gstreamer-project issueshttps://gitlab.freedesktop.org/gstreamer/gstreamer-project/-/issues2020-06-22T13:38:58Zhttps://gitlab.freedesktop.org/gstreamer/gstreamer-project/-/issues/24Add a merge bot ?2020-06-22T13:38:58ZEdward HerveyAdd a merge bot ?It would be great to make sure every commit has the related MR/issue URL in it.
This could be automated with a merge bot such as [marge-bot](https://github.com/smarkets/marge-bot#adding-reviewed-by-tested-and-part-of-to-commit-messages)...It would be great to make sure every commit has the related MR/issue URL in it.
This could be automated with a merge bot such as [marge-bot](https://github.com/smarkets/marge-bot#adding-reviewed-by-tested-and-part-of-to-commit-messages)
* [ ] Investigate what's need to setup such a merge bot
* infra ? Needs a dedicated VM ? Could re-use an existing one ?
* [ ] Establish checklist of what the merge bot would do
* Check commits in a MR has the appropriate MR/issue URL
* Make sure milestone is properly set. For MR and/or issue ?
* Anything else ?https://gitlab.freedesktop.org/gstreamer/gstreamer-project/-/issues/32Automate Coverity Scan builds2023-06-06T11:59:06ZEdward HerveyAutomate Coverity Scan buildsI have a WIP docker image for building Gstreamer with the coverity scan tools which I run when I remember about it. Also it requires secret credentials for uploading to the analysis server.
It would be great to have it run automatically...I have a WIP docker image for building Gstreamer with the coverity scan tools which I run when I remember about it. Also it requires secret credentials for uploading to the analysis server.
It would be great to have it run automatically on master of everything at a regular interval (every 25 hours).
* [ ] how to schedule CI job at regular interval
* [ ] how to run jobs with secrets which are limited to only a few people (and make sure they are never visible)
* [ ] how to ensure the runner is a "safe" one (and not from an untrusted party)https://gitlab.freedesktop.org/gstreamer/gstreamer-project/-/issues/36Enable Cerbero build in Gitlab CI2020-09-09T16:02:50ZNicolas DufresneEnable Cerbero build in Gitlab CII've been playing around now long enough, here's a dump of what I'm heading for to enable Cerbero in the Gitlab CI. My goal is to reuse as much as possible of what @alatiera and @thiblahute have made, and make sure it blends well. And al...I've been playing around now long enough, here's a dump of what I'm heading for to enable Cerbero in the Gitlab CI. My goal is to reuse as much as possible of what @alatiera and @thiblahute have made, and make sure it blends well. And also to reuse as much as possible from Jenkins, as all the secret sauce are there. But also avoid the down side of contiguous builds when this does not imply waiting hours for the CI to complete.
I'm splitting my plan in different steps, Docker, Builds, and Cerbero.
This is related to #6 and #29
## Dockers
The plan is to generate dockers from gst-ci, so that we can reuse what is already exist and that all dockers will ends in the same registry. This part isn't very special, it is nearly identical to what we do now. I'm also starting with Fedora and I will expend when this first chain is working.
The design is that we will have dockers generated for cerbero builds. Instead of duplicating the bootstrapper, one change I do is that I clone and run the boostrap step in the Dockerfile. This installs all the OS dependencies, and external stuff like android NDK. It also builds the build-tools (for now, cerbero work is needed if we want to remove). We then cache the bootsrap in the docker. As of current implementation, a /bootstrap folder is create, and this is used at the initial value of build/ if the runner didn't provide a cache. It contains build-tools, build-tools.cache, .cache (cerbero downloads) and .ccache. I don't plan on adding run-time docker for now, I think cerbero should have a --runtime alternative to it's bootstrap for this to really make sense.
### ToDo
- [X] Create build cerbero/Dockerfile-fedora
- [x] Implement in cerbero.git builds
- [x] Implement fast cerbero builds for other component
WIP exists already in https://gitlab.freedesktop.org/ndufresne/gst-ci branch cerbero-ci
## Builds
The main issue with cerbero builds is that they slow on full rebuild (mainly due to repo configure time). On Jenkins CI, we have optimized this by doing contiguous builds (reusing previous state). That created some manual maintenance, which I'd like to avoid. Yet, I need something faster. So my plan is to have a stage in cerbero.git that generates builds from scratch. Those builds are special, they would build all the dependencies of gstreamer-1.0 package, but none of the recipes for GStreamer that are included in the CI (cerbero changes needed). The dist and .cache of that build would be uploaded as artifact.
Other builds would pick that artifact (by downloading the latest from cerbero.git artifacts store), and use that as it's initial state. Download cache and CCache are stored are normal runner cache as usual. The result should be that only the GStreamer reciepes needs to be built. This will still be slower then gst-build, as we don't benefit from the meson configure cache, and we install stuff unlike the gst-build, but no longer be massively slower. Unlike the previous method, we never start from a failed state either.
### ToDo
- [x] Create cerbero/gitlab-ci.yml to implement dependency builds
- [x] Update gst-ci/gitlab/ci_template.yml for the other component builds**
- [x] Add cerbero to manifest and script to clone the same version of cerbero for all jobs in the pipeline
** Need not to forget the except: cerbero/
## Cerbero
Some changes in cerbero are needed for this to work. Most are already written. And later there is some improvement we could do. Notably, not building the build-tools at the docker creation, because it will be done later anyway and cached in the runners.
### ToDo
- [X] Bug: We should not need perl to run boostrap
- [X] Allow non-interactive package installation
- [X] Allow doing system bootstrap only
- [x] Add a option to excludes recipes when building packages (build-deps command)
- [x] Add a fetch-cache command for fast builds (WIP)
WIP exist in https://gitlab.freedesktop.org/ndufresne/cerbero.git branch cerbero-ci
## Post Work
This is of course not the end. We'd all like to go further then Jenkins in automation. I'll keep collecting here what are the whish and/or post work.
- [ ] Build "apps" from the cerbero artifacts (run them if possible)
- [ ] Run validate from cerbero artifacts
- [ ] Run gst* checks for native builds (in cerbero ?)
- [ ] Create releases artefacts on tags
- [x] Integrate manifest2cerbero.py into cerbero
- [x] Enable cross-mingw*
- [x] Enable cross-android*
- [ ] Enable Windows builds (need runners)
- [x] Enable OSX builds https://gitlab.freedesktop.org/gstreamer/gst-ci/merge_requests/133
- [x] Enable IOS Builds https://gitlab.freedesktop.org/gstreamer/gst-ci/merge_requests/138
- [ ] Edit me !
cc @alatiera @thiblahute @bilboed @nirbheekNicolas DufresneNicolas Dufresnehttps://gitlab.freedesktop.org/gstreamer/gstreamer-project/-/issues/34gitlab bot for nagging people to enable the 'allow commits from members who c...2020-12-01T10:56:14ZTim-Philipp Müllertim@centricular.comgitlab bot for nagging people to enable the 'allow commits from members who can merge on the target branch' checkboxhttps://docs.gitlab.com/ee/user/project/merge_requests/allow_collaboration.html
Unfortunately there doesn't seem to be a global setting to make this the default.
Without it maintainers can't rebase and have to nag/wait.https://docs.gitlab.com/ee/user/project/merge_requests/allow_collaboration.html
Unfortunately there doesn't seem to be a global setting to make this the default.
Without it maintainers can't rebase and have to nag/wait.https://gitlab.freedesktop.org/gstreamer/gstreamer-project/-/issues/21Incompatibility with new Android native apps2018-11-03T18:59:11ZBugzilla Migration UserIncompatibility with new Android native apps## Submitted by Constantin
**[Link to original bug (#797201)](https://bugzilla.gnome.org/show_bug.cgi?id=797201)**
## Description
The documentation of gstreamer for Android does not include any info on how to use gstreamer with cmak...## Submitted by Constantin
**[Link to original bug (#797201)](https://bugzilla.gnome.org/show_bug.cgi?id=797201)**
## Description
The documentation of gstreamer for Android does not include any info on how to use gstreamer with cmake for android native apps.
As of 2018, CMake is the default and recommended way to include native code in Android Studio.
Please see my Stackoverflow question for more details:
https://stackoverflow.com/questions/52056149/include-gstreamer-in-android-ndk-project-that-uses-cmake-cmakelists-txt-and-nohttps://gitlab.freedesktop.org/gstreamer/gstreamer-project/-/issues/31Move gst-libav to gst-ffmpeg2018-12-01T16:21:30ZNicolas DufresneMove gst-libav to gst-ffmpegIt's confusing for our users to have a repository named after a internal library. Externals know FFMPEG, only the close users of FFMPEG knows that it's internal library is libav. It was also moved as libav as a political move if I rememb...It's confusing for our users to have a repository named after a internal library. Externals know FFMPEG, only the close users of FFMPEG knows that it's internal library is libav. It was also moved as libav as a political move if I remember properly.
* Advantages:
* Less user confusion, more consistent naming
* Disadvantages:
* Distros/packagers will have to rename things on their side and add backwards-compat gst-libav packages that point back to the new gst-ffmeghttps://gitlab.freedesktop.org/gstreamer/gstreamer-project/-/issues/10Separate video decoding in another process2018-11-04T09:49:18ZBugzilla Migration UserSeparate video decoding in another process## Submitted by Bastien Nocera `@hadess`
**[Link to original bug (#664256)](https://bugzilla.gnome.org/show_bug.cgi?id=664256)**
## Description
To cut down on the possible crashers in video applications, as well as to protect the sy...## Submitted by Bastien Nocera `@hadess`
**[Link to original bug (#664256)](https://bugzilla.gnome.org/show_bug.cgi?id=664256)**
## Description
To cut down on the possible crashers in video applications, as well as to protect the system from security problems due to crafted videos that would be available on the Internet.
This process could then be locked down based on technology available in particular systems, and with the process also setting itself up to be as frugal as possible.
For reference, QuickTime's process separation:
http://arstechnica.com/apple/reviews/2011/07/mac-os-x-10-7.ars/9#privilege-separation
Google Chrome's sandboxing:
http://en.wikipedia.org/wiki/Google_Chrome#Securityhttps://gitlab.freedesktop.org/gstreamer/gstreamer-project/-/issues/9Separate video decoding in another process2018-11-03T16:11:50ZBugzilla Migration UserSeparate video decoding in another process## Submitted by Bastien Nocera `@hadess`
**[Link to original bug (#664256)](https://bugzilla.gnome.org/show_bug.cgi?id=664256)**
## Description
To cut down on the possible crashers in video applications, as well as to protect the sy...## Submitted by Bastien Nocera `@hadess`
**[Link to original bug (#664256)](https://bugzilla.gnome.org/show_bug.cgi?id=664256)**
## Description
To cut down on the possible crashers in video applications, as well as to protect the system from security problems due to crafted videos that would be available on the Internet.
This process could then be locked down based on technology available in particular systems, and with the process also setting itself up to be as frugal as possible.
For reference, QuickTime's process separation:
http://arstechnica.com/apple/reviews/2011/07/mac-os-x-10-7.ars/9#privilege-separation
Google Chrome's sandboxing:
http://en.wikipedia.org/wiki/Google_Chrome#Securityhttps://gitlab.freedesktop.org/gstreamer/gstreamer-project/-/issues/8Separate video decoding in another process2018-11-03T16:11:57ZBugzilla Migration UserSeparate video decoding in another process## Submitted by Bastien Nocera `@hadess`
**[Link to original bug (#664256)](https://bugzilla.gnome.org/show_bug.cgi?id=664256)**
## Description
To cut down on the possible crashers in video applications, as well as to protect the sy...## Submitted by Bastien Nocera `@hadess`
**[Link to original bug (#664256)](https://bugzilla.gnome.org/show_bug.cgi?id=664256)**
## Description
To cut down on the possible crashers in video applications, as well as to protect the system from security problems due to crafted videos that would be available on the Internet.
This process could then be locked down based on technology available in particular systems, and with the process also setting itself up to be as frugal as possible.
For reference, QuickTime's process separation:
http://arstechnica.com/apple/reviews/2011/07/mac-os-x-10-7.ars/9#privilege-separation
Google Chrome's sandboxing:
http://en.wikipedia.org/wiki/Google_Chrome#Security