path: root/.travis.yml

language: c

cache:
  ccache: true

compiler:
  - gcc

os:
  - linux

## We don't use the build matrix cross-product, because it makes too many jobs
## Instead, we list each job under matrix: include:
env:
  global:
    ## The Travis CI environment allows us two cores, so let's use both.  Also,
    ## let's use the "-k" flag so that we get all of the compilation failures,
    ## not just the first one.
    - MAKEFLAGS="-k -j 2"
    ## We turn on hardening by default
    ## Also known as --enable-fragile-hardening in 0.3.0.3-alpha and later
    - HARDENING_OPTIONS="--enable-all-bugs-are-fatal --enable-expensive-hardening"
    ## We turn off asciidoc by default, because it's slow
    - ASCIIDOC_OPTIONS="--disable-asciidoc"
    ## Turn off tor's sandbox in chutney, until we fix sandbox errors that are
    ## triggered by Ubuntu Xenial and Bionic. See #32722.
    - CHUTNEY_TOR_SANDBOX="0"
    ## The default target for chutney jobs
    - CHUTNEY_MAKE="test-network-all"
  matrix:
    ## This matrix entry is required, but it doesn't actually create any jobs
    -

matrix:
  ## include creates builds with gcc, linux, unless we override those defaults
  include:
    ## We run chutney on macOS, because macOS Travis has IPv6
    ## But we only run the IPv6 chutney tests, to speed up the job
    - env: CHUTNEY_MAKE="test-network-ipv6" CHUTNEY="yes" CHUTNEY_ALLOW_FAILURES="2" SKIP_MAKE_CHECK="yes"
      os: osx

    ## We also run basic tests on macOS
    - compiler: clang
      os: osx
      ## Turn off some newer features, turn on clang's -Wtypedef-redefinition
      ## Also, disable ALL_BUGS_ARE_FATAL macro.
      env: C_DIALECT_OPTIONS="-std=gnu99" HARDENING_OPTIONS="--enable-expensive-hardening"

    ## We run chutney on Linux, because it's faster than chutney on macOS
    ## Chutney is a fast job, clang is slower on Linux, so we do Chutney clang
    - env: CHUTNEY="yes" CHUTNEY_ALLOW_FAILURES="2" SKIP_MAKE_CHECK="yes"
      compiler: clang

    ## We check asciidoc with distcheck, to make sure we remove doc products
    - env: DISTCHECK="yes" ASCIIDOC_OPTIONS="" SKIP_MAKE_CHECK="yes"

    ## We check disable module relay
    - env: MODULES_OPTIONS="--disable-module-relay" HARDENING_OPTIONS="--enable-expensive-hardening"
    ## We check disable module dirauth
    - env: MODULES_OPTIONS="--disable-module-dirauth" HARDENING_OPTIONS="--enable-expensive-hardening"

    ## We check NSS
    ## Use -std=gnu99 to turn off some newer features, and maybe turn on some
    ## extra gcc warnings?
    - env: NSS_OPTIONS="--enable-nss" C_DIALECT_OPTIONS="-std=gnu99" HARDENING_OPTIONS="--enable-expensive-hardening"

    ## We include a single coverage build with the best options for coverage
    - env: COVERAGE_OPTIONS="--enable-coverage" HARDENING_OPTIONS="" TOR_TEST_RNG_SEED="636f766572616765"

    ## We clone our stem repo and run `make test-stem`
    - env: TEST_STEM="yes" SKIP_MAKE_CHECK="yes"

    ## We run `make doxygen` without `make check`.
    - env: SKIP_MAKE_CHECK="yes" DOXYGEN="yes"

  ## Allow the build to report success (with non-required sub-builds
  ## continuing to run) if all required sub-builds have succeeded.
  fast_finish: true

  ## Careful! We use global envs, which makes it hard to allow failures by env:
  ## https://docs.travis-ci.com/user/customizing-the-build#matching-jobs-with-allow_failures
  allow_failures:
    ## Since we're actively developing IPv6, we want to require the IPv6
    ## chutney tests
    #- env: CHUTNEY_MAKE="test-network-ipv6" CHUTNEY="yes" CHUTNEY_ALLOW_FAILURES="2" SKIP_MAKE_CHECK="yes"
    #  os: osx

## (Linux only) Use a recent Linux image (Ubuntu Bionic)
dist: bionic

## Download our dependencies
addons:
  ## (Linux only)
  apt:
    packages:
      ## Required dependencies
      - libevent-dev
      ## Ubuntu comes with OpenSSL by default
      #- libssl-dev
      - zlib1g-dev
      ## Optional dependencies
      - libcap-dev
      - liblzma-dev
      - libnss3-dev
      - libscrypt-dev
      - libseccomp-dev
      - libzstd-dev
      ## Optional build dependencies
      - coccinelle
      - shellcheck
      ## Conditional build dependencies
      ## Always installed, so we don't need sudo
      - asciidoc
      - docbook-xsl
      - docbook-xml
      - xmlto
      - doxygen
      ## Utilities
      ## preventing or diagnosing hangs
      - timelimit
  ## (OSX only)
  homebrew:
    packages:
      ## Required dependencies
      - libevent
      ## The OSX version of OpenSSL is way too old
      - openssl
      ## OSX comes with zlib by default
      ## to use a newer zlib, pass the keg path to configure (like OpenSSL)
      #- zlib
      ## Optional dependencies
      - libscrypt
      - xz
      - zstd
      ## Required build dependencies
      ## Tor needs pkg-config to find some dependencies at build time
      - pkg-config
      ## Optional build dependencies
      - ccache
      - coccinelle
      - shellcheck
      ## Conditional build dependencies
      ## Always installed, because manual brew installs are hard to get right
      - asciidoc
      - xmlto
      ## Utilities
      ## preventing or diagnosing hangs
      - timelimit

## (OSX only) Use a recent macOS image
## See https://docs.travis-ci.com/user/reference/osx#os-x-version
## Default is Xcode 9.4 on macOS 10.13 as of October 2019
## Recent is Xcode 11.2 on macOS 10.14 as of October 2019
osx_image: xcode11.2

before_install:
  ## Set pipefail: we use pipes
  - set -o pipefail || echo "pipefail failed"

install:
  ## If we're on OSX, configure ccache (ccache is automatically installed and configured on Linux)
  - if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then export PATH="/usr/local/opt/ccache/libexec:$PATH"; fi
  ## If we're on OSX, OpenSSL is keg-only, so tor 0.2.9 and later need to be configured --with-openssl-dir= to build
  - if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then OPENSSL_OPTIONS=--with-openssl-dir=`brew --prefix openssl`; fi
  ## Install conditional features
  ## Install coveralls
  - if [[ "$COVERAGE_OPTIONS" != "" ]]; then pip install --user cpp-coveralls; fi
  ## If we're on OSX, and using asciidoc, configure asciidoc
  - if [[ "$ASCIIDOC_OPTIONS" == "" ]] && [[ "$TRAVIS_OS_NAME" == "osx" ]]; then export XML_CATALOG_FILES="/usr/local/etc/xml/catalog"; fi
  ## If we're running chutney, install it.
  - if [[ "$CHUTNEY" != "" ]]; then git clone --depth 1 https://github.com/torproject/chutney.git ; export CHUTNEY_PATH="$(pwd)/chutney"; fi
  ## If we're running stem, install it.
  - if [[ "$TEST_STEM" != "" ]]; then git clone --depth 1 https://github.com/torproject/stem.git ; export STEM_SOURCE_DIR=`pwd`/stem; fi
  ##
  ## Finally, list installed package versions
  - if [[ "$TRAVIS_OS_NAME" == "linux" ]]; then dpkg-query --show; fi
  - if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then brew list --versions; fi
  ## Get python version
  - python --version
  ## If we're running chutney, show the chutney commit
  - if [[ "$CHUTNEY" != "" ]]; then pushd "$CHUTNEY_PATH"; git log -1 ; popd ; fi
  ## If we're running stem, show the stem version and commit
  - if [[ "$TEST_STEM" != "" ]]; then pushd stem; python -c "from stem import stem; print(stem.__version__);"; git log -1; popd; fi
  ## Get the coccinelle version
  ## Installs are unreliable on macOS, so we just rely on brew list --versions
  - if [[ "$TRAVIS_OS_NAME" == "linux" ]]; then spatch --version; fi
  ## We don't want Tor tests to depend on default configuration file at
  ## ~/.torrc. So we put some random bytes in there, to make sure we get build
  ## failures in case Tor is reading it during CI jobs.
  - dd ibs=1 count=1024 if=/dev/urandom > ~/.torrc

script:
  # Skip test_rebind and test_include on macOS
  - if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then export TOR_SKIP_TEST_REBIND=true; export TOR_SKIP_TEST_INCLUDE=true; fi
  - ./autogen.sh
  - CONFIGURE_FLAGS="$ASCIIDOC_OPTIONS $COVERAGE_OPTIONS $HARDENING_OPTIONS $MODULES_OPTIONS $NSS_OPTIONS $OPENSSL_OPTIONS --enable-fatal-warnings --disable-silent-rules"
  - echo "Configure flags are $CONFIGURE_FLAGS CC=\"$CC $C_DIALECT_OPTIONS\""
  - ./configure $CONFIGURE_FLAGS CC="$CC $C_DIALECT_OPTIONS";
  ## We run `make check` because that's what https://jenkins.torproject.org does.
  - if [[ "$SKIP_MAKE_CHECK" == "" ]]; then make check; fi
  - if [[ "$DISTCHECK" != "" ]]; then make distcheck DISTCHECK_CONFIGURE_FLAGS="$CONFIGURE_FLAGS"; fi
  - if [[ "$CHUTNEY" != "" ]]; then make "$CHUTNEY_MAKE"; fi
  ## Diagnostic for bug 29437: kill stem if it hangs for 9.5 minutes
  ## Travis will kill the job after 10 minutes with no output
  - if [[ "$TEST_STEM" != "" ]]; then make src/app/tor; timelimit -p -t 540 -s USR1 -T 30 -S ABRT python3 "$STEM_SOURCE_DIR"/run_tests.py --tor src/app/tor --integ --test control.controller --test control.base_controller --test process --log TRACE --log-file stem.log; fi
  - if [[ "$DOXYGEN" != "" ]]; then make doxygen; fi
  ## If this build was one that produced coverage, upload it.
  - if [[ "$COVERAGE_OPTIONS" != "" ]]; then coveralls -b . --exclude src/test --exclude src/trunnel --gcov-options '\-p' || echo "Coverage failed"; fi

after_failure:
  ## configure will leave a log file with more details of config failures.
  ## But the log is too long for travis' rendered view, so tail it.
  - tail -1000 config.log || echo "tail failed"
  ## `make check` will leave a log file with more details of test failures.
  - if [[ "$SKIP_MAKE_CHECK" == "" ]]; then cat test-suite.log || echo "cat failed"; fi
  ## `make distcheck` puts it somewhere different.
  - if [[ "$DISTCHECK" != "" ]]; then make show-distdir-testlog || echo "make failed"; fi
  - if [[ "$DISTCHECK" != "" ]]; then make show-distdir-core || echo "make failed"; fi
  - if [[ "$CHUTNEY" != "" ]]; then "$CHUTNEY_PATH/tools/diagnostics.sh" || echo "diagnostics failed"; ls test_network_log || echo "ls failed"; cat test_network_log/* || echo "cat failed"; fi
  - if [[ "$TEST_STEM" != "" ]]; then tail -1000 "$STEM_SOURCE_DIR"/test/data/tor_log || echo "tail failed"; fi
  - if [[ "$TEST_STEM" != "" ]]; then grep -v "SocketClosed" stem.log | tail -1000 || echo "grep | tail failed"; fi

before_cache:
  ## Delete all gcov files.
  - if [[ "$COVERAGE_OPTIONS" != "" ]]; then make reset-gcov; fi

notifications:
  irc:
    channels:
      - "irc.oftc.net#tor-ci"
    template:
      - "%{repository} %{branch} %{commit} - %{author}: %{commit_subject}"
      - "Build #%{build_number} %{result}. Details: %{build_url}"
    on_success: change
    on_failure: change
  email:
    on_success: never
    on_failure: change