Commit 466c0f5c authored by Beatriz Rizental's avatar Beatriz Rizental Committed by clairehurst
Browse files

Add CI for Base Browser

parent a865db93

.gitlab-ci.yml

0 → 100644
+14 −0
Original line number Diff line number Diff line 
stages:

  - lint

  - test

  - update-translations



variables:

  IMAGE_PATH: containers.torproject.org/tpo/applications/tor-browser/base:latest

  LOCAL_REPO_PATH: /srv/apps-repos/tor-browser.git



include:

  - local: '.gitlab/ci/mixins.yml'

  - local: '.gitlab/ci/jobs/lint/lint.yml'

  - local: '.gitlab/ci/jobs/test/python-test.yml'

  - local: '.gitlab/ci/jobs/update-translations.yml'

.gitlab/ci/docker/base/Dockerfile

0 → 100644
+69 −0
Original line number Diff line number Diff line 
FROM debian:latest



# Base image which includes all* dependencies checked by ./mach configure.

#

# * Actually not all dependencies. WASM sandboxed depencies were left out for now.

# This installs all dependencies checked by `./mach configure --without-wasm-sandboxed-libraries`.

#

# # Building and publishing

#

# Whenever this file changes, the updated Docker image must be built and published _manually_ to

# the tor-browser container registry (https://gitlab.torproject.org/tpo/applications/tor-browser/container_registry/185).

#

# This image copies a script from the taskcluster/ folder, which requires it

# to be built from a folder which is a parent of the taskcluster/ folder.

#

# To build, run:

#

# ```bash

# docker build \

#   -f <PATH_TO_DOCKERFILE> \

#   -t <REGISTRY_URL>/<IMAGE_NAME>:<IMAGE_TAG>

#   .

# ```

#

# For example, when building from the root of this repository to the main tor-browser repository

# and assuming image name to be "base" and tag "latest" -- which is the current terminology:

#

# ```bash

# docker build \

#   -f .gitlab/ci/docker/Dockerfile \

#   -t containers.torproject.org/tpo/applications/tor-browser/base:latest

#   .

# ```



RUN apt-get update && apt-get install -y \

    clang \

    curl \

    git \

    libasound2-dev \

    libdbus-glib-1-dev \

    libgtk-3-dev \

    libpango1.0-dev \

    libpulse-dev \

    libx11-xcb-dev \

    libxcomposite-dev \

    libxcursor-dev \

    libxdamage-dev \

    libxi-dev \

    libxrandr-dev \

    libxtst-dev \

    m4 \

    mercurial \

    nasm \

    pkg-config \

    python3 \

    python3-pip \

    unzip \

    wget



COPY taskcluster/docker/recipes/install-node.sh /scripts/install-node.sh

RUN chmod +x /scripts/install-node.sh

RUN /scripts/install-node.sh



RUN curl https://sh.rustup.rs -sSf | sh -s -- -y

RUN $HOME/.cargo/bin/cargo install cbindgen



WORKDIR /app



CMD ["/bin/bash"]

.gitlab/ci/jobs/helpers.py

0 → 100755
+129 −0
Original line number Diff line number Diff line 
#!/usr/bin/env python3



import argparse

import os

import re

import shlex

import subprocess





def git(command):

    result = subprocess.run(

        ["git"] + shlex.split(command), check=True, capture_output=True, text=True

    )

    return result.stdout.strip()





def get_firefox_tag(reference):

    """Extracts the Firefox tag associated with a branch or tag name.



       The "firefox tag" is the tag that marks

       the end of the Mozilla commits and the start of the Tor Project commits.



       Know issue: If ever there is more than one tag per Firefox ESR version,

       this function may return the incorrect reference number.



    Args:

        reference: The branch or tag name to extract the Firefox tag from.

        Expected format is tor-browser-91.2.0esr-11.0-1,

        where 91.2.0esr is the Firefox version.



    Returns:

        The reference specifier of the matching Firefox tag.

        An exception will be raised if anything goes wrong.

    """



    # Extracts the version number from a branch or tag name.

    firefox_version = ""

    match = re.search(r"(?<=browser-)([^-]+)", reference)

    if match:

        # TODO: Validate that what we got is actually a valid semver string?

        firefox_version = match.group(1)

    else:

        raise ValueError(f"Failed to extract version from reference '{reference}'.")



    major_version = firefox_version.split(".")[0]

    minor_patch_version = "_".join(firefox_version.split(".")[1:])



    remote_tags = git("ls-remote --tags origin")



    # Each line looks like:

    # 9edd658bfd03a6b4743ecb75fd4a9ad968603715  refs/tags/FIREFOX_91_9_0esr_BUILD1

    pattern = (

        rf"(.*)FIREFOX_{re.escape(major_version)}_{re.escape(minor_patch_version)}(.*)$"

    )

    match = re.search(pattern, remote_tags, flags=re.MULTILINE)

    if not match:

        # Attempt to match with a nightly tag, in case the ESR tag is not found

        pattern = rf"(.*)FIREFOX_NIGHTLY_{re.escape(major_version)}(.*)$"

        match = re.search(pattern, remote_tags, flags=re.MULTILINE)



    if match:

        return match.group(0).split()[0]

    else:

        raise ValueError(

            f"Failed to find reference specifier for Firefox tag of version '{firefox_version}' from '{reference}'."

        )





def get_list_of_changed_files():

    """Gets a list of files changed in the working directory.



       This function is meant to be run inside the Gitlab CI environment.



       When running in a default branch, get the list of changed files since the last Firefox tag.

       When running for a new MR commit, get a list of changed files in the current MR.



    Returns:

        A list of filenames of changed files (excluding deleted files).

        An exception wil be raised if anything goes wrong.

    """



    base_reference = ""



    if os.getenv("CI_PIPELINE_SOURCE") == "merge_request_event":

        # For merge requests, the base_reference is the common ancestor between the MR and the target branch

        base_reference = os.getenv("CI_MERGE_REQUEST_DIFF_BASE_SHA")

        if not base_reference:

            # Probably because there has been no overall change.

            # See gitlab.com/gitlab-org/gitlab/-/issues/375047#note_2648459916

            return []

    else:

        # When not in merge requests, the base reference is the Firefox tag

        base_reference = get_firefox_tag(os.getenv("CI_COMMIT_BRANCH"))



    if not base_reference:

        raise RuntimeError("No base reference found. There might be more errors above.")



    # Fetch the tag reference

    git(f"fetch origin {base_reference} --depth=1 --filter=blob:none")

    # Return but filter the issue_templates files because those file names have spaces which can cause issues

    return git("diff --diff-filter=d --name-only FETCH_HEAD HEAD").split("\n")





if __name__ == "__main__":

    parser = argparse.ArgumentParser(description="")



    parser.add_argument(

        "--get-firefox-tag",

        help="Get the Firefox tag related to a given (tor-mullvad-base)-browser tag or branch name.",

        type=str,

    )

    parser.add_argument(

        "--get-changed-files",

        help="Get list of changed files."

        "When running from a merge request gets the list of changed files since the merge-base of the current branch."

        "When running from a protected branch i.e. any branch that starts with <something>-browser-, gets the list of files changed since the FIREFOX_ tag.",

        action="store_true",

    )



    args = parser.parse_args()



    if args.get_firefox_tag:

        print(get_firefox_tag(args.get_firefox_tag))

    elif args.get_changed_files:

        # Separate the file names with a 0 byte to be parsed by xargs -0. Also

        # drop the trailing '\n'.

        print("\0".join(get_list_of_changed_files()), end="")

    else:

        print("No valid option provided.")

.gitlab/ci/jobs/lint/lint.yml

0 → 100644
+25 −0
Original line number Diff line number Diff line 
lint-all:

  extends: .with-local-repo-bash

  stage: lint

  image: $IMAGE_PATH

  interruptible: true

  variables:

    # Has to be the same as defined in `containers/base/Containerfile`

    MOZBUILD_STATE_PATH: "/var/tmp/mozbuild"

  cache:

    paths:

      - node_modules

    # Store the cache regardless on job outcome

    when: 'always'

    # Share the cache throughout all pipelines running for a given branch

    key: $CI_COMMIT_REF_SLUG

  tags:

    # Run these jobs in the browser dedicated runners.

    - firefox

  script:

    - ./mach configure --with-base-browser-version=0.0.0

    - .gitlab/ci/jobs/helpers.py --get-changed-files | xargs -0 --no-run-if-empty ./mach lint -v

  rules:

    - if: $CI_PIPELINE_SOURCE == 'merge_request_event'

    # Run job whenever a commit is merged to a protected branch

    - if: ($CI_COMMIT_BRANCH && $CI_COMMIT_REF_PROTECTED == 'true' && $CI_PIPELINE_SOURCE == 'push')

.gitlab/ci/jobs/test/python-test.yml

0 → 100644
+24 −0
Original line number Diff line number Diff line 
python-test:

  extends: .with-local-repo-bash

  stage: test

  image: $IMAGE_PATH

  interruptible: true

  variables:

    MOZBUILD_STATE_PATH: "/var/tmp/mozbuild"

  cache:

    paths:

      - node_modules

    # Store the cache regardless on job outcome

    when: 'always'

    # Share the cache throughout all pipelines running for a given branch

    key: $CI_COMMIT_REF_SLUG

  tags:

    # Run these jobs in the browser dedicated runners.

    - firefox

  script:

    - ./mach configure --with-base-browser-version=0.0.0

    - ./mach python-test --subsuite base-browser

  rules:

    - if: $CI_PIPELINE_SOURCE == 'merge_request_event' || ($CI_COMMIT_BRANCH && $CI_COMMIT_REF_PROTECTED == 'true' && $CI_PIPELINE_SOURCE == 'push')

      changes:

        - "**/test_*.py"