diff options
Diffstat (limited to '.gitlab-ci.yml')
-rw-r--r-- | .gitlab-ci.yml | 392 |
1 files changed, 265 insertions, 127 deletions
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 9ddd1b73..c47e6d45 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,24 +1,39 @@ +--- variables: BUILD_IMAGES_PROJECT: libssh/build-images + CENTOS8_BUILD: buildenv-c8s + CENTOS9_BUILD: buildenv-c9s FEDORA_BUILD: buildenv-fedora - UBUNTU_BUILD: buildenv-ubuntu - CENTOS7_BUILD: buildenv-centos7 - TUMBLEWEED_BUILD: buildenv-tumbleweed MINGW_BUILD: buildenv-mingw + TUMBLEWEED_BUILD: buildenv-tumbleweed + UBUNTU_BUILD: buildenv-ubuntu + ALPINE_BUILD: buildenv-alpine stages: + - review - build - test - analysis +# This is some black magic to select between branch pipelines and +# merge request pipelines to avoid running same pipelines in twice +workflow: + rules: + - if: '$CI_COMMIT_BRANCH && $CI_OPEN_MERGE_REQUESTS && $CI_PIPELINE_SOURCE == "push"' + when: never + - if: '$CI_PIPELINE_SOURCE == "merge_request_event"' + - if: '$CI_COMMIT_BRANCH && $CI_OPEN_MERGE_REQUESTS' + when: never + - if: '$CI_COMMIT_BRANCH' + .build: stage: build variables: - CMAKE_DEFAULT_OPTIONS: "-DCMAKE_BUILD_TYPE=RelWithDebInfo -DPICKY_DEVELOPER=ON" - CMAKE_BUILD_OPTIONS: "-DWITH_BLOWFISH_CIPHER=ON -DWITH_SFTP=ON -DWITH_SERVER=ON -DWITH_ZLIB=ON -DWITH_PCAP=ON -DWITH_DEBUG_CRYPTO=ON -DWITH_DEBUG_PACKET=ON -DWITH_DEBUG_CALLTRACE=ON -DWITH_DSA=ON" - CMAKE_TEST_OPTIONS: "-DUNIT_TESTING=ON -DCLIENT_TESTING=ON -DSERVER_TESTING=ON" - CMAKE_OPTIONS: $CMAKE_DEFAULT_OPTIONS $CMAKE_BUILD_OPTIONS $CMAKE_TEST_OPTIONS - before_script: + CMAKE_DEFAULT_OPTIONS: "-DCMAKE_BUILD_TYPE=RelWithDebInfo -DPICKY_DEVELOPER=ON" + CMAKE_BUILD_OPTIONS: "-DWITH_BLOWFISH_CIPHER=ON -DWITH_SFTP=ON -DWITH_SERVER=ON -DWITH_ZLIB=ON -DWITH_PCAP=ON -DWITH_DEBUG_CRYPTO=ON -DWITH_DEBUG_PACKET=ON -DWITH_DEBUG_CALLTRACE=ON" + CMAKE_TEST_OPTIONS: "-DUNIT_TESTING=ON -DCLIENT_TESTING=ON -DSERVER_TESTING=ON -DWITH_BENCHMARKS=ON -DFUZZ_TESTING=ON" + CMAKE_OPTIONS: $CMAKE_DEFAULT_OPTIONS $CMAKE_BUILD_OPTIONS $CMAKE_TEST_OPTIONS + before_script: &build - uname -a - cat /etc/os-release - mount @@ -27,12 +42,16 @@ stages: - free -h - mkdir -p obj && cd obj script: - - cmake $CMAKE_OPTIONS $CMAKE_ADDTIONAL_OPTIONS .. && + - cmake $CMAKE_OPTIONS $CMAKE_ADDITIONAL_OPTIONS .. && make -j$(nproc) && make -j$(nproc) install # Do not use after_script as it does not make the targets fail tags: - shared + only: + - merge_requests + - branches + except: - tags artifacts: @@ -47,35 +66,100 @@ stages: # This is needed to prevent passing artifacts from previous stages dependencies: [] script: - - cmake $CMAKE_OPTIONS $CMAKE_ADDTIONAL_OPTIONS .. && + - cmake $CMAKE_OPTIONS $CMAKE_ADDITIONAL_OPTIONS .. && make -j$(nproc) && ctest --output-on-failure - # Do not use after_script as it does not make the targets fail + # Do not use after_script as it does not make the targets fail .fedora: extends: .tests image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD variables: - CMAKE_ADDTIONAL_OPTIONS: -DWITH_PKCS11_URI=ON + CMAKE_ADDITIONAL_OPTIONS: -DWITH_PKCS11_URI=ON .tumbleweed: extends: .tests image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$TUMBLEWEED_BUILD +.fips: + extends: .tests + variables: + CMAKE_ADDITIONAL_OPTIONS: -DWITH_PKCS11_URI=ON + before_script: + - *build + - echo "# userspace fips" > /etc/system-fips + # We do not need the kernel part, but in case we ever do: + # mkdir -p /var/tmp/userspace-fips + # echo 1 > /var/tmp/userspace-fips/fips_enabled + # mount --bind /var/tmp/userspace-fips/fips_enabled \ + # /proc/sys/crypto/fips_enabled + - update-crypto-policies --show + - update-crypto-policies --set FIPS + - update-crypto-policies --show +############################################################################### +# Review # +############################################################################### +review: + variables: + GIT_DEPTH: 100 + stage: review + image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD + script: + - ERROR=0 + codespell --ignore-words-list=keypair,sorce,ned,nd,ue || ERROR=1; + ./.gitlab-ci/clang-format-check.sh || ERROR=1; + ./.gitlab-ci/git-check-signoff-trailer.sh ${CI_MERGE_REQUEST_DIFF_BASE_SHA} || ERROR=1; + ./.gitlab-ci/git-check-signoff-trailer.sh ${CI_MERGE_REQUEST_DIFF_BASE_SHA} || ERROR=1; + ./.gitlab-ci/shellcheck.sh || ERROR=1; + exit $ERROR + # the format is not always matching our intentions + allow_failure: true + tags: + - shared + only: + - merge_requests ############################################################################### # CentOS builds # ############################################################################### -# pkd tests fail on CentOS7 docker images, so we don't use -DSERVER_TESTING=ON -centos7/openssl_1.0.x/x86_64: - image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$CENTOS7_BUILD +centos9s/openssl_3.0.x/x86_64: + image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$CENTOS9_BUILD extends: .tests + variables: + CMAKE_ADDITIONAL_OPTIONS: -DWITH_PKCS11_URI=ON script: - - cmake3 $CMAKE_OPTIONS .. && + - export OPENSSL_ENABLE_SHA1_SIGNATURES=1 + - cmake $CMAKE_OPTIONS $CMAKE_ADDITIONAL_OPTIONS .. && make -j$(nproc) && ctest --output-on-failure +centos9s/openssl_3.0.x/x86_64/fips: + extends: .fips + image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$CENTOS9_BUILD + script: + - export OPENSSL_ENABLE_SHA1_SIGNATURES=1 + - cmake $CMAKE_OPTIONS $CMAKE_ADDITIONAL_OPTIONS .. && + make -j$(nproc) && + OPENSSL_FORCE_FIPS_MODE=1 ctest --output-on-failure + +centos8s/openssl_1.1.1/x86_64: + image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$CENTOS8_BUILD + extends: .tests + variables: + CMAKE_ADDITIONAL_OPTIONS: -DWITH_PKCS11_URI=ON + script: + - cmake $CMAKE_OPTIONS $CMAKE_ADDITIONAL_OPTIONS .. && + make -j$(nproc) && + ctest --output-on-failure + +centos8s/openssl_1.1.1/x86_64/fips: + extends: .fips + image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$CENTOS8_BUILD + script: + - cmake $CMAKE_OPTIONS $CMAKE_ADDITIONAL_OPTIONS .. && + make -j$(nproc) && + OPENSSL_FORCE_FIPS_MODE=1 ctest --output-on-failure ############################################################################### # Fedora builds # @@ -88,35 +172,42 @@ fedora/docs: extends: .build image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD script: - - cmake .. && make docs + - cmake .. && make docs_coverage && make docs + coverage: '/^Documentation coverage is \d+.\d+%/' -fedora/openssl_1.1.x/x86_64: +fedora/ninja: extends: .fedora + image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD + script: + - cmake -G Ninja $CMAKE_OPTIONS ../ && ninja && CTEST_OUTPUT_ON_FAILURE=1 ninja test -fedora/openssl_1.1.x/x86_64/fips: +fedora/coverage: extends: .fedora - before_script: - - echo "# userspace fips" > /etc/system-fips - # We do not need the kernel part, but in case we ever do: - # mkdir -p /var/tmp/userspace-fips - # echo 1 > /var/tmp/userspace-fips/fips_enabled - # mount --bind /var/tmp/userspace-fips/fips_enabled /proc/sys/crypto/fips_enabled - - update-crypto-policies --show - - update-crypto-policies --set FIPS - - update-crypto-policies --show - - mkdir -p obj && cd obj && cmake - -DCMAKE_BUILD_TYPE=RelWithDebInfo - -DPICKY_DEVELOPER=ON - -DWITH_BLOWFISH_CIPHER=ON - -DWITH_SFTP=ON -DWITH_SERVER=ON -DWITH_ZLIB=ON -DWITH_PCAP=ON - -DWITH_DEBUG_CRYPTO=ON -DWITH_DEBUG_PACKET=ON -DWITH_DEBUG_CALLTRACE=ON -DWITH_DSA=ON - -DUNIT_TESTING=ON -DCLIENT_TESTING=ON -DSERVER_TESTING=ON .. + image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD + variables: + CMAKE_ADDITIONAL_OPTIONS: "-DCMAKE_BUILD_TYPE=Debug -DWITH_COVERAGE=ON" script: - - cmake $CMAKE_OPTIONS .. && + - cmake $CMAKE_OPTIONS $CMAKE_ADDITIONAL_OPTIONS .. && make -j$(nproc) && - OPENSSL_FORCE_FIPS_MODE=1 ctest --output-on-failure + make coverage_xml + coverage: /^\s*lines:\s*\d+.\d+\%/ + artifacts: + name: ${CI_JOB_NAME}-${CI_COMMIT_REF_NAME}-${CI_COMMIT_SHA} + expire_in: 1 week + reports: + coverage_report: + coverage_format: cobertura + path: obj/coverage_xml.xml + +fedora/openssl_3.0.x/x86_64: + extends: .fedora + +fedora/openssl_3.0.x/x86_64/pkcs11-provider: + variables: + CMAKE_ADDITIONAL_OPTIONS: -DWITH_PKCS11_URI=ON -DWITH_PKCS11_PROVIDER=ON + extends: .fedora -fedora/openssl_1.1.x/x86_64/minimal: +fedora/openssl_3.0.x/x86_64/minimal: extends: .fedora variables: script: @@ -125,12 +216,24 @@ fedora/openssl_1.1.x/x86_64/minimal: -DWITH_SERVER=OFF -DWITH_ZLIB=OFF -DWITH_PCAP=OFF - -DWITH_DSA=OFF -DUNIT_TESTING=ON -DCLIENT_TESTING=ON -DWITH_GEX=OFF .. && make -j$(nproc) +# The PKCS#11 support is turned off as it brings dozens of memory issues from +# engine_pkcs11 or openssl itself +fedora/valgrind: + variables: + CMAKE_ADDITIONAL_OPTIONS: -DWITH_PKCS11_URI=OFF + extends: .fedora + stage: analysis + script: + - cmake $CMAKE_OPTIONS $CMAKE_ADDITIONAL_OPTIONS .. && + make -j$(nproc) && + make test_memcheck + - cat Testing/Temporary/MemoryChecker.*.log | wc -l | grep "^0$" + # Address sanitizer doesn't mix well with LD_PRELOAD used in the testsuite # so, this is only enabled for unit tests right now. # TODO: add -DCLIENT_TESTING=ON -DSERVER_TESTING=ON @@ -184,12 +287,12 @@ fedora/undefined-sanitizer: fedora/libgcrypt/x86_64: extends: .fedora variables: - CMAKE_ADDTIONAL_OPTIONS: "-DWITH_GCRYPT=ON -DWITH_DEBUG_CRYPTO=ON" + CMAKE_ADDITIONAL_OPTIONS: "-DWITH_GCRYPT=ON -DWITH_DEBUG_CRYPTO=ON" fedora/mbedtls/x86_64: extends: .fedora variables: - CMAKE_ADDTIONAL_OPTIONS: "-DWITH_MBEDTLS=ON -DWITH_DEBUG_CRYPTO=ON -DWITH_DSA=OFF" + CMAKE_ADDITIONAL_OPTIONS: "-DWITH_MBEDTLS=ON -DWITH_DEBUG_CRYPTO=ON " # Unit testing only, no client and pkd testing, because cwrap is not available # for MinGW @@ -226,87 +329,107 @@ fedora/mingw32: ctest --output-on-failure - ############################################################################### # Fedora csbuild # ############################################################################### .csbuild: stage: analysis variables: - GIT_DEPTH: "100" + GIT_DEPTH: "100" image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD before_script: - - | - if [[ -z "$CI_COMMIT_BEFORE_SHA" ]]; then - export CI_COMMIT_BEFORE_SHA=$(git rev-parse "${CI_COMMIT_SHA}~20") - fi - - # Check if the commit exists in this branch - # This is not the case for a force push - git branch --contains $CI_COMMIT_BEFORE_SHA 2>/dev/null || export CI_COMMIT_BEFORE_SHA=$(git rev-parse "${CI_COMMIT_SHA}~20") - - export CI_COMMIT_RANGE="$CI_COMMIT_BEFORE_SHA..$CI_COMMIT_SHA" + - | + # for merge requests + if [[ -n "$CI_MERGE_REQUEST_DIFF_BASE_SHA" ]]; then + export CI_COMMIT_BEFORE_SHA="$CI_MERGE_REQUEST_DIFF_BASE_SHA" + fi + # for branches run + if [[ -z "$CI_COMMIT_BEFORE_SHA" ]]; then + export CI_COMMIT_BEFORE_SHA=$(git rev-parse "${CI_COMMIT_SHA}~20") + fi + + # Check if the commit exists in this branch + # This is not the case for a force push + git branch --contains $CI_COMMIT_BEFORE_SHA 2>/dev/null || export CI_COMMIT_BEFORE_SHA=$(git rev-parse "${CI_COMMIT_SHA}~20") + + export CI_COMMIT_RANGE="$CI_COMMIT_BEFORE_SHA..$CI_COMMIT_SHA" tags: - - shared + - shared except: - - tags + - tags + only: + - merge_requests artifacts: expire_in: 1 week when: on_failure paths: - obj-csbuild/ -fedora/csbuild/openssl_1.1.x: +fedora/csbuild/openssl_3.0.x: extends: .csbuild script: - - csbuild - --build-dir=obj-csbuild - --build-cmd "rm -rf CMakeFiles CMakeCache.txt && cmake -DCMAKE_BUILD_TYPE=Debug -DPICKY_DEVELOPER=ON -DUNIT_TESTING=ON -DCLIENT_TESTING=ON -DSERVER_TESTING=ON -DFUZZ_TESTING=ON -DWITH_DSA=ON @SRCDIR@ && make clean && make -j$(nproc)" - --git-commit-range $CI_COMMIT_RANGE - --color - --print-current --print-fixed + - csbuild + --build-dir=obj-csbuild + --build-cmd "rm -rf CMakeFiles CMakeCache.txt && cmake -DCMAKE_BUILD_TYPE=Debug -DPICKY_DEVELOPER=ON -DUNIT_TESTING=ON -DCLIENT_TESTING=ON -DSERVER_TESTING=ON -DFUZZ_TESTING=ON @SRCDIR@ && make clean && make -j$(nproc)" + --git-commit-range $CI_COMMIT_RANGE + --color + --print-current --print-fixed fedora/csbuild/libgcrypt: extends: .csbuild script: - - csbuild - --build-dir=obj-csbuild - --build-cmd "rm -rf CMakeFiles CMakeCache.txt && cmake -DCMAKE_BUILD_TYPE=Debug -DPICKY_DEVELOPER=ON -DUNIT_TESTING=ON -DCLIENT_TESTING=ON -DSERVER_TESTING=ON -DFUZZ_TESTING=ON -DWITH_GCRYPT=ON -DWITH_DSA=ON @SRCDIR@ && make clean && make -j$(nproc)" - --git-commit-range $CI_COMMIT_RANGE - --color - --print-current --print-fixed + - csbuild + --build-dir=obj-csbuild + --build-cmd "rm -rf CMakeFiles CMakeCache.txt && cmake -DCMAKE_BUILD_TYPE=Debug -DPICKY_DEVELOPER=ON -DUNIT_TESTING=ON -DCLIENT_TESTING=ON -DSERVER_TESTING=ON -DFUZZ_TESTING=ON -DWITH_GCRYPT=ON @SRCDIR@ && make clean && make -j$(nproc)" + --git-commit-range $CI_COMMIT_RANGE + --color + --print-current --print-fixed fedora/csbuild/mbedtls: extends: .csbuild script: - - csbuild - --build-dir=obj-csbuild - --build-cmd "rm -rf CMakeFiles CMakeCache.txt && cmake -DCMAKE_BUILD_TYPE=Debug -DPICKY_DEVELOPER=ON -DUNIT_TESTING=ON -DCLIENT_TESTING=ON -DSERVER_TESTING=ON -DFUZZ_TESTING=ON -DWITH_MBEDTLS=ON @SRCDIR@ && make clean && make -j$(nproc)" - --git-commit-range $CI_COMMIT_RANGE - --color - --print-current --print-fixed - - + - csbuild + --build-dir=obj-csbuild + --build-cmd "rm -rf CMakeFiles CMakeCache.txt && cmake -DCMAKE_BUILD_TYPE=Debug -DPICKY_DEVELOPER=ON -DUNIT_TESTING=ON -DCLIENT_TESTING=ON -DSERVER_TESTING=ON -DFUZZ_TESTING=ON -DWITH_MBEDTLS=ON @SRCDIR@ && make clean && make -j$(nproc)" + --git-commit-range $CI_COMMIT_RANGE + --color + --print-current --print-fixed ############################################################################### # Ubuntu builds # ############################################################################### -ubuntu/openssl_1.1.x/x86_64: +ubuntu/openssl_3.0.x/x86_64: image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$UBUNTU_BUILD extends: .tests +############################################################################### +# Alpine builds # +############################################################################### +alpine/openssl_3.0.x/musl: + image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$ALPINE_BUILD + extends: .tests + script: + - cmake $CMAKE_DEFAULT_OPTIONS + -DWITH_SFTP=ON + -DWITH_SERVER=ON + -DWITH_ZLIB=ON + -DWITH_PCAP=ON + -DUNIT_TESTING=ON .. && + make -j$(nproc) && + ctest --output-on-failure + ############################################################################### # Tumbleweed builds # ############################################################################### -tumbleweed/openssl_1.1.x/x86_64/gcc: +tumbleweed/openssl_3.0.x/x86_64/gcc: extends: .tumbleweed variables: - CMAKE_ADDTIONAL_OPTIONS: "-DKRB5_CONFIG=/usr/lib/mit/bin/krb5-config" + CMAKE_ADDITIONAL_OPTIONS: "-DKRB5_CONFIG=/usr/lib/mit/bin/krb5-config" -tumbleweed/openssl_1.1.x/x86/gcc: +tumbleweed/openssl_3.0.x/x86/gcc: extends: .tumbleweed script: - cmake @@ -316,30 +439,30 @@ tumbleweed/openssl_1.1.x/x86/gcc: -DWITH_SERVER=ON -DWITH_ZLIB=ON -DWITH_PCAP=ON - -DWITH_DSA=ON - -DUNIT_TESTING=ON .. + -DUNIT_TESTING=ON .. && + make -j$(nproc) -tumbleweed/openssl_1.1.x/x86_64/gcc7: +tumbleweed/openssl_3.0.x/x86_64/gcc7: extends: .tumbleweed variables: - CMAKE_ADDTIONAL_OPTIONS: "-DCMAKE_C_COMPILER=gcc-7 -DCMAKE_CXX_COMPILER=g++-7 -DKRB5_CONFIG=/usr/lib/mit/bin/krb5-config" + CMAKE_ADDITIONAL_OPTIONS: "-DCMAKE_C_COMPILER=gcc-7 -DCMAKE_CXX_COMPILER=g++-7 -DKRB5_CONFIG=/usr/lib/mit/bin/krb5-config" -tumbleweed/openssl_1.1.x/x86/gcc7: +tumbleweed/openssl_3.0.x/x86/gcc7: extends: .tumbleweed script: - cmake -DCMAKE_TOOLCHAIN_FILE=../cmake/Toolchain-cross-m32.cmake -DCMAKE_C_COMPILER=gcc-7 -DCMAKE_CXX_COMPILER=g++-7 $CMAKE_DEFAULT_OPTIONS - -DWITH_SFTP=ON -DWITH_SERVER=ON -DWITH_ZLIB=ON -DWITH_PCAP=ON -DWITH_DSA=ON + -DWITH_SFTP=ON -DWITH_SERVER=ON -DWITH_ZLIB=ON -DWITH_PCAP=ON -DUNIT_TESTING=ON .. && make -j$(nproc) && ctest --output-on-failure -tumbleweed/openssl_1.1.x/x86_64/clang: +tumbleweed/openssl_3.0.x/x86_64/clang: extends: .tumbleweed variables: - CMAKE_ADDTIONAL_OPTIONS: "-DCMAKE_C_COMPILER=clang -DCMAKE_CXX_COMPILER=clang++ -DKRB5_CONFIG=/usr/lib/mit/bin/krb5-config" + CMAKE_ADDITIONAL_OPTIONS: "-DCMAKE_C_COMPILER=clang -DCMAKE_CXX_COMPILER=clang++ -DKRB5_CONFIG=/usr/lib/mit/bin/krb5-config" tumbleweed/static-analysis: extends: .tests @@ -363,21 +486,20 @@ tumbleweed/static-analysis: - obj/scan - ############################################################################### # FreeBSD builds # ############################################################################### # That is a specific runner that we cannot enable universally. # We restrict it to builds under the $BUILD_IMAGES_PROJECT project. -freebsd/x86_64: +freebsd/openssl_1.1.1/x86_64: image: extends: .tests before_script: - - mkdir -p obj && cd obj && cmake - -DCMAKE_BUILD_TYPE=RelWithDebInfo - -DPICKY_DEVELOPER=ON - -DWITH_SFTP=ON -DWITH_SERVER=ON -DWITH_ZLIB=ON -DWITH_PCAP=ON - -DUNIT_TESTING=ON .. + - mkdir -p obj && cd obj && cmake + -DCMAKE_BUILD_TYPE=RelWithDebInfo + -DPICKY_DEVELOPER=ON + -DWITH_SFTP=ON -DWITH_SERVER=ON -DWITH_ZLIB=ON -DWITH_PCAP=ON + -DUNIT_TESTING=ON .. script: - cmake $CMAKE_DEFAULT_OPTIONS -DWITH_SFTP=ON @@ -388,67 +510,83 @@ freebsd/x86_64: make && ctest --output-on-failure tags: - - freebsd + - private + - freebsd only: - - branches@libssh/libssh-mirror - - branches@cryptomilk/libssh-mirror + - branches@libssh/libssh-mirror + - branches@cryptomilk/libssh-mirror + - branches@jjelen/libssh-mirror + - branches@marco.fortina/libssh-mirror ############################################################################### # Visual Studio builds # ############################################################################### .vs: + stage: test + cache: + key: vcpkg.${CI_JOB_NAME} + paths: + - .vcpkg variables: ErrorActionPreference: STOP script: - - cmake --build . - - ctest --output-on-failure + - cmake --build . + - ctest --output-on-failure tags: - - vs2017 - - windows - except: - - tags + - windows + - shared-windows only: - - branches@libssh/libssh-mirror - - branches@ansasaki/libssh-mirror - - branches@cryptomilk/libssh-mirror - - branches@jjelen/libssh-mirror + - merge_requests + - branches + except: + - tags artifacts: expire_in: 1 week when: on_failure paths: - obj/ + before_script: + - If (!(test-path .vcpkg\archives)) { mkdir -p .vcpkg\archives } + - $env:VCPKG_DEFAULT_BINARY_CACHE="$PWD\.vcpkg\archives" + - echo $env:VCPKG_DEFAULT_BINARY_CACHE + - $env:VCPKG_DEFAULT_TRIPLET="$TRIPLET-windows" + - vcpkg install cmocka + - vcpkg install openssl + - vcpkg install zlib + - vcpkg integrate install + - mkdir -p obj; if ($?) {cd obj}; if (! $?) {exit 1} + - cmake + -A $PLATFORM + -DCMAKE_TOOLCHAIN_FILE=C:/vcpkg/scripts/buildsystems/vcpkg.cmake + -DPICKY_DEVELOPER=ON + -DWITH_SFTP=ON -DWITH_SERVER=ON -DWITH_ZLIB=ON -DWITH_PCAP=ON + -DUNIT_TESTING=ON .. visualstudio/x86_64: extends: .vs - before_script: - - $env:VCPKG_DEFAULT_TRIPLET="x64-windows" - - mkdir -p obj; if ($?) {cd obj}; if (! $?) {exit 1} - - cmake - -A x64 - -DCMAKE_TOOLCHAIN_FILE="$env:VCPKG_TOOLCHAIN_FILE" - -DPICKY_DEVELOPER=ON - -DWITH_SFTP=ON -DWITH_SERVER=ON -DWITH_ZLIB=ON -DWITH_PCAP=ON - -DUNIT_TESTING=ON .. + variables: + PLATFORM: "x64" + TRIPLET: "x64" visualstudio/x86: extends: .vs - before_script: - - $env:VCPKG_DEFAULT_TRIPLET="x86-windows" - - mkdir -p obj; if ($?) {cd obj}; if (! $?) {exit 1} - - cmake - -DCMAKE_TOOLCHAIN_FILE="$env:VCPKG_TOOLCHAIN_FILE" - -DPICKY_DEVELOPER=ON - -DWITH_SFTP=ON -DWITH_SERVER=ON -DWITH_ZLIB=ON -DWITH_PCAP=ON - -DUNIT_TESTING=ON .. + variables: + PLATFORM: "win32" + TRIPLET: "x86" ############################################################################### # Coverity # ############################################################################### +# +# git push -o ci.variable="COVERITY_SCAN_TOKEN=XXXXXX" \ +# -o ci.variable="COVERITY_SCAN_PROJECT_NAME=XXXXXX" \ +# -o ci.variable="COVERITY_SCAN_EMAIL=XXXXXX" \ +# -f gitlab coverity: stage: analysis - image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD + image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$CENTOS9_BUILD script: - mkdir obj && cd obj - wget https://scan.coverity.com/download/linux64 --post-data "token=$COVERITY_SCAN_TOKEN&project=$COVERITY_SCAN_PROJECT_NAME" -O /tmp/coverity_tool.tgz @@ -477,4 +615,4 @@ coverity: expire_in: 1 week when: on_failure paths: - - cov-int/*.txt + - obj/cov-int/*.txt |