#### # DO NOT EDIT THIS FILE IN MASTER. ONLY EDIT IT IN THE OLDEST SUPPORTED # BRANCH, THEN MERGE FORWARD. #### # This file controls how gitlab validates Tor commits and merge requests. # # It is primarily based on a set of scripts and configurations by # Hans-Christoph Steiner. It only copies parts of those scripts and # configurations for now. If you want a new piece of functionality # (more debians, more fedoras, android support) then you shouldn't # start from scratch: have a look at the original ticket, at # https://gitlab.torproject.org/tpo/core/tor/-/issues/32193 ! # # The file to copy from is # https://gitlab.torproject.org/tpo/core/tor/-/merge_requests/96/diffs#diff-content-587d266bb27a4dc3022bbed44dfa19849df3044c # # Having said that, if there is anything really stupid here, don't # blame it on Hans-Christoph! Tor probably added it on their own. # # Copyright 2020, The Tor Project, Inc. # See LICENSE for licence information. # These variables are set everywhere, unconditionally. variables: TERM: "ansi" DEBUG_CI: "yes" # This template is for exporting ephemeral things from the scripts. By # convention we expect our scripts to copy stuff into artifacts/, rather than # having a big list of files that be treated as artifacts. .artifacts-template: &artifacts-template artifacts: name: "${CI_PROJECT_PATH}_${CI_JOB_STAGE}_${CI_COMMIT_REF_NAME}_${CI_COMMIT_SHA}" expire_in: 1 week when: always paths: - artifacts/ # This template is used for x86-64 builds. .x86-64-template: &x86-64-template tags: - amd64 - physical # This template should be usable on any system that's based on apt. .apt-template: &apt-template | export LC_ALL=C.UTF-8 echo Etc/UTC > /etc/timezone mkdir -p apt-cache export APT_CACHE_DIR="$(pwd)/apt-cache" rm -f /etc/apt/apt.conf.d/docker-clean echo 'quiet "1";' \ 'Acquire::Retries "20";' \ 'APT::Install-Recommends "0";' \ 'APT::Install-Suggests "0";' \ 'APT::Get::Assume-Yes "true";' \ 'Dpkg::Use-Pty "0";' \ "Dir::Cache::Archives \"${APT_CACHE_DIR}\"; " \ >> /etc/apt/apt.conf.d/99gitlab apt-get update -qq apt-get upgrade -qy # This template sets us up for Debian system in particular. .debian-template: &debian-template <<: *artifacts-template <<: *x86-64-template variables: DEBIAN_FRONTEND: "noninteractive" # TODO: Using "cache" in this way speeds up our downloads. It would be # even better, though, to start with a pre-upgraded debian image. # # TODO: Will we have to do this differently once we have more than one # debian version that we're using? cache: key: apt paths: - apt-cache before_script: - *apt-template # Install patches unconditionally. - apt-get install apt-utils automake build-essential ca-certificates file git libevent-dev liblzma-dev libscrypt-dev libseccomp-dev libssl-dev pkg-config python3 zlib1g-dev # Install patches that we only need for some use cases. - if [ "$ASCIIDOC" = yes ]; then apt-get install asciidoc xmlto; fi - if [ "$DOXYGEN" = yes ]; then apt-get install doxygen; fi - if [ "$STEM" = yes ]; then apt-get install timelimit; fi - if [ "$CC" = clang ]; then apt-get install clang; fi - if [ "$NSS" = yes ]; then apt-get install libnss3 libnss3-dev; fi # llvm-symbolizer for sanitizer backtrace - if [ "$HARDENING" = yes ]; then apt-get install llvm; fi # TODO: This next line should not be debian-only. - if [ "$STEM" = yes ]; then git clone --depth 1 https://gitlab.torproject.org/tpo/network-health/stem.git ; export STEM_PATH="$(pwd)/stem"; fi # TODO: This next line should not be debian-only. - | if [ "$CHUTNEY" = yes ]; then # Use a fixed version of chutney to avoid surprise breakage. CHUTNEY_SHALLOW_SINCE=2024-10-28 CHUTNEY_COMMIT=be881a1e7c4bc8038fa13fde4a7b24e5c56349c4 git clone --shallow-since "$CHUTNEY_SHALLOW_SINCE" https://gitlab.torproject.org/tpo/core/chutney.git git -C ./chutney checkout "$CHUTNEY_COMMIT" export CHUTNEY_PATH="$(pwd)/chutney" # Have pip install chutney's python dependencies by installing chutney # itself. apt-get install python3-pip pip3 install --user ./chutney fi - if [ "$TRACING" = yes ]; then apt install liblttng-ust-dev; fi # Minimal check on debian: just make, make check. # debian-minimal: image: containers.torproject.org/tpo/tpa/base-images/debian:bullseye <<: *debian-template script: - ./scripts/ci/ci-driver.sh # Minimal check on debian/i386: just make, make check. # debian-i386-minimal: # TODO: Use a TPA-maintained image when there is one. # See https://gitlab.torproject.org/tpo/tpa/base-images/-/issues/3 image: name: i386/debian:bullseye docker: platform: linux/386 <<: *debian-template script: - ./scripts/ci/ci-driver.sh tags: - physical ##### # Run "make check" with a hardened clang on debian stable. This takes # care of a hardening check, and a compile-with-clang check. # # TODO: This will be faster once we merge #40098 and #40099. debian-hardened: image: containers.torproject.org/tpo/tpa/base-images/debian:bullseye <<: *debian-template variables: ALL_BUGS_ARE_FATAL: "yes" HARDENING: "yes" CC: "clang" script: - ./scripts/ci/ci-driver.sh ##### # Distcheck on debian stable debian-distcheck: image: containers.torproject.org/tpo/tpa/base-images/debian:bullseye <<: *debian-template variables: DISTCHECK: "yes" CHECK: "no" script: - ./scripts/ci/ci-driver.sh ##### # Documentation tests on debian stable: doxygen and asciidoc. debian-docs: image: containers.torproject.org/tpo/tpa/base-images/debian:bullseye <<: *debian-template variables: DOXYGEN: "yes" ASCIIDOC: "yes" CHECK: "no" RUN_STAGE_BUILD: "no" script: - ./scripts/ci/ci-driver.sh ##### # Integration tests on debian stable: chutney and stem. # # TODO: It would be cool if this target didn't have to re-build tor, and # could instead re-use Tor from debian-minimal. That can be done # with the 'artifacts' mechanism, in theory, but it would be good to # avoid having to have a system with hundreds of artifacts. debian-integration: image: containers.torproject.org/tpo/tpa/base-images/debian:bullseye <<: *debian-template variables: CHECK: "no" CHUTNEY: "yes" CHUTNEY_MAKE_TARGET: "test-network-all" STEM: "yes" ALL_BUGS_ARE_FATAL: "yes" script: - ./scripts/ci/ci-driver.sh ##### # Tracing build on Debian stable. debian-tracing: image: containers.torproject.org/tpo/tpa/base-images/debian:bullseye <<: *debian-template variables: TRACING: "yes" CHECK: "no" DISTCHECK: "yes" script: - ./scripts/ci/ci-driver.sh ##### # No-authority mode debian-disable-dirauth: image: containers.torproject.org/tpo/tpa/base-images/debian:bullseye <<: *debian-template variables: DISABLE_DIRAUTH: "yes" script: - ./scripts/ci/ci-driver.sh ##### # No-relay mode debian-disable-relay: image: containers.torproject.org/tpo/tpa/base-images/debian:bullseye <<: *debian-template variables: DISABLE_RELAY: "yes" script: - ./scripts/ci/ci-driver.sh ##### # GPL licensed mode, enables pow module debian-gpl: image: containers.torproject.org/tpo/tpa/base-images/debian:bullseye <<: *debian-template variables: GPL: "yes" script: - ./scripts/ci/ci-driver.sh ##### # NSS check on debian debian-nss: image: containers.torproject.org/tpo/tpa/base-images/debian:bullseye <<: *debian-template variables: NSS: "yes" script: - ./scripts/ci/ci-driver.sh ##### # Debian packaging triggers for maintenance branches debian-packaging-0.4.5: stage: deploy trigger: project: tpo/core/debian/tor branch: debian-0.4.5 rules: - if: $CI_PROJECT_NAMESPACE == "tpo/core" && $CI_COMMIT_BRANCH == "maint-0.4.5" debian-packaging-0.4.6: stage: deploy trigger: project: tpo/core/debian/tor branch: debian-0.4.6 rules: - if: $CI_PROJECT_NAMESPACE == "tpo/core" && $CI_COMMIT_BRANCH == "maint-0.4.6" ##### # Run tests written in Rust, and run clippy on all Rust code here. rust-latest: image: rust:latest <<: *debian-template script: - apt-get install llvm-dev libclang-dev clang - rustup show - cargo build --locked --verbose - cargo test --verbose - rustup component add clippy - rustup show - cargo clippy --all-features --all-targets -- -D warnings after_script: - cargo clean