update_suite

Workflow update_suite

This workflow updates metadata for a single suite. Initially this will just involve generating and signing basic indexes for the suite, but later it may also generate supplementary files such as Contents-*.

• task_data:

  • suite_collection (Single lookup, required): the suite whose indexes should be generated

The workflow computes dynamic metadata as:

• subject: name of suite_collection

The workflow creates a GenerateSuiteIndexes task, with task data as follows:

• suite_collection: {suite_collection}

• generate_at: the transaction timestamp at which the workflow orchestrator is being run (this needs special care to preserve idempotency, since any later runs of the same workflow orchestrator would have a different transaction timestamp)

It then creates two SignRepositoryIndex tasks with dependencies on the GenerateSuiteIndexes task. They have task data as follows:

• suite_collection: {suite_collection}

• unsigned: the debian:repository-index artifact for the Release file produced by the GenerateSuiteIndexes task

• mode: detached for the first task, or clear for the second

• signed_name: Release.gpg for the first task, or InRelease for the second

These tasks each have event reactions that add the output debian:repository-index artifact to the suite at the appropriate path (Release.gpg or InRelease), setting created_at to the transaction timestamp at which the workflow orchestrator is being run.

The InRelease task depends on the Release.gpg task, in order that the “current” view of a suite can arrange to only show a snapshot once an InRelease file exists for it.

Note

We use two tasks rather than making both signatures in a single task because otherwise the event reactions would have no way of distinguishing between the two output artifacts.