The only thing you will have to do to cause new source and binary packages to flow out to the mirror network is sign and push a git tag.
We propose that this is offered as an alternative to the existing
approaches: i.e., as an alternative to you preparing (from git or
otherwise) the source package tarballs, .dsc
, etc., on
your own system.
DD (or appropriately authorised DM) signs and pushes a git tag
containing some metadata. The tag is placed on the commit you want to
release (which is probably the commit where you ran dch
-r
).
This triggers a GitLab webhook, which passes the public clone URI of your salsa project and the name of the newly pushed tag to a Debian-managed cloud service called tag2upload.
tag2upload verifies the signature on the tag against the Debian
keyrings, produces a .dsc
and .changes
, signs these, and
uploads the result to ftp-master.
ftp-master and the autobuilder network push out the source and binary packages in the usual way.
Releasing a new package version should be as easy as possible, so we've
produced a new script, git debpush
, which just wraps git tag
and
git push
to sign and push the specially formatted git
tag.
With --no-push
it will only make the tag, without pushing
anything - a completely local operation. The tag can then be
inspected and (if appropriate) pushed later.
git-debpush is fully implemented, but it is not very useful without the tag2upload service.
Thanks to Debian contributors on debian-devel, and thanks particularly to Jonathan McDowell, for comments and suggestions which have improved both the design itself, and the documentation.