summaryrefslogtreecommitdiffstats
path: root/.gitlab-ci.yml
diff options
context:
space:
mode:
Diffstat (limited to '.gitlab-ci.yml')
-rw-r--r--.gitlab-ci.yml645
1 files changed, 645 insertions, 0 deletions
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
new file mode 100644
index 0000000..ae4ac0b
--- /dev/null
+++ b/.gitlab-ci.yml
@@ -0,0 +1,645 @@
+image: $CI_REGISTRY/knot/knot-resolver/ci/debian-stable:knot-2.7
+
+variables:
+ DEBIAN_FRONTEND: noninteractive
+ LC_ALL: C.UTF-8
+ GIT_SUBMODULE_STRATEGY: recursive
+ GIT_STRATEGY: clone # sometimes unclean submodule dirs otherwise
+ PREFIX: $CI_PROJECT_DIR/.local
+ LD_LIBRARY_PATH: $CI_PROJECT_DIR/.local/lib
+ RESPDIFF_PRIORITY: 5
+ RESPDIFF_COUNT: 1
+ RESPDIFF_FORCE: 0
+ RESPERF_FORCE: 0
+
+stages:
+ - build
+ - test
+ - coverage
+ - extended
+ - deploy
+
+.build: &build
+ variables:
+ CFLAGS: -ggdb
+ stage: build
+ except:
+ - master
+ script:
+ - rm daemon/lua/kres-gen.lua
+ - make -k all
+ - STATUS="$(git status --untracked-files=normal --porcelain)"
+ - test -n "${STATUS}" && echo "${STATUS}" && echo "Build + install made working tree dirty, did you forget to update something?" && exit 2
+ - make install
+ artifacts:
+ untracked: true
+ tags:
+ - docker
+ - linux
+ - amd64
+
+build:linux:amd64:
+ <<: *build
+
+
+build:asan:linux:amd64:
+ <<: *build
+ variables:
+ CFLAGS: -ggdb3 -O0 -fsanitize=address -fno-omit-frame-pointer
+
+lint:pedantic:
+ stage: test # could be in build already, but let's not block the test stage if this fails
+ dependencies: [] # do not download build artifacts
+ except:
+ - master
+ image: $CI_REGISTRY/knot/knot-resolver/ci/debian-unstable:knot-2.7 # newer Debian for newer compilers
+ variables:
+ CFLAGS: -Werror -Wall -Wpedantic -ggdb -std=gnu11
+ script:
+ - make -k all
+ - make clean
+ - make -k all CC=clang CXX=clang++ \
+ CFLAGS="$CFLAGS -Wno-newline-eof -Wno-gnu-zero-variadic-macro-arguments -Wno-gnu-folding-constant"
+ tags:
+ - docker
+ - linux
+ - amd64
+
+srpm:
+ stage: build
+ except:
+ - master
+ allow_failure: true # don't block testing pipeline in case of failure
+ image: $CI_REGISTRY/knot/knot-resolver/ci/fedora
+ script:
+ - scripts/make-srpm.sh
+ artifacts:
+ when: always
+ expire_in: '1 week'
+ paths:
+ - "*.src.rpm"
+ tags:
+ - docker
+ - linux
+ - amd64
+
+lint:lua:
+ stage: test
+ except:
+ - master
+ dependencies: [] # do not download build artifacts
+ script:
+ - make lint-lua
+ tags:
+ - docker
+
+lint:c:
+ stage: test
+ except:
+ - master
+ image: $CI_REGISTRY/knot/knot-resolver/ci/debian-unstable:knot-2.7 # newer Debian for newer Clang
+ dependencies: [] # do not download build artifacts
+ script:
+ - make lint-c CLANG_TIDY="clang-tidy -quiet"
+ tags:
+ - docker
+
+lint:clang-scan-build:
+ stage: test
+ except:
+ - master
+ image: $CI_REGISTRY/knot/knot-resolver/ci/debian-unstable:knot-2.7 # newer Debian for newer Clang
+ dependencies: [] # do not download build artifacts
+ script:
+ - MAKEFLAGS="-k -j$(nproc)" SCAN_BUILD="scan-build -o scan-results --status-bugs -no-failure-reports" ./tests/clang_scan_build.sh make || true
+ - test "$(ls scan-results/*/report-*.html | wc -l)" = 6 # we have this many errors ATM :-)
+ artifacts:
+ when: on_failure
+ expire_in: '1 day'
+ paths:
+ - scan-results
+ tags:
+ - docker
+
+test:linux:amd64:
+ stage: test
+ except:
+ - master
+ script:
+ # recompile everything otherwise lcov will bark because Git files will be "newer" than gcda files
+ # this is caused by interaction between Git approach to timestamps and Gitlab artifacts
+ - git clean -xdf
+ - make
+ - MAKEFLAGS="--jobs $(nproc)" make -k check
+ - MAKEFLAGS="--jobs $(nproc)" test "${COVERAGE:-0}" -eq 1 && make coverage-c COVERAGE_STAGE=gcov-check || echo "code coverage skipped"
+ dependencies: []
+ artifacts:
+ expire_in: 1 hour
+ paths:
+ - ./*.info
+ tags:
+ - docker
+ - linux
+ - amd64
+
+
+docker:build:
+ stage: test
+ image: docker:latest
+ except:
+ - master
+ tags:
+ - dind
+ dependencies: []
+ variables:
+ DOCKER_IMAGE_NAME: knot-resolver-test:${CI_COMMIT_SHA}
+ script:
+ - docker build --no-cache -t ${DOCKER_IMAGE_NAME} .
+ - echo "quit()" | docker run -i ${DOCKER_IMAGE_NAME}
+ after_script: # remove dangling images to avoid running out of disk space
+ - docker rmi ${DOCKER_IMAGE_NAME}
+ - docker rmi $(docker images -f "dangling=true" -q)
+
+
+installcheck:linux:amd64:
+ stage: test
+ except:
+ - master
+ script:
+ # recompile everything otherwise lcov will bark because Git files will be "newer" than gcda files
+ # this is caused by interaction between Git approach to timestamps and Gitlab artifacts
+ - git clean -xdf
+ - make install
+ - MAKEFLAGS="--jobs $(nproc) --keep-going" make -k installcheck
+ - MAKEFLAGS="--jobs $(nproc)" test "${COVERAGE:-0}" -eq 1 && make coverage-c coverage-lua COVERAGE_STAGE=gcov-installcheck || echo "code coverage skipped"
+ dependencies: []
+ artifacts:
+ expire_in: 1 hour
+ paths:
+ - ./*.info
+ tags:
+ - docker
+ - linux
+ - amd64
+
+doc:
+ stage: test
+ except:
+ - master
+ script:
+ - SPHINXFLAGS="-W" make doc
+ dependencies: []
+ artifacts:
+ expire_in: 1 hour
+ paths:
+ - ./doc/*
+ tags:
+ - docker
+
+deckard:linux:amd64:
+ stage: test
+ except:
+ refs:
+ - master
+ variables:
+ # prevent unstable test from cancelling nightly OBS build
+ - $SKIP_DECKARD == "1"
+ variables:
+ TMPDIR: $CI_PROJECT_DIR
+ script:
+ - DECKARDFLAGS="-n $(nproc)" PATH="$PREFIX/sbin:$PATH" make check-integration
+ # these errors are side-effect of Git way of handling file timestamps
+ - MAKEFLAGS="--jobs $(nproc)" test "${COVERAGE:-0}" -eq 1 && make coverage-c coverage-lua COVERAGE_STAGE=gcov-deckard 2>&1 | grep -vE '(source file is newer than notes file)|(the message is displayed only once per source file)' || echo "code coverage skipped"
+ dependencies:
+ - build:linux:amd64
+ artifacts:
+ when: always
+ paths:
+ - ./*.info
+ - tmpdeckard*
+ expire_in: 1 week
+ tags:
+ - docker
+ - linux
+ - amd64
+
+installcheck:valgrind:linux:amd64:
+ stage: test
+ except:
+ - master
+ script:
+ - DEBUGGER="valgrind --leak-check=full --trace-children=yes --quiet --suppressions=/lj.supp" make -k installcheck
+ dependencies:
+ - build:linux:amd64
+ tags:
+ - docker
+ - linux
+ - amd64
+
+osx:build:
+ stage: test
+ except:
+ - master
+ script:
+ - ci/travis.py ${CI_COMMIT_REF_NAME}
+ dependencies: []
+ tags:
+ - docker
+
+
+# temporarily disabled - we need to fix issues first
+#deckard:linux:amd64:valgrind:
+# stage: test
+# script:
+# # TODO: valgrind missing parameter --error-exitcode=1 to fail make on error
+# - cd tests/deckard && DAEMON=valgrind ADDITIONAL="--leak-check=full --trace-children=yes --quiet --suppressions=/lj.supp $PREFIX/sbin/kresd -f 1" MAKEFLAGS="-j $(nproc) --keep-going" make
+# artifacts:
+# when: on_failure
+# expire_in: 1 week
+# paths:
+# - tmpdeckard*
+# dependencies:
+# - build:linux:amd64
+# tags:
+# - docker
+# - linux
+# - amd64
+
+
+test:linux:amd64:valgrind:
+ stage: test
+ except:
+ - master
+ variables:
+ TMPDIR: $CI_PROJECT_DIR
+ script:
+ - DEBUGGER="valgrind --error-exitcode=1 --leak-check=full --trace-children=yes --quiet --suppressions=/lj.supp" make -k check
+ dependencies:
+ - build:linux:amd64
+ tags:
+ - docker
+ - linux
+ - amd64
+
+pytests:lint:
+ stage: test
+ dependencies: []
+ except:
+ - master
+ script:
+ - ./ci/pytests/lint.sh
+ tags:
+ - docker
+ - linux
+ - amd64
+
+pytests:run:
+ stage: test
+ dependencies:
+ - build:asan:linux:amd64
+ except:
+ - master
+ script:
+ - pushd tests/pytests/rehandshake
+ - make all
+ - popd
+ - PATH="$PREFIX/sbin:$PATH" ./ci/pytests/run.sh &> pytests.log.txt
+ after_script:
+ - tail -1 pytests.log.txt
+ - echo "See pytests.html or pytests.log.txt for full report."
+ artifacts:
+ when: always
+ expire_in: 1 week
+ paths:
+ - pytest*
+ tags:
+ - docker
+ - linux
+ - amd64
+
+pytests:extended:
+ stage: extended
+ dependencies:
+ - build:asan:linux:amd64
+ except:
+ - master
+ script:
+ - PATH="$PREFIX/sbin:$PATH" ./ci/pytests/run-extended.sh
+ tags:
+ - docker
+ - linux
+ - amd64
+
+
+.respdiff: &respdiff
+ stage: extended
+ dependencies: []
+ only: # trigger job only in repos under our control
+ - branches@knot/knot-resolver
+ - branches@knot/knot-resolver-security
+ except:
+ - master
+ script:
+ - git diff-index --name-only origin/master | grep -qEv '^(AUTHORS|ci/|config.mk|COPYING|distro/|doc/|etc/|NEWS|README.md|scripts/|tests/|\.gitignore|\.gitlab-ci\.yml|\.travis\.yml)' || test $RESPDIFF_FORCE -gt 0 || exit 0
+ - export LABEL=gl$(date +%s)
+ - export COMMITDIR="/var/tmp/respdiff-jobs/$(git rev-parse --short HEAD)-$LABEL"
+ - export TESTDIR="$COMMITDIR/$RESPDIFF_TEST"
+ - ln -s $COMMITDIR respdiff_commitdir
+ - >
+ sudo -u respdiff /var/opt/respdiff/contrib/job_manager/submit.py -w
+ -p $RESPDIFF_PRIORITY
+ -c $RESPDIFF_COUNT
+ $(sudo -u respdiff /var/opt/respdiff/contrib/job_manager/create.py
+ "$(git rev-parse --short HEAD)" -l $LABEL -t $RESPDIFF_TEST
+ --respdiff-stats /var/tmp/respdiff-jobs/ref_current/*_${RESPDIFF_TEST}_stats.json)
+ - for f in $TESTDIR/*.json; do test -s "$f" || (cat $TESTDIR/*stderr*; exit 1); done
+ - sudo -u respdiff /var/opt/respdiff/contrib/job_manager/plot_ref.sh $TESTDIR/.. /var/tmp/respdiff-jobs/ref_current $RESPDIFF_TEST
+ after_script:
+ - 'cp -t . respdiff_commitdir/$RESPDIFF_TEST/j* ||:'
+ - 'cp -t . respdiff_commitdir/*$RESPDIFF_TEST*.png ||:'
+ artifacts:
+ when: always
+ expire_in: 1 week
+ paths:
+ - ./j*
+ - ./*.png
+ tags:
+ - respdiff
+
+respdiff:fwd-tls6-kresd.udp6:
+ <<: *respdiff
+ variables:
+ RESPDIFF_TEST: shortlist.fwd-tls6-kresd.udp6.j256
+
+respdiff:fwd-udp6-kresd.udp6:
+ <<: *respdiff
+ variables:
+ RESPDIFF_TEST: shortlist.fwd-udp6-kresd.udp6.j384
+
+respdiff:iter.udp6:
+ <<: *respdiff
+ variables:
+ RESPDIFF_TEST: shortlist.iter.udp6.j384
+
+respdiff:iter.tls6:
+ <<: *respdiff
+ variables:
+ RESPDIFF_TEST: shortlist.iter.tls6.j384
+
+respdiff:fwd-udp6-unbound.udp6:
+ <<: *respdiff
+ variables:
+ RESPDIFF_TEST: shortlist.fwd-udp6-unbound.udp6.j256
+
+respdiff:fwd-udp6-unbound.tcp6:
+ <<: *respdiff
+ variables:
+ RESPDIFF_TEST: shortlist.fwd-udp6-unbound.tcp6.j256
+
+respdiff:fwd-udp6-unbound.tls6:
+ <<: *respdiff
+ variables:
+ RESPDIFF_TEST: shortlist.fwd-udp6-unbound.tls6.j256
+
+
+respdiff:iter:udp:linux:amd64:
+ stage: test
+ except:
+ - master
+ script:
+ - source <(./scripts/coverage_env.sh "$(pwd)" "$(pwd)/coverage.stats/respdiff" "iter/udp" --export)
+ - ulimit -n "$(ulimit -Hn)" # applies only for kresd ATM
+ - ./ci/respdiff/start-resolvers.sh
+ - ./ci/respdiff/run-respdiff-tests.sh udp
+ - cat results/respdiff.txt
+ - echo 'test if mismatch rate < 1.0 %'
+ - grep -q '^target disagrees.*0\.[0-9][0-9] %' results/respdiff.txt
+ - killall --wait kresd
+ - MAKEFLAGS="--jobs $(nproc)" test "${COVERAGE:-0}" -eq 1 && make coverage-c coverage-lua COVERAGE_STAGE=gcov-respdiff-iter-udp | grep -vE '(source file is newer than notes file)|(the message is displayed only once per source file)' || echo "code coverage skipped"
+ dependencies:
+ - build:asan:linux:amd64
+ artifacts:
+ when: always
+ expire_in: '1 week'
+ paths:
+ - kresd.log.xz
+ - results/*.txt
+ - results/*.png
+ - results/respdiff.db/data.mdb.xz
+ - ./*.info
+ tags:
+ - docker
+ - linux
+ - amd64
+
+
+.resperf: &resperf
+ stage: extended
+ dependencies: []
+ only: # trigger job only in repos under our control
+ - branches@knot/knot-resolver
+ - branches@knot/knot-resolver-security
+ except:
+ - master
+ script:
+ - git diff-index --name-only origin/master | grep -qEv '^(AUTHORS|ci/|config.mk|COPYING|distro/|doc/|etc/|NEWS|README.md|scripts/|tests/|\.gitignore|\.gitlab-ci\.yml|\.travis\.yml)' || test $RESPERF_FORCE -gt 0 || exit 0
+ - export LABEL=gl$(date +%s)
+ - export COMMITDIR="/var/tmp/respdiff-jobs/$(git rev-parse --short HEAD)-$LABEL"
+ - export TESTDIR="$COMMITDIR/$RESPERF_TEST"
+ - ln -s $COMMITDIR resperf_commitdir
+ - >
+ sudo -u respdiff /var/opt/respdiff/contrib/job_manager/submit.py -w
+ $(sudo -u respdiff /var/opt/respdiff/contrib/job_manager/create.py
+ "$(git rev-parse --short HEAD)" -l $LABEL --asan -t $RESPERF_TEST)
+ - export EXITCODE=$(cat $TESTDIR/j*_exitcode)
+ - if [[ "$EXITCODE" == "0" ]]; then cat $TESTDIR/j*_resperf.txt; else cat $TESTDIR/j*_kresd.docker.txt; fi
+ - exit $EXITCODE
+ after_script:
+ - 'cp -t . resperf_commitdir/$RESPERF_TEST/j* ||:'
+ artifacts:
+ when: always
+ expire_in: 1 week
+ paths:
+ - ./j*
+ tags:
+ - respdiff
+
+resperf:fwd-tls6.udp-asan:
+ <<: *resperf
+ variables:
+ RESPERF_TEST: resperf.fwd-tls6.udp
+
+resperf:fwd-udp6.udp-asan:
+ <<: *resperf
+ variables:
+ RESPERF_TEST: resperf.fwd-udp6.udp
+
+resperf:iter.udp-asan:
+ <<: *resperf
+ variables:
+ RESPERF_TEST: resperf.iter.udp
+
+
+distro:fedora-29:
+ stage: test
+ except:
+ - master
+ image: $CI_REGISTRY/knot/knot-resolver/ci/fedora
+ only: # trigger job only in repos under our control
+ - branches@knot/knot-resolver
+ - branches@knot/knot-resolver-security
+ dependencies:
+ - srpm
+ script:
+ - mock --no-clean --old-chroot -r fedora-29-x86_64 --rebuild *.src.rpm || (cat /var/lib/mock/fedora-29-x86_64/result/build.log; false)
+ after_script:
+ - mv /var/lib/mock/fedora-29-x86_64/result fedora-29-x86_64
+ artifacts:
+ when: always
+ expire_in: '1 week'
+ paths:
+ - fedora-29-x86_64/
+ tags:
+ - privileged # mock requires additional capabilities (e.g. mount)
+
+distro:epel-7:
+ stage: test
+ except:
+ - master
+ image: $CI_REGISTRY/knot/knot-resolver/ci/fedora
+ only: # trigger job only in repos under our control
+ - branches@knot/knot-resolver
+ - branches@knot/knot-resolver-security
+ dependencies:
+ - srpm
+ script:
+ - mock --no-clean --dnf --old-chroot -r epel-7-x86_64 --rebuild *.src.rpm || (cat /var/lib/mock/epel-7-x86_64/result/build.log; false)
+ after_script:
+ - mv /var/lib/mock/epel-7-x86_64/result epel-7-x86_64
+ artifacts:
+ when: always
+ expire_in: '1 week'
+ paths:
+ - epel-7-x86_64/
+ tags:
+ - privileged # mock require additional capabilities (e.g. mount)
+
+# compute coverage for runs with COVERAGE=1
+coverage:
+ stage: coverage
+ except:
+ - master
+ - branches@knot/knot-resolver-security
+ only:
+ variables:
+ - $COVERAGE == "1"
+ script:
+ - make coverage
+ artifacts:
+ expire_in: '1 week'
+ paths:
+ - coverage
+ coverage: '/lines\.+:\s(\d+.\d+\%)/'
+ dependencies:
+ - build:linux:amd64
+ - test:linux:amd64
+ - installcheck:linux:amd64
+ - deckard:linux:amd64
+ - respdiff:iter:udp:linux:amd64
+ tags:
+ - docker
+ - linux
+ - amd64
+
+# publish coverage only for master branch
+pages:
+ stage: deploy
+ only:
+ refs:
+ - nightly@knot/knot-resolver
+ variables:
+ - $COVERAGE == "1"
+ dependencies:
+ - coverage
+ script:
+ - mv coverage/ public/
+ artifacts:
+ expire_in: '30 days'
+ paths:
+ - public
+
+# trigger obs build for master branch
+obs:devel:
+ stage: deploy
+ only:
+ variables:
+ - $OBS_BUILD == "1"
+ refs:
+ - nightly@knot/knot-resolver
+ dependencies: []
+ script:
+ - scripts/make-archive.sh
+ - scripts/make-distrofiles.sh
+ - echo -e "[general]\napiurl = https://api.opensuse.org\n\n[https://api.opensuse.org]\nuser = CZ-NIC-automation\npass = $OBS_PASSWORD" > /root/.oscrc
+ - scripts/build-in-obs.sh knot-dns-devel # build against latest development version of knot
+ - scripts/build-in-obs.sh knot-resolver-devel # build against knot in knot-resolver-latest
+
+pkg:debian:symbols:libkres:
+ variables:
+ LIB_NAME: libkres
+ LIB_ABI: 9
+ stage: deploy
+ only:
+ variables:
+ - $OBS_BUILD == "1"
+ refs:
+ - nightly@knot/knot-resolver
+ except:
+ - master
+ script:
+ - ln -s distro/deb debian
+ - sed -i "s/__VERSION__/99/g" distro/deb/changelog
+ - dpkg-gensymbols -c4 -elib/$LIB_NAME.so.$LIB_ABI -P. -p$LIB_NAME$LIB_ABI
+ allow_failure: true
+ dependencies:
+ - build:linux:amd64
+
+
+# copy snapshot of current master to nightly branch for further processing
+# (this is workaround for missing complex conditions for job limits in Gitlab)
+nightly:copy:
+ stage: deploy
+ only:
+ variables:
+ - $CREATE_NIGHTLY == "1"
+ refs:
+ - master@knot/knot-resolver
+ dependencies: []
+ script:
+ # delete nightly branch
+ - 'curl --request PUT --header "PRIVATE-TOKEN: $GITLAB_API_TOKEN" "https://gitlab.labs.nic.cz/api/v4/projects/147/repository/branches/nightly/unprotect"'
+ - 'curl --request DELETE --header "PRIVATE-TOKEN: $GITLAB_API_TOKEN" "https://gitlab.labs.nic.cz/api/v4/projects/147/repository/branches/nightly"'
+ # recreate nightly branch from current master
+ - 'curl --request POST --header "PRIVATE-TOKEN: $GITLAB_API_TOKEN" "https://gitlab.labs.nic.cz/api/v4/projects/147/repository/branches?branch=nightly&ref=master"'
+ - 'curl --request PUT --header "PRIVATE-TOKEN: $GITLAB_API_TOKEN" "https://gitlab.labs.nic.cz/api/v4/projects/147/repository/branches/nightly/protect"'
+
+
+#arm_build:
+# image: cznic/armhf-ubuntu:16.04
+# stage: build
+# script:
+# - make -k all
+# tags:
+# - docker
+# - linux
+# - arm
+
+#arm_test:
+# image: armv7/armhf-ubuntu:16.04
+# stage: test
+# script:
+# - make -k check
+# tags:
+# - docker
+# - linux
+# - arm