variables: # Not normally needed, but may be if some script uses `apt-get install`. DEBIAN_FRONTEND: noninteractive # Locale settings do not affect the build, but might affect tests. LC_ALL: C CI_REGISTRY_IMAGE: registry.gitlab.isc.org/isc-projects/images/bind9 CCACHE_DIR: "/ccache" SOFTHSM2_CONF: "/var/tmp/softhsm2/softhsm2.conf" # VirtualBox driver needs to set build_dir to "/builds" in gitlab-runner.toml KYUA_RESULT: "$CI_PROJECT_DIR/kyua.results" GIT_DEPTH: 1 GIT_CLEAN_FLAGS: -ffdxq # The following values may be overwritten in GitLab's CI/CD Variables Settings. BUILD_PARALLEL_JOBS: 6 TEST_PARALLEL_JOBS: 4 CONFIGURE: ./configure CLANG_VERSION: 17 CLANG: "clang-${CLANG_VERSION}" SCAN_BUILD: "scan-build-${CLANG_VERSION}" LLVM_SYMBOLIZER: "/usr/lib/llvm-${CLANG_VERSION}/bin/llvm-symbolizer" ASAN_SYMBOLIZER_PATH: "/usr/lib/llvm-${CLANG_VERSION}/bin/llvm-symbolizer" CLANG_FORMAT: "clang-format-${CLANG_VERSION}" CFLAGS_COMMON: -fno-omit-frame-pointer -fno-optimize-sibling-calls -O1 -g -Wall -Wextra # Pass run-time flags to AddressSanitizer to get core dumps on error. ASAN_OPTIONS: abort_on_error=1:disable_coredump=0:unmap_shadow_on_exit=1 TSAN_OPTIONS_COMMON: "disable_coredump=0 second_deadlock_stack=1 atexit_sleep_ms=1000 history_size=7 log_exe_name=true log_path=tsan" TSAN_SUPPRESSIONS: "suppressions=${CI_PROJECT_DIR}/.tsan-suppress" TSAN_OPTIONS_DEBIAN: "${TSAN_OPTIONS_COMMON} ${TSAN_SUPPRESSIONS} external_symbolizer_path=${LLVM_SYMBOLIZER}" TSAN_OPTIONS_FEDORA: "${TSAN_OPTIONS_COMMON} ${TSAN_SUPPRESSIONS} external_symbolizer_path=/usr/bin/llvm-symbolizer" UBSAN_OPTIONS: "halt_on_error=1:abort_on_error=1:disable_coredump=0" INSTALL_PATH: "${CI_PROJECT_DIR}/.local" # Disable pytest's "cacheprovider" plugin to prevent it from creating # cross-testrun files as there is no need to use that feature in CI. PYTEST_ADDOPTS: "-p no:cacheprovider" # Default platforms to run "stress" tests on BIND_STRESS_TEST_OS: linux BIND_STRESS_TEST_ARCH: amd64 default: # Allow all running CI jobs to be automatically canceled when a new # version of a branch is pushed. # # See: https://docs.gitlab.com/ee/ci/pipelines/settings.html#auto-cancel-redundant-pipelines interruptible: true stages: - precheck - build - unit - system - performance - docs - postcheck - release ### Runner Tag Templates .libvirt-amd64: &libvirt_amd64 tags: - libvirt - amd64 # Jobs with these tags do not run on AWS but on permanent OVH systems. .linux-respdiff-amd64: &linux_respdiff_amd64 tags: - linux - ovh - amd64 # Autoscaling GitLab Runner on AWS EC2 (amd64) .linux-amd64: &linux_amd64 tags: - linux - aws - runner-manager - amd64 # Autoscaling GitLab Runner on AWS EC2 (arm64) .linux-arm64: &linux_arm64 tags: - linux - aws - runner-manager - aarch64 # Stress-testing runners .freebsd-stress-amd64: &freebsd_stress_amd64 tags: - amd64 - aws - bsd-stress - stress .windows-amd64: &windows_amd64 tags: - windows - amd64 ### Docker Image Templates # Alpine Linux .alpine-3.19-amd64: &alpine_3_19_amd64_image image: "$CI_REGISTRY_IMAGE:alpine-3.19-amd64" <<: *linux_amd64 # Oracle Linux .oraclelinux-7-amd64: &oraclelinux_7_amd64_image image: "$CI_REGISTRY_IMAGE:oraclelinux-7-amd64" <<: *linux_amd64 .oraclelinux-8-amd64: &oraclelinux_8_amd64_image image: "$CI_REGISTRY_IMAGE:oraclelinux-8-amd64" <<: *linux_amd64 .oraclelinux-9-amd64: &oraclelinux_9_amd64_image image: "$CI_REGISTRY_IMAGE:oraclelinux-9-amd64" <<: *linux_amd64 # Debian .debian-buster-amd64: &debian_buster_amd64_image image: "$CI_REGISTRY_IMAGE:debian-buster-amd64" <<: *linux_amd64 .debian-bullseye-amd64: &debian_bullseye_amd64_image image: "$CI_REGISTRY_IMAGE:debian-bullseye-amd64" <<: *linux_amd64 .respdiff-debian-bookworm-amd64: &respdiff_debian_bookworm_amd64_image image: "$CI_REGISTRY_IMAGE:debian-bookworm-amd64" <<: *linux_respdiff_amd64 .debian-bookworm-amd64: &debian_bookworm_amd64_image image: "$CI_REGISTRY_IMAGE:debian-bookworm-amd64" <<: *linux_amd64 .tsan-debian-bookworm-amd64: &tsan_debian_bookworm_amd64_image image: "$CI_REGISTRY_IMAGE:tsan-debian-bookworm-amd64" <<: *linux_amd64 .debian-bookworm-amd64cross32: &debian_bookworm_amd64cross32_image image: "$CI_REGISTRY_IMAGE:debian-bookworm-amd64cross32" <<: *linux_amd64 .debian-sid-amd64: &debian_sid_amd64_image image: "$CI_REGISTRY_IMAGE:debian-sid-amd64" <<: *linux_amd64 # openSUSE Tumbleweed .tumbleweed-latest-amd64: &tumbleweed_latest_amd64_image image: "$CI_REGISTRY_IMAGE:tumbleweed-latest-amd64" <<: *linux_amd64 # Fedora .tsan-fedora-39-amd64: &tsan_fedora_39_amd64_image image: "$CI_REGISTRY_IMAGE:tsan-fedora-39-amd64" <<: *linux_amd64 .fedora-39-amd64: &fedora_39_amd64_image image: "$CI_REGISTRY_IMAGE:fedora-39-amd64" <<: *linux_amd64 .fedora-39-arm64: &fedora_39_arm64_image image: "$CI_REGISTRY_IMAGE:fedora-39-arm64" <<: *linux_arm64 # Ubuntu .ubuntu-focal-amd64: &ubuntu_focal_amd64_image image: "$CI_REGISTRY_IMAGE:ubuntu-focal-amd64" <<: *linux_amd64 .ubuntu-jammy-amd64: &ubuntu_jammy_amd64_image image: "$CI_REGISTRY_IMAGE:ubuntu-jammy-amd64" <<: *linux_amd64 # Windows .windows-server-2016-amd64: &windows_server_2016_amd64_image image: "$CI_REGISTRY_IMAGE:windows-server-2016-amd64" <<: *windows_amd64 # Base image # This is a meta image that is used as a base for non-specific jobs .base: &base_image <<: *debian_bookworm_amd64_image ### QCOW2 Image Templates .freebsd-12-amd64: &freebsd_12_amd64_image image: "freebsd-12.4-x86_64" <<: *libvirt_amd64 .freebsd-13-amd64: &freebsd_13_amd64_image image: "freebsd-13.2-x86_64" <<: *libvirt_amd64 .freebsd-14-amd64: &freebsd_14_amd64_image image: "freebsd-14.0-x86_64" <<: *libvirt_amd64 .openbsd-amd64: &openbsd_amd64_image image: "openbsd-7.4-x86_64" <<: *libvirt_amd64 ### Job Templates .api-schedules-tags-triggers-web-triggering-rules: &api_schedules_tags_triggers_web_triggering_rules only: - api - schedules - tags - triggers - web .api-schedules-triggers-web-triggering-rules: &api_schedules_triggers_web_triggering_rules only: - api - schedules - triggers - web .default-triggering-rules: &default_triggering_rules only: - api - merge_requests - schedules - tags - triggers - web .precheck: &precheck_job <<: *default_triggering_rules <<: *base_image stage: precheck .configure: &configure - ${CONFIGURE} --disable-maintainer-mode --enable-developer --with-libtool --disable-static --enable-option-checking=fatal --enable-dnstap --with-cmocka --with-libxml2 --with-json-c --without-make-clean $EXTRA_CONFIGURE || (test -s config.log && cat config.log; exit 1) .parse_tsan: &parse_tsan - find -name 'tsan.*' -exec python3 util/parse_tsan.py {} \; .build: &build_job <<: *default_triggering_rules stage: build before_script: - test -w "${CCACHE_DIR}" && export PATH="/usr/lib/ccache:${PATH}" - test -n "${OOT_BUILD_WORKSPACE}" && mkdir "${OOT_BUILD_WORKSPACE}" && cd "${OOT_BUILD_WORKSPACE}" script: - *configure - test -n "${SKIP_MAKE_DEPEND}" || make -j${BUILD_PARALLEL_JOBS:-1} depend 2>&1 | tee make-depend.log - test -n "${SKIP_MAKE_DEPEND}" || ( ! grep -F "error:" make-depend.log ) - make -j${BUILD_PARALLEL_JOBS:-1} -k all V=1 - test -z "${BUILD_CONTRIB}" || for DIR in contrib/dlz/modules/*; do test -f "${DIR}/Makefile" && make -C "${DIR}"; done - test -z "${RUN_MAKE_INSTALL}" || make DESTDIR="${INSTALL_PATH}" install - test -z "${RUN_MAKE_INSTALL}" -o -z "${BUILD_CONTRIB}" || for DIR in contrib/dlz/modules/*; do test -f "${DIR}/Makefile" && make -C "${DIR}" DESTDIR="${INSTALL_PATH}" install; done - test -z "${RUN_MAKE_INSTALL}" || DESTDIR="${INSTALL_PATH}" sh util/check-make-install - if [[ "${CFLAGS}" == *"-fsanitize=address"* ]]; then ( ! grep -F AddressSanitizer config.log ); fi - test -z "${CROSS_COMPILATION}" || grep -F -A 1 "checking whether we are cross compiling" config.log | grep -q "result.*yes" - test -z "${CROSS_COMPILATION}" || file lib/dns/gen | grep -F -q "ELF 64-bit LSB" - test -z "${CROSS_COMPILATION}" || ( ! git ls-files -z --others --exclude lib/dns/gen | xargs -0 file | grep "ELF 64-bit LSB" ) artifacts: untracked: true when: always needs: [] .windows_build: &windows_build_job stage: build script: - 'Push-Location "C:/Program Files (x86)/Microsoft Visual Studio/2017/BuildTools/VC/Auxiliary/Build"' - '& cmd.exe /C "vcvarsall.bat x64 & set" | Foreach-Object { if ($_ -match "(.*?)=(.*)") { Set-Item -force -path "Env:\$($matches[1])" -value "$($matches[2])" } }' - 'Pop-Location' - 'Set-Location win32utils' - '& "C:/Strawberry/perl/bin/perl.exe" Configure "with-tools-version=15.0" "with-platform-toolset=v141" "with-platform-version=10.0.17763.0" "with-vcredist=C:/Program Files (x86)/Microsoft Visual Studio/2017/BuildTools/VC/Redist/MSVC/14.16.27012/vcredist_x64.exe" "with-openssl=C:/OpenSSL" "with-libxml2=C:/libxml2" "with-libuv=C:/libuv" "without-python" "with-system-tests" x64' - 'Set-Item -path "Env:CL" -value "/MP$([Math]::Truncate($BUILD_PARALLEL_JOBS/2))"' - '& msbuild.exe /maxCpuCount:2 /t:Build /p:Configuration=$VSCONF bind9.sln' needs: [] artifacts: untracked: true .setup_interfaces: &setup_interfaces - if [ "$(id -u)" -eq "0" ]; then sh -x bin/tests/system/ifconfig.sh up; else sudo sh -x bin/tests/system/ifconfig.sh up; fi .setup_softhsm: &setup_softhsm - export SLOT=$(sh -x bin/tests/prepare-softhsm2.sh) - test -n "${SLOT}" && test "${SLOT}" -gt 0 .system_test_common: &system_test_common <<: *default_triggering_rules stage: system before_script: - *setup_interfaces - *setup_softhsm script: - ( cd bin/tests/system && make -j${TEST_PARALLEL_JOBS:-1} -k test V=1 ) - test -s bin/tests/system/systests.output - if git rev-parse > /dev/null 2>&1; then ( ! grep "^I:.*:file.*not removed$" bin/tests/system/systests.output ); fi - '( ! grep -F "grep: warning:" bin/tests/system/systests.output )' .system_test: &system_test_job <<: *system_test_common artifacts: untracked: true when: on_failure .system_test_gcov: &system_test_gcov_job <<: *system_test_common artifacts: untracked: true when: always .system_test_tsan: &system_test_tsan_job <<: *system_test_common after_script: - *parse_tsan artifacts: untracked: true when: on_failure .kyua_report: &kyua_report_html - kyua --logfile /dev/null report-html --force --results-file "$KYUA_RESULT" --results-filter "" --output kyua_html > /dev/null .windows_system_test: &windows_system_test_job stage: system script: - 'Push-Location bin/tests/system' - '$ifIndex = Get-NetIPInterface -AddressFamily IPv4 -InterfaceMetric 75 | Select-Object -ExpandProperty ifIndex' - '& C:/tools/cygwin/bin/sed.exe -i "s/^exit.*/netsh interface ipv4 set dnsservers $ifIndex dhcp/; s/\(name\|interface\)=Loopback/$ifIndex/;" ifconfig.bat' - '& C:/tools/cygwin/bin/sed.exe -i "s/kill -f/kill -W/;" conf.sh stop.pl' - '& cmd.exe /C ifconfig.bat up; ""' - 'Start-Sleep 2' - '$Env:Path = "C:/tools/cygwin/bin;$Env:Path"' - '& sh.exe runall.sh $TEST_PARALLEL_JOBS' - 'If (Test-Path C:/CrashDumps/*) { dir C:/CrashDumps; Throw }' artifacts: untracked: true when: on_failure .unit_test_common: &unit_test_common <<: *default_triggering_rules stage: unit before_script: - *setup_softhsm script: - make unit after_script: - *kyua_report_html .unit_test: &unit_test_job <<: *unit_test_common artifacts: untracked: true when: on_failure .unit_test_gcov: &unit_test_gcov_job <<: *unit_test_common artifacts: untracked: true when: always .unit_test_tsan: &unit_test_tsan_job <<: *unit_test_common after_script: - *kyua_report_html - *parse_tsan artifacts: untracked: true when: on_failure .respdiff: &respdiff_job stage: system before_script: - *configure - make -j${BUILD_PARALLEL_JOBS:-1} V=1 - *setup_interfaces - git clone --depth 1 https://gitlab-ci-token:${CI_JOB_TOKEN}@gitlab.isc.org/isc-private/bind-qa.git - cd bind-qa/bind9/respdiff needs: [] artifacts: paths: - bind-qa/bind9/respdiff exclude: - bind-qa/bind9/respdiff/rspworkdir/data.mdb # Exclude a 10 GB file. untracked: true when: always ### Job Definitions # Jobs in the precheck stage misc: <<: *precheck_job script: - sh util/check-ans-prereq.sh - sh util/checklibs.sh > checklibs.out - sh util/tabify-changes < CHANGES > CHANGES.tmp - diff -urNap CHANGES CHANGES.tmp - perl util/check-changes CHANGES - sh util/check-line-length.sh CHANGES - test ! -f CHANGES.SE || sh util/tabify-changes < CHANGES.SE > CHANGES.tmp - test ! -f CHANGES.SE || diff -urNap CHANGES.SE CHANGES.tmp - test ! -f CHANGES.SE || perl util/check-changes master=0 CHANGES.SE - test ! -f CHANGES.SE || sh util/check-line-length.sh CHANGES.SE - rm CHANGES.tmp - xmllint --noout --nonet `git ls-files '*.xml' '*.docbook'` - sh util/check-win32util-configure - sh util/check-categories.sh - sh util/xmllint-html.sh artifacts: paths: - checklibs.out when: on_failure black: <<: *precheck_job script: - black $(git ls-files '*.py' '*.py.in') - git diff > black.patch - if test "$(git status --porcelain | grep -Ev '\?\?' | wc -l)" -gt "0"; then git status --short; exit 1; fi artifacts: paths: - black.patch expire_in: "1 week" when: on_failure clang-format: <<: *precheck_job script: - if [ -r .clang-format ]; then "${CLANG_FORMAT}" -i -style=file $(git ls-files '*.c' '*.h'); fi - git diff > clang-format.patch - if test "$(git status --porcelain | grep -Ev '\?\?' | wc -l)" -gt "0"; then git status --short; exit 1; fi artifacts: paths: - clang-format.patch expire_in: "1 week" when: on_failure coccinelle: <<: *precheck_job script: - util/check-cocci - if test "$(git status --porcelain | grep -Ev '\?\?' | wc -l)" -gt "0"; then git status --short; exit 1; fi reuse: <<: *precheck_job image: name: docker.io/fsfe/reuse:latest entrypoint: [""] script: - reuse lint shfmt: <<: *precheck_job needs: [] script: - shfmt -w -i 2 -ci -bn bin/tests/system/ util/ $(find bin/tests/system/ -name "*.sh.in") - git diff > shfmt.patch - if test "$(git status --porcelain | grep -Ev '\?\?' | wc -l)" -gt "0"; then git status --short; exit 1; fi artifacts: paths: - shfmt.patch expire_in: "1 week" when: on_failure danger: <<: *precheck_job # Keep the GIT_DEPTH environment variable set to a "high number" before # https://github.com/libgit2/libgit2/pull/6662 is addressed and integrated # into pygit2. variables: GIT_DEPTH: 1000 script: - pip install git+https://gitlab.isc.org/isc-projects/hazard.git - hazard only: refs: - merge_requests variables: - $DANGER_GITLAB_API_TOKEN pylint: <<: *default_triggering_rules <<: *base_image stage: postcheck script: - *configure - export PYTHONPATH="$PYTHONPATH:$CI_PROJECT_DIR/bin/python" - pylint --rcfile $CI_PROJECT_DIR/.pylintrc $(git ls-files '*.py' | grep -vE '(ans\.py|dangerfile\.py|^bin/tests/system/)') # Ignore Pylint wrong-import-position error in system test to enable use of pytest.importorskip - pylint --rcfile $CI_PROJECT_DIR/.pylintrc --disable=wrong-import-position $(git ls-files 'bin/tests/system/*.py' | grep -vE 'ans\.py') needs: [] checkbashisms: <<: *precheck_job script: - checkbashisms $(find . -path './.git' -prune -o -type f -exec sh -c 'head -n 1 "{}" | grep -qsF "#!/bin/sh"' \; -print | sed -e '/^\.\/install-sh$/d') tarball-create: stage: precheck <<: *base_image <<: *default_triggering_rules script: - source version - export BIND9_VERSION="${MAJORVER}.${MINORVER}${PATCHVER:+.}${PATCHVER}${RELEASETYPE}${RELEASEVER}${EXTENSIONS}" - export BIND_DIRECTORY="bind-${BIND9_VERSION}" - git archive --prefix="${BIND_DIRECTORY}/" --output="${BIND_DIRECTORY}.tar" HEAD - mkdir "${BIND_DIRECTORY}" - echo "SRCID=$(git rev-list --max-count=1 HEAD | cut -b1-7)" > "${BIND_DIRECTORY}/srcid" - tar --append --file="${BIND_DIRECTORY}.tar" "${BIND_DIRECTORY}/srcid" - sphinx-build -b man -d "${BIND_DIRECTORY}/tmp/.doctrees/" -W -a -v -c doc/man/ -D version="@BIND9_VERSION@" -D today="@RELEASE_DATE@" -D release="@BIND9_VERSIONSTRING@" doc/man "${BIND_DIRECTORY}/doc/man" - rm -rf "${BIND_DIRECTORY}/tmp/.doctrees/" - for man in "${BIND_DIRECTORY}/doc/man/"*; do mv "$man" "$man"in; done - tar --append --file="${BIND_DIRECTORY}.tar" "${BIND_DIRECTORY}/doc/man/"*in - xz "${BIND_DIRECTORY}.tar" artifacts: paths: - bind-*.tar.xz # Jobs for doc builds on Debian 12 "bookworm" (amd64) docs: <<: *default_triggering_rules <<: *base_image stage: docs before_script: - test -w "${CCACHE_DIR}" && export PATH="/usr/lib/ccache:${PATH}" - test -n "${OOT_BUILD_WORKSPACE}" && mkdir "${OOT_BUILD_WORKSPACE}" && cd "${OOT_BUILD_WORKSPACE}" script: - *configure - make maintainer-clean - autoreconf2.69 -fi - *configure - make -j${BUILD_PARALLEL_JOBS:-1} all V=1 - make -j${BUILD_PARALLEL_JOBS:-1} doc V=1 - if test "$(git status --porcelain | grep -Ev '\?\?' | grep -v -F -e aclocal.m4 -e configure -e ltmain.sh -e bin/named/bind9.xsl.h -e m4/ | wc -l)" -gt "0"; then git status --short; exit 1; fi - find doc/man/ -maxdepth 1 -name "*.[0-9]" -exec mandoc -T lint "{}" \; | ( ! grep -v -e "skipping paragraph macro. sp after" -e "unknown font, skipping request. ft C" -e "input text line longer than 80 bytes" ) artifacts: paths: - doc/arm/ - doc/man/ - doc/misc/ when: always needs: [] docs:pdf: <<: *api_schedules_tags_triggers_web_triggering_rules <<: *base_image stage: docs before_script: - apt-get -y install qpdf texlive-full texlive-xetex xindy script: - *configure - make -C doc/arm/ pdf V=1 - qpdf --check doc/arm/_build/latex/Bv9ARM.pdf artifacts: untracked: true needs: [] # Job detecting named.conf breakage introduced since the previous point release cross-version-config-tests: stage: system <<: *base_image <<: *default_triggering_rules variables: CC: gcc CFLAGS: "${CFLAGS_COMMON}" # Disable option checking to prevent problems with new default options in # the &configure anchor. EXTRA_CONFIGURE: "--disable-option-checking" script: # Exclude the dyndb test from the system test as the sample library can't # locate the libdns library from the BIND 9 baseline version. - sed -i '/^dyndb \\$/d' bin/tests/system/conf.sh.common - *configure - *setup_interfaces - make -j${BUILD_PARALLEL_JOBS:-1} - export BIND_BRANCH=16 # When testing a .0 release, compare it against the previous development # release (e.g., 9.19.0 and 9.18.0 should both be compared against 9.17.22). - if [ "$(sed -n -E "s|^m4_define\(\[bind_VERSION_PATCH\], ([0-9]+)\)dnl$|\1|p" configure.ac)" = "0" ]; then export BIND_BRANCH=$((BIND_BRANCH - 1 - (BIND_BRANCH % 2))); fi - BASELINE="$(curl -s "https://gitlab.isc.org/api/v4/projects/1/repository/tags?search=^v9.${BIND_BRANCH}&order_by=version" | jq -r ".[0].name")" - git clone --branch "${BASELINE}" --depth 1 https://gitlab.isc.org/isc-projects/bind9.git "bind-${BASELINE}" - cd "bind-${BASELINE}" - *configure - make -j${BUILD_PARALLEL_JOBS:-1} - cd bin/tests/system # Neutralize shell and pytests; in effect, "nsX" servers are just started # and stopped, thus configuration checked. - truncate --size=0 */tests{.sh,*.py} # Run the setup phase of all system tests in the most recently tagged BIND 9 # release using the binaries built for the current BIND 9 version. This # intends to detect obvious backward compatibility issues with the latter. - sed -i -E "s|(export TOP)=.*|\1=${CI_PROJECT_DIR}|" conf.sh - make -j${TEST_PARALLEL_JOBS:-1} -k check V=1 artifacts: paths: - bind-* untracked: true expire_in: "1 day" when: on_failure needs: [] # Jobs for regular GCC builds on Alpine Linux 3.19 (amd64) gcc:alpine3.19:amd64: variables: CC: gcc CFLAGS: "${CFLAGS_COMMON}" <<: *alpine_3_19_amd64_image <<: *build_job system:gcc:alpine3.19:amd64: <<: *alpine_3_19_amd64_image <<: *system_test_job needs: - job: gcc:alpine3.19:amd64 artifacts: true unit:gcc:alpine3.19:amd64: <<: *alpine_3_19_amd64_image <<: *unit_test_job needs: - job: gcc:alpine3.19:amd64 artifacts: true # Jobs for regular GCC builds on Oracle Linux 7 (amd64) gcc:oraclelinux7:amd64: variables: CC: gcc # -Wno-address suppresses isc_buffer macro warnings CFLAGS: "${CFLAGS_COMMON} -Wno-address" EXTRA_CONFIGURE: "--with-libidn2" <<: *oraclelinux_7_amd64_image <<: *build_job system:gcc:oraclelinux7:amd64: <<: *oraclelinux_7_amd64_image <<: *system_test_job needs: - job: gcc:oraclelinux7:amd64 artifacts: true unit:gcc:oraclelinux7:amd64: <<: *oraclelinux_7_amd64_image <<: *unit_test_job needs: - job: gcc:oraclelinux7:amd64 artifacts: true # Jobs for regular GCC builds on Oracle Linux 8 (amd64) gcc:oraclelinux8:amd64: variables: CC: gcc CFLAGS: "${CFLAGS_COMMON}" EXTRA_CONFIGURE: "--enable-buffer-useinline --with-libidn2" <<: *oraclelinux_8_amd64_image <<: *build_job system:gcc:oraclelinux8:amd64: <<: *oraclelinux_8_amd64_image <<: *system_test_job needs: - job: gcc:oraclelinux8:amd64 artifacts: true unit:gcc:oraclelinux8:amd64: <<: *oraclelinux_8_amd64_image <<: *unit_test_job needs: - job: gcc:oraclelinux8:amd64 artifacts: true # Jobs for regular GCC builds on Oracle Linux 9 (amd64) gcc:oraclelinux9:amd64: variables: CC: gcc CFLAGS: "${CFLAGS_COMMON}" EXTRA_CONFIGURE: "--with-libidn2 --disable-developer" <<: *oraclelinux_9_amd64_image <<: *build_job system:gcc:oraclelinux9:amd64: <<: *oraclelinux_9_amd64_image <<: *system_test_job needs: - job: gcc:oraclelinux9:amd64 artifacts: true unit:gcc:oraclelinux9:amd64: <<: *oraclelinux_9_amd64_image <<: *unit_test_job needs: - job: gcc:oraclelinux9:amd64 artifacts: true gcc:tarball:nosphinx: variables: CC: gcc CFLAGS: "${CFLAGS_COMMON}" EXTRA_CONFIGURE: "--with-libidn2 --disable-developer" RUN_MAKE_INSTALL: 1 <<: *oraclelinux_9_amd64_image <<: *build_job before_script: - (! command -v sphinx-build >/dev/null) - tar --extract --file bind-*.tar.xz - rm -f bind-*.tar.xz - cd bind-* needs: - job: tarball-create artifacts: true # Jobs for regular GCC builds on Debian 10 "buster" (amd64) gcc:buster:amd64: variables: CC: gcc CFLAGS: "${CFLAGS_COMMON}" EXTRA_CONFIGURE: "--with-libidn2" <<: *debian_buster_amd64_image <<: *build_job <<: *api_schedules_tags_triggers_web_triggering_rules system:gcc:buster:amd64: <<: *debian_buster_amd64_image <<: *system_test_job <<: *api_schedules_tags_triggers_web_triggering_rules needs: - job: gcc:buster:amd64 artifacts: true unit:gcc:buster:amd64: <<: *debian_buster_amd64_image <<: *unit_test_job <<: *api_schedules_tags_triggers_web_triggering_rules needs: - job: gcc:buster:amd64 artifacts: true # Jobs for Debian 11 "bullseye" (amd64) clang:bullseye:amd64: variables: CC: ${CLANG} CFLAGS: "${CFLAGS_COMMON} -Wenum-conversion" <<: *debian_bullseye_amd64_image <<: *build_job system:clang:bullseye:amd64: <<: *debian_bullseye_amd64_image <<: *system_test_job needs: - job: clang:bullseye:amd64 artifacts: true unit:clang:bullseye:amd64: <<: *debian_bullseye_amd64_image <<: *unit_test_job needs: - job: clang:bullseye:amd64 artifacts: true gcc:bullseye:amd64: variables: CC: gcc CFLAGS: "${CFLAGS_COMMON}" EXTRA_CONFIGURE: "--with-libidn2" <<: *debian_bullseye_amd64_image <<: *build_job system:gcc:bullseye:amd64: <<: *debian_bullseye_amd64_image <<: *system_test_job needs: - job: gcc:bullseye:amd64 artifacts: true unit:gcc:bullseye:amd64: <<: *debian_bullseye_amd64_image <<: *unit_test_job needs: - job: gcc:bullseye:amd64 artifacts: true # Jobs for regular GCC builds on Debian 12 "bookworm" (amd64) gcc:bookworm:amd64: variables: BUILD_CONTRIB: 1 CC: gcc CFLAGS: "${CFLAGS_COMMON} --coverage -O0" EXTRA_CONFIGURE: "--with-libidn2" LDFLAGS: "--coverage" RUN_MAKE_INSTALL: 1 <<: *debian_bookworm_amd64_image <<: *build_job system:gcc:bookworm:amd64: <<: *debian_bookworm_amd64_image <<: *system_test_gcov_job variables: CI_ENABLE_ALL_TESTS: 1 needs: - job: unit:gcc:bookworm:amd64 artifacts: true unit:gcc:bookworm:amd64: <<: *debian_bookworm_amd64_image <<: *unit_test_gcov_job variables: CI_ENABLE_ALL_TESTS: 1 needs: - job: gcc:bookworm:amd64 artifacts: true # Build job for cross-compiled GCC builds on 64-bit Debian 12 "bookworm" # (amd64) with 32-bit BIND 9. gcc:bookworm:amd64cross32: variables: BUILD_CC: gcc BUILD_CFLAGS: "${CFLAGS_COMMON}" CFLAGS: "${CFLAGS_COMMON}" CROSS_COMPILATION: 1 EXTRA_CONFIGURE: "--build=x86_64-linux-gnu --host=i686-linux-gnu --with-libidn2" <<: *debian_bookworm_amd64cross32_image <<: *build_job # Jobs for scan-build builds on Debian 12 "bookworm" (amd64) .scan_build: &scan_build - ${SCAN_BUILD} --html-title="BIND 9 ($CI_COMMIT_SHORT_SHA)" --keep-cc --status-bugs --keep-going -o scan-build.reports make -j${BUILD_PARALLEL_JOBS:-1} all V=1 scan-build: <<: *default_triggering_rules <<: *base_image stage: postcheck variables: CC: "${CLANG}" CFLAGS: "${CFLAGS_COMMON}" CONFIGURE: "${SCAN_BUILD} ./configure" EXTRA_CONFIGURE: "--with-libidn2" script: - *configure - *scan_build artifacts: paths: - scan-build.reports/ when: on_failure needs: [] # Jobs for regular GCC builds on Debian "sid" (amd64) # Also tests configration option: --without-lmdb. gcc:sid:amd64: variables: CC: gcc CFLAGS: "${CFLAGS_COMMON} -O3" EXTRA_CONFIGURE: "--with-libidn2 --without-lmdb" RUN_MAKE_INSTALL: 1 <<: *debian_sid_amd64_image <<: *build_job system:gcc:sid:amd64: <<: *debian_sid_amd64_image <<: *system_test_job needs: - job: gcc:sid:amd64 artifacts: true unit:gcc:sid:amd64: <<: *debian_sid_amd64_image <<: *unit_test_job needs: - job: gcc:sid:amd64 artifacts: true # Job for out-of-tree GCC build on Debian 12 "bookworm" (amd64) # Also tests configration option: --with-lmdb. gcc:out-of-tree: variables: CC: gcc CFLAGS: "${CFLAGS_COMMON} -Og" CONFIGURE: ../configure EXTRA_CONFIGURE: "--with-libidn2 --with-lmdb" SKIP_MAKE_DEPEND: 1 RUN_MAKE_INSTALL: 1 OOT_BUILD_WORKSPACE: workspace <<: *base_image <<: *build_job # Jobs for tarball GCC builds on Debian 12 "bookworm" (amd64) gcc:tarball: variables: CC: gcc EXTRA_CONFIGURE: "--with-libidn2" RUN_MAKE_INSTALL: 1 <<: *base_image <<: *build_job before_script: - tar --extract --file bind-*.tar.xz - rm -f bind-*.tar.xz - cd bind-* needs: - job: tarball-create artifacts: true system:gcc:tarball: <<: *base_image <<: *system_test_job <<: *api_schedules_tags_triggers_web_triggering_rules before_script: - cd bind-* - *setup_interfaces needs: - job: gcc:tarball artifacts: true unit:gcc:tarball: <<: *base_image <<: *unit_test_job <<: *api_schedules_tags_triggers_web_triggering_rules before_script: - cd bind-* needs: - job: gcc:tarball artifacts: true # Jobs for debug GCC builds on openSUSE Tumbleweed (amd64) gcc:tumbleweed:amd64: variables: CC: gcc CFLAGS: "${CFLAGS_COMMON} -DDEBUG" EXTRA_CONFIGURE: "--with-libidn2" <<: *tumbleweed_latest_amd64_image <<: *build_job system:gcc:tumbleweed:amd64: <<: *tumbleweed_latest_amd64_image <<: *system_test_job needs: - job: gcc:tumbleweed:amd64 artifacts: true unit:gcc:tumbleweed:amd64: <<: *tumbleweed_latest_amd64_image <<: *unit_test_job needs: - job: gcc:tumbleweed:amd64 artifacts: true # Jobs for regular GCC builds on Ubuntu 20.04 Focal Fossa (amd64) gcc:focal:amd64: variables: CC: gcc CFLAGS: "${CFLAGS_COMMON} -Og" EXTRA_CONFIGURE: "--with-libidn2 --with-gssapi=/usr --disable-geoip" <<: *ubuntu_focal_amd64_image <<: *build_job system:gcc:focal:amd64: <<: *ubuntu_focal_amd64_image <<: *system_test_job needs: - job: gcc:focal:amd64 artifacts: true unit:gcc:focal:amd64: <<: *ubuntu_focal_amd64_image <<: *unit_test_job needs: - job: gcc:focal:amd64 artifacts: true # Jobs for regular GCC builds on Ubuntu 22.04 Jammy Jellyfish (amd64) gcc:jammy:amd64: variables: CC: gcc CFLAGS: "${CFLAGS_COMMON} -O2" EXTRA_CONFIGURE: "--with-libidn2 --disable-dnstap --with-gssapi --without-cmocka" <<: *ubuntu_jammy_amd64_image <<: *build_job system:gcc:jammy:amd64: <<: *ubuntu_jammy_amd64_image <<: *system_test_job needs: - job: gcc:jammy:amd64 artifacts: true unit:gcc:jammy:amd64: <<: *ubuntu_jammy_amd64_image <<: *unit_test_job needs: - job: gcc:jammy:amd64 artifacts: true # Jobs for ASAN builds on Fedora 39 (amd64) gcc:asan: variables: CC: gcc CFLAGS: "${CFLAGS_COMMON} -fsanitize=address,undefined -DISC_MEM_USE_INTERNAL_MALLOC=0" LDFLAGS: "-fsanitize=address,undefined" EXTRA_CONFIGURE: "--with-libidn2" <<: *fedora_39_amd64_image <<: *build_job system:gcc:asan: <<: *fedora_39_amd64_image <<: *system_test_job needs: - job: gcc:asan artifacts: true unit:gcc:asan: <<: *fedora_39_amd64_image <<: *unit_test_job needs: - job: gcc:asan artifacts: true clang:asan: variables: CC: ${CLANG} CFLAGS: "${CFLAGS_COMMON} -fsanitize=address,undefined -DISC_MEM_USE_INTERNAL_MALLOC=0" LDFLAGS: "-fsanitize=address,undefined" EXTRA_CONFIGURE: "--with-libidn2" <<: *base_image <<: *build_job system:clang:asan: <<: *base_image <<: *system_test_job needs: - job: clang:asan artifacts: true unit:clang:asan: <<: *base_image <<: *unit_test_job needs: - job: clang:asan artifacts: true # Jobs for TSAN builds on Fedora 39 (amd64) gcc:tsan: variables: CC: gcc CFLAGS: "${CFLAGS_COMMON} -fsanitize=thread -DISC_MEM_USE_INTERNAL_MALLOC=0" LDFLAGS: "-fsanitize=thread" EXTRA_CONFIGURE: "--with-libidn2 --enable-pthread-rwlock" <<: *tsan_fedora_39_amd64_image <<: *build_job system:gcc:tsan: variables: TSAN_OPTIONS: "${TSAN_OPTIONS_FEDORA}" <<: *tsan_fedora_39_amd64_image <<: *system_test_tsan_job needs: - job: gcc:tsan artifacts: true unit:gcc:tsan: variables: TSAN_OPTIONS: "${TSAN_OPTIONS_FEDORA}" <<: *tsan_fedora_39_amd64_image <<: *unit_test_tsan_job needs: - job: gcc:tsan artifacts: true clang:tsan: <<: *tsan_debian_bookworm_amd64_image <<: *build_job variables: CC: "${CLANG}" CFLAGS: "${CFLAGS_COMMON} -fsanitize=thread -DISC_MEM_USE_INTERNAL_MALLOC=0" LDFLAGS: "-fsanitize=thread" EXTRA_CONFIGURE: "--with-libidn2 --enable-pthread-rwlock" system:clang:tsan: variables: TSAN_OPTIONS: "${TSAN_OPTIONS_DEBIAN}" <<: *tsan_debian_bookworm_amd64_image <<: *system_test_tsan_job needs: - job: clang:tsan artifacts: true unit:clang:tsan: variables: TSAN_OPTIONS: "${TSAN_OPTIONS_DEBIAN}" <<: *tsan_debian_bookworm_amd64_image <<: *unit_test_tsan_job needs: - job: clang:tsan artifacts: true # Jobs for Clang builds on Debian 12 "bookworm" (amd64) clang:bookworm:amd64: variables: BUILD_CONTRIB: 1 CC: ${CLANG} CFLAGS: "${CFLAGS_COMMON} -Wenum-conversion" EXTRA_CONFIGURE: "--with-python=python3" RUN_MAKE_INSTALL: 1 <<: *debian_bookworm_amd64_image <<: *build_job system:clang:bookworm:amd64: <<: *debian_bookworm_amd64_image <<: *system_test_job needs: - job: clang:bookworm:amd64 artifacts: true unit:clang:bookworm:amd64: <<: *debian_bookworm_amd64_image <<: *unit_test_job needs: - job: clang:bookworm:amd64 artifacts: true # Jobs for PKCS#11-enabled builds clang:softhsm2.6: variables: CC: "${CLANG}" CFLAGS: "${CFLAGS_COMMON} -O1" EXTRA_CONFIGURE: "--with-libidn2 --enable-native-pkcs11 --with-pkcs11=/usr/lib/softhsm/libsofthsm2.so" <<: *debian_bullseye_amd64_image <<: *build_job system:clang:softhsm2.6: variables: DISABLE_ALGORITHM_SUPPORT_CHECKING: 1 <<: *debian_bullseye_amd64_image <<: *system_test_job needs: - job: clang:softhsm2.6 artifacts: true unit:clang:softhsm2.6: <<: *debian_bullseye_amd64_image <<: *unit_test_job needs: - job: clang:softhsm2.6 artifacts: true gcc:softhsm2.6: variables: CC: gcc CFLAGS: "${CFLAGS_COMMON} -O1" EXTRA_CONFIGURE: "--with-libidn2 --enable-native-pkcs11 --with-pkcs11=/usr/lib/softhsm/libsofthsm2.so" <<: *debian_bookworm_amd64_image <<: *build_job system:gcc:softhsm2.6: variables: DISABLE_ALGORITHM_SUPPORT_CHECKING: 1 <<: *debian_bookworm_amd64_image <<: *system_test_job needs: - job: gcc:softhsm2.6 artifacts: true unit:gcc:softhsm2.6: <<: *debian_bookworm_amd64_image <<: *unit_test_job needs: - job: gcc:softhsm2.6 artifacts: true # Jobs for Clang builds on FreeBSD 12 (amd64) clang:freebsd12:amd64: variables: CFLAGS: "${CFLAGS_COMMON}" EXTRA_CONFIGURE: "--with-gssapi=krb5-config" USER: gitlab-runner <<: *freebsd_12_amd64_image <<: *build_job system:clang:freebsd12:amd64: <<: *freebsd_12_amd64_image <<: *system_test_job variables: USER: gitlab-runner needs: - job: clang:freebsd12:amd64 artifacts: true unit:clang:freebsd12:amd64: <<: *freebsd_12_amd64_image <<: *unit_test_job needs: - job: clang:freebsd12:amd64 artifacts: true # Jobs for Clang builds on FreeBSD 13 (amd64) clang:freebsd13:amd64: variables: CFLAGS: "${CFLAGS_COMMON}" EXTRA_CONFIGURE: "--with-gssapi=/usr/bin/krb5-config" USER: gitlab-runner <<: *freebsd_13_amd64_image <<: *build_job system:clang:freebsd13:amd64: <<: *freebsd_13_amd64_image <<: *system_test_job variables: USER: gitlab-runner needs: - job: clang:freebsd13:amd64 artifacts: true unit:clang:freebsd13:amd64: <<: *freebsd_13_amd64_image <<: *unit_test_job needs: - job: clang:freebsd13:amd64 artifacts: true # Jobs for Clang builds on FreeBSD 14 (amd64) clang:freebsd14:amd64: variables: CFLAGS: "${CFLAGS_COMMON}" # Disable BIND 9 GSS-API support because of Heimdal incompatibility; see FreeBSD bug #275241. EXTRA_CONFIGURE: "${WITH_READLINE_LIBEDIT} --without-gssapi" USER: gitlab-runner <<: *freebsd_14_amd64_image <<: *build_job system:clang:freebsd14:amd64: <<: *freebsd_14_amd64_image <<: *system_test_job variables: USER: gitlab-runner needs: - job: clang:freebsd14:amd64 artifacts: true unit:clang:freebsd14:amd64: <<: *freebsd_14_amd64_image <<: *unit_test_job needs: - job: clang:freebsd14:amd64 artifacts: true # Jobs for Clang builds on OpenBSD (amd64) clang:openbsd:amd64: variables: CC: clang USER: gitlab-runner EXTRA_CONFIGURE: "--disable-dnstap" <<: *openbsd_amd64_image <<: *build_job # Jobs with libtool disabled nolibtool:sid:amd64: variables: CC: gcc CFLAGS: "${CFLAGS_COMMON}" EXTRA_CONFIGURE: "--with-libidn2 --without-libtool --with-dlopen" <<: *debian_sid_amd64_image <<: *build_job system:nolibtool:sid:amd64: <<: *debian_sid_amd64_image <<: *system_test_job needs: - job: nolibtool:sid:amd64 artifacts: true unit:nolibtool:sid:amd64: <<: *debian_sid_amd64_image <<: *unit_test_job needs: - job: nolibtool:sid:amd64 artifacts: true # Jobs for Visual Studio 2017 builds on Windows (amd64) msvc:windows:amd64: <<: *windows_server_2016_amd64_image <<: *windows_build_job <<: *default_triggering_rules variables: VSCONF: Release system:msvc:windows:amd64: <<: *windows_server_2016_amd64_image <<: *windows_system_test_job <<: *default_triggering_rules variables: VSCONF: Release needs: - job: msvc:windows:amd64 artifacts: true msvc-debug:windows:amd64: <<: *windows_server_2016_amd64_image <<: *windows_build_job <<: *api_schedules_tags_triggers_web_triggering_rules variables: VSCONF: Debug system:msvc-debug:windows:amd64: <<: *windows_server_2016_amd64_image <<: *windows_system_test_job <<: *api_schedules_tags_triggers_web_triggering_rules variables: VSCONF: Debug needs: - job: msvc-debug:windows:amd64 artifacts: true # Job producing a release directory release: <<: *base_image stage: release script: # Determine BIND version - source version - export BIND_DIRECTORY="bind-${MAJORVER}.${MINORVER}.${PATCHVER}${RELEASETYPE}${RELEASEVER}" # Remove redundant files and system test utilities from Windows build artifacts - find Build/Release/ -name "*.pdb" -print -delete - find Build/Debug/ \( -name "*.bsc" -o -name "*.idb" \) -print -delete - find Build/ -regextype posix-extended -regex "Build/.*/($(find bin/tests/ -type f | sed -nE "s|^bin/tests(/system)?/win32/(.*)\.vcxproj$|\2|p" | paste -d"|" -s))\..*" -print -delete # Create Windows zips - openssl dgst -sha256 "${BIND_DIRECTORY}.tar.xz" | tee Build/Release/SHA256 Build/Debug/SHA256 - cp "doc/arm/_build/latex/Bv9ARM.pdf" Build/Release/ - cp "doc/arm/_build/latex/Bv9ARM.pdf" Build/Debug/ - ( cd Build/Release; zip "../../BIND${BIND_DIRECTORY#bind-}.x64.zip" * ) - ( cd Build/Debug; zip "../../BIND${BIND_DIRECTORY#bind-}.debug.x64.zip" * ) # Prepare release tarball contents (tarballs + zips + documentation) - mkdir -p "${BIND_DIRECTORY}-release/doc/arm" - pushd "${BIND_DIRECTORY}-release" - mv "../${BIND_DIRECTORY}.tar.xz" ../BIND*.zip . - tar --extract --file="${BIND_DIRECTORY}.tar.xz" - mv "${BIND_DIRECTORY}"/{CHANGES*,COPYRIGHT,LICENSE,README,srcid} . - rm -rf "${BIND_DIRECTORY}" - mv "../doc/arm/_build/html" doc/arm/ - mv "../doc/arm/_build/latex/Bv9ARM.pdf" doc/arm/ - echo '