|
| 1 | +--- |
| 2 | +title: Global configuration |
| 3 | +authors: |
| 4 | + - mmassari |
| 5 | +sidebar_position: 1 |
| 6 | +--- |
| 7 | + |
| 8 | +You can customize the service configuration for a user project in two different ways: |
| 9 | + |
| 10 | +1. There is a configuration on the service side which has to be updated by the service team (upon notification from the service users for opt-in or opt-out from the service). This is how you can enable or disable Zuul for the Fedora CI nowadays: . |
| 11 | + I will refer to this solution as a **top-down solution**. |
| 12 | +2. There is a configuration, related with the service, on the user's project side. This is how packit works today. I will refer to this solution as a **bottom-up solution**. |
| 13 | + |
| 14 | +You can configure services for individual projects in two ways: |
| 15 | + |
| 16 | +1. Top-Down solution: configuration resides on the service side, managed by the service team. Users notify the team to opt in or out. Example: Zuul for Fedora CI uses this approach ([configuration reference](https://pagure.io/fedora-project-config/blob/master/f/resources/fedora-distgits.yaml)). |
| 17 | + |
| 18 | +2. Bottom-Up solution: configuration lives in the user's project repository. Packit currently implements this approach. |
| 19 | + |
| 20 | +The top-down approach represents a global configuration, while the bottom-up solution can reference global or semi-global configurations. Let's analyze both approaches. |
| 21 | + |
| 22 | +# Top-Down solution |
| 23 | + |
| 24 | +The service side maintains project-specific behavior configurations. |
| 25 | + |
| 26 | +## Advantages |
| 27 | + |
| 28 | +- Users don't need configuration files in their projects; they might not like the idea of having a service related file in their projects. |
| 29 | +- Configuration migrations are straightforward for the service team; it is just a change in a file that belongs to the team. |
| 30 | +- Highest performance due to direct configuration access; no need to load and pre-process other files. |
| 31 | +- Quickest implementation; this approach is the same as for the packit-service configuration file. |
| 32 | + |
| 33 | +## Disadvantages |
| 34 | + |
| 35 | +- It is probably easier, for the final user, to look for the service configuration file in its own repo instead of a service repo. |
| 36 | +- Less user engagement due to limited visibility of configuration changes. Even though a configuration migration can be simpler for the service team it could be less explicit for the final user. Being able to change behaviour without the user acknowledging it could not be a good idea. In packit there already is a configuration migration script. |
| 37 | +- The global configuration file could really grow huge and be difficult to maintain both for the service team and for a final user that wants to contribute to it. |
| 38 | +- Lacks ecosystem-specific configuration management. There is no encapsulation for "middle layer" knowledge, no easy way to manage ecosystem configurations. Configurations could be grouped in different nodes with different defaults but there is no easy way, for the service team, to know if the user who is asking to update a configuration has the rights for doing so. |
| 39 | +- Differs from Packit's current approach, potentially confusing users. This could work mainly for the _Fedora CI_ and could confuse users that use the standard packit configuration for _upstream continuous integration_ and _release synchronization_. |
| 40 | + |
| 41 | +# Bottom-Up solution |
| 42 | + |
| 43 | +Project-side configuration with ability to reference global configurations. |
| 44 | + |
| 45 | +## Advantages |
| 46 | + |
| 47 | +- User-friendly and explicit. Everything is on the user side (more quick for him) and the file will never grow too much because of other project details. |
| 48 | +- Flexible customization through layered configurations and better ecosystem-specific configuration support. |
| 49 | +- Consistent with current Packit implementation. |
| 50 | + |
| 51 | +## Disadvantages |
| 52 | + |
| 53 | +- More complex configuration migrations because they are on the user side. |
| 54 | +- Additional processing overhead. It will require time to load multiple configuration layers. |
| 55 | +- Requires implementation of inheritance/templating mechanisms. |
| 56 | + |
| 57 | +## Configuration Layers |
| 58 | + |
| 59 | +### Service-Side Layer |
| 60 | + |
| 61 | +The last layer of a configuration chain could be on the service side and it could be referenced in a sort of opt-in mechanism or it could be automatically applied. |
| 62 | + |
| 63 | +### User-Side Layer |
| 64 | + |
| 65 | +At the moment the packit service needs just one configuration file on the user project side both for the **upstream continuous integration** and for the **release synchronization**. |
| 66 | +When implementing the **Fedora CI** (which is a _downstream continuous integration_) a new configuration file could be required or the configuration can be merged with the existing one. |
| 67 | + |
| 68 | +## Configurations chain implementation |
| 69 | + |
| 70 | +There could be different ways for managing configuration relationships, I will analyse three of them: |
| 71 | + |
| 72 | +- templating |
| 73 | +- global configuration + overlays |
| 74 | +- inheritance |
| 75 | + |
| 76 | +### 1. Templating |
| 77 | + |
| 78 | +#### https://github.com/packit/templeates/config/simple-pull-from-upstream.yaml.j2 |
| 79 | + |
| 80 | +```yml |
| 81 | +# Packit pull-from-upstream config |
| 82 | +specfile_path: { { specfile_path } } |
| 83 | + |
| 84 | +upstream_package_name: { { upstream_package_name } } |
| 85 | +downstream_package_name: { { downstream_package_name } } |
| 86 | +upstream_project_url: { { upstream_package_url } } |
| 87 | +upstream_tag_template: v{version} |
| 88 | + |
| 89 | +jobs: |
| 90 | + - job: pull_from_upstream |
| 91 | + trigger: release |
| 92 | + dist_git_branches: |
| 93 | + - fedora-rawhide |
| 94 | + - job: koji_build |
| 95 | + trigger: commit |
| 96 | + allowed_pr_authors: ["packit", { { allowed_pr_authors } }] |
| 97 | + dist_git_branches: |
| 98 | + - fedora-rawhide |
| 99 | +``` |
| 100 | +
|
| 101 | +#### https://gitlab.gnome.org/packit/templates/configs/gnome-tests.yaml.j2 |
| 102 | +
|
| 103 | +```yml |
| 104 | +# Gnome default tests config |
| 105 | +jobs: |
| 106 | + - job: tests |
| 107 | + trigger: pull_request |
| 108 | + packages: [{{ downstream_package_name }}] |
| 109 | + tmt_plan: "smoke|full|packit-integration|{{ tmt_other_plans }}" |
| 110 | + targets: |
| 111 | + - fedora-rawhide |
| 112 | + {% if tests_on_commit %} |
| 113 | + - job: tests |
| 114 | + trigger: commit |
| 115 | + packages: [{{ downstream_package_name }}] |
| 116 | + tmt_plan: "smoke|full|packit-integration|{{ tmt_other_plans }}" |
| 117 | + targets: |
| 118 | + - fedora-rawhide |
| 119 | + {% endif %} |
| 120 | +``` |
| 121 | + |
| 122 | +#### https://gitlab.gnome.org/package/packit.yaml |
| 123 | + |
| 124 | +```yml |
| 125 | +# A gnome package packit config |
| 126 | +templates: |
| 127 | + - https://github.com/packit/templeates/config/simple-pull-from-upstream.yaml.j2 |
| 128 | + vars: |
| 129 | + specfile_path: specfile_path |
| 130 | + upstream_package_name: upstream_package_name |
| 131 | + downstream_package_name: downstream_package_name |
| 132 | + upstream_project_url: upstream_project_url |
| 133 | + allowed_pr_authors: allowed_pr_authors |
| 134 | + - https://gitlab.gnome.org/packit/templates/configs/gnome-tests.yaml.j2 |
| 135 | + downstream_package_name: downstream_package_name |
| 136 | + tmt_other_plans: tmt_other_plans |
| 137 | + tests_on_commit: false |
| 138 | +``` |
| 139 | +
|
| 140 | +### 2. Global config + overlay |
| 141 | +
|
| 142 | +#### https://github.com/packit/templates/configs/standard-pull-from-upstream.yaml.j2 |
| 143 | +
|
| 144 | +```yml |
| 145 | +# Packit pull-from-upstream config |
| 146 | +specfile_path: { { specfile_path } } |
| 147 | + |
| 148 | +upstream_package_name: { { upstream_package_name } } |
| 149 | +downstream_package_name: { { downstream_package_name } } |
| 150 | +upstream_project_url: { { upstream_package_url } } |
| 151 | +upstream_tag_template: v{version} |
| 152 | + |
| 153 | +jobs: |
| 154 | + - job: pull_from_upstream |
| 155 | + trigger: release |
| 156 | + dist_git_branches: |
| 157 | + - fedora-rawhide |
| 158 | + - job: koji_build |
| 159 | + trigger: commit |
| 160 | + allowed_pr_authors: ["packit", { { allowed_pr_authors } }] |
| 161 | + dist_git_branches: |
| 162 | + - fedora-rawhide |
| 163 | +``` |
| 164 | +
|
| 165 | +#### https://gitlab.gnome.org/packit/templates/configs/default_packit.yaml.j2 |
| 166 | +
|
| 167 | +```yml |
| 168 | +# Gnome default packit config |
| 169 | +config: |
| 170 | + base: https://github.com/packit/templates/configs/standard-pull-from-upstream.yaml.j2 |
| 171 | + values: |
| 172 | + allowed_pr_authors: gnome-admins |
| 173 | + |
| 174 | +jobs: |
| 175 | + - job: tests |
| 176 | + trigger: pull_request |
| 177 | + packages: [{{ downstream_package_name }}] |
| 178 | + tmt_plan: "smoke|full|packit-integration|{{ tmt_other_plans }}" |
| 179 | + targets: |
| 180 | + - fedora-rawhide |
| 181 | + {% if tests_on_commit %} |
| 182 | + - job: tests |
| 183 | + trigger: commit |
| 184 | + packages: [{{ downstream_package_name }}] |
| 185 | + tmt_plan: "smoke|full|packit-integration|{{ tmt_other_plans }}" |
| 186 | + targets: |
| 187 | + - fedora-rawhide |
| 188 | + {% endif %} |
| 189 | +``` |
| 190 | + |
| 191 | +#### https://gitlab.gnome.org/package/packit.yaml |
| 192 | + |
| 193 | +```yml |
| 194 | +# A gnome package packit config |
| 195 | +config: |
| 196 | + base: https://gitlab.gnome.org/packit/templates/configs/default_packit.yaml.j2 |
| 197 | + values: |
| 198 | + specfile_path: specfile_path |
| 199 | + upstream_package_name: upstream_package_name |
| 200 | + downstream_package_name: downstream_package_name |
| 201 | + upstream_project_url: upstream_package_url |
| 202 | + tmt_other_plans: package-tests |
| 203 | + tests_on_commit: false |
| 204 | +``` |
| 205 | +
|
| 206 | +### 3. Inheritance |
| 207 | +
|
| 208 | +#### https://github.com/packit/templates/configs/standard-pull-from-upstream.yaml |
| 209 | +
|
| 210 | +```yml |
| 211 | +# Packit pull-from-upstream config |
| 212 | +specfile_path: -OVERRIDE ME- |
| 213 | + |
| 214 | +upstream_package_name: -OVERRIDE ME- |
| 215 | +downstream_package_name: -OVERRIDE ME- |
| 216 | +upstream_project_url: -OVERRIDE ME- |
| 217 | + |
| 218 | +upstream_tag_template: v{version} |
| 219 | + |
| 220 | +jobs: |
| 221 | + - job: pull_from_upstream |
| 222 | + trigger: release |
| 223 | + dist_git_branches: |
| 224 | + - fedora-rawhide |
| 225 | + - job: koji_build |
| 226 | + trigger: commit |
| 227 | + allowed_pr_authors: ["packit"] |
| 228 | + dist_git_branches: |
| 229 | + - fedora-rawhide |
| 230 | +``` |
| 231 | +
|
| 232 | +#### https://gitlab.gnome.org/packit/templates/configs/default_packit.yaml |
| 233 | +
|
| 234 | +```yml |
| 235 | +# Gnome default packit config |
| 236 | +inherit: https://github.com/packit/templates/configs/standard-pull-from-upstream.yaml |
| 237 | + |
| 238 | +jobs: |
| 239 | + - job: koji_build |
| 240 | + allowed_pr_authors: ["packit", "gnome-admins"] |
| 241 | + |
| 242 | + - job: tests |
| 243 | + trigger: pull_request |
| 244 | + tmt_plan: "smoke|full|packit-integration" |
| 245 | + targets: |
| 246 | + - fedora-rawhide |
| 247 | +``` |
| 248 | +
|
| 249 | +#### https://gitlab.gnome.org/package/packit.yaml |
| 250 | +
|
| 251 | +```yml |
| 252 | +# A gnome package packit config |
| 253 | +inherit: https://gitlab.gnome.org/packit/templates/configs/default_packit.yaml |
| 254 | + |
| 255 | +specfile_path: specfile_path |
| 256 | +upstream_package_name: upstream_package_name |
| 257 | +downstream_package_name: downstream_package_name |
| 258 | +upstream_project_url: upstream_package_url |
| 259 | + |
| 260 | +jobs: |
| 261 | + - job: tests |
| 262 | + packages: ["downstream_package_name"] |
| 263 | + tmt_plan: "smoke|full|packit-integration|package-tests" |
| 264 | +``` |
| 265 | +
|
| 266 | +### PROs and CONs |
| 267 | +
|
| 268 | +#### Templating |
| 269 | +
|
| 270 | +##### Pros |
| 271 | +
|
| 272 | +Flexible, probably the most flexible implementation that allows to freely mix configuration snippets for creating a customized final configuration. |
| 273 | +
|
| 274 | +##### Cons |
| 275 | +
|
| 276 | +The "pure" templating mechanism, in the above example, requires the package maintainer to know that koji builds, in the gnome ecosystem, should be allowed for any **gnome-admin**, instead _inheritance_ and _global config + overlays_ encapsulate well the knowledge in the middle layer packit config. |
| 277 | +
|
| 278 | +Templating is flexible but on the other end it is more error prone; there is no _base configuration_ and a packager can list templates in the wrong order. |
| 279 | +
|
| 280 | +Probably, in the end, the packager will use smaller config snippets, decreasing performance and readability. |
| 281 | +
|
| 282 | +#### Global config + overlays |
| 283 | +
|
| 284 | +##### Pros |
| 285 | +
|
| 286 | +Good knowledge encapsulation in middle layers (see the **gnome-admin** for allowed_pr_authors in the above example). |
| 287 | +
|
| 288 | +Explicit and thus easily readable, since the use of templating. |
| 289 | +
|
| 290 | +Flexible, config snippets can easily be removed using template conditional functionalities (as in the above example for the test job with trigger commit). |
| 291 | +
|
| 292 | +##### Cons |
| 293 | +
|
| 294 | +The templating syntax can be more error prone if compared with inheritance. |
| 295 | +
|
| 296 | +#### Inheritance |
| 297 | +
|
| 298 | +##### Pros |
| 299 | +
|
| 300 | +Concise, it's the most concise syntax we could use and probably the least error prone. |
| 301 | +
|
| 302 | +##### Cons |
| 303 | +
|
| 304 | +Poor flexibility, I don't see an easy way to disable the above test job with trigger commit. |
| 305 | +
|
| 306 | +Not really explicit, even though we use a placeholder it is harder to recognize the keys that need overriding. |
| 307 | +
|
| 308 | +### Implementation |
| 309 | +
|
| 310 | +Personally I find the _global config + overlays_ approach the best and in this case we would need to: |
| 311 | +
|
| 312 | +- add the following keys to the `PackageConfig` class: |
| 313 | + |
| 314 | +```yml |
| 315 | +config: |
| 316 | + base: https://gitlab.gnome.org/packit/templates/configs/default_packit.yaml.j2 |
| 317 | + values: ... |
| 318 | +``` |
| 319 | + |
| 320 | +- load the packit.yaml file and search for the `config` key in it. If a `config` key is found we need to **recursively** look for the _base config_ and start processing all the templates in the chain, creating a new temporary packit.yml that will be used instead of the original one. |
| 321 | + I see this code tied with the `LocalProject` class but I can be wrong. |
| 322 | + We should make the new code work both for the packit CLI and the packit-service. Thinking at packit CLI, we should probably stay flexible and let the `base: URI` be also a local url (like `file:///`). |
| 323 | + |
| 324 | +- let the user know what the final configuration looks like (both for CLI and service). |
| 325 | + |
| 326 | +#### Jinja2 vs Ansible library |
| 327 | + |
| 328 | +For template management I would probably just use the **jinja2 template library**, even though we can also think about the ansible library. |
| 329 | +The ansible library could let us use `built-in filters and functions` but I don't see use cases for them and as a cons it has a heavier dependency footprint. |
| 330 | + |
| 331 | +### Performances |
| 332 | + |
| 333 | +Splitting the configuration in multiple configuration files will lead obviously to worst performance. Personally I don't see a way to prevent it. |
| 334 | + |
| 335 | +We can limit the number of recursion steps; 3/4 steps are, from my point of view, more than enough. Having a recursion limit will avoid an infinite recursion for malformed configurations. |
| 336 | + |
| 337 | +### packit-service defaults |
| 338 | + |
| 339 | +It could happen that the packit-service config defaults for the "Fedora CI instance" and those for the "Usual instance" (as an example) diverge. |
| 340 | + |
| 341 | +If it happens we could create two _hidden_, _inner_ packit config bases, one per instance, which will always be used for merging any packit config we process; in this way the differences will be grouped explicitly in a single place and we could, probably, enable and disable jobs for one instance or the other (as an example `pull-from-upstream` should not appear in fedora ci packit configuration) just using templating. |
| 342 | + |
| 343 | +# Global config all on the packit-service side |
| 344 | + |
| 345 | +- easy to migrate for the packit team, but not really explicit for the end user, using the configuration migration script can is more complex for us but I think more engaging for our end users. |
| 346 | + |
| 347 | +- the user doesn't need a a file in its project (this is the really benefit I see) on the other hand it is really explicit to see a file in the project and guess it is the CI configuration. And it is far more complex if you need to know that you should see in a completely different project if you need to adjust something. So for a new user is more complex to get started. |
| 348 | + |
| 349 | +- adding/removing/changing things on a global config on our side with a PR is feasable but not really easy for the user: |
| 350 | + you need to know where to change things... would we have a config for all fedora ci packages? one for the gnome packages? one for the kde packages? What about jobs that can be shared between different configurations? A koji scratch build needed both for the continuos integration pipeline in distgit and for the continuos integration in the upstream pipeline? |
| 351 | + |
| 352 | +- if we have just one global configuration there will be no encapsulation of knowledge at different levels |
| 353 | + |
| 354 | +We already have a configuration file that enables packit we can still count on it. |
| 355 | + |
| 356 | +- it could work for all packit instances: |
| 357 | + - upstream ci + downstream sync experience |
| 358 | + - downstream ci |
| 359 | + We already have a mixed experience for upstream ci and downstream sync, from an user point of view it makes no much sense to split the downstream ci configuration because it runs on a different packit service instance. |
| 360 | + If we want to have a different configuration for the downstream ci probably we should think about splitting configurations for different users experiences? |
| 361 | + - upstream ci |
| 362 | + - downstream ci |
| 363 | + - sync release |
| 364 | + |
| 365 | +Or we can have just one packit config |
| 366 | + |
| 367 | +- by default one project in distgit with the packit config would be enabled the downstream CI and for this reason we should probably have a key to be able to opt-out from it (both as a user action or as a packit configuration action) we can achive it using the above template mechanism and always apply out default to a user configuration. |
| 368 | + Or **the CI experience will be anabled if the user refers the related global config**. |
| 369 | + However if the user configuration is against the will of our configuration we should decide which configuration wins (I would say ours) |
| 370 | +- it should be visible which is the result of applying the user packit config to a packit instance config. So we should probably have a command line or a packit service command to show the user the resulting configuration. |
0 commit comments