.gitlab-ci.yml 13.5 KB
Newer Older
1
# vim:foldmethod=marker
2 3 4
variables:
  DEBIAN_FRONTEND: noninteractive
  LC_ALL: C.UTF-8
5
  GIT_SUBMODULE_STRATEGY: recursive
6
  GIT_STRATEGY: clone # sometimes unclean submodule dirs otherwise
7 8
  RESPDIFF_PRIORITY: 5
  RESPDIFF_COUNT: 1
9
  RESPDIFF_FORCE: 0
10
  RESPERF_FORCE: 0
11
  KNOT_VERSION: '2.7'
12 13
  LIBKRES_ABI: 9
  LIBKRES_NAME: libkres
Tomas Krizek's avatar
Tomas Krizek committed
14
  MESON_TEST: meson test -C build_ci* -t 2 --print-errorlogs
15
  PREFIX: $CI_PROJECT_DIR/.local
16

17
image: $CI_REGISTRY/knot/knot-resolver/ci/debian-buster:knot-$KNOT_VERSION
18

19 20 21
stages:
  - build
  - test
22
  - extended
23 24
  - deploy

25
# build {{{
26
.build: &build
27
  stage: build
28
  except:
29
    - master
30
  artifacts:
31 32 33
    when: always
    paths:
      - .local
34
      - build_ci*
35
      - build_dist/meson-dist/*.tar.xz
36 37 38 39 40
  tags:
    - docker
    - linux
    - amd64

41 42 43 44 45 46 47 48
archive:
  <<: *build
  variables:
    GIT_COMMITER_NAME: 'ci'
    EMAIL: 'ci@nic'
  script:
    - ./scripts/make-dev-archive.sh

Tomas Krizek's avatar
Tomas Krizek committed
49
build:
50
  <<: *build
Tomas Krizek's avatar
Tomas Krizek committed
51
  script:
52
    - meson build_ci --default-library=static --prefix=$PREFIX -Dwerror=true -Dpostinstall_tests=enabled
53 54
    - ninja -C build_ci
    - ninja -C build_ci install >/dev/null
Tomas Krizek's avatar
Tomas Krizek committed
55
    - ${MESON_TEST} --suite unit --suite config
56

Tomas Krizek's avatar
Tomas Krizek committed
57
build-asan:
58
  <<: *build
59
  script:
60
    - meson build_ci_asan --default-library=static --prefix=$PREFIX -Db_sanitize=address,undefined -Dpostinstall_tests=enabled
61 62
    - ninja -C build_ci_asan
    - ninja -C build_ci_asan install >/dev/null
Tomas Krizek's avatar
Tomas Krizek committed
63
    - ${MESON_TEST} --suite unit --suite config
64 65 66 67
  # TODO remove allow_failure and privileged
  allow_failure: true
  tags:
    - privileged
Tomas Krizek's avatar
Tomas Krizek committed
68 69

# NOTE: build for turris when meson is available and packaging files updated
Tomas Krizek's avatar
Tomas Krizek committed
70
#build:turris:
71
#  <<: *build
Tomas Krizek's avatar
Tomas Krizek committed
72 73 74 75 76 77 78 79 80 81 82 83 84 85
#  image: $CI_REGISTRY/knot/knot-resolver/ci/turris:omnia
#  script:
#    - ./scripts/make-archive.sh
#    - cp knot-resolver*.tar.xz /tmp/turris/dl/
#    - ./scripts/make-distrofiles.sh
#    - cp -r distro/turris /tmp/turris/package/knot-resolver
#    - pushd /tmp/turris
#    - export PATH=$PATH:$PWD/staging_dir/toolchain-*/bin
#    - USE_CCACHE=n make CC=arm-openwrt-linux-gcc CXX=arm-openwrt-linux-g++ LD=arm-openwrt-linux-ld -C $PWD V=s
#    - popd
#    - cp /tmp/turris/bin/mvebu-musl/packages/base/*.ipk ./
#  artifacts:
#    paths:
#      - "*.ipk"
86

87
kres-gen:
88 89
  <<: *build
  artifacts:
90 91 92
  tags:
    - docker
  script:
93
    - meson build_ci --prefix=$PREFIX
94 95 96
    - ninja -C build_ci lib/libkres.so.${LIBKRES_ABI}
    - ninja -C build_ci kres-gen
    - git diff --quiet || (git diff; exit 1)
97 98 99
# }}}

# test {{{
100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116
.test: &test
  stage: test
  except:
    - master
  tags:
    - docker
    - linux
    - amd64
  dependencies:
    - build  # NOTE switch to asan if build passes (where it makes sense)
  before_script:
    # meson detects changes and performs useless rebuild; hide the log
    - ninja -C build_ci* &>/dev/null
  artifacts:
    when: always
    paths:
      - build_ci*/meson-logs/testlog.txt
Tomas Krizek's avatar
Tomas Krizek committed
117
      - tmpdeckard*
118 119 120

.test_flaky: &test_flaky
  <<: *test
121 122 123 124
  retry:
    max: 1
    when:
      - script_failure
125

126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142
lint:pedantic:
  stage: test  # could be in build already, but let's not block the test stage if this fails
  dependencies: []  # do not download build artifacts
  except:
    - master
  variables:
    CFLAGS: -Werror -Wall -Wpedantic -ggdb -std=gnu11
  script:
    - make -k all
    - make clean
    - make -k all CC=clang CXX=clang++ \
        CFLAGS="$CFLAGS -Wno-newline-eof -Wno-gnu-zero-variadic-macro-arguments -Wno-gnu-folding-constant"
  tags:
    - docker
    - linux
    - amd64

Petr Špaček's avatar
Petr Špaček committed
143 144
lint:lua:
  stage: test
145
  except:
146
    - master
Petr Špaček's avatar
Petr Špaček committed
147 148
  dependencies: []  # do not download build artifacts
  script:
149 150 151 152 153 154
    - make lint-lua
  tags:
    - docker

lint:c:
  stage: test
155
  except:
156
    - master
157 158
  dependencies: []  # do not download build artifacts
  script:
159
    - make lint-c CLANG_TIDY="clang-tidy -quiet"
Petr Špaček's avatar
Petr Špaček committed
160 161 162
  tags:
    - docker

163 164
lint:clang-scan-build:
  stage: test
165
  except:
166
    - master
167 168
  dependencies: []  # do not download build artifacts
  script:
169
    - MAKEFLAGS="-k -j$(nproc)" SCAN_BUILD="scan-build -o scan-results --status-bugs -no-failure-reports" ./tests/clang_scan_build.sh make || true
170
    - test "$(ls scan-results/*/report-*.html | wc -l)" = 6 # we have this many errors ATM :-)
171 172 173 174 175 176 177 178
  artifacts:
    when: on_failure
    expire_in: '1 day'
    paths:
      - scan-results
  tags:
    - docker

Tomas Krizek's avatar
Tomas Krizek committed
179
docker:
180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195
  stage: test
  image: docker:latest
  except:
    - master
  tags:
    - dind
  dependencies: []
  variables:
    DOCKER_IMAGE_NAME: knot-resolver-test:${CI_COMMIT_SHA}
  script:
    - docker build --no-cache -t ${DOCKER_IMAGE_NAME} .
    - echo "quit()" | docker run -i ${DOCKER_IMAGE_NAME}
  after_script:  # remove dangling images to avoid running out of disk space
    - docker rmi ${DOCKER_IMAGE_NAME}
    - docker rmi $(docker images -f "dangling=true" -q)

Petr Špaček's avatar
Petr Špaček committed
196 197
doc:
  stage: test
198
  except:
199
    - master
Petr Špaček's avatar
Petr Špaček committed
200 201 202 203 204 205 206 207 208 209
  script:
    - SPHINXFLAGS="-W" make doc
  dependencies: []
  artifacts:
    expire_in: 1 hour
    paths:
      - ./doc/*
  tags:
    - docker

Tomas Krizek's avatar
Tomas Krizek committed
210
deckard:
Tomas Krizek's avatar
Tomas Krizek committed
211
  <<: *test_flaky
212 213
  variables:
    TMPDIR: $CI_PROJECT_DIR
214
  script:
Tomas Krizek's avatar
Tomas Krizek committed
215
    - ${MESON_TEST} --suite integration
216

217
test:valgrind:
218
  <<: *test
219
  script:
Tomas Krizek's avatar
Tomas Krizek committed
220
    - ${MESON_TEST} --suite unit --suite config --wrap="valgrind --leak-check=full --trace-children=yes --quiet --suppressions=/lj.supp"
221

Tomas Krizek's avatar
Tomas Krizek committed
222
build:darwin:
223 224 225 226 227 228 229 230 231
  stage: test
  except:
    - master
  script:
    - ci/travis.py ${CI_COMMIT_REF_NAME}
  dependencies: []
  tags:
    - docker

232
# temporarily disabled - we need to fix issues first
Tomas Krizek's avatar
Tomas Krizek committed
233
#deckard:valgrind:
234 235 236 237 238 239 240 241 242 243
#  stage: test
#  script:
#    # TODO: valgrind missing parameter --error-exitcode=1 to fail make on error
#    - cd tests/deckard && DAEMON=valgrind ADDITIONAL="--leak-check=full --trace-children=yes --quiet --suppressions=/lj.supp $PREFIX/sbin/kresd -f 1" MAKEFLAGS="-j $(nproc) --keep-going" make
#  artifacts:
#    when: on_failure
#    expire_in: 1 week
#    paths:
#      - tmpdeckard*
#  dependencies:
Tomas Krizek's avatar
Tomas Krizek committed
244
#    - build
245 246 247 248
#  tags:
#    - docker
#    - linux
#    - amd64
249

250 251 252 253 254 255 256 257 258 259 260 261
pytests:lint:
  stage: test
  dependencies: []
  except:
    - master
  script:
    - ./ci/pytests/lint.sh
  tags:
    - docker
    - linux
    - amd64

Tomas Krizek's avatar
Tomas Krizek committed
262
respdiff:basic:
263
  <<: *test
264 265 266 267 268 269 270
  script:
    - ulimit -n "$(ulimit -Hn)" # applies only for kresd ATM
    - ./ci/respdiff/start-resolvers.sh
    - ./ci/respdiff/run-respdiff-tests.sh udp
    - cat results/respdiff.txt
    - echo 'test if mismatch rate < 1.0 %'
    - grep -q '^target disagrees.*0\.[0-9][0-9] %' results/respdiff.txt
271
  after_script:
272 273 274 275 276 277 278 279 280 281 282 283 284 285 286
    - killall --wait kresd
  artifacts:
    when: always
    expire_in: '1 week'
    paths:
      - kresd.log.xz
      - results/*.txt
      - results/*.png
      - results/respdiff.db/data.mdb.xz
      - ./*.info
  tags:
    - docker
    - linux
    - amd64

287
.pkgbuild: &pkgbuild
288 289 290 291 292 293 294 295
  stage: test
  except:
    - master
  image: $CI_REGISTRY/knot/knot-resolver/ci/fedora
  only:  # trigger job only in repos under our control
    - branches@knot/knot-resolver
    - branches@knot/knot-resolver-security
  dependencies:
296
    - archive
297 298 299
  artifacts:
    when: always
    paths:
300
      - epel-7-x86_64/
301
      - fedora-29-x86_64/
302
      - "*.src.rpm"
303 304
  tags:
    - privileged  # mock requires additional capabilities (e.g. mount)
305

306
pkg:epel-7:
307
  <<: *pkgbuild
308
  script:
309
    - ./scripts/make-srpm.sh
310 311 312 313
    - mock --no-clean --dnf --old-chroot -r epel-7-x86_64 --rebuild *.src.rpm || (cat /var/lib/mock/epel-7-x86_64/result/build.log; false)
  after_script:
    - mv /var/lib/mock/epel-7-x86_64/result epel-7-x86_64

314 315 316 317 318 319 320
pkg:fedora-29:
  <<: *pkgbuild
  script:
    - ./scripts/make-srpm.sh
    - mock --no-clean --old-chroot -r fedora-29-x86_64 --rebuild *.src.rpm || (cat /var/lib/mock/fedora-29-x86_64/result/build.log; false)
  after_script:
    - mv /var/lib/mock/fedora-29-x86_64/result fedora-29-x86_64
321 322 323
# }}}

# extended {{{
324 325 326 327 328 329
pytests:
  <<: *test_flaky
  stage: extended  # use this stage to avoid clash with other resource-intensive jobs
  script:
    - ${MESON_TEST} --suite pytests

Tomas Krizek's avatar
Tomas Krizek committed
330
.respdiff:  &respdiff
331
  stage: extended
Tomas Krizek's avatar
Tomas Krizek committed
332
  dependencies: []
333 334 335
  only:  # trigger job only in repos under our control
    - branches@knot/knot-resolver
    - branches@knot/knot-resolver-security
336
  except:
337
    - master
Tomas Krizek's avatar
Tomas Krizek committed
338
  script:
339
    - git diff-index --name-only origin/master | grep -qEv '^(AUTHORS|ci/|config.mk|COPYING|distro/|doc/|etc/|NEWS|README.md|scripts/|tests/|\.gitignore|\.gitlab-ci\.yml|\.travis\.yml)' || test $RESPDIFF_FORCE -gt 0 || exit 0
340
    - export LABEL=gl$(date +%s)
341 342 343
    - export COMMITDIR="/var/tmp/respdiff-jobs/$(git rev-parse --short HEAD)-$LABEL"
    - export TESTDIR="$COMMITDIR/$RESPDIFF_TEST"
    - ln -s $COMMITDIR respdiff_commitdir
Tomas Krizek's avatar
Tomas Krizek committed
344 345
    - >
      sudo -u respdiff /var/opt/respdiff/contrib/job_manager/submit.py -w
346 347
      -p $RESPDIFF_PRIORITY
      -c $RESPDIFF_COUNT
Tomas Krizek's avatar
Tomas Krizek committed
348
      $(sudo -u respdiff /var/opt/respdiff/contrib/job_manager/create.py
349 350
      "$(git rev-parse --short HEAD)" -l $LABEL -t $RESPDIFF_TEST
      --respdiff-stats /var/tmp/respdiff-jobs/ref_current/*_${RESPDIFF_TEST}_stats.json)
351
    - for f in $TESTDIR/*.json; do test -s "$f" || (cat $TESTDIR/*stderr*; exit 1); done
352 353 354 355
    - sudo -u respdiff /var/opt/respdiff/contrib/job_manager/plot_ref.sh $TESTDIR/.. /var/tmp/respdiff-jobs/ref_current $RESPDIFF_TEST
  after_script:
    - 'cp -t . respdiff_commitdir/$RESPDIFF_TEST/j* ||:'
    - 'cp -t . respdiff_commitdir/*$RESPDIFF_TEST*.png ||:'
Tomas Krizek's avatar
Tomas Krizek committed
356 357 358 359 360
  artifacts:
    when: always
    expire_in: 1 week
    paths:
      - ./j*
361
      - ./*.png
Tomas Krizek's avatar
Tomas Krizek committed
362 363 364
  tags:
    - respdiff

Tomas Krizek's avatar
Tomas Krizek committed
365
fwd-tls6-kresd.udp6:
Tomas Krizek's avatar
Tomas Krizek committed
366 367
  <<: *respdiff
  variables:
368
    RESPDIFF_TEST: shortlist.fwd-tls6-kresd.udp6.j256
Tomas Krizek's avatar
Tomas Krizek committed
369

Tomas Krizek's avatar
Tomas Krizek committed
370
fwd-udp6-kresd.udp6:
Tomas Krizek's avatar
Tomas Krizek committed
371 372 373 374
  <<: *respdiff
  variables:
    RESPDIFF_TEST: shortlist.fwd-udp6-kresd.udp6.j384

Tomas Krizek's avatar
Tomas Krizek committed
375
iter.udp6:
Tomas Krizek's avatar
Tomas Krizek committed
376 377 378 379
  <<: *respdiff
  variables:
    RESPDIFF_TEST: shortlist.iter.udp6.j384

Tomas Krizek's avatar
Tomas Krizek committed
380
iter.tls6:
Tomas Krizek's avatar
Tomas Krizek committed
381 382 383 384
  <<: *respdiff
  variables:
    RESPDIFF_TEST: shortlist.iter.tls6.j384

Tomas Krizek's avatar
Tomas Krizek committed
385
fwd-udp6-unbound.udp6:
Tomas Krizek's avatar
Tomas Krizek committed
386 387
  <<: *respdiff
  variables:
Tomas Krizek's avatar
Tomas Krizek committed
388
    RESPDIFF_TEST: shortlist.fwd-udp6-unbound.udp6.j256
Tomas Krizek's avatar
Tomas Krizek committed
389

Tomas Krizek's avatar
Tomas Krizek committed
390
fwd-udp6-unbound.tcp6:
Tomas Krizek's avatar
Tomas Krizek committed
391 392
  <<: *respdiff
  variables:
Tomas Krizek's avatar
Tomas Krizek committed
393
    RESPDIFF_TEST: shortlist.fwd-udp6-unbound.tcp6.j256
Tomas Krizek's avatar
Tomas Krizek committed
394

Tomas Krizek's avatar
Tomas Krizek committed
395
fwd-udp6-unbound.tls6:
Tomas Krizek's avatar
Tomas Krizek committed
396 397
  <<: *respdiff
  variables:
Tomas Krizek's avatar
Tomas Krizek committed
398
    RESPDIFF_TEST: shortlist.fwd-udp6-unbound.tls6.j256
Tomas Krizek's avatar
Tomas Krizek committed
399

400
.resperf:  &resperf
401
  stage: extended
402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444
  dependencies: []
  only:  # trigger job only in repos under our control
    - branches@knot/knot-resolver
    - branches@knot/knot-resolver-security
  except:
    - master
  script:
    - git diff-index --name-only origin/master | grep -qEv '^(AUTHORS|ci/|config.mk|COPYING|distro/|doc/|etc/|NEWS|README.md|scripts/|tests/|\.gitignore|\.gitlab-ci\.yml|\.travis\.yml)' || test $RESPERF_FORCE -gt 0 || exit 0
    - export LABEL=gl$(date +%s)
    - export COMMITDIR="/var/tmp/respdiff-jobs/$(git rev-parse --short HEAD)-$LABEL"
    - export TESTDIR="$COMMITDIR/$RESPERF_TEST"
    - ln -s $COMMITDIR resperf_commitdir
    - >
      sudo -u respdiff /var/opt/respdiff/contrib/job_manager/submit.py -w
      $(sudo -u respdiff /var/opt/respdiff/contrib/job_manager/create.py
      "$(git rev-parse --short HEAD)" -l $LABEL --asan -t $RESPERF_TEST)
    - export EXITCODE=$(cat $TESTDIR/j*_exitcode)
    - if [[ "$EXITCODE" == "0" ]]; then cat $TESTDIR/j*_resperf.txt; else cat $TESTDIR/j*_kresd.docker.txt; fi
    - exit $EXITCODE
  after_script:
    - 'cp -t . resperf_commitdir/$RESPERF_TEST/j* ||:'
  artifacts:
    when: always
    expire_in: 1 week
    paths:
      - ./j*
  tags:
    - respdiff

resperf:fwd-tls6.udp-asan:
  <<: *resperf
  variables:
    RESPERF_TEST: resperf.fwd-tls6.udp

resperf:fwd-udp6.udp-asan:
  <<: *resperf
  variables:
    RESPERF_TEST: resperf.fwd-udp6.udp

resperf:iter.udp-asan:
  <<: *resperf
  variables:
    RESPERF_TEST: resperf.iter.udp
445
# }}}
446

447
# deploy {{{
Tomas Krizek's avatar
Tomas Krizek committed
448
pkg:obs:devel:
Tomas Krizek's avatar
Tomas Krizek committed
449 450
  stage: deploy
  only:
451 452 453 454
    variables:
      - $OBS_BUILD == "1"
    refs:
      - nightly@knot/knot-resolver
Tomas Krizek's avatar
Tomas Krizek committed
455 456
  dependencies: []
  script:
457
    - scripts/make-archive.sh
458
    - scripts/make-distrofiles.sh
459
    - echo -e "[general]\napiurl = https://api.opensuse.org\n\n[https://api.opensuse.org]\nuser = CZ-NIC-automation\npass = $OBS_PASSWORD" > /root/.oscrc
Tomas Krizek's avatar
Tomas Krizek committed
460 461
    - scripts/build-in-obs.sh knot-dns-devel  # build against latest development version of knot
    - scripts/build-in-obs.sh knot-resolver-devel  # build against knot in knot-resolver-latest
Tomas Krizek's avatar
Tomas Krizek committed
462

Tomas Krizek's avatar
Tomas Krizek committed
463
pkg:debian.symbols:
464
  stage: deploy
465
  only:  # TODO run this pre-release only
466 467 468 469 470
    variables:
      - $OBS_BUILD == "1"
    refs:
      - nightly@knot/knot-resolver
  except:
471
    - master
472 473 474
  script:
    - ln -s distro/deb debian
    - sed -i "s/__VERSION__/99/g" distro/deb/changelog
475
    - dpkg-gensymbols -c4 -elib/$LIB_NAME.so.$LIBKRES_ABI -P. -p$LIBKRES_NAME$LIBKRES_ABI
476 477
  allow_failure: true
  dependencies:
Tomas Krizek's avatar
Tomas Krizek committed
478
    - build
479

480 481 482 483 484 485 486 487 488 489 490
root.hints:
  stage: deploy
  only:
    variables:
      - $OBS_BUILD == "1"
    refs:
      - nightly@knot/knot-resolver
  allow_failure: true
  script:
    - scripts/update-root-hints.sh

491 492 493 494 495 496 497 498 499 500 501 502
# copy snapshot of current master to nightly branch for further processing
# (this is workaround for missing complex conditions for job limits in Gitlab)
nightly:copy:
  stage: deploy
  only:
    variables:
      - $CREATE_NIGHTLY == "1"
    refs:
      - master@knot/knot-resolver
  dependencies: []
  script:
    # delete nightly branch
503
    - 'curl --request PUT --header "PRIVATE-TOKEN: $GITLAB_API_TOKEN" "https://gitlab.labs.nic.cz/api/v4/projects/147/repository/branches/nightly/unprotect"'
504 505 506
    - 'curl --request DELETE --header "PRIVATE-TOKEN: $GITLAB_API_TOKEN" "https://gitlab.labs.nic.cz/api/v4/projects/147/repository/branches/nightly"'
    # recreate nightly branch from current master
    - 'curl --request POST --header "PRIVATE-TOKEN: $GITLAB_API_TOKEN" "https://gitlab.labs.nic.cz/api/v4/projects/147/repository/branches?branch=nightly&ref=master"'
507
    - 'curl --request PUT --header "PRIVATE-TOKEN: $GITLAB_API_TOKEN" "https://gitlab.labs.nic.cz/api/v4/projects/147/repository/branches/nightly/protect"'
508
# }}}