diff options
Diffstat (limited to '.gitlab-ci-main.yml')
-rw-r--r-- | .gitlab-ci-main.yml | 649 |
1 files changed, 649 insertions, 0 deletions
diff --git a/.gitlab-ci-main.yml b/.gitlab-ci-main.yml new file mode 100644 index 0000000..ce30e04 --- /dev/null +++ b/.gitlab-ci-main.yml @@ -0,0 +1,649 @@ +# see https://docs.gitlab.com/ce/ci/yaml/README.html for all available options + +# Stages explained +# +# images: Build the images with the bootstrap script +# build_first: Build a few things first to find silly errors (fast job) +# (don't pay for 35 machines until something compiles) +# build: The main parallel job +# (keep these to 1hour as we are billed per hour) +# test_only: Tests using the build from prior stages, these typically +# have an explicit dependency defined to a specific build job, +# which means that start as soon as the build job finished. +# test_private: Like test_only, but running on private runners +# report: Code coverage reporting + +stages: + - images + - build_first + - build + - test_only + - test_private + - report + +variables: + # We want to be resilient to runner failures + ARTIFACT_DOWNLOAD_ATTEMPTS: "3" + EXECUTOR_JOB_SECTION_ATTEMPTS: "3" + GET_SOURCES_ATTEMPTS: "3" + RESTORE_CACHE_ATTEMPTS: "3" + # + GIT_STRATEGY: fetch + GIT_DEPTH: "3" + # + # Use GZip by default, it is fast and is good enough. Other options include --xz + + SAMBA_TESTBASE_TAR_OPTIONS: -z + + # + # we run autobuild.py inside a samba CI docker image located on gitlab's registry + # overwrite this variable if you want use your own image registry. + # + # Or better ask for access to the shared development repository, see + # https://wiki.samba.org/index.php/Samba_CI_on_gitlab#Getting_Access + # + SAMBA_CI_CONTAINER_REGISTRY: registry.gitlab.com/samba-team/devel/samba + # + # Set this to the contents of bootstrap/sha1sum.txt + # which is generated by bootstrap/template.py --render + # + SAMBA_CI_CONTAINER_TAG: b62662cd85b10ca4767b9ead4e9b0482ad98ddb2 + # + # We use the ubuntu1804 image as default as + # it matches what we have on sn-devel-184. + # + SAMBA_CI_CONTAINER_IMAGE: ubuntu1804 + # + # The following images are available + # Please see the samba-o3 sections at the end of this file! + # We should run that for each available image + # + SAMBA_CI_CONTAINER_IMAGE_ubuntu1804: ubuntu1804 + SAMBA_CI_CONTAINER_IMAGE_ubuntu2004: ubuntu2004 + SAMBA_CI_CONTAINER_IMAGE_debian11: debian11 + SAMBA_CI_CONTAINER_IMAGE_opensuse153: opensuse153 + SAMBA_CI_CONTAINER_IMAGE_fedora36: fedora36 + SAMBA_CI_CONTAINER_IMAGE_f36mit120: f36mit120 + SAMBA_CI_CONTAINER_IMAGE_centos7: centos7 + SAMBA_CI_CONTAINER_IMAGE_centos8s: centos8s + +include: + # The image creation details are specified in a separate file + # See bootstrap/README.md for details + - 'bootstrap/.gitlab-ci.yml' + +.shared_runner_build_image: + extends: .shared_runner_build + variables: + SAMBA_CI_JOB_IMAGE: ${SAMBA_CI_CONTAINER_IMAGE} + image: ${SAMBA_CI_CONTAINER_REGISTRY}/samba-ci-${SAMBA_CI_JOB_IMAGE}:${SAMBA_CI_CONTAINER_TAG} + +.shared_template: + extends: .shared_runner_build_image + # All Samba jobs are interruptible, this avoids burning CPU when a + # newer branch is pushed. + interruptible: true + timeout: 2h + + # Otherwise we run twice, once on push and once on MR + # https://forum.gitlab.com/t/new-rules-syntax-and-detached-pipelines/37292 + rules: + - if: $CI_MERGE_REQUEST_ID + when: never + - when: on_success + + variables: + AUTOBUILD_JOB_NAME: $CI_JOB_NAME + stage: build + cache: + key: ccache.${CI_JOB_NAME}.${SAMBA_CI_JOB_IMAGE}.${SAMBA_CI_FLAVOR} + paths: + - ccache + + # This is overridden in many cases, but ensures none of the other + # main jobs start until and unless this build finishes. However + # this also ensures we do not download artifacts from any build + # unless we specifically depend on it, saving bandwidth + + needs: + - job: samba-def-build + artifacts: false + + before_script: + - uname -a + - lsb_release -a + - cat /etc/os-release + - lscpu + - cat /proc/cpuinfo + - mount + - df -h + - cat /proc/swaps + - free -h + # ld will fail if coverage enabled, force link ld to ld.bfd + - if [ -n "$SAMBA_CI_AUTOBUILD_ENABLE_COVERAGE" ]; then sudo ln -sf $(which ld.bfd) $(which ld); fi + # See bootstrap/.gitlab-ci.yml how to generate a new image + - echo "SAMBA_CI_CONTAINER_REGISTRY[${SAMBA_CI_CONTAINER_REGISTRY}]" + - echo "SAMBA_CI_CONTAINER_TAG[${SAMBA_CI_CONTAINER_TAG}]" + - echo "SAMBA_CI_JOB_IMAGE[${SAMBA_CI_JOB_IMAGE}]" + - echo "CI_JOB_IMAGE[${CI_JOB_IMAGE}]" + - bootstrap/template.py --sha1sum > /tmp/sha1sum-template.txt + - diff -u bootstrap/sha1sum.txt /tmp/sha1sum-template.txt + - echo "${SAMBA_CI_CONTAINER_TAG}" > /tmp/sha1sum-tag.txt + - diff -u bootstrap/sha1sum.txt /tmp/sha1sum-tag.txt + - diff -u bootstrap/sha1sum.txt /sha1sum.txt + - echo "${CI_COMMIT_SHA} ${CI_COMMIT_TITLE}" > /tmp/commit.txt + - export CCACHE_BASEDIR="${PWD}" + - export CCACHE_DIR="${PWD}/ccache" && mkdir -pv "$CCACHE_DIR" + - export CC="ccache cc" + - export CXX="ccache c++" + - ccache -z -M 500M + - ccache -s + # We are already running .gitlab-ci directives from this repo, remove additional checks that break our CI + - git config --global --add safe.directory `pwd` + after_script: + - mount + - df -h + - cat /proc/swaps + - free -h + - CCACHE_BASEDIR="${PWD}" CCACHE_DIR="${PWD}/ccache" ccache -s -c + artifacts: + expire_in: 1 week + paths: + - "*.stdout" + - "*.stderr" + - "*.info" + - public + - system-info.txt + retry: + max: 2 + when: + - runner_system_failure + - stuck_or_timeout_failure + - api_failure + - runner_unsupported + - stale_schedule + - archived_failure + - scheduler_failure + - data_integrity_failure + + script: + # gitlab predefines CI_JOB_NAME for each job. The gitlab job usually matches the + # autobuild name, which means we can define a default template that runs most autobuild jobs + - script/autobuild.py $AUTOBUILD_JOB_NAME $SAMBA_CI_AUTOBUILD_ENABLE_COVERAGE --verbose --nocleanup --keeplogs --tail --full-testbase /tmp/samba-testbase + +# Ensure when adding a new job below that you also add it to +# the dependencies for 'pages' below for the code coverage page +# generation. + +others: + extends: .shared_template + script: + - script/autobuild.py ldb $SAMBA_CI_AUTOBUILD_ENABLE_COVERAGE --verbose --nocleanup --keeplogs --tail --full-testbase /tmp/samba-testbase/ldb + - script/autobuild.py pidl $SAMBA_CI_AUTOBUILD_ENABLE_COVERAGE --verbose --nocleanup --keeplogs --tail --full-testbase /tmp/samba-testbase/pidl + - script/autobuild.py replace $SAMBA_CI_AUTOBUILD_ENABLE_COVERAGE --verbose --nocleanup --keeplogs --tail --full-testbase /tmp/samba-testbase/replace + - script/autobuild.py talloc $SAMBA_CI_AUTOBUILD_ENABLE_COVERAGE --verbose --nocleanup --keeplogs --tail --full-testbase /tmp/samba-testbase/talloc + - script/autobuild.py tdb $SAMBA_CI_AUTOBUILD_ENABLE_COVERAGE --verbose --nocleanup --keeplogs --tail --full-testbase /tmp/samba-testbase/tdb + - script/autobuild.py tevent $SAMBA_CI_AUTOBUILD_ENABLE_COVERAGE --verbose --nocleanup --keeplogs --tail --full-testbase /tmp/samba-testbase/tevent + - script/autobuild.py samba-xc $SAMBA_CI_AUTOBUILD_ENABLE_COVERAGE --verbose --nocleanup --keeplogs --tail --full-testbase /tmp/samba-testbase/samba-xc + - script/autobuild.py docs-xml $SAMBA_CI_AUTOBUILD_ENABLE_COVERAGE --verbose --nocleanup --keeplogs --tail --full-testbase /tmp/samba-testbase/docs-xml + +.shared_template_build_only: + extends: .shared_template + timeout: 2h + needs: + artifacts: + expire_in: 1 week + paths: + - "*.stdout" + - "*.stderr" + - "*.info" + - system-info.txt + - samba-testbase.tar + script: + # gitlab predefines CI_JOB_NAME for each job. The gitlab job usually matches the + # autobuild name, which means we can define a default template that runs most autobuild jobs + - script/autobuild.py $AUTOBUILD_JOB_NAME $SAMBA_CI_AUTOBUILD_ENABLE_COVERAGE --verbose --nocleanup --keeplogs --tail --full-testbase /tmp/samba-testbase + # On success we need to pack everything into an artifacts file + # which needs to be in the git checkout. + # As tar doesn't handle hardlink of read-only files, + # we remember the acls and add write permissions + # before creating the archive. The consumer will apply + # the acls again. + - cp -a /sha1sum.txt /tmp/samba-testbase/image-sha1sum.txt + - cp -a /tmp/commit.txt /tmp/samba-testbase/commit.txt + - ln -s /tmp/samba-testbase/${AUTOBUILD_JOB_NAME}/ /tmp/samba-testbase/build_subdir_link + - pushd /tmp && getfacl -R samba-testbase > samba-testbase.acl.dump && popd + - chmod -R +w /tmp/samba-testbase + - mv /tmp/samba-testbase.acl.dump /tmp/samba-testbase/ + - tar $SAMBA_TESTBASE_TAR_OPTIONS -cf samba-testbase.tar /tmp/samba-testbase + - ls -la samba-testbase.tar + - sha1sum samba-testbase.tar + +.shared_template_test_only: + extends: + - .shared_template + - .shared_runner_test + stage: test_only + script: + # Print the Kerberos version to check we ended up with the right one + # in the runner. We do not have configure output to recognize it + # otherwise. + - if [ -x "$(command -v krb5-config)" ]; then krb5-config --version; fi + # We unpack the artifacts file created by the .shared_template_build_only + # run we depend on + - ls -la samba-testbase.tar + - sha1sum samba-testbase.tar + - tar $SAMBA_TESTBASE_TAR_OPTIONS -xf samba-testbase.tar -C / + - diff -u /tmp/samba-testbase/image-sha1sum.txt /sha1sum.txt + - diff -u /tmp/samba-testbase/commit.txt /tmp/commit.txt + - mv /tmp/samba-testbase/samba-testbase.acl.dump /tmp/samba-testbase.acl.dump + - pushd /tmp && setfacl --restore=/tmp/samba-testbase.acl.dump && popd + - ls -la /tmp/samba-testbase/ + - ls -la /tmp/samba-testbase/build_subdir_link + - ls -la /tmp/samba-testbase/build_subdir_link/ + - if [ -n "$SAMBA_CI_AUTOBUILD_ENABLE_COVERAGE" ]; then find /tmp/samba-testbase/build_subdir_link/ -type d -printf "'%p'\n" | xargs chmod u+w; fi + - ls -la /tmp/samba-testbase/build_subdir_link/ + # gitlab predefines CI_JOB_NAME for each job. The gitlab job usually matches the + # autobuild name, which means we can define a default template that runs most autobuild jobs + - script/autobuild.py $AUTOBUILD_JOB_NAME $SAMBA_CI_AUTOBUILD_ENABLE_COVERAGE --skip-dependencies --verbose --nocleanup --keeplogs --tail --full-testbase /tmp/samba-testbase + +samba-def-build: + extends: .shared_template_build_only + stage: build_first + +.needs_samba-def-build: + extends: .shared_template_test_only + needs: + - job: samba-def-build + artifacts: true + +samba-mit-build: + extends: .shared_template_build_only + variables: + SAMBA_CI_JOB_IMAGE: ${SAMBA_CI_CONTAINER_IMAGE_fedora36} + stage: build_first + +samba-mit120-build: + extends: .shared_template_build_only + variables: + AUTOBUILD_JOB_NAME: samba-mit-build + SAMBA_CI_JOB_IMAGE: ${SAMBA_CI_CONTAINER_IMAGE_f36mit120} + stage: build_first + +.needs_samba-mit-build: + extends: .shared_template_test_only + variables: + SAMBA_CI_JOB_IMAGE: ${SAMBA_CI_CONTAINER_IMAGE_fedora36} + needs: + - job: samba-mit-build + artifacts: true + +.needs_samba-mit120-build: + extends: .shared_template_test_only + variables: + SAMBA_CI_JOB_IMAGE: ${SAMBA_CI_CONTAINER_IMAGE_f36mit120} + needs: + - job: samba-mit120-build + artifacts: true + +samba-h5l-build: + extends: .shared_template_build_only + +.needs_samba-h5l-build: + extends: .shared_template_test_only + needs: + - job: samba-h5l-build + artifacts: true + +samba-without-smb1-build: + extends: .shared_template_build_only + +.needs_samba-without-smb1-build: + extends: .shared_template_test_only + needs: + - job: samba-without-smb1-build + artifacts: true + +samba-nt4-build: + extends: .shared_template_build_only + +.needs_samba-nt4-build: + extends: .shared_template_test_only + needs: + - job: samba-nt4-build + artifacts: true + +samba-no-opath-build: + extends: .shared_template_build_only + +.needs_samba-no-opath-build: + extends: .shared_template_test_only + needs: + - job: samba-no-opath-build + artifacts: true + +samba: + extends: .shared_template + +samba-mitkrb5: + extends: .shared_template + variables: + SAMBA_CI_JOB_IMAGE: ${SAMBA_CI_CONTAINER_IMAGE_fedora36} + +samba-minimal-smbd: + extends: .shared_template + +samba-nopython: + extends: .shared_template + +samba-admem: + extends: .needs_samba-def-build + +samba-ad-dc-2: + extends: .needs_samba-def-build + +samba-ad-dc-3: + extends: .needs_samba-def-build + +samba-ad-dc-4a: + extends: .needs_samba-def-build + +samba-ad-dc-4b: + extends: .needs_samba-def-build + +samba-ad-dc-5: + extends: .needs_samba-def-build + +samba-ad-dc-6: + extends: .needs_samba-def-build + +samba-ad-back1: + extends: .needs_samba-def-build + +samba-ad-back2: + extends: .needs_samba-def-build + +samba-schemaupgrade: + extends: .needs_samba-def-build + +samba-libs: + extends: .shared_template + +samba-fuzz: + extends: .shared_template + variables: + SAMBA_CI_JOB_IMAGE: ${SAMBA_CI_CONTAINER_IMAGE_ubuntu2004} + +ctdb: + extends: .shared_template + +samba-ctdb: + extends: .shared_template + +samba-ad-dc-ntvfs: + extends: .needs_samba-def-build + +samba-admem-mit: + extends: .needs_samba-mit-build + +samba-addc-mit-4a: + extends: .needs_samba-mit-build + +samba-addc-mit-4b: + extends: .needs_samba-mit-build + +# This task is run first to ensure we compile before we start the +# main run as it is the fastest full compile of Samba. +samba-fips: + extends: .shared_template + variables: + SAMBA_CI_JOB_IMAGE: ${SAMBA_CI_CONTAINER_IMAGE_fedora36} + +.private_test_only: + extends: .private_runner_test + stage: test_private + rules: + # See above, to avoid a duplicate CI on the MR (these rules override the others) + - if: $CI_MERGE_REQUEST_ID + when: never + + # These jobs are only run if the gitlab repo has private runners available. + # To enable private jobs, you must add the following var and value to + # your gitlab repo by navigating to: + # settings -> CI/CD -> Environment variables + - if: $SUPPORT_PRIVATE_TEST == "yes" + +.needs_samba-def-build-private: + extends: + - .needs_samba-def-build + - .private_test_only + +.needs_samba-mit-build-private: + extends: + - .needs_samba-mit-build + - .private_test_only + +.needs_samba-mit120-build-private: + extends: + - .needs_samba-mit120-build + - .private_test_only + +.needs_samba-h5l-build-private: + extends: + - .needs_samba-h5l-build + - .private_test_only + +.needs_samba-without-smb1-build-private: + extends: + - .needs_samba-without-smb1-build + - .private_test_only + +.needs_samba-nt4-build-private: + extends: + - .needs_samba-nt4-build + - .private_test_only + +.needs_samba-no-opath-build-private: + extends: + - .needs_samba-no-opath-build + - .private_test_only + +samba-fileserver: + extends: .needs_samba-h5l-build-private + +samba-fileserver-without-smb1: + extends: .needs_samba-without-smb1-build-private + +# This is a full build without the AD DC so we test the build with MIT +# Kerberos from the default system (Ubuntu 18.04 at this stage). +# Runtime behaviour checked via the ktest (static ccache and keytab) +# environment +samba-ktest-mit: + extends: .shared_template + +samba-ad-dc-1: + extends: .needs_samba-def-build-private + +samba-nt4: + extends: .needs_samba-nt4-build-private + +samba-addc-mit-1: + extends: .needs_samba-mit-build-private + +samba-addc-mit120: + extends: .needs_samba-mit120-build-private + variables: + AUTOBUILD_JOB_NAME: samba-addc-mit-1 + +samba-no-opath1: + extends: .needs_samba-no-opath-build-private + +samba-no-opath2: + extends: .needs_samba-no-opath-build-private + +# 'pages' is a special job which can publish artifacts in `public` dir to gitlab pages +pages: + extends: .shared_runner_build_image + stage: report + dependencies: # tell gitlab to download artifacts for these jobs + - others + - samba + - samba-mitkrb5 + - samba-admem + - samba-ad-dc-2 + - samba-ad-dc-3 + - samba-ad-dc-4a + - samba-ad-dc-4b + - samba-ad-dc-5 + - samba-ad-dc-6 + - samba-libs + - samba-minimal-smbd + - samba-nopython + - samba-fuzz + # - ctdb # TODO + - samba-ctdb + - samba-ad-dc-ntvfs + - samba-admem-mit + - samba-addc-mit-4a + - samba-addc-mit-4b + - samba-ad-back1 + - samba-ad-back2 + - samba-fileserver + - samba-fileserver-without-smb1 + - samba-ad-dc-1 + - samba-nt4 + - samba-schemaupgrade + - samba-addc-mit-1 + - samba-fips + - samba-no-opath1 + - samba-no-opath2 + - ubuntu1804-samba-o3 + script: + - ls -la *.info + - ./configure.developer + - make -j + - ls -la *.info + - lcov $(ls *.info | xargs -I{} echo -n "-a {} ") -o all.info + - ls -la *.info + - genhtml all.info --ignore-errors source --output-directory public --prefix=$(pwd) --title "coverage report for $CI_COMMIT_REF_NAME $CI_COMMIT_SHORT_SHA" + artifacts: + expire_in: 30 days + paths: + - public + only: + variables: + - $SAMBA_CI_AUTOBUILD_ENABLE_COVERAGE == "--enable-coverage" + +# Coverity Scan +coverity: + extends: .shared_runner_build_image + variables: + SAMBA_CI_JOB_IMAGE: ${SAMBA_CI_CONTAINER_IMAGE_opensuse153} + stage: build + script: + - wget https://scan.coverity.com/download/linux64 --post-data "token=$COVERITY_SCAN_TOKEN&project=$COVERITY_SCAN_PROJECT_NAME" -O /tmp/coverity_tool.tgz + - tar xf /tmp/coverity_tool.tgz + - ./configure.developer --with-cluster-support --with-system-mitkrb5 --with-experimental-mit-ad-dc + - cov-analysis-linux64-*/bin/cov-build --dir cov-int make -j$(nproc) + - tar czf cov-int.tar.gz cov-int + - curl + --form token=$COVERITY_SCAN_TOKEN + --form email=$COVERITY_SCAN_EMAIL + --form file=@cov-int.tar.gz + --form version="`git describe --tags`" + --form description="CI build" + https://scan.coverity.com/builds?project=$COVERITY_SCAN_PROJECT_NAME + only: + refs: + - master + - schedules + variables: + - $COVERITY_SCAN_TOKEN != null + - $COVERITY_SCAN_PROJECT_NAME != null + - $COVERITY_SCAN_EMAIL != null + artifacts: + expire_in: 1 week + when: on_failure + paths: + - cov-int/*.txt + +# +# We build samba-o3 on all supported distributions +# + +# This job, which matches the main CI, needs to still do coverage so +# we show the coverage on the "none" environment tests +# +# We want --enable-coverage specified here otherwise we will have a +# different set of build options on the coverage build and can fail +# when -O3 gets combined with --enable-coverage in the scheduled +# builds. + +ubuntu1804-samba-o3: + extends: .shared_template + variables: + AUTOBUILD_JOB_NAME: samba-o3 + SAMBA_CI_JOB_IMAGE: ${SAMBA_CI_CONTAINER_IMAGE_ubuntu1804} + SAMBA_CI_AUTOBUILD_ENABLE_COVERAGE: "--enable-coverage" + rules: + # See above, to avoid a duplicate CI on the MR (these rules override the others) + - if: $CI_MERGE_REQUEST_ID + when: never + # do not run o3 builds (which run a lot of VMs) if told not to + # (this uses the same variable as autobuild.py) + - if: $AUTOBUILD_SKIP_SAMBA_O3 == "1" + when: never + +# All other jobs do not want code coverage. +.samba-o3-template: + extends: .shared_template + variables: + AUTOBUILD_JOB_NAME: samba-o3 + rules: + # See above, to avoid a duplicate CI on the MR (these rules override the others) + - if: $CI_MERGE_REQUEST_ID + when: never + # do not run o3 builds (which run a lot of VMs) if told not to + # (this uses the same variable as autobuild.py) + - if: $AUTOBUILD_SKIP_SAMBA_O3 == "1" + when: never + # do not run o3 for coverage since they are using different images + - if: $SAMBA_CI_AUTOBUILD_ENABLE_COVERAGE == "" + +ubuntu2004-samba-o3: + extends: .samba-o3-template + variables: + SAMBA_CI_JOB_IMAGE: ${SAMBA_CI_CONTAINER_IMAGE_ubuntu2004} + +debian11-samba-o3: + extends: .samba-o3-template + variables: + SAMBA_CI_JOB_IMAGE: ${SAMBA_CI_CONTAINER_IMAGE_debian11} + +opensuse153-samba-o3: + extends: .samba-o3-template + variables: + SAMBA_CI_JOB_IMAGE: ${SAMBA_CI_CONTAINER_IMAGE_opensuse153} + +centos7-samba-o3: + extends: .samba-o3-template + variables: + SAMBA_CI_JOB_IMAGE: ${SAMBA_CI_CONTAINER_IMAGE_centos7} + # Git on CentOS doesn't support shallow git cloning + GIT_DEPTH: "" + # We need a newer GnuTLS version on CentOS7 + PKG_CONFIG_PATH: "/usr/lib64/compat-gnutls37/pkgconfig:/usr/lib64/compat-nettle32/pkgconfig" + +centos8s-samba-o3: + extends: .samba-o3-template + variables: + SAMBA_CI_JOB_IMAGE: ${SAMBA_CI_CONTAINER_IMAGE_centos8s} + +fedora36-samba-o3: + extends: .samba-o3-template + variables: + SAMBA_CI_JOB_IMAGE: ${SAMBA_CI_CONTAINER_IMAGE_fedora36} + +# +# Keep the samba-o3 sections at the end ... +# |