.gitlab-ci.yml 16.2 KB
Newer Older
1
image: $CI_REGISTRY/knot/knot-resolver/ci/debian-stable:knot-2.7
2 3 4 5

variables:
  DEBIAN_FRONTEND: noninteractive
  LC_ALL: C.UTF-8
6
  GIT_SUBMODULE_STRATEGY: recursive
7
  GIT_STRATEGY: clone # sometimes unclean submodule dirs otherwise
8 9
  PREFIX: $CI_PROJECT_DIR/.local
  LD_LIBRARY_PATH: $CI_PROJECT_DIR/.local/lib
10 11
  RESPDIFF_PRIORITY: 5
  RESPDIFF_COUNT: 1
12
  RESPDIFF_FORCE: 0
13
  RESPERF_FORCE: 0
14

15 16 17 18
stages:
  - build
  - test
  - coverage
Tomas Krizek's avatar
Tomas Krizek committed
19
  - respdiff
20 21
  - deploy

22
build:linux:amd64:
23
  stage: build
24
  except:
25
    - master
26
  script:
27 28 29 30 31
    - rm daemon/lua/kres-gen.lua
    - make -k all CFLAGS="-Werror -ggdb"
    - STATUS="$(git status --untracked-files=normal --porcelain)"
    - test -n "${STATUS}" && echo "${STATUS}" && echo "Build + install made working tree dirty, did you forget to update something?" && exit 2
    - make install CFLAGS="-Werror -ggdb"
32 33
  artifacts:
    untracked: true
34 35 36 37 38
  tags:
    - docker
    - linux
    - amd64

39 40
build:clang:linux:amd64:
  stage: build
41
  except:
42
    - master
43
  image: $CI_REGISTRY/knot/knot-resolver/ci/debian-unstable:knot-2.7  # newer Debian for newer Clang
44
  script:
45
    - rm daemon/lua/kres-gen.lua
46
    - CXX=clang++ CC=clang make -k all "CFLAGS=-Werror -Wno-error=unused-command-line-argument -ggdb"
47 48
    - STATUS="$(git status --untracked-files=normal --porcelain)"
    - test -n "${STATUS}" && echo "${STATUS}" && echo "Build + install made working tree dirty, did you forget to update something?" && exit 2
49
    - CXX=clang++ CC=clang make install "CFLAGS=-Werror -ggdb"
50 51 52 53 54
  tags:
    - docker
    - linux
    - amd64

55 56
srpm:
  stage: build
57
  except:
58
    - master
59
  allow_failure: true  # don't block testing pipeline in case of failure
60
  image: $CI_REGISTRY/knot/knot-resolver/ci/fedora
61 62 63 64 65 66 67 68 69 70 71 72
  script:
    - scripts/make-srpm.sh
  artifacts:
    when: always
    expire_in: '1 week'
    paths:
      - "*.src.rpm"
  tags:
    - docker
    - linux
    - amd64

Petr Špaček's avatar
Petr Špaček committed
73 74
lint:lua:
  stage: test
75
  except:
76
    - master
Petr Špaček's avatar
Petr Špaček committed
77 78
  dependencies: []  # do not download build artifacts
  script:
79 80 81 82 83 84
    - make lint-lua
  tags:
    - docker

lint:c:
  stage: test
85
  except:
86
    - master
87
  image: $CI_REGISTRY/knot/knot-resolver/ci/debian-unstable:knot-2.7  # newer Debian for newer Clang
88 89
  dependencies: []  # do not download build artifacts
  script:
90
    - make lint-c CLANG_TIDY="clang-tidy -quiet"
Petr Špaček's avatar
Petr Špaček committed
91 92 93
  tags:
    - docker

94 95
lint:clang-scan-build:
  stage: test
96
  except:
97
    - master
98
  image: $CI_REGISTRY/knot/knot-resolver/ci/debian-unstable:knot-2.7  # newer Debian for newer Clang
99 100
  dependencies: []  # do not download build artifacts
  script:
101 102
    - MAKEFLAGS="-k -j$(nproc)" SCAN_BUILD="scan-build -o scan-results --status-bugs -no-failure-reports" ./tests/clang_scan_build.sh make || true
    - test "$(ls scan-results/*/report-*.html | wc -l)" = 7 # we have this many errors ATM :-)
103 104 105 106 107 108 109 110
  artifacts:
    when: on_failure
    expire_in: '1 day'
    paths:
      - scan-results
  tags:
    - docker

111
test:linux:amd64:
112
  stage: test
113
  except:
114
    - master
115
  script:
116 117 118
    # recompile everything otherwise lcov will bark because Git files will be "newer" than gcda files
    # this is caused by interaction between Git approach to timestamps and Gitlab artifacts
    - git clean -xdf
119
    - make CFLAGS=-Werror
120
    - MAKEFLAGS="--jobs $(nproc)" make -k check
121
    - MAKEFLAGS="--jobs $(nproc)" test "${COVERAGE:-0}" -eq 1 && make coverage-c COVERAGE_STAGE=gcov-check || echo "code coverage skipped"
122
  dependencies: []
123 124 125 126
  artifacts:
    expire_in: 1 hour
    paths:
      - ./*.info
127 128 129 130 131
  tags:
    - docker
    - linux
    - amd64

132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150

docker:build:
  stage: test
  image: docker:latest
  except:
    - master
  tags:
    - dind
  dependencies: []
  variables:
    DOCKER_IMAGE_NAME: knot-resolver-test:${CI_COMMIT_SHA}
  script:
    - docker build --no-cache -t ${DOCKER_IMAGE_NAME} .
    - echo "quit()" | docker run -i ${DOCKER_IMAGE_NAME}
  after_script:  # remove dangling images to avoid running out of disk space
    - docker rmi ${DOCKER_IMAGE_NAME}
    - docker rmi $(docker images -f "dangling=true" -q)


151 152
installcheck:linux:amd64:
  stage: test
153
  except:
154
    - master
155
  script:
156 157 158 159
    # recompile everything otherwise lcov will bark because Git files will be "newer" than gcda files
    # this is caused by interaction between Git approach to timestamps and Gitlab artifacts
    - git clean -xdf
    - make install CFLAGS=-Werror
160
    - MAKEFLAGS="--jobs $(nproc) --keep-going" make -k installcheck
161
    - MAKEFLAGS="--jobs $(nproc)" test "${COVERAGE:-0}" -eq 1 && make coverage-c coverage-lua COVERAGE_STAGE=gcov-installcheck || echo "code coverage skipped"
162
  dependencies: []
163 164 165 166
  artifacts:
    expire_in: 1 hour
    paths:
      - ./*.info
167 168 169 170
  tags:
    - docker
    - linux
    - amd64
171

Petr Špaček's avatar
Petr Špaček committed
172 173
doc:
  stage: test
174
  except:
175
    - master
Petr Špaček's avatar
Petr Špaček committed
176 177 178 179 180 181 182 183 184 185
  script:
    - SPHINXFLAGS="-W" make doc
  dependencies: []
  artifacts:
    expire_in: 1 hour
    paths:
      - ./doc/*
  tags:
    - docker

186
deckard:linux:amd64:
187
  stage: test
188
  except:
189
    refs:
190
      - master
191 192 193
    variables:
      # prevent unstable test from cancelling nightly OBS build
      - $SKIP_DECKARD == "1"
194 195
  variables:
    TMPDIR: $CI_PROJECT_DIR
196
  script:
197
    - DECKARDFLAGS="-n $(nproc)" PATH="$PREFIX/sbin:$PATH" make check-integration
198
  # these errors are side-effect of Git way of handling file timestamps
199
    - MAKEFLAGS="--jobs $(nproc)" test "${COVERAGE:-0}" -eq 1 && make coverage-c coverage-lua COVERAGE_STAGE=gcov-deckard 2>&1 | grep -vE '(source file is newer than notes file)|(the message is displayed only once per source file)' || echo "code coverage skipped"
200 201
  dependencies:
    - build:linux:amd64
202
  artifacts:
203
    when: always
204 205
    paths:
      - ./*.info
206 207
      - tmpdeckard*
    expire_in: 1 week
208 209 210 211
  tags:
    - docker
    - linux
    - amd64
212

213 214
installcheck:valgrind:linux:amd64:
  stage: test
215
  except:
216
    - master
217
  script:
218
    - DEBUGGER="valgrind --leak-check=full --trace-children=yes --quiet --suppressions=/lj.supp" make -k installcheck
219 220 221 222 223 224
  dependencies:
    - build:linux:amd64
  tags:
    - docker
    - linux
    - amd64
225

226 227 228 229 230 231 232 233 234 235 236
osx:build:
  stage: test
  except:
    - master
  script:
    - ci/travis.py ${CI_COMMIT_REF_NAME}
  dependencies: []
  tags:
    - docker


237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253
# temporarily disabled - we need to fix issues first
#deckard:linux:amd64:valgrind:
#  stage: test
#  script:
#    # TODO: valgrind missing parameter --error-exitcode=1 to fail make on error
#    - cd tests/deckard && DAEMON=valgrind ADDITIONAL="--leak-check=full --trace-children=yes --quiet --suppressions=/lj.supp $PREFIX/sbin/kresd -f 1" MAKEFLAGS="-j $(nproc) --keep-going" make
#  artifacts:
#    when: on_failure
#    expire_in: 1 week
#    paths:
#      - tmpdeckard*
#  dependencies:
#    - build:linux:amd64
#  tags:
#    - docker
#    - linux
#    - amd64
254 255


256 257
test:linux:amd64:valgrind:
  stage: test
258
  except:
259
    - master
260 261
  variables:
    TMPDIR: $CI_PROJECT_DIR
262
  script:
263
    - DEBUGGER="valgrind --error-exitcode=1 --leak-check=full --trace-children=yes --quiet --suppressions=/lj.supp" make -k check
264 265 266 267 268 269 270
  dependencies:
    - build:linux:amd64
  tags:
    - docker
    - linux
    - amd64

271 272 273 274 275 276 277 278 279 280 281 282
pytests:lint:
  stage: test
  dependencies: []
  except:
    - master
  script:
    - ./ci/pytests/lint.sh
  tags:
    - docker
    - linux
    - amd64

283 284 285 286 287 288 289 290 291 292 293 294 295 296
pytests:run:
  stage: test
  dependencies:
    - build:linux:amd64
  except:
    - master
  script:
    - PATH="$PREFIX/sbin:$PATH" ./ci/pytests/run.sh
  tags:
    - docker
    - linux
    - amd64


Tomas Krizek's avatar
Tomas Krizek committed
297 298 299
.respdiff:  &respdiff
  stage: respdiff
  dependencies: []
300 301 302
  only:  # trigger job only in repos under our control
    - branches@knot/knot-resolver
    - branches@knot/knot-resolver-security
303
  except:
304
    - master
Tomas Krizek's avatar
Tomas Krizek committed
305
  script:
306
    - git diff-index --name-only origin/master | grep -qEv '^(AUTHORS|ci/|config.mk|COPYING|distro/|doc/|etc/|NEWS|README.md|scripts/|tests/|\.gitignore|\.gitlab-ci\.yml|\.travis\.yml)' || test $RESPDIFF_FORCE -gt 0 || exit 0
307
    - export LABEL=gl$(date +%s)
308 309 310
    - export COMMITDIR="/var/tmp/respdiff-jobs/$(git rev-parse --short HEAD)-$LABEL"
    - export TESTDIR="$COMMITDIR/$RESPDIFF_TEST"
    - ln -s $COMMITDIR respdiff_commitdir
Tomas Krizek's avatar
Tomas Krizek committed
311 312
    - >
      sudo -u respdiff /var/opt/respdiff/contrib/job_manager/submit.py -w
313 314
      -p $RESPDIFF_PRIORITY
      -c $RESPDIFF_COUNT
Tomas Krizek's avatar
Tomas Krizek committed
315
      $(sudo -u respdiff /var/opt/respdiff/contrib/job_manager/create.py
316
      "$(git rev-parse --short HEAD)" -l $LABEL -t $RESPDIFF_TEST)
317
    - for f in $TESTDIR/*.json; do test -s "$f" || (cat $TESTDIR/*stderr*; exit 1); done
318 319 320 321
    - sudo -u respdiff /var/opt/respdiff/contrib/job_manager/plot_ref.sh $TESTDIR/.. /var/tmp/respdiff-jobs/ref_current $RESPDIFF_TEST
  after_script:
    - 'cp -t . respdiff_commitdir/$RESPDIFF_TEST/j* ||:'
    - 'cp -t . respdiff_commitdir/*$RESPDIFF_TEST*.png ||:'
Tomas Krizek's avatar
Tomas Krizek committed
322 323 324 325 326
  artifacts:
    when: always
    expire_in: 1 week
    paths:
      - ./j*
327
      - ./*.png
Tomas Krizek's avatar
Tomas Krizek committed
328 329 330 331 332 333
  tags:
    - respdiff

respdiff:fwd-tls6-kresd.udp6:
  <<: *respdiff
  variables:
334
    RESPDIFF_TEST: shortlist.fwd-tls6-kresd.udp6.j256
Tomas Krizek's avatar
Tomas Krizek committed
335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353

respdiff:fwd-udp6-kresd.udp6:
  <<: *respdiff
  variables:
    RESPDIFF_TEST: shortlist.fwd-udp6-kresd.udp6.j384

respdiff:iter.udp6:
  <<: *respdiff
  variables:
    RESPDIFF_TEST: shortlist.iter.udp6.j384

respdiff:iter.tls6:
  <<: *respdiff
  variables:
    RESPDIFF_TEST: shortlist.iter.tls6.j384

respdiff:fwd-udp6-unbound.udp6:
  <<: *respdiff
  variables:
Tomas Krizek's avatar
Tomas Krizek committed
354
    RESPDIFF_TEST: shortlist.fwd-udp6-unbound.udp6.j256
Tomas Krizek's avatar
Tomas Krizek committed
355 356 357 358

respdiff:fwd-udp6-unbound.tcp6:
  <<: *respdiff
  variables:
Tomas Krizek's avatar
Tomas Krizek committed
359
    RESPDIFF_TEST: shortlist.fwd-udp6-unbound.tcp6.j256
Tomas Krizek's avatar
Tomas Krizek committed
360 361 362 363

respdiff:fwd-udp6-unbound.tls6:
  <<: *respdiff
  variables:
Tomas Krizek's avatar
Tomas Krizek committed
364
    RESPDIFF_TEST: shortlist.fwd-udp6-unbound.tls6.j256
Tomas Krizek's avatar
Tomas Krizek committed
365 366


367
respdiff:iter:udp:linux:amd64:
368
  stage: test
369
  except:
370
    - master
371
  script:
372
    - source <(./scripts/coverage_env.sh "$(pwd)" "$(pwd)/coverage.stats/respdiff" "iter/udp" --export)
373
    - ulimit -n "$(ulimit -Hn)" # applies only for kresd ATM
374
    - ./ci/respdiff/start-resolvers.sh
375 376
    - ./ci/respdiff/run-respdiff-tests.sh udp
    - cat results/respdiff.txt
377 378
    - echo 'test if mismatch rate < 1.0 %'
    - grep -q '^target disagrees.*0\.[0-9][0-9] %' results/respdiff.txt
379
    - killall --wait kresd
380
    - MAKEFLAGS="--jobs $(nproc)" test "${COVERAGE:-0}" -eq 1 && make coverage-c coverage-lua COVERAGE_STAGE=gcov-respdiff-iter-udp | grep -vE '(source file is newer than notes file)|(the message is displayed only once per source file)' || echo "code coverage skipped"
381 382
  dependencies:
    - build:linux:amd64
Tomas Krizek's avatar
Tomas Krizek committed
383
  artifacts:
384 385 386
    when: always
    expire_in: '1 week'
    paths:
387
      - kresd.log.xz
388
      - results/*.txt
389
      - results/*.png
390
      - results/respdiff.db/data.mdb.xz
391
      - ./*.info
392 393 394 395 396
  tags:
    - docker
    - linux
    - amd64

397

398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444
.resperf:  &resperf
  stage: respdiff
  dependencies: []
  only:  # trigger job only in repos under our control
    - branches@knot/knot-resolver
    - branches@knot/knot-resolver-security
  except:
    - master
  script:
    - git diff-index --name-only origin/master | grep -qEv '^(AUTHORS|ci/|config.mk|COPYING|distro/|doc/|etc/|NEWS|README.md|scripts/|tests/|\.gitignore|\.gitlab-ci\.yml|\.travis\.yml)' || test $RESPERF_FORCE -gt 0 || exit 0
    - export LABEL=gl$(date +%s)
    - export COMMITDIR="/var/tmp/respdiff-jobs/$(git rev-parse --short HEAD)-$LABEL"
    - export TESTDIR="$COMMITDIR/$RESPERF_TEST"
    - ln -s $COMMITDIR resperf_commitdir
    - >
      sudo -u respdiff /var/opt/respdiff/contrib/job_manager/submit.py -w
      $(sudo -u respdiff /var/opt/respdiff/contrib/job_manager/create.py
      "$(git rev-parse --short HEAD)" -l $LABEL --asan -t $RESPERF_TEST)
    - export EXITCODE=$(cat $TESTDIR/j*_exitcode)
    - if [[ "$EXITCODE" == "0" ]]; then cat $TESTDIR/j*_resperf.txt; else cat $TESTDIR/j*_kresd.docker.txt; fi
    - exit $EXITCODE
  after_script:
    - 'cp -t . resperf_commitdir/$RESPERF_TEST/j* ||:'
  artifacts:
    when: always
    expire_in: 1 week
    paths:
      - ./j*
  tags:
    - respdiff

resperf:fwd-tls6.udp-asan:
  <<: *resperf
  variables:
    RESPERF_TEST: resperf.fwd-tls6.udp

resperf:fwd-udp6.udp-asan:
  <<: *resperf
  variables:
    RESPERF_TEST: resperf.fwd-udp6.udp

resperf:iter.udp-asan:
  <<: *resperf
  variables:
    RESPERF_TEST: resperf.iter.udp


445
distro:fedora-29:
446
  stage: test
447
  except:
448
    - master
449
  image: $CI_REGISTRY/knot/knot-resolver/ci/fedora
450 451 452
  only:  # trigger job only in repos under our control
    - branches@knot/knot-resolver
    - branches@knot/knot-resolver-security
453 454 455
  dependencies:
    - srpm
  script:
456
    - mock --no-clean --old-chroot -r fedora-29-x86_64 --rebuild *.src.rpm || (cat /var/lib/mock/fedora-29-x86_64/result/build.log; false)
457
  after_script:
458
    - mv /var/lib/mock/fedora-29-x86_64/result fedora-29-x86_64
459 460 461 462
  artifacts:
    when: always
    expire_in: '1 week'
    paths:
463
      - fedora-29-x86_64/
464
  tags:
Tomas Krizek's avatar
Tomas Krizek committed
465
    - privileged  # mock requires additional capabilities (e.g. mount)
466 467 468

distro:epel-7:
  stage: test
469
  except:
470
    - master
471
  image: $CI_REGISTRY/knot/knot-resolver/ci/fedora
472 473 474
  only:  # trigger job only in repos under our control
    - branches@knot/knot-resolver
    - branches@knot/knot-resolver-security
475 476 477
  dependencies:
    - srpm
  script:
478
    - mock --no-clean --dnf --old-chroot -r epel-7-x86_64 --rebuild *.src.rpm || (cat /var/lib/mock/epel-7-x86_64/result/build.log; false)
479 480 481 482 483 484 485 486
  after_script:
    - mv /var/lib/mock/epel-7-x86_64/result epel-7-x86_64
  artifacts:
    when: always
    expire_in: '1 week'
    paths:
      - epel-7-x86_64/
  tags:
Tomas Krizek's avatar
Tomas Krizek committed
487
    - privileged  # mock require additional capabilities (e.g. mount)
488

489
# compute coverage for runs with COVERAGE=1
490 491
coverage:
  stage: coverage
492
  except:
493
    - master
494
    - branches@knot/knot-resolver-security
495 496 497
  only:
    variables:
      - $COVERAGE == "1"
498
  script:
499
    - make coverage
500 501 502 503
  artifacts:
    expire_in: '1 week'
    paths:
      - coverage
504 505
  coverage: '/lines\.+:\s(\d+.\d+\%)/'
  dependencies:
506
    - build:linux:amd64
507 508 509
    - test:linux:amd64
    - installcheck:linux:amd64
    - deckard:linux:amd64
510
    - respdiff:iter:udp:linux:amd64
511 512 513 514 515
  tags:
    - docker
    - linux
    - amd64

516 517 518 519
# publish coverage only for master branch
pages:
  stage: deploy
  only:
520 521 522 523
    refs:
      - nightly@knot/knot-resolver
    variables:
      - $COVERAGE == "1"
524 525 526 527 528 529 530 531 532
  dependencies:
    - coverage
  script:
    - mv coverage/ public/
  artifacts:
    expire_in: '30 days'
    paths:
      - public

Tomas Krizek's avatar
Tomas Krizek committed
533
# trigger obs build for master branch
534
obs:devel:
Tomas Krizek's avatar
Tomas Krizek committed
535 536
  stage: deploy
  only:
537 538 539 540
    variables:
      - $OBS_BUILD == "1"
    refs:
      - nightly@knot/knot-resolver
Tomas Krizek's avatar
Tomas Krizek committed
541 542
  dependencies: []
  script:
543
    - scripts/make-archive.sh
544
    - scripts/make-distrofiles.sh
545
    - echo -e "[general]\napiurl = https://api.opensuse.org\n\n[https://api.opensuse.org]\nuser = CZ-NIC-automation\npass = $OBS_PASSWORD" > /root/.oscrc
Tomas Krizek's avatar
Tomas Krizek committed
546 547
    - scripts/build-in-obs.sh knot-dns-devel  # build against latest development version of knot
    - scripts/build-in-obs.sh knot-resolver-devel  # build against knot in knot-resolver-latest
Tomas Krizek's avatar
Tomas Krizek committed
548

549 550 551 552 553 554 555 556 557 558 559
pkg:debian:symbols:libkres:
  variables:
    LIB_NAME: libkres
    LIB_ABI: 8
  stage: deploy
  only:
    variables:
      - $OBS_BUILD == "1"
    refs:
      - nightly@knot/knot-resolver
  except:
560
    - master
561 562 563 564 565 566 567 568 569
  script:
    - ln -s distro/deb debian
    - sed -i "s/__VERSION__/99/g" distro/deb/changelog
    - dpkg-gensymbols -c4 -elib/$LIB_NAME.so.$LIB_ABI -P. -p$LIB_NAME$LIB_ABI
  allow_failure: true
  dependencies:
    - build:linux:amd64


570 571 572 573 574 575 576 577 578 579 580 581
# copy snapshot of current master to nightly branch for further processing
# (this is workaround for missing complex conditions for job limits in Gitlab)
nightly:copy:
  stage: deploy
  only:
    variables:
      - $CREATE_NIGHTLY == "1"
    refs:
      - master@knot/knot-resolver
  dependencies: []
  script:
    # delete nightly branch
582
    - 'curl --request PUT --header "PRIVATE-TOKEN: $GITLAB_API_TOKEN" "https://gitlab.labs.nic.cz/api/v4/projects/147/repository/branches/nightly/unprotect"'
583 584 585
    - 'curl --request DELETE --header "PRIVATE-TOKEN: $GITLAB_API_TOKEN" "https://gitlab.labs.nic.cz/api/v4/projects/147/repository/branches/nightly"'
    # recreate nightly branch from current master
    - 'curl --request POST --header "PRIVATE-TOKEN: $GITLAB_API_TOKEN" "https://gitlab.labs.nic.cz/api/v4/projects/147/repository/branches?branch=nightly&ref=master"'
586
    - 'curl --request PUT --header "PRIVATE-TOKEN: $GITLAB_API_TOKEN" "https://gitlab.labs.nic.cz/api/v4/projects/147/repository/branches/nightly/protect"'
587 588


589 590 591 592 593 594 595 596 597 598 599 600 601 602 603 604 605 606 607
#arm_build:
#  image: cznic/armhf-ubuntu:16.04
#  stage: build
#  script:
#    - make -k all
#  tags:
#    - docker
#    - linux
#    - arm

#arm_test:
#  image: armv7/armhf-ubuntu:16.04
#  stage: test
#  script:
#    - make -k check
#  tags:
#    - docker
#    - linux
#    - arm