stages: - check - build - test - deploy variables: # We don't need Husky to install the Git hooks for CI. CARGO_HUSKY_DONT_INSTALL_HOOKS: "true" # fs-mistrust doesn't like umask 0 FF_DISABLE_UMASK_FOR_DOCKER_EXECUTOR: "true" default: before_script: # gitlab fetch strategy doesn't reset permissions - (while [ "$PWD" != / ]; do chmod go-w . && cd ..; done) after_script: # In every case, if we have a working `cargo` we should clean up # our target directory before we exit. (Leaving big hunks of data # on the builders make our admins sad.) - if command -v cargo && test -d ./target; then cargo clean; fi check-editorconfig: stage: check image: mstruebing/editorconfig-checker script: - ec shellcheck: stage: check image: koalaman/shellcheck-alpine script: - apk add git bash - ./maint/shellcheck_all python3-mypy: stage: check image: debian:bookworm-slim script: - apt-get update && apt-get install -y mypy - mypy --strict maint/update-md-links maint-checks: stage: check image: debian:bookworm-slim script: - apt-get update && apt-get install -y python3-toml python-is-python3 - ./maint/check_toposort - ./maint/add_warning --check - ./maint/shebang - ./maint/forbid-script-extensions maint-check-changelog: stage: test image: debian:bookworm-slim script: - apt-get update && apt-get install -y python3-mistune git - git fetch --unshallow $ORIGIN - ./maint/update-md-links --check CHANGELOG.md # non-blocking for now, see # https://gitlab.torproject.org/tpo/core/arti/-/issues/581 # https://gitlab.torproject.org/tpo/core/arti/-/issues/601 doc-features: stage: check image: debian:bookworm-slim allow_failure: true script: - apt-get update && apt-get install -y python3-toml python-is-python3 - ./maint/check_doc_features # This should always be in the last testing stage, so that if it fails all the other steps still run # But it should run before any deployument. blocking-todos: stage: test needs: [] image: debian:bookworm-slim script: - apt update && apt install -y git - ./maint/check_todos rust-checks: # This is too slow (and the cacheing of the "cargo build" too flaky) to be a "check" stage: build image: rust:bookworm script: - rustup show - rustup component add rustfmt - ./maint/via-cargo-install-in-ci cargo-sort cargo-license - cargo fmt -- --check - ./maint/check_licenses - ./maint/cargo_sort - ./maint/check_tree - ./maint/check_all_lockfiles cache: paths: - cache cargo-audit: # This can start to fail even when our code doesn't change. # Usually the new advisory is not a huge concern. # Run it last, separately, so if we think we may want to merge anyway, # all the other tests will have been run. stage: test image: rust:bookworm script: - rustup show - ./maint/via-cargo-install-in-ci cargo-audit - ./maint/cargo_audit cache: paths: - cache rust-latest: stage: build image: rust:bookworm script: - rustup show - cargo check --locked --verbose --target x86_64-unknown-linux-gnu - cargo test --verbose --target x86_64-unknown-linux-gnu - rustup component add clippy - rustup show - ./maint/add_warning --ci-stable - cargo clippy --all-features --all-targets -- -D warnings - cargo build --verbose --release -p arti-bench --target x86_64-unknown-linux-gnu - cargo build --locked --verbose --target x86_64-unknown-linux-gnu -p arti - ./maint/preserve target/x86_64-unknown-linux-gnu/debug/arti target/x86_64-unknown-linux-gnu/release/arti-bench artifacts: paths: - artifacts expire_in: 1 hours rust-latest-arti-extra-features: stage: build image: rust:bookworm script: - rustup show # Build the arti binary for use in chutney and shadow integration tests. # # Note: we enable the `experimental-api` feature instead of `experimental`, # because we don't want to build with `rpc` enabled. The `rpc` feature causes # the RPC listener to try to bind to a Unix domain socket, and pathname Unix # domain sockets are not currently supported by shadow. # # Consider enabling the rpc feature when shadow starts supporting pathname # addresses, or when we add a config setting for disabling rpc. # # Note: `-p arti` is *not* already implied by `--bin arti`. If we omit it, # we'll get the union of all features needed by anything in the workspace, # including examples. - cargo build --verbose --target x86_64-unknown-linux-gnu -p arti -p tor-circmgr --bin arti --features full,experimental-api,arti-client/keymgr,tor-circmgr/ntor_v3,onion-service-service,vanguards - ./maint/preserve target/x86_64-unknown-linux-gnu/debug/arti # Save the full-featured binary under a different name to prevent it from being # overwritten by the other jobs that preserve the arti binary. - mv artifacts/target/x86_64-unknown-linux-gnu/debug/arti artifacts/target/x86_64-unknown-linux-gnu/debug/arti-extra artifacts: paths: - artifacts expire_in: 1 hours rust-latest-async-std-rustls: stage: build image: rust:bookworm script: - rustup show - rustup component add clippy - cd crates/arti-client && cargo clippy --no-default-features --features=async-std,rustls rust-nightly: stage: test image: rustlang/rust:nightly # In case there is a bug in rust:nightly, you can instead pin an older # version of the Docker image until that bug is fixed. To find the # SHA256 ID of the last working version of nightly, look at the logs # from the last successful CI run. Here is an example of how to do so: # # image: rustlang/rust@sha256:415b7c22ab4a8a3ec3efc9cc8d7b018964f0c6757fff27bbd110e0ed92566321 allow_failure: true script: - rustup show - cargo build --verbose --target x86_64-unknown-linux-gnu --all-features - cargo test --verbose --target x86_64-unknown-linux-gnu --all-features - rustup component add clippy # We check these extra warnings on CI only, since we don't want to forbid them while developing. - (echo; cat clippy-nightly.toml) >>clippy.toml - ./maint/add_warning --ci-nightly - cargo clippy --all-features --tests -- -D clippy::dbg_macro - RUSTDOCFLAGS="-Dwarnings --cfg docsrs" cargo doc --all-features --document-private-items --no-deps coverage: rules: - if: $CI_PIPELINE_SOURCE == "schedule" stage: test image: rust:bookworm script: - apt-get update && apt-get install -y python3-pip python3-setuptools python3-bs4 python3-lxml - rustup component add llvm-tools - ./maint/via-cargo-install-in-ci grcov # Generate report - ./maint/with_coverage -f cobertura -o coverage.xml cargo test --verbose --all-features cache: paths: - cache artifacts: reports: coverage_report: coverage_format: cobertura path: coverage.xml tags: - tpa minimal-versions: stage: test image: rust:1.70 needs: ["rust-checks"] script: - rustup install nightly - ./maint/downgrade_dependencies - cargo test --verbose --target x86_64-unknown-linux-gnu --all-features build-repro: rules: - if: $CI_PIPELINE_SOURCE == "schedule" - if: $CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_TAG != null stage: build # If you upgrade this image, also change the one in docker_reproducible_build image: rust:1.76.0-alpine3.18 script: - apk add bash - ./maint/reproducible_build linux windows macos # no after_script:, we don't build in the project dir # TODO #1410: Maybe there is something we _can_ remove though? artifacts: paths: - arti-linux - arti-windows.exe - arti-macos expire_in: 1 day cache: paths: - osxcross/target tags: - tpa - amd64 integration-chutney: stage: test rules: # Job never runs. See arti#810. - when: never image: debian:12-slim script: - ./maint/preserve -u - apt update - apt install -y tor git python3 curl dnsutils # arti runtime dependencies - apt install -y libsqlite3-0 libssl3 - ./tests/chutney/setup proxy - ./tests/chutney/test - ./tests/chutney/stop-arti - RUST_LOG=debug target/x86_64-unknown-linux-gnu/release/arti-bench -c ./chutney/net/nodes/arti.toml --socks5 127.0.0.1:9008 -o benchmark_results.json - ./tests/chutney/teardown artifacts: paths: - benchmark_results.json integration-shadow: variables: JOB_SHADOW_REPO: "https://github.com/shadow/shadow.git" JOB_SHADOW_BRANCH: "main" JOB_SHADOW_COMMIT: "v3.1.0" JOB_TGEN_REPO: "https://github.com/shadow/tgen.git" JOB_TGEN_BRANCH: "main" JOB_TGEN_COMMIT: "v1.1.2" stage: test cache: - key: $CI_JOB_NAME-shadow-$JOB_SHADOW_COMMIT paths: - opt/shadow - key: $CI_JOB_NAME-tgen-$JOB_TGEN_COMMIT paths: - opt/tgen image: debian:12-slim script: - ./maint/preserve -u - ./maint/ci_log_span start "shadow_install_deps[collapsed=true]" "Installing shadow and tgen" # We're going to install binaries to $HOME/.local/bin - 'export PATH=$HOME/.local/bin:$PATH' - apt-get update - apt-get install -y git tor stow - mkdir -p ~/src - mkdir -p ~/.local # arti runtime dependencies - apt install -y libsqlite3-0 libssl3 # Build shadow - | if [ -f opt/shadow/bin/shadow ] then echo "Using shadow binary from cache" else echo "Building shadow" git clone --shallow-since=2021-08-01 -b $JOB_SHADOW_BRANCH $JOB_SHADOW_REPO ~/src/shadow pushd ~/src/shadow git checkout $JOB_SHADOW_COMMIT export CC=gcc CXX=g++ CONTAINER=debian:12-slim BUILDTYPE=release RUSTPROFILE=minimal ci/container_scripts/install_deps.sh ci/container_scripts/install_extra_deps.sh export PATH="$HOME/.cargo/bin:${PATH}" ./setup build --jobs $(nproc) --prefix $CI_PROJECT_DIR/opt/shadow ./setup install popd fi - apt-get install -y libglib2.0-0 - stow -d opt -t $HOME/.local shadow # Build tgen - | if [ -f opt/tgen/bin/tgen ] then echo "Using tgen binary from cache" else echo "Building tgen" git clone --shallow-since=2022-01-01 -b $JOB_TGEN_BRANCH $JOB_TGEN_REPO ~/src/tgen pushd ~/src/tgen git checkout $JOB_TGEN_COMMIT apt-get install -y cmake gcc libglib2.0-0 libglib2.0-dev libigraph-dev make mkdir build cd build cmake .. -DCMAKE_INSTALL_PREFIX=$CI_PROJECT_DIR/opt/tgen make --jobs $(nproc) make install popd fi - apt-get install -y libigraph3 libglib2.0-0 - stow -d opt -t $HOME/.local tgen # Ensure newly installed executables can be found - hash -r - DEBIAN_FRONTEND=noninteractive apt-get install -y tshark - ./maint/ci_log_span end "shadow_install_deps" # Run tests - pushd tests/shadow - ./run artifacts: paths: - tests/shadow when: always expire_in: 1 week tags: - amd64 - tpa rust-latest-test-all-features: stage: test image: rust:bookworm script: - rustup show - cargo test --target x86_64-unknown-linux-gnu --locked --workspace --all-features every-crate: stage: test image: rust:bookworm needs: ["rust-checks", "rust-latest-async-std-rustls"] script: - apt-get update && apt-get install -y python3-toml python-is-python3 - ./maint/every-crate matrix-test: stage: test image: rust:bookworm needs: ["rust-checks", "rust-latest-async-std-rustls"] script: - apt-get update && apt-get install -y python3-toml python-is-python3 - ./maint/matrix_test matrix-test-cfg: stage: test image: rust:bookworm script: - ./maint/matrix_test_cfg cli-help: stage: test image: rust:bookworm script: - ./maint/check-cli-help coverage-aggregated: rules: - if: $CI_PIPELINE_SOURCE == "schedule" stage: test image: rust:bookworm needs: [] script: - apt update && apt install -y tor python3 python3-pip python3-setuptools curl python3-bs4 python3-lxml - rustup component add llvm-tools - cp grcov $CARGO_HOME/bin/ || cargo install grcov - cp $CARGO_HOME/bin/grcov . # Generate report - ./maint/coverage unit cache: paths: - cache artifacts: paths: - coverage tags: - ipv6 check-targets: rules: - if: $CI_PIPELINE_SOURCE == "schedule" stage: test image: rust:bookworm script: - ./maint/cargo_check_target -il pages: rules: - if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_REF_NAME == "main" stage: deploy image: debian:bookworm-slim script: - apt update && apt install -y git # Export report as website, while keeping the existing public page - git fetch - git checkout origin/pages -- public/ - mv coverage public/ artifacts: paths: - public