1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
|
language: c
cache:
ccache: true
compiler:
- gcc
os:
- linux
## We don't use the build matrix cross-product, because it makes too many jobs
## Instead, we list each job under matrix: include:
env:
global:
## The Travis CI environment allows us two cores, so let's use both.
- MAKEFLAGS="-j 2"
## We turn on hardening by default
## Also known as --enable-fragile-hardening in 0.3.0.3-alpha and later
- HARDENING_OPTIONS="--enable-expensive-hardening"
## We turn off asciidoc by default, because it's slow
- ASCIIDOC_OPTIONS="--disable-asciidoc"
matrix:
## This matrix entry is required, but it doesn't actually create any jobs
-
matrix:
## include creates builds with gcc, linux, unless we override those defaults
include:
## clang is the default macOS compiler, so we use it for the macOS job
- compiler: clang
os: osx
## We include a single coverage build with the best options for coverage
- env: COVERAGE_OPTIONS="--enable-coverage" HARDENING_OPTIONS=""
## We only want to check these build option combinations once
## (they shouldn't vary by compiler or OS)
## We run coverage with hardening off, which seems like enough
# - env: HARDENING_OPTIONS=""
## We check asciidoc with distcheck, to make sure we remove doc products
- env: DISTCHECK="yes" ASCIIDOC_OPTIONS="" SKIP_MAKE_CHECK="yes"
# We also try running a hardened clang build with chutney on Linux.
- env: CHUTNEY="yes" SKIP_MAKE_CHECK="yes" CHUTNEY_ALLOW_FAILURES="2"
compiler: clang
## Uncomment to allow the build to report success (with non-required
## sub-builds continuing to run) if all required sub-builds have
## succeeded. This is somewhat buggy currently: it can cause
## duplicate notifications and prematurely report success if a
## single sub-build has succeeded. See
## https://github.com/travis-ci/travis-ci/issues/1696
# fast_finish: true
## Careful! We use global envs, which makes it hard to allow failures by env:
## https://docs.travis-ci.com/user/customizing-the-build#matching-jobs-with-allow_failures
# allow_failures:
# - compiler: gcc
# os: linux
## (Linux only) Use the latest Linux image (Ubuntu Trusty)
dist: trusty
## Download our dependencies
addons:
## (Linux only)
apt:
packages:
## Required dependencies
- libevent-dev
## Ubuntu comes with OpenSSL by default
#- libssl-dev
- zlib1g-dev
## Optional dependencies
- libcap-dev
- libscrypt-dev
- libseccomp-dev
## Conditional build dependencies
## Always installed, so we don't need sudo
- asciidoc
- docbook-xsl
- docbook-xml
- xmlto
## (OSX only)
homebrew:
packages:
## Required dependencies
- libevent
## The OSX version of OpenSSL is way too old
- openssl
## OSX comes with zlib by default
## to use a newer zlib, pass the keg path to configure (like OpenSSL)
#- zlib
## Optional dependencies
- libscrypt
## Required build dependencies
## Tor needs pkg-config to find some dependencies at build time
- pkg-config
## Optional build dependencies
- ccache
## Conditional build dependencies
## Always installed, because manual brew installs are hard to get right
- asciidoc
- xmlto
## (OSX only) Use the default OSX image
## See https://docs.travis-ci.com/user/reference/osx#os-x-version
## Default is Xcode 9.4 on macOS 10.13 as of August 2018
#osx_image: xcode9.4
install:
## If we're on OSX, configure ccache (ccache is automatically installed and configured on Linux)
- if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then export PATH="/usr/local/opt/ccache/libexec:$PATH"; fi
## If we're on OSX, OpenSSL is keg-only, so tor 0.2.9 and later need to be configured --with-openssl-dir= to build
- if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then OPENSSL_OPTIONS=--with-openssl-dir=`brew --prefix openssl`; fi
## Install conditional features
## Install coveralls
- if [[ "$COVERAGE_OPTIONS" != "" ]]; then pip install --user cpp-coveralls; fi
## If we're on OSX, and using asciidoc, configure asciidoc
- if [[ "$ASCIIDOC_OPTIONS" == "" ]] && [[ "$TRAVIS_OS_NAME" == "osx" ]]; then export XML_CATALOG_FILES="/usr/local/etc/xml/catalog"; fi
## If we're running chutney, install it.
- if [[ "$CHUTNEY" != "" ]]; then git clone --depth 1 https://github.com/torproject/chutney.git ; export CHUTNEY_PATH="$(pwd)/chutney"; fi
## Finally, list installed package versions
- if [[ "$TRAVIS_OS_NAME" == "linux" ]]; then dpkg-query --show; fi
- if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then brew list --versions; fi
## Get python version
- python --version
## If we're running chutney, show the chutney commit
- if [[ "$CHUTNEY" != "" ]]; then pushd "$CHUTNEY_PATH"; git log -1 ; popd ; fi
script:
- ./autogen.sh
- CONFIGURE_FLAGS="$ASCIIDOC_OPTIONS $COVERAGE_OPTIONS $HARDENING_OPTIONS $OPENSSL_OPTIONS --enable-fatal-warnings --disable-silent-rules"
- echo "Configure flags are $CONFIGURE_FLAGS"
- ./configure $CONFIGURE_FLAGS
## We run `make check` because that's what https://jenkins.torproject.org does.
- if [[ "$SKIP_MAKE_CHECK" == "" ]]; then make check; fi
- if [[ "$DISTCHECK" != "" ]]; then make distcheck DISTCHECK_CONFIGURE_FLAGS="$CONFIGURE_FLAGS"; fi
- if [[ "$CHUTNEY" != "" ]]; then make test-network-all; fi
## If this build was one that produced coverage, upload it.
- if [[ "$COVERAGE_OPTIONS" != "" ]]; then coveralls -b . --exclude src/test --exclude src/trunnel --gcov-options '\-p' || echo "Coverage failed"; fi
after_failure:
## configure will leave a log file with more details of config failures.
## But the log is too long for travis' rendered view, so tail it.
- tail -1000 config.log || echo "tail failed"
## `make check` will leave a log file with more details of test failures.
- if [[ "$SKIP_MAKE_CHECK" == "" ]]; then cat test-suite.log || echo "cat failed"; fi
## `make distcheck` puts it somewhere different.
- if [[ "$DISTCHECK" != "" ]]; then make show-distdir-testlog || echo "make failed"; fi
- if [[ "$CHUTNEY" != "" ]]; then ls test_network_log || echo "ls failed"; cat test_network_log/* || echo "cat failed"; fi
before_cache:
## Delete all gcov files.
- if [[ "$COVERAGE_OPTIONS" != "" ]]; then make reset-gcov; fi
notifications:
irc:
channels:
- "irc.oftc.net#tor-ci"
template:
- "%{repository} %{branch} %{commit} - %{author}: %{commit_subject}"
- "Build #%{build_number} %{result}. Details: %{build_url}"
on_success: change
on_failure: change
email:
on_success: never
on_failure: change
|
