mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-24 04:13:28 +01:00
6ef6d36296
This enables on-demand debian packaging CI builds on maintenance branches, to replace (often unnecessary) daily scheduled builds.
264 lines
7.7 KiB
YAML
264 lines
7.7 KiB
YAML
####
|
|
# DO NOT EDIT THIS FILE IN MASTER. ONLY EDIT IT IN THE OLDEST SUPPORTED
|
|
# BRANCH, THEN MERGE FORWARD.
|
|
####
|
|
|
|
# This file controls how gitlab validates Tor commits and merge requests.
|
|
#
|
|
# It is primarily based on a set of scripts and configurations by
|
|
# Hans-Christoph Steiner. It only copies parts of those scripts and
|
|
# configurations for now. If you want a new piece of functionality
|
|
# (more debians, more fedoras, android support) then you shouldn't
|
|
# start from scratch: have a look at the original ticket, at
|
|
# https://gitlab.torproject.org/tpo/core/tor/-/issues/32193 !
|
|
#
|
|
# The file to copy from is
|
|
# https://gitlab.torproject.org/tpo/core/tor/-/merge_requests/96/diffs#diff-content-587d266bb27a4dc3022bbed44dfa19849df3044c
|
|
#
|
|
# Having said that, if there is anything really stupid here, don't
|
|
# blame it on Hans-Christoph! Tor probably added it on their own.
|
|
#
|
|
# Copyright 2020, The Tor Project, Inc.
|
|
# See LICENSE for licence information.
|
|
|
|
# These variables are set everywhere, unconditionally.
|
|
variables:
|
|
TERM: "ansi"
|
|
DEBUG_CI: "yes"
|
|
|
|
# This template is for exporting ephemeral things from the scripts. By
|
|
# convention we expect our scripts to copy stuff into artifacts/, rather than
|
|
# having a big list of files that be treated as artifacts.
|
|
.artifacts-template: &artifacts-template
|
|
artifacts:
|
|
name: "${CI_PROJECT_PATH}_${CI_JOB_STAGE}_${CI_COMMIT_REF_NAME}_${CI_COMMIT_SHA}"
|
|
expire_in: 1 week
|
|
when: always
|
|
paths:
|
|
- artifacts/
|
|
|
|
|
|
# This template is used for x86-64 builds.
|
|
.x86-64-template: &x86-64-template
|
|
tags:
|
|
- amd64
|
|
|
|
# This template should be usable on any system that's based on apt.
|
|
.apt-template: &apt-template |
|
|
export LC_ALL=C.UTF-8
|
|
echo Etc/UTC > /etc/timezone
|
|
mkdir -p apt-cache
|
|
export APT_CACHE_DIR="$(pwd)/apt-cache"
|
|
echo 'quiet "1";' \
|
|
'APT::Install-Recommends "0";' \
|
|
'APT::Install-Suggests "0";' \
|
|
'APT::Acquire::Retries "20";' \
|
|
'APT::Get::Assume-Yes "true";' \
|
|
'Dpkg::Use-Pty "0";' \
|
|
"Dir::Cache::Archives \"${APT_CACHE_DIR}\"; " \
|
|
>> /etc/apt/apt.conf.d/99gitlab
|
|
apt-get update -qq
|
|
apt-get upgrade -qy
|
|
|
|
# This template sets us up for Debian system in particular.
|
|
.debian-template: &debian-template
|
|
<<: *artifacts-template
|
|
<<: *x86-64-template
|
|
variables:
|
|
DEBIAN_FRONTEND: "noninteractive"
|
|
# TODO: Using "cache" in this way speeds up our downloads. It would be
|
|
# even better, though, to start with a pre-upgraded debian image.
|
|
#
|
|
# TODO: Will we have to do this differently once we have more than one
|
|
# debian version that we're using?
|
|
cache:
|
|
key: apt
|
|
paths:
|
|
- apt-cache
|
|
before_script:
|
|
- *apt-template
|
|
# Install patches unconditionally.
|
|
- apt-get install
|
|
automake
|
|
build-essential
|
|
ca-certificates
|
|
git
|
|
libevent-dev
|
|
liblzma-dev
|
|
libscrypt-dev
|
|
libseccomp-dev
|
|
libssl-dev
|
|
pkg-config
|
|
python3
|
|
zlib1g-dev
|
|
# Install patches that we only need for some use cases.
|
|
- if [ "$ASCIIDOC" = yes ]; then apt-get install asciidoc xmlto; fi
|
|
- if [ "$DOXYGEN" = yes ]; then apt-get install doxygen; fi
|
|
- if [ "$STEM" = yes ]; then apt-get install timelimit; fi
|
|
- if [ "$CC" = clang ]; then apt-get install clang; fi
|
|
- if [ "$NSS" = yes ]; then apt-get install libnss3 libnss3-dev; fi
|
|
# TODO: This next line should not be debian-only.
|
|
- if [ "$STEM" = yes ]; then git clone --depth 1 https://git.torproject.org/stem.git ; export STEM_PATH="$(pwd)/stem"; fi
|
|
# TODO: This next line should not be debian-only.
|
|
- if [ "$CHUTNEY" = yes ]; then git clone --depth 1 https://git.torproject.org/chutney.git ; export CHUTNEY_PATH="$(pwd)/chutney"; fi
|
|
- if [ "$TRACING" = yes ]; then apt install liblttng-ust-dev; fi
|
|
|
|
# Minimal check on debian: just make, make check.
|
|
#
|
|
debian-minimal:
|
|
image: debian:buster
|
|
<<: *debian-template
|
|
script:
|
|
- ./scripts/ci/ci-driver.sh
|
|
|
|
# Minmal check on debian/i386: just make, make check.
|
|
#
|
|
debian-i386-minimal:
|
|
image: i386/debian:buster
|
|
<<: *debian-template
|
|
script:
|
|
- ./scripts/ci/ci-driver.sh
|
|
|
|
#####
|
|
# Run "make check" with a hardened clang on debian stable. This takes
|
|
# care of a hardening check, and a compile-with-clang check.
|
|
#
|
|
# TODO: This will be faster once we merge #40098 and #40099.
|
|
debian-hardened:
|
|
image: debian:bullseye
|
|
<<: *debian-template
|
|
variables:
|
|
ALL_BUGS_ARE_FATAL: "yes"
|
|
HARDENING: "yes"
|
|
CC: "clang"
|
|
script:
|
|
- ./scripts/ci/ci-driver.sh
|
|
|
|
#####
|
|
# Distcheck on debian stable
|
|
debian-distcheck:
|
|
image: debian:buster
|
|
<<: *debian-template
|
|
variables:
|
|
DISTCHECK: "yes"
|
|
CHECK: "no"
|
|
script:
|
|
- ./scripts/ci/ci-driver.sh
|
|
|
|
#####
|
|
# Documentation tests on debian stable: doxygen and asciidoc.
|
|
debian-docs:
|
|
image: debian:buster
|
|
<<: *debian-template
|
|
variables:
|
|
DOXYGEN: "yes"
|
|
ASCIIDOC: "yes"
|
|
CHECK: "no"
|
|
RUN_STAGE_BUILD: "no"
|
|
script:
|
|
- ./scripts/ci/ci-driver.sh
|
|
|
|
#####
|
|
# Integration tests on debian stable: chutney and stem.
|
|
#
|
|
# TODO: It would be cool if this target didn't have to re-build tor, and
|
|
# could instead re-use Tor from debian-minimal. That can be done
|
|
# with the 'artifacts' mechanism, in theory, but it would be good to
|
|
# avoid having to have a system with hundreds of artifacts.
|
|
debian-integration:
|
|
image: debian:buster
|
|
<<: *debian-template
|
|
variables:
|
|
CHECK: "no"
|
|
CHUTNEY: "yes"
|
|
CHUTNEY_MAKE_TARGET: "test-network-all"
|
|
STEM: "yes"
|
|
ALL_BUGS_ARE_FATAL: "yes"
|
|
script:
|
|
- ./scripts/ci/ci-driver.sh
|
|
|
|
#####
|
|
# Tracing build on Debian stable.
|
|
debian-tracing:
|
|
image: debian:buster
|
|
<<: *debian-template
|
|
variables:
|
|
TRACING: "yes"
|
|
CHECK: "no"
|
|
DISTCHECK: "yes"
|
|
script:
|
|
- ./scripts/ci/ci-driver.sh
|
|
# Ensure that we only run tracing when it's implemented.
|
|
#
|
|
# Once versions before 0.4.5 are obsolete, we can remove this test.
|
|
rules:
|
|
# This first "if" check prevents us from running a duplicate version of
|
|
# this pipeline whenever we push and create an MR. I don't understand why
|
|
# it is necessary, though the following URL purports to explain:
|
|
#
|
|
# https://docs.gitlab.com/ee/ci/yaml/#prevent-duplicate-pipelines
|
|
- if: '$CI_PIPELINE_SOURCE == "push"'
|
|
exists:
|
|
- src/lib/trace/trace_sys.c
|
|
|
|
#####
|
|
# No-authority mode
|
|
debian-disable-dirauth:
|
|
image: debian:buster
|
|
<<: *debian-template
|
|
variables:
|
|
DISABLE_DIRAUTH: "yes"
|
|
script:
|
|
- ./scripts/ci/ci-driver.sh
|
|
|
|
#####
|
|
# No-relay mode
|
|
debian-disable-relay:
|
|
image: debian:buster
|
|
<<: *debian-template
|
|
variables:
|
|
DISABLE_RELAY: "yes"
|
|
script:
|
|
- ./scripts/ci/ci-driver.sh
|
|
# Ensure that we only run tracing when it's implemented.
|
|
#
|
|
# Once versions before 0.4.3 are obsolete, we can remove this test.
|
|
rules:
|
|
# This first "if" check prevents us from running a duplicate version of
|
|
# this pipeline whenever we push and create an MR. I don't understand why
|
|
# it is necessary, though the following URL purports to explain:
|
|
#
|
|
# https://docs.gitlab.com/ee/ci/yaml/#prevent-duplicate-pipelines
|
|
- if: '$CI_PIPELINE_SOURCE == "push"'
|
|
exists:
|
|
- src/feature/relay/relay_stub.c
|
|
|
|
#####
|
|
# NSS check on debian
|
|
debian-nss:
|
|
image: debian:buster
|
|
<<: *debian-template
|
|
variables:
|
|
NSS: "yes"
|
|
script:
|
|
- ./scripts/ci/ci-driver.sh
|
|
|
|
#####
|
|
# Debian packaging triggers for maintenance branches
|
|
debian-packaging-0.4.5:
|
|
stage: deploy
|
|
trigger:
|
|
project: tpo/core/debian/tor
|
|
branch: debian-0.4.5
|
|
rules:
|
|
- if: $CI_PROJECT_NAMESPACE == "tpo/core" &&
|
|
$CI_COMMIT_BRANCH == "maint-0.4.5"
|
|
debian-packaging-0.4.6:
|
|
stage: deploy
|
|
trigger:
|
|
project: tpo/core/debian/tor
|
|
branch: debian-0.4.6
|
|
rules:
|
|
- if: $CI_PROJECT_NAMESPACE == "tpo/core" &&
|
|
$CI_COMMIT_BRANCH == "maint-0.4.6"
|