From 8ba9c93f0b744878c297e103718df5c59e524ba1 Mon Sep 17 00:00:00 2001 From: Devan Carpenter Date: Sat, 30 Dec 2023 11:21:59 -0500 Subject: ci: use our CI/CD components from common-ci.git --- .gitlab-ci.yml | 293 ++++++++++++++------------------------------------------- 1 file changed, 69 insertions(+), 224 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 04c58935..1190b7fa 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -3,199 +3,101 @@ stages: - build - test -# These stanzas do some common management tasks before and after the -# job-specific before_script and after_script stanzas are run. -# before_script_start configures any default global state. The -# job-specific before_script can override this state, if required. -# before_script_end prints out information about the environment to -# improve debugging; it does not modify the environment. -# after_script_end does some common management tasks after the -# job-specific after_script is run. It prints information about the -# environment, and does some clean up. -# -# Add this to your stanza as follows: -# -# before_script: -# - *before_script_start -# - *** YOUR CODE HERE *** -# - *before_script_end -# after_script: -# - *** YOUR CODE HERE *** -# - *after_script_end -.before_script_start: &before_script_start - - 'if test "x${RUSTFLAGS+SET}" = xSET; then echo "\$RUSTFLAGS is set ($RUSTFLAGS)"; exit 1; fi' - -.before_script_end: &before_script_end - - 'if test "x${RUSTFLAGS+SET}" = xSET; then echo "WARNING: before_script set \$RUSTFLAGS ($RUSTFLAGS)"; fi' - - rustc --version --verbose - - cargo --version - - clang -v - - if [ -d $CARGO_TARGET_DIR ]; then find $CARGO_TARGET_DIR | wc --lines; du -sh $CARGO_TARGET_DIR; fi - - if [ -d $CARGO_HOME ]; then find $CARGO_HOME | wc --lines; du -sh $CARGO_HOME; fi - -.after_script_end: &after_script_end - - if [ -d $CARGO_TARGET_DIR ]; then find $CARGO_TARGET_DIR -type f -atime +7 -delete; fi - - if [ -d $CARGO_TARGET_DIR ]; then du -sh $CARGO_TARGET_DIR; fi - - if [ -d $CARGO_HOME ]; then du -sh $CARGO_HOME; fi - -before_script: - - *before_script_start - - *before_script_end - -after_script: - - *after_script_end - -# Don't run when merging a commit into main. -# -# We've configured the gitlab project so that the only way to push to -# main is via a merge request for which CI has passed. As such, -# running (most) jobs when merging to main is a waste of resources, -# and we don't do it by default. -.default_rules: - rules: - - if: $CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH != $CI_DEFAULT_BRANCH - when: on_success - -trixie: - tags: - - linux - stage: build - interruptible: true - image: 192.168.122.1:5000/sequoia-pgp/build-docker-image/trixie-prebuild:latest +include: + - component: gitlab.com/sequoia-pgp/common-ci/precheck@main + - component: gitlab.com/sequoia-pgp/common-ci/authenticate-commits@main + - component: gitlab.com/sequoia-pgp/common-ci/rust-basic@main + inputs: + job_name: trixie + image: 192.168.122.1:5000/sequoia-pgp/build-docker-image/trixie-prebuild + - component: gitlab.com/sequoia-pgp/common-ci/rust-basic@main + inputs: + job_name: trixie-crypto-rust + image: 192.168.122.1:5000/sequoia-pgp/build-docker-image/trixie-prebuild + cargo_args: '--manifest-path openpgp/Cargo.toml --no-default-features --features crypto-rust,compression,allow-experimental-crypto,allow-variable-time-crypto --example supported-algorithms' + - component: gitlab.com/sequoia-pgp/common-ci/rust-basic@main + inputs: + job_name: trixie-crypto-openssl + image: 192.168.122.1:5000/sequoia-pgp/build-docker-image/trixie-prebuild + cargo_args: '--manifest-path openpgp/Cargo.toml --no-default-features --features crypto-openssl,compression --example supported-algorithms' + - component: gitlab.com/sequoia-pgp/common-ci/rust-basic@main + inputs: + job_name: trixie-crypto-botan + image: 192.168.122.1:5000/sequoia-pgp/build-docker-image/trixie-prebuild + cargo_args: '--manifest-path openpgp/Cargo.toml --no-default-features --features crypto-botan2,compression --example supported-algorithms' + - component: gitlab.com/sequoia-pgp/common-ci/rust-basic@main + inputs: + job_name: trixie-crypto-fuzzing + image: 192.168.122.1:5000/sequoia-pgp/build-docker-image/trixie-prebuild + run_test_job: "false" + cargo_cmd: 'check' + cargo_args: '--manifest-path openpgp/Cargo.toml --no-default-features --features crypto-fuzzing,compression,allow-experimental-crypto,allow-variable-time-crypto' + - component: gitlab.com/sequoia-pgp/common-ci/rust-basic@main + inputs: + job_name: rust-stable + image: 192.168.122.1:5000/sequoia-pgp/build-docker-image/rust-stable-prebuild + run_test_job: "false" + cargo_args: '--manifest-path openpgp/Cargo.toml --no-default-features --features crypto-nettle,compression --example supported-algorithms' + - component: gitlab.com/sequoia-pgp/common-ci/rust-basic@main + inputs: + job_name: rust-stable-armv7 + image: 192.168.122.1:5000/sequoia-pgp/build-docker-image/bullseye-cross-arm-prebuild + run_test_job: "false" + cargo_cmd: 'test' + cargo_args: '--tests --target=armv7-unknown-linux-gnueabihf -p buffered-reader -p sequoia-openpgp' + - component: gitlab.com/sequoia-pgp/common-ci/rust-basic@main + inputs: + job_name: doc + image: 192.168.122.1:5000/sequoia-pgp/build-docker-image/trixie-prebuild + run_test_job: "false" + cargo_cmd: 'doc' + cargo_args: '--document-private-items --no-deps' + +trixie-build: script: - cargo run --manifest-path openpgp/Cargo.toml --no-default-features --features crypto-nettle,compression --example supported-algorithms - - $MAKE_TOP test - if ! git diff --quiet Cargo.lock ; then echo "Cargo.lock changed. Please add the change to the corresponding commit." ; git diff ; false ; fi - if ! git diff --quiet ; then echo "The build changed the source. Please investigate." ; git diff ; fi - rules: - - !reference [.default_rules, rules] - variables: - CARGO_TARGET_DIR: /target - CARGO_HOME: /cargo -trixie-crypto-rust: - tags: - - linux - stage: build - interruptible: true - image: 192.168.122.1:5000/sequoia-pgp/build-docker-image/trixie-prebuild:latest - dependencies: - - codespell +trixie-crypto-rust-build: script: - - cargo run --manifest-path openpgp/Cargo.toml --no-default-features --features crypto-rust,compression,allow-experimental-crypto,allow-variable-time-crypto --example supported-algorithms - cargo test --release --manifest-path openpgp/Cargo.toml --no-default-features --features crypto-rust,compression,allow-experimental-crypto,allow-variable-time-crypto - rules: - - !reference [.default_rules, rules] - variables: - CARGO_TARGET_DIR: /target - CARGO_HOME: /cargo -trixie-crypto-openssl: - tags: - - linux - stage: build - interruptible: true - image: 192.168.122.1:5000/sequoia-pgp/build-docker-image/trixie-prebuild:latest - dependencies: - - codespell +trixie-crypto-openssl-build: script: - - cargo run --manifest-path openpgp/Cargo.toml --no-default-features --features crypto-openssl,compression --example supported-algorithms - cargo test --manifest-path openpgp/Cargo.toml --no-default-features --features crypto-openssl,compression - rules: - - !reference [.default_rules, rules] - variables: - CARGO_TARGET_DIR: /target - CARGO_HOME: /cargo -trixie-crypto-botan: - tags: - - linux - stage: build - interruptible: true - image: 192.168.122.1:5000/sequoia-pgp/build-docker-image/trixie-prebuild:latest +trixie-crypto-botan-build: script: - - cargo run --manifest-path openpgp/Cargo.toml --no-default-features --features crypto-botan2,compression --example supported-algorithms - cargo test --manifest-path openpgp/Cargo.toml --no-default-features --features crypto-botan2,compression - rules: - - !reference [.default_rules, rules] - variables: - CARGO_TARGET_DIR: /target - CARGO_HOME: /cargo -trixie-crypto-fuzzing: - tags: - - linux - stage: build - interruptible: true - image: 192.168.122.1:5000/sequoia-pgp/build-docker-image/trixie-prebuild:latest +rust-stable-build: script: - - cargo check --manifest-path openpgp/Cargo.toml --no-default-features --features crypto-fuzzing,compression,allow-experimental-crypto,allow-variable-time-crypto - rules: - - !reference [.default_rules, rules] - variables: - CARGO_TARGET_DIR: /target - CARGO_HOME: /cargo + - CARGO_PACKAGES="-p buffered-reader -p sequoia-openpgp" $MAKE_TOP test +rust-stable-armv7-build: + before_script: + - !reference [.before_script, start] + - cat .ci/snippet_for_cross_compilation_config.toml >> .cargo/config.toml + - !reference [.before_script, end] + variables: + PKG_CONFIG_PATH: /usr/lib/arm-linux-gnueabihf/pkgconfig + PKG_CONFIG_ALLOW_CROSS: 1 + all_commits: # Test each commit up to main, to facilitate bisecting. stage: test interruptible: true image: 192.168.122.1:5000/sequoia-pgp/build-docker-image/trixie-prebuild:latest - needs: ["rust-stable"] + needs: ["rust-stable-build"] script: - .ci/all_commits.sh rules: - !reference [.default_rules, rules] variables: - CARGO_TARGET_DIR: /target - CARGO_HOME: /cargo GIT_STRATEGY: clone - -codespell: - tags: - - linux - stage: pre-check - interruptible: true - image: 192.168.122.1:5000/sequoia-pgp/build-docker-image/trixie:latest - - before_script: - - *before_script_start - - codespell --version - - *before_script_end - script: - - $MAKE_TOP codespell CODESPELL_FLAGS=--summary - rules: - - !reference [.default_rules, rules] - -doc: - tags: - - linux - stage: build - interruptible: true - image: 192.168.122.1:5000/sequoia-pgp/build-docker-image/trixie-prebuild:latest - script: - - cargo doc --document-private-items --no-deps - rules: - - !reference [.default_rules, rules] - variables: - CARGO_TARGET_DIR: /target - CARGO_HOME: /cargo - -rust-stable: - tags: - - linux - stage: build - interruptible: true - image: 192.168.122.1:5000/sequoia-pgp/build-docker-image/rust-stable-prebuild:latest - script: - - CARGO_PACKAGES="-p buffered-reader -p sequoia-openpgp" $MAKE_TOP test - rules: - - !reference [.default_rules, rules] - variables: - CARGO_TARGET_DIR: /target - CARGO_HOME: /cargo - + clippy: tags: - linux @@ -203,38 +105,15 @@ clippy: interruptible: true image: 192.168.122.1:5000/sequoia-pgp/build-docker-image/rust-stable-prebuild:latest before_script: - - *before_script_start + - !reference [.before_script, start] - rustup default 1.67.0 # Pin clippy. - rustup component add clippy - cargo clippy --version - - *before_script_end + - !reference [.before_script, end] script: - cargo clippy rules: - !reference [.default_rules, rules] - variables: - CARGO_TARGET_DIR: /target - CARGO_HOME: /cargo - -rust-stable-armv7: - tags: - - linux - stage: build - interruptible: true - image: 192.168.122.1:5000/sequoia-pgp/build-docker-image/bullseye-cross-arm-prebuild:latest - before_script: - - *before_script_start - - cat .ci/snippet_for_cross_compilation_config.toml >> .cargo/config.toml - - *before_script_end - script: - - cargo test --tests --target=armv7-unknown-linux-gnueabihf -p buffered-reader -p sequoia-openpgp - rules: - - !reference [.default_rules, rules] - variables: - CARGO_TARGET_DIR: /target - CARGO_HOME: /cargo - PKG_CONFIG_PATH: /usr/lib/arm-linux-gnueabihf/pkgconfig - PKG_CONFIG_ALLOW_CROSS: 1 windows-msvc-cng: tags: @@ -250,8 +129,6 @@ windows-msvc-cng: when: never - !reference [.default_rules, rules] before_script: - # We don't call *before_script_start or *before_script_end as we - # don't have bash, clang, etc. - rustc --version --verbose - cargo --version script: @@ -289,8 +166,6 @@ windows-msvc32-cng: when: never - !reference [.default_rules, rules] before_script: - # We don't call *before_script_start or *before_script_end as we - # don't have bash, clang, etc. - rustup target add i686-pc-windows-msvc - rustup show - rustc --version --verbose @@ -301,33 +176,3 @@ windows-msvc32-cng: after_script: [] # scriptlet doesn't work on Powershell variables: CFLAGS: "" # Silence some C warnings when compiling with MSVC - -authenticate-commits: - stage: test - interruptible: true - image: registry.gitlab.com/sequoia-pgp/sequoia-git:latest - before_script: [] - script: - - sq-git policy describe - - /usr/sbin/gitlab.sh # Script baked-in to image - after_script: [] - rules: - # Run whenever the non-default branch is updated. Note, we only - # run for "push" events otherwise the job would also be triggered - # for merge requests, which would result in the job running twice. - # - # TODO: We currently only authenticate the changes on non-merged - # branches where we use the default branch as the trust root. For - # the default branch, the project needs to set an explicit trust - # root. - - if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH != $CI_DEFAULT_BRANCH' - -variables: - DEBIAN_FRONTEND: noninteractive - CARGO_HOME: $CI_PROJECT_DIR/../cargo - CARGO_FLAGS: --color always - CARGO_INCREMENTAL: 0 - RUST_BACKTRACE: full - CFLAGS: -Werror - MAKE_TOP: make --file=.Makefile - QUICKCHECK_GENERATOR_SIZE: 500 # https://github.com/BurntSushi/quickcheck/pull/240 -- cgit v1.2.3