search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Cloner: drop useless variable and the nested if-statement it's used in
[tails.git] / .gitlab-ci.yml
blobe0314abd524adb320792004a0512e425cdf239d9
1 workflow:
2   rules:
3     - if: $CI_FORCE_RUN
4     - if: $CI_MERGE_REQUEST_IID
5     - if: $CI_COMMIT_TAG
6     - if: '$CI_COMMIT_BRANCH =~ /^master|stable|testing|devel$/'
7
8 image: debian:bookworm
9
10 variables:
11     GET_SOURCES_ATTEMPTS: 10
12
13 before_script:
14   - export DEBIAN_FRONTEND=noninteractive
15   - apt-get update -qq
16
17 .prepare-lint-po: &prepare-lint-po
18   - apt-get -qy install git i18nspector
19   - git clone https://gitlab.tails.boum.org/tails/jenkins-tools.git /tmp/jenkins-tools
20
21 build-website:
22   rules:
23     - if: '$CI_COMMIT_BRANCH == "master"'
24     - if: '$CI_MERGE_REQUEST_TARGET_BRANCH_NAME == "master"'
25     - changes:
26         - .gitlab-ci.yml
27   script:
28     - apt-get -qy install ikiwiki po4a libyaml-perl libyaml-libyaml-perl libyaml-syck-perl perlmagick
29     - ./build-website
30
31 lint-po:
32   image: debian:testing
33   rules:
34     - if: '$CI_COMMIT_BRANCH =~ /^master|stable|testing|devel$/'
35     - changes:
36         - .gitlab-ci.yml
37         - ./**.po
38   script:
39     - *prepare-lint-po
40     - /tmp/jenkins-tools/slaves/lint_po
41
42 ruff-lint-changed-files:
43   only:
44     - merge_requests
45
46   image: debian:sid
47
48   script:
49     - apt-get -qy install ruff findutils git python3
50     - ruff --version
51     - git fetch origin "${CI_MERGE_REQUEST_TARGET_BRANCH_NAME:?}"
52     - ./bin/test-utils/ruff "origin/${CI_MERGE_REQUEST_TARGET_BRANCH_NAME:?}" check --output-format=junit --output-file=ruff.xml
53   artifacts:
54     when: always
55     reports:
56       junit: ruff.xml
57
58 ruff-format-changed-files:
59   only:
60     - merge_requests
61
62   image: debian:sid
63
64   script:
65     - apt-get -qy install ruff findutils git python3
66     - ruff --version
67     - git fetch origin "${CI_MERGE_REQUEST_TARGET_BRANCH_NAME:?}"
68     - ./bin/test-utils/ruff "origin/${CI_MERGE_REQUEST_TARGET_BRANCH_NAME:?}" format --check
69
70 check-website-core-pages:
71   script:
72     - apt-get -qy install git
73     - ./bin/check-core-pages
74
75 check-po-msgfmt:
76   rules:
77     - if: '$CI_COMMIT_BRANCH =~ /^master|stable|testing|devel$/'
78     - changes:
79         - .gitlab-ci.yml
80         - ./**.po
81   script:
82     - apt-get -qy install python3 gettext
83     - ./bin/check-po-msgfmt
84
85 check-po-meta-date:
86   rules:
87     - if: '$CI_COMMIT_BRANCH =~ /^master|stable|testing|devel$/'
88     - changes:
89         - .gitlab-ci.yml
90         - ./**.po
91   script:
92     - apt-get -qy install git ruby
93     - ./bin/sanity-check-website
94
95 check-translatable-live-website-urls:
96   script:
97     - apt-get -qy install python3-polib
98     - ./bin/check-translatable-live-website-urls po/tails.pot
99
100 check-locale-descriptions:
101   script:
102     - apt-get -qy install python3 python3-requests python3-toml python3-bs4
103     - echo 'If this fails, look at https://tails.net/contribute/release_process/update_locale_descriptions/'
104     - ./bin/locale-descriptions suggest
105
106 rubocop:
107   image: debian:bookworm
108   script:
109   - apt-get -qy install rubocop
110   - rubocop --version
111   - rubocop --format junit --out rubocop.xml --format markdown
112   artifacts:
113     when: always
114     reports:
115       junit: rubocop.xml
116
117 test-iuk:
118   rules:
119     - if: '$CI_COMMIT_BRANCH != "master"'
120   script:
121   - './bin/test-utils/test-iuk'
122
123 test-perl5lib:
124   rules:
125     - if: '$CI_COMMIT_BRANCH != "master"'
126   script:
127   - 'cat config/chroot_local-packageslists/tails-perl5lib.list
128        | grep -E -v "^#"
129        | xargs apt-get -qy install'
130   - 'apt-get -qy install
131        apt-file
132        libdist-zilla-plugin-test-notabs-perl
133        libdist-zilla-plugin-test-perl-critic-perl
134        libdist-zilla-app-command-authordebs-perl
135        libmodule-build-perl
136        sudo'
137   - apt-get update -qq # Take into account APT configuration added by apt-file
138   # Otherwise, apt-get called by "dzil authordebs --install" asks confirmation
139   - echo 'APT::Get::Assume-Yes "true";' > /etc/apt/apt.conf.d/yes
140   - cd $CI_PROJECT_DIR/config/chroot_local-includes/usr/src/perl5lib
141   - dzil authordebs --install
142   - dzil test --all
143
144 shellcheck:
145   image: debian:testing
146   script:
147   - apt-get -qy install python3 shellcheck xmlstarlet git
148   - shellcheck --version
149   - 'git ls-files -z | ./bin/test-utils/is-file-type filter --zero shell | xargs --verbose --no-run-if-empty -0 shellcheck --format=checkstyle
150        | xmlstarlet tr config/ci/shellcheck/checkstyle2junit.xslt
151        > shellcheck.xml'
152   artifacts:
153     when: always
154     reports:
155       junit: shellcheck.xml
156
157 test-persistent-storage-config-file:
158   script:
159     - apt-get -qy install python3 python3-gi acl
160     - config/chroot_local-includes/usr/lib/python3/dist-packages/tps/configuration/config_file_test.py
161
162 test-python-doctest:
163   script:
164     - apt-get -qy install python3 python3-sh python3-toml python3-requests python3-bs4
165     - config/chroot_local-includes/usr/local/lib/tails-gdm-error-message doctest --verbose
166     - env PYTHONPATH=config/chroot_local-includes/usr/lib/python3/dist-packages python3 config/chroot_local-includes/usr/local/bin/tails-documentation --doctest
167     - ./bin/locale-descriptions doctest
168
169 test-tca:
170   rules:
171     - if: '$CI_COMMIT_BRANCH != "master"'
172   script:
173     - 'cat config/chroot_local-packageslists/tor-connection-assistant.list
174        | grep -E -v "^#"
175        | xargs apt-get -qy install'
176     - 'cd config/chroot_local-includes/usr/lib/python3/dist-packages ; find tca -name "*.py" -print0 | xargs -0 -L1 env PYTHONPATH=. python3 -m doctest'
177
178 test-tca-portal:
179   rules:
180     - if: '$CI_COMMIT_BRANCH != "master"'
181   script:
182     - 'cat config/chroot_local-packageslists/tor-connection-assistant.list
183        | grep -E -v "^#"
184        | xargs apt-get -qy install'
185     - 'PYTHONPATH=config/chroot_local-includes/usr/lib/python3/dist-packages env python3 ./config/chroot_local-includes/usr/local/lib/tca-portal --doctest-only --log-level DEBUG'
186
187
188 test-tailslib:
189   rules:
190     - if: '$CI_COMMIT_BRANCH != "master"'
191   script:
192     - apt-get -qy install python3 python3-atomicwrites python3-sh python3-gi git
193     - 'cd config/chroot_local-includes/usr/lib/python3/dist-packages ; find tailslib -name "*.py" -print0 | grep --null-data -v -e netnsdrop.py -e gnome.py | xargs -0 -L1 env PYTHONPATH=. python3 -m doctest'
194
195 test-whisperback:
196   rules:
197     - if: '$CI_COMMIT_BRANCH != "master"'
198   script:
199     - 'cat config/chroot_local-packageslists/whisperback.list | grep -E -v "^#"
200          | xargs apt-get -qy install'
201     - apt-get -qy install python3-pytest
202     - 'PYTHONPATH=config/chroot_local-includes/usr/lib/python3/dist-packages
203          pytest-3 --verbose --junit-xml=report.xml
204          config/chroot_local-includes/usr/lib/python3/dist-packages/whisperBack/test.py'
205   artifacts:
206     when: always
207     reports:
208       junit: report.xml
209
210 apt-snapshots-expiry:
211   script:
212     - apt-get -qy install curl git
213     - ./bin/apt-snapshots-expiry
214   rules:
215     - if: '$CI_COMMIT_BRANCH =~ /^stable|testing|devel$/'
216     - changes:
217         - .gitlab-ci.yml
218         - config/APT_snapshots.d/*/serial
219         - vagrant/definitions/tails-builder/config/APT_snapshots.d/*/serial
220
221 .install-https-get-expired-build-deps: &install-https-get-expired-build-deps
222   - apt-get -qy install --no-install-recommends golang-go ca-certificates
223
224 .build-https-get-expired: &build-https-get-expired
225   - go build -o ./https-get-expired config/chroot_local-includes/usr/src/https-get-expired.go
226
227 .test-https-get-expired: &test-https-get-expired
228   - echo "Basic check:"
229   - ./https-get-expired -reject-expired https://tails.net/
230   - echo "Let's pretend we are in the past. Then, this certificate is still good."
231   - ./https-get-expired -current-time 2000-01-01 -reject-expired https://tails.net/
232   - echo "Let's pretend we are in the future. Then, this certificate is expired"
233   - "! ./https-get-expired -current-time 2090-01-01 -reject-expired https://tails.net/"
234   - "! ./https-get-expired -reject-expired https://wrong.host.badssl.com/"
235   - "! ./https-get-expired -reject-expired https://self-signed.badssl.com/"
236   - "! ./https-get-expired -reject-expired https://untrusted-root.badssl.com/"
237   - "! ./https-get-expired -reject-expired https://expired.badssl.com/"
238   - echo "Invalid host"
239   - "! ./https-get-expired -reject-expired https://nxdomain.tails.net/"
240   - "./bin/test-utils/https-get-expired-test-all"
241
242 https-get-expired:
243   rules:
244     - if: '$CI_COMMIT_BRANCH =~ /^stable|testing|devel$/'
245     - changes:
246         - .gitlab-ci.yml
247         - config/chroot_local-includes/usr/src/https-get-expired.go
248         - config/chroot_local-includes/etc/default/htpdate.pools
249   script:
250     - *install-https-get-expired-build-deps
251     - *build-https-get-expired
252     - *test-https-get-expired
253
254 https-get-expired-sid:
255   # this job gives us results using a future version of Golang compared to the one we actually use
256   image: debian:sid
257   rules:
258     - if: '$CI_COMMIT_BRANCH == "devel"'
259     - changes:
260         - .gitlab-ci.yml
261         - config/chroot_local-includes/usr/src/https-get-expired.go
262         - config/chroot_local-includes/etc/default/htpdate.pools
263   script:
264     - *install-https-get-expired-build-deps
265     - *build-https-get-expired
266     - *test-https-get-expired
Tor-ified, amnesic Live system