
See merge request freexian-team/debusine!1029
commit 1a4eee76366015bc542d3f860775f45ea217f6a9
Author: Sylvain Beucler <beuc@beuc.net>
Date: Thu Jul 25 08:38:17 2024 +0200
Document that workers need 'sbin' dirs in their PATH
commit 977aff2768f7e92eaa7fc49724e5aab18701b0df
Merge: 087d6899 0be55377
Author: Sylvain Beucler <beuc@beuc.net>
Date: Wed Jul 24 20:15:10 2024 +0000
Merge branch 'issue89-doc' into 'devel'
Document binNMU for PackageBuild (#89)
See merge request freexian-team/debusine!1020
commit 087d68997ed453e8fb433d128ce6c541fd0151f5
Merge: 03377116 ebb98633
Author: Colin Watson <cjwatson@debian.org>
Date: Wed Jul 24 17:17:50 2024 +0000
Merge branch 'abolish-file-get-or-create' into 'devel'
Reduce use of File.get_or_create
See merge request freexian-team/debusine!1022
commit 03377116f50a0b75f2f0926fb76327e336df015f
Merge: 90db4ba7 f06c63de
Author: Enrico Zini <enrico@debian.org>
Date: Wed Jul 24 13:08:59 2024 +0000
Merge branch 'playground-fix' into 'devel'
Test that delete_workspace handles workflows referenced by collections
See merge request freexian-team/debusine!1008
commit 90db4ba78f2efb7717dce6839b17fcf598f66d19
Merge: 6dc1e3af 94b9871d
Author: Carles Pina i Estany <carles@pina.cat>
Date: Wed Jul 24 12:36:19 2024 +0000
Merge branch 'fix-annotation-assign_worker' into 'devel'
assign_worker: fix typing annotation
See merge request freexian-team/debusine!1030
commit f06c63dec17b65b02c71d12bb1a696218ddf8b37
Author: Enrico Zini <enrico@enricozini.org>
Date: Fri Jul 12 19:44:37 2024 +0200
Test that delete_workspace handles workflows referenced by collections
commit 94b9871dd82e36eb6d5bdfb4d1ee099e8d6bad10
Author: Carles Pina i Estany <carles@pina.cat>
Date: Wed Jul 24 13:19:50 2024 +0200
assign_worker: fix typing annotation
commit 6dc1e3afdefff645b1e21b5efd065cb5ab581514
Merge: c14ebbad 46cbb7ca
Author: Colin Watson <cjwatson@debian.org>
Date: Wed Jul 24 11:17:19 2024 +0000
Merge branch 'manual-workflow-step-ui' into 'devel'
Add UI to review work requests blocked on manual approval
Closes #399
See merge request freexian-team/debusine!1016
commit a1f7c2a19d7369750f28759349d6d27ecdf84e00
Author: Colin Watson <cjwatson@debian.org>
Date: Tue Jul 23 14:50:41 2024 +0100
Avoid Model.objects.first() in tests
`Model.objects.first()` returns None if the table has no rows, which
causes us to require extra asserts in functions that are checked by
mypy. Replace this with `Model.objects.earliest("id")`.
In some cases the test really meant to fetch the most-recently-created
row and was silently assuming that tests run with those tables initially
empty; while this doesn't matter much in practice, I thought it was
cleaner to use `Model.objects.latest("id")` instead in those cases.
commit c14ebbad93035681dc40d1b96992ae52d6f1f0f8
Merge: 4e9d178e 249307ea
Author: Colin Watson <cjwatson@debian.org>
Date: Wed Jul 24 11:00:49 2024 +0000
Merge branch 'refactor-signing-models' into 'devel'
Split up debusine.signing.models
See merge request freexian-team/debusine!1028
commit 7fb5c2edd457136719d7cc175949222942dd1ca5
Author: Enrico Zini <enrico@enricozini.org>
Date: Wed Jul 24 11:52:34 2024 +0200
Disable cowsay in ansible output
commit 4e9d178e9983244ff1029c80176d80f6e6d63b88
Merge: a13b7b7a 4225311d
Author: Carles Pina i Estany <carles@pina.cat>
Date: Wed Jul 24 06:41:55 2024 +0000
Merge branch 'mark-work-requests-as-not-assigned' into 'devel'
debusine-admin manage_worker disable: de-assign PENDING or RUNNING work requests from the worker
See merge request freexian-team/debusine!1025
commit 4225311df64896d0bd839cdfe93589a9241ab7ac
Author: Carles Pina i Estany <carles@pina.cat>
Date: Wed Jul 24 07:51:00 2024 +0200
WorkRequest.assign_worker: fix annotation
commit 404e8ceaaf1054e3ee66d8991efa5c46fe77d0ef
Author: Carles Pina i Estany <carles@pina.cat>
Date: Mon Jul 22 09:30:27 2024 +0200
debusine-admin manage_worker disable: de-assign PENDING or RUNNING work requests from the worker
Fixes #446
commit a13b7b7aadb932997f4043d388bb0e85d6a951bf
Merge: 5c3e15f2 fb67f258
Author: Colin Watson <cjwatson@debian.org>
Date: Tue Jul 23 16:32:18 2024 +0000
Merge branch 'playground-vm-for-forks' into 'devel'
playground-vm: Handle MRs from forks
See merge request freexian-team/debusine!1023
commit 249307ea35200980a036bef724c1b6f1d3ef5ca0
Author: Colin Watson <cjwatson@debian.org>
Date: Tue Jul 23 17:09:12 2024 +0100
Split up debusine.signing.models
`debusine.signing.models` was getting a bit full of things like
subprocess utility functions. Split it up. We now have:
* `debusine.signing.db.models`: database models
* `debusine.signing.models`: Pydantic models
* `debusine.signing.utils`: generic utilities
* `debusine.signing.{openssl,sbsign}`: utilities related to particular
external tools
commit 46cbb7caf1c92ae8485846c38e8b62ed29c1366d
Author: Colin Watson <cjwatson@debian.org>
Date: Thu Jul 18 15:26:05 2024 +0100
Add UI to review work requests blocked on manual approval
Fixes: #399
commit 7c33e0b7d08bbd2838d243866be3bf2088a1a8d5
Author: Colin Watson <cjwatson@debian.org>
Date: Thu Jul 18 15:14:19 2024 +0100
ValidatePermissionsMixin: Pass view to has_permission
For example, `DjangoModelPermissions` fails without this in some cases.
commit 51de3fc6b1b5a6346bfa548a3a704dc57646ad14
Author: Colin Watson <cjwatson@debian.org>
Date: Thu Jul 18 15:08:37 2024 +0100
Make WorkRequest.get_label work for internal work requests
commit 8ee1e78dad82ebc3a5fcaf1f259f8916f2abb3d8
Author: Colin Watson <cjwatson@debian.org>
Date: Thu Jul 18 14:46:12 2024 +0100
Push most unblocking logic down to the model
commit ebb98633035e5edf1341b3658bd5a056f7442b2c
Author: Colin Watson <cjwatson@debian.org>
Date: Tue Jul 23 15:40:22 2024 +0100
Move File.get_or_create to a manager method
commit f3b1838be45c1f47c86c8fb10c9b7c61ce2db221
Author: Colin Watson <cjwatson@debian.org>
Date: Mon Jul 22 15:33:14 2024 +0100
Simplify ArtifactTests.test_create_artifact using create_file
commit aecca0e66934bf8d0b511a09ec431557f2de8091
Author: Colin Watson <cjwatson@debian.org>
Date: Mon Jul 22 15:25:41 2024 +0100
Use TestCase.create_file in a few more places
commit fb67f2585859d859a02cfc167817213ca6b10949
Author: Colin Watson <cjwatson@debian.org>
Date: Mon Jul 22 15:46:23 2024 +0100
playground-vm: Handle MRs from forks
commit 5c3e15f28f39d4cd5de196dfdd029fdd2d02a743
Merge: b86b7eb9 e54f20c4
Author: Colin Watson <cjwatson@debian.org>
Date: Tue Jul 23 12:34:52 2024 +0000
Merge branch 'ci-writeability' into 'devel'
ci: Fix compatibility with FF_DISABLE_UMASK_FOR_DOCKER_EXECUTOR
See merge request freexian-team/debusine!1026
commit e54f20c4400af31e75bd85f73c82692c45a5e7c7
Author: Colin Watson <cjwatson@debian.org>
Date: Tue Jul 23 12:03:11 2024 +0100
ci: Fix compatibility with FF_DISABLE_UMASK_FOR_DOCKER_EXECUTOR
https://salsa.debian.org/salsa-ci-team/pipeline/-/merge_requests/520
recently enabled `FF_DISABLE_UMASK_FOR_DOCKER_EXECUTOR` (see
https://docs.gitlab.com/runner/configuration/feature-flags.html), which
broke our CI since it turns out we were relying on world-writeability.
To fix this, make the build directory be owned by `debusine-test`, and
run test programs more consistently as `debusine-test`, at least where
they create files.
commit b86b7eb99d963f20ce9fb3f35492968b44a6bf0a
Merge: 1596abb0 8fad66ea
Author: Colin Watson <cjwatson@debian.org>
Date: Tue Jul 23 08:47:25 2024 +0000
Merge branch 'improve-response-annotations' into 'devel'
Improve some type annotations for HTTP responses
See merge request freexian-team/debusine!1024
commit 8fad66ea78adf312db1779846dd18e50034e162a
Author: Colin Watson <cjwatson@debian.org>
Date: Mon Jul 22 17:01:49 2024 +0100
Improve some type annotations for HTTP responses
Some return types for responses were weaker than necessary; and the
`response` parameter type for `BaseDjangoTestCase.assertResponseProblem`
was too strict (we assert that we get a `ProblemResponse`, but the type
annotation only needs to specify a generic HTTP response) in a way that
caused us to have to write out lots of manual type-narrowing assertions
in tests.
commit 1596abb0dfb67c0f649cb47158dcd89acba77cdf
Merge: c7637baa 37110615
Author: Jochen Sprickerhof <jspricke@debian.org>
Date: Mon Jul 22 15:43:51 2024 +0000
Merge branch 'silence_lintian' into 'devel'
Silence lintian warning for missing debconf template
See merge request freexian-team/debusine!1021
commit 37110615d48c6d727fd7b57fd7c46b09414ad5ff
Author: Jochen Sprickerhof <git@jochen.sprickerhof.de>
Date: Mon Jul 22 15:35:47 2024 +0200
Silence lintian warning for missing debconf template
commit c7637baaa559619c1fbf3744f2b0c4a06752f2c1
Merge: b9be4cee ba610833
Author: Colin Watson <cjwatson@debian.org>
Date: Mon Jul 22 11:33:18 2024 +0000
Merge branch 'mypy-artifacts-test-methods' into 'devel'
Add type annotations for artifacts tests
See merge request freexian-team/debusine!1015
commit ba610833b72a6eabed2ef214558d4d028b9d6d00
Author: Colin Watson <cjwatson@debian.org>
Date: Tue Jul 16 12:44:53 2024 +0100
Add type annotations for artifacts tests
commit b9be4ceebcf73b12b7cfda0da326db4bd8b099d1
Merge: 429d7c2c 7a86967c
Author: Colin Watson <cjwatson@debian.org>
Date: Mon Jul 22 10:36:57 2024 +0000
Merge branch 'mypy-server-collections-test-methods' into 'devel'
Add type annotations for debusine.server.collections.tests
See merge request freexian-team/debusine!1018
commit 429d7c2c8073ae29498195dc8666a789b587c0a6
Merge: 5cecd76f 07da4341
Author: Colin Watson <cjwatson@debian.org>
Date: Mon Jul 22 10:36:04 2024 +0000
Merge branch 'mypy-client-test-methods' into 'devel'
Add type annotations for client tests
See merge request freexian-team/debusine!1017
commit 5cecd76fc3696536f871158bec35e0ddf1b5bea3
Merge: 0e66687e cd6d761d
Author: Enrico Zini <enrico@debian.org>
Date: Mon Jul 22 08:57:12 2024 +0000
Merge branch 'collection-workflow' into 'devel'
Collapse redundant mutual foreign key into a OneToOne field
See merge request freexian-team/debusine!1009
commit cd6d761d9f2e11ea8cfed860f66b1de0f4ccab28
Author: Enrico Zini <enrico@enricozini.org>
Date: Mon Jul 15 11:22:23 2024 +0200
Collapse redundant mutual foreign key into a onetoone field
commit 0be553777fb749d54fab41e768e6233b9982dd10
Author: Sylvain Beucler <beuc@beuc.net>
Date: Mon Jul 22 08:21:29 2024 +0200
Fix syntax
commit aeaeb39acc84894ac4622fabc8cdeccde98bbd4f
Author: Sylvain Beucler <beuc@beuc.net>
Date: Fri Jul 19 19:33:34 2024 +0200
Document binNMU for PackageBuild (#89)
commit 7a86967cd309e6bd91e982f12a629093c13e50a9
Author: Colin Watson <cjwatson@debian.org>
Date: Fri Jul 19 01:14:04 2024 +0100
Add type annotations for debusine.server.collections.tests
commit 07da4341aeb792eb1ffb260fc47b012fe2bd2575
Author: Colin Watson <cjwatson@debian.org>
Date: Thu Jul 18 15:55:41 2024 +0100
Add type annotations for client tests
This also exposed a couple of incorrect annotations in the client
itself.
commit 0e66687eea7770a846b743f7d2def9e0690c96c4
Merge: 9b0bd155 989d466d
Author: Jochen Sprickerhof <jspricke@debian.org>
Date: Thu Jul 18 13:39:29 2024 +0000
Merge branch 'dbconfig' into 'devel'
Use dbconfig-pgsql
Closes #356
See merge request freexian-team/debusine!948
commit 9b0bd155e5d4dfde5caefb9804971544bcfbf3eb
Merge: cb19c544 c33e9f4f
Author: Colin Watson <cjwatson@debian.org>
Date: Thu Jul 18 09:25:56 2024 +0000
Merge branch 'mypy-client-cli-test-methods' into 'devel'
Add/fix type annotations for debusine.client.tests.test_cli
See merge request freexian-team/debusine!1014
commit 989d466d981cff6dab29dc360d382eddcb709325
Author: Jochen Sprickerhof <git@jochen.sprickerhof.de>
Date: Mon Jul 15 11:05:17 2024 +0200
Set isolation-container for integration-tests-generic
Needs systemd.
commit b7e06652ca950fde8aacd0517836306cd75e7dc6
Author: Jochen Sprickerhof <git@jochen.sprickerhof.de>
Date: Wed Jul 10 17:21:04 2024 +0200
Addd debconf questions to configure nginx
commit ab1f2ef1dd2882bacf588e6922c8da39a067a72a
Author: Jochen Sprickerhof <git@jochen.sprickerhof.de>
Date: Wed Jun 26 18:08:23 2024 +0200
Use dbconfig-pgsql for the database configuration
Also move the Django migration to a service file to make sure it is rune
before debusine-server starts.
Closes: #356
commit c33e9f4f54081c55e7605e38f8a3554a983a2f5c
Author: Colin Watson <cjwatson@debian.org>
Date: Tue Jul 16 11:25:21 2024 +0100
Add/fix type annotations for debusine.client.tests.test_cli
commit cb19c544863dc504664b3b42c93aab1d676d8a35
Merge: b49587ca 4272bd00
Author: Colin Watson <cjwatson@debian.org>
Date: Mon Jul 15 21:39:08 2024 +0000
Merge branch 'mypy-worker-test-methods' into 'devel'
Add type annotations for worker tests
See merge request freexian-team/debusine!1012
commit b49587ca21a76ca527be03e21f131f388634b1ce
Merge: 80846673 5f9c42f1
Author: Colin Watson <cjwatson@debian.org>
Date: Mon Jul 15 21:38:35 2024 +0000
Merge branch 'fix-client-checksums-validation' into 'devel'
Fix {FileRequest,FileResponse}.checksums validation
See merge request freexian-team/debusine!1013
commit 80846673048992a6b6429795e7fd8b339c14f65d
Merge: 73e37167 f4978903
Author: Enrico Zini <enrico@debian.org>
Date: Mon Jul 15 18:24:46 2024 +0000
Merge branch 'file-widget' into 'devel'
Refactor FileView into a FileWidget
See merge request freexian-team/debusine!1011
commit f49789037b2267f76cb8f0709d018207d0b47a5b
Author: Enrico Zini <enrico@enricozini.org>
Date: Mon Jul 15 16:22:16 2024 +0200
Refactored FileView in a FileWidget
commit 73e3716760d0a5dd0ad4001e476df0ba5f708379
Merge: 1cc9257c 2b8e612f
Author: Enrico Zini <enrico@debian.org>
Date: Mon Jul 15 17:31:19 2024 +0000
Merge branch 'wr-label' into 'devel'
Use work request labels in the UI
See merge request freexian-team/debusine!1007
commit 5f9c42f156d78268bd0fc5113d53992be260605e
Author: Colin Watson <cjwatson@debian.org>
Date: Mon Jul 15 17:31:16 2024 +0100
Fix {FileRequest,FileResponse}.checksums validation
In commit 455142225faa95daec0d8a69627595696ff51d48, I simplified the
annotations of these `checksums` fields. Unfortunately, it turns out
that pydantic silently ignores the new form of the annotation, and the
test that should have caught this was defective: it caught a similar
exception but with a different reason (passing a `file_type` field
instead of `type`).
Go back to something resembling the old approach, and tighten the tests
to avoid similar mistakes with these classes in future. It's terribly
ugly, but at least it works.
commit 1cc9257ceba524745ff3ba36be32f1f1c769dea6
Merge: 4a2bf917 33c549cd
Author: Colin Watson <cjwatson@debian.org>
Date: Mon Jul 15 15:01:38 2024 +0000
Merge branch 'mypy-incus-test-methods' into 'devel'
Add type annotations for Incus executor tests
See merge request freexian-team/debusine!1010
commit 4272bd004ada148d43a8267ca904d2036dab995a
Author: Colin Watson <cjwatson@debian.org>
Date: Mon Jul 15 15:55:18 2024 +0100
Add type annotations for worker tests
commit 4a2bf9174fd8f8527b9ca9602d42b5c1733f3d97
Merge: 8c126265 7b1da524
Author: Enrico Zini <enrico@debian.org>
Date: Mon Jul 15 14:14:15 2024 +0000
Merge branch 'ui-infra' into 'devel'
Consolidate UI infrastructure (fixes #441)
Closes #441
See merge request freexian-team/debusine!998
commit 33c549cdf6e3fe15b4130437ff845ae80df0f2c2
Author: Colin Watson <cjwatson@debian.org>
Date: Mon Jul 15 15:09:36 2024 +0100
Add type annotations for Incus executor tests
I had to refactor the image cache tests a bit; they now explicitly run
the common tests for both the `incus-lxc` and `incus-vm` cases.
commit 2b8e612f24dd0e8de22c77d1ba68eb6d62c5b0b9
Author: Enrico Zini <enrico@enricozini.org>
Date: Mon Jul 15 14:51:39 2024 +0200
Test coverage
commit ffa2134b25d134c09707d377e0df8a81297a6610
Author: Enrico Zini <enrico@enricozini.org>
Date: Mon Jul 15 14:06:26 2024 +0200
Deal with WorkRequest objects with invalid task data
commit fbb2f003ef942f892e4e87a0ce9ac6c3c33f2a50
Author: Enrico Zini <enrico@enricozini.org>
Date: Fri Jul 12 19:01:01 2024 +0200
Use task labels in UI
commit 7b1da52467abf3edc9b6fd61b48278e4e033c320
Author: Enrico Zini <enrico@enricozini.org>
Date: Thu Jul 11 14:22:43 2024 +0200
Refactor code with a base view that matches the base template layout
commit d58bf5b15f4a8d9e07077683eed44e79945a29e9
Author: Enrico Zini <enrico@enricozini.org>
Date: Fri Jul 12 14:38:36 2024 +0200
Introduced the base widget interface and template support code
commit 77223adb008b0596f5639f16910e7e0cca0feb91
Author: Enrico Zini <enrico@enricozini.org>
Date: Fri Jul 12 13:57:43 2024 +0200
Added a description of the Debusine UI infrastructure
commit 8c126265057dacaad63cc56be02c22f630d89065
Merge: 543e2127 fabae641
Author: Colin Watson <cjwatson@debian.org>
Date: Fri Jul 12 18:01:18 2024 +0000
Merge branch 'pkcs11-static-command' into 'devel'
Add command to register a pkcs11-static key
See merge request freexian-team/debusine!1006
commit 543e21274c8cdf3316abbbd9a81db03d7a68d995
Merge: fbf99c60 4409380e
Author: Enrico Zini <enrico@debian.org>
Date: Fri Jul 12 17:43:52 2024 +0000
Merge branch 'task-label' into 'devel'
Added BaseTask.get_label and use it in WorkRequest
See merge request freexian-team/debusine!1005
commit fabae641fd028b45839acd7f404e9e89846c5849
Author: Colin Watson <cjwatson@debian.org>
Date: Fri Jul 12 14:52:50 2024 +0100
Add command to register a pkcs11-static key
I added support for static (not extracted under wrap) PKCS#11 keys in
!985, but I didn't include any way to register them short of manual SQL.
This adds a new `debusine-signing register_pkcs11_static_key` command to
correct that omission.
commit 4409380e9ccd00fc3656b01cf5e0bfba9ac5af94
Author: Enrico Zini <enrico@enricozini.org>
Date: Fri Jul 12 11:15:47 2024 +0200
Added BaseTask.get_label and use it in WorkRequest
commit fbf99c60250aced9e769fc7ab4d0dd9b058327e6
Merge: 690e3ed9 34d88cdc
Author: Colin Watson <cjwatson@debian.org>
Date: Fri Jul 12 14:45:13 2024 +0000
Merge branch 'manual-workflow-step' into 'devel'
Add an API endpoint to review manual unblocks
See merge request freexian-team/debusine!1003
commit 34d88cdc09160a73072cbdf91523b8ecbf898415
Author: Colin Watson <cjwatson@debian.org>
Date: Fri Jul 12 13:27:20 2024 +0100
Split WorkRequest.is_part_of_workflow into two properties
I think this is a little clearer, and it means it makes some sense to
use `is_part_of_workflow` in the unblock view.
commit 5bf928f3e6699c2a1a7c7540fe8742e870fdbcf4
Author: Colin Watson <cjwatson@debian.org>
Date: Thu Jul 11 17:18:44 2024 +0100
Add an API endpoint to review manual unblocks
Part of #399.
commit 0bcac8ef14827c704420d5556383acb5ec8c7a7a
Author: Colin Watson <cjwatson@debian.org>
Date: Fri Jul 12 14:50:14 2024 +0100
Move call_command test wrapper somewhere more generic
This allows us to use it from `debusine.signing`.
commit 690e3ed9ae44b36cf7853ff9fef3d293d91da737
Merge: 9890b159 116c4d4f
Author: Enrico Zini <enrico@debian.org>
Date: Fri Jul 12 13:39:58 2024 +0000
Merge branch 'redesign-wr' into 'devel'
Redesign work request detail view (fixes: #440)
Closes #440
See merge request freexian-team/debusine!986
commit 116c4d4f186945ae3ceb43f0f3b498900854af36
Author: Enrico Zini <enrico@enricozini.org>
Date: Tue Jul 9 17:37:42 2024 +0200
Redesigned work request detail layout
commit 1870d818d4c8e1d2afd54a6d0229919e87dc92fa
Author: Enrico Zini <enrico@enricozini.org>
Date: Tue Jul 9 16:54:17 2024 +0200
Show artifact and work request data as syntax highlighted yaml
commit a7d8901096ca4ae73599d2700db670b172fb4d25
Author: Enrico Zini <enrico@enricozini.org>
Date: Tue Jul 9 13:50:06 2024 +0200
Added information sidebar
commit 30ec68b5d04c6839ed73ee04793fb42a08982956
Author: Enrico Zini <enrico@enricozini.org>
Date: Tue Jul 9 12:45:28 2024 +0200
Added ui shortcuts for source artifacts
commit 9890b159ab83cda81edd92a7211a3dbb66723809
Merge: 37a03504 e86549c0
Author: Enrico Zini <enrico@debian.org>
Date: Fri Jul 12 10:01:24 2024 +0000
Merge branch 'license' into 'devel'
Added BSD-2 clause to debian/copyright
See merge request freexian-team/debusine!1004
commit e86549c0515dc918ee7f5bcab4c95ae95e9933f7
Author: Enrico Zini <enrico@enricozini.org>
Date: Fri Jul 12 09:11:32 2024 +0200
Added BSD-2 clause to debian/copyright
commit 37a035044d6b874fcf75818ccc07eb91b844ca29
Merge: 1377274f cd784849
Author: Colin Watson <cjwatson@debian.org>
Date: Thu Jul 11 16:20:27 2024 +0000
Merge branch 'hatchling' into 'devel'
Convert Python packaging to Hatchling
See merge request freexian-team/debusine!1001
commit 1377274f18954f27daebd3ee36bc09efc5882b87
Merge: a0d839e7 e5241039
Author: Colin Watson <cjwatson@debian.org>
Date: Thu Jul 11 16:03:58 2024 +0000
Merge branch 'signing-migrations-flake8' into 'devel'
Fix flake8 errors in signing database migrations
See merge request freexian-team/debusine!1002
commit a0d839e7d135db2a7307f69d7773c7ee54f54758
Merge: 52a06f45 408341fb
Author: Colin Watson <cjwatson@debian.org>
Date: Thu Jul 11 15:15:30 2024 +0000
Merge branch 'resource-warnings' into 'devel'
Enable ResourceWarnings while running tests, and fix them
See merge request freexian-team/debusine!1000
commit e52410395204d211e9a6f55da49978b2bce1410b
Author: Colin Watson <cjwatson@debian.org>
Date: Thu Jul 11 16:14:12 2024 +0100
Fix flake8 errors in signing database migrations
commit 52a06f451c7dda152067e2defccd9feba406aad1
Merge: b4fc9c06 f0676063
Author: Colin Watson <cjwatson@debian.org>
Date: Thu Jul 11 15:08:42 2024 +0000
Merge branch 'signing-pkcs11-static' into 'devel'
Add support for static (not extracted under wrap) PKCS#11 keys
See merge request freexian-team/debusine!985
commit f067606330f76e1da32e11e40424c6367b3d0173
Author: Colin Watson <cjwatson@debian.org>
Date: Thu Jul 11 15:37:29 2024 +0100
Make SensitiveTemporaryDirectory cleanup warnings scarier
commit 408341fb06be4fcc0d7f97fa75b29a492cd2984b
Author: Colin Watson <cjwatson@debian.org>
Date: Thu Jul 11 14:41:02 2024 +0100
Enable ResourceWarnings while running tests, and fix them
Most of these required adding a few more cleanup hooks. `ArtifactForm`
was particularly fiddly, since Django forms don't seem to have a
built-in idea of cleaning up, but refactoring to avoid opening temporary
files in `clean` which are then used by `save` seemed too complicated.
I noticed this while working on !985.
commit b4fc9c0630c07af1c2d4141b86098f53c529c0d3
Merge: c8e716b5 8d51e4be
Author: Colin Watson <cjwatson@debian.org>
Date: Thu Jul 11 13:51:29 2024 +0000
Merge branch 'task-extract-for-signing-black' into 'devel'
Update Black formatting of test_extract_for_signing
See merge request freexian-team/debusine!999
commit c8e716b515a15908292eac3eab11472f57f8a3b9
Merge: 1011549f 17d97bea
Author: Enrico Zini <enrico@debian.org>
Date: Thu Jul 11 13:25:46 2024 +0000
Merge branch 'playground-workflow' into 'devel'
Generate a workflow and a superseded work request (#440)
See merge request freexian-team/debusine!992
commit 4a475a837fbf8b3e47d80251d560b1dd6c7ee769
Author: Colin Watson <cjwatson@debian.org>
Date: Tue Jul 9 09:34:25 2024 +0100
Add support for static (not extracted under wrap) PKCS#11 keys
This is the simplest case of using an HSM: it doesn't cover generating
keys in the HSM, just manually registering keys that have been generated
separately. However, this is enough for parity with dak's code-signing
tool. To use this, the signing machine will need to have the necessary
PKCS#11 module installed (e.g. `yubihsm-pkcs11`) plus any supporting
software needed to use the hardware device (e.g. `yubihsm-connector`).
I'd previously tried to lay out the pydantic model for `Key.private_key`
in a way that would be compatible with future use of a discriminated
union, but while writing this I discovered that I'd got it wrong. As a
result, this commit includes a migration to change the layout of any
existing keys in the signing database.
commit cd784849252b2b84dcd0c29b4c012c55a52f1c89
Author: Colin Watson <cjwatson@debian.org>
Date: Thu Jul 11 11:46:32 2024 +0100
Move pycodestyle configuration to tox.ini
It was the only thing left in `setup.cfg`. It's a shame that
pycodestyle doesn't support `pyproject.toml`, but using `tox.ini` for
some linter configuration isn't _too_ bad.
commit 0a5de20c4ae323c94647c1c5c6851907048d30c2
Author: Colin Watson <cjwatson@debian.org>
Date: Thu Jul 11 11:36:25 2024 +0100
Convert Python packaging to Hatchling
setuptools is looking increasingly creaky these days, and has many
awkward corners. See:
https://hatch.pypa.io/latest/why/
Hatchling seems reasonably popular (150 source packages in testing
build-depend on it), and since almost all of this is standardized
configuration we won't be particularly tied to it even if it turns out
to be abandoned in a few years.
Black picks up its target version from `requires-python`, so we no
longer need to set that separately.
