.gitlab-ci.yml 6.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244
  1. ####
  2. # DO NOT EDIT THIS FILE IN MASTER. ONLY EDIT IT IN THE OLDEST SUPPORTED
  3. # BRANCH, THEN MERGE FORWARD.
  4. ####
  5. # This file controls how gitlab validates Tor commits and merge requests.
  6. #
  7. # It is primarily based on a set of scripts and configurations by
  8. # Hans-Christoph Steiner. It only copies parts of those scripts and
  9. # configurations for now. If you want a new piece of functionality
  10. # (more debians, more fedoras, android support) then you shouldn't
  11. # start from scratch: have a look at the original ticket, at
  12. # https://gitlab.torproject.org/tpo/core/tor/-/issues/32193 !
  13. #
  14. # The file to copy from is
  15. # https://gitlab.torproject.org/tpo/core/tor/-/merge_requests/96/diffs#diff-content-587d266bb27a4dc3022bbed44dfa19849df3044c
  16. #
  17. # Having said that, if there is anything really stupid here, don't
  18. # blame it on Hans-Christoph! Tor probably added it on their own.
  19. #
  20. # Copyright 2020, The Tor Project, Inc.
  21. # See LICENSE for licence information.
  22. # These variables are set everywhere, unconditionally.
  23. variables:
  24. TERM: "ansi"
  25. DEBUG_CI: "yes"
  26. # This template is for exporting ephemeral things from the scripts. By
  27. # convention we expect our scripts to copy stuff into artifacts/, rather than
  28. # having a big list of files that be treated as artifacts.
  29. .artifacts-template: &artifacts-template
  30. artifacts:
  31. name: "${CI_PROJECT_PATH}_${CI_JOB_STAGE}_${CI_COMMIT_REF_NAME}_${CI_COMMIT_SHA}"
  32. expire_in: 1 week
  33. when: always
  34. paths:
  35. - artifacts/
  36. # This template is used for x86-64 builds.
  37. .x86-64-template: &x86-64-template
  38. tags:
  39. - amd64
  40. # This template should be usable on any system that's based on apt.
  41. .apt-template: &apt-template |
  42. export LC_ALL=C.UTF-8
  43. echo Etc/UTC > /etc/timezone
  44. mkdir -p apt-cache
  45. export APT_CACHE_DIR="$(pwd)/apt-cache"
  46. rm -f /etc/apt/apt.conf.d/docker-clean
  47. echo 'quiet "1";' \
  48. 'APT::Install-Recommends "0";' \
  49. 'APT::Install-Suggests "0";' \
  50. 'APT::Acquire::Retries "20";' \
  51. 'APT::Get::Assume-Yes "true";' \
  52. 'Dpkg::Use-Pty "0";' \
  53. "Dir::Cache::Archives \"${APT_CACHE_DIR}\"; " \
  54. >> /etc/apt/apt.conf.d/99gitlab
  55. apt-get update -qq
  56. apt-get upgrade -qy
  57. # This template sets us up for Debian system in particular.
  58. .debian-template: &debian-template
  59. <<: *artifacts-template
  60. <<: *x86-64-template
  61. variables:
  62. DEBIAN_FRONTEND: "noninteractive"
  63. # TODO: Using "cache" in this way speeds up our downloads. It would be
  64. # even better, though, to start with a pre-upgraded debian image.
  65. #
  66. # TODO: Will we have to do this differently once we have more than one
  67. # debian version that we're using?
  68. cache:
  69. key: apt
  70. paths:
  71. - apt-cache
  72. before_script:
  73. - *apt-template
  74. # Install patches unconditionally.
  75. - apt-get install
  76. apt-utils
  77. automake
  78. build-essential
  79. ca-certificates
  80. file
  81. git
  82. libevent-dev
  83. liblzma-dev
  84. libscrypt-dev
  85. libseccomp-dev
  86. libssl-dev
  87. pkg-config
  88. python3
  89. zlib1g-dev
  90. # Install patches that we only need for some use cases.
  91. - if [ "$ASCIIDOC" = yes ]; then apt-get install asciidoc xmlto; fi
  92. - if [ "$DOXYGEN" = yes ]; then apt-get install doxygen; fi
  93. - if [ "$STEM" = yes ]; then apt-get install timelimit; fi
  94. - if [ "$CC" = clang ]; then apt-get install clang; fi
  95. - if [ "$NSS" = yes ]; then apt-get install libnss3 libnss3-dev; fi
  96. # TODO: This next line should not be debian-only.
  97. - if [ "$STEM" = yes ]; then git clone --depth 1 https://gitlab.torproject.org/tpo/network-health/stem.git ; export STEM_PATH="$(pwd)/stem"; fi
  98. # TODO: This next line should not be debian-only.
  99. - if [ "$CHUTNEY" = yes ]; then git clone --depth 1 https://gitlab.torproject.org/tpo/core/chutney.git ; export CHUTNEY_PATH="$(pwd)/chutney"; fi
  100. - if [ "$TRACING" = yes ]; then apt install liblttng-ust-dev; fi
  101. # Minimal check on debian: just make, make check.
  102. #
  103. debian-minimal:
  104. image: debian:bullseye
  105. <<: *debian-template
  106. script:
  107. - ./scripts/ci/ci-driver.sh
  108. # Minmal check on debian/i386: just make, make check.
  109. #
  110. debian-i386-minimal:
  111. image: i386/debian:bullseye
  112. <<: *debian-template
  113. script:
  114. - ./scripts/ci/ci-driver.sh
  115. tags:
  116. - physical
  117. #####
  118. # Run "make check" with a hardened clang on debian stable. This takes
  119. # care of a hardening check, and a compile-with-clang check.
  120. #
  121. # TODO: This will be faster once we merge #40098 and #40099.
  122. debian-hardened:
  123. image: debian:bullseye
  124. <<: *debian-template
  125. variables:
  126. ALL_BUGS_ARE_FATAL: "yes"
  127. HARDENING: "yes"
  128. CC: "clang"
  129. script:
  130. - ./scripts/ci/ci-driver.sh
  131. #####
  132. # Distcheck on debian stable
  133. debian-distcheck:
  134. image: debian:bullseye
  135. <<: *debian-template
  136. variables:
  137. DISTCHECK: "yes"
  138. CHECK: "no"
  139. script:
  140. - ./scripts/ci/ci-driver.sh
  141. #####
  142. # Documentation tests on debian stable: doxygen and asciidoc.
  143. debian-docs:
  144. image: debian:bullseye
  145. <<: *debian-template
  146. variables:
  147. DOXYGEN: "yes"
  148. ASCIIDOC: "yes"
  149. CHECK: "no"
  150. RUN_STAGE_BUILD: "no"
  151. script:
  152. - ./scripts/ci/ci-driver.sh
  153. #####
  154. # Integration tests on debian stable: chutney and stem.
  155. #
  156. # TODO: It would be cool if this target didn't have to re-build tor, and
  157. # could instead re-use Tor from debian-minimal. That can be done
  158. # with the 'artifacts' mechanism, in theory, but it would be good to
  159. # avoid having to have a system with hundreds of artifacts.
  160. debian-integration:
  161. image: debian:bullseye
  162. <<: *debian-template
  163. variables:
  164. CHECK: "no"
  165. CHUTNEY: "yes"
  166. CHUTNEY_MAKE_TARGET: "test-network-all"
  167. STEM: "yes"
  168. ALL_BUGS_ARE_FATAL: "yes"
  169. script:
  170. - ./scripts/ci/ci-driver.sh
  171. #####
  172. # Tracing build on Debian stable.
  173. debian-tracing:
  174. image: debian:bullseye
  175. <<: *debian-template
  176. variables:
  177. TRACING: "yes"
  178. CHECK: "no"
  179. DISTCHECK: "yes"
  180. script:
  181. - ./scripts/ci/ci-driver.sh
  182. #####
  183. # No-authority mode
  184. debian-disable-dirauth:
  185. image: debian:bullseye
  186. <<: *debian-template
  187. variables:
  188. DISABLE_DIRAUTH: "yes"
  189. script:
  190. - ./scripts/ci/ci-driver.sh
  191. #####
  192. # No-relay mode
  193. debian-disable-relay:
  194. image: debian:bullseye
  195. <<: *debian-template
  196. variables:
  197. DISABLE_RELAY: "yes"
  198. script:
  199. - ./scripts/ci/ci-driver.sh
  200. #####
  201. # NSS check on debian
  202. debian-nss:
  203. image: debian:bullseye
  204. <<: *debian-template
  205. variables:
  206. NSS: "yes"
  207. script:
  208. - ./scripts/ci/ci-driver.sh
  209. #####
  210. # Debian packaging triggers for maintenance branches
  211. debian-packaging-0.4.5:
  212. stage: deploy
  213. trigger:
  214. project: tpo/core/debian/tor
  215. branch: debian-0.4.5
  216. rules:
  217. - if: $CI_PROJECT_NAMESPACE == "tpo/core" &&
  218. $CI_COMMIT_BRANCH == "maint-0.4.5"
  219. debian-packaging-0.4.6:
  220. stage: deploy
  221. trigger:
  222. project: tpo/core/debian/tor
  223. branch: debian-0.4.6
  224. rules:
  225. - if: $CI_PROJECT_NAMESPACE == "tpo/core" &&
  226. $CI_COMMIT_BRANCH == "maint-0.4.6"