The CI container for testing operations/software/acme-chief uses golang-11-go from stretch-backports which we need to sunset T256877.
The container is based on Stretch. The Debian packaging targets Buster and tox.ini mentions python3.7 which is the default in Buster. So we can change the CI image and switch to Buster
Turns out we can still have CI runs using Stretch and the python 3.7 version from there. golang is used in a multistage build to generate peble.
Change 610292 had a related patch set uploaded (by Hashar; owner: Hashar):
[integration/config@master] dockerfiles: use golang from Buster to build pebble
The CI job uses an old version of the image: docker-registry.wikimedia.org/releng/tox-acme-chief:0.3.4 and the test suite works fine.
However when building https://gerrit.wikimedia.org/r/610292 , the suite failed. The reason is that building the image grabs the latest master from github.
The CI image 0.3.4 has been cut in February 2019 a few days before letsencrypt/pebble released v2.0.0. Turns out the acme-chief testsuite does not work anymore with it.
@Vgutierrez I guess that instead we could move the dependency definition to acme-chief maybe using Go modules? Then the CI image entry point would invoke go mod to install pebble and then run tox as usual.
Change 611303 had a related patch set uploaded (by Hashar; owner: Hashar):
[integration/config@master] Add extra non voting job for acme-chief
Change 610292 merged by jenkins-bot:
[integration/config@master] dockerfiles: use golang from Buster to build pebble
Mentioned in SAL (#wikimedia-releng) [2020-07-10T13:00:33Z] <hashar> Successfully tagged docker-registry.discovery.wmnet/releng/tox-acme-chief:0.5.0 # T257456
Change 611303 merged by jenkins-bot:
[integration/config@master] Add extra non voting job for acme-chief
I have deployed the jenkins job for acme chief which has the failures with the new letsencrypt/pebble
Example on a change pending review: https://gerrit.wikimedia.org/r/c/operations/software/acme-chief/+/611309
:]
Change 617720 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[integration/config@master] dockerfiles: target specific pebble version
Change 617720 merged by jenkins-bot:
[integration/config@master] dockerfiles: target specific pebble version
Change 618533 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[integration/config@master] dockerfiles: bump tox-acme-chief container version
Change 618534 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[integration/config@master] jjb: Use tox-acme-chief 0.5.1 for the new-pebble acme-chief job
Change 618533 merged by jenkins-bot:
[integration/config@master] dockerfiles: bump tox-acme-chief container version
Change 618534 merged by jenkins-bot:
[integration/config@master] jjb: Use tox-acme-chief 0.5.1 for the new-pebble acme-chief job
That is effectively done. As a side effect we no more depends on stretch-backports which was a blocker for T256877
Change 770462 had a related patch set uploaded (by Hashar; author: Hashar):
[integration/config@master] Remove legacy job for acme-chief
Change 770462 merged by jenkins-bot:
[integration/config@master] Remove legacy job for acme-chief