.gitlab/ci/rhel.yml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106

.rhel-openssl-backend:
  extends:
    - .dump_kernel_log
  before_script:
    - >
      sudo yum -y -q  install
      autoconf automake device-mapper-devel gcc gettext-devel json-c-devel
      libblkid-devel libpwquality-devel libselinux-devel libssh-devel libtool
      libuuid-devel make popt-devel libsepol-devel nc openssh-clients passwd
      pkgconfig sharutils sshpass tar uuid-devel vim-common device-mapper
      expect gettext git jq keyutils openssl-devel openssl gem > /dev/null 2>&1
    - sudo gem install asciidoctor
    - sudo -E git clean -xdf
    - ./autogen.sh
    - ./configure --enable-fips --enable-pwquality --with-crypto_backend=openssl --enable-asciidoc

# non-FIPS jobs

test-main-commit-rhel8:
  extends:
    - .rhel-openssl-backend
  tags:
    - libvirt
    - rhel8
  stage: test
  interruptible: true
  variables:
    RUN_SSH_PLUGIN_TEST: "1"
  rules:
    - if: $RUN_SYSTEMD_PLUGIN_TEST != null
      when: never
    - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup"
      when: never
    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ /v2\..\.x$/
  script:
    - make -j
    - make -j -C tests check-programs
    - sudo -E make check

test-main-commit-rhel9:
  extends:
    - .rhel-openssl-backend
  tags:
    - libvirt
    - rhel9
  stage: test
  interruptible: true
  variables:
    RUN_SSH_PLUGIN_TEST: "1"
  rules:
    - if: $RUN_SYSTEMD_PLUGIN_TEST != null
      when: never
    - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup"
      when: never
    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ /v2\..\.x$/
  script:
    - make -j
    - make -j -C tests check-programs
    - sudo -E make check

# FIPS jobs

test-main-commit-rhel8-fips:
  extends:
    - .rhel-openssl-backend
  tags:
    - libvirt
    - rhel8-fips
  stage: test
  interruptible: true
  variables:
    RUN_SSH_PLUGIN_TEST: "1"
  rules:
    - if: $RUN_SYSTEMD_PLUGIN_TEST != null
      when: never
    - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup"
      when: never
    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ /v2\..\.x$/
  script:
    - fips-mode-setup --check || exit 1
    - make -j
    - make -j -C tests check-programs
    - sudo -E make check

test-main-commit-rhel9-fips:
  extends:
    - .rhel-openssl-backend
  tags:
    - libvirt
    - rhel9-fips
  stage: test
  interruptible: true
  allow_failure: true
  variables:
    RUN_SSH_PLUGIN_TEST: "1"
  rules:
    - if: $RUN_SYSTEMD_PLUGIN_TEST != null
      when: never
    - if: $CI_PROJECT_PATH != "cryptsetup/cryptsetup"
      when: never
    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_COMMIT_BRANCH =~ /v2\..\.x$/
  script:
    - fips-mode-setup --check || exit 1
    - make -j
    - make -j -C tests check-programs
    - sudo -E make check