Allow to upload packages by creating and pushing a signed git tag
The problem
While most packages are maintained in git, uploading them to the archive requires an extra dput
still. This makes git and the sources in the archive disconnected.
Actual situation
Having git and the archive disconnected has several problems:
- The sources in the archive don't necessarily match the git tag for that version.
- The developer has to perform extra steps
Expected situation
It would be great if pushing a signed git tag would be sufficient to trigger a build of the binary packages. The "source of truth" would be the git archive. E.g. a
git tag -s <tag> && git push origin <tag>
should be sufficient to release a package into Debian. This would make sure
-
git clone
gives you exactly what's in the archive - There's no way to accidentally have sources that don't match git hence e.g. don't reproduce certain bugs
- we'd have all the gitlab-ci etc as qa (we could even only let the tag through if it passes)
Additional information
I left the above pretty vague on purpose since the fact if we want to generate a dsc + tarball and still maintain the "archive" or if all sources should live in a blessed git instance should be discussed. Basically the only requirement would be that what the developer tags is 1:1 what is used to build the package.