.gitlab-ci.yml 14.5 KB
Newer Older
1
# vim:foldmethod=marker
2 3 4
variables:
  DEBIAN_FRONTEND: noninteractive
  LC_ALL: C.UTF-8
5
  GIT_SUBMODULE_STRATEGY: recursive
6
  GIT_STRATEGY: clone # sometimes unclean submodule dirs otherwise
7 8
  RESPDIFF_PRIORITY: 5
  RESPDIFF_COUNT: 1
9
  RESPDIFF_FORCE: 0
10
  RESPERF_FORCE: 0
11
  KNOT_VERSION: '2.7'
12 13
  LIBKRES_ABI: 9
  LIBKRES_NAME: libkres
14

15
image: $CI_REGISTRY/knot/knot-resolver/ci/debian-buster:knot-$KNOT_VERSION
16

17 18 19
stages:
  - build
  - test
20
  - extended
21 22
  - deploy

23
# build {{{
24
.build: &build
25
  stage: build
26
  except:
27
    - master
28
  artifacts:
29 30 31 32
    when: always
    paths:
      - .local
      - 'build_ci*'
33 34 35 36 37
  tags:
    - docker
    - linux
    - amd64

Tomas Krizek's avatar
Tomas Krizek committed
38
build:
39
  <<: *build
Tomas Krizek's avatar
Tomas Krizek committed
40
  script:
41 42 43 44
    - meson build_ci --default-library=static --prefix=$CI_PROJECT_DIR/.local -Dwerror=true -Dpostinstall_tests=enabled
    - ninja -C build_ci
    - ninja -C build_ci install >/dev/null
    - meson test -C build_ci --suite unit --suite config --print-errorlogs
45

Tomas Krizek's avatar
Tomas Krizek committed
46
build-asan:
47
  <<: *build
48
  script:
49 50 51 52 53 54 55 56
    - meson build_ci_asan --default-library=static --prefix=$CI_PROJECT_DIR/.local -Db_sanitize=address,undefined -Dpostinstall_tests=enabled
    - ninja -C build_ci_asan
    - ninja -C build_ci_asan install >/dev/null
    - meson test -C build_ci_asan --suite unit --suite config --print-errorlogs
  # TODO remove allow_failure and privileged
  allow_failure: true
  tags:
    - privileged
Tomas Krizek's avatar
Tomas Krizek committed
57 58

# NOTE: build for turris when meson is available and packaging files updated
Tomas Krizek's avatar
Tomas Krizek committed
59
#build:turris:
60
#  <<: *build
Tomas Krizek's avatar
Tomas Krizek committed
61 62 63 64 65 66 67 68 69 70 71 72 73 74
#  image: $CI_REGISTRY/knot/knot-resolver/ci/turris:omnia
#  script:
#    - ./scripts/make-archive.sh
#    - cp knot-resolver*.tar.xz /tmp/turris/dl/
#    - ./scripts/make-distrofiles.sh
#    - cp -r distro/turris /tmp/turris/package/knot-resolver
#    - pushd /tmp/turris
#    - export PATH=$PATH:$PWD/staging_dir/toolchain-*/bin
#    - USE_CCACHE=n make CC=arm-openwrt-linux-gcc CXX=arm-openwrt-linux-g++ LD=arm-openwrt-linux-ld -C $PWD V=s
#    - popd
#    - cp /tmp/turris/bin/mvebu-musl/packages/base/*.ipk ./
#  artifacts:
#    paths:
#      - "*.ipk"
75

76
kres-gen:
77 78
  <<: *build
  artifacts:
79 80 81 82 83 84 85 86
  tags:
    - docker
  script:
    - meson build_ci --prefix=$CI_PROJECT_DIR/.local
    - ninja -C build_ci lib/libkres.so.${LIBKRES_ABI}
    - ninja -C build_ci kres-gen
    - git diff --quiet || (git diff; exit 1)

87
srpm:
88
  <<: *build
89
  image: $CI_REGISTRY/knot/knot-resolver/ci/fedora
90 91 92 93 94
  artifacts:
    when: always
    expire_in: '1 week'
    paths:
      - "*.src.rpm"
95 96 97
  allow_failure: true  # don't block testing pipeline in case of failure
  script:
    - scripts/make-srpm.sh
98 99 100
# }}}

# test {{{
101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117
.test: &test
  stage: test
  except:
    - master
  tags:
    - docker
    - linux
    - amd64
  dependencies:
    - build  # NOTE switch to asan if build passes (where it makes sense)
  before_script:
    # meson detects changes and performs useless rebuild; hide the log
    - ninja -C build_ci* &>/dev/null
  artifacts:
    when: always
    paths:
      - build_ci*/meson-logs/testlog.txt
Tomas Krizek's avatar
Tomas Krizek committed
118
      - tmpdeckard*
119 120 121 122 123 124 125 126 127 128 129

.test_flaky: &test_flaky
  <<: *test
  except:
    refs:
      - master
    variables:
      # prevent flaky test from cancelling the rest of pipeline
      - $SKIP_FLAKY == "1"  # TODO use this variable in schedules


130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146
lint:pedantic:
  stage: test  # could be in build already, but let's not block the test stage if this fails
  dependencies: []  # do not download build artifacts
  except:
    - master
  variables:
    CFLAGS: -Werror -Wall -Wpedantic -ggdb -std=gnu11
  script:
    - make -k all
    - make clean
    - make -k all CC=clang CXX=clang++ \
        CFLAGS="$CFLAGS -Wno-newline-eof -Wno-gnu-zero-variadic-macro-arguments -Wno-gnu-folding-constant"
  tags:
    - docker
    - linux
    - amd64

Petr Špaček's avatar
Petr Špaček committed
147 148
lint:lua:
  stage: test
149
  except:
150
    - master
Petr Špaček's avatar
Petr Špaček committed
151 152
  dependencies: []  # do not download build artifacts
  script:
153 154 155 156 157 158
    - make lint-lua
  tags:
    - docker

lint:c:
  stage: test
159
  except:
160
    - master
161 162
  dependencies: []  # do not download build artifacts
  script:
163
    - make lint-c CLANG_TIDY="clang-tidy -quiet"
Petr Špaček's avatar
Petr Špaček committed
164 165 166
  tags:
    - docker

167 168
lint:clang-scan-build:
  stage: test
169
  except:
170
    - master
171 172
  dependencies: []  # do not download build artifacts
  script:
173
    - MAKEFLAGS="-k -j$(nproc)" SCAN_BUILD="scan-build -o scan-results --status-bugs -no-failure-reports" ./tests/clang_scan_build.sh make || true
174
    - test "$(ls scan-results/*/report-*.html | wc -l)" = 6 # we have this many errors ATM :-)
175 176 177 178 179 180 181 182
  artifacts:
    when: on_failure
    expire_in: '1 day'
    paths:
      - scan-results
  tags:
    - docker

Tomas Krizek's avatar
Tomas Krizek committed
183
docker:
184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199
  stage: test
  image: docker:latest
  except:
    - master
  tags:
    - dind
  dependencies: []
  variables:
    DOCKER_IMAGE_NAME: knot-resolver-test:${CI_COMMIT_SHA}
  script:
    - docker build --no-cache -t ${DOCKER_IMAGE_NAME} .
    - echo "quit()" | docker run -i ${DOCKER_IMAGE_NAME}
  after_script:  # remove dangling images to avoid running out of disk space
    - docker rmi ${DOCKER_IMAGE_NAME}
    - docker rmi $(docker images -f "dangling=true" -q)

Petr Špaček's avatar
Petr Špaček committed
200 201
doc:
  stage: test
202
  except:
203
    - master
Petr Špaček's avatar
Petr Špaček committed
204 205 206 207 208 209 210 211 212 213
  script:
    - SPHINXFLAGS="-W" make doc
  dependencies: []
  artifacts:
    expire_in: 1 hour
    paths:
      - ./doc/*
  tags:
    - docker

Tomas Krizek's avatar
Tomas Krizek committed
214
deckard:
Tomas Krizek's avatar
Tomas Krizek committed
215
  <<: *test_flaky
216 217
  variables:
    TMPDIR: $CI_PROJECT_DIR
218
  script:
Tomas Krizek's avatar
Tomas Krizek committed
219
    - meson test -C build_ci* --suite integration
220

221
test:valgrind:
222
  <<: *test
223
  script:
224
    - meson test -C build_ci --suite unit --suite config --wrap="valgrind --leak-check=full --trace-children=yes --quiet --suppressions=/lj.supp"
225

Tomas Krizek's avatar
Tomas Krizek committed
226
build:darwin:
227 228 229 230 231 232 233 234 235
  stage: test
  except:
    - master
  script:
    - ci/travis.py ${CI_COMMIT_REF_NAME}
  dependencies: []
  tags:
    - docker

236
# temporarily disabled - we need to fix issues first
Tomas Krizek's avatar
Tomas Krizek committed
237
#deckard:valgrind:
238 239 240 241 242 243 244 245 246 247
#  stage: test
#  script:
#    # TODO: valgrind missing parameter --error-exitcode=1 to fail make on error
#    - cd tests/deckard && DAEMON=valgrind ADDITIONAL="--leak-check=full --trace-children=yes --quiet --suppressions=/lj.supp $PREFIX/sbin/kresd -f 1" MAKEFLAGS="-j $(nproc) --keep-going" make
#  artifacts:
#    when: on_failure
#    expire_in: 1 week
#    paths:
#      - tmpdeckard*
#  dependencies:
Tomas Krizek's avatar
Tomas Krizek committed
248
#    - build
249 250 251 252
#  tags:
#    - docker
#    - linux
#    - amd64
253

254 255 256 257 258 259 260 261 262 263 264 265
pytests:lint:
  stage: test
  dependencies: []
  except:
    - master
  script:
    - ./ci/pytests/lint.sh
  tags:
    - docker
    - linux
    - amd64

266 267
pytests 1/2:
  <<: *test_flaky
268
  script:
269
    - meson test -C build_ci pytests.single --print-errorlogs
270

271 272
pytests 2/2:
  <<: *test_flaky
273
  script:
274
    - meson test -C build_ci* pytests.parallel --print-errorlogs
275

Tomas Krizek's avatar
Tomas Krizek committed
276
respdiff:basic:
277 278 279 280 281 282 283 284 285 286 287 288 289 290
  stage: test
  except:
    - master
  script:
    - source <(./scripts/coverage_env.sh "$(pwd)" "$(pwd)/coverage.stats/respdiff" "iter/udp" --export)
    - ulimit -n "$(ulimit -Hn)" # applies only for kresd ATM
    - ./ci/respdiff/start-resolvers.sh
    - ./ci/respdiff/run-respdiff-tests.sh udp
    - cat results/respdiff.txt
    - echo 'test if mismatch rate < 1.0 %'
    - grep -q '^target disagrees.*0\.[0-9][0-9] %' results/respdiff.txt
    - killall --wait kresd
    - MAKEFLAGS="--jobs $(nproc)" test "${COVERAGE:-0}" -eq 1 && make coverage-c coverage-lua COVERAGE_STAGE=gcov-respdiff-iter-udp | grep -vE '(source file is newer than notes file)|(the message is displayed only once per source file)' || echo "code coverage skipped"
  dependencies:
Tomas Krizek's avatar
Tomas Krizek committed
291
    - build  # NOTE switch to asan if build passes
292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326
  artifacts:
    when: always
    expire_in: '1 week'
    paths:
      - kresd.log.xz
      - results/*.txt
      - results/*.png
      - results/respdiff.db/data.mdb.xz
      - ./*.info
  tags:
    - docker
    - linux
    - amd64

pkg:fedora-29:
  stage: test
  except:
    - master
  image: $CI_REGISTRY/knot/knot-resolver/ci/fedora
  only:  # trigger job only in repos under our control
    - branches@knot/knot-resolver
    - branches@knot/knot-resolver-security
  dependencies:
    - srpm
  script:
    - mock --no-clean --old-chroot -r fedora-29-x86_64 --rebuild *.src.rpm || (cat /var/lib/mock/fedora-29-x86_64/result/build.log; false)
  after_script:
    - mv /var/lib/mock/fedora-29-x86_64/result fedora-29-x86_64
  artifacts:
    when: always
    expire_in: '1 week'
    paths:
      - fedora-29-x86_64/
  tags:
    - privileged  # mock requires additional capabilities (e.g. mount)
327

328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352
pkg:epel-7:
  stage: test
  except:
    - master
  image: $CI_REGISTRY/knot/knot-resolver/ci/fedora
  only:  # trigger job only in repos under our control
    - branches@knot/knot-resolver
    - branches@knot/knot-resolver-security
  dependencies:
    - srpm
  script:
    - mock --no-clean --dnf --old-chroot -r epel-7-x86_64 --rebuild *.src.rpm || (cat /var/lib/mock/epel-7-x86_64/result/build.log; false)
  after_script:
    - mv /var/lib/mock/epel-7-x86_64/result epel-7-x86_64
  artifacts:
    when: always
    expire_in: '1 week'
    paths:
      - epel-7-x86_64/
  tags:
    - privileged  # mock require additional capabilities (e.g. mount)

# }}}

# extended {{{
Tomas Krizek's avatar
Tomas Krizek committed
353
.respdiff:  &respdiff
354
  stage: extended
Tomas Krizek's avatar
Tomas Krizek committed
355
  dependencies: []
356 357 358
  only:  # trigger job only in repos under our control
    - branches@knot/knot-resolver
    - branches@knot/knot-resolver-security
359
  except:
360
    - master
Tomas Krizek's avatar
Tomas Krizek committed
361
  script:
362
    - git diff-index --name-only origin/master | grep -qEv '^(AUTHORS|ci/|config.mk|COPYING|distro/|doc/|etc/|NEWS|README.md|scripts/|tests/|\.gitignore|\.gitlab-ci\.yml|\.travis\.yml)' || test $RESPDIFF_FORCE -gt 0 || exit 0
363
    - export LABEL=gl$(date +%s)
364 365 366
    - export COMMITDIR="/var/tmp/respdiff-jobs/$(git rev-parse --short HEAD)-$LABEL"
    - export TESTDIR="$COMMITDIR/$RESPDIFF_TEST"
    - ln -s $COMMITDIR respdiff_commitdir
Tomas Krizek's avatar
Tomas Krizek committed
367 368
    - >
      sudo -u respdiff /var/opt/respdiff/contrib/job_manager/submit.py -w
369 370
      -p $RESPDIFF_PRIORITY
      -c $RESPDIFF_COUNT
Tomas Krizek's avatar
Tomas Krizek committed
371
      $(sudo -u respdiff /var/opt/respdiff/contrib/job_manager/create.py
372 373
      "$(git rev-parse --short HEAD)" -l $LABEL -t $RESPDIFF_TEST
      --respdiff-stats /var/tmp/respdiff-jobs/ref_current/*_${RESPDIFF_TEST}_stats.json)
374
    - for f in $TESTDIR/*.json; do test -s "$f" || (cat $TESTDIR/*stderr*; exit 1); done
375 376 377 378
    - sudo -u respdiff /var/opt/respdiff/contrib/job_manager/plot_ref.sh $TESTDIR/.. /var/tmp/respdiff-jobs/ref_current $RESPDIFF_TEST
  after_script:
    - 'cp -t . respdiff_commitdir/$RESPDIFF_TEST/j* ||:'
    - 'cp -t . respdiff_commitdir/*$RESPDIFF_TEST*.png ||:'
Tomas Krizek's avatar
Tomas Krizek committed
379 380 381 382 383
  artifacts:
    when: always
    expire_in: 1 week
    paths:
      - ./j*
384
      - ./*.png
Tomas Krizek's avatar
Tomas Krizek committed
385 386 387
  tags:
    - respdiff

Tomas Krizek's avatar
Tomas Krizek committed
388
fwd-tls6-kresd.udp6:
Tomas Krizek's avatar
Tomas Krizek committed
389 390
  <<: *respdiff
  variables:
391
    RESPDIFF_TEST: shortlist.fwd-tls6-kresd.udp6.j256
Tomas Krizek's avatar
Tomas Krizek committed
392

Tomas Krizek's avatar
Tomas Krizek committed
393
fwd-udp6-kresd.udp6:
Tomas Krizek's avatar
Tomas Krizek committed
394 395 396 397
  <<: *respdiff
  variables:
    RESPDIFF_TEST: shortlist.fwd-udp6-kresd.udp6.j384

Tomas Krizek's avatar
Tomas Krizek committed
398
iter.udp6:
Tomas Krizek's avatar
Tomas Krizek committed
399 400 401 402
  <<: *respdiff
  variables:
    RESPDIFF_TEST: shortlist.iter.udp6.j384

Tomas Krizek's avatar
Tomas Krizek committed
403
iter.tls6:
Tomas Krizek's avatar
Tomas Krizek committed
404 405 406 407
  <<: *respdiff
  variables:
    RESPDIFF_TEST: shortlist.iter.tls6.j384

Tomas Krizek's avatar
Tomas Krizek committed
408
fwd-udp6-unbound.udp6:
Tomas Krizek's avatar
Tomas Krizek committed
409 410
  <<: *respdiff
  variables:
Tomas Krizek's avatar
Tomas Krizek committed
411
    RESPDIFF_TEST: shortlist.fwd-udp6-unbound.udp6.j256
Tomas Krizek's avatar
Tomas Krizek committed
412

Tomas Krizek's avatar
Tomas Krizek committed
413
fwd-udp6-unbound.tcp6:
Tomas Krizek's avatar
Tomas Krizek committed
414 415
  <<: *respdiff
  variables:
Tomas Krizek's avatar
Tomas Krizek committed
416
    RESPDIFF_TEST: shortlist.fwd-udp6-unbound.tcp6.j256
Tomas Krizek's avatar
Tomas Krizek committed
417

Tomas Krizek's avatar
Tomas Krizek committed
418
fwd-udp6-unbound.tls6:
Tomas Krizek's avatar
Tomas Krizek committed
419 420
  <<: *respdiff
  variables:
Tomas Krizek's avatar
Tomas Krizek committed
421
    RESPDIFF_TEST: shortlist.fwd-udp6-unbound.tls6.j256
Tomas Krizek's avatar
Tomas Krizek committed
422

423
.resperf:  &resperf
424
  stage: extended
425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467
  dependencies: []
  only:  # trigger job only in repos under our control
    - branches@knot/knot-resolver
    - branches@knot/knot-resolver-security
  except:
    - master
  script:
    - git diff-index --name-only origin/master | grep -qEv '^(AUTHORS|ci/|config.mk|COPYING|distro/|doc/|etc/|NEWS|README.md|scripts/|tests/|\.gitignore|\.gitlab-ci\.yml|\.travis\.yml)' || test $RESPERF_FORCE -gt 0 || exit 0
    - export LABEL=gl$(date +%s)
    - export COMMITDIR="/var/tmp/respdiff-jobs/$(git rev-parse --short HEAD)-$LABEL"
    - export TESTDIR="$COMMITDIR/$RESPERF_TEST"
    - ln -s $COMMITDIR resperf_commitdir
    - >
      sudo -u respdiff /var/opt/respdiff/contrib/job_manager/submit.py -w
      $(sudo -u respdiff /var/opt/respdiff/contrib/job_manager/create.py
      "$(git rev-parse --short HEAD)" -l $LABEL --asan -t $RESPERF_TEST)
    - export EXITCODE=$(cat $TESTDIR/j*_exitcode)
    - if [[ "$EXITCODE" == "0" ]]; then cat $TESTDIR/j*_resperf.txt; else cat $TESTDIR/j*_kresd.docker.txt; fi
    - exit $EXITCODE
  after_script:
    - 'cp -t . resperf_commitdir/$RESPERF_TEST/j* ||:'
  artifacts:
    when: always
    expire_in: 1 week
    paths:
      - ./j*
  tags:
    - respdiff

resperf:fwd-tls6.udp-asan:
  <<: *resperf
  variables:
    RESPERF_TEST: resperf.fwd-tls6.udp

resperf:fwd-udp6.udp-asan:
  <<: *resperf
  variables:
    RESPERF_TEST: resperf.fwd-udp6.udp

resperf:iter.udp-asan:
  <<: *resperf
  variables:
    RESPERF_TEST: resperf.iter.udp
468
# }}}
469

470
# deploy {{{
Tomas Krizek's avatar
Tomas Krizek committed
471
pkg:obs:devel:
Tomas Krizek's avatar
Tomas Krizek committed
472 473
  stage: deploy
  only:
474 475 476 477
    variables:
      - $OBS_BUILD == "1"
    refs:
      - nightly@knot/knot-resolver
Tomas Krizek's avatar
Tomas Krizek committed
478 479
  dependencies: []
  script:
480
    - scripts/make-archive.sh
481
    - scripts/make-distrofiles.sh
482
    - echo -e "[general]\napiurl = https://api.opensuse.org\n\n[https://api.opensuse.org]\nuser = CZ-NIC-automation\npass = $OBS_PASSWORD" > /root/.oscrc
Tomas Krizek's avatar
Tomas Krizek committed
483 484
    - scripts/build-in-obs.sh knot-dns-devel  # build against latest development version of knot
    - scripts/build-in-obs.sh knot-resolver-devel  # build against knot in knot-resolver-latest
Tomas Krizek's avatar
Tomas Krizek committed
485

Tomas Krizek's avatar
Tomas Krizek committed
486
pkg:debian.symbols:
487
  stage: deploy
488
  only:  # TODO run this pre-release only
489 490 491 492 493
    variables:
      - $OBS_BUILD == "1"
    refs:
      - nightly@knot/knot-resolver
  except:
494
    - master
495 496 497
  script:
    - ln -s distro/deb debian
    - sed -i "s/__VERSION__/99/g" distro/deb/changelog
498
    - dpkg-gensymbols -c4 -elib/$LIB_NAME.so.$LIBKRES_ABI -P. -p$LIBKRES_NAME$LIBKRES_ABI
499 500
  allow_failure: true
  dependencies:
Tomas Krizek's avatar
Tomas Krizek committed
501
    - build
502

503 504 505 506 507 508 509 510 511 512 513
root.hints:
  stage: deploy
  only:
    variables:
      - $OBS_BUILD == "1"
    refs:
      - nightly@knot/knot-resolver
  allow_failure: true
  script:
    - scripts/update-root-hints.sh

514 515 516 517 518 519 520 521 522 523 524 525
# copy snapshot of current master to nightly branch for further processing
# (this is workaround for missing complex conditions for job limits in Gitlab)
nightly:copy:
  stage: deploy
  only:
    variables:
      - $CREATE_NIGHTLY == "1"
    refs:
      - master@knot/knot-resolver
  dependencies: []
  script:
    # delete nightly branch
526
    - 'curl --request PUT --header "PRIVATE-TOKEN: $GITLAB_API_TOKEN" "https://gitlab.labs.nic.cz/api/v4/projects/147/repository/branches/nightly/unprotect"'
527 528 529
    - 'curl --request DELETE --header "PRIVATE-TOKEN: $GITLAB_API_TOKEN" "https://gitlab.labs.nic.cz/api/v4/projects/147/repository/branches/nightly"'
    # recreate nightly branch from current master
    - 'curl --request POST --header "PRIVATE-TOKEN: $GITLAB_API_TOKEN" "https://gitlab.labs.nic.cz/api/v4/projects/147/repository/branches?branch=nightly&ref=master"'
530
    - 'curl --request PUT --header "PRIVATE-TOKEN: $GITLAB_API_TOKEN" "https://gitlab.labs.nic.cz/api/v4/projects/147/repository/branches/nightly/protect"'
531
# }}}