From 4ab53658cadcf63d05308c5d374171bf34396174 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Otto=20Kek=C3=A4l=C3=A4inen?= <otto@debian.org>
Date: Sat, 3 Jun 2023 16:37:51 -0700
Subject: [PATCH] Enable Salsa-CI

This will help ensure easily machine detectable regressions don't slip
into the code base.

This also makes any future contribution process faster and more
reliable, as any contributor submitting a Merge Request will get
immediate feedback, and the maintainers save time by not having to point
out basic mistakes.

Package krb5 build passes on all but three jobs out-of-the-box. The
crossbuild-arm64 is allowed to fail by default in Salsa-CI. Additionally
allow reprotest fail initially until they are fixed for this package.
The blhc check has two specific false positive overrides to pass.
---
 debian/rules        |  7 +++++++
 debian/salsa-ci.yml | 14 ++++++++++++++
 2 files changed, 21 insertions(+)
 create mode 100644 debian/salsa-ci.yml

diff --git a/debian/rules b/debian/rules
index b874c251f..d9350df99 100755
--- a/debian/rules
+++ b/debian/rules
@@ -38,6 +38,13 @@ DH_BUILD_OPTS= --sourcedir=src --builddir=build
 
 build: build-arch build-indep
 
+execute_before_dh_auto_build:
+	# It's fine for a test program not to get some of the hardening flags because
+	# it is never installed
+	@echo 'blhc: ignore-line-regexp: .* -o t_trval .*'
+	# It's not a problem that fortify flags are absent when preprosessor creates
+	# version identifier in docs
+	@echo 'blhc: ignore-line-regexp: .*doc/version.py'
 
 override_dh_auto_configure:
 	dh_auto_configure $(DH_BUILD_OPTS) -- --with-system-et --with-system-ss --disable-rpath  \
diff --git a/debian/salsa-ci.yml b/debian/salsa-ci.yml
new file mode 100644
index 000000000..ce5b6699c
--- /dev/null
+++ b/debian/salsa-ci.yml
@@ -0,0 +1,14 @@
+---
+include:
+  - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/salsa-ci.yml
+  - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/pipeline-jobs.yml
+
+# Disable failing reprotest. If needs more investigation and fixing before it
+# can be enabled.
+variables:
+  SALSA_CI_DISABLE_REPROTEST: 1
+
+# If Salsa-CI is not running at
+# https://salsa.debian.org/%{project_path}/-/pipelines, ensure that
+# https://salsa.debian.org/%{project_path}/-/settings/ci_cd has in field "CI/CD
+# configuration file" filename "debian/salsa-ci.yml"
-- 
GitLab