diff options
Diffstat (limited to '.gitlab-ci.yml')
-rw-r--r-- | .gitlab-ci.yml | 645 |
1 files changed, 645 insertions, 0 deletions
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml new file mode 100644 index 0000000..ae4ac0b --- /dev/null +++ b/.gitlab-ci.yml @@ -0,0 +1,645 @@ +image: $CI_REGISTRY/knot/knot-resolver/ci/debian-stable:knot-2.7 + +variables: + DEBIAN_FRONTEND: noninteractive + LC_ALL: C.UTF-8 + GIT_SUBMODULE_STRATEGY: recursive + GIT_STRATEGY: clone # sometimes unclean submodule dirs otherwise + PREFIX: $CI_PROJECT_DIR/.local + LD_LIBRARY_PATH: $CI_PROJECT_DIR/.local/lib + RESPDIFF_PRIORITY: 5 + RESPDIFF_COUNT: 1 + RESPDIFF_FORCE: 0 + RESPERF_FORCE: 0 + +stages: + - build + - test + - coverage + - extended + - deploy + +.build: &build + variables: + CFLAGS: -ggdb + stage: build + except: + - master + script: + - rm daemon/lua/kres-gen.lua + - make -k all + - STATUS="$(git status --untracked-files=normal --porcelain)" + - test -n "${STATUS}" && echo "${STATUS}" && echo "Build + install made working tree dirty, did you forget to update something?" && exit 2 + - make install + artifacts: + untracked: true + tags: + - docker + - linux + - amd64 + +build:linux:amd64: + <<: *build + + +build:asan:linux:amd64: + <<: *build + variables: + CFLAGS: -ggdb3 -O0 -fsanitize=address -fno-omit-frame-pointer + +lint:pedantic: + stage: test # could be in build already, but let's not block the test stage if this fails + dependencies: [] # do not download build artifacts + except: + - master + image: $CI_REGISTRY/knot/knot-resolver/ci/debian-unstable:knot-2.7 # newer Debian for newer compilers + variables: + CFLAGS: -Werror -Wall -Wpedantic -ggdb -std=gnu11 + script: + - make -k all + - make clean + - make -k all CC=clang CXX=clang++ \ + CFLAGS="$CFLAGS -Wno-newline-eof -Wno-gnu-zero-variadic-macro-arguments -Wno-gnu-folding-constant" + tags: + - docker + - linux + - amd64 + +srpm: + stage: build + except: + - master + allow_failure: true # don't block testing pipeline in case of failure + image: $CI_REGISTRY/knot/knot-resolver/ci/fedora + script: + - scripts/make-srpm.sh + artifacts: + when: always + expire_in: '1 week' + paths: + - "*.src.rpm" + tags: + - docker + - linux + - amd64 + +lint:lua: + stage: test + except: + - master + dependencies: [] # do not download build artifacts + script: + - make lint-lua + tags: + - docker + +lint:c: + stage: test + except: + - master + image: $CI_REGISTRY/knot/knot-resolver/ci/debian-unstable:knot-2.7 # newer Debian for newer Clang + dependencies: [] # do not download build artifacts + script: + - make lint-c CLANG_TIDY="clang-tidy -quiet" + tags: + - docker + +lint:clang-scan-build: + stage: test + except: + - master + image: $CI_REGISTRY/knot/knot-resolver/ci/debian-unstable:knot-2.7 # newer Debian for newer Clang + dependencies: [] # do not download build artifacts + script: + - MAKEFLAGS="-k -j$(nproc)" SCAN_BUILD="scan-build -o scan-results --status-bugs -no-failure-reports" ./tests/clang_scan_build.sh make || true + - test "$(ls scan-results/*/report-*.html | wc -l)" = 6 # we have this many errors ATM :-) + artifacts: + when: on_failure + expire_in: '1 day' + paths: + - scan-results + tags: + - docker + +test:linux:amd64: + stage: test + except: + - master + script: + # recompile everything otherwise lcov will bark because Git files will be "newer" than gcda files + # this is caused by interaction between Git approach to timestamps and Gitlab artifacts + - git clean -xdf + - make + - MAKEFLAGS="--jobs $(nproc)" make -k check + - MAKEFLAGS="--jobs $(nproc)" test "${COVERAGE:-0}" -eq 1 && make coverage-c COVERAGE_STAGE=gcov-check || echo "code coverage skipped" + dependencies: [] + artifacts: + expire_in: 1 hour + paths: + - ./*.info + tags: + - docker + - linux + - amd64 + + +docker:build: + stage: test + image: docker:latest + except: + - master + tags: + - dind + dependencies: [] + variables: + DOCKER_IMAGE_NAME: knot-resolver-test:${CI_COMMIT_SHA} + script: + - docker build --no-cache -t ${DOCKER_IMAGE_NAME} . + - echo "quit()" | docker run -i ${DOCKER_IMAGE_NAME} + after_script: # remove dangling images to avoid running out of disk space + - docker rmi ${DOCKER_IMAGE_NAME} + - docker rmi $(docker images -f "dangling=true" -q) + + +installcheck:linux:amd64: + stage: test + except: + - master + script: + # recompile everything otherwise lcov will bark because Git files will be "newer" than gcda files + # this is caused by interaction between Git approach to timestamps and Gitlab artifacts + - git clean -xdf + - make install + - MAKEFLAGS="--jobs $(nproc) --keep-going" make -k installcheck + - MAKEFLAGS="--jobs $(nproc)" test "${COVERAGE:-0}" -eq 1 && make coverage-c coverage-lua COVERAGE_STAGE=gcov-installcheck || echo "code coverage skipped" + dependencies: [] + artifacts: + expire_in: 1 hour + paths: + - ./*.info + tags: + - docker + - linux + - amd64 + +doc: + stage: test + except: + - master + script: + - SPHINXFLAGS="-W" make doc + dependencies: [] + artifacts: + expire_in: 1 hour + paths: + - ./doc/* + tags: + - docker + +deckard:linux:amd64: + stage: test + except: + refs: + - master + variables: + # prevent unstable test from cancelling nightly OBS build + - $SKIP_DECKARD == "1" + variables: + TMPDIR: $CI_PROJECT_DIR + script: + - DECKARDFLAGS="-n $(nproc)" PATH="$PREFIX/sbin:$PATH" make check-integration + # these errors are side-effect of Git way of handling file timestamps + - MAKEFLAGS="--jobs $(nproc)" test "${COVERAGE:-0}" -eq 1 && make coverage-c coverage-lua COVERAGE_STAGE=gcov-deckard 2>&1 | grep -vE '(source file is newer than notes file)|(the message is displayed only once per source file)' || echo "code coverage skipped" + dependencies: + - build:linux:amd64 + artifacts: + when: always + paths: + - ./*.info + - tmpdeckard* + expire_in: 1 week + tags: + - docker + - linux + - amd64 + +installcheck:valgrind:linux:amd64: + stage: test + except: + - master + script: + - DEBUGGER="valgrind --leak-check=full --trace-children=yes --quiet --suppressions=/lj.supp" make -k installcheck + dependencies: + - build:linux:amd64 + tags: + - docker + - linux + - amd64 + +osx:build: + stage: test + except: + - master + script: + - ci/travis.py ${CI_COMMIT_REF_NAME} + dependencies: [] + tags: + - docker + + +# temporarily disabled - we need to fix issues first +#deckard:linux:amd64:valgrind: +# stage: test +# script: +# # TODO: valgrind missing parameter --error-exitcode=1 to fail make on error +# - cd tests/deckard && DAEMON=valgrind ADDITIONAL="--leak-check=full --trace-children=yes --quiet --suppressions=/lj.supp $PREFIX/sbin/kresd -f 1" MAKEFLAGS="-j $(nproc) --keep-going" make +# artifacts: +# when: on_failure +# expire_in: 1 week +# paths: +# - tmpdeckard* +# dependencies: +# - build:linux:amd64 +# tags: +# - docker +# - linux +# - amd64 + + +test:linux:amd64:valgrind: + stage: test + except: + - master + variables: + TMPDIR: $CI_PROJECT_DIR + script: + - DEBUGGER="valgrind --error-exitcode=1 --leak-check=full --trace-children=yes --quiet --suppressions=/lj.supp" make -k check + dependencies: + - build:linux:amd64 + tags: + - docker + - linux + - amd64 + +pytests:lint: + stage: test + dependencies: [] + except: + - master + script: + - ./ci/pytests/lint.sh + tags: + - docker + - linux + - amd64 + +pytests:run: + stage: test + dependencies: + - build:asan:linux:amd64 + except: + - master + script: + - pushd tests/pytests/rehandshake + - make all + - popd + - PATH="$PREFIX/sbin:$PATH" ./ci/pytests/run.sh &> pytests.log.txt + after_script: + - tail -1 pytests.log.txt + - echo "See pytests.html or pytests.log.txt for full report." + artifacts: + when: always + expire_in: 1 week + paths: + - pytest* + tags: + - docker + - linux + - amd64 + +pytests:extended: + stage: extended + dependencies: + - build:asan:linux:amd64 + except: + - master + script: + - PATH="$PREFIX/sbin:$PATH" ./ci/pytests/run-extended.sh + tags: + - docker + - linux + - amd64 + + +.respdiff: &respdiff + stage: extended + dependencies: [] + only: # trigger job only in repos under our control + - branches@knot/knot-resolver + - branches@knot/knot-resolver-security + except: + - master + script: + - git diff-index --name-only origin/master | grep -qEv '^(AUTHORS|ci/|config.mk|COPYING|distro/|doc/|etc/|NEWS|README.md|scripts/|tests/|\.gitignore|\.gitlab-ci\.yml|\.travis\.yml)' || test $RESPDIFF_FORCE -gt 0 || exit 0 + - export LABEL=gl$(date +%s) + - export COMMITDIR="/var/tmp/respdiff-jobs/$(git rev-parse --short HEAD)-$LABEL" + - export TESTDIR="$COMMITDIR/$RESPDIFF_TEST" + - ln -s $COMMITDIR respdiff_commitdir + - > + sudo -u respdiff /var/opt/respdiff/contrib/job_manager/submit.py -w + -p $RESPDIFF_PRIORITY + -c $RESPDIFF_COUNT + $(sudo -u respdiff /var/opt/respdiff/contrib/job_manager/create.py + "$(git rev-parse --short HEAD)" -l $LABEL -t $RESPDIFF_TEST + --respdiff-stats /var/tmp/respdiff-jobs/ref_current/*_${RESPDIFF_TEST}_stats.json) + - for f in $TESTDIR/*.json; do test -s "$f" || (cat $TESTDIR/*stderr*; exit 1); done + - sudo -u respdiff /var/opt/respdiff/contrib/job_manager/plot_ref.sh $TESTDIR/.. /var/tmp/respdiff-jobs/ref_current $RESPDIFF_TEST + after_script: + - 'cp -t . respdiff_commitdir/$RESPDIFF_TEST/j* ||:' + - 'cp -t . respdiff_commitdir/*$RESPDIFF_TEST*.png ||:' + artifacts: + when: always + expire_in: 1 week + paths: + - ./j* + - ./*.png + tags: + - respdiff + +respdiff:fwd-tls6-kresd.udp6: + <<: *respdiff + variables: + RESPDIFF_TEST: shortlist.fwd-tls6-kresd.udp6.j256 + +respdiff:fwd-udp6-kresd.udp6: + <<: *respdiff + variables: + RESPDIFF_TEST: shortlist.fwd-udp6-kresd.udp6.j384 + +respdiff:iter.udp6: + <<: *respdiff + variables: + RESPDIFF_TEST: shortlist.iter.udp6.j384 + +respdiff:iter.tls6: + <<: *respdiff + variables: + RESPDIFF_TEST: shortlist.iter.tls6.j384 + +respdiff:fwd-udp6-unbound.udp6: + <<: *respdiff + variables: + RESPDIFF_TEST: shortlist.fwd-udp6-unbound.udp6.j256 + +respdiff:fwd-udp6-unbound.tcp6: + <<: *respdiff + variables: + RESPDIFF_TEST: shortlist.fwd-udp6-unbound.tcp6.j256 + +respdiff:fwd-udp6-unbound.tls6: + <<: *respdiff + variables: + RESPDIFF_TEST: shortlist.fwd-udp6-unbound.tls6.j256 + + +respdiff:iter:udp:linux:amd64: + stage: test + except: + - master + script: + - source <(./scripts/coverage_env.sh "$(pwd)" "$(pwd)/coverage.stats/respdiff" "iter/udp" --export) + - ulimit -n "$(ulimit -Hn)" # applies only for kresd ATM + - ./ci/respdiff/start-resolvers.sh + - ./ci/respdiff/run-respdiff-tests.sh udp + - cat results/respdiff.txt + - echo 'test if mismatch rate < 1.0 %' + - grep -q '^target disagrees.*0\.[0-9][0-9] %' results/respdiff.txt + - killall --wait kresd + - MAKEFLAGS="--jobs $(nproc)" test "${COVERAGE:-0}" -eq 1 && make coverage-c coverage-lua COVERAGE_STAGE=gcov-respdiff-iter-udp | grep -vE '(source file is newer than notes file)|(the message is displayed only once per source file)' || echo "code coverage skipped" + dependencies: + - build:asan:linux:amd64 + artifacts: + when: always + expire_in: '1 week' + paths: + - kresd.log.xz + - results/*.txt + - results/*.png + - results/respdiff.db/data.mdb.xz + - ./*.info + tags: + - docker + - linux + - amd64 + + +.resperf: &resperf + stage: extended + dependencies: [] + only: # trigger job only in repos under our control + - branches@knot/knot-resolver + - branches@knot/knot-resolver-security + except: + - master + script: + - git diff-index --name-only origin/master | grep -qEv '^(AUTHORS|ci/|config.mk|COPYING|distro/|doc/|etc/|NEWS|README.md|scripts/|tests/|\.gitignore|\.gitlab-ci\.yml|\.travis\.yml)' || test $RESPERF_FORCE -gt 0 || exit 0 + - export LABEL=gl$(date +%s) + - export COMMITDIR="/var/tmp/respdiff-jobs/$(git rev-parse --short HEAD)-$LABEL" + - export TESTDIR="$COMMITDIR/$RESPERF_TEST" + - ln -s $COMMITDIR resperf_commitdir + - > + sudo -u respdiff /var/opt/respdiff/contrib/job_manager/submit.py -w + $(sudo -u respdiff /var/opt/respdiff/contrib/job_manager/create.py + "$(git rev-parse --short HEAD)" -l $LABEL --asan -t $RESPERF_TEST) + - export EXITCODE=$(cat $TESTDIR/j*_exitcode) + - if [[ "$EXITCODE" == "0" ]]; then cat $TESTDIR/j*_resperf.txt; else cat $TESTDIR/j*_kresd.docker.txt; fi + - exit $EXITCODE + after_script: + - 'cp -t . resperf_commitdir/$RESPERF_TEST/j* ||:' + artifacts: + when: always + expire_in: 1 week + paths: + - ./j* + tags: + - respdiff + +resperf:fwd-tls6.udp-asan: + <<: *resperf + variables: + RESPERF_TEST: resperf.fwd-tls6.udp + +resperf:fwd-udp6.udp-asan: + <<: *resperf + variables: + RESPERF_TEST: resperf.fwd-udp6.udp + +resperf:iter.udp-asan: + <<: *resperf + variables: + RESPERF_TEST: resperf.iter.udp + + +distro:fedora-29: + stage: test + except: + - master + image: $CI_REGISTRY/knot/knot-resolver/ci/fedora + only: # trigger job only in repos under our control + - branches@knot/knot-resolver + - branches@knot/knot-resolver-security + dependencies: + - srpm + script: + - mock --no-clean --old-chroot -r fedora-29-x86_64 --rebuild *.src.rpm || (cat /var/lib/mock/fedora-29-x86_64/result/build.log; false) + after_script: + - mv /var/lib/mock/fedora-29-x86_64/result fedora-29-x86_64 + artifacts: + when: always + expire_in: '1 week' + paths: + - fedora-29-x86_64/ + tags: + - privileged # mock requires additional capabilities (e.g. mount) + +distro:epel-7: + stage: test + except: + - master + image: $CI_REGISTRY/knot/knot-resolver/ci/fedora + only: # trigger job only in repos under our control + - branches@knot/knot-resolver + - branches@knot/knot-resolver-security + dependencies: + - srpm + script: + - mock --no-clean --dnf --old-chroot -r epel-7-x86_64 --rebuild *.src.rpm || (cat /var/lib/mock/epel-7-x86_64/result/build.log; false) + after_script: + - mv /var/lib/mock/epel-7-x86_64/result epel-7-x86_64 + artifacts: + when: always + expire_in: '1 week' + paths: + - epel-7-x86_64/ + tags: + - privileged # mock require additional capabilities (e.g. mount) + +# compute coverage for runs with COVERAGE=1 +coverage: + stage: coverage + except: + - master + - branches@knot/knot-resolver-security + only: + variables: + - $COVERAGE == "1" + script: + - make coverage + artifacts: + expire_in: '1 week' + paths: + - coverage + coverage: '/lines\.+:\s(\d+.\d+\%)/' + dependencies: + - build:linux:amd64 + - test:linux:amd64 + - installcheck:linux:amd64 + - deckard:linux:amd64 + - respdiff:iter:udp:linux:amd64 + tags: + - docker + - linux + - amd64 + +# publish coverage only for master branch +pages: + stage: deploy + only: + refs: + - nightly@knot/knot-resolver + variables: + - $COVERAGE == "1" + dependencies: + - coverage + script: + - mv coverage/ public/ + artifacts: + expire_in: '30 days' + paths: + - public + +# trigger obs build for master branch +obs:devel: + stage: deploy + only: + variables: + - $OBS_BUILD == "1" + refs: + - nightly@knot/knot-resolver + dependencies: [] + script: + - scripts/make-archive.sh + - scripts/make-distrofiles.sh + - echo -e "[general]\napiurl = https://api.opensuse.org\n\n[https://api.opensuse.org]\nuser = CZ-NIC-automation\npass = $OBS_PASSWORD" > /root/.oscrc + - scripts/build-in-obs.sh knot-dns-devel # build against latest development version of knot + - scripts/build-in-obs.sh knot-resolver-devel # build against knot in knot-resolver-latest + +pkg:debian:symbols:libkres: + variables: + LIB_NAME: libkres + LIB_ABI: 9 + stage: deploy + only: + variables: + - $OBS_BUILD == "1" + refs: + - nightly@knot/knot-resolver + except: + - master + script: + - ln -s distro/deb debian + - sed -i "s/__VERSION__/99/g" distro/deb/changelog + - dpkg-gensymbols -c4 -elib/$LIB_NAME.so.$LIB_ABI -P. -p$LIB_NAME$LIB_ABI + allow_failure: true + dependencies: + - build:linux:amd64 + + +# copy snapshot of current master to nightly branch for further processing +# (this is workaround for missing complex conditions for job limits in Gitlab) +nightly:copy: + stage: deploy + only: + variables: + - $CREATE_NIGHTLY == "1" + refs: + - master@knot/knot-resolver + dependencies: [] + script: + # delete nightly branch + - 'curl --request PUT --header "PRIVATE-TOKEN: $GITLAB_API_TOKEN" "https://gitlab.labs.nic.cz/api/v4/projects/147/repository/branches/nightly/unprotect"' + - 'curl --request DELETE --header "PRIVATE-TOKEN: $GITLAB_API_TOKEN" "https://gitlab.labs.nic.cz/api/v4/projects/147/repository/branches/nightly"' + # recreate nightly branch from current master + - 'curl --request POST --header "PRIVATE-TOKEN: $GITLAB_API_TOKEN" "https://gitlab.labs.nic.cz/api/v4/projects/147/repository/branches?branch=nightly&ref=master"' + - 'curl --request PUT --header "PRIVATE-TOKEN: $GITLAB_API_TOKEN" "https://gitlab.labs.nic.cz/api/v4/projects/147/repository/branches/nightly/protect"' + + +#arm_build: +# image: cznic/armhf-ubuntu:16.04 +# stage: build +# script: +# - make -k all +# tags: +# - docker +# - linux +# - arm + +#arm_test: +# image: armv7/armhf-ubuntu:16.04 +# stage: test +# script: +# - make -k check +# tags: +# - docker +# - linux +# - arm |