mirror of
https://gitlab.com/openconnect/ocserv.git
synced 2024-09-21 18:37:20 +00:00
940e489500
Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
534 lines
13 KiB
YAML
534 lines
13 KiB
YAML
stages:
|
|
- testing
|
|
- deploy
|
|
|
|
variables:
|
|
BUILD_IMAGES_PROJECT: openconnect/build-images
|
|
ALPINE_BUILD: buildenv-alpine
|
|
DEBIAN_BUILD: buildenv-debian
|
|
DEBIAN_X86_CROSS_BUILD: buildenv-debian-x86
|
|
FEDORA_BUILD: buildenv-fedora
|
|
UBUNTU16_BUILD: buildenv-ubuntu
|
|
UBUNTU20_BUILD: buildenv-ubuntu20
|
|
CENTOS8_BUILD: buildenv-centos8
|
|
CENTOS7_BUILD: buildenv-centos7
|
|
CENTOS6_BUILD: buildenv-centos6
|
|
JOBS: 2
|
|
|
|
Debian:
|
|
stage: testing
|
|
image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$DEBIAN_BUILD
|
|
script:
|
|
- chmod -R o-w tests/data/raddb
|
|
- git submodule update --init
|
|
- autoreconf -fvi
|
|
- ./configure --without-nuttcp-tests --enable-oidc-auth
|
|
- make -j$JOBS
|
|
- export OCSERV_ALLOW_BROKEN_CLIENTS=1
|
|
- make check -j$JOBS
|
|
tags:
|
|
- shared
|
|
- linux
|
|
except:
|
|
- tags
|
|
- schedules
|
|
artifacts:
|
|
expire_in: 1 week
|
|
when: on_failure
|
|
paths:
|
|
- ./*.log
|
|
- ./tests/*.log
|
|
|
|
i386/Debian:
|
|
stage: testing
|
|
image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$DEBIAN_X86_CROSS_BUILD
|
|
script:
|
|
- git submodule update --init
|
|
- autoreconf -fvi
|
|
# Radius seems to be malfunctioning on i386 build
|
|
- ./configure --enable-oidc-auth --without-radius
|
|
- make -j$JOBS
|
|
- make check -j$JOBS VERBOSE=1
|
|
tags:
|
|
- shared
|
|
- linux
|
|
except:
|
|
- tags
|
|
- schedules
|
|
artifacts:
|
|
expire_in: 1 week
|
|
when: on_failure
|
|
paths:
|
|
- ./*.log
|
|
- ./tests/*.log
|
|
|
|
Ubuntu16.04:
|
|
stage: testing
|
|
image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$UBUNTU16_BUILD
|
|
script:
|
|
- git submodule update --init
|
|
- autoreconf -fvi
|
|
- ./configure --without-nuttcp-tests
|
|
- make -j$JOBS
|
|
# this version of openconnect doesn't work with IPv6 only
|
|
- make check -j$JOBS XFAIL_TESTS=ipv6-iface
|
|
tags:
|
|
- shared
|
|
- linux
|
|
except:
|
|
- tags
|
|
- schedules
|
|
artifacts:
|
|
expire_in: 1 week
|
|
when: on_failure
|
|
paths:
|
|
- ./*.log
|
|
- ./tests/*.log
|
|
|
|
Ubuntu20.04:
|
|
stage: testing
|
|
image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$UBUNTU20_BUILD
|
|
script:
|
|
- git submodule update --init
|
|
- autoreconf -fvi
|
|
- ./configure --without-nuttcp-tests --enable-oidc-auth --enable-latency-stats
|
|
- make -j$JOBS
|
|
- export MALLOC_CHECK_=3
|
|
- make check -j$JOBS
|
|
tags:
|
|
- shared
|
|
- linux
|
|
except:
|
|
- tags
|
|
- schedules
|
|
artifacts:
|
|
expire_in: 1 week
|
|
when: on_failure
|
|
paths:
|
|
- ./*.log
|
|
- ./tests/*.log
|
|
|
|
Centos8:
|
|
stage: testing
|
|
image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$CENTOS8_BUILD
|
|
script:
|
|
- git submodule update --init
|
|
- autoreconf -fvi
|
|
- ./configure --without-http-parser
|
|
- chmod og-w tests/data/raddb
|
|
- chmod og-w tests/data/raddb/*
|
|
- make -j$JOBS
|
|
- export OCSERV_ALLOW_BROKEN_CLIENTS=1
|
|
- make check VERBOSE=1 -j$JOBS
|
|
tags:
|
|
- shared
|
|
- linux
|
|
except:
|
|
- tags
|
|
- schedules
|
|
artifacts:
|
|
expire_in: 1 week
|
|
when: on_failure
|
|
paths:
|
|
- ./*.log
|
|
- ./tests/*.log
|
|
|
|
Centos7:
|
|
stage: testing
|
|
image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$CENTOS7_BUILD
|
|
script:
|
|
- git submodule update --init
|
|
- autoreconf -fvi
|
|
- ./configure
|
|
- make -j$JOBS
|
|
- make check -j$JOBS
|
|
tags:
|
|
- shared
|
|
- linux
|
|
except:
|
|
- tags
|
|
- schedules
|
|
artifacts:
|
|
expire_in: 1 week
|
|
when: on_failure
|
|
paths:
|
|
- ./*.log
|
|
- ./tests/*.log
|
|
|
|
RPM/epel7:
|
|
stage: deploy
|
|
image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$CENTOS7_BUILD
|
|
script:
|
|
- git submodule update --init
|
|
- autoreconf -fvi
|
|
- ./configure
|
|
- touch ChangeLog
|
|
- make dist
|
|
- CURDIR=$(pwd)
|
|
- TARFILE=$(find ./ -name '*.tar.xz')
|
|
- RPMVERSION=$(cat /usr/local/rpms/ocserv/*.spec|grep ^Version|awk '{print $2}')
|
|
- sed -i 's/XFAIL_TESTS=test-sighup-key-change//' /usr/local/rpms/ocserv/ocserv.spec
|
|
- NEWVERSION=$(echo $TARFILE|sed -e 's/ocserv-//' -e 's/\.tar\.xz//' -e 's|./||')
|
|
- echo "tarfile $TARFILE" && echo "rpm $RPMVERSION" && echo "new $NEWVERSION"
|
|
- cp $TARFILE /usr/local/rpms/ocserv
|
|
- cd /usr/local/rpms/ocserv
|
|
- sed -i -e "s/$RPMVERSION/$NEWVERSION/" -e 's/have_gpgv2 1/have_gpgv2 0/g' *.spec
|
|
- ( test "$RPMVERSION" != "$NEWVERSION" && cat sources|grep -v "ocserv-$RPMVERSION" >sources.tmp ) || /bin/true
|
|
- sha512sum --tag ocserv-$NEWVERSION.tar.xz >>sources.tmp
|
|
- mv sources.tmp sources
|
|
- touch ocserv-$NEWVERSION.tar.xz.sig
|
|
- fedpkg --release el7 local
|
|
- cd $CURDIR
|
|
- find /usr/local/rpms/ocserv -name '*.rpm' -exec cp '{}' ./ ';'
|
|
tags:
|
|
- shared
|
|
- linux
|
|
except:
|
|
- tags
|
|
- schedules
|
|
artifacts:
|
|
expire_in: 1 week
|
|
when: on_success
|
|
paths:
|
|
- ./*.rpm
|
|
|
|
RPM/epel8:
|
|
stage: deploy
|
|
image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$CENTOS8_BUILD
|
|
script:
|
|
- git submodule update --init
|
|
- autoreconf -fvi
|
|
- ./configure
|
|
- touch ChangeLog
|
|
- make dist
|
|
- CURDIR=$(pwd)
|
|
- TARFILE=$(find ./ -name '*.tar.xz')
|
|
- RPMVERSION=$(cat /usr/local/rpms/ocserv/*.spec|grep ^Version|awk '{print $2}')
|
|
- sed -i 's/XFAIL_TESTS=test-sighup-key-change//' /usr/local/rpms/ocserv/ocserv.spec
|
|
- NEWVERSION=$(echo $TARFILE|sed -e 's/ocserv-//' -e 's/\.tar\.xz//' -e 's|./||')
|
|
- echo "tarfile $TARFILE" && echo "rpm $RPMVERSION" && echo "new $NEWVERSION"
|
|
- cp $TARFILE /usr/local/rpms/ocserv
|
|
- cd /usr/local/rpms/ocserv
|
|
- sed -i -e "s/$RPMVERSION/$NEWVERSION/" -e 's/have_gpgv2 1/have_gpgv2 0/g' *.spec
|
|
- ( test "$RPMVERSION" != "$NEWVERSION" && cat sources|grep -v "ocserv-$RPMVERSION" >sources.tmp ) || /bin/true
|
|
- sha512sum --tag ocserv-$NEWVERSION.tar.xz >>sources.tmp
|
|
- mv sources.tmp sources
|
|
- touch ocserv-$NEWVERSION.tar.xz.sig
|
|
- export OCSERV_ALLOW_BROKEN_CLIENTS=1
|
|
- fedpkg --release el8 local
|
|
- cd $CURDIR
|
|
- find /usr/local/rpms/ocserv -name '*.rpm' -exec cp '{}' ./ ';'
|
|
tags:
|
|
- shared
|
|
- linux
|
|
except:
|
|
- tags
|
|
- schedules
|
|
artifacts:
|
|
expire_in: 1 week
|
|
when: on_success
|
|
paths:
|
|
- ./*.rpm
|
|
|
|
Coverity:
|
|
stage: testing
|
|
image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$CENTOS8_BUILD
|
|
only:
|
|
- schedules
|
|
- coverity
|
|
script:
|
|
- wget --quiet https://scan.coverity.com/download/linux64 --post-data "token=$COVERITY_SCAN_TOKEN&project=$COVERITY_SCAN_PROJECT_NAME" -O /tmp/coverity_tool.tgz
|
|
- tar xfz /tmp/coverity_tool.tgz
|
|
- git submodule update --init
|
|
- autoreconf -fvi
|
|
- CFLAGS="-g -O0" ./configure --disable-maintainer-mode --enable-latency-stats
|
|
- cov-analysis-linux64-*/bin/cov-build --dir cov-int make -j$JOBS
|
|
- tar cfz cov-int.tar.gz cov-int
|
|
- curl https://scan.coverity.com/builds?project=$COVERITY_SCAN_PROJECT_NAME
|
|
--form token=$COVERITY_SCAN_TOKEN --form email=n.mavrogiannopoulos@gmail.com
|
|
--form file=@cov-int.tar.gz --form version="`git describe --tags`"
|
|
--form description="CI build"
|
|
tags:
|
|
- shared
|
|
- linux
|
|
artifacts:
|
|
expire_in: 1 week
|
|
when: on_failure
|
|
paths:
|
|
- cov-int/*.txt
|
|
|
|
# Test building with musl
|
|
musl/Alpine:
|
|
stage: testing
|
|
image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$ALPINE_BUILD
|
|
script:
|
|
- autoreconf -fvi
|
|
- ./configure --disable-maintainer-mode --with-werror
|
|
- make -j$JOBS
|
|
tags:
|
|
- shared
|
|
- linux
|
|
except:
|
|
- tags
|
|
- schedules
|
|
artifacts:
|
|
expire_in: 1 week
|
|
untracked: true
|
|
when: on_failure
|
|
|
|
Fedora:
|
|
stage: testing
|
|
image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD
|
|
script:
|
|
# ensure gcov scripts are writable
|
|
- umask 000
|
|
- chmod -R o-w tests/data/raddb
|
|
- git submodule update --init
|
|
- autoreconf -fvi
|
|
- CFLAGS="-g -O0" ./configure --disable-maintainer-mode --enable-code-coverage --with-kerberos-tests --enable-oidc-auth
|
|
- make -j$JOBS
|
|
- make check -j$JOBS COVERAGE=1
|
|
- make files-update
|
|
- make dist
|
|
- make local-code-coverage-output
|
|
tags:
|
|
- shared
|
|
- linux
|
|
except:
|
|
- tags
|
|
artifacts:
|
|
expire_in: 1 day
|
|
untracked: true
|
|
when: always
|
|
|
|
noprocfs/Fedora:
|
|
stage: testing
|
|
image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD
|
|
script:
|
|
- chmod -R o-w tests/data/raddb
|
|
- git submodule update --init
|
|
- autoreconf -fvi
|
|
- ac_cv_file_FILE__proc_self_exe=no ./configure --disable-maintainer-mode --disable-namespaces
|
|
- make -j$JOBS
|
|
tags:
|
|
- shared
|
|
- linux
|
|
except:
|
|
- tags
|
|
- schedules
|
|
artifacts:
|
|
expire_in: 1 week
|
|
untracked: true
|
|
when: on_failure
|
|
|
|
clang/Fedora:
|
|
stage: testing
|
|
image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD
|
|
script:
|
|
- chmod -R o-w tests/data/raddb
|
|
- git submodule update --init
|
|
- autoreconf -fvi
|
|
- CC=clang ./configure --disable-maintainer-mode --with-werror
|
|
- make -j$JOBS
|
|
- make check -j$JOBS
|
|
tags:
|
|
- shared
|
|
- linux
|
|
except:
|
|
- tags
|
|
- schedules
|
|
artifacts:
|
|
expire_in: 1 week
|
|
untracked: true
|
|
when: on_failure
|
|
|
|
# Tests seccomp filters by asking seccomp to fail with a trap
|
|
seccomp/Fedora:
|
|
stage: testing
|
|
image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD
|
|
script:
|
|
- chmod -R o-w tests/data/raddb
|
|
- git submodule update --init
|
|
- autoreconf -fvi
|
|
- ./configure --disable-maintainer-mode --with-kerberos-tests --enable-oidc-auth --with-seccomp-trap
|
|
- make -j$JOBS
|
|
- make check -j$JOBS
|
|
tags:
|
|
- shared
|
|
- linux
|
|
except:
|
|
- tags
|
|
- schedules
|
|
artifacts:
|
|
expire_in: 1 week
|
|
untracked: true
|
|
when: on_failure
|
|
|
|
minimal:
|
|
stage: testing
|
|
image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$CENTOS7_BUILD
|
|
script:
|
|
- git submodule update --init
|
|
- autoreconf -fvi
|
|
- ./configure --without-libnl --without-liboath --without-pam --without-radius --without-utmp --without-libwrap --without-http-parser --without-lz4 --without-gssapi --without-pcl-lib --without-protobuf
|
|
- make -j$JOBS
|
|
- make check -j$JOBS XFAIL_TESTS="lz4-compression"
|
|
tags:
|
|
- shared
|
|
- linux
|
|
except:
|
|
- tags
|
|
- schedules
|
|
artifacts:
|
|
expire_in: 1 week
|
|
when: on_failure
|
|
paths:
|
|
- ./*.log
|
|
- tests/*.log
|
|
|
|
# Build a minimal version with every optional feature disable
|
|
minimal/Ubuntu20.04:
|
|
stage: testing
|
|
image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$UBUNTU20_BUILD
|
|
script:
|
|
- git submodule update --init
|
|
- autoreconf -fvi
|
|
- ./configure --without-protobuf --without-root-tests --without-nuttcp-tests --without-libtalloc-prefix --without-libnl --without-maxmind --without-geoip --without-libreadline-prefix --without-liboath --without-libc-prefix --without-pam --without-radius --without-libcrypt-prefix --without-utmp --without-libutil-prefix --without-libwrap --without-libwrap-prefix --without-libseccomp-prefix --without-libsystemd-prefix --without-http-parser --without-lz4 --without-gssapi --without-pcl-lib --disable-rpath --disable-seccomp --disable-anyconnect-compat --disable-compression
|
|
- make -j$JOBS
|
|
- make check -j$JOBS
|
|
tags:
|
|
- shared
|
|
- linux
|
|
except:
|
|
- tags
|
|
- schedules
|
|
artifacts:
|
|
expire_in: 1 week
|
|
when: on_failure
|
|
paths:
|
|
- ./*.log
|
|
- ./tests/*.log
|
|
|
|
# We do not compile with PAM under address sanitizer since we are using co-routines
|
|
# without instrumentation for sanitizer.
|
|
asan/clang/Fedora:
|
|
stage: testing
|
|
image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD
|
|
script:
|
|
- chmod -R o-w tests/data/raddb
|
|
- git submodule update --init
|
|
- autoreconf -fvi
|
|
- CC=clang CFLAGS="-fsanitize=address -fno-optimize-sibling-calls -fno-omit-frame-pointer -g -O1" ./configure --without-pam --without-asan-broken-tests
|
|
- make -j$JOBS
|
|
- make check -j$JOBS
|
|
tags:
|
|
- shared
|
|
- linux
|
|
except:
|
|
- tags
|
|
- schedules
|
|
artifacts:
|
|
expire_in: 1 week
|
|
when: on_failure
|
|
paths:
|
|
- ./*.log
|
|
- tests/*.log
|
|
|
|
ubsan/Fedora:
|
|
stage: testing
|
|
image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD
|
|
script:
|
|
- chmod -R o-w tests/data/raddb
|
|
- git submodule update --init
|
|
- autoreconf -fvi
|
|
- export UBCFLAGS="-Wall -Wextra -fsanitize=undefined -fsanitize=bool -fsanitize=alignment -fsanitize=null -fsanitize=bounds-strict -fsanitize=enum -fno-sanitize-recover -g -O2 -Werror"
|
|
- CFLAGS="$UBCFLAGS" ./configure
|
|
- make -j$JOBS
|
|
- make check -j$JOBS CFLAGS="$UBCFLAGS -Wno-unused-function -Wno-unused-parameter"
|
|
tags:
|
|
- shared
|
|
- linux
|
|
except:
|
|
- tags
|
|
- schedules
|
|
artifacts:
|
|
expire_in: 1 week
|
|
when: on_failure
|
|
paths:
|
|
- ./*.log
|
|
- tests/*.log
|
|
|
|
static-analyzers/Fedora:
|
|
stage: testing
|
|
image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD
|
|
script:
|
|
- autoreconf -fvi -Werror
|
|
- scan-build ./configure
|
|
- scan-build --status-bugs -o scan-build-src make -j$JOBS
|
|
- cppcheck --force -q -Isrc/ -Isrc/occtl -Igl/ -I. --error-exitcode=1 src/ -i src/inih
|
|
tags:
|
|
- shared
|
|
- linux
|
|
except:
|
|
- tags
|
|
- schedules
|
|
artifacts:
|
|
expire_in: 1 week
|
|
when: on_failure
|
|
paths:
|
|
- scan-build-src/*
|
|
|
|
.FreeBSD:
|
|
stage: testing
|
|
script:
|
|
- git submodule update --init
|
|
- sh autogen.sh
|
|
- mkdir build
|
|
- cd build
|
|
- LIBS="-L/usr/local/lib" ../configure --disable-nls --without-root-tests
|
|
- gmake -j$JOBS
|
|
- gmake check -j$JOBS
|
|
tags:
|
|
- freebsd
|
|
only:
|
|
- branches@openconnect/ocserv
|
|
except:
|
|
- tags
|
|
- schedules
|
|
artifacts:
|
|
expire_in: 1 week
|
|
when: on_failure
|
|
paths:
|
|
- build/*.log
|
|
- build/tests/*.log
|
|
|
|
pages:
|
|
stage: deploy
|
|
image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD
|
|
script:
|
|
- mkdir -p public/coverage
|
|
- make V=1 CODE_COVERAGE_OUTPUT_DIRECTORY=public/coverage CODE_COVERAGE_BRANCH_COVERAGE=1 code-coverage-capture
|
|
- make CODE_COVERAGE_OUTPUT_DIRECTORY=public/coverage local-code-coverage-output
|
|
tags:
|
|
- shared
|
|
- linux
|
|
dependencies:
|
|
- Fedora
|
|
only:
|
|
- master@openconnect/ocserv
|
|
artifacts:
|
|
paths:
|
|
- public
|
|
|
|
triage:
|
|
stage: testing
|
|
image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD
|
|
script:
|
|
- gem install gitlab-triage
|
|
- gitlab-triage --source-id openconnect/ocserv --token "$API_TOKEN"
|
|
tags:
|
|
- shared
|
|
- linux
|
|
only:
|
|
- schedules
|