nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-23 11:53:31 +01:00
Code Issues Packages Projects Releases Wiki Activity
9b03f0288a
tor/.gitlab-ci.yml
Jim Newsome f79a5e6629 CI: use a fixed version of chutney 
While chutney currently runs tor's chutney test in its own CI,
it's difficult to guarantee the two won't accidentally diverge.
Probably best to use a fixed version here so that we can control
chutney version bumps and avoid surprise breakage in tor's CI.

This will also free us to intentionally make breaking changes in
chutney (though I don't have any immediate plans for any).
2024-10-30 12:16:35 -05:00

287 lines
8.0 KiB
YAML
Raw Blame History

####
# DO NOT EDIT THIS FILE IN MASTER. ONLY EDIT IT IN THE OLDEST SUPPORTED
# BRANCH, THEN MERGE FORWARD.
####
# This file controls how gitlab validates Tor commits and merge requests.
#
# It is primarily based on a set of scripts and configurations by
# Hans-Christoph Steiner. It only copies parts of those scripts and
# configurations for now. If you want a new piece of functionality
# (more debians, more fedoras, android support) then you shouldn't
# start from scratch: have a look at the original ticket, at
# https://gitlab.torproject.org/tpo/core/tor/-/issues/32193 !
#
# The file to copy from is
# https://gitlab.torproject.org/tpo/core/tor/-/merge_requests/96/diffs#diff-content-587d266bb27a4dc3022bbed44dfa19849df3044c
#
# Having said that, if there is anything really stupid here, don't
# blame it on Hans-Christoph! Tor probably added it on their own.
#
# Copyright 2020, The Tor Project, Inc.
# See LICENSE for licence information.
# These variables are set everywhere, unconditionally.
variables:
TERM: "ansi"
DEBUG_CI: "yes"
# This template is for exporting ephemeral things from the scripts. By
# convention we expect our scripts to copy stuff into artifacts/, rather than
# having a big list of files that be treated as artifacts.
.artifacts-template: &artifacts-template
artifacts:
name: "${CI_PROJECT_PATH}_${CI_JOB_STAGE}_${CI_COMMIT_REF_NAME}_${CI_COMMIT_SHA}"
expire_in: 1 week
when: always
paths:
- artifacts/
# This template is used for x86-64 builds.
.x86-64-template: &x86-64-template
tags:
- amd64
- physical
# This template should be usable on any system that's based on apt.
.apt-template: &apt-template |
export LC_ALL=C.UTF-8
echo Etc/UTC > /etc/timezone
mkdir -p apt-cache
export APT_CACHE_DIR="$(pwd)/apt-cache"
rm -f /etc/apt/apt.conf.d/docker-clean
echo 'quiet "1";' \
'Acquire::Retries "20";' \
'APT::Install-Recommends "0";' \
'APT::Install-Suggests "0";' \
'APT::Get::Assume-Yes "true";' \
'Dpkg::Use-Pty "0";' \
"Dir::Cache::Archives \"${APT_CACHE_DIR}\"; " \
>> /etc/apt/apt.conf.d/99gitlab
apt-get update -qq
apt-get upgrade -qy
# This template sets us up for Debian system in particular.
.debian-template: &debian-template
<<: *artifacts-template
<<: *x86-64-template
variables:
DEBIAN_FRONTEND: "noninteractive"
# TODO: Using "cache" in this way speeds up our downloads. It would be
# even better, though, to start with a pre-upgraded debian image.
#
# TODO: Will we have to do this differently once we have more than one
# debian version that we're using?
cache:
key: apt
paths:
- apt-cache
before_script:
- *apt-template
# Install patches unconditionally.
- apt-get install
apt-utils
automake
build-essential
ca-certificates
file
git
libevent-dev
liblzma-dev
libscrypt-dev
libseccomp-dev
libssl-dev
pkg-config
python3
zlib1g-dev
# Install patches that we only need for some use cases.
- if [ "$ASCIIDOC" = yes ]; then apt-get install asciidoc xmlto; fi
- if [ "$DOXYGEN" = yes ]; then apt-get install doxygen; fi
- if [ "$STEM" = yes ]; then apt-get install timelimit; fi
- if [ "$CC" = clang ]; then apt-get install clang; fi
- if [ "$NSS" = yes ]; then apt-get install libnss3 libnss3-dev; fi
# llvm-symbolizer for sanitizer backtrace
- if [ "$HARDENING" = yes ]; then apt-get install llvm; fi
# TODO: This next line should not be debian-only.
- if [ "$STEM" = yes ]; then git clone --depth 1 https://gitlab.torproject.org/tpo/network-health/stem.git ; export STEM_PATH="$(pwd)/stem"; fi
# TODO: This next line should not be debian-only.
- |
if [ "$CHUTNEY" = yes ]; then
# Use a fixed version of chutney to avoid surprise breakage.
CHUTNEY_SHALLOW_SINCE=2024-10-28
CHUTNEY_COMMIT=be881a1e7c4bc8038fa13fde4a7b24e5c56349c4
git clone --shallow-since "$CHUTNEY_SHALLOW_SINCE" https://gitlab.torproject.org/tpo/core/chutney.git
git -C ./chutney checkout "$CHUTNEY_COMMIT"
export CHUTNEY_PATH="$(pwd)/chutney"
# Have pip install chutney's python dependencies by installing chutney
# itself.
apt-get install python3-pip
pip3 install --user ./chutney
fi
- if [ "$TRACING" = yes ]; then apt install liblttng-ust-dev; fi
# Minimal check on debian: just make, make check.
#
debian-minimal:
image: debian:bullseye
<<: *debian-template
script:
- ./scripts/ci/ci-driver.sh
# Minimal check on debian/i386: just make, make check.
#
debian-i386-minimal:
image: i386/debian:bullseye
<<: *debian-template
script:
- ./scripts/ci/ci-driver.sh
tags:
- physical
#####
# Run "make check" with a hardened clang on debian stable. This takes
# care of a hardening check, and a compile-with-clang check.
#
# TODO: This will be faster once we merge #40098 and #40099.
debian-hardened:
image: debian:bullseye
<<: *debian-template
variables:
ALL_BUGS_ARE_FATAL: "yes"
HARDENING: "yes"
CC: "clang"
script:
- ./scripts/ci/ci-driver.sh
#####
# Distcheck on debian stable
debian-distcheck:
image: debian:bullseye
<<: *debian-template
variables:
DISTCHECK: "yes"
CHECK: "no"
script:
- ./scripts/ci/ci-driver.sh
#####
# Documentation tests on debian stable: doxygen and asciidoc.
debian-docs:
image: debian:bullseye
<<: *debian-template
variables:
DOXYGEN: "yes"
ASCIIDOC: "yes"
CHECK: "no"
RUN_STAGE_BUILD: "no"
script:
- ./scripts/ci/ci-driver.sh
#####
# Integration tests on debian stable: chutney and stem.
#
# TODO: It would be cool if this target didn't have to re-build tor, and
# could instead re-use Tor from debian-minimal. That can be done
# with the 'artifacts' mechanism, in theory, but it would be good to
# avoid having to have a system with hundreds of artifacts.
debian-integration:
image: debian:bullseye
<<: *debian-template
variables:
CHECK: "no"
CHUTNEY: "yes"
CHUTNEY_MAKE_TARGET: "test-network-all"
STEM: "yes"
ALL_BUGS_ARE_FATAL: "yes"
script:
- ./scripts/ci/ci-driver.sh
#####
# Tracing build on Debian stable.
debian-tracing:
image: debian:bullseye
<<: *debian-template
variables:
TRACING: "yes"
CHECK: "no"
DISTCHECK: "yes"
script:
- ./scripts/ci/ci-driver.sh
#####
# No-authority mode
debian-disable-dirauth:
image: debian:bullseye
<<: *debian-template
variables:
DISABLE_DIRAUTH: "yes"
script:
- ./scripts/ci/ci-driver.sh
#####
# No-relay mode
debian-disable-relay:
image: debian:bullseye
<<: *debian-template
variables:
DISABLE_RELAY: "yes"
script:
- ./scripts/ci/ci-driver.sh
#####
# GPL licensed mode, enables pow module
debian-gpl:
image: debian:buster
<<: *debian-template
variables:
GPL: "yes"
script:
- ./scripts/ci/ci-driver.sh
#####
# NSS check on debian
debian-nss:
image: debian:bullseye
<<: *debian-template
variables:
NSS: "yes"
script:
- ./scripts/ci/ci-driver.sh
#####
# Debian packaging triggers for maintenance branches
debian-packaging-0.4.5:
stage: deploy
trigger:
project: tpo/core/debian/tor
branch: debian-0.4.5
rules:
- if: $CI_PROJECT_NAMESPACE == "tpo/core" &&
$CI_COMMIT_BRANCH == "maint-0.4.5"
debian-packaging-0.4.6:
stage: deploy
trigger:
project: tpo/core/debian/tor
branch: debian-0.4.6
rules:
- if: $CI_PROJECT_NAMESPACE == "tpo/core" &&
$CI_COMMIT_BRANCH == "maint-0.4.6"
#####
# Run tests written in Rust, and run clippy on all Rust code here.
rust-latest:
image: rust:latest
<<: *debian-template
script:
- apt-get install llvm-dev libclang-dev clang
- rustup show
- cargo build --locked --verbose
- cargo test --verbose
- rustup component add clippy
- rustup show
- cargo clippy --all-features --all-targets -- -D warnings
after_script:
- cargo clean
Reference in New Issue View Git Blame Copy Permalink