Open
Conversation
|
Note Gemini is unable to generate a summary for this pull request due to the file types involved not being currently supported. |
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
There was a problem hiding this comment.
3 issues found across 1 file
Prompt for AI agents (all issues)
Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.
<file name=".github/workflows/debian_package_build.yml">
<violation number="1" location=".github/workflows/debian_package_build.yml:66">
P2: `apt-get source rsyslog` will always fail because the default `debian:trixie` container only has binary package repositories enabled (`Types: deb`). Source repositories (`deb-src`) are not configured, and the workflow never enables them. The primary fetch path is dead code — the workflow always falls through to the `git clone` from salsa.debian.org.
Enable source repos before `apt-get source`, e.g. by adding:
```bash
sed -i 's/^Types: deb$/Types: deb deb-src/' /etc/apt/sources.list.d/debian.sources
apt-get update
```</violation>
<violation number="2" location=".github/workflows/debian_package_build.yml:144">
P1: Custom agent: **Code Quality Guard**
**Toothless CI step**: The 'Install and test packages' step catches all errors and downgrades them to WARNINGs. Package installation failure is silently ignored, and missing `rsyslogd` binary after install only prints a WARNING. This step can **never fail**, which defeats the stated purpose of preventing packaging regressions.
At minimum, the `rsyslogd -v` check after installation should be a hard failure — if the main binary isn't installed, the packages are broken.
| Metric | Score |
|---|---|
| AI_PROBABILITY | 85% |
| POLICY_COMPLIANCE | 50% |
| SLOP_SCORE | 80% |</violation>
<violation number="3" location=".github/workflows/debian_package_build.yml:192">
P1: Custom agent: **Code Quality Guard**
**Shell bug**: `[ -f ../*.deb ]` does not work correctly with glob patterns. When multiple `.deb` files exist (expected for rsyslog), the glob expands to multiple arguments causing `[: too many arguments` error. The Summary step will always falsely report build failure and `exit 1`.
Use `ls ../*.deb >/dev/null 2>&1` or `compgen -G '../*.deb' >/dev/null 2>&1` instead.
This is a strong indicator of AI-generated code (SLOP_SCORE: high) — the pattern looks plausible but is functionally broken.
| Metric | Score |
|---|---|
| AI_PROBABILITY | 85% |
| POLICY_COMPLIANCE | 60% |
| SLOP_SCORE | 75% |</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
rgerhards
force-pushed
the
workflow/debian-13-package-build
branch
3 times, most recently
from
9827d0b to
72e4881
Compare
There was a problem hiding this comment.
2 issues found across 1 file (changes from recent commits).
Prompt for AI agents (all issues)
Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.
<file name=".github/workflows/debian_package_build.yml">
<violation number="1" location=".github/workflows/debian_package_build.yml:114">
P1: Custom agent: **Code Quality Guard**
**SLOP_SCORE: High** — The fallback logic silently disables *all* Debian patches (`debian/patches/series`) when the build fails, then retries. This is a dangerous "make CI green at any cost" anti-pattern that:
1. **Contradicts the PR's stated goal** of "100% fidelity with Debian's actual build process."
2. **May skip security/compatibility patches** that Debian maintainers applied intentionally.
3. **Masks real build failures** — the failure may not be patch-related at all, yet the retry will still proceed without patches.
4. **Comment is misleading** — says "Disable patches that fail to apply" but disables ALL patches indiscriminately.
If a build fails, the workflow should fail clearly so the issue can be investigated. If patches need selective handling, use `quilt push -a --fuzz=0` to identify and report the specific failing patch rather than blanket-disabling everything.</violation>
<violation number="2" location=".github/workflows/debian_package_build.yml:121">
P1: The retry build uses `--no-pre-clean`, so stale artifacts from the failed first build attempt persist into the second attempt. This can produce corrupted or inconsistent packages. Either remove `--no-pre-clean` from the retry call (so `debian/rules clean` runs), or explicitly clean the build tree before retrying.</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
rgerhards
force-pushed
the
workflow/debian-13-package-build
branch
18 times, most recently
from
a196d3d to
0c0bef3
Compare
Why: A single mode either hides divergence or stops too early. We need strict regression signal and always-available diagnostics in the same workflow. Impact: Strict Debian parity remains a hard gate while diagnostics always run and report non-fatal divergence with maintainer-facing context. Before/After: Before one job mixed strict checks and workarounds; after strict parity fails hard and a separate diagnostics job continues with explicit findings. Technical Overview: Split workflow into `debian_parity_strict` and `debian_parity_diagnostics`. Keep strict job close to Debian packaging flow (dist tarball + dpkg-buildpackage) and fail when docs are missing in `debian/build/index.html`. Run diagnostics job unconditionally (`if: always()`) with findings capture, controlled compatibility workarounds, and patch precheck notes. Set `QUILT_PATCHES=debian/patches` for diagnostics patch handling, track excluded patches, and emit suggested `debian/changelog` wording. Publish findings to job summary and best-effort PR comments via `actions/github-script`, with fork-safe behavior through `continue-on-error`. Remove package-install validation since this workflow has no deployment consumer and should focus on Debian package build parity signal. With the help of AI-Agents: Codex
rgerhards
force-pushed
the
workflow/debian-13-package-build
branch
from
0c0bef3 to
c78fc91
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR adds a GitHub Actions workflow that validates Debian 13 (trixie) package builds on every pull request.
Summary
The workflow ensures that PRs do not break Debian package builds by using official Debian packaging sources and dependencies.
Key Features
debian:trixiecontainer (Debian 13)debian/controlusingmk-build-depsdpkg-buildpackage(Debian's standard build tool)Testing
The workflow provides 100% fidelity with Debian's actual build process, ensuring distribution readiness.
Impact
PRs now automatically verify Debian 13 compatibility, preventing packaging regressions from reaching production.
see also rsyslog#6586