stages:
  - pre-check
  - build
  - test

# These stanzas do some common management tasks before and after the
# job-specific before_script and after_script stanzas are run.
# before_script_start configures any default global state.  The
# job-specific before_script can override this state, if required.
# before_script_end prints out information about the environment to
# improve debugging; it does not modify the environment.
# after_script_end does some common management tasks after the
# job-specific after_script is run.  It prints information about the
# environment, and does some clean up.
#
# Add this to your stanza as follows:
#
#   before_script:
#     - *before_script_start
#     - *** YOUR CODE HERE ***
#     - *before_script_end
#   after_script:
#     - *** YOUR CODE HERE ***
#     - *after_script_end

.before_script_start: &before_script_start
  - 'if test "x${RUSTFLAGS+SET}" = xSET; then echo "\$RUSTFLAGS is set ($RUSTFLAGS)"; exit 1; fi'

.before_script_end: &before_script_end
  - 'if test "x${RUSTFLAGS+SET}" = xSET; then echo "WARNING: before_script set \$RUSTFLAGS ($RUSTFLAGS)"; fi'
  - rustc --version --verbose
  - cargo --version
  - clang -v
  - if [ -d $CARGO_TARGET_DIR ]; then find $CARGO_TARGET_DIR | wc --lines; du -sh $CARGO_TARGET_DIR; fi
  - if [ -d $CARGO_HOME ]; then find $CARGO_HOME | wc --lines; du -sh $CARGO_HOME; fi

.after_script_end: &after_script_end
  - if [ -d $CARGO_TARGET_DIR ]; then find $CARGO_TARGET_DIR -type f -atime +7 -delete; fi
  - if [ -d $CARGO_TARGET_DIR ]; then du -sh $CARGO_TARGET_DIR; fi
  - if [ -d $CARGO_HOME ]; then du -sh $CARGO_HOME; fi

before_script:
  - *before_script_start
  - *before_script_end

after_script:
  - *after_script_end

# Don't run when merging a commit into main.
#
# We've configured the gitlab project so that the only way to push to
# main is via a merge request for which CI has passed.  As such,
# running (most) jobs when merging to main is a waste of resources,
# and we don't do it by default.
.default_rules:
  rules:
    - if: $CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH != $CI_DEFAULT_BRANCH
      when: on_success

trixie:
  tags:
    - linux
  stage: build
  interruptible: true
  image: 192.168.122.1:5000/sequoia-pgp/build-docker-image/trixie-prebuild:latest
  script:
    - cargo run --manifest-path openpgp/Cargo.toml --no-default-features --features crypto-nettle,compression --example supported-algorithms
    - $MAKE_TOP test
    - if ! git diff --quiet Cargo.lock ; then echo "Cargo.lock changed.  Please add the change to the corresponding commit." ; git diff ; false ; fi
    - if ! git diff --quiet ; then echo "The build changed the source.  Please investigate." ; git diff ; fi
  rules:
    - !reference [.default_rules, rules]
  variables:
    CARGO_TARGET_DIR: /target
    CARGO_HOME: /cargo

trixie-crypto-rust:
  tags:
    - linux
  stage: build
  interruptible: true
  image: 192.168.122.1:5000/sequoia-pgp/build-docker-image/trixie-prebuild:latest
  dependencies:
    - codespell
  script:
    - cargo run --manifest-path openpgp/Cargo.toml --no-default-features --features crypto-rust,compression,allow-experimental-crypto,allow-variable-time-crypto --example supported-algorithms
    - cargo test --release --manifest-path openpgp/Cargo.toml --no-default-features --features crypto-rust,compression,allow-experimental-crypto,allow-variable-time-crypto
  rules:
    - !reference [.default_rules, rules]
  variables:
    CARGO_TARGET_DIR: /target
    CARGO_HOME: /cargo

trixie-crypto-openssl:
  tags:
    - linux
  stage: build
  interruptible: true
  image: 192.168.122.1:5000/sequoia-pgp/build-docker-image/trixie-prebuild:latest
  dependencies:
    - codespell
  script:
    - cargo run --manifest-path openpgp/Cargo.toml --no-default-features --features crypto-openssl,compression --example supported-algorithms
    - cargo test --manifest-path openpgp/Cargo.toml --no-default-features --features crypto-openssl,compression
  rules:
    - !reference [.default_rules, rules]
  variables:
    CARGO_TARGET_DIR: /target
    CARGO_HOME: /cargo

trixie-crypto-botan:
  tags:
    - linux
  stage: build
  interruptible: true
  image: 192.168.122.1:5000/sequoia-pgp/build-docker-image/trixie-prebuild:latest
  script:
    - cargo run --manifest-path openpgp/Cargo.toml --no-default-features --features crypto-botan2,compression --example supported-algorithms
    - cargo test --manifest-path openpgp/Cargo.toml --no-default-features --features crypto-botan2,compression
  rules:
    - !reference [.default_rules, rules]
  variables:
    CARGO_TARGET_DIR: /target
    CARGO_HOME: /cargo

trixie-crypto-fuzzing:
  tags:
    - linux
  stage: build
  interruptible: true
  image: 192.168.122.1:5000/sequoia-pgp/build-docker-image/trixie-prebuild:latest
  script:
    - cargo check --manifest-path openpgp/Cargo.toml --no-default-features --features crypto-fuzzing,compression,allow-experimental-crypto,allow-variable-time-crypto
  rules:
    - !reference [.default_rules, rules]
  variables:
    CARGO_TARGET_DIR: /target
    CARGO_HOME: /cargo

all_commits:
  # Test each commit up to main, to facilitate bisecting.
  stage: test
  interruptible: true
  image: 192.168.122.1:5000/sequoia-pgp/build-docker-image/trixie-prebuild:latest
  needs: ["rust-stable"]
  script:
    - .ci/all_commits.sh
  rules:
    - !reference [.default_rules, rules]
  variables:
    CARGO_TARGET_DIR: /target
    CARGO_HOME: /cargo
    GIT_STRATEGY: clone

codespell:
  tags:
    - linux
  stage: pre-check
  interruptible: true
  image: 192.168.122.1:5000/sequoia-pgp/build-docker-image/trixie:latest

  before_script:
    - *before_script_start
    - codespell --version
    - *before_script_end
  script:
    - $MAKE_TOP codespell CODESPELL_FLAGS=--summary
  rules:
    - !reference [.default_rules, rules]

doc:
  tags:
    - linux
  stage: build
  interruptible: true
  image: 192.168.122.1:5000/sequoia-pgp/build-docker-image/trixie-prebuild:latest
  script:
    - cargo doc --document-private-items --no-deps
  rules:
    - !reference [.default_rules, rules]
  variables:
    CARGO_TARGET_DIR: /target
    CARGO_HOME: /cargo

rust-stable:
  tags:
    - linux
  stage: build
  interruptible: true
  image: 192.168.122.1:5000/sequoia-pgp/build-docker-image/rust-stable-prebuild:latest
  script:
    - CARGO_PACKAGES="-p buffered-reader -p sequoia-openpgp" $MAKE_TOP test
  rules:
    - !reference [.default_rules, rules]
  variables:
    CARGO_TARGET_DIR: /target
    CARGO_HOME: /cargo

clippy:
  tags:
    - linux
  stage: build
  interruptible: true
  image: 192.168.122.1:5000/sequoia-pgp/build-docker-image/rust-stable-prebuild:latest
  before_script:
    - *before_script_start
    - rustup default 1.67.0 # Pin clippy.
    - rustup component add clippy
    - cargo clippy --version
    - *before_script_end
  script:
    - cargo clippy
  rules:
    - !reference [.default_rules, rules]
  variables:
    CARGO_TARGET_DIR: /target
    CARGO_HOME: /cargo

rust-stable-armv7:
  tags:
    - linux
  stage: build
  interruptible: true
  image: 192.168.122.1:5000/sequoia-pgp/build-docker-image/bullseye-cross-arm-prebuild:latest
  before_script:
    - *before_script_start
    - cat .ci/snippet_for_cross_compilation_config.toml >> .cargo/config.toml
    - *before_script_end
  script:
    - cargo test --tests --target=armv7-unknown-linux-gnueabihf -p buffered-reader -p sequoia-openpgp
  rules:
    - !reference [.default_rules, rules]
  variables:
    CARGO_TARGET_DIR: /target
    CARGO_HOME: /cargo
    PKG_CONFIG_PATH: /usr/lib/arm-linux-gnueabihf/pkgconfig
    PKG_CONFIG_ALLOW_CROSS: 1

windows-msvc-cng:
  tags:
    - win
    - win2019
  stage: build
  interruptible: true
  image: 192.168.122.1:5000/sequoia-pgp/build-docker-image/windows-msvc
  rules:
    # Forks of this project most likely use gitlab's shared windows runners, which
    # do not use the docker executor, so disable the windows jobs for forks.
    - if: $CI_PROJECT_NAMESPACE != "sequoia-pgp"
      when: never
    - !reference [.default_rules, rules]
  before_script:
    # We don't call *before_script_start or *before_script_end as we
    # don't have bash, clang, etc.
    - rustc --version --verbose
    - cargo --version
  script:
    # https://github.com/rust-lang/cargo/issues/5015
    - cargo run --manifest-path openpgp/Cargo.toml --no-default-features --features crypto-cng,compression --example supported-algorithms
    - cargo test --tests --manifest-path openpgp/Cargo.toml --no-default-features --features crypto-cng,compression
  after_script: [] # scriptlet doesn't work on Powershell
  variables:
    CFLAGS: "" # Silence some C warnings when compiling with MSVC

windows-msvc32-cng:
  tags:
    - win
    - win2019
  stage: build
  interruptible: true
  # Depend on the main configuration.  As the jobs have common error
  # conditions, if one fails it is often not worth trying the other.
  # Therefore, we can short-circuit here.  Also, this pipelines
  # Windows jobs, allowing us to test the other toolchain as well.
  needs:
    - windows-msvc-cng
  image:
    name: 192.168.122.1:5000/sequoia-pgp/build-docker-image/windows-msvc
    # Set up a cross compilation environment for building x86 binaries on amd64, line copied from Dockerfile.windows.msvc
    # see https://renenyffenegger.ch/notes/Windows/dirs/Program-Files-x86/Microsoft-Visual-Studio/version/edition/Common7/Tools/VsDevCmd_bat
    #
    # Alternatively: ["C:\\BuildTools\\VC\\Auxiliary\\Build\\vcvarsamd64_x86.bat", "&&", "type", "README", "&&", "powershell.exe", "-NoLogo", "-ExecutionPolicy", "Bypass"]
    # see https://docs.microsoft.com/en-us/cpp/build/building-on-the-command-line?view=msvc-160
    entrypoint: ["C:\\BuildTools\\Common7\\Tools\\VsDevCmd.bat", "-arch=x86", "-host_arch=amd64", "&&", "type", "README", "&&", "powershell.exe", "-NoLogo", "-ExecutionPolicy", "Bypass"]
  rules:
    # Forks of this project most likely use gitlab's shared windows runners, which
    # do not use the docker executor, so disable the windows jobs for forks.
    - if: $CI_PROJECT_NAMESPACE != "sequoia-pgp"
      when: never
    - !reference [.default_rules, rules]
  before_script:
    # We don't call *before_script_start or *before_script_end as we
    # don't have bash, clang, etc.
    - rustup target add i686-pc-windows-msvc
    - rustup show
    - rustc --version --verbose
    - cargo --version
  script:
    # https://github.com/rust-lang/cargo/issues/5015
    - cargo test --tests --manifest-path openpgp/Cargo.toml --no-default-features --features crypto-cng,compression --target i686-pc-windows-msvc
  after_script: [] # scriptlet doesn't work on Powershell
  variables:
    CFLAGS: "" # Silence some C warnings when compiling with MSVC

authenticate-commits:
  stage: test
  interruptible: true
  image: registry.gitlab.com/sequoia-pgp/sequoia-git:latest
  before_script: []
  script:
    - sq-git policy describe
    - /usr/sbin/gitlab.sh # Script baked-in to image
  after_script: []
  rules:
    # Run whenever the non-default branch is updated.  Note, we only
    # run for "push" events otherwise the job would also be triggered
    # for merge requests, which would result in the job running twice.
    #
    # TODO: We currently only authenticate the changes on non-merged
    # branches where we use the default branch as the trust root.  For
    # the default branch, the project needs to set an explicit trust
    # root.
    - if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH != $CI_DEFAULT_BRANCH'

variables:
  DEBIAN_FRONTEND: noninteractive
  CARGO_HOME: $CI_PROJECT_DIR/../cargo
  CARGO_FLAGS: --color always
  CARGO_INCREMENTAL: 0
  RUST_BACKTRACE: full
  CFLAGS: -Werror
  MAKE_TOP: make --file=.Makefile
  QUICKCHECK_GENERATOR_SIZE: 500 # https://github.com/BurntSushi/quickcheck/pull/240