.gitlab-ci.yml (8817B)
1 #### 2 # DO NOT EDIT THIS FILE IN MASTER. ONLY EDIT IT IN THE OLDEST SUPPORTED 3 # BRANCH, THEN MERGE FORWARD. 4 #### 5 6 # This file controls how gitlab validates Tor commits and merge requests. 7 # 8 # It is primarily based on a set of scripts and configurations by 9 # Hans-Christoph Steiner. It only copies parts of those scripts and 10 # configurations for now. If you want a new piece of functionality 11 # (more debians, more fedoras, android support) then you shouldn't 12 # start from scratch: have a look at the original ticket, at 13 # https://gitlab.torproject.org/tpo/core/tor/-/issues/32193 ! 14 # 15 # The file to copy from is 16 # https://gitlab.torproject.org/tpo/core/tor/-/merge_requests/96/diffs#diff-content-587d266bb27a4dc3022bbed44dfa19849df3044c 17 # 18 # Having said that, if there is anything really stupid here, don't 19 # blame it on Hans-Christoph! Tor probably added it on their own. 20 # 21 # Copyright 2020, The Tor Project, Inc. 22 # See LICENSE for licence information. 23 24 # These variables are set everywhere, unconditionally. 25 variables: 26 TERM: "ansi" 27 DEBUG_CI: "yes" 28 29 # This template is for exporting ephemeral things from the scripts. By 30 # convention we expect our scripts to copy stuff into artifacts/, rather than 31 # having a big list of files that be treated as artifacts. 32 .artifacts-template: &artifacts-template 33 artifacts: 34 name: "${CI_PROJECT_PATH}_${CI_JOB_STAGE}_${CI_COMMIT_REF_NAME}_${CI_COMMIT_SHA}" 35 expire_in: 1 week 36 when: always 37 paths: 38 - artifacts/ 39 40 41 # This template is used for x86-64 builds. 42 .x86-64-template: &x86-64-template 43 tags: 44 - amd64 45 46 # This template should be usable on any system that's based on apt. 47 .apt-template: &apt-template | 48 export LC_ALL=C.UTF-8 49 echo Etc/UTC > /etc/timezone 50 mkdir -p apt-cache 51 export APT_CACHE_DIR="$(pwd)/apt-cache" 52 rm -f /etc/apt/apt.conf.d/docker-clean 53 echo 'quiet "1";' \ 54 'Acquire::Retries "20";' \ 55 'APT::Install-Recommends "0";' \ 56 'APT::Install-Suggests "0";' \ 57 'APT::Get::Assume-Yes "true";' \ 58 'Dpkg::Use-Pty "0";' \ 59 "Dir::Cache::Archives \"${APT_CACHE_DIR}\"; " \ 60 >> /etc/apt/apt.conf.d/99gitlab 61 apt-get update -qq 62 apt-get upgrade -qy 63 64 # This template sets us up for Debian system in particular. 65 .debian-template: &debian-template 66 <<: *artifacts-template 67 <<: *x86-64-template 68 variables: 69 DEBIAN_FRONTEND: "noninteractive" 70 # TODO: Using "cache" in this way speeds up our downloads. It would be 71 # even better, though, to start with a pre-upgraded debian image. 72 # 73 # TODO: Will we have to do this differently once we have more than one 74 # debian version that we're using? 75 cache: 76 key: apt 77 paths: 78 - apt-cache 79 before_script: 80 - *apt-template 81 # Install patches unconditionally. 82 - apt-get install 83 apt-utils 84 automake 85 build-essential 86 ca-certificates 87 file 88 git 89 libevent-dev 90 liblzma-dev 91 libscrypt-dev 92 libseccomp-dev 93 libssl-dev 94 pkg-config 95 python3 96 zlib1g-dev 97 # Install patches that we only need for some use cases. 98 - if [ "$ASCIIDOC" = yes ]; then apt-get install asciidoc xmlto; fi 99 - if [ "$DOXYGEN" = yes ]; then apt-get install doxygen; fi 100 - if [ "$STEM" = yes ]; then apt-get install timelimit; fi 101 - if [ "$CC" = clang ]; then apt-get install clang; fi 102 - if [ "$NSS" = yes ]; then apt-get install libnss3 libnss3-dev; fi 103 # llvm-symbolizer for sanitizer backtrace 104 - if [ "$HARDENING" = yes ]; then apt-get install llvm; fi 105 # libubsan1 for building with -fsanitize=address 106 - if [ "$HARDENING" = yes ]; then apt-get install libubsan1 libclang-rt-dev; fi 107 # TODO: This next line should not be debian-only. 108 - if [ "$STEM" = yes ]; then git clone --depth 1 https://gitlab.torproject.org/tpo/network-health/stem.git ; export STEM_PATH="$(pwd)/stem"; fi 109 # TODO: This next line should not be debian-only. 110 - | 111 if [ "$CHUTNEY" = yes ]; then 112 # Use a fixed version of chutney to avoid surprise breakage. 113 CHUTNEY_SHALLOW_SINCE=2026-01-20 114 # main @ 2026-01-21 115 CHUTNEY_COMMIT=3338f5cae5dbce3f6c465326784b8b34952bcd62 116 117 git clone --shallow-since "$CHUTNEY_SHALLOW_SINCE" https://gitlab.torproject.org/tpo/core/chutney.git 118 git -C ./chutney checkout "$CHUTNEY_COMMIT" 119 120 apt install python3-venv 121 export CHUTNEY_PATH="$(pwd)/chutney" 122 python3 -m venv venv 123 venv/bin/pip install ./chutney 124 fi 125 - if [ "$TRACING" = yes ]; then apt install liblttng-ust-dev; fi 126 127 # Minimal check on debian: just make, make check. 128 # 129 debian-minimal: 130 image: containers.torproject.org/tpo/tpa/base-images/debian:bookworm 131 <<: *debian-template 132 script: 133 - ./scripts/ci/ci-driver.sh 134 135 # Minimal check on debian/i386: just make, make check. 136 # 137 debian-i386-minimal: 138 # TODO: Use a TPA-maintained image when there is one. 139 # See https://gitlab.torproject.org/tpo/tpa/base-images/-/issues/3 140 image: 141 name: i386/debian:bookworm 142 docker: 143 platform: linux/386 144 <<: *debian-template 145 script: 146 - ./scripts/ci/ci-driver.sh 147 148 ##### 149 # Run "make check" with a hardened clang on debian stable. This takes 150 # care of a hardening check, and a compile-with-clang check. 151 debian-hardened: 152 image: containers.torproject.org/tpo/tpa/base-images/debian:bookworm 153 <<: *debian-template 154 variables: 155 ALL_BUGS_ARE_FATAL: "yes" 156 HARDENING: "yes" 157 CC: "clang" 158 script: 159 - ./scripts/ci/ci-driver.sh 160 161 ##### 162 # Distcheck on debian stable 163 debian-distcheck: 164 image: containers.torproject.org/tpo/tpa/base-images/debian:bookworm 165 <<: *debian-template 166 variables: 167 DISTCHECK: "yes" 168 CHECK: "no" 169 script: 170 - ./scripts/ci/ci-driver.sh 171 172 ##### 173 # Documentation tests on debian stable: doxygen and asciidoc. 174 debian-docs: 175 image: containers.torproject.org/tpo/tpa/base-images/debian:bookworm 176 <<: *debian-template 177 variables: 178 DOXYGEN: "yes" 179 ASCIIDOC: "yes" 180 CHECK: "no" 181 RUN_STAGE_BUILD: "no" 182 script: 183 - ./scripts/ci/ci-driver.sh 184 185 ##### 186 # Integration tests on debian stable: chutney and stem. 187 # 188 # TODO: It would be cool if this target didn't have to re-build tor, and 189 # could instead re-use Tor from debian-minimal. That can be done 190 # with the 'artifacts' mechanism, in theory, but it would be good to 191 # avoid having to have a system with hundreds of artifacts. 192 debian-integration: 193 image: containers.torproject.org/tpo/tpa/base-images/debian:bookworm 194 <<: *debian-template 195 variables: 196 CHECK: "no" 197 CHUTNEY: "yes" 198 CHUTNEY_MAKE_TARGET: "test-network-all" 199 STEM: "yes" 200 ALL_BUGS_ARE_FATAL: "yes" 201 script: 202 - source venv/bin/activate 203 - ./scripts/ci/ci-driver.sh 204 205 ##### 206 # Tracing build on Debian stable. 207 debian-tracing: 208 image: containers.torproject.org/tpo/tpa/base-images/debian:bookworm 209 <<: *debian-template 210 variables: 211 TRACING: "yes" 212 CHECK: "no" 213 DISTCHECK: "yes" 214 script: 215 - ./scripts/ci/ci-driver.sh 216 217 ##### 218 # No-authority mode 219 debian-disable-dirauth: 220 image: containers.torproject.org/tpo/tpa/base-images/debian:bookworm 221 <<: *debian-template 222 variables: 223 DISABLE_DIRAUTH: "yes" 224 script: 225 - ./scripts/ci/ci-driver.sh 226 227 ##### 228 # No-relay mode 229 debian-disable-relay: 230 image: containers.torproject.org/tpo/tpa/base-images/debian:bookworm 231 <<: *debian-template 232 variables: 233 DISABLE_RELAY: "yes" 234 script: 235 - ./scripts/ci/ci-driver.sh 236 237 ##### 238 # GPL licensed mode, enables pow module 239 debian-gpl: 240 image: containers.torproject.org/tpo/tpa/base-images/debian:bookworm 241 <<: *debian-template 242 variables: 243 GPL: "yes" 244 script: 245 - ./scripts/ci/ci-driver.sh 246 247 ##### 248 # NSS check on debian 249 debian-nss: 250 image: containers.torproject.org/tpo/tpa/base-images/debian:bookworm 251 <<: *debian-template 252 variables: 253 NSS: "yes" 254 script: 255 - ./scripts/ci/ci-driver.sh 256 257 ##### 258 # Debian packaging triggers for maintenance branches 259 debian-packaging-0.4.5: 260 stage: deploy 261 trigger: 262 project: tpo/core/debian/tor 263 branch: debian-0.4.5 264 rules: 265 - if: $CI_PROJECT_NAMESPACE == "tpo/core" && 266 $CI_COMMIT_BRANCH == "maint-0.4.5" 267 debian-packaging-0.4.6: 268 stage: deploy 269 trigger: 270 project: tpo/core/debian/tor 271 branch: debian-0.4.6 272 rules: 273 - if: $CI_PROJECT_NAMESPACE == "tpo/core" && 274 $CI_COMMIT_BRANCH == "maint-0.4.6" 275 276 ##### 277 # Run tests written in Rust, and run clippy on all Rust code here. 278 rust-latest: 279 image: rust:latest 280 <<: *debian-template 281 script: 282 - apt-get install llvm-dev libclang-dev clang 283 - rustup show 284 - cargo build --locked --verbose 285 - cargo test --verbose 286 - rustup component add clippy 287 - rustup show 288 - cargo clippy --all-features --all-targets -- -D warnings 289 after_script: 290 - cargo clean