Release history

0.12.2 (2025-09-22)

Server

Features

• APTMirror: Reuse source and binary packages from other suites in the same archive. (#392)

• Add a new REPOSITORY_SIGNER role on signing keys, which is currently implied by the OWNER role on workspaces using the key. (#756)

• Added an API to change the name or configuration of a collection. (#788)

Bug Fixes

• debusine-admin vacuum_storage does not report missing files added during the vacuum process. (#933)

• Filter out more null labels in the open-metrics endpoint, fixing a 500. (#1022)

• Do not fail task configuration when deleted entries exist. (#1054)

• Enable console-based logging for daphne to have better diagnosis information in systemd’s journal for debusine-server.service.

Documentation

• Improved OIDC documentation, fixing some mistakes.

• Provide basic documentation for configuration with alternative webservers.

Web UI

Features

• Integrate the new logo. (#593)

• Wrap work request errors for readability. (#821)

• Added web UI to edit a workspace inheritance chain. (#978)

• Improve layout of toasts for error messages.

Bug Fixes

• Improve messages when configured or dynamic task data are missing. (#1012)

• Fix server error (HTTP 500) when browsing server tasks. (#1029)

• Only show statistics of bare data in a collection view. (#1038)

• Render empty files as text. (#1069)

Client

Features

• Parse the scope in work request responses, when available (server >= 0.12). (#1080)

• Support uploading to trixie and trixie-security in the dput-ng profile.

Bug Fixes

• Improve error handling in debusine workspace-inheritance. (#1057)

Workflows

Incompatible Changes

• blhc: Require vendor and codename parameters, used to build the environment lookup for Blhc. (#1052)

Features

• debian_pipeline: Support publishing to a Debusine-managed debian:suite collection. (#577)

• package_publish: Default component/section/priority to the values in the packages being published. (#577)

• Improve workflow labels. (#687)

• update_suites: Implement signing of repository indexes, using a new update_suite sub-workflow. (#756)

• package_publish: Update repository indexes after the items have been copied. (#758)

• blhc, lintian: Implement enable_regression_tracking parameter to perform regression analysis against reference results. (#908)

• blhc: Support updating a debian:qa-results collection with reference QA results. (#1047)

• autopkgtest, blhc, debdiff, debian_pipeline, lintian, make_signed_source: Sort child work requests by architecture when populating them, where possible. (#1072)

Bug Fixes

• debdiff: Include new architecture all artifacts in the parameters to DebDiff. (#1053)

Tasks

Incompatible Changes

• Blhc: Require environment and host_architecture parameters. (#1052)

Features

• Piuparts: Generate debian:piuparts artifacts. (#805)

Bug Fixes

• MakeSourcePackageUpload: Ensure that dpkg-dev is installed in the environment. (#1036)

• Blhc: Only use the --debian option if we have a new enough blhc version. (#1067)

Miscellaneous

• #1055

Worker

Features

• Add a mechanism for sysadmins to execute scripts after worker task completion. (#1070)

Bug Fixes

• Retry requests for new work from the server, if they fail. (#1030)

• Workaround an sbuild bug with its autopkgtest backend. (#1056)

• Allow executing tasks in a non-default scope (requires server >= 0.12). (#1080)

Signing

Features

• Restrict the openpgp key purpose to signing Debian upload .changes files. Add a new key purpose openpgp-repository for signing Debian repository indexes using OpenPGP.

General

Documentation

• Update installation tutorial to be based on Debian 13 trixie.

0.12.1 (2025-08-21)

Server

Bug Fixes

• Don’t allow multiple instances of the same root workflow’s orchestrator to run concurrently for different sub-workflows. (#1000)

• Ignore SSO identities without an attached user in open-metrics endpoint, fixing a 500. (#1022)

Web UI

Features

• debian_pipeline workflow: display input artifacts (source package) and display source package in title. (#1005)

Bug Fixes

• Display dynamic task data in the “Internals” tab of work requests if available. (#1013)

Client

Features

• Add debusine workspace-inheritance to configure a workspace’s inheritance. (#978)

• Add shell completion via argcomplete. (#1020)

Bug Fixes

• Return more user-friendly errors if an incorrect file is specified to debusine provide-signature --local-file. (#986)

Workflows

Features

• Add blhc workflow and use it from debian_pipeline and qa workflows. (#802)

Tasks

Bug Fixes

• task_configuration in task data is now inherited from the parent workflow. (#1012)

• Default task_configuration to default@debusine:task-configuration. (#1012)

Worker

Bug Fixes

• Go back to exiting the worker if it fails to send a task result to the server, so that systemd can restart it and allow it to reconnect. (#937)

General

Bug Fixes

• Weaken tests for invalid HTML, since lxml (via libxml2) no longer provides as much HTML error checking. (#953)

0.12.0 (2025-08-15)

Server

Incompatible Changes

• Remove debusine-admin create_workspace, delete_workspace, list_workspaces, and manage_workspace commands, deprecated in favor of debusine-admin workspace <subcommand> in 0.8.0.

  Remove debusine-admin create_file_store, deprecated in favor of debusine-admin file_store create in 0.9.0. (#886)

• Moved OIDC validation to code. Provider.restrict is still supported, but deprecated: use settings.SIGNON_CLASS instead, see the DebusineSignon class.

  The add_to_group option of Provider now requires a dict mapping GitLab groups to Debusine groups, instead of a string, and a string value is ignored.

  Site-specific code is provided to replicate existing setups for debusine.debian.net and debusine.freexian.com, and can be removed once both sites are migrated to using dict values for add_to_group. (#898)

• Refactor server/signon to remove compatibility code.

  This drops the previous debusine.DebusineSignon class for SIGNON_CLASS in favour of sites.DebianSignon, only needed for debusine.debian.net.

  The default signon.Signon class is now sufficient for basic deployments, including debusine.freexian.com.

  restrict has been un-deprecated and is now honored, so that deployments like debusine.freexian.com can restrict logins to given GitLab groups without a SIGNON_CLASS.

  No migration strategy is provided: this requires a flag day for debusine.debian.net and debusine.freexian.com, as they used the DebusineSignon class. There should be no breaking changes for other deployments introduced with this change. (#898)

• Changed the location for local templates in the packaged defaults.

  Additional local templates were loaded from /var/lib/debusine/server/templates. This is now changed to /etc/debusine/server/templates, which is the correct place for local customizations. (#947)

• Squashed database migrations from before 0.11.0. People with older Debusine server installations must upgrade to 0.11.* before upgrading to this version. (#975)

• Rename debusine-admin manage_worker command to debusine-admin worker. The --worker-type option, if given, must now come after the subcommand name (enable or disable). The old name is still present, but is deprecated.

  Rename debusine-admin edit_worker_metadata command to debusine-admin worker edit_metadata. The old name is still present, but is deprecated.

  Rename debusine-admin list_workers command to debusine-admin worker list. The old name is still present, but is deprecated.

Features

• Store content-type of files as sent by the client. (#324)

• Implement debian:archive collection. (#329)

• Add an API endpoint to abort a work request or a workflow. (#384)

• Add debian:repository-index artifacts, and allow adding them to debian:suite collections.

  Add a GenerateSuiteIndexes task to generate Packages, Sources, and Release files for a suite. (#755)

• Add url and scope fields to responses from several API views. (#766)

• Add /api/1.0/open-metrics/ that provides instance usage statistics. (#888)

• Allow Provider.options['add_to_group'] to match nm.debian.org user statuses when using an nm: prefix. (#898)

• Add on_assignment event.

  Add skip-if-lookup-result-changed action, and a new “skipped” work request result. (#907)

• Ensure that only one workflow callback can run at once for a given workflow. (#908)

• APTMirror: Mirror repository indexes as well as packages. (#945)

• Add debusine-admin worker create to create a worker with an activation token, as an alternative to letting it register itself and then enabling the token separately.

• Extend binary and binary-version lookups on debian:archive and debian:suite collections to include Architecture: all packages for concrete architecture names.

• Improve reconstruction of lookups by preserving the original spelling of the parent collection.

Bug Fixes

• debusine-admin delete_expired: Optimize calculation of which artifacts must be kept. (#473)

• Record errors from assigning work requests to workers in WorkRequest.output_data. (#589)

• Optimize Workspace.get_collection, used by most lookups. (#786)

• Fix crashes in debusine-admin delete_expired and debusine-admin vacuum_storage when trying to clean up expired or old incomplete artifacts respectively.

  Make debusine-admin delete_expired delete files from stores that aren’t present in any artifact, even if the artifacts they used to be in weren’t deleted in this delete_expired run. (#891)

• Fix a race when telling the client which of a new artifact’s files it needs to upload; previously this sometimes resulted in incomplete artifacts when two artifacts with overlapping files were created at nearly the same time.

  Forbid creating relations with incomplete artifacts. (#930)

• Fix crash in debusine-admin delete_expired when trying to clean up expired workspaces. (#936)

• When creating worker, server, or sub-workflow work requests in workflows, make them inherit the effective priority of their parent as their base priority. (#973)

• Work around S3 incompatibility between Hetzner and boto3 >= 1.36.0.

Web UI

Features

• Display files based on the content-type sent by the client, restricted to a set of safe content-types. (#324)

• Add web UI to abort a work request or a workflow. (#384)

• Add a separate virtual host with archive access views. (#757)

• Make it easier for local admins to customize the homepage and footer. (#850)

• Allow Debian Maintainers to log in via Salsa OIDC authentication. (#898)

• Add view to test and debug how task configuration is applied. (#989)

• Add links to workflow documentation from the web UI.

Bug Fixes

• Exclude Celery worker from list of workers. (#559)

• Add --server FQDN/SCOPE option to suggested debusine provide-signature command (requires the client to be at least version 0.11.3). (#749)

• Make “workspace not found” errors slightly more generic, since they can also cover authorization failures. (#778)

• Optimize detail view for large workflows. (#786)

• Return 404 when trying to view a nonexistent workflow template, rather than logging a noisy traceback. (#875)

• Fix display of collection retention periods. (#890)

• Support byte-range requests that specify only one of the first and last byte positions in the range. (#956)

Client

Incompatible Changes

• Print web URLs to objects where possible. This requires a server with at least commit 30dd738393e46f2f2bc0d09aacdfd53297dbba95. (#766)

Features

• Guess content-type of files when uploading them to the server. (#324)

• Add debusine abort-work-request command. (#384)

• Allow selecting a server using --server FQDN/SCOPE, as an alternative to needing to know the [server:...] section name in the configuration file. (#749)

• Added debusine task-config-pull and task-config-push, to manage debusine:task-configuration collections. (#789)

• A local copy of the .changes file can be passed to provide-signature for signing and uploading. (#816)

• Accept extra command-line arguments to debusine on-work-request-completed. (#966)

Workflows

Incompatible Changes

• lintian, qa, debian_pipeline: Change default value of fail_on_severity/lintian_fail_on_severity to error. (#804)

• Rename the suite_collection key of the reverse_dependencies_autopkgtest workflow and the reverse_dependencies_autopkgtest_suite key of the qa and debian_pipeline workflows to qa_suite.

  piuparts: Add source_artifact as a required task data key. (#907)

Features

• Add debdiff workflow and integrate it into debian_pipeline. (#607)

• Add update_suites workflow. (#755)

• In the sbuild workflow, configure the same ASPCUD criteria as Debian’s buildd would use, when targeting experimental. (#829)

• update_environments: Accept null as an element in a targets.variants list; this may be useful to indicate that an environment may be used as a generic environment for any task while also being the most suitable environment for particular variants. (#899)

• reverse_dependencies_autopkgtest: Document support for passing debian:binary-package artifacts in binary_artifacts and context_artifacts.

  qa: Document support for passing debian:binary-package artifacts in binary_artifacts. (#906)

• autopkgtest, lintian, piuparts, qa, reverse_dependencies_autopkgtest: Support updating a debian:qa-results collection with reference QA results. (#907)

• autopkgtest: Implement enable_regression_tracking parameter to perform regression analysis against reference results. (#908)

• Add split source/binary upload signing, where the developer signs the source package and Debusine signs the binaries. (#944)

Bug Fixes

• Make the package_upload workflow idempotent. (#800)

• lintian: Constrain child work requests to run on an architecture matching the binaries. (#866)

• lintian: Only produce source and binary-all analysis artifacts once.

  lintian: If binary_artifacts is empty, create a single work request to run lintian on the source package. (#908)

• package_upload: Avoid confusion between the output of different MergeUploads tasks. (#914)

• reverse_dependencies_autopkgtest: Give child workflows a hardcoded priority of -5 relative to their parent workflow, for now. (#973)

• package_upload: Constrain MakeSourcePackageUpload to run on a particular architecture. (#990)

Tasks

Incompatible Changes

• Lintian: Change default value of fail_on_severity to error. (#804)

• If tasks are given an environment without a variant filter, automatically try variant={task_name} followed by variant=. This may require changes to your update_environments workflows to ensure that a generic environment with no variant is always available. (#899)

Features

• Display input artifacts for tasks AssembleSignedSource, Autopkgtest, Blhc, CopyCollectionItems, ExtractForSigning, Lintian, MakeSourcePackageUpload, MergeUploads, Noop, PackageUpload, Piuparts, SystemBootstrap, and SystemImageBuild. (#549)

• Sbuild: Add build_dep_resolver and aspcud_criteria options. (#829)

• Require a compatible piuparts version to be available in the environment for the Piuparts task, when running in a container. (#867)

• Autopkgtest: Document support for passing debian:binary-package artifacts in input.binary_artifacts and input.context_artifacts.

  Piuparts: Support passing debian:binary-package artifacts in input.binary_artifacts. (#906)

• Lintian: Add architecture field to debian:lintian artifact. (#908)

• DebDiff: Speed up this task significantly by avoiding installing most of the Recommends of the devscripts package.

Bug Fixes

• Fix DNS resolution during customization_script execution in SimpleSystemImageBuild image builds. (#664)

• Piuparts: Process base tarball in Python rather than using mmtarfilter, which wasn’t available until Debian 10 (buster). (#867)

• Ensure that a /var/lib/dpkg/available file exists when running the Piuparts task. (#874)

• Lintian: Fix incorrect parsing of tag explanations for Debian bullseye. (#921)

• MergeUploads: Fix ineffective overlapping-files check when multiple input uploads share the same .changes file name. (#954)

• Fix an AssertionError in the Piuparts task, when using debian:binary-packages as input.

• Install passwd if we need useradd to create a non-root user inside task executors.

Signing

Features

• Add SignRepositoryIndex task. (#756)

General

Features

• Add components attribute to debian:system-tarball and debian:system-image artifacts. (#829)

• Run test suite under pytest.

0.11.3 (2025-07-08)

Client

Features

• A local copy of the .changes file can be passed to provide-signature for signing and uploading. (#816)

0.11.2 (2025-07-03)

Client

Features

• Allow selecting a server using --server FQDN/SCOPE, as an alternative to needing to know the [server:...] section name in the configuration file. (#749)

0.11.1 (2025-05-04)

Server

Bug Fixes

• Set Vary: Cookie, Token on all HTTP responses. (#761)

• Return multiple lookup results in a predictable order, to make it easier for workflows to be idempotent. (#796)

• Fix regression in update_workflows Celery task.

Web UI

Features

• Add a debdiff artifact view. (#714)

• Added list and detail views for WorkerPool. (#733)

• Add number of files in the “Files” tab of the artifact view.

• Redesigned table sorting and header rendering.

Bug Fixes

• Redesigned table filtering. (#475)

• Search collection page: fix “str failed to render” error in table headers. (#799)

• Autopkgtest: Render extra repositories as deb822 sources. (#828)

• Change the default tab in the artifact view to “Files”. (#848)

• Autopkgtest: Fix the “Distribution” field.

Miscellaneous

• #420, #814

Client

Features

• debusine setup: Manage the default server setting. (#780)

Bug Fixes

• Wrap Debusine errors so that they’re shown cleanly by dput-ng. (#827)

• Improve logging while uploading individual files to artifacts. (#839)

• Fix handling of responses without Content-Type.

Workflows

Features

• Allow overriding the environment in the piuparts workflow. Allow overriding the piuparts_environment in the qa and debian_pipeline workflows. (#638)

Bug Fixes

• In the autopkgtest, piuparts and sbuild workflows, extend children’s extra_repositories with overlay repositories (e.g. experimental) if codename is a known overlay. (#780)

• make_signed_source: Disambiguate handling of multiple signing templates for a single architecture.

  make_signed_source: Provide debian:upload artifacts as signed-source-* outputs, not debian:source-package.

  debian_pipeline: Upload signed source packages and their binaries if necessary. (#796)

• sbuild: Improve workflow orchestration error when no environments were found. (#830)

Tasks

Bug Fixes

• Lintian: Use lintian --print-version to extract the version. (#609)

• Fix a variety of bugs in SimpleSystemImageBuild image builds, that broke use with the incus-vm and qemu executors. Only require the python3-minimal package to be installed for the qemu executor. (#664)

• DebDiff: Install diffstat package, to make the --diffstat flag work. (#748)

• DebDiff: Create relates-to relations to binary artifacts.

Worker

Bug Fixes

• Incus LXC instances now wait for systemd-networkd to declare the network online, before running autopkgtests. (#812)

General

Documentation

• Add new project management practices page. (#784)

• Update playground setup advice. (#797)

• Update the introduction with more recent content.

0.11.0 (2025-04-15)

Server

Features

• Delete artifacts that were created more than a day ago and are still incomplete. (#667)

Bug Fixes

• Don’t create a workflow if its input validation fails. (#432)

• Only retry work requests up to three times in a row due to worker failures. (#477)

• Rename debusine-server-artifacts-cleanup.{service,timer} to debusine-server-delete-expired.{service,timer}, to better reflect the function of those units. (#636)

• APTMirror: Ensure that only one mirroring task for a given collection runs at once. (#694)

• Don’t set the Celery worker’s concurrency to 1 in the database when starting the scheduler or provisioner service. (#751)

• Record errors from server tasks in WorkRequest.output_data. (#785)

• Optimize computing the runtime status of large workflows. Batch expensive workflow updates and defer them to a Celery task. (#786)

Documentation

• Update Enable logins with GitLab accounts to account for a renamed module.

Web UI

Incompatible Changes

• Remove FileInArtifact IDs from file links.

<scope>/<workspace>/artifact/<artifact_id>/raw/<file_in_artifact_id>/<path>

becomes …/<artifact_id>/raw/<path>.

<scope>/<workspace>/artifact/<artifact_id>/file/<file_in_artifact_id>/<path>

becomes …/<artifact_id>/file/<path>. (#621)

Features

• Better usability for the token generation UI: copy token to clipboard, show a config snippet with the token. (#421)

• Downloading an artifact without the archive= query parameter autodetects the file type.

  This means that a download will by default produce a tarball only if the artifact contains more than one file. One can explicitly add ?archive=tar.gz to force always returning a tarball. (#621)

• Add view raw and download buttons to all file display widgets. (#621)

• Add an indication to /-/status/workers/ showing each worker’s pool. Exclude inactive pool workers from /-/status/workers/. Add worker details page. (#733)

Bug Fixes

• Work requests now show validation/configuration errors. (#651)

Client

Incompatible Changes

• Move Debusine-specific entries in dput-ng profiles from keys in a nested debusine object to top-level debusine_* keys, to make them easier to override in local profiles.

Features

• Add bullseye-security, bookworm, and bookworm-security entries to the dput-ng profile for debusine.debian.net.

• Show more useful information for 404 responses.

Bug Fixes

• Fix file uploads if api-url is configured with a trailing slash. (#793)

Workflows

Features

• Restrict starting workflows to workspace contributors. (#625)

Bug Fixes

• Record errors from Workflow.ensure_dynamic_data. (#589)

• Record orchestrator errors in WorkRequest.output_data. reverse_dependencies_autopkgtest: Validate suite_collection parameter. (#651)

• Use | instead of / as a collection item prefix separator in workflows, since / is used to separate lookup string segments. reverse_dependencies_autopkgtest: Fix orchestration failure for source package versions containing a colon.

Tasks

Features

• MergeUploads: Reimplement mergechanges in Python, for efficiency and to avoid problems with buggy versions of mawk in some old Debian releases. (#512)

Bug Fixes

• ExtractForSigning: Tolerate overlap between template and binary artifacts. (#763)

Signing

Documentation

• Document how to find generated signing keys. (#771)

General

Documentation

• Rework Getting started with Debusine to create a workflow. (#764)

Miscellaneous

• #743

0.10.0 (2025-04-02)

Server

Incompatible Changes

• CreateExperimentWorkspace: Redefine expiration_delay as a number of days rather than a duration.

• Use Debusine permissions for managing workflow templates. If you previously granted yourself the add_workflowtemplate permission, see the updated tutorial for how to grant yourself owner access to a workspace.

Features

• Store worker pool statistics on task completion and worker shutdown. Implement provisioning of pool workers. (#721)

Bug Fixes

• Retry any running work requests when terminating pool workers. (#731)

• Limit status views of running external tasks (/api/1.0/service-status/ and /-/status/queue/) to worker tasks. (#750)

Documentation

• Document cloud worker pools and storage. (#735)

Web UI

Features

• Add an audit log for group-related changes. (#734)

Bug Fixes

• Fix link to workflows that need input.

Client

Features

• Add debusine setup for editing server configuration interactively. (#711)

• Add dput-ng integration. (#713)

Bug Fixes

• debusine provide-signature: Always pass --re-sign to debsign. (#713)

Workflows

Incompatible Changes

• create_experiment_workspace: Redefine expiration_delay as a number of days rather than a duration.

Bug Fixes

• make_signed_source: Pass unsigned binary artifacts to sbuild sub-workflow via input.extra_binary_artifacts. (#727)

• autopkgtest, lintian: Handle debian:upload source artifacts without original upstream source. (#744)

Documentation

• make_signed_source: No longer document debian:binary-packages artifacts as being accepted in binary_artifacts; they never worked. (#747)

Tasks

Features

• Sbuild: Accept debian:upload artifacts in input.extra_binary_artifacts. (#727)

Bug Fixes

• ExtractForSigning: If given debian:upload artifacts in binary_artifacts, follow extends relationships to find the underlying debian:binary-package artifacts. (#747)

• Handle errors while fetching task input more gracefully. (#763)

0.9.1 (2025-03-24)

Server

Features

• Automatically add task runs to the appropriate debusine:task-history collection. (#510)

• Support Hetzner Object Storage. Support worker pools on Hetzner Cloud. (#543)

• Accept scope prefixes in debusine-admin create_collection --workspace and debusine-admin create_work_request --workspace. (#608)

• Implement populate and drain storage policies in debusine-admin vacuum_storage. Implement store-level soft_max_size and max_size limits in debusine-admin vacuum_storage. (#684)

• debusine:cloud-provider-account asset: Add optional configuration.s3_endpoint_url for the aws provider type. (#685)

• Add roles to group memberships. (#697)

• Add debusine-admin worker_pool command. Add internal per-provider API for launching and terminating dynamic workers. (#720)

• Support worker pools on AWS EC2. (#722)

Bug Fixes

• Add a DEBUSINE_DEFAULT_WORKSPACE Django setting, for use if the default workspace has been renamed to something other than “System”. (#571)

• Only upload to write-only stores when applying the populate storage policy in debusine-admin vacuum_storage, not elsewhere. (#684)

Documentation

• Document file stores. (#541)

• Document CreateExperimentWorkspace task. (#542)

Web UI

Features

• Add web UI for group management: list groups, add/remove users, change user roles. (#542)

Bug Fixes

• Do not show “Plumbing” in the navigation bar if the view is not workspace-aware. (#675)

Workflows

Features

• package_publish: Copy debusine:task-history items from the same workflow. (#510)

Documentation

• Document create_experiment_workspace. (#542)

• Document how to implement a new workflow. (#693)

Tasks

Features

• MmDebstrap, SimpleSystemImageBuild: Support reading keyrings from /usr/local/share/keyrings/. (#739)

Worker

Features

• Add worker activation tokens, which can be used to auto-enable pool workers when they start without needing to expose worker tokens in cloud-init user-data. (#732)

General

Miscellaneous

• #729

0.9.0 (2025-02-25)

Server

Incompatible Changes

• File stores are now linked to scopes rather than to workspaces. They can be configured using debusine-admin scope. debusine-admin workspace define and debusine-admin workspace list (as well as the deprecated debusine-admin create_workspace, debusine-admin manage_workspace, and debusine-admin list_workspaces commands) no longer handle file stores. (#682)

• Rename debusine-admin create_file_store command to debusine-admin file_store create. (The old name is still present, but is deprecated.) (#683)

• Rename debusine-admin monthly_cleanup to debusine-admin vacuum_storage, and run it daily. Rename the associated systemd units similarly. (#684)

Features

• Implement task configuration mechanism. (#508)

• Implement debusine:task-history collection. (#510)

• Add API: 1.0/asset/ to create and list Assets. Add API: 1.0/asset/<str:asset_category>/<str:asset_slug>/<str:permission_name> to check permissions on Assets. Add debusine-admin asset management command to manage asset permissions. (#576)

• Add debusine-admin scope add_file_store, debusine-admin scope edit_file_store, and debusine-admin scope remove_file_store commands. Add an instance_wide field to file stores, defaulting to True, which can be configured using the --instance-wide/--no-instance-wide options to debusine-admin file_store create. Non-instance-wide file stores may only be used by a single scope. Add soft_max_size and max_size fields to file stores, which can be configured using the --soft-max-size and --max-size options to debusine-admin file_store create. (#682)

• Add debusine-admin scope show command. Add debusine-admin file_store delete command. Make debusine-admin file_store create idempotent. (#683)

• Generalize sweeps by debusine-admin vacuum_storage over files in local storage to be able to handle other backends. (#684)

• Add debusine-admin asset create command. Add an S3 file backend. Add --provider-account option to debusine-admin file_store create, to allow linking file stores to cloud provider accounts. (#685)

• Add debusine:cloud-provider-account asset. (#696)

• Implement ephemeral groups. (#697)

• Add a plugin for the Munin monitoring server. If run on the server, it should be able to automatically configure itself. It provides three graphs. The workrequest queue length is graphed by type and by worker architecture. The third graph shows the number of registered, connected and busy workers.

Bug Fixes

• Deal with expired work requests without an internal collection that are referenced by build logs. Fix deleting expired work requests with child work requests referenced by build logs. (#635)

• Explicitly depend on libjs-select2.js in the debusine-server package.

• Set current context when running server tasks.

Documentation

• Add blueprint for dynamic cloud compute scaling. (#538)

• Add blueprint for dynamic cloud storage scaling. (#539)

• Split artifacts documentation by category. (#541)

• Add blueprint for cloning workspaces for experiments. Add blueprint for granting ADMIN roles on groups to users. (#542)

Miscellaneous

• #666, #704

Web UI

Features

• Workspaces can now be set to expire. Owners can configure this and other attributes in the web UI. (#698)

• Display configured task data (see Task configuration) in views that display work requests. (#707)

• /{scope}/{workspace}/workflow/: Add label tag to “With failed work requests”, to allow enabling/disabling the checkbox by clicking on the text.

Bug Fixes

• Fix collection item detail URLs to allow slashes in names. (#676)

• Handle empty Lintian artifacts. (#677)

• Filter workflow template detail view to the current workspace. (#680)

• Preserve redirect URL on login. (#717)

• Fix title of homepage and scope pages.

Client

Features

• Add asset_create and asset_list methods to create and list Assets. Add create-asset and list-assets commands to create and list assets. Add asset_permission_check method to check permissions on Assets. (#576)

Workflows

Incompatible Changes

• debian_pipeline, make_signed_source, package_upload: Signing keys are now specified by fingerprint, rather than a lookup for an asset. Remove the debian:suite-signing-keys collection. (#576)

Features

• Add subject to dynamic data for all workflows. (#679)

• Add workflow to create an experiment workspace. (#699)

Bug Fixes

• make_signed_source: Fix passing of debusine:signing-input artifacts between workflow steps. (#689)

• Fix handling of dependencies between workflows. In most cases workflows themselves shouldn’t have dependencies, but the sbuild sub-workflow created by make_signed_source is an exception. (#690)

• make_signed_source: Pass all outputs from the Sign task through to the AssembleSignedSource task, not just one of them. (#692)

• make_signed_source: Fix orchestration of sbuild sub-workflow. (#695)

Tasks

Incompatible Changes

• Sbuild: Remove schroot support. (#660)

Features

• Add subject, configuration_context, and runtime_context to dynamic data for all worker tasks. (#679)

Bug Fixes

• Fix accidental leakage of keyring and customization script names between MmDebstrap task instances on the same worker, leading to task failure. (#686)

Worker

Features

• Record runtime statistics for tasks. (#510)

• Log task stages to a work request debug log as well.

Bug Fixes

• Fix various worker asyncio issues.

Signing

Incompatible Changes

• GenerateKey: The result is now a debusine:signing-key asset rather than an artifact. Debsign, Sign: The key parameter is now the key’s fingerprint, rather than an asset lookup. Sign, Debsign: The signer role is required on signing key assets, by the work request creator. (#576)

Features

• Allow recording username and resource data in the signing service audit log. Record the username and resource description in the audit log, in the Sign and Debsign tasks. (#576)

General

Incompatible Changes

• Add a new primitive, Assets, to represent objects that need permissions, like debusine:signing-key. Existing work requests and workflows are migrated to refer to signing keys by fingerprint. Existing debusine:signing-key artifacts are migrated to assets. We recommend that Debusine admins audit their database for any remaining artifacts with category debusine:signing-key, and remove them after confirming that they have been migrated to assets. This will require removing any related artifact relations first. Audit query: SELECT * FROM db_artifact WHERE category='debusine:signing-key'; (#576)

0.8.1 (2025-01-13)

Server

Features

• New view with list of workflows (/<scope>/<workspace>/workflow/). List workflow templates with stats in the workspace view (/<scope></workspace>/), new view with specific template information (/<scope>/<workspace>/workflow-template/<workflow-template>/). (#400)

Bug Fixes

• Use an in-memory channel layer for tests, rather than Redis. (#617)

• Fix cleanup of expired work requests referenced by internal collections. (#644)

• Retry any work requests that a worker is currently running when it asks for a new work request. (#667)

• Fix tests with python-debian >= 0.1.50. (#672)

Documentation

• Split collections documentation by category. (#541)

Web UI

Incompatible Changes

• Reorganize /-/user/ URLs to contain the user name, and move the logout view to /-/logout/. (#649)

• Remove /view/ from workspace view path (/<scope>/<workspace>/view/).

Features

• Add workflows split-button pulldown to base template. (#620)

• For workflows that need input, link to the first work request that needs input. (#674)

• Add a user detail view.

• Extend workspace detail view to show figures about workflows.

• Use select2 for the multiple choice fields on the workflow list form.

Bug Fixes

• Hide collections with the category workflow-internal from the navbar collections dropdown. (#639)

• Return 404 when trying to view incomplete files, rather than logging a noisy traceback. Don’t link to incomplete files, and mark them as “(incomplete)”. Mark artifacts as incomplete in artifact lists if any of their files are incomplete. (#667)

• Fix ordering of workers list by “Last seen”. (#669)

Workflows

Features

• debian_pipeline, qa, reverse_dependencies_autopkgtest, sbuild: Support debian:upload artifacts as input. (#590)

• autopkgtest, piuparts, reverse_dependencies_autopkgtest, qa, debian_pipeline: Add support for extra_repositories. (#622)

Bug Fixes

• Fix looking up the architecture from a lookup that returns an artifact from a collection. (#661)

Tasks

Incompatible Changes

• Autopkgtest: Replace the extra_apt_sources property with extra_repositories, following the same syntax as Sbuild. (#622)

Features

• Gather runtime statistics from executors. (#510)

• Piuparts: Add support for extra_repositories. (#622)

• SimpleSystemImageBuild: Switch from debos to debefivm-create for VM image creation. This also drops support for the Debian Jessie release.

Bug Fixes

• Piuparts: Compress processed base tarball for pre-1.3 compatibility. (#638)

General

Miscellaneous

• #648, #670

0.8.0 (2024-12-26)

Server

Incompatible Changes

• Refactor tabular output to also allow machine-readable YAML. (#247)

• Add permission checks to all API views that accept user authentication. (#568)

• Enforce permissions when creating artifacts. (#614)

• Deprecate debusine-admin create_workspace, delete_workspace, list_workspace and manage_workspace in favor of debusine-admin workspace <subcommand>. debusine-admin workspace create creates workspaces with a default 30-days expiration delay (instead of no expiration by default for create_workspace), and requires an existing owner group to be specified. (#640)

• Enforce permissions when retrying work requests.

Features

• debusine-admin create_workspace: Assign an owners group, controlled by the --with-owners-group option. (#527)

• Add infrastructure to help enforcing permissions in views. (#598)

• Record information about any originating workflow template in work requests, and add a cached human-readable summary of their most important parameters. (#618)

• Implement debusine-admin group list and debusine-admin group members. (#623)

• Add a contributor role for workspaces; contributors can display the workspace and create artifacts in it. (#625)

• Introduce new debusine-admin workspace subcommand, regrouping and expanding the existing *_workspace. See debusine-admin workspace. (#640)

• Allow bare artifact IDs in workflow input.

Bug Fixes

• Validate new scope, user, collection, and notification channel names. (#551)

• Allow creating workflows using scoped workspace names. (#570)

• Report workflow validation errors directly to the client on creation, rather than leaving unvalidated workflows lying around in error states. (#633)

• Set up permissions context when running server tasks. (#642)

• Port to Django 5.1. (#646)

• Check work request status when running Celery tasks, to guard against mistakes elsewhere.

• Enable Django’s ATOMIC_REQUESTS setting, avoiding a class of mistakes where views forget to wrap their changes in a transaction.

• Implement add_to_group option in signon providers.

• Link externally-signed artifacts to the ExternalDebsign work request.

Miscellaneous

• #626, #643

Web UI

Incompatible Changes

• Drop workspaces from homepage; they are now visible on scope pages instead. (#554)

• Move /api-auth/ views to /api/auth/. (#581)

• Move admin, task-status, user, and workers views to unscoped URLs. (#582)

• Move account-related views to unscoped URLs. (#583)

• Move work request URLs under workspaces. (#584)

• Move artifact URLs under workspaces. (#585)

Features

• Set the current workspace in views that use it. (#395)

• Move “Workers” and “Task status” from the navigation bar to the footer. Add a per-scope landing page. Add a “Collections” menu in workspaces. Add view to list and filter workflows. (#557)

• Show current and other workspaces in base template. (#624)

• Merge workspace list into scope detail view. (#629)

• Show the current scope as the “brand”, with an optional label and icon. (#630)

• Display git-based version information in footer. (#631)

• Show results in workflow views.

• Show workflow details open by default.

Bug Fixes

• Silence unnecessary logging when viewing invalid work requests. (#588)

• Log out via POST rather than GET. (#646)

• ExternalDebsign: Fix “Waiting for signature” card.

• Consider task type when selecting work request view plugins.

• Fix “Last Seen” and “Status” for Celery workers.

• List workflow templates in workspace detail view.

Documentation

• Document scope as required in client configuration, and simplify example if there is only one. (#613)

Miscellaneous

• #645

Client

Documentation

• Add documentation for the client configuration file. (#613)

Workflows

Features

• Add package_publish workflow. (#396)

• Add reverse_dependencies_autopkgtest workflow. (#397)

• autopkgtest, sbuild: Implement arch_all_host_architecture. (#574)

• sbuild: Implement extra_repositories. (#622)

• package_upload: Support uploading to delayed queues.

Bug Fixes

• debian_pipeline: Handle some build-* promises being missing.

• make_signed_source, package_upload: Fix invalid creation of some child work requests. Add validation to catch such problems in future.

• package_upload: Set correct task type for ExternalDebsign.

• Fix work request statuses in several workflows.

• Mark empty workflows as completed.

Documentation

• Point to the workflow template list.

Tasks

Incompatible Changes

• Sbuild: Stop running lintian; it’s now straightforward to run both sbuild and lintian in sequence using the debian_pipeline workflow. (#260)

Features

• Sbuild: Implement extra_repositories. (#622)

• Lintian, Piuparts: Capture apt-get output.

Bug Fixes

• Sbuild: Don’t count it as a success if the host architecture is not supported by the source package. (#592)

• Sbuild: Drop the redundant --no-clean argument. (#603)

• Piuparts: Handle piuparts being in either /usr/sbin or /usr/bin.

• Wait for Incus instances to boot systemd.

Documentation

• Split task documentation by task types.

Miscellaneous

• #652

Signing

Documentation

• Add blueprint for restricting use of signing keys. (#576)

General

Features

• Enforce mypy’s strict mode across the whole codebase.

Bug Fixes

• Ensure consistent LANG settings in systemd services. (#494)

• Reset failed *-migrate services in integration tests.

0.7.2 (2024-11-13)

Quality

• Use hello from bookworm in piuparts integration test.

0.7.1 (2024-11-12)

Quality

• Fetch packages from matching suites in integration tests.

0.7.0 (2024-11-12)

Server

• Unblock reverse-dependencies when aborting a work request.

• Upgrade to Django 4.2.

• Implement an admin role for scopes.

• Validate group names.

• Add debusine-admin group management command.

• Add make_signed_source workflow.

• Add API for monitoring worker status.

• Add roles for workspaces.

• Handle scopes in workspace management commands.

• Add an initial set of permission predicates.

• Add scope visibility permission check.

• Use workspace permissions in collection lookup.

• Force evaluation of lazy request.user in AuthorizationMiddleware.

• Don’t ignore failed elements of multiple lookups.

• Make the default workspace public.

• Improve command-line handling of constraint violations.

• Add singleton collections.

• Add permission for creating workspaces.

• Add lintian workflow.

• Fix debusine-admin create_workspace --default-expiration-delay command-line parsing.

• Support lookups that match items of multiple types.

• Add piuparts workflow.

• Add qa workflow.

• Implement signing_template_names in sbuild workflow.

• Add same_work_request lookup filter to debian:package-build-logs collection.

• Add debian_pipeline workflow.

• Add CopyCollectionItems task.

Web UI

• Disallow public access to work requests in private workspaces.

• Prototype implementation of scopes in URLs.

• Handle workspaces with the same name in different scopes.

• Remove workspace/ segment from URLs.

Client

• Implement scope support.

• Correctly download artifacts with directories in file paths.

Worker

• SystemBootstrap:

  • Allow keyring URLs starting with file:///usr/share/keyrings/.

  • Write non-ASCII-armored keyrings to .gpg rather than .asc.

• Sbuild:

  • Relax binnmu_maintainer validation in dynamic data to avoid failures if DEBUSINE_FQDN is under a non-email-suitable domain.

  • Drop unnecessary sbuild:host_architecture from dynamic metadata.

• Add DebDiff task.

Signing

• Sign:

  • Fail if signing failed.

  • Use detached signatures when signing UEFI files.

  • Take multiple unsigned artifacts and sign them all with the same key.

• Register Debsign task, which previously existed but was unusable.

Documentation

• Indicate that kmod keys aren’t (yet?) supported.

• Split signing service documentation into explanation and reference.

• Add an explanation of lookups.

• Document the debusine-worker CLI.

• Move artifact relationships documentation to reference.

• Point to bookworm-backports instead of deb.freexian.com.

• Update Add a new worker to explain how to enable a signing worker.

• Add how-to for configuring a YubiHSM.

• Install a signing worker in the installation tutorial.

• Document the debusine-signing CLI.

• Add blueprint for changing the UI to be more workflow-centered.

• Restructure the hierarchy of reference documentation pages.

• Document how to generate signing keys.

• Add blueprint for copying artifacts between workspaces.

• Add blueprint for a URL redesign.

Quality

• Add more type annotations for tasks.

• Fix test failures in non-English locales.

• Skip simplesystemimagebuild test with UML >= 6.11um1 for now.

0.6.0 (2024-10-10)

Server

• Tighten up handling of creating artifacts with files that already exist.

• Add Wait task type.

• Add Delay task.

• Add ExternalDebsign task and a corresponding API view to allow a client to provide a signature to it.

• Add a system for coordinating multiple sub-workflows within a higher-level workflow.

• Introduce scopes.

• Introduce a basic application context.

• Run workflow orchestrators via Celery.

• Add autopkgtest workflow.

• Add debusine-admin scope command.

• Add retry-with-delays action for use in on_failure event reactions.

• sbuild workflow:

  • Support build profiles.

  • Add retry_delays, which can be used for simplistic retries of dependency-wait failures.

• Let nginx gzip-compress text responses.

• Add PackageUpload task.

• Add package_upload workflow.

Web UI

• Improve label for debian:binary-package artifacts.

• Show “Waiting for signature” card on blocked ExternalDebsign requests.

• Show forward and reverse-extends artifact relations.

Client

• Add debusine provide-signature command.

• Allow debusine import-debian-artifact to upload individual .deb packages.

• Correct imported package relations.

• Don’t download large artifacts as tarballs.

Worker

• Add MakeSourcePackageUpload task.

• Add MergeUploads task.

• Sbuild:

  • Support build_profiles.

  • Don’t permit architecture-independent binary-only NMUs.

  • Fix architecture field of created debian:binary-packages artifacts.

  • Export DEB_BUILD_OPTIONS for nocheck and nodoc profiles.

  • Set a default maintainer for binary-only NMUs.

• Apply some environment constraints to the Piuparts task’s base_tgz lookup.

• Register ExtractForSigning task, which previously existed but was unusable.

• Fix unshare executor compatibility with Debian environments from before the start of the /usr merge.

• Fall back to the worker’s host architecture for the purpose of environment lookups if the task doesn’t specify one.

• Log progress through the main steps of each task.

Signing

• Add Debsign task.

Documentation

• Document signing workers and tasks.

• Add design for permission management.

• Add design for reverse-dependencies-autopkgtest workflow.

• Add design for task configuration, work request statistics, and other build-related features.

• Add short introduction to Debusine concepts tying everything together.

• Move explanation of expiration logic to a separate Expiration of data page.

• Simplify explanation of artifacts.

• Move information about Task types to a separate page.

• Move information about collection data models to a separate page.

Quality

• Use vulture to find dead code.

• Sort imports automatically using isort.

• Make coverage reports briefer.

0.5.0 (2024-09-03)

Server

• Avoid N+1 queries when resolving multiple lookups.

• Automatically drop privileges when running debusine-admin or debusine-signing as root.

• Mark retried work requests as blocked if necessary.

• Add an API endpoint to review manual unblocks.

• Unassign pending or running work requests when disabling a worker.

• Fix ineffective debian:environments uniqueness constraint.

• Adjust the sbuild workflow to allow storing build logs in a new debian:package-build-logs collection.

• Default to a five-second timeout when sending email, to avoid hangs if the local mail transport agent is broken.

• Don’t buffer output to log files.

• Validate new work requests when creating them.

Web UI

• Link to work request and build log in artifact list.

• Add a framework of UI shortcuts and sidebar information, allowing a more attractive and consistent presentation of resources such as artifacts and work requests.

• Redirect user to original URL after login.

• If an artifact has only one file, download that file by default instead of a tarball.

• Show input artifacts in work request views.

• Add a user-friendly view of files in artifacts.

• Fix error when viewing an artifact with multiple related build logs.

• Use pygments to render text content.

• Redesign work request detail view.

• Use work request labels in the UI.

• Add UI to review work requests blocked on manual approval.

• Add a view of registered workers and their running work requests.

• Fix collection search paging.

• Add a view of the task queue.

Client

• Only accept valid artifact categories in debusine create-artifact.

• Don’t process downloads one byte at a time.

• Retry some HTTP requests.

Worker

• Make arch-test a dependency rather than an optional feature.

• Add ExtractForSigning task.

• Add AssembleSignedSource task.

• Sbuild:

  • Create a debusine:signing-input artifact.

  • Ignore dose-debcheck decoding errors.

  • Support building binary-only NMUs.

  • Skip dose-debcheck extraction on success.

Signing

• Add support for static (not extracted under wrap) PKCS#11 keys.

• Add OpenPGP key generation and signing support.

Documentation

• Document that workers need sbin directories in their PATH.

• Clarify data model details for the workflow hierarchy.

• Improve documentation for debusine-admin manage_worker disable.

• Fix documentation of creating a collection in Set up APT mirroring.

• Add design for coordinating sub-workflows.

• Add design for package upload task and workflow.

Quality

• Support building Debusine itself with nocheck and nodoc build profiles.

• Add pre-commit configuration.

• Fix various ResourceWarnings.

• Convert Python packaging to hatchling.

• Add many more type annotations.

• Use dbconfig-pgsql for database configuration, avoiding services restarting indefinitely after initial installation.

• Ensure that Debusine starts after and stops before a PostgreSQL service running on the same machine.

• Make task-killing tests more reliable.

0.4.1 (2024-06-28)

Server

• Make debusine:test artifact instantiable.

Web UI

• Introduce a common base layout with a right sidebar.

• Implement labels for artifacts.

• Add specialized view for showing build log artifacts.

Worker

• Run sbuild with --bd-uninstallable-explainer=dose3 and parse its output.

Quality

• Fix license classifier in setup.cfg.

0.4.0 (2024-06-24)

Server

• Add API endpoint to retry work requests.

• Implement retrying workflows.

• Give the scheduler Celery worker a different node name.

• Switch to RedisPubSubChannelLayer.

Web UI

• Add UI to retry work requests.

Worker

• Add binary-only NMU support to sbuild task.

• Use arch-test to provide better defaults for system:architectures.

Signing

• Add a new signing service. This currently supports generating keys (though currently only in software, as opposed to an HSM) and signing UEFI Secure Boot images with them. A few more pieces still need to be assembled before this is useful.

Documentation

• Document HTTPS setup.

• Document signing worker.

Quality

• Remove now-unnecessary autopkgtest schroot creation from integration tests.

• Add a “playground” system to manage test object creation and to allow discussion of UI prototypes.

• Use HTTPS in integration tests.

• Bump timeout for mmdebstrap integration tests.

• Reorganize test cases for improved type-safety.

• Fix cleanup order in an integration test which caused failures on slow architectures.

0.3.2 (2024-06-03)

Server

• Rename some leftovers of “internal” naming for server tasks.

• Added method to check if a work request can be retried.

• Fix Architecture: all matching in sbuild workflow.

Web UI

• Second iteration on collection UI design.

• Add base template support for django.contrib.messages.

Quality

• Fix several race conditions and timeouts that caused autopkgtest failures on slow architectures.

0.3.1 (2024-05-28)

Server

• Namespace collections under workspaces.

• Refresh worker from database before marking it disconnected, so that we don’t lose changes made using debusine-admin edit_worker_metadata.

• Add backend capability to retry aborted or failed work requests.

• sbuild workflow:

  • Fix task data for Architecture: all work requests.

  • Specify the backend in environment lookups.

  • Defer environment resolution.

Web UI

• Fix typo resulting in HTTP 500 error in collection detail view.

Worker

• Handle systemd 256 in incus-lxc executor.

• Handle dangling /etc/resolv.conf symlinks in environments in the unshare executor.

• Fix mmdebstrap task to specify the architecture of the chroot.

Documentation

• Fix several errors in the “Getting started with Debusine” tutorial.

• Adjust “The debusine command” reference to refer to self-documenting --help output.

Quality

• Skip some integration tests for architectures that weren’t in bookworm.

• Add enums for artifact and collection categories, to guard against typos.

0.3.0 (2024-05-23)

Highlights:

• The focus of this milestone is on automatic orchestration of building blocks, to allow tasks to be scheduled for all items of a collection. For example, Debusine can now automatically schedule Lintian tasks for all packages in a suite.

• Added collections and workflows.

• Added a new lookup syntax, taking advantage of collections.

Server

• Add infrastructure for collections.

• Implement debian:environments collection.

• Implement debian:suite-lintian collection.

• Add debusine-admin create_collection command.

• Store tokens only in a hashed form.

• Implement debian:suite collection.

• Move the scheduler to a dedicated Celery worker.

• Generalize work request notifications into event reactions.

• Implement basic building blocks of workflows.

• Implement synchronization points.

• Implement workflow orchestrators.

• Implement workflow callbacks.

• Add --default-file-store options to debusine-admin create_workspace and debusine-admin manage_workspace.

• Restrict creation of non-worker tasks via the API.

• Add debusine-admin create_file_store command.

• Implement scheduling priorities.

• Implement update-collection-with-artifacts event reaction.

• Implement collection item lookup syntax and semantics.

• Implement aptmirror server task.

• Implement updatesuitelintiancollection task to update a debian:suite-lintian collection from debian:suite.

• Implement debusine:workflow-internal collection.

• Add debusine-admin create_work_request command.

• Implement sbuild and update_environments workflows.

• Add a _system user for use by scripts.

• Implement expiry of collection items.

• Add APIs to create workflow templates and workflows.

• Add debusine-admin create_workflow command.

• Add debusine-admin delete_workspace command.

• Implement expiry of work requests.

Web UI

• Fix ordering of work requests by task name.

• Improve rendering of multi-line strings in task data.

• Show workflow information for work requests that are part of workflows.

• Show task type in work request lists.

• Improve handling of expired artifacts in autopkgtest/lintian views.

• Order a work request’s artifacts by ID within each category.

• Show the user who created a work request in the work request detail view.

• Show a notice when a work request’s artifacts have expired.

• Add workspace detail and collection views.

Client

• Separate YAML input and output more clearly when running debusine create-artifact or debusine create-work-request.

• Add debusine manage-work-request command to adjust work request priorities.

• Add debusine create-workflow-template and debusine create-workflow commands.

Worker

• Add support for passing extra packages to the sbuild task.

• Exit cleanly on failure to report a completed work request to the server.

• Restrict mmdebstrap and simplesystemimagebuild tasks to workers that support the requested architecture, as was done for other tasks in 0.2.1.

• Only consider the autopkgtest task to have succeeded on exit codes 0, 2, and 8.

• Remove network-related files that mmdebstrap copies from the host.

• Allow sbuild to produce no .changes file, so that users can examine the log files of failed builds.

• Improve “Unexpected artifact type” error from the image cache.

• Rename autopkgtest task’s environment key to extra_environment.

• Rename environment_id to environment in all tasks, and support the new lookup syntax.

• Drop insecure sbuild_options from sbuild task.

• Rename task data fields in autopkgtest, blhc, lintian, piuparts, sbuild, and updatesuitelintiancollection tasks to support the new lookup syntax, removing _id from key names and accepting single or multiple lookups as appropriate.

• Correctly tag sid tarballs and images as codename=sid.

• Don’t purge build-dependencies after build in the sbuild task.

Documentation

• Move unimplemented features to a new “Development blueprints” section.

• Add design practices.

• Rework “Where to start” section in “Contribute to Debusine”.

• Clarify parameters to piuparts task.

• Clarify the role of Incus when installing a Debusine instance.

• Add design for tasks that update collections.

• Document work request scheduling and associated worker metadata.

• Add design for workflows.

• Document image caching and cleanup.

• Add design for scheduling priorities.

• Add design for collection item lookups.

• Add design for sbuild workflow.

• Add design for update_environments workflow.

• Add how-to for setting up APT mirroring.

• Add example script to automate Incus configuration for workers.

• Document packages required for Incus VMs.

• Add example script to populate a Debusine instance with example data.

• Document environment requirements for executor backends.

• Update “Getting started with Debusine” tutorial to use workflows and collections.

• Add more documentation of worker behaviour.

Quality

• Validate the summary in debian:lintian artifacts.

• Drop compatibility with Debian bullseye; Debusine now requires Python >= 3.11.

• Enforce pydantic models for WorkRequest.workflow_data and WorkRequest.event_reactions.

• Use pydantic models for autopkgtest and lintian views.

• Fix some tests on non-amd64 architectures.

• Auto-format HTML templates using djlint.

• Add infrastructure for more semantic testing of HTML output.

0.2.1 (2024-03-07)

Server

• Add a Celery worker for server-side tasks.

Client

• Trim down dependencies slightly.

Worker

• Require KVM access for simplesystemimagebuild task.

• Change container to instance in Incus templates.

• Log task completion.

• Restrict tasks to workers that support the requested architecture.

Documentation

• Improve home page slightly.

Quality

• Enforce mypy project-wide, including all Django components.

0.2.0 (2024-02-29)

Highlights:

• Added artifact file storage system.

• Debian developers can use Debusine to run various QA tasks against packages they are preparing. Those tasks can be scheduled through the API or through the web UI.

Note that it is not possible to directly migrate a database installed using 0.1.0. Migrations from this release to future releases will be possible.

Server

• Implement file storage.

• Implement artifact handling.

• Implement expiration of artifacts and their files.

• Run database migrations on debusine-server package upgrade.

• Add debusine-admin monthly_cleanup command, run from a systemd timer.

• Link work requests to workspaces.

• Add debusine-admin create_user, debusine-admin list_users, and debusine-admin manage_user commands.

• Link tokens to users.

• Allow email notifications if a work request fails.

• Depend on python3-daphne.

• Ensure all local artifacts are JSON-serializable.

• Add debusine-admin create_workspace, debusine-admin list_workspaces, and debusine-admin manage_workspace commands.

• Use WorkRequest workspace in artifacts.

• Add default expiration delay to workspaces.

• Add API to list work requests.

• Make sure the Django app’s secret key is never publicly readable.

• Mark workers as disconnected on debusine-server startup.

• Use Restart=on-failure rather than Restart=always in debusine-server.service.

• Add debusine-admin info command to help with setting up deployments.

• Add daily artifact cleanup timer.

• Use pydantic models for artifact data.

• Add remote, read-only file storage backend for external Debian archives.

Web UI

• Add web UI for work requests and workspaces.

• Add login/logout support to web UI, allowing access to non-public workspaces.

• Allow registering/removing user API keys using the web UI.

• Allow uploading artifacts using the web UI.

• Refinements to web UI for work requests.

• Make Django aware of HTTP/HTTPS state of requests.

• Fix download error with empty artifact file and document mmap usage.

• Implement integration with Salsa Single Sign-On.

• Add lintian view.

• Polish various aspects of the web UI.

• Add autopkgtest view.

• Fetch images for tasks directly, not via a tarball.

Client

• Rename client’s configuration key from debusine to api-url.

• Add --data option to debusine create-work-request.

• Rename debusine work-request-status to debusine show-work-request.

• Add debusine on-work-request-completed to allow running a command when a work request completes.

• debusine.client: Drop obsolete silent keyword, and stricter prototype tests.

• Add debusine --debug option to debug HTTP traffic.

• Implement a package downloader (dget).

• Implement a paginated listing API client.

• Add API client method for listing all work requests.

• Add debusine list-work-requests command.

• Add debusine import-debian-artifact command.

Worker

• Modify sbuild task to use artifacts.

• Add pre-upload consistency checks on sbuild results.

• Rename worker’s configuration key from debusine-url to api-url.

• Upload sbuild log files even if the .dsc file did not exist.

• Add piuparts task.

• Add lintian task.

• Add autopkgtest task.

• Add mmdebstrap task.

• Avoid trying to add debusine-worker user in postinst if it already exists.

• Add image caching for executor backends.

• Add unshare executor.

• Port the autopkgtest and piuparts tasks to unshare.

• Use Restart=on-failure rather than Restart=always in debusine-worker.service.

• Make tasks check whether their tools are installed.

• Use a lock to protect execution of the work request.

• Add blhc task.

• Add simplesystemimagebuild task.

• Use pydantic models for task data.

• Log exceptions in task preparation and clean-up.

• Add Incus executor (for both containers and VMs).

• Add a qemu executor, currently only for autopkgtest and sbuild tasks.

Documentation

• Drop the “slug” field and the “repository” type.

• Document debian:package-build-log artifact in ontology.

• Document using local.py to change settings.

• Create an overview document with an elevator-pitch-style introduction.

• Add initial design for autopkgtest and lintian tasks.

• Add initial design for system tarball artifacts and debootstrap-like tasks.

• Add initial design for tasks building system disk images.

• Update the description of the sbuild task.

• Restructure the documentation following the Diátaxis principles.

• Clarify copyright notice, contributor status and list of contributors.

• Enable the Sphinx copybutton plugin.

• Add some documentation for the Python client API.

• Improve the “Getting started with Debusine” tutorial.

• Add documentation for debusine-admin commands.

• Add “Install your first Debusine instance” tutorial.

• Add initial design for collections.

• Refine design for workflows.

Quality

• Harmonize license to be GPL-3+ everywhere.

• Support pydantic 1 and 2.

• Apply mypy, pyupgrade, and shellcheck consistently.

• Sync (Build-)Depends with setup.cfg.

0.1.0 (2022-09-09)

Initial release. Includes a server that can drive many workers over a worker-initiated websocket connection, where the workers use the server’s API to get work requests and provide results. There is an sbuild task that workers can run.