2 # DO NOT EDIT THIS FILE IN MASTER. ONLY EDIT IT IN THE OLDEST SUPPORTED
3 # BRANCH, THEN MERGE FORWARD.
6 # This file controls how gitlab validates Tor commits and merge requests.
8 # It is primarily based on a set of scripts and configurations by
9 # Hans-Christoph Steiner. It only copies parts of those scripts and
10 # configurations for now. If you want a new piece of functionality
11 # (more debians, more fedoras, android support) then you shouldn't
12 # start from scratch: have a look at the original ticket, at
13 # https://gitlab.torproject.org/tpo/core/tor/-/issues/32193 !
15 # The file to copy from is
16 # https://gitlab.torproject.org/tpo/core/tor/-/merge_requests/96/diffs#diff-content-587d266bb27a4dc3022bbed44dfa19849df3044c
18 # Having said that, if there is anything really stupid here, don't
19 # blame it on Hans-Christoph! Tor probably added it on their own.
21 # Copyright 2020, The Tor Project, Inc.
22 # See LICENSE for licence information.
24 # These variables are set everywhere, unconditionally.
29 # This template is for exporting ephemeral things from the scripts. By
30 # convention we expect our scripts to copy stuff into artifacts/, rather than
31 # having a big list of files that be treated as artifacts.
32 .artifacts-template: &artifacts-template
34 name: "${CI_PROJECT_PATH}_${CI_JOB_STAGE}_${CI_COMMIT_REF_NAME}_${CI_COMMIT_SHA}"
41 # This template is used for x86-64 builds.
42 .x86-64-template: &x86-64-template
46 # This template should be usable on any system that's based on apt.
47 .apt-template: &apt-template |
49 echo Etc/UTC > /etc/timezone
51 export APT_CACHE_DIR="$(pwd)/apt-cache"
53 'APT::Install-Recommends "0";' \
54 'APT::Install-Suggests "0";' \
55 'APT::Acquire::Retries "20";' \
56 'APT::Get::Assume-Yes "true";' \
57 'Dpkg::Use-Pty "0";' \
58 "Dir::Cache::Archives \"${APT_CACHE_DIR}\"; " \
59 >> /etc/apt/apt.conf.d/99gitlab
63 # This template sets us up for Debian system in particular.
64 .debian-template: &debian-template
65 <<: *artifacts-template
68 DEBIAN_FRONTEND: "noninteractive"
69 # TODO: Using "cache" in this way speeds up our downloads. It would be
70 # even better, though, to start with a pre-upgraded debian image.
72 # TODO: Will we have to do this differently once we have more than one
73 # debian version that we're using?
80 # Install patches unconditionally.
94 # Install patches that we only need for some use cases.
95 - if [ "$ASCIIDOC" = yes ]; then apt-get install asciidoc xmlto; fi
96 - if [ "$DOXYGEN" = yes ]; then apt-get install doxygen; fi
97 - if [ "$STEM" = yes ]; then apt-get install timelimit; fi
98 - if [ "$CC" = clang ]; then apt-get install clang; fi
99 - if [ "$NSS" = yes ]; then apt-get install libnss3 libnss3-dev; fi
100 # TODO: This next line should not be debian-only.
101 - if [ "$STEM" = yes ]; then git clone --depth 1 https://git.torproject.org/stem.git ; export STEM_PATH="$(pwd)/stem"; fi
102 # TODO: This next line should not be debian-only.
103 - if [ "$CHUTNEY" = yes ]; then git clone --depth 1 https://git.torproject.org/chutney.git ; export CHUTNEY_PATH="$(pwd)/chutney"; fi
104 - if [ "$TRACING" = yes ]; then apt install liblttng-ust-dev; fi
106 # Minimal check on debian: just make, make check.
112 - ./scripts/ci/ci-driver.sh
114 # Minmal check on debian/i386: just make, make check.
117 image: i386/debian:buster
120 - ./scripts/ci/ci-driver.sh
123 # Run "make check" with a hardened clang on debian stable. This takes
124 # care of a hardening check, and a compile-with-clang check.
126 # TODO: This will be faster once we merge #40098 and #40099.
128 image: debian:bullseye
131 ALL_BUGS_ARE_FATAL: "yes"
135 - ./scripts/ci/ci-driver.sh
138 # Distcheck on debian stable
146 - ./scripts/ci/ci-driver.sh
149 # Documentation tests on debian stable: doxygen and asciidoc.
157 RUN_STAGE_BUILD: "no"
159 - ./scripts/ci/ci-driver.sh
162 # Integration tests on debian stable: chutney and stem.
164 # TODO: It would be cool if this target didn't have to re-build tor, and
165 # could instead re-use Tor from debian-minimal. That can be done
166 # with the 'artifacts' mechanism, in theory, but it would be good to
167 # avoid having to have a system with hundreds of artifacts.
174 CHUTNEY_MAKE_TARGET: "test-network-all"
176 ALL_BUGS_ARE_FATAL: "yes"
178 - ./scripts/ci/ci-driver.sh
181 # Tracing build on Debian stable.
190 - ./scripts/ci/ci-driver.sh
191 # Ensure that we only run tracing when it's implemented.
193 # Once versions before 0.4.5 are obsolete, we can remove this test.
195 # This first "if" check prevents us from running a duplicate version of
196 # this pipeline whenever we push and create an MR. I don't understand why
197 # it is necessary, though the following URL purports to explain:
199 # https://docs.gitlab.com/ee/ci/yaml/#prevent-duplicate-pipelines
200 - if: '$CI_PIPELINE_SOURCE == "push"'
202 - src/lib/trace/trace_sys.c
206 debian-disable-dirauth:
210 DISABLE_DIRAUTH: "yes"
212 - ./scripts/ci/ci-driver.sh
216 debian-disable-relay:
222 - ./scripts/ci/ci-driver.sh
223 # Ensure that we only run tracing when it's implemented.
225 # Once versions before 0.4.3 are obsolete, we can remove this test.
227 # This first "if" check prevents us from running a duplicate version of
228 # this pipeline whenever we push and create an MR. I don't understand why
229 # it is necessary, though the following URL purports to explain:
231 # https://docs.gitlab.com/ee/ci/yaml/#prevent-duplicate-pipelines
232 - if: '$CI_PIPELINE_SOURCE == "push"'
234 - src/feature/relay/relay_stub.c
237 # NSS check on debian
244 - ./scripts/ci/ci-driver.sh
247 # Debian packaging triggers for maintenance branches
248 debian-packaging-0.4.5:
251 project: tpo/core/debian/tor
254 - if: $CI_PROJECT_NAMESPACE == "tpo/core" &&
255 $CI_COMMIT_BRANCH == "maint-0.4.5"
256 debian-packaging-0.4.6:
259 project: tpo/core/debian/tor
262 - if: $CI_PROJECT_NAMESPACE == "tpo/core" &&
263 $CI_COMMIT_BRANCH == "maint-0.4.6"