summaryrefslogtreecommitdiff
path: root/.travis.yml
blob: 94d9bf9cceed141cda57449624a94a3ba3f44d24 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
language: c

cache:
  ccache: true
  ## cargo: true
  directories:
    - $HOME/.cargo
    ## caching CARGO_TARGET_DIR actually slows down the build over time,
    ## because old build products are never deleted.
    ## where we point CARGO_TARGET_DIR in all our cargo invocations
    #- $TRAVIS_BUILD_DIR/src/rust/target

compiler:
  - gcc
  - clang

os:
  - linux
  - osx

## The build matrix in the following stanza expands into builds for each
## OS and compiler.
env:
  global:
    ## The Travis CI environment allows us two cores, so let's use both.
    - MAKEFLAGS="-j 2"
    ## We turn on hardening by default
    ## Also known as --enable-fragile-hardening in 0.3.0.3-alpha and later
    - HARDENING_OPTIONS="--enable-expensive-hardening"
    ## We turn off asciidoc by default, because it's slow
    - ASCIIDOC_OPTIONS="--disable-asciidoc"
    ## Our default rust version is the minimum supported version
    - RUST_VERSION="1.31.0"
  matrix:
    ## We want to use each build option at least once
    ##
    ## We don't list default variable values, because we set the defaults
    ## in global (or the default is unset)
    -
    ## TOR_RUST_DEPENDENCIES is spelt RUST_DEPENDENCIES in 0.3.2
    - RUST_OPTIONS="--enable-rust" TOR_RUST_DEPENDENCIES=true

matrix:
  ## include creates builds with gcc, linux
  include:
    ## We include a single coverage build with the best options for coverage
    - env: COVERAGE_OPTIONS="--enable-coverage" HARDENING_OPTIONS="" TOR_TEST_RNG_SEED="636f766572616765"
    ## We only want to check these build option combinations once
    ## (they shouldn't vary by compiler or OS)
    ## We run rust and coverage with hardening off, which seems like enough
    # - env: HARDENING_OPTIONS=""
    ## We check asciidoc with distcheck, to make sure we remove doc products
    - env: DISTCHECK="yes" ASCIIDOC_OPTIONS="" SKIP_MAKE_CHECK="yes"
    # We also try running a hardened clang build with chutney on Linux.
    - env: CHUTNEY="yes" SKIP_MAKE_CHECK="yes" CHUTNEY_ALLOW_FAILURES="2"
      compiler: clang
    # We clone our stem repo and run `make test-stem`
    - env: TEST_STEM="yes" SKIP_MAKE_CHECK="yes"
    ## Check rust online with distcheck, to make sure we remove rust products
    - env: DISTCHECK="yes" RUST_VERSION="beta" RUST_OPTIONS="--enable-rust --enable-cargo-online-mode"
    ## Check disable module dirauth with and without rust
    - env: MODULES_OPTIONS="--disable-module-dirauth" RUST_VERSION="nightly" RUST_OPTIONS="--enable-rust" TOR_RUST_DEPENDENCIES=true
    - env: MODULES_OPTIONS="--disable-module-dirauth"
    ## Check NSS
    - env: NSS_OPTIONS="--enable-nss"

  ## Uncomment to allow the build to report success (with non-required
  ## sub-builds continuing to run) if all required sub-builds have
  ## succeeded.  This is somewhat buggy currently: it can cause
  ## duplicate notifications and prematurely report success if a
  ## single sub-build has succeeded.  See
  ## https://github.com/travis-ci/travis-ci/issues/1696
  # fast_finish: true

  ## Careful! We use global envs, which makes it hard to exclude or
  ## allow failures by env:
  ## https://docs.travis-ci.com/user/customizing-the-build#matching-jobs-with-allow_failures
  allow_failures:
    ## test-stem sometimes hangs on Travis
    - env: TEST_STEM="yes" SKIP_MAKE_CHECK="yes"

  exclude:
    ## gcc on OSX is less useful, because the default compiler is clang.
    - compiler: gcc
      os: osx
    ## gcc on Linux with no env is redundant, because all the custom builds use
    ## gcc on Linux
    - compiler: gcc
      os: linux
      env:
    ## offline rust builds for gcc on Linux are redundant, because we do an
    ## online rust build for gcc on Linux
    - compiler: gcc
      os: linux
      ## TOR_RUST_DEPENDENCIES is spelt RUST_DEPENDENCIES in 0.3.2
      env: RUST_OPTIONS="--enable-rust" TOR_RUST_DEPENDENCIES=true

## (Linux only) Use the latest Linux image (Ubuntu Trusty)
dist: trusty

## Download our dependencies
addons:
  ## (Linux only)
  apt:
    packages:
      ## Required dependencies
      - libevent-dev
      ## Ubuntu comes with OpenSSL by default
      #- libssl-dev
      - zlib1g-dev
      ## Optional dependencies
      - libcap-dev
      - liblzma-dev
      - libnss3-dev
      - libscrypt-dev
      - libseccomp-dev
      ## zstd doesn't exist in Ubuntu Trusty
      #- libzstd
      - shellcheck
      ## Conditional build dependencies
      ## Always installed, so we don't need sudo
      - asciidoc
      - docbook-xsl
      - docbook-xml
      - xmlto
      ## Utilities
      ## preventing or diagnosing hangs
      - timelimit
  ## (OSX only)
  homebrew:
    packages:
      ## Required dependencies
      - libevent
      ## The OSX version of OpenSSL is way too old
      - openssl
      ## OSX comes with zlib by default
      ## to use a newer zlib, pass the keg path to configure (like OpenSSL)
      #- zlib
      ## Optional dependencies
      - libscrypt
      - xz
      - zstd
      ## Required build dependencies
      ## Tor needs pkg-config to find some dependencies at build time
      - pkg-config
      ## Optional build dependencies
      - ccache
      - shellcheck
      ## Conditional build dependencies
      ## Always installed, because manual brew installs are hard to get right
      - asciidoc
      - xmlto
      ## Utilities
      ## preventing or diagnosing hangs
      - timelimit

## (OSX only) Use the default OSX image
## See https://docs.travis-ci.com/user/reference/osx#os-x-version
## Default is Xcode 9.4 on macOS 10.13 as of August 2018
#osx_image: xcode9.4

before_install:
  ## Create empty rust directories for non-Rust builds, so caching succeeds
  - if [[ "$RUST_OPTIONS" == "" ]]; then mkdir -p $HOME/.cargo $TRAVIS_BUILD_DIR/src/rust/target; fi

install:
  ## If we're on OSX, configure ccache (ccache is automatically installed and configured on Linux)
  - if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then export PATH="/usr/local/opt/ccache/libexec:$PATH"; fi
  ## If we're on OSX, OpenSSL is keg-only, so tor 0.2.9 and later need to be configured --with-openssl-dir= to build
  - if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then OPENSSL_OPTIONS=--with-openssl-dir=`brew --prefix openssl`; fi
  ## Install conditional features
  ## Install coveralls
  - if [[ "$COVERAGE_OPTIONS" != "" ]]; then pip install --user cpp-coveralls; fi
  ## If we're on OSX, and using asciidoc, configure asciidoc
  - if [[ "$ASCIIDOC_OPTIONS" == "" ]] && [[ "$TRAVIS_OS_NAME" == "osx" ]]; then export XML_CATALOG_FILES="/usr/local/etc/xml/catalog"; fi
  ## If we're using Rust, download rustup
  - if [[ "$RUST_OPTIONS" != "" ]]; then curl -Ssf -o rustup.sh https://sh.rustup.rs; fi
  ## Install the stable channels of rustc and cargo and setup our toolchain environment
  - if [[ "$RUST_OPTIONS" != "" ]]; then sh rustup.sh -y --default-toolchain $RUST_VERSION; fi
  - if [[ "$RUST_OPTIONS" != "" ]]; then source $HOME/.cargo/env; fi
  ## If we're testing rust builds in offline-mode, then set up our vendored dependencies
  - if [[ "$TOR_RUST_DEPENDENCIES" == "true" ]]; then export TOR_RUST_DEPENDENCIES=$PWD/src/ext/rust/crates; fi
  ## If we're running chutney, install it.
  - if [[ "$CHUTNEY" != "" ]]; then git clone --depth 1 https://github.com/torproject/chutney.git ; export CHUTNEY_PATH="$(pwd)/chutney"; fi
  ## If we're running stem, install it.
  - if [[ "$TEST_STEM" != "" ]]; then git clone --depth 1 https://github.com/torproject/stem.git ; export STEM_SOURCE_DIR=`pwd`/stem; fi
  ##
  ## Finally, list installed package versions
  - if [[ "$TRAVIS_OS_NAME" == "linux" ]]; then dpkg-query --show; fi
  - if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then brew list --versions; fi
  ## Get some info about rustup, rustc and cargo
  - if [[ "$RUST_OPTIONS" != "" ]]; then which rustup; fi
  - if [[ "$RUST_OPTIONS" != "" ]]; then which rustc; fi
  - if [[ "$RUST_OPTIONS" != "" ]]; then which cargo; fi
  - if [[ "$RUST_OPTIONS" != "" ]]; then rustup --version; fi
  - if [[ "$RUST_OPTIONS" != "" ]]; then rustc --version; fi
  - if [[ "$RUST_OPTIONS" != "" ]]; then cargo --version; fi
  ## Get python version
  - python --version
  ## If we're running chutney, show the chutney commit
  - if [[ "$CHUTNEY" != "" ]]; then pushd "$CHUTNEY_PATH"; git log -1 ; popd ; fi
  ## If we're running stem, show the stem version and commit
  - if [[ "$TEST_STEM" != "" ]]; then pushd stem; python -c "from stem import stem; print(stem.__version__);"; git log -1; popd; fi
  ## We don't want Tor tests to depend on default configuration file at
  ## ~/.torrc. So we put some random bytes in there, to make sure we get build
  ## failures in case Tor is reading it during CI jobs.
  - dd ibs=1 count=1024 if=/dev/urandom > ~/.torrc

script:
  # Skip test_rebind on macOS
  - if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then export TOR_SKIP_TEST_REBIND=true; fi
  - ./autogen.sh
  - CONFIGURE_FLAGS="$ASCIIDOC_OPTIONS $COVERAGE_OPTIONS $HARDENING_OPTIONS $MODULES_OPTIONS $NSS_OPTIONS $OPENSSL_OPTIONS $RUST_OPTIONS --enable-fatal-warnings --disable-silent-rules"
  - echo "Configure flags are $CONFIGURE_FLAGS"
  - ./configure $CONFIGURE_FLAGS
  ## We run `make check` because that's what https://jenkins.torproject.org does.
  - if [[ "$SKIP_MAKE_CHECK" == "" ]]; then make check; fi
  - if [[ "$DISTCHECK" != "" ]]; then make distcheck DISTCHECK_CONFIGURE_FLAGS="$CONFIGURE_FLAGS"; fi
  - if [[ "$CHUTNEY" != "" ]]; then make test-network-all; fi
  ## Diagnostic for bug 29437: kill stem if it hangs for 9.5 minutes
  ## Travis will kill the job after 10 minutes with no output
  - if [[ "$TEST_STEM" != "" ]]; then make src/app/tor; timelimit -p -t 540 -s USR1 -T 30 -S ABRT python3 "$STEM_SOURCE_DIR"/run_tests.py --tor src/app/tor --integ --test control.controller --test control.base_controller --test process --log TRACE --log-file stem.log; fi
  ## If this build was one that produced coverage, upload it.
  - if [[ "$COVERAGE_OPTIONS" != "" ]]; then coveralls -b . --exclude src/test --exclude src/trunnel --gcov-options '\-p' || echo "Coverage failed"; fi

after_failure:
  ## configure will leave a log file with more details of config failures.
  ## But the log is too long for travis' rendered view, so tail it.
  - tail -1000 config.log || echo "tail failed"
  ## `make check` will leave a log file with more details of test failures.
  - if [[ "$SKIP_MAKE_CHECK" == "" ]]; then cat test-suite.log || echo "cat failed"; fi
  ## `make distcheck` puts it somewhere different.
  - if [[ "$DISTCHECK" != "" ]]; then make show-distdir-testlog || echo "make failed"; fi
  - if [[ "$DISTCHECK" != "" ]]; then make show-distdir-core || echo "make failed"; fi
  - if [[ "$CHUTNEY" != "" ]]; then ls test_network_log || echo "ls failed"; cat test_network_log/* || echo "cat failed"; fi
  - if [[ "$TEST_STEM" != "" ]]; then tail -1000 "$STEM_SOURCE_DIR"/test/data/tor_log || echo "tail failed"; fi
  - if [[ "$TEST_STEM" != "" ]]; then grep -v "SocketClosed" stem.log | tail -1000 || echo "grep | tail failed"; fi

before_cache:
  ## Delete all gcov files.
  - if [[ "$COVERAGE_OPTIONS" != "" ]]; then make reset-gcov; fi
  ## Delete the cargo registry before caching .cargo, because it's cheaper to
  ## download the registry and throw it away, rather than caching it
  - rm -rf $HOME/.cargo/registry

notifications:
  irc:
    channels:
      - "irc.oftc.net#tor-ci"
    template:
      - "%{repository} %{branch} %{commit} - %{author}: %{commit_subject}"
      - "Build #%{build_number} %{result}. Details: %{build_url}"
    on_success: change
    on_failure: change
  email:
    on_success: never
    on_failure: change