409 lines
11 KiB
YAML
409 lines
11 KiB
YAML
stages:
|
|
- check
|
|
- build
|
|
- test
|
|
- deploy
|
|
|
|
variables:
|
|
# We don't need Husky to install the Git hooks for CI.
|
|
CARGO_HUSKY_DONT_INSTALL_HOOKS: "true"
|
|
# fs-mistrust doesn't like umask 0
|
|
FF_DISABLE_UMASK_FOR_DOCKER_EXECUTOR: "true"
|
|
|
|
default:
|
|
before_script:
|
|
# gitlab fetch strategy doesn't reset permissions
|
|
- (while [ "$PWD" != / ]; do chmod go-w . && cd ..; done)
|
|
|
|
check-editorconfig:
|
|
stage: check
|
|
image: mstruebing/editorconfig-checker
|
|
script:
|
|
- ec
|
|
|
|
shellcheck:
|
|
stage: check
|
|
image: koalaman/shellcheck-alpine
|
|
script:
|
|
- apk add git bash
|
|
- ./maint/shellcheck_all
|
|
|
|
maint-checks:
|
|
stage: check
|
|
image: debian:stable-slim
|
|
script:
|
|
- apt-get update && apt-get install -y python3-toml python-is-python3 git
|
|
- ./maint/check_toposort
|
|
- ./maint/add_warning --check
|
|
|
|
# non-blocking for now, see
|
|
# https://gitlab.torproject.org/tpo/core/arti/-/issues/581
|
|
# https://gitlab.torproject.org/tpo/core/arti/-/issues/601
|
|
doc-features:
|
|
stage: check
|
|
image: debian:stable-slim
|
|
allow_failure: true
|
|
script:
|
|
- apt-get update && apt-get install -y python3-toml python-is-python3
|
|
- ./maint/check_doc_features
|
|
- ./maint/shebang
|
|
|
|
# This should always be in the last testing stage, so that if it fails all the other steps still run
|
|
# But it should run before any deployument.
|
|
blocking-todos:
|
|
stage: test
|
|
image: debian:stable-slim
|
|
script:
|
|
- apt update && apt install -y git
|
|
- ./maint/check_todos
|
|
|
|
rust-checks:
|
|
# This is too slow (and the cacheing of the "cargo build" too flaky) to be a "check"
|
|
stage: build
|
|
image: rust:latest
|
|
script:
|
|
- rustup show
|
|
- rustup component add rustfmt
|
|
- ./maint/via-cargo-install-in-ci cargo-sort cargo-license
|
|
- cargo fmt -- --check
|
|
- ./maint/check_licenses
|
|
- ./maint/cargo_sort
|
|
- ./maint/check_tree
|
|
cache:
|
|
paths:
|
|
- cargo-sort
|
|
- cargo-license
|
|
|
|
cargo-audit:
|
|
# This can start to fail even when our code doesn't change.
|
|
# Usually the new advisory is not a huge concern.
|
|
# Run it last, separately, so if we think we may want to merge anyway,
|
|
# all the other tests will have been run.
|
|
stage: test
|
|
image: rust:latest
|
|
script:
|
|
- rustup show
|
|
- ./maint/via-cargo-install-in-ci cargo-audit
|
|
- ./maint/cargo_audit
|
|
cache:
|
|
paths:
|
|
- cargo-audit
|
|
|
|
rust-latest:
|
|
stage: build
|
|
image: rust:latest
|
|
script:
|
|
- rustup show
|
|
- cargo build --locked --verbose --target x86_64-unknown-linux-gnu
|
|
- cargo test --verbose --target x86_64-unknown-linux-gnu
|
|
- rustup component add clippy
|
|
- rustup show
|
|
- cargo clippy --all-features --all-targets -- --cfg ci_arti_stable -D warnings
|
|
- cargo build --verbose --release -p arti-bench --target x86_64-unknown-linux-gnu
|
|
after_script:
|
|
- ./maint/preserve target/x86_64-unknown-linux-gnu/debug/arti target/x86_64-unknown-linux-gnu/release/arti-bench
|
|
- cargo clean
|
|
artifacts:
|
|
paths:
|
|
- artifacts
|
|
expire_in: 1 hours
|
|
tags:
|
|
- amd64
|
|
|
|
rust-latest-async-std-rustls:
|
|
stage: build
|
|
image: rust:latest
|
|
script:
|
|
- rustup show
|
|
- rustup component add clippy
|
|
- cd crates/arti-client && cargo clippy --no-default-features --features=async-std,rustls
|
|
after_script:
|
|
- cargo clean
|
|
tags:
|
|
- amd64
|
|
|
|
rust-nightly:
|
|
stage: test
|
|
image: rustlang/rust:nightly
|
|
# In case there is a bug in rust:nightly, you can instead pin an older
|
|
# version of the Docker image until that bug is fixed. To find the
|
|
# SHA256 ID of the last working version of nightly, look at the logs
|
|
# from the last successful CI run. Here is an example of how to do so:
|
|
#
|
|
# image: rustlang/rust@sha256:415b7c22ab4a8a3ec3efc9cc8d7b018964f0c6757fff27bbd110e0ed92566321
|
|
allow_failure: true
|
|
script:
|
|
- rustup show
|
|
- cargo build --verbose --target x86_64-unknown-linux-gnu --all-features
|
|
- cargo test --verbose --target x86_64-unknown-linux-gnu --all-features
|
|
- rustup component add clippy
|
|
# We check these extra warnings on CI only, since we don't want to forbid them while developing.
|
|
|
|
# The --cfg allows us to write #![cfg_attr(ci_arti_nightly, allow(clippy::needless_borrow))]
|
|
# and similar, for when nightly clippy has false positives. (There is no builtin
|
|
# cfg flag for nightly, and a cargo "feature" would be bad with --all-features.)
|
|
- (echo; cat clippy-nightly.toml) >>clippy.toml
|
|
- cargo clippy --all-features --tests -- --cfg ci_arti_nightly -D clippy::dbg_macro
|
|
- RUSTDOCFLAGS="-Dwarnings --cfg docsrs" cargo doc --all-features --document-private-items --no-deps
|
|
after_script:
|
|
- cargo clean
|
|
tags:
|
|
- amd64
|
|
|
|
coverage:
|
|
stage: test
|
|
image: rust:latest
|
|
script:
|
|
- apt-get update && apt-get install -y python3-pip python3-setuptools
|
|
- pip3 install beautifulsoup4 lxml
|
|
- rustup component add llvm-tools
|
|
- ./maint/via-cargo-install-in-ci grcov
|
|
# Generate report
|
|
- ./maint/with_coverage -f cobertura -o coverage.xml cargo test --verbose --all-features
|
|
after_script:
|
|
- cargo clean
|
|
cache:
|
|
paths:
|
|
- grcov
|
|
artifacts:
|
|
reports:
|
|
coverage_report:
|
|
coverage_format: cobertura
|
|
path: coverage.xml
|
|
tags:
|
|
- amd64
|
|
|
|
minimal-versions:
|
|
stage: test
|
|
image: rust:1.65
|
|
script:
|
|
- rustup install nightly
|
|
- ./maint/downgrade_dependencies
|
|
- cargo build --verbose --target x86_64-unknown-linux-gnu --all-features
|
|
- cargo test --verbose --target x86_64-unknown-linux-gnu --all-features
|
|
after_script:
|
|
- cargo clean
|
|
tags:
|
|
- amd64
|
|
|
|
build-repro:
|
|
rules:
|
|
- if: $CI_PIPELINE_SOURCE == "schedule"
|
|
- if: $CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_TAG != null
|
|
stage: build
|
|
# If you upgrade this image, also change the one in docker_reproducible_build
|
|
image: rust:1.68.2-alpine3.17
|
|
script:
|
|
- apk add bash
|
|
- ./maint/reproducible_build linux windows macos
|
|
# no after_script:, we don't build in the project dir
|
|
artifacts:
|
|
paths:
|
|
- arti-linux
|
|
- arti-windows.exe
|
|
- arti-macos
|
|
expire_in: 1 day
|
|
cache:
|
|
paths:
|
|
- osxcross/target
|
|
tags:
|
|
- tpa
|
|
- amd64
|
|
|
|
integration-chutney:
|
|
stage: test
|
|
image: debian:stable-slim
|
|
allow_failure: true
|
|
script:
|
|
- ./maint/preserve -u
|
|
- apt update
|
|
- apt install -y tor git python3 curl dnsutils
|
|
- ./tests/chutney/setup proxy
|
|
- ./tests/chutney/test
|
|
- ./tests/chutney/stop-arti
|
|
- RUST_LOG=debug target/x86_64-unknown-linux-gnu/release/arti-bench -c ./chutney/net/nodes/arti.toml --socks5 127.0.0.1:9008 -o benchmark_results.json
|
|
- ./tests/chutney/teardown
|
|
artifacts:
|
|
paths:
|
|
- benchmark_results.json
|
|
tags:
|
|
- amd64
|
|
|
|
integration-shadow:
|
|
variables:
|
|
JOB_SHADOW_REPO: "https://github.com/shadow/shadow.git"
|
|
JOB_SHADOW_BRANCH: "main"
|
|
JOB_SHADOW_COMMIT: "v3.0.0"
|
|
|
|
JOB_TGEN_REPO: "https://github.com/shadow/tgen.git"
|
|
JOB_TGEN_BRANCH: "main"
|
|
JOB_TGEN_COMMIT: "30c95bbe723ebe5e4d068adfd975b094e00dbe10"
|
|
stage: test
|
|
cache:
|
|
- key: $CI_JOB_NAME-shadow-$JOB_SHADOW_COMMIT
|
|
paths:
|
|
- opt/shadow
|
|
- key: $CI_JOB_NAME-tgen-$JOB_TGEN_COMMIT
|
|
paths:
|
|
- opt/tgen
|
|
image: debian:11-slim
|
|
script:
|
|
- ./maint/preserve -u
|
|
- ./maint/ci_log_span start "shadow_install_deps[collapsed=true]" "Installing shadow and tgen"
|
|
# We're going to install binaries to $HOME/.local/bin
|
|
- 'export PATH=$HOME/.local/bin:$PATH'
|
|
|
|
- apt-get update
|
|
- apt-get install -y git tor stow
|
|
- mkdir -p ~/src
|
|
- mkdir -p ~/.local
|
|
|
|
# Build shadow
|
|
- |
|
|
if [ -f opt/shadow/bin/shadow ]
|
|
then
|
|
echo "Using shadow binary from cache"
|
|
else
|
|
echo "Building shadow"
|
|
git clone --shallow-since=2021-08-01 -b $JOB_SHADOW_BRANCH $JOB_SHADOW_REPO ~/src/shadow
|
|
pushd ~/src/shadow
|
|
git checkout $JOB_SHADOW_COMMIT
|
|
export CC=gcc CXX=g++ CONTAINER=debian:11-slim BUILDTYPE=release RUSTPROFILE=minimal
|
|
ci/container_scripts/install_deps.sh
|
|
ci/container_scripts/install_extra_deps.sh
|
|
export PATH="$HOME/.cargo/bin:${PATH}"
|
|
./setup build --jobs $(nproc) --prefix $CI_PROJECT_DIR/opt/shadow
|
|
./setup install
|
|
popd
|
|
fi
|
|
- apt-get install -y libglib2.0-0
|
|
- stow -d opt -t $HOME/.local shadow
|
|
|
|
# Build tgen
|
|
- |
|
|
if [ -f opt/tgen/bin/tgen ]
|
|
then
|
|
echo "Using tgen binary from cache"
|
|
else
|
|
echo "Building tgen"
|
|
git clone --shallow-since=2022-01-01 -b $JOB_TGEN_BRANCH $JOB_TGEN_REPO ~/src/tgen
|
|
pushd ~/src/tgen
|
|
git checkout $JOB_TGEN_COMMIT
|
|
apt-get install -y cmake gcc libglib2.0-0 libglib2.0-dev libigraph-dev make
|
|
mkdir build
|
|
cd build
|
|
cmake .. -DCMAKE_INSTALL_PREFIX=$CI_PROJECT_DIR/opt/tgen
|
|
make --jobs $(nproc)
|
|
make install
|
|
popd
|
|
fi
|
|
- apt-get install -y libigraph1 libglib2.0-0
|
|
- stow -d opt -t $HOME/.local tgen
|
|
|
|
# Ensure newly installed executables can be found
|
|
- hash -r
|
|
|
|
- DEBIAN_FRONTEND=noninteractive apt-get install -y tshark
|
|
- ./maint/ci_log_span end "shadow_install_deps"
|
|
|
|
# Run tests
|
|
- pushd tests/shadow
|
|
- ./run.sh
|
|
artifacts:
|
|
paths:
|
|
- tests/shadow
|
|
when: always
|
|
expire_in: 1 week
|
|
tags:
|
|
- amd64
|
|
- tpa
|
|
|
|
rust-latest-test-all-features:
|
|
stage: test
|
|
image: rust:latest
|
|
script:
|
|
- rustup show
|
|
- cargo build --target x86_64-unknown-linux-gnu --locked --workspace --all-features --all-targets
|
|
- cargo test --target x86_64-unknown-linux-gnu --locked --workspace --all-features
|
|
after_script:
|
|
- ./maint/preserve target/x86_64-unknown-linux-gnu/debug/arti target/x86_64-unknown-linux-gnu/release/arti-bench
|
|
- cargo clean
|
|
artifacts:
|
|
paths:
|
|
- artifacts
|
|
expire_in: 1 hours
|
|
tags:
|
|
- amd64
|
|
|
|
every-crate:
|
|
stage: test
|
|
image: rust:latest
|
|
script:
|
|
- apt-get update && apt-get install -y python3-toml python-is-python3
|
|
- ./maint/every-crate
|
|
|
|
matrix-test:
|
|
stage: test
|
|
image: rust:latest
|
|
script:
|
|
- apt-get update && apt-get install -y python3-toml python-is-python3
|
|
- ./maint/matrix_test
|
|
|
|
matrix-test-cfg:
|
|
stage: test
|
|
image: rust:latest
|
|
script:
|
|
- ./maint/matrix_test_cfg
|
|
|
|
|
|
coverage-aggregated:
|
|
rules:
|
|
- if: $CI_PIPELINE_SOURCE == "schedule"
|
|
stage: test
|
|
image: rust:latest
|
|
needs: []
|
|
script:
|
|
- apt update && apt install -y tor python3 python3-pip python3-setuptools curl
|
|
# install deps for report generation
|
|
- pip3 install beautifulsoup4 lxml
|
|
- rustup component add llvm-tools
|
|
- cp grcov $CARGO_HOME/bin/ || cargo install grcov
|
|
- cp $CARGO_HOME/bin/grcov .
|
|
# Generate report
|
|
- ./maint/coverage all
|
|
after_script:
|
|
- cargo clean
|
|
cache:
|
|
paths:
|
|
- grcov
|
|
artifacts:
|
|
paths:
|
|
- coverage
|
|
tags:
|
|
- amd64
|
|
|
|
check-targets:
|
|
rules:
|
|
- if: $CI_PIPELINE_SOURCE == "schedule"
|
|
stage: test
|
|
image: rust:latest
|
|
script:
|
|
- ./maint/cargo_check_target -il
|
|
after_script:
|
|
- cargo clean
|
|
|
|
pages:
|
|
rules:
|
|
- if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_REF_NAME == "main"
|
|
stage: deploy
|
|
image: debian:stable-slim
|
|
script:
|
|
- apt update && apt install -y git
|
|
# Export report as website, while keeping the existing public page
|
|
- git fetch
|
|
- git checkout origin/pages -- public/
|
|
- mv coverage public/
|
|
artifacts:
|
|
paths:
|
|
- public
|