123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244 |
- ####
- # DO NOT EDIT THIS FILE IN MASTER. ONLY EDIT IT IN THE OLDEST SUPPORTED
- # BRANCH, THEN MERGE FORWARD.
- ####
- # This file controls how gitlab validates Tor commits and merge requests.
- #
- # It is primarily based on a set of scripts and configurations by
- # Hans-Christoph Steiner. It only copies parts of those scripts and
- # configurations for now. If you want a new piece of functionality
- # (more debians, more fedoras, android support) then you shouldn't
- # start from scratch: have a look at the original ticket, at
- # https://gitlab.torproject.org/tpo/core/tor/-/issues/32193 !
- #
- # The file to copy from is
- # https://gitlab.torproject.org/tpo/core/tor/-/merge_requests/96/diffs#diff-content-587d266bb27a4dc3022bbed44dfa19849df3044c
- #
- # Having said that, if there is anything really stupid here, don't
- # blame it on Hans-Christoph! Tor probably added it on their own.
- #
- # Copyright 2020, The Tor Project, Inc.
- # See LICENSE for licence information.
- # These variables are set everywhere, unconditionally.
- variables:
- TERM: "ansi"
- DEBUG_CI: "yes"
- # This template is for exporting ephemeral things from the scripts. By
- # convention we expect our scripts to copy stuff into artifacts/, rather than
- # having a big list of files that be treated as artifacts.
- .artifacts-template: &artifacts-template
- artifacts:
- name: "${CI_PROJECT_PATH}_${CI_JOB_STAGE}_${CI_COMMIT_REF_NAME}_${CI_COMMIT_SHA}"
- expire_in: 1 week
- when: always
- paths:
- - artifacts/
- # This template is used for x86-64 builds.
- .x86-64-template: &x86-64-template
- tags:
- - amd64
- # This template should be usable on any system that's based on apt.
- .apt-template: &apt-template |
- export LC_ALL=C.UTF-8
- echo Etc/UTC > /etc/timezone
- mkdir -p apt-cache
- export APT_CACHE_DIR="$(pwd)/apt-cache"
- rm -f /etc/apt/apt.conf.d/docker-clean
- echo 'quiet "1";' \
- 'APT::Install-Recommends "0";' \
- 'APT::Install-Suggests "0";' \
- 'APT::Acquire::Retries "20";' \
- 'APT::Get::Assume-Yes "true";' \
- 'Dpkg::Use-Pty "0";' \
- "Dir::Cache::Archives \"${APT_CACHE_DIR}\"; " \
- >> /etc/apt/apt.conf.d/99gitlab
- apt-get update -qq
- apt-get upgrade -qy
- # This template sets us up for Debian system in particular.
- .debian-template: &debian-template
- <<: *artifacts-template
- <<: *x86-64-template
- variables:
- DEBIAN_FRONTEND: "noninteractive"
- # TODO: Using "cache" in this way speeds up our downloads. It would be
- # even better, though, to start with a pre-upgraded debian image.
- #
- # TODO: Will we have to do this differently once we have more than one
- # debian version that we're using?
- cache:
- key: apt
- paths:
- - apt-cache
- before_script:
- - *apt-template
- # Install patches unconditionally.
- - apt-get install
- apt-utils
- automake
- build-essential
- ca-certificates
- file
- git
- libevent-dev
- liblzma-dev
- libscrypt-dev
- libseccomp-dev
- libssl-dev
- pkg-config
- python3
- zlib1g-dev
- # Install patches that we only need for some use cases.
- - if [ "$ASCIIDOC" = yes ]; then apt-get install asciidoc xmlto; fi
- - if [ "$DOXYGEN" = yes ]; then apt-get install doxygen; fi
- - if [ "$STEM" = yes ]; then apt-get install timelimit; fi
- - if [ "$CC" = clang ]; then apt-get install clang; fi
- - if [ "$NSS" = yes ]; then apt-get install libnss3 libnss3-dev; fi
- # TODO: This next line should not be debian-only.
- - if [ "$STEM" = yes ]; then git clone --depth 1 https://gitlab.torproject.org/tpo/network-health/stem.git ; export STEM_PATH="$(pwd)/stem"; fi
- # TODO: This next line should not be debian-only.
- - if [ "$CHUTNEY" = yes ]; then git clone --depth 1 https://gitlab.torproject.org/tpo/core/chutney.git ; export CHUTNEY_PATH="$(pwd)/chutney"; fi
- - if [ "$TRACING" = yes ]; then apt install liblttng-ust-dev; fi
- # Minimal check on debian: just make, make check.
- #
- debian-minimal:
- image: debian:bullseye
- <<: *debian-template
- script:
- - ./scripts/ci/ci-driver.sh
- # Minmal check on debian/i386: just make, make check.
- #
- debian-i386-minimal:
- image: i386/debian:bullseye
- <<: *debian-template
- script:
- - ./scripts/ci/ci-driver.sh
- tags:
- - physical
- #####
- # Run "make check" with a hardened clang on debian stable. This takes
- # care of a hardening check, and a compile-with-clang check.
- #
- # TODO: This will be faster once we merge #40098 and #40099.
- debian-hardened:
- image: debian:bullseye
- <<: *debian-template
- variables:
- ALL_BUGS_ARE_FATAL: "yes"
- HARDENING: "yes"
- CC: "clang"
- script:
- - ./scripts/ci/ci-driver.sh
- #####
- # Distcheck on debian stable
- debian-distcheck:
- image: debian:bullseye
- <<: *debian-template
- variables:
- DISTCHECK: "yes"
- CHECK: "no"
- script:
- - ./scripts/ci/ci-driver.sh
- #####
- # Documentation tests on debian stable: doxygen and asciidoc.
- debian-docs:
- image: debian:bullseye
- <<: *debian-template
- variables:
- DOXYGEN: "yes"
- ASCIIDOC: "yes"
- CHECK: "no"
- RUN_STAGE_BUILD: "no"
- script:
- - ./scripts/ci/ci-driver.sh
- #####
- # Integration tests on debian stable: chutney and stem.
- #
- # TODO: It would be cool if this target didn't have to re-build tor, and
- # could instead re-use Tor from debian-minimal. That can be done
- # with the 'artifacts' mechanism, in theory, but it would be good to
- # avoid having to have a system with hundreds of artifacts.
- debian-integration:
- image: debian:bullseye
- <<: *debian-template
- variables:
- CHECK: "no"
- CHUTNEY: "yes"
- CHUTNEY_MAKE_TARGET: "test-network-all"
- STEM: "yes"
- ALL_BUGS_ARE_FATAL: "yes"
- script:
- - ./scripts/ci/ci-driver.sh
- #####
- # Tracing build on Debian stable.
- debian-tracing:
- image: debian:bullseye
- <<: *debian-template
- variables:
- TRACING: "yes"
- CHECK: "no"
- DISTCHECK: "yes"
- script:
- - ./scripts/ci/ci-driver.sh
- #####
- # No-authority mode
- debian-disable-dirauth:
- image: debian:bullseye
- <<: *debian-template
- variables:
- DISABLE_DIRAUTH: "yes"
- script:
- - ./scripts/ci/ci-driver.sh
- #####
- # No-relay mode
- debian-disable-relay:
- image: debian:bullseye
- <<: *debian-template
- variables:
- DISABLE_RELAY: "yes"
- script:
- - ./scripts/ci/ci-driver.sh
- #####
- # NSS check on debian
- debian-nss:
- image: debian:bullseye
- <<: *debian-template
- variables:
- NSS: "yes"
- script:
- - ./scripts/ci/ci-driver.sh
- #####
- # Debian packaging triggers for maintenance branches
- debian-packaging-0.4.5:
- stage: deploy
- trigger:
- project: tpo/core/debian/tor
- branch: debian-0.4.5
- rules:
- - if: $CI_PROJECT_NAMESPACE == "tpo/core" &&
- $CI_COMMIT_BRANCH == "maint-0.4.5"
- debian-packaging-0.4.6:
- stage: deploy
- trigger:
- project: tpo/core/debian/tor
- branch: debian-0.4.6
- rules:
- - if: $CI_PROJECT_NAMESPACE == "tpo/core" &&
- $CI_COMMIT_BRANCH == "maint-0.4.6"
|