Configuration #
Packit uses a configuration file in the upstream repository. The config file is written in YAML language.
You should place the file in the root of your upstream repo. Packit accepts these names:
.packit.yaml
.packit.yml
packit.yaml
packit.yml
Both Packit Service and packit tool use this configuration file.
Top level keys #
specfile_path #
(string) Relative path to a spec file within the upstream repository. If not specified, defaults to:
downstream_package_name.spec
ifdownstream_package_name
is set.- Else recursively search the tree and use the first spec file found.
If there are only test jobs with skip_build
option defined (more about it here),
spec file doesn’t need to be present and its path doesn’t need to be defined in the config.
upstream_project_name #
(string) Deprecated since packit-0.7.0, use upstream_package_name
instead.
upstream_package_name #
(string) Name of the upstream repository (e.g. in PyPI), defaults to the name of the Github repository; it’s used when working with the upstream project, as a release archive name and as a directory name in that archive.
upstream_project_url #
(string) URL of the upstream project (e.g.
https://github.com/packit/packit
).
create_pr (only in CLI) #
(bool) When doing a new update in Fedora dist-git, should packit create a
new pull request (defaults to true
) or push directly to dist-git (if set to
false
). This option can be used only locally in the CLI, but can be overriden
via --pr/--no-pr
option. Deployed Packit (on GitHub or GitLab) ignores this
setting, because Packit Team does not endorse automated release from created
release to the Bodhi update without any quality assurance.
merge_pr_in_ci #
(bool) When Packit clones your repository while creating RPMs from your pull
requests, it by default merges the pull request checkout into the main
repository branch to be sure the changes are up to date. You can disable this
behaviour by setting this field to false
which will make Packit to work with
your pull request git ref as it is.
sync_changelog #
(bool) When doing a new update in Fedora dist-git, the specfile changelog
is synchronised when set to true
. By default (false
), everything but the changelog
part is synchronized. Use this only when your changelogs are in sync since this overwrites the changelog in the downstream.
synced_files (deprecated)
#
(list of strings or dicts) A list of relative paths to files in the upstream repo which are meant to be copied to dist-git during an update (spec file path and config file path are set every time by default).
It is now deprecated in favor of files_to_sync.
release_suffix #
(templated string) String that can be used to override the default release suffix generated by Packit. The suffix will be expanded and you can use following variables:
PACKIT_PROJECT_VERSION
- version fromgit describe
PACKIT_RPMSPEC_RELEASE
- release from specfilePACKIT_PROJECT_COMMIT
- commit SHA from which the SRPM is builtPACKIT_PROJECT_BRANCH
- branch from which the SRPM is built
Example usage:
release_suffix: "dev.{PACKIT_PROJECT_BRANCH}"
When unset, default release suffix that is generated by Packit is following:
{original_release_number}.{current_time}.{sanitized_current_branch}{git_desc_suffix}
There is also one special setting, if you set release_suffix
to empty string
(release_suffix: ""
), it will act as a --no-bump
(that you can use via CLI).
It is also possible to define release_suffix
at the top-level of your packit
config. In that situation all jobs and SRPM, Copr, Koji and RPM build from CLI
will inherit the release_suffix
that you have set. We advise caution when
doing such thing, because inheriting the release suffix value by Copr or Koji
build may easily cause confusion, break the ordering of the NVRs of the RPMs and
also may cause usage of RPMs that are not meant for production use. In such
scenarios, please try to make sure RPMs built by Packit are easily
distinguishable from the RPMs meant for production use. To prevent the
inheritance, you can define:
release_suffix: null
files_to_sync #
(list of strings or dicts) A list of relative paths to files in the upstream repo which are meant to be copied to dist-git during an update.
Spec file path and config file path are always included by packit init
but can be manually removed from the list.
Under the hood this will use rsync --archive
to synchronise the paths
between the upstream and the dist-git repo.
The fields for a dictionary item in the list are the following:
- src: A single path or a list of paths in the upstream repo that should be synced to dist-git.
- dest: Path in the dist-git repo, where paths in
src
should be synced to. - mkpath: Flag to indicate if missing path components in
dest
should be created or not (default: false). - delete: Flag to indicate if extra content from
dest
should be deleted (default: false). - filters: List of rsync filter rules to be used during syncing.
Examples: #
Copy a file from root of the upstream repo to dist-git:
files_to_sync:
- packit.spec
If you copy packit.yaml
downstream, you can then take advantage of
sync-from-downstream
command:
files_to_sync:
- .packit.yaml
Rename or change the path of the synced file in dist-git:
files_to_sync:
- src: packit.spec
dest: redhat/packit.spec
Paths also support globs. Copy everything from fedora-packaging
folder and
put it to the root of the dist-git repo:
files_to_sync:
- src: fedora-packaging/*
dest: .
Sync the entire content of the fedora-packaging
directory, and delete extra
content found in the root of the dist-git repo; protect .git*
files and the
sources
file from deletion:
files_to_sync:
- src: fedora-packaging/
dest: .
delete: true
filters:
- "protect .git*"
- "protect sources"
Specify multiple source files to copy:
files_to_sync:
- src:
- package.spec
- some-file
dest: .
Set mkpath
to true
to create missing path components in dist-git.
In the example below, subdir
is created if missing.
files_to_sync:
- src: some.file
dest: subdir/some.file
mkpath: true
create_sync_note #
(bool) Create or update a README.packit file in dist-git when doing a new update,
telling that the repository is maintained by Packit and marking the version of packit
creating the update.
By default, this option is set to true
. When set to false
, README.packit is not created or updated.
(A previously created README.packit needs to be removed manually).
upstream_ref #
(string) Git reference to last upstream git commit (for source-git repos).
Can be set to commit hash, tag or a branch name. You can also use globbing pattern
to find a tag. In case you want to use globbing pattern for a branch, prefix the
pattern with branches/
, e.g. for a branch matching *-release
set to branches/*-release
.
downstream_package_name #
(string) Name of the RPM package in Fedora, defaults to the name of the Github repository.
dist_git_namespace #
(string) Namespace in dist-git URL (defaults to rpms
).
dist_git_base_url #
(string) URL of dist-git server, defaults to https://src.fedoraproject.org/ (has to end with a slash).
create_tarball_command (deprecated) #
Please use create-archive
action
current_version_command (deprecated) #
Please use get-current-version
action
actions #
(string) Custom actions/hooks overwriting the default behavior of packit (more in Actions).
jobs #
(list of dicts) A list of job definitions for packit service: see below for details.
allowed_gpg_keys #
(list of string) A list of gpg-key fingerprints; if specified, one of the
configured keys have to sign the last commit when updating in downstream; add
GitHub key (5DE3E0509C47EA3CF04A42D34AEE18F83AFDEB23
) if you want to use
this on code merged via GitHub web interface.
spec_source_id #
(int or string) Numeric ID of Source inside spec file which packit should
change when setting path to the newly generated tarball, can be also full name
of the macro. Defaults to Source0
or Source
, whichever is found first in
the spec file.
upstream_tag_template #
(string) Packit by default expects git tags to match versions (e.g. when
doing the propose-downstream
command) - if you are using a different tagging
scheme, let’s say v1.2.3
you can then set this parameter to v{version}
and
packit will fill in the version argument.
archive_root_dir_template #
(string) In the fix-spec-file
action Packit changes first %setup
(or %autosetup
) macro
in %prep
and adds -n
so the generated tarball can be unpacked. For this
purpose, it requires the name of the directory in the source archive. For tar archives
with one directory, Packit gets it automatically. If Packit is not able to extract it
from the archive with the tar python module, it is possible to specify it explicitly
with this option.
Default value is {upstream_pkg_name}-{version}
.
You can use following tags in string:
{upstream_pkg_name}
- name of the upstream package{version}
- package version
patch_generation_ignore_paths #
(list of strings) In a source-git repo, when packit is generating patches, it excludes changes to the spec file and packit.yaml by default: with this option you can precisely specify paths to exclude.
patch_generation_patch_id_digits #
(integer) The number of digits (minimum width) used for patch IDs when
adding PatchN
tags to a spec-file while updating dist-git from a source-git
repository. Defaults to 4, that is, patches will look like PatchNNNN: <patch_name>
, and leading zeros are added, if needed. A value of 0 means “no
minimum width”.
notifications #
There is only one notification configuration you can set up right now: enable the “Congratulations!” comment which will packit send after a successful build of a pull request is done.
The default behaviour is not to send the comment with instructions how to install a package with the change implemented in the pull request:
notifications:
pull_request:
successful_build: false
You can enable the commenting by setting successful_build
to true
.
issue_repository #
Use this key to be notified about errors of the downstream jobs (Koji build and Bodhi update). The value can be a URL of any GitHub/GitLab/Pagure project including dist-git where issues are enabled and Packit has an identity on that git forger instance. Alternatively, you can set up a dedicated project for receiving such notifications. (Let us know if you need another instance to be supported.) It does not need to be an upstream repository, you can also enable an issue tracker for the dist-git repository and use this as a place for those notifications. Or, you can set up a dedicated project for receiving such notifications.
By default, no issue will be created so Packit doesn’t unintentionally spam any repository. (E.g. Since those jobs are defined in downstream, upstream project does not need to be aware of Packit.)
By enabling this setting, Packit will either create a new issue or add a comment to an already existing issue. In that case, the issue will be reused and a new comment will be added.
copy_upstream_release_description #
(bool) When doing a new update in Fedora dist-git, the Github upstream release description
is copied to the specfile changelog when set to true
. By default (false
),
commit message titles (first line of a commit message) are copied.
But be aware that the release description is copied as is, without any processing
and the result needs to fulfill the spec-file syntax.
Be specially careful when using characters like %
that can be interpreted as macros.
Also, use -
for bullet points instead of *
so the line is not interpreted as a new changelog entry.
e.g.
copy_upstream_release_description = True
:
%changelog
* Thu Oct 15 2020 Packit Service <user-cont-team+packit-service@redhat.com> - 0.18.0-1
Packit got new archive_root_dir_template config option to get custom archive root dir.
You can find more info in the documentation.
copy_upstream_release_description = False
(default):
%changelog
* Thu Oct 15 2020 Packit Service <user-cont-team+packit-service@redhat.com> - 0.18.0-1
- Use inner archive directory in %setup macro
- Use archive_root_dir_template
sources #
(list of dicts) A list of sources to override the URLs of SourceX
entries in the spec-file.
sources:
- path: rsync-3.1.3.tar.gz
url: https://git.centos.org/sources/rsync/c8s/82e7829c0b3cefbd33c233005341e2073c425629
path
is the path relative to the directory with sources where the source will be placed. If a SourceX
entry with
corresponding basename exists in the spec-file, the source will be downloaded from the url
found in the configuration
instead of the location defined in the spec-file.
srpm_build_deps #
(list of strings) A list of RPM dependencies that are needed for your actions to be run when building SRPM. For now, this key is used in Packit Service as an indicator to build your SRPMs in Copr and the dependencies are then installed into the Copr build environment each time the build is triggered. Be aware that this is a preparation phase and we want to build all the packages in Copr by default.
packit_instances #
(list of strings) If you want to help us with catching issues or need some feature sooner than other users,
you can use our staging instance that has the freshest code we have.
For that, you can specify the instance(s) that will react to your jobs by using this configuration option.
It uses ["prod"]
as the default, but you can set both (["prod", "stg"]
) or just stage (["stg"]
).
You can also have a different setup for each job – see how the overriding works
in the config file.
Just be aware that:
- You still need to install the staging GitHub application.
- Staging application has fewer resources and can be a bit slower in responses.
- If you use both instances, you will have twice the number of commit statuses.
- Picking just one instance might be better for downstream jobs since both instances will work with the production instances of Fedora systems.
Please, let us know when something looks weird or does not work with the staging app. By doing that, you are helping us to be sure that we don’t break your use-case.
Packit-as-a-Service #
Packit service doesn’t have any web interface to configure it, so the only way to change its behaviour is via the config file you just read about.
When you open a pull request against your upstream repository, packit service picks up configuration file from your pull request, not from the branch against the PR is opened. This way, you can polish your .packit.yaml and see the results right away. (for more info, please see packit-service#48)
Packit service jobs #
Once the service starts handling events of your repository, it needs to have a clear definition of what it should do.
The tasks the packit service should do are defined in section jobs
. The section is a list of dicts:
jobs:
- {key: value}
- {}
If there is no jobs
section in the configuration file, jobs default to:
jobs:
- job: copr_build
trigger: pull_request
targets: [fedora-stable]
- job: tests
trigger: pull_request
targets: [fedora-stable]
- job: propose_downstream
trigger: release
dist_git_branches:
- fedora-all
If you do not want to use the jobs then the jobs
section in the configuration file should be empty:
jobs: []
Every job has two mandatory keys:
job
- name of the job (you can imagine this as a CLI command)trigger
- what is the trigger for the job?
Every job only supports a specific set of triggers.
Overriding global parameters #
You are able to override your global parameters (such as specfile_path
,
downstream_package_name
, actions
…) for every job. This is very useful
when you want to set up a build or a test matrix using different parameters or
configuration. It’s also useful when your release workflow differs between
Fedora and EPEL.
In order to do such a thing, just set a value you want to override in the respective job.
Example:
specfile_path: package.spec
jobs:
- job: some-job
trigger: ran-out-of-beer
targets: [fedora-stable]
specfile_path: somewhere/else/package.spec
In this example, the job some-job
would override specfile_path
to
somewhere/else/package.spec
instead of using ./package.spec
.
Aliases #
To not need to change the config file when the new system version is released, Packit provides multiple aliases to reference a subset of the active Fedora Linux releases:
fedora-all
- all active releases, which includes released and branched versions and Rawhide (e.g.fedora-34
,fedora-35
,fedora-36
,fedora-rawhide
).fedora-stable
— the current (two or three) released and supported versions (e.g.fedora-34
,fedora-35
).fedora-development
— development versions of Fedora; the branched version is used only when available (e.g.fedora-36
,fedora-rawhide
)fedora-latest
— the last versioned Fedora (not a Rawhide), regardless if it’s released or still under development.fedora-latest-stable
— the latest released Fedora version (e.g.fedora-35
).fedora-branched
— all branched releases, that is: everything, except Rawhide (e.g.fedora-34
,fedora-35
,fedora-36
).
Additionally, epel-all
can be used as an alias for the current active
EPEL versions (e.g. epel-7
,
epel-8
, epel-9
)
The aliases above can be used both to specify targets when building in Copr or running tests, and to reference dist-git branches of different system versions.
The information about releases is retrieved from Bodhi and because of the cache and required availability on Copr, it might take a while to get the newest state.
Supported jobs #
copr_build #
Create a SRPM and submit an RPM build to Fedora COPR build system.
Supported triggers:
- pull_request – check out content of the pull request
- commit – reacts to new commits to the specified branch
- release – check out content of the tag associated with the release
Required parameters:
- targets - (a list of) mock chroot(s) where the build is going to be
executed (example
fedora-rawhide-x86_64
, defaults tofedora-stable
): for more info see below. - branch - the name of the branch we want to build for when using commit trigger
Optional parameters:
- timeout - (seconds) give up watching a build after timeout, defaults to 7200s, i.e. 2 hours
- owner - a namespace in Copr where the build should happen (defaults to packit).
Prefix with
@
in case of a group. - project - a name of the Copr project (defaults to
"{github_namespace}-{repository_name}-{pr_id}"
) - additional_repos - a list of additional buildroot repositories
- list_on_homepage – The project will be shown on Copr frontend homepage if set to
True
. Defaults toFalse
. The value is represented asunlisted_on_hp
in Copr project settings. - preserve_project – The project will not be removed after 60 days if set to
True
. Defaults toFalse
. The value is represented asdelete_after_days
in Copr project settings (True
is-1
andFalse
is60
). - enable_net – Specifies whether created Copr build should have access to network during its build.
Defaults to
False
(Copr default, switched toFalse
in June 2022). - identifier – Suffix added to the name of a GitHub check run. This is
useful when you have multiple
copr_build
jobs with different configuration. For example if you set this to “mock”, then a check run for Rawhide would be named “rpm-build:fedora-rawhide-x86_64:mock”.
When using a custom owner
, Packit Service asks for builder
permission the
first time it tries to build in the project. In case the configuration of the
Copr project (e.g. adding new targets
) need to be updated, Packit Service asks
for admin
permission. You need to approve these requests in the Copr project
settings.
If you do not want to give us admin
permission, you can update the project
settings manually in Copr based on the guidance Packit Service gives.
Boolean values (list_on_homepage
and preserve_project
) are not updated when
you use custom owner
.
Example
jobs:
- job: copr_build
trigger: pull_request
targets:
- fedora-stable
- centos-stream-8-x86_64
With this configuration, you’ll get builds in all stable fedora releases (excluding rawhide) and the CentOS stream.
Available COPR build targets
There are multiple places where you can get the latest list of available build targets:
-
Open your COPR project, then click “Settings” > “Build options” > “Chroots” - these are the same values packit accepts.
-
Install package
copr-cli
and run:
$ copr-cli list-chroots
centos-stream-8-aarch64
centos-stream-8-x86_64
custom-1-i386
custom-1-x86_64
epel-6-i386
epel-6-x86_64
epel-7-aarch64
epel-7-x86_64
epel-8-aarch64
epel-8-x86_64
fedora-32-aarch64
fedora-32-armhfp
...
-
You can also use the aliases provided by Packit to not need to change the config file when the new system version is released.
By default, the
x86_64
architecture will be used, but you you can override the default e.g.fedora-stable-aarch64
.
tests #
See more about tests here.
production_build #
Create a SRPM from upstream and submit a scratch RPM build to Fedora Koji build system.
At the moment it is not possible to run non-scratch Koji builds from upstream. For more info, please see the following issue.
If you want to do official Koji builds, the sources need to be present in
dist-git: job koji_build
can take care of that.
(The naming is not ideal, but we don’t want to change this because of the
backwards compatibility.)
Supported triggers:
- pull_request – check out content of the pull request
- commit – reacts to new commits to the specified branch
- release – check out content of the tag associated with the release
Required parameters:
- branch – the name of the branch we want to build for when using commit trigger.
Optional parameters:
- targets – (a list of) targets we want to build for,
list of supported targets can be listed using with
koji list-targets
. You can also use the aliases provided by Packit to not need to change the config file when the new system version is released.
propose_downstream #
Land a new upstream release in Fedora. This job only makes sure the changes happen in Fedora dist-git - no builds. A pull request is created as a result.
Supported triggers: release.
Optional parameters:
- dist_git_branches - a (list of) branch(es) in dist-git where packit should work (defaults to
main
). You can also use the aliases provided by Packit to not need to change the config file when the new system version is released.
Example
jobs:
- job: propose_downstream
trigger: release
- job: propose_downstream
trigger: release
dist_git_branches:
- f35
This config would update Fedora Rawhide and Fedora 35 dist-git branches.
koji_build #
Trigger the build in Fedora Koji build system as a reaction to a new dist-git commit. A Packit config file needs to be in the dist-git repository to allow this job to be triggered. Packit loads the config from the newly pushed commit.
The build is triggered only for commits with a spec-file change.
By default, only merged pull requests created by Packit are being acted upon so the proven packager
workflow is
preserved, details
here. You can override this behaviour by specifying
allowed_pr_authors
and/or allowed_committers
in the job configuration (see below). For direct pushes, the committer needs to
be specified in the allowed_committers
and for merged pull requests the author of the PR needs to be
specified in the allowed_pr_authors
.
There is no UI provided by Packit for the job, but it is visible across Fedora systems (e.g. via dist-git commit status) like a manually created Koji build and you can utilise Fedora Notifications to get informed about the builds.
For Koji builds from upstream, see production_build
.
(The naming is not ideal, but we don’t want to change this because of the backwards compatibility.)
Supported triggers:
- commit – reacts to new commits to the specified branch (in dist-git)
Required parameters:
- dist_git_branches – the name of the dist-git branch we want to build for when using commit trigger. You can also use the aliases provided by Packit to not need to change the config file when the new system version is released.
Optional parameters:
- scratch – defaults to
false
, use to create scratch (test) builds instead of the real production builds - allowed_pr_authors - a list of FAS accounts of PR authors whose merged pull requests will trigger koji builds
(defaults to
['packit']
). - allowed_committers - a list of FAS accounts of committers whose pushes to dist-git will trigger koji builds (defaults to an empty list).
Example
jobs:
- job: koji_build
trigger: commit
dist_git_branches:
- fedora-all
- epel-8
bodhi_update #
Create a new update in Fedora Bodhi for successful Koji build. A Packit config file needs to be in the dist-git repository to allow this job to be triggered. Packit loads the config from the commit the build is triggered from.
For now, the Bodhi update is created only for builds submitted by the Packit FAS user.
(See koji_build
job for more details on how to set this up.)
This is just for the early stage of this job and
we can easily turn off that filter.
Let us know if you need this condition to be removed.
Also, you need to give commit
rights to packit
FAS user
for your package in dist-git settings.
There is no UI provided by Packit for the job, but it is visible across Fedora systems like a manually created Bodhi update and you can utilise Fedora Notifications to tweak the notifications settings.
Note that this job is really new and not mature yet – let us know if you find anything problematic or any improvement we can implement.
Supported triggers:
- commit – Packit uses the original action as a config trigger so you need to use
commit
as a trigger. The real trigger is a successful Koji build (that was triggered from a commit).
Required parameters:
- dist_git_branches – the name of the dist-git branch(es) the build we want to use is coming from. You can also use the aliases provided by Packit to not need to change the config file when the new system version is released.
Example
jobs:
- job: bodhi_update
trigger: commit
dist_git_branches:
- fedora-stable # rawhide updates are created automatically
- epel-8
User configuration file #
When running packit as a tool locally, it is convenient to use a configuration
file to provide data such as API tokens. Packit respects XDG_CONFIG_HOME
environment variable. If not set, it looks inside ~/.config/
directory.
The acceptable names are the same as for the package config:
.packit.yaml
.packit.yml
.packit.json
packit.yaml
packit.yml
packit.json
Values #
Key name | Type | Description |
---|---|---|
debug |
bool | enable debug logs |
fas_user |
string | username in Fedora account system; this is utilized when authenticating with Bodhi using Kerberos |
authentication |
dict | tokens for services (GitHub, Pagure) |
upstream_git_remote |
string | name of the git remote to discover upstream project URL from |
The authentication
is a dictionary where:
- key is a hostname, url or name that can be mapped to a service-type, for example
github.com
orpagure
- value is a dictionary with keys:
token
andinstance_url
(optional)
e.g.:
authentication:
github.com:
token: mnbvcxz123456
pagure:
token: qwertyuiop098765
instance_url: https://src.fedoraproject.org
The GitHub token is needed when packit interacts with Github API, get it at https://github.com/settings/tokens (getting full read & write repo scope should be enough). The Pagure token needed to access REST API, get it at https://src.fedoraproject.org/settings#nav-api-tab
Specifying tokens as direct keys github_token
and pagure_user_token
has been deprecated and will be removed in future versions.
Since API tokens are a very sensitive information, please do NOT ever store them in a public (such as a GitHub repository). The configuration file here is located on your workstation, please do NOT confuse it with a config file for your project - that one is described above in the first section of this document.