vincenzopalazzo
/
arti
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
arti/.gitlab-ci.yml

444 lines
13 KiB
YAML
Raw Permalink Blame History

stages:
- check
- build
- test
- deploy
variables:
# We don't need Husky to install the Git hooks for CI.
CARGO_HUSKY_DONT_INSTALL_HOOKS: "true"
# fs-mistrust doesn't like umask 0
FF_DISABLE_UMASK_FOR_DOCKER_EXECUTOR: "true"
default:
before_script:
# gitlab fetch strategy doesn't reset permissions
- (while [ "$PWD" != / ]; do chmod go-w . && cd ..; done)
check-editorconfig:
stage: check
image: mstruebing/editorconfig-checker
script:
- ec
shellcheck:
stage: check
image: koalaman/shellcheck-alpine
script:
- apk add git bash
- ./maint/shellcheck_all
maint-checks:
stage: check
image: debian:stable-slim
script:
- apt-get update && apt-get install -y python3-toml python-is-python3
- ./maint/check_toposort
- ./maint/add_warning --check
- ./maint/shebang
# non-blocking for now, see
# https://gitlab.torproject.org/tpo/core/arti/-/issues/581
# https://gitlab.torproject.org/tpo/core/arti/-/issues/601
doc-features:
stage: check
image: debian:stable-slim
allow_failure: true
script:
- apt-get update && apt-get install -y python3-toml python-is-python3
- ./maint/check_doc_features
# This should always be in the last testing stage, so that if it fails all the other steps still run
# But it should run before any deployument.
blocking-todos:
stage: test
image: debian:stable-slim
script:
- apt update && apt install -y git
- ./maint/check_todos
rust-checks:
# This is too slow (and the cacheing of the "cargo build" too flaky) to be a "check"
stage: build
image: rust:latest
script:
- rustup show
- rustup component add rustfmt
- ./maint/via-cargo-install-in-ci cargo-sort cargo-license
- cargo fmt -- --check
- ./maint/check_licenses
- ./maint/cargo_sort
- ./maint/check_tree
- ./maint/check_all_lockfiles
cache:
paths:
- cargo-sort
- cargo-license
cargo-audit:
# This can start to fail even when our code doesn't change.
# Usually the new advisory is not a huge concern.
# Run it last, separately, so if we think we may want to merge anyway,
# all the other tests will have been run.
stage: test
image: rust:latest
script:
- rustup show
- ./maint/via-cargo-install-in-ci cargo-audit
- ./maint/cargo_audit
cache:
paths:
- cargo-audit
rust-latest:
stage: build
image: rust:latest
script:
- rustup show
- cargo build --locked --verbose --target x86_64-unknown-linux-gnu
- cargo test --verbose --target x86_64-unknown-linux-gnu
- rustup component add clippy
- rustup show
- cargo clippy --all-features --all-targets -- --cfg ci_arti_stable -D warnings
- cargo build --verbose --release -p arti-bench --target x86_64-unknown-linux-gnu
after_script:
- ./maint/preserve target/x86_64-unknown-linux-gnu/debug/arti target/x86_64-unknown-linux-gnu/release/arti-bench
- cargo clean
artifacts:
paths:
- artifacts
expire_in: 1 hours
tags:
- amd64
rust-latest-arti-extra-features:
stage: build
image: rust:latest
script:
- rustup show
# Build the arti binary for use in chutney and shadow integration tests.
#
# Note: we enable the `experimental-api` feature instead of `experimental`,
# because we don't want to build with `rpc` enabled. The `rpc` feature causes
# the RPC listener to try to bind to a Unix domain socket, and pathname Unix
# domain sockets are not currently supported by shadow.
#
# Consider enabling the rpc feature when shadow starts supporting pathname
# addresses, or when we add a config setting for disabling rpc.
- cargo build --verbose --target x86_64-unknown-linux-gnu --bin arti --features full,experimental-api,arti-client/keymgr
after_script:
- ./maint/preserve target/x86_64-unknown-linux-gnu/debug/arti
# Save the full-featured binary under a different name to prevent it from being
# overwritten by the other jobs that preserve the arti binary.
- mv artifacts/target/x86_64-unknown-linux-gnu/debug/arti artifacts/target/x86_64-unknown-linux-gnu/debug/arti-extra
- cargo clean
artifacts:
paths:
- artifacts
expire_in: 1 hours
tags:
- amd64
rust-latest-async-std-rustls:
stage: build
image: rust:latest
script:
- rustup show
- rustup component add clippy
- cd crates/arti-client && cargo clippy --no-default-features --features=async-std,rustls
after_script:
- cargo clean
tags:
- amd64
rust-nightly:
stage: test
image: rustlang/rust:nightly
# In case there is a bug in rust:nightly, you can instead pin an older
# version of the Docker image until that bug is fixed. To find the
# SHA256 ID of the last working version of nightly, look at the logs
# from the last successful CI run. Here is an example of how to do so:
#
# image: rustlang/rust@sha256:415b7c22ab4a8a3ec3efc9cc8d7b018964f0c6757fff27bbd110e0ed92566321
allow_failure: true
script:
- rustup show
- cargo build --verbose --target x86_64-unknown-linux-gnu --all-features
- cargo test --verbose --target x86_64-unknown-linux-gnu --all-features
- rustup component add clippy
# We check these extra warnings on CI only, since we don't want to forbid them while developing.
# The --cfg allows us to write #![cfg_attr(ci_arti_nightly, allow(clippy::needless_borrow))]
# and similar, for when nightly clippy has false positives. (There is no builtin
# cfg flag for nightly, and a cargo "feature" would be bad with --all-features.)
- (echo; cat clippy-nightly.toml) >>clippy.toml
- cargo clippy --all-features --tests -- --cfg ci_arti_nightly -D clippy::dbg_macro
- RUSTDOCFLAGS="-Dwarnings --cfg docsrs" cargo doc --all-features --document-private-items --no-deps
after_script:
- cargo clean
tags:
- amd64
coverage:
stage: test
image: rust:latest
script:
- apt-get update && apt-get install -y python3-pip python3-setuptools
- pip3 install beautifulsoup4 lxml
- rustup component add llvm-tools
- ./maint/via-cargo-install-in-ci grcov
# Generate report
- ./maint/with_coverage -f cobertura -o coverage.xml cargo test --verbose --all-features
after_script:
- cargo clean
cache:
paths:
- grcov
artifacts:
reports:
coverage_report:
coverage_format: cobertura
path: coverage.xml
tags:
- amd64
minimal-versions:
stage: test
# when this reaches at least rust 1.68, we should enable crates-io sparse protocol
# (which becomes default in 1.70), to make builds faster.
image: rust:1.65
script:
- rustup install nightly
- ./maint/downgrade_dependencies
- cargo test --verbose --target x86_64-unknown-linux-gnu --all-features
after_script:
- cargo clean
tags:
- amd64
build-repro:
rules:
- if: $CI_PIPELINE_SOURCE == "schedule"
- if: $CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_TAG != null
stage: build
# If you upgrade this image, also change the one in docker_reproducible_build
image: rust:1.68.2-alpine3.17
script:
- apk add bash
- ./maint/reproducible_build linux windows macos
# no after_script:, we don't build in the project dir
artifacts:
paths:
- arti-linux
- arti-windows.exe
- arti-macos
expire_in: 1 day
cache:
paths:
- osxcross/target
tags:
- tpa
- amd64
integration-chutney:
stage: test
rules:
# Job never runs. See arti#810.
- when: never
# we use debian 11 as this is currently what rust:latest uses. When rust:latest gets updated,
# this should be changed to stable (and possibly shadow too).
image: debian:11-slim
script:
- ./maint/preserve -u
- apt update
- apt install -y tor git python3 curl dnsutils
- ./tests/chutney/setup proxy
- ./tests/chutney/test
- ./tests/chutney/stop-arti
- RUST_LOG=debug target/x86_64-unknown-linux-gnu/release/arti-bench -c ./chutney/net/nodes/arti.toml --socks5 127.0.0.1:9008 -o benchmark_results.json
- ./tests/chutney/teardown
artifacts:
paths:
- benchmark_results.json
tags:
- amd64
integration-shadow:
variables:
JOB_SHADOW_REPO: "https://github.com/shadow/shadow.git"
JOB_SHADOW_BRANCH: "main"
JOB_SHADOW_COMMIT: "v3.0.0"
JOB_TGEN_REPO: "https://github.com/shadow/tgen.git"
JOB_TGEN_BRANCH: "main"
JOB_TGEN_COMMIT: "30c95bbe723ebe5e4d068adfd975b094e00dbe10"
stage: test
cache:
- key: $CI_JOB_NAME-shadow-$JOB_SHADOW_COMMIT
paths:
- opt/shadow
- key: $CI_JOB_NAME-tgen-$JOB_TGEN_COMMIT
paths:
- opt/tgen
image: debian:11-slim
script:
- ./maint/preserve -u
- ./maint/ci_log_span start "shadow_install_deps[collapsed=true]" "Installing shadow and tgen"
# We're going to install binaries to $HOME/.local/bin
- 'export PATH=$HOME/.local/bin:$PATH'
- apt-get update
- apt-get install -y git tor stow
- mkdir -p ~/src
- mkdir -p ~/.local
# Build shadow
- |
if [ -f opt/shadow/bin/shadow ]
then
echo "Using shadow binary from cache"
else
echo "Building shadow"
git clone --shallow-since=2021-08-01 -b $JOB_SHADOW_BRANCH $JOB_SHADOW_REPO ~/src/shadow
pushd ~/src/shadow
git checkout $JOB_SHADOW_COMMIT
export CC=gcc CXX=g++ CONTAINER=debian:11-slim BUILDTYPE=release RUSTPROFILE=minimal
ci/container_scripts/install_deps.sh
ci/container_scripts/install_extra_deps.sh
export PATH="$HOME/.cargo/bin:${PATH}"
./setup build --jobs $(nproc) --prefix $CI_PROJECT_DIR/opt/shadow
./setup install
popd
fi
- apt-get install -y libglib2.0-0
- stow -d opt -t $HOME/.local shadow
# Build tgen
- |
if [ -f opt/tgen/bin/tgen ]
then
echo "Using tgen binary from cache"
else
echo "Building tgen"
git clone --shallow-since=2022-01-01 -b $JOB_TGEN_BRANCH $JOB_TGEN_REPO ~/src/tgen
pushd ~/src/tgen
git checkout $JOB_TGEN_COMMIT
apt-get install -y cmake gcc libglib2.0-0 libglib2.0-dev libigraph-dev make
mkdir build
cd build
cmake .. -DCMAKE_INSTALL_PREFIX=$CI_PROJECT_DIR/opt/tgen
make --jobs $(nproc)
make install
popd
fi
- apt-get install -y libigraph1 libglib2.0-0
- stow -d opt -t $HOME/.local tgen
# Ensure newly installed executables can be found
- hash -r
- DEBIAN_FRONTEND=noninteractive apt-get install -y tshark
- ./maint/ci_log_span end "shadow_install_deps"
# Run tests
- pushd tests/shadow
- ./run.sh
artifacts:
paths:
- tests/shadow
when: always
expire_in: 1 week
tags:
- amd64
- tpa
rust-latest-test-all-features:
stage: test
image: rust:latest
script:
- rustup show
- cargo test --target x86_64-unknown-linux-gnu --locked --workspace --all-features
after_script:
- ./maint/preserve target/x86_64-unknown-linux-gnu/debug/arti target/x86_64-unknown-linux-gnu/release/arti-bench
- cargo clean
artifacts:
paths:
- artifacts
expire_in: 1 hours
tags:
- amd64
every-crate:
stage: test
image: rust:latest
needs: ["rust-checks", "rust-latest-async-std-rustls"]
script:
- apt-get update && apt-get install -y python3-toml python-is-python3
- ./maint/every-crate
matrix-test:
stage: test
image: rust:latest
needs: ["rust-checks", "rust-latest-async-std-rustls"]
script:
- apt-get update && apt-get install -y python3-toml python-is-python3
- ./maint/matrix_test
matrix-test-cfg:
stage: test
image: rust:latest
script:
- ./maint/matrix_test_cfg
coverage-aggregated:
rules:
- if: $CI_PIPELINE_SOURCE == "schedule"
stage: test
image: rust:latest
needs: []
script:
- apt update && apt install -y tor python3 python3-pip python3-setuptools curl
# install deps for report generation
- pip3 install beautifulsoup4 lxml
- rustup component add llvm-tools
- cp grcov $CARGO_HOME/bin/ || cargo install grcov
- cp $CARGO_HOME/bin/grcov .
# Generate report
- ./maint/coverage all
after_script:
- cargo clean
cache:
paths:
- grcov
artifacts:
paths:
- coverage
tags:
- amd64
check-targets:
rules:
- if: $CI_PIPELINE_SOURCE == "schedule"
stage: test
image: rust:latest
script:
- ./maint/cargo_check_target -il
after_script:
- cargo clean
pages:
rules:
- if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_REF_NAME == "main"
stage: deploy
image: debian:stable-slim
script:
- apt update && apt install -y git
# Export report as website, while keeping the existing public page
- git fetch
- git checkout origin/pages -- public/
- mv coverage public/
artifacts:
paths:
- public
Reference in New Issue View Git Blame Copy Permalink