ci: use our CI/CD components from common-ci.git

1 files changed, 69 insertions, 224 deletions

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 04c58935..1190b7fa 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -3,199 +3,101 @@ stages:
   - build
   - test
 
-# These stanzas do some common management tasks before and after the
-# job-specific before_script and after_script stanzas are run.
-# before_script_start configures any default global state.  The
-# job-specific before_script can override this state, if required.
-# before_script_end prints out information about the environment to
-# improve debugging; it does not modify the environment.
-# after_script_end does some common management tasks after the
-# job-specific after_script is run.  It prints information about the
-# environment, and does some clean up.
-#
-# Add this to your stanza as follows:
-#
-#   before_script:
-#     - *before_script_start
-#     - *** YOUR CODE HERE ***
-#     - *before_script_end
-#   after_script:
-#     - *** YOUR CODE HERE ***
-#     - *after_script_end
 
-.before_script_start: &before_script_start
-  - 'if test "x${RUSTFLAGS+SET}" = xSET; then echo "\$RUSTFLAGS is set ($RUSTFLAGS)"; exit 1; fi'
-
-.before_script_end: &before_script_end
-  - 'if test "x${RUSTFLAGS+SET}" = xSET; then echo "WARNING: before_script set \$RUSTFLAGS ($RUSTFLAGS)"; fi'
-  - rustc --version --verbose
-  - cargo --version
-  - clang -v
-  - if [ -d $CARGO_TARGET_DIR ]; then find $CARGO_TARGET_DIR | wc --lines; du -sh $CARGO_TARGET_DIR; fi
-  - if [ -d $CARGO_HOME ]; then find $CARGO_HOME | wc --lines; du -sh $CARGO_HOME; fi
-
-.after_script_end: &after_script_end
-  - if [ -d $CARGO_TARGET_DIR ]; then find $CARGO_TARGET_DIR -type f -atime +7 -delete; fi
-  - if [ -d $CARGO_TARGET_DIR ]; then du -sh $CARGO_TARGET_DIR; fi
-  - if [ -d $CARGO_HOME ]; then du -sh $CARGO_HOME; fi
-
-before_script:
-  - *before_script_start
-  - *before_script_end
-
-after_script:
-  - *after_script_end
-
-# Don't run when merging a commit into main.
-#
-# We've configured the gitlab project so that the only way to push to
-# main is via a merge request for which CI has passed.  As such,
-# running (most) jobs when merging to main is a waste of resources,
-# and we don't do it by default.
-.default_rules:
-  rules:
-    - if: $CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH != $CI_DEFAULT_BRANCH
-      when: on_success
-
-trixie:
-  tags:
-    - linux
-  stage: build
-  interruptible: true
-  image: 192.168.122.1:5000/sequoia-pgp/build-docker-image/trixie-prebuild:latest
+include:
+  - component: gitlab.com/sequoia-pgp/common-ci/precheck@main
+  - component: gitlab.com/sequoia-pgp/common-ci/authenticate-commits@main
+  - component: gitlab.com/sequoia-pgp/common-ci/rust-basic@main
+    inputs:
+      job_name: trixie
+      image: 192.168.122.1:5000/sequoia-pgp/build-docker-image/trixie-prebuild
+  - component: gitlab.com/sequoia-pgp/common-ci/rust-basic@main
+    inputs:
+      job_name: trixie-crypto-rust
+      image: 192.168.122.1:5000/sequoia-pgp/build-docker-image/trixie-prebuild
+      cargo_args: '--manifest-path openpgp/Cargo.toml --no-default-features --features crypto-rust,compression,allow-experimental-crypto,allow-variable-time-crypto --example supported-algorithms'
+  - component: gitlab.com/sequoia-pgp/common-ci/rust-basic@main
+    inputs:
+      job_name: trixie-crypto-openssl
+      image: 192.168.122.1:5000/sequoia-pgp/build-docker-image/trixie-prebuild
+      cargo_args: '--manifest-path openpgp/Cargo.toml --no-default-features --features crypto-openssl,compression --example supported-algorithms'
+  - component: gitlab.com/sequoia-pgp/common-ci/rust-basic@main
+    inputs:
+      job_name: trixie-crypto-botan
+      image: 192.168.122.1:5000/sequoia-pgp/build-docker-image/trixie-prebuild
+      cargo_args: '--manifest-path openpgp/Cargo.toml --no-default-features --features crypto-botan2,compression --example supported-algorithms'
+  - component: gitlab.com/sequoia-pgp/common-ci/rust-basic@main
+    inputs:
+      job_name: trixie-crypto-fuzzing
+      image: 192.168.122.1:5000/sequoia-pgp/build-docker-image/trixie-prebuild
+      run_test_job: "false"
+      cargo_cmd: 'check'
+      cargo_args: '--manifest-path openpgp/Cargo.toml --no-default-features --features crypto-fuzzing,compression,allow-experimental-crypto,allow-variable-time-crypto'
+  - component: gitlab.com/sequoia-pgp/common-ci/rust-basic@main
+    inputs:
+      job_name: rust-stable
+      image: 192.168.122.1:5000/sequoia-pgp/build-docker-image/rust-stable-prebuild
+      run_test_job: "false"
+      cargo_args: '--manifest-path openpgp/Cargo.toml --no-default-features --features crypto-nettle,compression --example supported-algorithms'
+  - component: gitlab.com/sequoia-pgp/common-ci/rust-basic@main
+    inputs:
+      job_name: rust-stable-armv7
+      image: 192.168.122.1:5000/sequoia-pgp/build-docker-image/bullseye-cross-arm-prebuild
+      run_test_job: "false"
+      cargo_cmd: 'test'
+      cargo_args: '--tests --target=armv7-unknown-linux-gnueabihf -p buffered-reader -p sequoia-openpgp'
+  - component: gitlab.com/sequoia-pgp/common-ci/rust-basic@main
+    inputs:
+      job_name: doc
+      image: 192.168.122.1:5000/sequoia-pgp/build-docker-image/trixie-prebuild
+      run_test_job: "false"
+      cargo_cmd: 'doc'
+      cargo_args: '--document-private-items --no-deps'
+    
+trixie-build:
   script:
     - cargo run --manifest-path openpgp/Cargo.toml --no-default-features --features crypto-nettle,compression --example supported-algorithms
-    - $MAKE_TOP test
     - if ! git diff --quiet Cargo.lock ; then echo "Cargo.lock changed.  Please add the change to the corresponding commit." ; git diff ; false ; fi
     - if ! git diff --quiet ; then echo "The build changed the source.  Please investigate." ; git diff ; fi
-  rules:
-    - !reference [.default_rules, rules]
-  variables:
-    CARGO_TARGET_DIR: /target
-    CARGO_HOME: /cargo
 
-trixie-crypto-rust:
-  tags:
-    - linux
-  stage: build
-  interruptible: true
-  image: 192.168.122.1:5000/sequoia-pgp/build-docker-image/trixie-prebuild:latest
-  dependencies:
-    - codespell
+trixie-crypto-rust-build:
   script:
-    - cargo run --manifest-path openpgp/Cargo.toml --no-default-features --features crypto-rust,compression,allow-experimental-crypto,allow-variable-time-crypto --example supported-algorithms
     - cargo test --release --manifest-path openpgp/Cargo.toml --no-default-features --features crypto-rust,compression,allow-experimental-crypto,allow-variable-time-crypto
-  rules:
-    - !reference [.default_rules, rules]
-  variables:
-    CARGO_TARGET_DIR: /target
-    CARGO_HOME: /cargo
 
-trixie-crypto-openssl:
-  tags:
-    - linux
-  stage: build
-  interruptible: true
-  image: 192.168.122.1:5000/sequoia-pgp/build-docker-image/trixie-prebuild:latest
-  dependencies:
-    - codespell
+trixie-crypto-openssl-build:
   script:
-    - cargo run --manifest-path openpgp/Cargo.toml --no-default-features --features crypto-openssl,compression --example supported-algorithms
     - cargo test --manifest-path openpgp/Cargo.toml --no-default-features --features crypto-openssl,compression
-  rules:
-    - !reference [.default_rules, rules]
-  variables:
-    CARGO_TARGET_DIR: /target
-    CARGO_HOME: /cargo
 
-trixie-crypto-botan:
-  tags:
-    - linux
-  stage: build
-  interruptible: true
-  image: 192.168.122.1:5000/sequoia-pgp/build-docker-image/trixie-prebuild:latest
+trixie-crypto-botan-build:
   script:
-    - cargo run --manifest-path openpgp/Cargo.toml --no-default-features --features crypto-botan2,compression --example supported-algorithms
     - cargo test --manifest-path openpgp/Cargo.toml --no-default-features --features crypto-botan2,compression
-  rules:
-    - !reference [.default_rules, rules]
-  variables:
-    CARGO_TARGET_DIR: /target
-    CARGO_HOME: /cargo
 
-trixie-crypto-fuzzing:
-  tags:
-    - linux
-  stage: build
-  interruptible: true
-  image: 192.168.122.1:5000/sequoia-pgp/build-docker-image/trixie-prebuild:latest
+rust-stable-build:
   script:
-    - cargo check --manifest-path openpgp/Cargo.toml --no-default-features --features crypto-fuzzing,compression,allow-experimental-crypto,allow-variable-time-crypto
-  rules:
-    - !reference [.default_rules, rules]
-  variables:
-    CARGO_TARGET_DIR: /target
-    CARGO_HOME: /cargo
+    - CARGO_PACKAGES="-p buffered-reader -p sequoia-openpgp" $MAKE_TOP test
 
+rust-stable-armv7-build:
+  before_script:
+    - !reference [.before_script, start]
+    - cat .ci/snippet_for_cross_compilation_config.toml >> .cargo/config.toml
+    - !reference [.before_script, end]
+  variables:
+    PKG_CONFIG_PATH: /usr/lib/arm-linux-gnueabihf/pkgconfig
+    PKG_CONFIG_ALLOW_CROSS: 1
+    
 all_commits:
   # Test each commit up to main, to facilitate bisecting.
   stage: test
   interruptible: true
   image: 192.168.122.1:5000/sequoia-pgp/build-docker-image/trixie-prebuild:latest
-  needs: ["rust-stable"]
+  needs: ["rust-stable-build"]
   script:
     - .ci/all_commits.sh
   rules:
     - !reference [.default_rules, rules]
   variables:
-    CARGO_TARGET_DIR: /target
-    CARGO_HOME: /cargo
     GIT_STRATEGY: clone
-
-codespell:
-  tags:
-    - linux
-  stage: pre-check
-  interruptible: true
-  image: 192.168.122.1:5000/sequoia-pgp/build-docker-image/trixie:latest
-
-  before_script:
-    - *before_script_start
-    - codespell --version
-    - *before_script_end
-  script:
-    - $MAKE_TOP codespell CODESPELL_FLAGS=--summary
-  rules:
-    - !reference [.default_rules, rules]
-
-doc:
-  tags:
-    - linux
-  stage: build
-  interruptible: true
-  image: 192.168.122.1:5000/sequoia-pgp/build-docker-image/trixie-prebuild:latest
-  script:
-    - cargo doc --document-private-items --no-deps
-  rules:
-    - !reference [.default_rules, rules]
-  variables:
-    CARGO_TARGET_DIR: /target
-    CARGO_HOME: /cargo
-
-rust-stable:
-  tags:
-    - linux
-  stage: build
-  interruptible: true
-  image: 192.168.122.1:5000/sequoia-pgp/build-docker-image/rust-stable-prebuild:latest
-  script:
-    - CARGO_PACKAGES="-p buffered-reader -p sequoia-openpgp" $MAKE_TOP test
-  rules:
-    - !reference [.default_rules, rules]
-  variables:
-    CARGO_TARGET_DIR: /target
-    CARGO_HOME: /cargo
-
+ 
 clippy:
   tags:
     - linux
@@ -203,38 +105,15 @@ clippy:
   interruptible: true
   image: 192.168.122.1:5000/sequoia-pgp/build-docker-image/rust-stable-prebuild:latest
   before_script:
-    - *before_script_start
+    - !reference [.before_script, start]
     - rustup default 1.67.0 # Pin clippy.
     - rustup component add clippy
     - cargo clippy --version
-    - *before_script_end
+    - !reference [.before_script, end]
   script:
     - cargo clippy
   rules:
     - !reference [.default_rules, rules]
-  variables:
-    CARGO_TARGET_DIR: /target
-    CARGO_HOME: /cargo
-
-rust-stable-armv7:
-  tags:
-    - linux
-  stage: build
-  interruptible: true
-  image: 192.168.122.1:5000/sequoia-pgp/build-docker-image/bullseye-cross-arm-prebuild:latest
-  before_script:
-    - *before_script_start
-    - cat .ci/snippet_for_cross_compilation_config.toml >> .cargo/config.toml
-    - *before_script_end
-  script:
-    - cargo test --tests --target=armv7-unknown-linux-gnueabihf -p buffered-reader -p sequoia-openpgp
-  rules:
-    - !reference [.default_rules, rules]
-  variables:
-    CARGO_TARGET_DIR: /target
-    CARGO_HOME: /cargo
-    PKG_CONFIG_PATH: /usr/lib/arm-linux-gnueabihf/pkgconfig
-    PKG_CONFIG_ALLOW_CROSS: 1
 
 windows-msvc-cng:
   tags:
@@ -250,8 +129,6 @@ windows-msvc-cng:
       when: never
     - !reference [.default_rules, rules]
   before_script:
-    # We don't call *before_script_start or *before_script_end as we
-    # don't have bash, clang, etc.
     - rustc --version --verbose
     - cargo --version
   script:
@@ -289,8 +166,6 @@ windows-msvc32-cng:
       when: never
     - !reference [.default_rules, rules]
   before_script:
-    # We don't call *before_script_start or *before_script_end as we
-    # don't have bash, clang, etc.
     - rustup target add i686-pc-windows-msvc
     - rustup show
     - rustc --version --verbose
@@ -301,33 +176,3 @@ windows-msvc32-cng:
   after_script: [] # scriptlet doesn't work on Powershell
   variables:
     CFLAGS: "" # Silence some C warnings when compiling with MSVC
-
-authenticate-commits:
-  stage: test
-  interruptible: true
-  image: registry.gitlab.com/sequoia-pgp/sequoia-git:latest
-  before_script: []
-  script:
-    - sq-git policy describe
-    - /usr/sbin/gitlab.sh # Script baked-in to image
-  after_script: []
-  rules:
-    # Run whenever the non-default branch is updated.  Note, we only
-    # run for "push" events otherwise the job would also be triggered
-    # for merge requests, which would result in the job running twice.
-    #
-    # TODO: We currently only authenticate the changes on non-merged
-    # branches where we use the default branch as the trust root.  For
-    # the default branch, the project needs to set an explicit trust
-    # root.
-    - if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH != $CI_DEFAULT_BRANCH'
-
-variables:
-  DEBIAN_FRONTEND: noninteractive
-  CARGO_HOME: $CI_PROJECT_DIR/../cargo
-  CARGO_FLAGS: --color always
-  CARGO_INCREMENTAL: 0
-  RUST_BACKTRACE: full
-  CFLAGS: -Werror
-  MAKE_TOP: make --file=.Makefile
-  QUICKCHECK_GENERATOR_SIZE: 500 # https://github.com/BurntSushi/quickcheck/pull/240