.gitlab-ci.yml 12.8 KB
Newer Older
1
# vim:foldmethod=marker
2 3 4
variables:
  DEBIAN_FRONTEND: noninteractive
  LC_ALL: C.UTF-8
5
  GIT_SUBMODULE_STRATEGY: recursive
6
  GIT_STRATEGY: clone # sometimes unclean submodule dirs otherwise
7 8
  RESPDIFF_PRIORITY: 5
  RESPDIFF_COUNT: 1
9
  RESPDIFF_FORCE: 0
10
  RESPERF_FORCE: 0
11
  KNOT_VERSION: '2.7'
12 13
  LIBKRES_ABI: 9
  LIBKRES_NAME: libkres
Tomas Krizek's avatar
Tomas Krizek committed
14
  MESON_TEST: meson test -C build_ci* -t 2 --print-errorlogs
15
  PREFIX: $CI_PROJECT_DIR/.local
16

17
image: $CI_REGISTRY/knot/knot-resolver/ci/debian-buster:knot-$KNOT_VERSION
18

19 20 21
stages:
  - build
  - test
22
  - extended
23 24
  - deploy

25
# build {{{
26
.build: &build
27
  stage: build
28
  except:
29
    - master
30
  artifacts:
31 32 33
    when: always
    paths:
      - .local
34
      - build_ci*
35
      - build_dist/meson-dist/*.tar.xz
36 37 38 39 40
  tags:
    - docker
    - linux
    - amd64

41 42 43 44 45 46 47 48
archive:
  <<: *build
  variables:
    GIT_COMMITER_NAME: 'ci'
    EMAIL: 'ci@nic'
  script:
    - ./scripts/make-dev-archive.sh

Tomas Krizek's avatar
Tomas Krizek committed
49
build:
50
  <<: *build
Tomas Krizek's avatar
Tomas Krizek committed
51
  script:
52
    - meson build_ci --default-library=static --prefix=$PREFIX -Dwerror=true -Dextra_tests=enabled
53 54
    - ninja -C build_ci
    - ninja -C build_ci install >/dev/null
Tomas Krizek's avatar
Tomas Krizek committed
55
    - ${MESON_TEST} --suite unit --suite config
56

Tomas Krizek's avatar
Tomas Krizek committed
57
build-asan:
58
  <<: *build
59
  script:
60
    - meson build_ci_asan --default-library=static --prefix=$PREFIX -Db_sanitize=address -Dextra_tests=enabled
61 62
    - ninja -C build_ci_asan
    - ninja -C build_ci_asan install >/dev/null
63
    # TODO: not sure what exactly is wrong in leak detection on config tests
64
    - ASAN_OPTIONS=detect_leaks=0 ${MESON_TEST} --suite unit --suite config --no-suite skip_asan
65
  # TODO remove privileged when CI runners have --cap-add SYS_PTRACE
66 67
  tags:
    - privileged
Tomas Krizek's avatar
Tomas Krizek committed
68 69

# NOTE: build for turris when meson is available and packaging files updated
Tomas Krizek's avatar
Tomas Krizek committed
70
#build:turris:
71
#  <<: *build
Tomas Krizek's avatar
Tomas Krizek committed
72 73 74 75 76 77 78 79 80 81 82 83 84 85
#  image: $CI_REGISTRY/knot/knot-resolver/ci/turris:omnia
#  script:
#    - ./scripts/make-archive.sh
#    - cp knot-resolver*.tar.xz /tmp/turris/dl/
#    - ./scripts/make-distrofiles.sh
#    - cp -r distro/turris /tmp/turris/package/knot-resolver
#    - pushd /tmp/turris
#    - export PATH=$PATH:$PWD/staging_dir/toolchain-*/bin
#    - USE_CCACHE=n make CC=arm-openwrt-linux-gcc CXX=arm-openwrt-linux-g++ LD=arm-openwrt-linux-ld -C $PWD V=s
#    - popd
#    - cp /tmp/turris/bin/mvebu-musl/packages/base/*.ipk ./
#  artifacts:
#    paths:
#      - "*.ipk"
86

87
kres-gen:
88
  <<: *build
89 90 91
  tags:
    - docker
  script:
92 93 94
    - meson build_ci_lib --prefix=$PREFIX
    - ninja -C build_ci_lib lib/libkres.so.${LIBKRES_ABI}
    - ninja -C build_ci_lib kres-gen
95
    - git diff --quiet || (git diff; exit 1)
96 97 98
# }}}

# test {{{
99 100 101 102 103 104 105 106 107
.test: &test
  stage: test
  except:
    - master
  tags:
    - docker
    - linux
    - amd64
  dependencies:
108
    - build
109 110 111 112 113 114 115
  before_script:
    # meson detects changes and performs useless rebuild; hide the log
    - ninja -C build_ci* &>/dev/null
  artifacts:
    when: always
    paths:
      - build_ci*/meson-logs/testlog.txt
Tomas Krizek's avatar
Tomas Krizek committed
116
      - tmpdeckard*
117 118 119

.test_flaky: &test_flaky
  <<: *test
120 121 122 123
  retry:
    max: 1
    when:
      - script_failure
124

125 126 127 128 129 130 131 132
.test_nodep: &test_nodep
  stage: test
  except:
    - master
  dependencies: []  # do not download build artifacts
  tags:
    - docker

133 134 135 136 137 138 139
build:darwin:
  <<: *test_nodep
  when: delayed
  start_in: 3 minutes  # give the build in Travis CI time to finish
  script:
    - ci/travis.py ${CI_COMMIT_REF_NAME}

Tomas Krizek's avatar
Tomas Krizek committed
140 141 142 143
deckard:
  <<: *test_flaky
  variables:
    TMPDIR: $CI_PROJECT_DIR
144
  script:
Tomas Krizek's avatar
Tomas Krizek committed
145
    - ${MESON_TEST} --suite integration
146

Tomas Krizek's avatar
Tomas Krizek committed
147
doc:
148
  <<: *test_nodep
Tomas Krizek's avatar
Tomas Krizek committed
149 150
  when: delayed
  start_in: '30 seconds'
Petr Špaček's avatar
Petr Špaček committed
151
  script:
Tomas Krizek's avatar
Tomas Krizek committed
152 153
    - meson build_doc -Ddoc=enabled
    - ninja -C build_doc doc
154
  artifacts:
Tomas Krizek's avatar
Tomas Krizek committed
155
    expire_in: 1 hour
156
    paths:
Tomas Krizek's avatar
Tomas Krizek committed
157
      - doc/html
158

Tomas Krizek's avatar
Tomas Krizek committed
159
docker:
Tomas Krizek's avatar
Tomas Krizek committed
160
  <<: *test_nodep
161 162 163 164 165 166 167 168 169 170 171 172
  image: docker:latest
  tags:
    - dind
  variables:
    DOCKER_IMAGE_NAME: knot-resolver-test:${CI_COMMIT_SHA}
  script:
    - docker build --no-cache -t ${DOCKER_IMAGE_NAME} .
    - echo "quit()" | docker run -i ${DOCKER_IMAGE_NAME}
  after_script:  # remove dangling images to avoid running out of disk space
    - docker rmi ${DOCKER_IMAGE_NAME}
    - docker rmi $(docker images -f "dangling=true" -q)

Tomas Krizek's avatar
Tomas Krizek committed
173
lint:other:
174
  <<: *test_nodep
Tomas Krizek's avatar
Tomas Krizek committed
175 176
  when: delayed
  start_in: '30 seconds'
177 178
  stage: test
  script:
Tomas Krizek's avatar
Tomas Krizek committed
179 180 181 182
    - meson build_ci_lint &>/dev/null
    - ninja -C build_ci* pylint
    - ninja -C build_ci* flake8
    - ninja -C build_ci* luacheck
183

Tomas Krizek's avatar
Tomas Krizek committed
184 185 186 187
lint:pedantic:
  <<: *test_nodep
  when: delayed
  start_in: '30 seconds'
188 189 190 191
  tags:
    - docker
    - linux
    - amd64
Tomas Krizek's avatar
Tomas Krizek committed
192
  script:
193
    - meson build_pedantic_gcc -Dwerror=true -Dc_args='-Wpedantic' -Dextra_tests=enabled
Tomas Krizek's avatar
Tomas Krizek committed
194 195
    - ninja -C build_pedantic_gcc
    - >
196
      CC=clang CXX=clang++ meson build_pedantic_clang -Dwerror=true -Dextra_tests=enabled -Dc_args='
Tomas Krizek's avatar
Tomas Krizek committed
197 198
      -Wpedantic -Wno-newline-eof -Wno-gnu-zero-variadic-macro-arguments -Wno-gnu-folding-constant'
    - ninja -C build_pedantic_clang
199

Tomas Krizek's avatar
Tomas Krizek committed
200
lint:scan-build:
201
  <<: *test
Tomas Krizek's avatar
Tomas Krizek committed
202
  stage: test
203
  artifacts:
Tomas Krizek's avatar
Tomas Krizek committed
204 205
    when: on_failure
    expire_in: '1 day'
206
    paths:
Tomas Krizek's avatar
Tomas Krizek committed
207 208 209 210 211 212 213 214 215 216 217
      - build_ci*/meson-logs/scanbuild
  before_script: []
  script:
    - export SCANBUILD="scan-build --status-bugs -no-failure-reports $(./scripts/get-scanbuild-args.sh)"
    - ninja -C build_ci* scan-build || true
    - test "$(ls build_ci*/meson-logs/scanbuild/*/report-*.html | wc -l)" = 29 # we have this many errors ATM :-)

lint:tidy:
  <<: *test
  script:
    - ninja -C build_ci* tidy
218

219
.pkgbuild: &pkgbuild
220 221 222 223 224 225 226 227
  stage: test
  except:
    - master
  image: $CI_REGISTRY/knot/knot-resolver/ci/fedora
  only:  # trigger job only in repos under our control
    - branches@knot/knot-resolver
    - branches@knot/knot-resolver-security
  dependencies:
228
    - archive
229 230 231
  artifacts:
    when: always
    paths:
232
      - epel-7-x86_64/
233
      - fedora-29-x86_64/
234
      - "*.src.rpm"
235 236
  tags:
    - privileged  # mock requires additional capabilities (e.g. mount)
237

238 239 240 241 242 243 244 245 246 247 248 249 250
pkg:debian.symbols:
  <<: *test
  dependencies:
    - kres-gen
  before_script: []
  only:
    refs:
      - /^release.*$/
  script:
    - ln -s distro/deb debian
    - sed -i "s/__VERSION__/99/g" distro/deb/changelog
    - dpkg-gensymbols -c4 -ebuild_ci_lib/lib/$LIBKRES_NAME.so.$LIBKRES_ABI -P. -p$LIBKRES_NAME$LIBKRES_ABI

251
pkg:epel-7:
252
  <<: *pkgbuild
253
  script:
254
    - ./scripts/make-srpm.sh
255 256 257 258
    - mock --no-clean --dnf --old-chroot -r epel-7-x86_64 --rebuild *.src.rpm || (cat /var/lib/mock/epel-7-x86_64/result/build.log; false)
  after_script:
    - mv /var/lib/mock/epel-7-x86_64/result epel-7-x86_64

259 260 261 262 263 264 265
pkg:fedora-29:
  <<: *pkgbuild
  script:
    - ./scripts/make-srpm.sh
    - mock --no-clean --old-chroot -r fedora-29-x86_64 --rebuild *.src.rpm || (cat /var/lib/mock/fedora-29-x86_64/result/build.log; false)
  after_script:
    - mv /var/lib/mock/fedora-29-x86_64/result fedora-29-x86_64
Tomas Krizek's avatar
Tomas Krizek committed
266 267 268

respdiff:basic:
  <<: *test
269 270
  dependencies:
    - build-asan
Tomas Krizek's avatar
Tomas Krizek committed
271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292
  script:
    - ulimit -n "$(ulimit -Hn)" # applies only for kresd ATM
    - ./ci/respdiff/start-resolvers.sh
    - ./ci/respdiff/run-respdiff-tests.sh udp
    - cat results/respdiff.txt
    - echo 'test if mismatch rate < 1.0 %'
    - grep -q '^target disagrees.*0\.[0-9][0-9] %' results/respdiff.txt
  after_script:
    - killall --wait kresd
  artifacts:
    when: always
    paths:
      - kresd.log.xz
      - results/*.txt
      - results/*.png
      - results/respdiff.db/data.mdb.xz
      - ./*.info
  tags:
    - docker
    - linux
    - amd64

293 294 295 296 297 298 299 300
root.hints:
  <<: *test_nodep
  only:
    refs:
      - /^release.*$/
  script:
    - scripts/update-root-hints.sh

Tomas Krizek's avatar
Tomas Krizek committed
301 302 303 304 305 306
test:valgrind:
  <<: *test
  when: delayed
  start_in: '30 seconds'
  script:
    - ${MESON_TEST} --suite unit --suite config --wrap="valgrind --leak-check=full --trace-children=yes --quiet --suppressions=/lj.supp"
307 308 309
# }}}

# extended {{{
310 311
pytests:
  <<: *test_flaky
312 313
  dependencies:
    - build-asan
314 315 316 317
  stage: extended  # use this stage to avoid clash with other resource-intensive jobs
  script:
    - ${MESON_TEST} --suite pytests

Tomas Krizek's avatar
Tomas Krizek committed
318
.respdiff:  &respdiff
319
  stage: extended
Tomas Krizek's avatar
Tomas Krizek committed
320
  dependencies: []
321 322 323
  only:  # trigger job only in repos under our control
    - branches@knot/knot-resolver
    - branches@knot/knot-resolver-security
324
  except:
325
    - master
Tomas Krizek's avatar
Tomas Krizek committed
326
  script:
327
    - git diff-index --name-only origin/master | grep -qEv '^(AUTHORS|ci/|config.mk|COPYING|distro/|doc/|etc/|NEWS|README.md|scripts/|tests/|\.gitignore|\.gitlab-ci\.yml|\.travis\.yml)' || test $RESPDIFF_FORCE -gt 0 || exit 0
328
    - export LABEL=gl$(date +%s)
329 330 331
    - export COMMITDIR="/var/tmp/respdiff-jobs/$(git rev-parse --short HEAD)-$LABEL"
    - export TESTDIR="$COMMITDIR/$RESPDIFF_TEST"
    - ln -s $COMMITDIR respdiff_commitdir
Tomas Krizek's avatar
Tomas Krizek committed
332 333
    - >
      sudo -u respdiff /var/opt/respdiff/contrib/job_manager/submit.py -w
334 335
      -p $RESPDIFF_PRIORITY
      -c $RESPDIFF_COUNT
Tomas Krizek's avatar
Tomas Krizek committed
336
      $(sudo -u respdiff /var/opt/respdiff/contrib/job_manager/create.py
337 338
      "$(git rev-parse --short HEAD)" -l $LABEL -t $RESPDIFF_TEST
      --respdiff-stats /var/tmp/respdiff-jobs/ref_current/*_${RESPDIFF_TEST}_stats.json)
339
    - for f in $TESTDIR/*.json; do test -s "$f" || (cat $TESTDIR/*stderr*; exit 1); done
340 341 342 343
    - sudo -u respdiff /var/opt/respdiff/contrib/job_manager/plot_ref.sh $TESTDIR/.. /var/tmp/respdiff-jobs/ref_current $RESPDIFF_TEST
  after_script:
    - 'cp -t . respdiff_commitdir/$RESPDIFF_TEST/j* ||:'
    - 'cp -t . respdiff_commitdir/*$RESPDIFF_TEST*.png ||:'
Tomas Krizek's avatar
Tomas Krizek committed
344 345 346 347 348
  artifacts:
    when: always
    expire_in: 1 week
    paths:
      - ./j*
349
      - ./*.png
Tomas Krizek's avatar
Tomas Krizek committed
350 351 352
  tags:
    - respdiff

Tomas Krizek's avatar
Tomas Krizek committed
353
fwd-tls6-kresd.udp6:
Tomas Krizek's avatar
Tomas Krizek committed
354 355
  <<: *respdiff
  variables:
356
    RESPDIFF_TEST: shortlist.fwd-tls6-kresd.udp6.j256
Tomas Krizek's avatar
Tomas Krizek committed
357

Tomas Krizek's avatar
Tomas Krizek committed
358
fwd-udp6-kresd.udp6:
Tomas Krizek's avatar
Tomas Krizek committed
359 360 361 362
  <<: *respdiff
  variables:
    RESPDIFF_TEST: shortlist.fwd-udp6-kresd.udp6.j384

Tomas Krizek's avatar
Tomas Krizek committed
363
iter.udp6:
Tomas Krizek's avatar
Tomas Krizek committed
364 365 366 367
  <<: *respdiff
  variables:
    RESPDIFF_TEST: shortlist.iter.udp6.j384

Tomas Krizek's avatar
Tomas Krizek committed
368
iter.tls6:
Tomas Krizek's avatar
Tomas Krizek committed
369 370 371 372
  <<: *respdiff
  variables:
    RESPDIFF_TEST: shortlist.iter.tls6.j384

Tomas Krizek's avatar
Tomas Krizek committed
373
fwd-udp6-unbound.udp6:
Tomas Krizek's avatar
Tomas Krizek committed
374 375
  <<: *respdiff
  variables:
Tomas Krizek's avatar
Tomas Krizek committed
376
    RESPDIFF_TEST: shortlist.fwd-udp6-unbound.udp6.j256
Tomas Krizek's avatar
Tomas Krizek committed
377

Tomas Krizek's avatar
Tomas Krizek committed
378
fwd-udp6-unbound.tcp6:
Tomas Krizek's avatar
Tomas Krizek committed
379 380
  <<: *respdiff
  variables:
Tomas Krizek's avatar
Tomas Krizek committed
381
    RESPDIFF_TEST: shortlist.fwd-udp6-unbound.tcp6.j256
Tomas Krizek's avatar
Tomas Krizek committed
382

Tomas Krizek's avatar
Tomas Krizek committed
383
fwd-udp6-unbound.tls6:
Tomas Krizek's avatar
Tomas Krizek committed
384 385
  <<: *respdiff
  variables:
Tomas Krizek's avatar
Tomas Krizek committed
386
    RESPDIFF_TEST: shortlist.fwd-udp6-unbound.tls6.j256
Tomas Krizek's avatar
Tomas Krizek committed
387

388
.resperf:  &resperf
389
  stage: extended
390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432
  dependencies: []
  only:  # trigger job only in repos under our control
    - branches@knot/knot-resolver
    - branches@knot/knot-resolver-security
  except:
    - master
  script:
    - git diff-index --name-only origin/master | grep -qEv '^(AUTHORS|ci/|config.mk|COPYING|distro/|doc/|etc/|NEWS|README.md|scripts/|tests/|\.gitignore|\.gitlab-ci\.yml|\.travis\.yml)' || test $RESPERF_FORCE -gt 0 || exit 0
    - export LABEL=gl$(date +%s)
    - export COMMITDIR="/var/tmp/respdiff-jobs/$(git rev-parse --short HEAD)-$LABEL"
    - export TESTDIR="$COMMITDIR/$RESPERF_TEST"
    - ln -s $COMMITDIR resperf_commitdir
    - >
      sudo -u respdiff /var/opt/respdiff/contrib/job_manager/submit.py -w
      $(sudo -u respdiff /var/opt/respdiff/contrib/job_manager/create.py
      "$(git rev-parse --short HEAD)" -l $LABEL --asan -t $RESPERF_TEST)
    - export EXITCODE=$(cat $TESTDIR/j*_exitcode)
    - if [[ "$EXITCODE" == "0" ]]; then cat $TESTDIR/j*_resperf.txt; else cat $TESTDIR/j*_kresd.docker.txt; fi
    - exit $EXITCODE
  after_script:
    - 'cp -t . resperf_commitdir/$RESPERF_TEST/j* ||:'
  artifacts:
    when: always
    expire_in: 1 week
    paths:
      - ./j*
  tags:
    - respdiff

resperf:fwd-tls6.udp-asan:
  <<: *resperf
  variables:
    RESPERF_TEST: resperf.fwd-tls6.udp

resperf:fwd-udp6.udp-asan:
  <<: *resperf
  variables:
    RESPERF_TEST: resperf.fwd-udp6.udp

resperf:iter.udp-asan:
  <<: *resperf
  variables:
    RESPERF_TEST: resperf.iter.udp
433
# }}}
434

435
# deploy {{{
Tomas Krizek's avatar
Tomas Krizek committed
436
pkg:obs:devel:
Tomas Krizek's avatar
Tomas Krizek committed
437 438
  stage: deploy
  only:
439 440 441 442
    variables:
      - $OBS_BUILD == "1"
    refs:
      - nightly@knot/knot-resolver
Tomas Krizek's avatar
Tomas Krizek committed
443 444
  dependencies: []
  script:
445
    - scripts/make-archive.sh
446
    - scripts/make-distrofiles.sh
447
    - echo -e "[general]\napiurl = https://api.opensuse.org\n\n[https://api.opensuse.org]\nuser = CZ-NIC-automation\npass = $OBS_PASSWORD" > /root/.oscrc
Tomas Krizek's avatar
Tomas Krizek committed
448 449
    - scripts/build-in-obs.sh knot-dns-devel  # build against latest development version of knot
    - scripts/build-in-obs.sh knot-resolver-devel  # build against knot in knot-resolver-latest
Tomas Krizek's avatar
Tomas Krizek committed
450

451 452 453 454 455 456 457 458 459 460 461 462
# copy snapshot of current master to nightly branch for further processing
# (this is workaround for missing complex conditions for job limits in Gitlab)
nightly:copy:
  stage: deploy
  only:
    variables:
      - $CREATE_NIGHTLY == "1"
    refs:
      - master@knot/knot-resolver
  dependencies: []
  script:
    # delete nightly branch
463
    - 'curl --request PUT --header "PRIVATE-TOKEN: $GITLAB_API_TOKEN" "https://gitlab.labs.nic.cz/api/v4/projects/147/repository/branches/nightly/unprotect"'
464 465 466
    - 'curl --request DELETE --header "PRIVATE-TOKEN: $GITLAB_API_TOKEN" "https://gitlab.labs.nic.cz/api/v4/projects/147/repository/branches/nightly"'
    # recreate nightly branch from current master
    - 'curl --request POST --header "PRIVATE-TOKEN: $GITLAB_API_TOKEN" "https://gitlab.labs.nic.cz/api/v4/projects/147/repository/branches?branch=nightly&ref=master"'
467
    - 'curl --request PUT --header "PRIVATE-TOKEN: $GITLAB_API_TOKEN" "https://gitlab.labs.nic.cz/api/v4/projects/147/repository/branches/nightly/protect"'
468
# }}}