.gitlab-ci.yml 12.7 KB
Newer Older
1
# vim:foldmethod=marker
2 3 4
variables:
  DEBIAN_FRONTEND: noninteractive
  LC_ALL: C.UTF-8
5
  GIT_SUBMODULE_STRATEGY: recursive
6
  GIT_STRATEGY: clone # sometimes unclean submodule dirs otherwise
7 8
  RESPDIFF_PRIORITY: 5
  RESPDIFF_COUNT: 1
9
  RESPDIFF_FORCE: 0
10
  RESPERF_FORCE: 0
Tomas Krizek's avatar
Tomas Krizek committed
11
  KNOT_VERSION: '2.8'
12 13
  LIBKRES_ABI: 9
  LIBKRES_NAME: libkres
Tomas Krizek's avatar
Tomas Krizek committed
14
  MESON_TEST: meson test -C build_ci* -t 2 --print-errorlogs
15
  PREFIX: $CI_PROJECT_DIR/.local
16

17
image: $CI_REGISTRY/knot/knot-resolver/ci/debian-buster:knot-$KNOT_VERSION
18

19 20 21
stages:
  - build
  - test
22
  - extended
23 24
  - deploy

25
# build {{{
26
.build: &build
27
  stage: build
28
  except:
29
    - master
30
  artifacts:
31 32 33
    when: always
    paths:
      - .local
34
      - build_ci*
35
      - build_dist/meson-dist/*.tar.xz
36 37 38 39 40
  tags:
    - docker
    - linux
    - amd64

41 42 43 44 45 46 47 48
archive:
  <<: *build
  variables:
    GIT_COMMITER_NAME: 'ci'
    EMAIL: 'ci@nic'
  script:
    - ./scripts/make-dev-archive.sh

Tomas Krizek's avatar
Tomas Krizek committed
49
build:
50
  <<: *build
Tomas Krizek's avatar
Tomas Krizek committed
51
  script:
52
    - meson build_ci --default-library=static --prefix=$PREFIX -Dwerror=true -Dextra_tests=enabled
53 54
    - ninja -C build_ci
    - ninja -C build_ci install >/dev/null
Tomas Krizek's avatar
Tomas Krizek committed
55
    - ${MESON_TEST} --suite unit --suite config
56

Tomas Krizek's avatar
Tomas Krizek committed
57
build-asan:
58
  <<: *build
59
  script:
60
    - meson build_ci_asan --default-library=static --prefix=$PREFIX -Db_sanitize=address -Dextra_tests=enabled
61 62
    - ninja -C build_ci_asan
    - ninja -C build_ci_asan install >/dev/null
63
    # TODO: not sure what exactly is wrong in leak detection on config tests
64
    - ASAN_OPTIONS=detect_leaks=0 ${MESON_TEST} --suite unit --suite config --no-suite skip_asan
Tomas Krizek's avatar
Tomas Krizek committed
65 66

# NOTE: build for turris when meson is available and packaging files updated
Tomas Krizek's avatar
Tomas Krizek committed
67
#build:turris:
68
#  <<: *build
Tomas Krizek's avatar
Tomas Krizek committed
69 70 71 72 73 74 75 76 77 78 79 80 81 82
#  image: $CI_REGISTRY/knot/knot-resolver/ci/turris:omnia
#  script:
#    - ./scripts/make-archive.sh
#    - cp knot-resolver*.tar.xz /tmp/turris/dl/
#    - ./scripts/make-distrofiles.sh
#    - cp -r distro/turris /tmp/turris/package/knot-resolver
#    - pushd /tmp/turris
#    - export PATH=$PATH:$PWD/staging_dir/toolchain-*/bin
#    - USE_CCACHE=n make CC=arm-openwrt-linux-gcc CXX=arm-openwrt-linux-g++ LD=arm-openwrt-linux-ld -C $PWD V=s
#    - popd
#    - cp /tmp/turris/bin/mvebu-musl/packages/base/*.ipk ./
#  artifacts:
#    paths:
#      - "*.ipk"
83

84
kres-gen:
85
  <<: *build
86 87 88
  tags:
    - docker
  script:
89
    - meson build_ci_lib --prefix=$PREFIX
90
    - ninja -C build_ci_lib daemon/kresd
91
    - ninja -C build_ci_lib kres-gen
92
    - git diff --quiet || (git diff; exit 1)
93 94 95
# }}}

# test {{{
96 97 98 99 100 101 102 103 104
.test: &test
  stage: test
  except:
    - master
  tags:
    - docker
    - linux
    - amd64
  dependencies:
105
    - build
106 107 108
  before_script:
    # meson detects changes and performs useless rebuild; hide the log
    - ninja -C build_ci* &>/dev/null
109
    - rm build_ci*/meson-logs/testlog*.txt  # start with clean testlog
110 111 112
  artifacts:
    when: always
    paths:
113
      - build_ci*/meson-logs/testlog*.txt
Tomas Krizek's avatar
Tomas Krizek committed
114
      - tmpdeckard*
115 116 117

.test_flaky: &test_flaky
  <<: *test
118 119 120 121
  retry:
    max: 1
    when:
      - script_failure
122

123 124 125 126 127 128 129 130
.test_nodep: &test_nodep
  stage: test
  except:
    - master
  dependencies: []  # do not download build artifacts
  tags:
    - docker

131 132 133 134 135 136 137
build:darwin:
  <<: *test_nodep
  when: delayed
  start_in: 3 minutes  # give the build in Travis CI time to finish
  script:
    - ci/travis.py ${CI_COMMIT_REF_NAME}

Tomas Krizek's avatar
Tomas Krizek committed
138 139 140 141
deckard:
  <<: *test_flaky
  variables:
    TMPDIR: $CI_PROJECT_DIR
142
  script:
Tomas Krizek's avatar
Tomas Krizek committed
143
    - ${MESON_TEST} --suite integration
144

Tomas Krizek's avatar
Tomas Krizek committed
145
doc:
146
  <<: *test_nodep
Tomas Krizek's avatar
Tomas Krizek committed
147 148
  when: delayed
  start_in: '30 seconds'
Petr Špaček's avatar
Petr Špaček committed
149
  script:
Tomas Krizek's avatar
Tomas Krizek committed
150 151
    - meson build_doc -Ddoc=enabled
    - ninja -C build_doc doc
152
  artifacts:
Tomas Krizek's avatar
Tomas Krizek committed
153
    expire_in: 1 hour
154
    paths:
Tomas Krizek's avatar
Tomas Krizek committed
155
      - doc/html
156

Tomas Krizek's avatar
Tomas Krizek committed
157
docker:
Tomas Krizek's avatar
Tomas Krizek committed
158
  <<: *test_nodep
159 160 161 162 163 164 165 166 167 168 169 170
  image: docker:latest
  tags:
    - dind
  variables:
    DOCKER_IMAGE_NAME: knot-resolver-test:${CI_COMMIT_SHA}
  script:
    - docker build --no-cache -t ${DOCKER_IMAGE_NAME} .
    - echo "quit()" | docker run -i ${DOCKER_IMAGE_NAME}
  after_script:  # remove dangling images to avoid running out of disk space
    - docker rmi ${DOCKER_IMAGE_NAME}
    - docker rmi $(docker images -f "dangling=true" -q)

Tomas Krizek's avatar
Tomas Krizek committed
171
lint:other:
172
  <<: *test_nodep
Tomas Krizek's avatar
Tomas Krizek committed
173 174
  when: delayed
  start_in: '30 seconds'
175 176
  stage: test
  script:
Tomas Krizek's avatar
Tomas Krizek committed
177 178 179 180
    - meson build_ci_lint &>/dev/null
    - ninja -C build_ci* pylint
    - ninja -C build_ci* flake8
    - ninja -C build_ci* luacheck
181

Tomas Krizek's avatar
Tomas Krizek committed
182 183 184 185
lint:pedantic:
  <<: *test_nodep
  when: delayed
  start_in: '30 seconds'
186 187 188 189
  tags:
    - docker
    - linux
    - amd64
Tomas Krizek's avatar
Tomas Krizek committed
190
  script:
191
    - meson build_pedantic_gcc -Dwerror=true -Dc_args='-Wpedantic' -Dextra_tests=enabled
Tomas Krizek's avatar
Tomas Krizek committed
192 193
    - ninja -C build_pedantic_gcc
    - >
194
      CC=clang CXX=clang++ meson build_pedantic_clang -Dwerror=true -Dextra_tests=enabled -Dc_args='
Tomas Krizek's avatar
Tomas Krizek committed
195 196
      -Wpedantic -Wno-newline-eof -Wno-gnu-zero-variadic-macro-arguments -Wno-gnu-folding-constant'
    - ninja -C build_pedantic_clang
197

Tomas Krizek's avatar
Tomas Krizek committed
198
lint:scan-build:
199
  <<: *test
Tomas Krizek's avatar
Tomas Krizek committed
200
  stage: test
201
  artifacts:
Tomas Krizek's avatar
Tomas Krizek committed
202 203
    when: on_failure
    expire_in: '1 day'
204
    paths:
Tomas Krizek's avatar
Tomas Krizek committed
205 206 207 208 209 210 211 212 213
      - build_ci*/meson-logs/scanbuild
  before_script: []
  script:
    - export SCANBUILD="scan-build --status-bugs -no-failure-reports $(./scripts/get-scanbuild-args.sh)"
    - ninja -C build_ci* scan-build || true
    - test "$(ls build_ci*/meson-logs/scanbuild/*/report-*.html | wc -l)" = 29 # we have this many errors ATM :-)

lint:tidy:
  <<: *test
214
  artifacts:
Tomas Krizek's avatar
Tomas Krizek committed
215 216
  script:
    - ninja -C build_ci* tidy
217

218
.pkgbuild: &pkgbuild
219 220 221 222 223 224 225 226
  stage: test
  except:
    - master
  image: $CI_REGISTRY/knot/knot-resolver/ci/fedora
  only:  # trigger job only in repos under our control
    - branches@knot/knot-resolver
    - branches@knot/knot-resolver-security
  dependencies:
227
    - archive
228 229 230
  artifacts:
    when: always
    paths:
231
      - epel-7-x86_64/
232
      - fedora-29-x86_64/
233
      - "*.src.rpm"
234 235
  tags:
    - privileged  # mock requires additional capabilities (e.g. mount)
236 237 238 239
  retry:
    max: 1
    when:
      - script_failure
240

241
pkg:epel-7:
242
  <<: *pkgbuild
243
  script:
244
    - ./scripts/make-srpm.sh
245 246 247 248
    - mock --no-clean --dnf --old-chroot -r epel-7-x86_64 --rebuild *.src.rpm || (cat /var/lib/mock/epel-7-x86_64/result/build.log; false)
  after_script:
    - mv /var/lib/mock/epel-7-x86_64/result epel-7-x86_64

249 250 251 252 253 254 255
pkg:fedora-29:
  <<: *pkgbuild
  script:
    - ./scripts/make-srpm.sh
    - mock --no-clean --old-chroot -r fedora-29-x86_64 --rebuild *.src.rpm || (cat /var/lib/mock/fedora-29-x86_64/result/build.log; false)
  after_script:
    - mv /var/lib/mock/fedora-29-x86_64/result fedora-29-x86_64
Tomas Krizek's avatar
Tomas Krizek committed
256 257 258

respdiff:basic:
  <<: *test
259 260
  dependencies:
    - build-asan
Tomas Krizek's avatar
Tomas Krizek committed
261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282
  script:
    - ulimit -n "$(ulimit -Hn)" # applies only for kresd ATM
    - ./ci/respdiff/start-resolvers.sh
    - ./ci/respdiff/run-respdiff-tests.sh udp
    - cat results/respdiff.txt
    - echo 'test if mismatch rate < 1.0 %'
    - grep -q '^target disagrees.*0\.[0-9][0-9] %' results/respdiff.txt
  after_script:
    - killall --wait kresd
  artifacts:
    when: always
    paths:
      - kresd.log.xz
      - results/*.txt
      - results/*.png
      - results/respdiff.db/data.mdb.xz
      - ./*.info
  tags:
    - docker
    - linux
    - amd64

283 284 285 286 287 288 289 290
root.hints:
  <<: *test_nodep
  only:
    refs:
      - /^release.*$/
  script:
    - scripts/update-root-hints.sh

Tomas Krizek's avatar
Tomas Krizek committed
291 292 293 294
test:valgrind:
  when: delayed
  start_in: '30 seconds'
  script:
295 296
    - ${MESON_TEST} --suite unit --suite config --no-suite snowflake --wrap="valgrind --leak-check=full --trace-children=yes --quiet --suppressions=/lj.supp"
    - MESON_TESTTHREADS=1 ${MESON_TEST} --wrap="valgrind --leak-check=full --trace-children=yes --quiet --suppressions=/lj.supp" --suite snowflake
297 298 299
# }}}

# extended {{{
300 301
pytests:
  <<: *test_flaky
302 303
  dependencies:
    - build-asan
304 305 306 307
  stage: extended  # use this stage to avoid clash with other resource-intensive jobs
  script:
    - ${MESON_TEST} --suite pytests

Tomas Krizek's avatar
Tomas Krizek committed
308
.respdiff:  &respdiff
309
  stage: extended
Tomas Krizek's avatar
Tomas Krizek committed
310
  dependencies: []
311 312 313
  only:  # trigger job only in repos under our control
    - branches@knot/knot-resolver
    - branches@knot/knot-resolver-security
314
  except:
315
    - master
Tomas Krizek's avatar
Tomas Krizek committed
316
  script:
317
    - git diff-index --name-only origin/master | grep -qEv '^(AUTHORS|ci/|config.mk|COPYING|distro/|doc/|etc/|NEWS|README.md|scripts/|tests/|\.gitignore|\.gitlab-ci\.yml|\.travis\.yml)' || test $RESPDIFF_FORCE -gt 0 || exit 0
318
    - export LABEL=gl$(date +%s)
319 320 321
    - export COMMITDIR="/var/tmp/respdiff-jobs/$(git rev-parse --short HEAD)-$LABEL"
    - export TESTDIR="$COMMITDIR/$RESPDIFF_TEST"
    - ln -s $COMMITDIR respdiff_commitdir
Tomas Krizek's avatar
Tomas Krizek committed
322 323
    - >
      sudo -u respdiff /var/opt/respdiff/contrib/job_manager/submit.py -w
324 325
      -p $RESPDIFF_PRIORITY
      -c $RESPDIFF_COUNT
Tomas Krizek's avatar
Tomas Krizek committed
326
      $(sudo -u respdiff /var/opt/respdiff/contrib/job_manager/create.py
Tomas Krizek's avatar
Tomas Krizek committed
327
      "$(git rev-parse --short HEAD)" -l $LABEL -t $RESPDIFF_TEST --knot-branch=$KNOT_VERSION
328
      --respdiff-stats /var/tmp/respdiff-jobs/ref_current/*_${RESPDIFF_TEST}_stats.json)
329
    - for f in $TESTDIR/*.json; do test -s "$f" || (cat $TESTDIR/*stderr*; exit 1); done
330 331 332 333
    - sudo -u respdiff /var/opt/respdiff/contrib/job_manager/plot_ref.sh $TESTDIR/.. /var/tmp/respdiff-jobs/ref_current $RESPDIFF_TEST
  after_script:
    - 'cp -t . respdiff_commitdir/$RESPDIFF_TEST/j* ||:'
    - 'cp -t . respdiff_commitdir/*$RESPDIFF_TEST*.png ||:'
Tomas Krizek's avatar
Tomas Krizek committed
334 335 336 337 338
  artifacts:
    when: always
    expire_in: 1 week
    paths:
      - ./j*
339
      - ./*.png
Tomas Krizek's avatar
Tomas Krizek committed
340 341 342
  tags:
    - respdiff

Tomas Krizek's avatar
Tomas Krizek committed
343
fwd-tls6-kresd.udp6:
Tomas Krizek's avatar
Tomas Krizek committed
344 345
  <<: *respdiff
  variables:
346
    RESPDIFF_TEST: shortlist.fwd-tls6-kresd.udp6.j256
Tomas Krizek's avatar
Tomas Krizek committed
347

Tomas Krizek's avatar
Tomas Krizek committed
348
fwd-udp6-kresd.udp6:
Tomas Krizek's avatar
Tomas Krizek committed
349 350 351 352
  <<: *respdiff
  variables:
    RESPDIFF_TEST: shortlist.fwd-udp6-kresd.udp6.j384

Tomas Krizek's avatar
Tomas Krizek committed
353
iter.udp6:
Tomas Krizek's avatar
Tomas Krizek committed
354 355 356 357
  <<: *respdiff
  variables:
    RESPDIFF_TEST: shortlist.iter.udp6.j384

Tomas Krizek's avatar
Tomas Krizek committed
358
iter.tls6:
Tomas Krizek's avatar
Tomas Krizek committed
359 360 361 362
  <<: *respdiff
  variables:
    RESPDIFF_TEST: shortlist.iter.tls6.j384

Tomas Krizek's avatar
Tomas Krizek committed
363
fwd-udp6-unbound.udp6:
Tomas Krizek's avatar
Tomas Krizek committed
364 365
  <<: *respdiff
  variables:
Tomas Krizek's avatar
Tomas Krizek committed
366
    RESPDIFF_TEST: shortlist.fwd-udp6-unbound.udp6.j256
Tomas Krizek's avatar
Tomas Krizek committed
367

Tomas Krizek's avatar
Tomas Krizek committed
368
fwd-udp6-unbound.tcp6:
Tomas Krizek's avatar
Tomas Krizek committed
369 370
  <<: *respdiff
  variables:
Tomas Krizek's avatar
Tomas Krizek committed
371
    RESPDIFF_TEST: shortlist.fwd-udp6-unbound.tcp6.j256
Tomas Krizek's avatar
Tomas Krizek committed
372

Tomas Krizek's avatar
Tomas Krizek committed
373
fwd-udp6-unbound.tls6:
Tomas Krizek's avatar
Tomas Krizek committed
374 375
  <<: *respdiff
  variables:
Tomas Krizek's avatar
Tomas Krizek committed
376
    RESPDIFF_TEST: shortlist.fwd-udp6-unbound.tls6.j256
Tomas Krizek's avatar
Tomas Krizek committed
377

378
.resperf:  &resperf
379
  stage: extended
380 381 382 383 384 385 386 387 388 389 390 391 392 393 394
  dependencies: []
  only:  # trigger job only in repos under our control
    - branches@knot/knot-resolver
    - branches@knot/knot-resolver-security
  except:
    - master
  script:
    - git diff-index --name-only origin/master | grep -qEv '^(AUTHORS|ci/|config.mk|COPYING|distro/|doc/|etc/|NEWS|README.md|scripts/|tests/|\.gitignore|\.gitlab-ci\.yml|\.travis\.yml)' || test $RESPERF_FORCE -gt 0 || exit 0
    - export LABEL=gl$(date +%s)
    - export COMMITDIR="/var/tmp/respdiff-jobs/$(git rev-parse --short HEAD)-$LABEL"
    - export TESTDIR="$COMMITDIR/$RESPERF_TEST"
    - ln -s $COMMITDIR resperf_commitdir
    - >
      sudo -u respdiff /var/opt/respdiff/contrib/job_manager/submit.py -w
      $(sudo -u respdiff /var/opt/respdiff/contrib/job_manager/create.py
395
      "$(git rev-parse --short HEAD)" -l $LABEL --asan -t $RESPERF_TEST --knot-branch=$KNOT_VERSION)
396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422
    - export EXITCODE=$(cat $TESTDIR/j*_exitcode)
    - if [[ "$EXITCODE" == "0" ]]; then cat $TESTDIR/j*_resperf.txt; else cat $TESTDIR/j*_kresd.docker.txt; fi
    - exit $EXITCODE
  after_script:
    - 'cp -t . resperf_commitdir/$RESPERF_TEST/j* ||:'
  artifacts:
    when: always
    expire_in: 1 week
    paths:
      - ./j*
  tags:
    - respdiff

resperf:fwd-tls6.udp-asan:
  <<: *resperf
  variables:
    RESPERF_TEST: resperf.fwd-tls6.udp

resperf:fwd-udp6.udp-asan:
  <<: *resperf
  variables:
    RESPERF_TEST: resperf.fwd-udp6.udp

resperf:iter.udp-asan:
  <<: *resperf
  variables:
    RESPERF_TEST: resperf.iter.udp
423
# }}}
424

425
# deploy {{{
Tomas Krizek's avatar
Tomas Krizek committed
426
pkg:obs:devel:
Tomas Krizek's avatar
Tomas Krizek committed
427 428
  stage: deploy
  only:
429 430 431 432
    variables:
      - $OBS_BUILD == "1"
    refs:
      - nightly@knot/knot-resolver
433 434
  dependencies:
    - archive
Tomas Krizek's avatar
Tomas Krizek committed
435
  script:
436
    - scripts/make-distrofiles.sh
437
    - echo -e "[general]\napiurl = https://api.opensuse.org\n\n[https://api.opensuse.org]\nuser = CZ-NIC-automation\npass = $OBS_PASSWORD" > /root/.oscrc
Tomas Krizek's avatar
Tomas Krizek committed
438 439
    - scripts/build-in-obs.sh knot-dns-devel  # build against latest development version of knot
    - scripts/build-in-obs.sh knot-resolver-devel  # build against knot in knot-resolver-latest
Tomas Krizek's avatar
Tomas Krizek committed
440

441 442 443 444 445 446 447 448 449 450 451 452
# copy snapshot of current master to nightly branch for further processing
# (this is workaround for missing complex conditions for job limits in Gitlab)
nightly:copy:
  stage: deploy
  only:
    variables:
      - $CREATE_NIGHTLY == "1"
    refs:
      - master@knot/knot-resolver
  dependencies: []
  script:
    # delete nightly branch
453
    - 'curl --request PUT --header "PRIVATE-TOKEN: $GITLAB_API_TOKEN" "https://gitlab.labs.nic.cz/api/v4/projects/147/repository/branches/nightly/unprotect"'
454 455 456
    - 'curl --request DELETE --header "PRIVATE-TOKEN: $GITLAB_API_TOKEN" "https://gitlab.labs.nic.cz/api/v4/projects/147/repository/branches/nightly"'
    # recreate nightly branch from current master
    - 'curl --request POST --header "PRIVATE-TOKEN: $GITLAB_API_TOKEN" "https://gitlab.labs.nic.cz/api/v4/projects/147/repository/branches?branch=nightly&ref=master"'
457
    - 'curl --request PUT --header "PRIVATE-TOKEN: $GITLAB_API_TOKEN" "https://gitlab.labs.nic.cz/api/v4/projects/147/repository/branches/nightly/protect"'
458
# }}}