####
# DO NOT EDIT THIS FILE IN MASTER. ONLY EDIT IT IN THE OLDEST SUPPORTED
# BRANCH, THEN MERGE FORWARD.
####
# This file controls how gitlab validates Tor commits and merge requests.
#
# It is primarily based on a set of scripts and configurations by
# Hans-Christoph Steiner. It only copies parts of those scripts and
# configurations for now. If you want a new piece of functionality
# (more debians, more fedoras, android support) then you shouldn't
# start from scratch: have a look at the original ticket, at
# https://gitlab.torproject.org/tpo/core/tor/-/issues/32193 !
#
# The file to copy from is
# https://gitlab.torproject.org/tpo/core/tor/-/merge_requests/96/diffs#diff-content-587d266bb27a4dc3022bbed44dfa19849df3044c
#
# Having said that, if there is anything really stupid here, don't
# blame it on Hans-Christoph! Tor probably added it on their own.
#
# Copyright 2020, The Tor Project, Inc.
# See LICENSE for licence information.
# These variables are set everywhere, unconditionally.
variables:
TERM: "ansi"
DEBUG_CI: "yes"
# This template is for exporting ephemeral things from the scripts. By
# convention we expect our scripts to copy stuff into artifacts/, rather than
# having a big list of files that be treated as artifacts.
.artifacts-template: &artifacts-template
artifacts:
name: "${CI_PROJECT_PATH}_${CI_JOB_STAGE}_${CI_COMMIT_REF_NAME}_${CI_COMMIT_SHA}"
expire_in: 1 week
when: always
paths:
- artifacts/
# This template is used for x86-64 builds.
.x86-64-template: &x86-64-template
tags:
- amd64
# This template should be usable on any system that's based on apt.
.apt-template: &apt-template |
export LC_ALL=C.UTF-8
echo Etc/UTC > /etc/timezone
mkdir -p apt-cache
export APT_CACHE_DIR="$(pwd)/apt-cache"
echo 'quiet "1";' \
'APT::Install-Recommends "0";' \
'APT::Install-Suggests "0";' \
'APT::Acquire::Retries "20";' \
'APT::Get::Assume-Yes "true";' \
'Dpkg::Use-Pty "0";' \
"Dir::Cache::Archives \"${APT_CACHE_DIR}\"; " \
>> /etc/apt/apt.conf.d/99gitlab
apt-get update -qq
apt-get upgrade -qy
# This template sets us up for Debian system in particular.
.debian-template: &debian-template
<<: *artifacts-template
<<: *x86-64-template
variables:
DEBIAN_FRONTEND: "noninteractive"
# TODO: Using "cache" in this way speeds up our downloads. It would be
# even better, though, to start with a pre-upgraded debian image.
#
# TODO: Will we have to do this differently once we have more than one
# debian version that we're using?
cache:
key: apt
paths:
- apt-cache
before_script:
- *apt-template
# Install patches unconditionally.
- apt-get install
automake
build-essential
ca-certificates
git
libevent-dev
liblzma-dev
libscrypt-dev
libseccomp-dev
libssl-dev
pkg-config
python3
zlib1g-dev
# Install patches that we only need for some use cases.
- if [ "$ASCIIDOC" = yes ]; then apt-get install asciidoc xmlto; fi
- if [ "$DOXYGEN" = yes ]; then apt-get install doxygen; fi
- if [ "$STEM" = yes ]; then apt-get install timelimit; fi
- if [ "$CC" = clang ]; then apt-get install clang; fi
- if [ "$NSS" = yes ]; then apt-get install libnss3 libnss3-dev; fi
# llvm-symbolizer for sanitizer backtrace
- if [ "$HARDENING" = yes ]; then apt-get install llvm; fi
# TODO: This next line should not be debian-only.
- if [ "$STEM" = yes ]; then git clone --depth 1 https://git.torproject.org/stem.git ; export STEM_PATH="$(pwd)/stem"; fi
# TODO: This next line should not be debian-only.
- if [ "$CHUTNEY" = yes ]; then git clone --depth 1 https://git.torproject.org/chutney.git ; export CHUTNEY_PATH="$(pwd)/chutney"; fi
- if [ "$TRACING" = yes ]; then apt install liblttng-ust-dev; fi
# Minimal check on debian: just make, make check.
#
debian-minimal:
image: debian:buster
<<: *debian-template
script:
- ./scripts/ci/ci-driver.sh
# Minimal check on debian/i386: just make, make check.
#
debian-i386-minimal:
image: i386/debian:buster
<<: *debian-template
script:
- ./scripts/ci/ci-driver.sh
#####
# Run "make check" with a hardened clang on debian stable. This takes
# care of a hardening check, and a compile-with-clang check.
#
# TODO: This will be faster once we merge #40098 and #40099.
debian-hardened:
image: debian:bullseye
<<: *debian-template
variables:
ALL_BUGS_ARE_FATAL: "yes"
HARDENING: "yes"
CC: "clang"
script:
- ./scripts/ci/ci-driver.sh
#####
# Distcheck on debian stable
debian-distcheck:
image: debian:buster
<<: *debian-template
variables:
DISTCHECK: "yes"
CHECK: "no"
script:
- ./scripts/ci/ci-driver.sh
#####
# Documentation tests on debian stable: doxygen and asciidoc.
debian-docs:
image: debian:buster
<<: *debian-template
variables:
DOXYGEN: "yes"
ASCIIDOC: "yes"
CHECK: "no"
RUN_STAGE_BUILD: "no"
script:
- ./scripts/ci/ci-driver.sh
#####
# Integration tests on debian stable: chutney and stem.
#
# TODO: It would be cool if this target didn't have to re-build tor, and
# could instead re-use Tor from debian-minimal. That can be done
# with the 'artifacts' mechanism, in theory, but it would be good to
# avoid having to have a system with hundreds of artifacts.
debian-integration:
image: debian:buster
<<: *debian-template
variables:
CHECK: "no"
CHUTNEY: "yes"
CHUTNEY_MAKE_TARGET: "test-network-all"
STEM: "yes"
ALL_BUGS_ARE_FATAL: "yes"
script:
- ./scripts/ci/ci-driver.sh
#####
# Tracing build on Debian stable.
debian-tracing:
image: debian:buster
<<: *debian-template
variables:
TRACING: "yes"
CHECK: "no"
DISTCHECK: "yes"
script:
- ./scripts/ci/ci-driver.sh
#####
# No-authority mode
debian-disable-dirauth:
image: debian:buster
<<: *debian-template
variables:
DISABLE_DIRAUTH: "yes"
script:
- ./scripts/ci/ci-driver.sh
#####
# No-relay mode
debian-disable-relay:
image: debian:buster
<<: *debian-template
variables:
DISABLE_RELAY: "yes"
script:
- ./scripts/ci/ci-driver.sh
#####
# GPL licensed mode, enables pow module
debian-gpl:
image: debian:buster
<<: *debian-template
variables:
GPL: "yes"
script:
- ./scripts/ci/ci-driver.sh
#####
# NSS check on debian
debian-nss:
image: debian:buster
<<: *debian-template
variables:
NSS: "yes"
script:
- ./scripts/ci/ci-driver.sh
#####
# Debian packaging triggers for maintenance branches
debian-packaging-0.4.5:
stage: deploy
trigger:
project: tpo/core/debian/tor
branch: debian-0.4.5
rules:
- if: $CI_PROJECT_NAMESPACE == "tpo/core" &&
$CI_COMMIT_BRANCH == "maint-0.4.5"
debian-packaging-0.4.6:
stage: deploy
trigger:
project: tpo/core/debian/tor
branch: debian-0.4.6
rules:
- if: $CI_PROJECT_NAMESPACE == "tpo/core" &&
$CI_COMMIT_BRANCH == "maint-0.4.6"