package updates guide draft#4122
Draft
krnowak wants to merge 1 commit into
Draft
Conversation
There was a problem hiding this comment.
Pull request overview
This PR replaces the previous pkg_auto quick-start notes with a significantly expanded, structured guide describing how to generate package-update reports and manually process weekly package updates in the scripts repository.
Changes:
- Rewrites the README into a step-by-step workflow covering initial setup, report generation, and processing guidance.
- Adds detailed descriptions of report directory structure and common failure/triage scenarios.
- Introduces post-processing and follow-up sections (after processing, after merge) plus a TODO list for future improvements.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
+9
to
+12
| - A checkout set to the "after the package updates" branch (usually something like `buildbot/weekly-portage-stable-package-updates-2026-05-25`). | ||
| - I actually use `krnowak/weekly` branch which is based on the buildbot branch. I do it because it is less typing. But then I also need to remember to sync my branch and the buildbot branch before asking for review. | ||
|
|
||
| - A checkout set to the `krnowak/pkg-auto-commits` branch - the scripts in `main` are outdated. |
|
|
||
| - A checkout set to the `krnowak/pkg-auto-commits` branch - the scripts in `main` are outdated. | ||
|
|
||
| Another checkout thay may come in handy while working on the package updates is the Gentoo repository. |
|
|
||
| ## Importing stuff from Gentoo | ||
|
|
||
| This is a matter of copying a package from Gentoo into portage-stable, commiting it, and adding an entry to the package automation list. There is a script that automates the first two steps: |
| ``` | ||
|
|
||
| - `WHERE` describes whether it is a part of the main image (PROD), developer container (DEV), some sysext (for example SYSEXT-PODMAN, SYSEXT-CONTAINERD) or OEM sysext (AZURE, VMWARE). | ||
| - `changelog_stubs` is what eventually ends up commited to UPDATED_SCRIPTS as an entry in the `changelog/updates` directory. |
| - Directories named after a package slot: | ||
| - Usually named just `0` (zero), as most packages have a slot 0. | ||
| - Sometimes named `${OLD_SLOT}-to-${NEW_SLOT}`. | ||
| - Sometimes there can be more than one directory, if we have multiple version of the package installed. |
| - EAPI: | ||
| - Usually an EAPI update seems to be rather inconsequential. Although when this happens it is good to check at config overrides in the occurences to see if our modifications and hooks could be affected by some behavior change due to the EAPI bump. | ||
| - USE flags: | ||
| - When a USE flag is removed from the package, it is good to check in occurences file if we should remove mentions of the obsolete flag from our overlay profiles. |
| - Usually an EAPI update seems to be rather inconsequential. Although when this happens it is good to check at config overrides in the occurences to see if our modifications and hooks could be affected by some behavior change due to the EAPI bump. | ||
| - USE flags: | ||
| - When a USE flag is removed from the package, it is good to check in occurences file if we should remove mentions of the obsolete flag from our overlay profiles. | ||
| - Wnen a USE flag is added, you can use `${SOMETHING}-pkgs-kv` in the `reports-from-sdk/new` to see the status of the USE flag in the package in Flatcar. This can help you to make a decision whether the USE flag should be disabled or enabled in Flatcar and how to do it. |
| - Security changelog: | ||
| - There is no stub generated by automation for the security changelog, so it needs to be written from scratch. As always, there is plenty of examples in the `changelog/security` directory. | ||
| - Searching for "CVE" in summary stubs should let you easily spot what packages should be mentioned here. | ||
| - Update the buildbot branch and kick of the CI. |
| - Update the buildbot branch and kick of the CI. | ||
| - Remember to use two-phase SDK build, especially when packages like catalyst or portage got updated. | ||
|
|
||
| If fixing a CI failure means rebuilding some package, please be aware that some board packages are built during the sdk-container job and the later stage jobs just reuse the binary packages. In such situation rerunning the package-all-arches job won't fix the issue. |
| - aux-cleanups, wd-cleanups | ||
| - update partially addressed security issues | ||
|
|
||
| # TODO |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.