public dissect_krb5_PAC_NDRHEADERBLOB
[wireshark-sm.git] / .gitlab-ci.yml
blob42f94d490f5d94bc9e439e6d1c56a50730c29ee1
1 # In the interest of reliability and performance, please avoid installing
2 # external dependencies here, e.g. via tools/*-setup.sh, apt, dnf, or yum.
3 # Do so in the appropriate Dockerfile at
4 # https://gitlab.com/wireshark/wireshark-containers/ instead.
5 # The resulting images can be found at
6 # https://gitlab.com/wireshark/wireshark-containers/container_registry
8 stages:
9   - build
10   - analysis
11   - test
12   - fuzz-asan
13   - fuzz-randpkt
14   - fuzz-valgrind
16 variables:
17   # Ensure that checkouts are a) fast and b) have a reachable tag. In a
18   # brighter, more glorious future we might be able to use --shallow-since:
19   # https://gitlab.com/gitlab-org/gitlab-runner/-/issues/3460
20   # In the mean time, fetching the last 5000 commits does the job.
21   # Ensure that all variables are string
22   GIT_DEPTH: "1"
23   GIT_FETCH_EXTRA_FLAGS: "--depth=5000"
24   CCACHE_DIR: "${CI_PROJECT_DIR}/ccache"
25   # Enable color output in various tools.
26   # CMake, Ninja, and others: https://bixense.com/clicolors/
27   CLICOLOR_FORCE: "1"
28   # pytest
29   FORCE_COLOR: "1"
30   # Homebrew
31   HOMEBREW_COLOR: "1"
32   # Skip irrelevant SAST scanners:
33   SAST_EXCLUDED_ANALYZERS: "brakeman,eslint,security-code-scan,semgrep,spotbugs"
35 workflow:
36   auto_cancel:
37     # Automatically cancel pipelines if new changes are pushed to a branch
38     # and the job is interruptible. Jobs are not interruptible by default.
39     on_new_commit: interruptible
41 # Scheduled builds additionally set SCHEDULE_TYPE, which can be one of:
42 # - 2x-daily: Twice daily at 07:00 and 19:00 UTC
43 # - daily: Daily at 10:00 UTC
44 # - weekly: Sunday at 14:00 UTC
45 # - coverity-visual-c++: Monday, Wednesday, & Friday at 12:00 UTC
46 # - coverity-gcc: Sunday, Tuesday, Thursday & Saturday at 12:00 UTC
48 # Common rule stanzas
49 # These must currently be including using "!reference tags". "extends:" and
50 # YAML anchors won't work:
51 # https://gitlab.com/gitlab-org/gitlab/-/issues/322992
53 # Commits that have been approved and merged. Run automatically in the main
54 # repo and allow manual runs in the web UI and in forks.
55 # Release builds: CI_PIPELINE_SOURCE=api
56 .if-merged:
57   # Regular commits: CI_PIPELINE_SOURCE=push, CI_COMMIT_BRANCH=master
58   - if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH == "master" && $CI_PROJECT_URL =~ /.*gitlab.com\/wireshark\/wireshark/'
59   # "Run pipeline" button commits, cherry picks
60   - if: '$CI_PIPELINE_SOURCE == "web" && $CI_COMMIT_BRANCH == "master" && $CI_PROJECT_URL =~ /.*gitlab.com\/wireshark\/wireshark/'
61   # Tagged release builds: CI_PIPELINE_SOURCE=api (should be "web"?)
62   - if: '$CI_PIPELINE_SOURCE == "api"'
63   - if: '$CI_PIPELINE_SOURCE == "push" && $CI_PROJECT_URL !~ /.*gitlab.com\/wireshark\/wireshark/'
64     when: manual
65 # Merged commits for runners which are only available in
66 # wireshark/wireshark, e.g. wireshark-windows-*. Run automatically in
67 # the main repo and allow manual runs in the web UI.
68 .if-w-w-only-merged:
69   - if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH == "master" && $CI_PROJECT_URL =~ /.*gitlab.com\/wireshark\/wireshark/'
70   - if: '$CI_PIPELINE_SOURCE == "web" && $CI_COMMIT_BRANCH == "master" && $CI_PROJECT_URL =~ /.*gitlab.com\/wireshark\/wireshark/'
71   - if: '$CI_PIPELINE_SOURCE == "api"'
72 # Incoming merge requests.
73 .if-merge-request:
74   - if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
75     interruptible: true
76 # Incoming non-detached merge requests. Must be used for runners which are only
77 # available in wireshark/wireshark, e.g. wireshark-windows-*
78 .if-w-w-only-merge-request:
79   - if: '$CI_PIPELINE_SOURCE == "merge_request_event" && $CI_PROJECT_URL =~ /.*gitlab.com\/wireshark\/wireshark/'
80     interruptible: true
81 # Scheduled jobs. Care should be taken when changing this since the scheduler
82 # often doesn't report errors.
83 .if-weekly-schedule:
84   - if: '$CI_PIPELINE_SOURCE == "schedule" && $SCHEDULE_TYPE == "weekly"'
85 .if-daily-schedule:
86   - if: '$CI_PIPELINE_SOURCE == "schedule" && $SCHEDULE_TYPE == "daily"'
87 .if-2x-daily-schedule:
88   - if: '$CI_PIPELINE_SOURCE == "schedule" && $SCHEDULE_TYPE == "2x-daily"'
89 # Fuzz jobs. Care should be taken when changing this since the scheduler
90 # often doesn't report errors.
91 .if-fuzz-schedule:
92   - if: '$CI_PIPELINE_SOURCE == "schedule" && $SCHEDULE_TYPE == "fuzz"'
94 .build-linux:
95   stage: build
96   tags:
97     - saas-linux-small-amd64
98   before_script:
99     - printf "\e[0Ksection_start:%s:ci_env_section[collapsed=true]\r\e[0KCI environment variables" "$(date +%s)"
100     - env | grep ^CI | sort
101     - printf "\e[0Ksection_end:%s:ci_env_section\r\e[0K" "$(date +%s)"
102   after_script:
103     - for builddir in build/packaging/rpm/BUILD/wireshark-*/build build/packaging/rpm/BUILD/wireshark-* build obj-*; do [ ! -d "$builddir/run" ] || break; done
104     - if [[ "$CI_JOB_NAME" == "build:rpm-opensuse-"* ]]; then export LD_LIBRARY_PATH=$builddir/run; fi
105     - if [ -f $builddir/run/tshark ]; then $builddir/run/tshark --version; fi
106   needs: []
108 .test-linux:
109   stage: test
110   tags:
111     - saas-linux-small-amd64
112   variables:
113     GIT_STRATEGY: none
115 .build-ubuntu:
116   extends: .build-linux
117   image: registry.gitlab.com/wireshark/wireshark-containers/ubuntu-dev
118   retry: 1
119   # https://gould.cx/ted/blog/2017/06/10/ccache-for-Gitlab-CI/
120   cache:
121     # XXX Use ${CI_JOB_NAME}-${CI_MERGE_REQUEST_TARGET_BRANCH_NAME} instead?
122     key: ${CI_JOB_NAME}-master
123     paths:
124       - ccache/
125   before_script:
126     - printf "\e[0Ksection_start:%s:ci_env_section[collapsed=true]\r\e[0KCI environment variables" "$(date +%s)"
127     - env | grep ^CI | sort
128     - printf "\e[0Ksection_end:%s:ci_env_section\r\e[0K" "$(date +%s)"
129     - useradd user
130     - export LANG=en_US.UTF-8
131     - export PYTEST_ADDOPTS=--skip-missing-programs=dumpcap,rawshark
132     - mkdir -p ccache
133     - ccache --show-stats
134     - export DEB_BUILD_OPTIONS="nocheck parallel=$(( $(getconf _NPROCESSORS_ONLN) + 2 ))"
135     - export DH_QUIET=1
136     - export MAKEFLAGS=--silent
137     - NUM_COMMITS=$(curl --silent $CI_API_V4_URL/projects/$CI_MERGE_REQUEST_PROJECT_ID/merge_requests/$CI_MERGE_REQUEST_IID/commits | jq length)
138     - echo "$NUM_COMMITS commit(s) in this MR"
139     - mkdir build
140     - cd build
141   script:
142     # setcap restricts our library paths
143     - printf "\e[0Ksection_start:%s:cmake_section[collapsed=true]\r\e[0KRunning CMake" "$( date +%s)"
144     - CFLAGS=-Wl,-rpath=$(pwd)/run CXXFLAGS=-Wl,-rpath=$(pwd)/run cmake -GNinja -DENABLE_CCACHE=ON $CMAKE_ARGS ..
145     - printf "\e[0Ksection_end:%s:cmake_section\r\e[0K" "$( date +%s)"
146     - ninja
147     - ninja install
148   after_script:
149     # The cache should be large enough to be useful but it shouldn't take
150     # too long to restore+save each run.
151     - cd "$CI_PROJECT_DIR"
152     - ccache --max-size $( du --total --summarize --block-size=1M *build*/ | awk 'END {printf ("%dM", $1 * 1.5)}' )
154 .build-rpm:
155   extends: .build-linux
156   rules: !reference [.if-2x-daily-schedule]
157   before_script:
158     # Hack to let ninja make full use of the system on Fedora and Rocky.
159     - export RPM_BUILD_NCPUS=$(( $( getconf _NPROCESSORS_ONLN ) + 2 ))
160     - git config --global user.email "you@example.com"
161     - git config --global user.name "Your Name"
162     - mkdir build
163     - cd build
164     - ../tools/make-version.py --set-release ..
165     - mv -v ../wireshark-*.tar.* .
166   artifacts:
167     paths:
168       - build/packaging/rpm/RPMS
169     expire_in: 3 days
170   needs:
171     - 'Source Package'
173 .test-rpm:
174   extends: .test-linux
175   rules: !reference [.if-2x-daily-schedule]
177 .build-windows:
178   stage: build
179   retry: 1
180   before_script:
181     - if (-Not (Test-Path C:\Development)) { New-Item -Path C:\Development -ItemType "directory" }
182     - $env:WIRESHARK_BASE_DIR = "C:\Development"
183     - $env:Configuration = "RelWithDebInfo"
184     - $env:Path += ";C:\Program Files\CMake\bin"
185     - $env:CMAKE_PREFIX_PATH = "C:\qt\6.8.0\msvc2022_64"
186     # https://help.appveyor.com/discussions/questions/18777-how-to-use-vcvars64bat-from-powershell
187     - cmd.exe /c "call `"C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Auxiliary\Build\vcvars64.bat`" && set " | Foreach-Object { if ($_ -match "^(.*?)=(.*)$") { Set-Content "env:\$($matches[1])" $matches[2] } }
188     # Testing / debugging only.
189     # - cmd.exe /c "set CI_PIPELINE_SOURCE"
190     # - cmd.exe /c "set CI_PROJECT_URL"
191     #- dir c:\
192     #- dir c:\qt
193     #- $env:path.split(";")
194     #- cmd.exe /c "set"
195     #- Get-Location
196     - mkdir build
197     - cd build
198   needs: []
200 # macOS runners are still beta:
201 # https://about.gitlab.com/blog/2021/08/23/build-cloud-for-macos-beta/
202 # https://docs.gitlab.com/ee/ci/runners/saas/macos/environment.html#vm-images
203 # https://gitlab.com/gitlab-org/ci-cd/shared-runners/images/macstadium/orka/-/blob/main/toolchain/monterey.yml
204 .build-macos:
205   stage: build
206   tags: [ saas-macos-medium-m1 ] # https://docs.gitlab.com/ee/ci/runners/saas/macos/environment.html
207   retry: 1
208   # https://gould.cx/ted/blog/2017/06/10/ccache-for-Gitlab-CI/
209   cache:
210     key: ${CI_JOB_NAME}-master
211     paths:
212       - ccache/
213   variables:
214     HOMEBREW_NO_AUTO_UPDATE: "1"
215     HOMEBREW_DISPLAY_INSTALL_TIMES: "1"
216     HOMEBREW_NO_INSTALL_CLEANUP: "1"
217     HOMEBREW_NO_INSTALL_UPGRADE: "1"
218     HOMEBREW_NO_INSTALLED_DEPENDENTS_CHECK: "1"
219     HOMEBREW_NO_UPDATE_REPORT_NEW: "1"
220   before_script:
221     - printf "\e[0Ksection_start:%s:ci_env_section[collapsed=true]\r\e[0KCI environment variables" "$(date +%s)"
222     - env | grep ^CI | sort
223     - printf "\e[0Ksection_end:%s:ci_env_section\r\e[0K" "$(date +%s)"
224     - brew --version
225     - printf "\e[0Ksection_start:%s:brew_section[collapsed=true]\r\e[0KInstalling prerequisites" "$( date +%s)"
226     - ./tools/macos-setup-brew.sh --install-optional --install-test-deps
227     - printf "\e[0Ksection_end:%s:brew_section\r\e[0K" "$( date +%s)"
228     - python3 -m venv $CI_PROJECT_DIR/.venv
229     - source $CI_PROJECT_DIR/.venv/bin/activate
230     - pip3 install pytest pytest-xdist
231     - export PYTEST_ADDOPTS=--skip-missing-programs=dumpcap,rawshark
232     - mkdir -p ccache
233     - ccache --show-stats
234     - mkdir build
235     - cd build
236   script:
237     - printf "\e[0Ksection_start:%s:cmake_section[collapsed=true]\r\e[0KRunning CMake" "$( date +%s)"
238     - cmake -G Ninja -DENABLE_CCACHE=ON -DTEST_EXTRA_ARGS=--disable-capture ..
239     - printf "\e[0Ksection_end:%s:cmake_section\r\e[0K" "$( date +%s)"
240     - ninja
241     - ninja test-programs
242     - pytest --disable-capture
243   after_script:
244     # The cache should be large enough to be useful but it shouldn't take
245     # too long to restore+save each run.
246     - ccache --max-size $( gdu --summarize --block-size=1M "$CI_PROJECT_DIR/build" | awk '{printf ("%dM", $1 * 1.5)}' )
247   needs: []
249 .build-mingw:
250   stage: build
251   image: registry.gitlab.com/wireshark/wireshark-containers/mingw-dev
252   tags:
253     - saas-linux-small-amd64
254   cache:
255     # XXX Use ${CI_JOB_NAME}-${CI_MERGE_REQUEST_TARGET_BRANCH_NAME} instead?
256     key: ${CI_JOB_NAME}-master
257     paths:
258       - ccache/
259   before_script:
260     - printf "\e[0Ksection_start:%s:ci_env_section[collapsed=true]\r\e[0KCI environment variables" "$(date +%s)"
261     - env | grep ^CI | sort
262     - printf "\e[0Ksection_end:%s:ci_env_section\r\e[0K" "$(date +%s)"
263     - mkdir -p ccache
264     - ccache --show-stats
265     - mkdir build
266     - cd build
267   script:
268     - mingw64-cmake -G Ninja -DENABLE_CCACHE=Yes -DFETCH_lua=Yes ..
269     - ninja
270   after_script:
271     # The cache should be large enough to be useful but it shouldn't take
272     # too long to restore+save each run.
273     - ccache --max-size $( du --summarize --block-size=1M "$CI_PROJECT_DIR/build" | awk '{printf ("%dM", $1 * 1.5)}' )
274   needs: []
276 Source Package:
277   extends: .build-ubuntu
278   stage: .pre
279   rules:
280     - !reference [.if-w-w-only-merged]
281     - !reference [.if-2x-daily-schedule]
282   script:
283     - ../tools/make-version.py --set-release --version-file=wireshark_version.txt ..
284     - ../tools/update-appdata.py
285     - printf "\e[0Ksection_start:%s:cmake_section[collapsed=true]\r\e[0KRunning CMake" "$( date +%s)"
286     - cmake -G Ninja $CMAKE_ARGS ..
287     - printf "\e[0Ksection_end:%s:cmake_section\r\e[0K" "$( date +%s)"
288     - cd $CI_PROJECT_DIR
289     - build/packaging/source/git-export-release.sh -d .
290     - cd build
291     - ninja release_notes
292     - WIRESHARK_VERSION=$(< wireshark_version.txt)
293     - cp -v doc/release-notes.html ../release-notes-${WIRESHARK_VERSION}.html
294     - cp -v doc/release-notes.txt ../release-notes-${WIRESHARK_VERSION}.txt
295   after_script:
296     # - ccache --max-size $( du --summarize --block-size=1M "$CI_PROJECT_DIR/build" | awk '{printf ("%dM", $1 * 1.5)}' )
297     - if [ "$CI_JOB_STATUS" != "success" ]; then exit 0 ; fi
298     - if [ -n "$SCHEDULE_TYPE" ] ; then exit 0 ; fi
299     - stat --format="%n %s bytes" wireshark-*.tar.*
300     - for digest in sha512 sha256 sha1 ; do openssl $digest wireshark-*.tar.* ; done
301     - if [ -n "$MC_DESTINATION_DIST" ] ; then mc --quiet cp wireshark-*.tar.* "$MC_DESTINATION_DIST/" ; fi
302     - if [ -n "$MC_DESTINATION_RELEASE" ] ; then mc --quiet cp release-notes-*.{txt,html} "$MC_DESTINATION_RELEASE/" ; fi
303   artifacts:
304     paths:
305       - wireshark-*.tar.*
306       - release-notes-*.html
307       - release-notes-*.txt
309 # Job to generate packages for Debian stable
310 Debian Stable APT Package:
311   extends: .build-linux
312   rules: !reference [.if-2x-daily-schedule]
313   image: registry.gitlab.com/wireshark/wireshark-containers/debian-stable-dev
314   script:
315     - ln --symbolic --no-dereference --force packaging/debian
316     - tools/make-version.py --set-release .
317     # Shared GitLab runners limit the log size to 4M, so reduce verbosity. See
318     # https://gitlab.com/gitlab-com/support-forum/issues/2790
319     - export DEB_BUILD_OPTIONS="nocheck parallel=$(( $(getconf _NPROCESSORS_ONLN) + 2 ))"
320     - export DH_QUIET=1
321     - export MAKEFLAGS=--silent
322     - CC=/usr/lib/ccache/gcc CXX=/usr/lib/ccache/g++ dpkg-buildpackage -b --no-sign -jauto -zfast
323     # Please don't add a Lintian step unless you can guarantee that someone
324     # will fix any breakages that invariably pop up.
325     - mkdir debian-packages
326     - mv -v ../*.deb debian-packages/
327   artifacts:
328     paths:
329       - debian-packages/*.deb
330     expire_in: 3 days
332 Debian Stable APT Test:
333   extends: .test-linux
334   rules: !reference [.if-2x-daily-schedule]
335   image: registry.gitlab.com/wireshark/wireshark-containers/debian-stable-dev
336   stage: test
337   script:
338     - DEBIAN_FRONTEND=noninteractive apt-get install ./debian-packages/*.deb -y
339     - tshark --version
340   variables:
341     GIT_STRATEGY: none
342   needs: [ 'Debian Stable APT Package' ]
344 Fedora RPM Package:
345   extends: .build-rpm
346   image: registry.gitlab.com/wireshark/wireshark-containers/fedora-dev
347   script:
348     # Shared GitLab runners limit the log size to 4M, so reduce verbosity. See
349     # https://gitlab.com/gitlab-com/support-forum/issues/2790
350     - export FORCE_CMAKE_NINJA_NON_VERBOSE=1
351     - printf "\e[0Ksection_start:%s:cmake_section[collapsed=true]\r\e[0KRunning CMake" "$( date +%s)"
352     - cmake3 -G Ninja ..
353     - printf "\e[0Ksection_end:%s:cmake_section\r\e[0K" "$( date +%s)"
354     - ninja wireshark_rpm
356 # Fedora RPM Test:
357 #   extends: .test-rpm
358 #   image: fedora
359 #   script:
360 #     - dnf install -y build/packaging/rpm/RPMS/x86_64/*.rpm
361 #     - tshark --version
362 #  needs: [ 'Fedora RPM Package' ]
364 openSUSE 15.6 RPM Package:
365   extends: .build-rpm
366   image: registry.gitlab.com/wireshark/wireshark-containers/opensuse-15.6-dev
367   script:
368     - source /gcc-latest.env
369     - printf "\e[0Ksection_start:%s:cmake_section[collapsed=true]\r\e[0KRunning CMake" "$( date +%s)"
370     - cmake -G Ninja ..
371     - printf "\e[0Ksection_end:%s:cmake_section\r\e[0K" "$( date +%s)"
372     - ninja wireshark_rpm
374 openSUSE 15.6 RPM Test:
375   extends: .test-rpm
376   image: registry.gitlab.com/wireshark/wireshark-containers/opensuse-15.6-dev
377   script:
378     - zypper --no-gpg-checks --no-remote install -y build/packaging/rpm/RPMS/x86_64/*.rpm
379     - tshark --version
380   needs: [ 'openSUSE 15.6 RPM Package' ]
382 Rocky Linux 9 RPM Package:
383   extends: .build-rpm
384   image: registry.gitlab.com/wireshark/wireshark-containers/rockylinux-9-dev
385   script:
386     - printf "\e[0Ksection_start:%s:cmake_section[collapsed=true]\r\e[0KRunning CMake" "$( date +%s)"
387     - cmake -G Ninja -DUSE_qt6=OFF ..
388     - printf "\e[0Ksection_end:%s:cmake_section\r\e[0K" "$( date +%s)"
389     - ninja wireshark_rpm
391 Rocky Linux 9 RPM Test:
392   extends: .test-rpm
393   image: registry.gitlab.com/wireshark/wireshark-containers/rockylinux-9-dev
394   script:
395     - dnf --nogpgcheck localinstall -y build/packaging/rpm/RPMS/x86_64/*.rpm
396     - tshark --version
397   needs: [ 'Rocky Linux 9 RPM Package' ]
399 Ubuntu APT Package:
400   extends: .build-ubuntu
401   rules: !reference [.if-2x-daily-schedule]
402   script:
403     # build-ubuntu puts us in `build`.
404     - cd ..
405     - ln --symbolic --no-dereference --force packaging/debian
406     - CC=/usr/lib/ccache/gcc CXX=/usr/lib/ccache/g++ MAKE=ninja dpkg-buildpackage -us -uc -rfakeroot -jauto -zfast
407     # Please don't add a Lintian step unless you can guarantee that someone
408     # will fix any breakages that invariably pop up.
409     - mkdir ubuntu-packages
410     - mv ../*.deb ubuntu-packages/
411   after_script:
412     # dpkg-buildpackage builds in obj-<triplet>, so we need to override
413     # .build-ubuntu. We also build more stuff, so decrease our multiplier.
414     - ccache --max-size $( du --summarize --block-size=1M --total "$CI_PROJECT_DIR"/obj-* | awk '/total$/ {printf ("%dM", $1 * 1.25)}' )
415   artifacts:
416     paths:
417       - ubuntu-packages/*.deb
418     expire_in: 3 days
420 Ubuntu APT Test:
421   extends: .test-linux
422   rules: !reference [.if-2x-daily-schedule]
423   image: registry.gitlab.com/wireshark/wireshark-containers/ubuntu-dev
424   stage: test
425   script:
426     - DEBIAN_FRONTEND=noninteractive apt-get install ./ubuntu-packages/*.deb -y
427     - tshark --version
428   variables:
429     GIT_STRATEGY: none
430   needs: [ 'Ubuntu APT Package' ]
432 Windows x64 Package:
433   extends: .build-windows
434   rules: !reference [.if-w-w-only-merged]
435   tags:
436     - wireshark-windows-x64-package
437   before_script:
438     - $env:WIRESHARK_BASE_DIR = "C:\Development"
439     - $env:Configuration = "RelWithDebInfo"
440     - $env:CMAKE_PREFIX_PATH = "C:\Qt\6.8.0\msvc2022_64"
441     # https://help.appveyor.com/discussions/questions/18777-how-to-use-vcvars64bat-from-powershell
442     - cmd.exe /c "call `"C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Auxiliary\Build\vcvars64.bat`" && set" | Foreach-Object { if ($_ -match "^(.*?)=(.*)$") { Set-Content "env:\$($matches[1])" $matches[2] } }
443     - mkdir build
444     - cd build
445   script:
446     - C:\Windows\py.exe ..\tools\make-version.py --set-release --version-file=wireshark_version.txt ..
447     - cmake -G "Visual Studio 17 2022" -A x64 -DENABLE_LTO=off -DBUILD_stratoshark=on -DBUILD_falcodump=on -DENABLE_SIGNED_NSIS=on ..
448     - msbuild /verbosity:minimal "/consoleloggerparameters:PerformanceSummary;NoSummary" /maxcpucount Wireshark.sln
449     - msbuild /verbosity:minimal /maxcpucount test-programs.vcxproj
450     - msbuild /verbosity:minimal /maxcpucount wireshark_nsis_prep.vcxproj
451     - msbuild /verbosity:minimal /maxcpucount stratoshark_nsis_prep.vcxproj
452     - msbuild /verbosity:minimal /maxcpucount wireshark_wix_prep.vcxproj
453     - C:\gitlab-builds\bin\sign-files.ps1 -Recurse -Path run\RelWithDebInfo
454     - msbuild /verbosity:minimal wireshark_nsis.vcxproj
455     - msbuild /verbosity:minimal stratoshark_nsis.vcxproj
456     # No need for explicit signing of NSIS installer here. The signing is done by makensis.
457     - msbuild /verbosity:minimal wireshark_wix.vcxproj
458     - C:\gitlab-builds\bin\sign-files.ps1 -Path packaging\wix\Wireshark-*.msi
459     - msbuild /verbosity:minimal wireshark_portableapps.vcxproj
460     - C:\gitlab-builds\bin\sign-files.ps1 -Path packaging\portableapps\WiresharkPortable*.exe
461     - $plugins = Get-ChildItem run\RelWithDebInfo\plugins\*\*.dll ; signtool verify /q /pa /all run\RelWithDebInfo\*.exe run\RelWithDebInfo\extcap\wireshark\*.exe $plugins run\RelWithDebInfo\libwireshark.dll run\RelWithDebInfo\libwiretap.dll run\RelWithDebInfo\libwsutil.dll packaging\nsis\Wireshark-*-x64.exe packaging\nsis\Stratoshark-*-x64.exe packaging\wix\Wireshark-*-x64.msi packaging\portableapps\WiresharkPortable??_*.paf.exe
462     - msbuild /verbosity:minimal pdb_zip_package.vcxproj
463     - C:\gitlab-builds\bin\mse-scan.ps1
464     - run\RelWithDebInfo\tshark --version
465     - $packages = Get-ChildItem "packaging\nsis\Wireshark-*-x64.exe", "packaging\nsis\Stratoshark-*-x64.exe", "packaging\wix\Wireshark-*-x64.msi", "packaging\portableapps\WiresharkPortable??_*.paf.exe", "Wireshark-pdb-*x64.zip"
466     - foreach ($package in $packages) { Write-Host $package.name $(Get-Filehash -Algorithm SHA256 $package).Hash $package.length "bytes" }
467     - if (Test-Path env:MC_DESTINATION_WINDOWS_X64) { C:\gitlab-builds\bin\mc --quiet cp $packages "$env:MC_DESTINATION_WINDOWS_X64/" }
468     - $nsisSha256 = (Get-FileHash -Algorithm SHA256 .\packaging\nsis\Wireshark-*-x64.exe).Hash
469     - $wiresharkVersion = Get-Content .\wireshark_version.txt
470     - Set-Content -Path release-info-$($wiresharkVersion)-windows-x64.ini -Value ("[DEFAULT]`nnsis_sha256 = $nsisSha256")
471     - if (Test-Path env:MC_DESTINATION_RELEASE) { C:\gitlab-builds\bin\mc --quiet cp release-info-$($wiresharkVersion)-windows-x64.ini "$env:MC_DESTINATION_RELEASE/" }
472     - C:\Windows\py.exe -m pytest
473   artifacts:
474     paths:
475       - build/release-info-*.ini
477 Windows Arm64 Package:
478   extends: .build-windows
479   rules: !reference [.if-w-w-only-merged]
480   tags:
481     - wireshark-windows-arm64-package
482   before_script:
483     - $env:WIRESHARK_BASE_DIR = "C:\Development"
484     - $env:Configuration = "RelWithDebInfo"
485     - $env:CMAKE_PREFIX_PATH = "C:\Qt\6.8.0\msvc2022_arm64"
486     # https://help.appveyor.com/discussions/questions/18777-how-to-use-vcvars64bat-from-powershell
487     - cmd.exe /c "call `"C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Auxiliary\Build\vcvarsarm64.bat`" && set" | Foreach-Object { if ($_ -match "^(.*?)=(.*)$") { Set-Content "env:\$($matches[1])" $matches[2] } }
488     - mkdir build
489     - cd build
490   script:
491     - C:\Windows\py.exe ..\tools\make-version.py --set-release --version-file=wireshark_version.txt ..
492     - cmake -G "Visual Studio 17 2022" -A arm64 -DENABLE_LTO=off -DBUILD_stratoshark=on -DBUILD_falcodump=on -DENABLE_SIGNED_NSIS=on ..
493     - msbuild /verbosity:minimal "/consoleloggerparameters:PerformanceSummary;NoSummary" /maxcpucount Wireshark.sln
494     - msbuild /verbosity:minimal /maxcpucount test-programs.vcxproj
495     - msbuild /verbosity:minimal /maxcpucount wireshark_nsis_prep.vcxproj
496     - msbuild /verbosity:minimal /maxcpucount stratoshark_nsis_prep.vcxproj
497     - C:\gitlab-builds\bin\sign-files.ps1 -Recurse -Path run\RelWithDebInfo
498     - msbuild /verbosity:minimal wireshark_nsis.vcxproj
499     - msbuild /verbosity:minimal stratoshark_nsis.vcxproj
500     - $plugins = Get-ChildItem run\RelWithDebInfo\plugins\*\*.dll ; signtool verify /q /pa /all run\RelWithDebInfo\*.exe run\RelWithDebInfo\extcap\wireshark\*.exe $plugins run\RelWithDebInfo\libwireshark.dll run\RelWithDebInfo\libwiretap.dll run\RelWithDebInfo\libwsutil.dll packaging\nsis\Wireshark-*-arm64.exe packaging\nsis\Stratoshark-*-arm64.exe
501     - msbuild /verbosity:minimal pdb_zip_package.vcxproj
502     - C:\gitlab-builds\bin\mse-scan.ps1
503     - run\RelWithDebInfo\tshark --version
504     - $packages = Get-ChildItem "packaging\nsis\Wireshark-*-arm64.exe", "packaging\nsis\Stratoshark-*-arm64.exe", "Wireshark-pdb-*arm64.zip"
505     - foreach ($package in $packages) { Write-Host $package.name $(Get-Filehash -Algorithm SHA256 $package).Hash $package.length "bytes" }
506     - if (Test-Path env:MC_DESTINATION_WINDOWS_ARM64) { C:\gitlab-builds\bin\mc --quiet cp $packages "$env:MC_DESTINATION_WINDOWS_ARM64/" }
507     - $nsisSha256 = (Get-FileHash -Algorithm SHA256 .\packaging\nsis\Wireshark-*-arm64.exe).Hash
508     - $wiresharkVersion = Get-Content .\wireshark_version.txt
509     - Set-Content -Path release-info-$($wiresharkVersion)-windows-arm64.ini -Value ("[DEFAULT]`nnsis_sha256 = $nsisSha256")
510     - if (Test-Path env:MC_DESTINATION_RELEASE) { C:\gitlab-builds\bin\mc --quiet cp release-info-$($wiresharkVersion)-windows-arm64.ini "$env:MC_DESTINATION_RELEASE/" }
511     - C:\Windows\py.exe -m pytest
512   artifacts:
513     paths:
514       - build/release-info-*.ini
516 Windows MinGW-w64 Package:
517   extends: .build-mingw
518   rules: !reference [.if-w-w-only-merged]
519   script:
520     - mingw64-cmake -G Ninja -DENABLE_CCACHE=Yes -DFETCH_lua=Yes ..
521     - ninja
522     - ninja user_guide_html
523     - ninja wireshark_nsis_prep
524     - ninja wireshark_nsis
525   artifacts:
526     paths:
527       - build/packaging/nsis/wireshark-*.exe
528     expire_in: 3 days
530 macOS Arm Package:
531   stage: build
532   rules: !reference [.if-w-w-only-merged]
533   variables:
534     CODE_SIGN_IDENTITY: "Wireshark Foundation"
535   tags:
536     - wireshark-macos-arm-package
537   retry: 1
538   script:
539     - export CMAKE_PREFIX_PATH=/usr/local/Qt-6.5.3
540     # Not needed for Falco libs 0.19?
541     - export CXXFLAGS="-isystem /usr/local/include/falcosecurity"
542     - export PATH="$PATH:$HOME/bin"
543     - mkdir build
544     - cd build
545     - ../tools/make-version.py --set-release --version-file=wireshark_version.txt ..
546     - printf "\e[0Ksection_start:%s:cmake_section[collapsed=true]\r\e[0KRunning CMake" "$( date +%s)"
547     - cmake -DENABLE_CCACHE=ON -DCMAKE_APPLE_SILICON_PROCESSOR=arm64 -DCMAKE_OSX_DEPLOYMENT_TARGET=11.0 -DCMAKE_OSX_ARCHITECTURES=arm64 -DBUILD_stratoshark=on -DBUILD_falcodump=on -DFALCO_PLUGINS=/usr/local/lib/falco-plugins/libcloudtrail.so -DTEST_EXTRA_ARGS=--enable-release -G Ninja ..
548     - printf "\e[0Ksection_end:%s:cmake_section\r\e[0K" "$( date +%s)"
549     - ninja
550     - codesign-prep
551     - security find-identity -v -s "$CODE_SIGN_IDENTITY"
552     - ninja wireshark_dmg
553     - ninja stratoshark_dmg
554     - cd run
555     - xcrun notarytool submit Wireshark?[1-9]*.dmg --apple-id "$MACOS_NOTARIZATION_APPLE_ID" --team-id "$MACOS_NOTARIZATION_TEAM_ID" --password "$MACOS_NOTARIZATION_PWD" --wait --timeout 10m
556     - xcrun stapler staple Wireshark?[1-9]*.dmg
557     - xcrun notarytool submit Stratoshark?[0-9]*.dmg --apple-id "$MACOS_NOTARIZATION_APPLE_ID" --team-id "$MACOS_NOTARIZATION_TEAM_ID" --password "$MACOS_NOTARIZATION_PWD" --wait --timeout 10m
558     - xcrun stapler staple Stratoshark?[0-9]*.dmg
559     - spctl --assess --type open --context context:primary-signature --verbose=2 Wireshark?[1-9]*.dmg Stratoshark?[0-9]*.dmg
560     - stat -f "%N %z bytes" Wireshark*.dmg Stratoshark*.dmg
561     - for digest in sha512 sha256 sha1 ; do openssl $digest Wireshark*.dmg Stratoshark*.dmg ; done
562     - |
563       if [ -n "$S3_DESTINATION_MACOS_ARM64" ] ; then
564         aws s3 cp Wireshark?[1-9]*Arm*.dmg "$S3_DESTINATION_MACOS_ARM64/"
565         aws s3 cp Wireshark?dSYM*Arm*.dmg "$S3_DESTINATION_MACOS_ARM64/"
566         aws s3 cp Stratoshark?[0-9]*Arm*.dmg "$S3_DESTINATION_MACOS_ARM64/"
567         aws s3 cp Stratoshark?dSYM*Arm*.dmg "$S3_DESTINATION_MACOS_ARM64/"
568       fi
569     - SPARKLE_SIGNATURE=$( age --decrypt --identity="$MACOS_AGE_IDENTITY" "$MACOS_SPARKLE_BLOB" | /usr/local/Sparkle-2.2.2/bin/sign_update --ed-key-file - Wireshark?[1-9]*.dmg )
570     - $CI_PROJECT_DIR/build/run/tshark --version
571     - DMG_SHA256=$( shasum --algorithm 256 Wireshark?[1-9]*.dmg | awk '{print $1}' )
572     - WIRESHARK_VERSION=$(< ../wireshark_version.txt)
573     - printf '[DEFAULT]\nsparkle_signature = %s\ndmg_sha256 = %s\n' "$SPARKLE_SIGNATURE" "$DMG_SHA256" > release-info-${WIRESHARK_VERSION}-macos-arm64.ini
574     - if [[ -n "$S3_DESTINATION_RELEASE" ]] ; then aws s3 cp release-info-${WIRESHARK_VERSION}-macos-arm64.ini "$S3_DESTINATION_RELEASE/" ; fi
575     - cd ..
576     - ninja test
577   artifacts:
578     paths:
579       - build/run/release-info-*.ini
580   needs: []
582 macOS Intel Package:
583   stage: build
584   rules: !reference [.if-w-w-only-merged]
585   variables:
586     CODE_SIGN_IDENTITY: "Wireshark Foundation"
587   tags:
588     - wireshark-macos-intel-package
589   retry: 1
590   script:
591     - export CMAKE_PREFIX_PATH=/usr/local/Qt-6.5.3
592     # Not needed for Falco libs 0.19?
593     - export CXXFLAGS="-isystem /usr/local/include/falcosecurity"
594     - export PATH="$PATH:$HOME/bin"
595     - mkdir build
596     - cd build
597     - ../tools/make-version.py --set-release --version-file=wireshark_version.txt ..
598     - printf "\e[0Ksection_start:%s:cmake_section[collapsed=true]\r\e[0KRunning CMake" "$( date +%s)"
599     - cmake -DENABLE_CCACHE=ON -DCMAKE_OSX_DEPLOYMENT_TARGET=11.0 -DBUILD_stratoshark=on -DBUILD_falcodump=on -DFALCO_PLUGINS=/usr/local/lib/falco-plugins/libcloudtrail.so -DTEST_EXTRA_ARGS=--enable-release -G Ninja ..
600     - printf "\e[0Ksection_end:%s:cmake_section\r\e[0K" "$( date +%s)"
601     - ninja
602     - codesign-prep
603     - security find-identity -v -s "$CODE_SIGN_IDENTITY"
604     - ninja wireshark_dmg
605     - ninja stratoshark_dmg
606     - cd run
607     - xcrun notarytool submit Wireshark?[1-9]*.dmg --apple-id "$MACOS_NOTARIZATION_APPLE_ID" --team-id "$MACOS_NOTARIZATION_TEAM_ID" --password "$MACOS_NOTARIZATION_PWD" --wait --timeout 10m
608     - xcrun stapler staple Wireshark?[1-9]*.dmg
609     - xcrun notarytool submit Stratoshark?[0-9]*.dmg --apple-id "$MACOS_NOTARIZATION_APPLE_ID" --team-id "$MACOS_NOTARIZATION_TEAM_ID" --password "$MACOS_NOTARIZATION_PWD" --wait --timeout 10m
610     - xcrun stapler staple Stratoshark?[0-9]*.dmg
611     - spctl --assess --type open --context context:primary-signature --verbose=2 Wireshark?[1-9]*.dmg Stratoshark?[0-9]*.dmg
612     - stat -f "%N %z bytes" Wireshark*.dmg Stratoshark*.dmg
613     - for digest in sha512 sha256 sha1 ; do openssl $digest Wireshark*.dmg Stratoshark*.dmg ; done
614     - |
615       if [ -n "$S3_DESTINATION_MACOS_INTEL64" ] ; then
616         aws s3 cp Wireshark?[1-9]*Intel*.dmg "$S3_DESTINATION_MACOS_INTEL64/"
617         aws s3 cp Wireshark?dSYM*Intel*.dmg "$S3_DESTINATION_MACOS_INTEL64/"
618         aws s3 cp Stratoshark?[0-9]*Intel*.dmg "$S3_DESTINATION_MACOS_INTEL64/"
619         aws s3 cp Stratoshark?dSYM*Intel*.dmg "$S3_DESTINATION_MACOS_INTEL64/"
620       fi
621     - SPARKLE_SIGNATURE=$( age --decrypt --identity="$MACOS_AGE_IDENTITY" "$MACOS_SPARKLE_BLOB" | /usr/local/Sparkle-2.2.2/bin/sign_update --ed-key-file - Wireshark?[1-9]*.dmg )
622     - $CI_PROJECT_DIR/build/run/tshark --version
623     - DMG_SHA256=$( shasum --algorithm 256 Wireshark?[1-9]*.dmg | awk '{print $1}' )
624     - WIRESHARK_VERSION=$(< ../wireshark_version.txt)
625     - printf '[DEFAULT]\nsparkle_signature = %s\ndmg_sha256 = %s\n' "$SPARKLE_SIGNATURE" "$DMG_SHA256" > release-info-${WIRESHARK_VERSION}-macos-intel64.ini
626     - if [[ -n "$S3_DESTINATION_RELEASE" ]] ; then aws s3 cp release-info-${WIRESHARK_VERSION}-macos-intel64.ini "$S3_DESTINATION_RELEASE/" ; fi
627     - cd ..
628     - ninja test
629   artifacts:
630     paths:
631       - build/run/release-info-*.ini
632   needs: []
634 # Build the User's Guide and Developer's Guide
635 Documentation:
636   extends: .build-linux
637   image: registry.gitlab.com/wireshark/wireshark-containers/ubuntu-dev
638   rules:
639     - if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH == "master" && $CI_PROJECT_URL =~ /.*gitlab.com\/wireshark\/wireshark/'
640       changes:
641         - "doc/**/*"
642         - "epan/wslua/**/*"
643     - if: '$CI_PIPELINE_SOURCE == "push"'
644       when: manual
645       allow_failure: true
646   script:
647     # XXX We might want to move this to wireshark-ubuntu-dev or debian-setup.sh.
648     - DEBIAN_FRONTEND=noninteractive apt-get update
649     - DEBIAN_FRONTEND=noninteractive apt-get --yes install ruby-asciidoctor-pdf ruby-coderay ruby-dev
650     - NOKOGIRI_USE_SYSTEM_LIBRARIES=1 gem install asciidoctor-epub3
651     - mkdir build
652     - cd build
653     - printf "\e[0Ksection_start:%s:cmake_section[collapsed=true]\r\e[0KRunning CMake" "$( date +%s)"
654     - cmake -GNinja ..
655     - printf "\e[0Ksection_end:%s:cmake_section\r\e[0K" "$( date +%s)"
656     - ninja all_guides faq_html
657     - cd doc
658     - for HTML_DIR in ws[ud]g_html{,_chunked} ; do zip -9 -r "$HTML_DIR.zip" "$HTML_DIR" ; done
659     - gzip -9 faq.html
660     - if [ -n "$MC_DESTINATION_DOCS" ] ; then mc --quiet cp ws[ud]g_html{,_chunked}.zip Wireshark*Guide.{epub,pdf} faq.html.gz "$MC_DESTINATION_DOCS/" ; fi
661     - mv -v ws[ud]g_html{,_chunked}.zip Wireshark*Guide.{epub,pdf} faq.html.gz ../..
662   after_script:
663     - if [ "$CI_JOB_STATUS" != "success" ]; then exit 0 ; fi
664   artifacts:
665     paths:
666       - wsug_html.zip
667       - wsug_html_chunked.zip
668       - wsdg_html.zip
669       - wsdg_html_chunked.zip
670       - "Wireshark User's Guide.pdf"
671       - "Wireshark Developer's Guide.pdf"
672       - "Wireshark User's Guide.epub"
673       - "Wireshark Developer's Guide.epub"
674       - faq.html.gz
675   needs: []
678 # https://docs.gitlab.com/ee/user/gitlab_com/index.html#linux-shared-runners
680 Commit Check:
681   extends: .build-ubuntu
682   rules: !reference [.if-merge-request]
683   variables:
684     GITLAB_REPO: "$CI_MERGE_REQUEST_PROJECT_URL"
685   script:
686     # build-ubuntu puts us in `build`.
687     - cd ..
688     - git status
689     # We have the following options for displaying information in a merge request
690     # from a pipleline job:
691     #
692     # - The Notes API, which requires a valid GitLab CI_JOB_TOKEN variable, which
693     #   isn't available for outside projects:
694     #   https://gitlab.com/gitlab-org/gitlab/-/issues/464591.
695     #
696     # - Code Quality, which requires extra configuration, using a special container
697     #   image, and writing a custom plugin:
698     #   https://docs.gitlab.com/ee/ci/testing/code_quality.html.
699     #
700     # - Unit test reports, which must be formatted as JUnit XML:
701     #   https://docs.gitlab.com/ee/ci/testing/unit_test_reports.html
702     #   https://www.ibm.com/docs/en/developer-for-zos/14.2?topic=formats-junit-xml-format
703     #
704     # Let's generate a unit test report, even if that means wondering which life choices
705     # led us to assemlbing an XML document from fragments in a shell script which is
706     # embedded in YAML.
707     - FAILURE_COUNT=0
708     - TESTCASES="<testcase class='commit_checks.num_commits' name='num_commits' time='1.0'"
709     - |
710       if [[ $NUM_COMMITS -gt 1 ]] ; then
711         TESTCASES+="><failure>ℹ️ This merge request has more than one commit. Please squash any trivial ones:
713         $(git log --oneline --no-decorate "${CI_COMMIT_SHA}~$NUM_COMMITS..${CI_COMMIT_SHA}")
714         </failure></testcase>"
715         FAILURE_COUNT=$(( FAILURE_COUNT + 1 ))
716       else
717         TESTCASES+="/>"
718       fi
719     - PC_EXIT_CODE=0
720     - ANALYSIS_MESSAGE=$( ./tools/pre-commit "${CI_COMMIT_SHA}~$NUM_COMMITS" ) || PC_EXIT_CODE=1
721     - TESTCASES+="<testcase class='commit_checks.pre_commit' name='tools/pre-commit' time='1.0'"
722     - |
723       if [ -n "$ANALYSIS_MESSAGE" ] ; then
724         TESTCASES+="><failure>Pre-commit check results:
726         $ANALYSIS_MESSAGE
727         </failure></testcase>"
728         FAILURE_COUNT=$(( FAILURE_COUNT + 1 ))
729       else
730         TESTCASES+="/>"
731       fi
732     - VC_EXIT_CODE=0
733     - ANALYSIS_MESSAGE=$( tools/validate-commit.py ) || VC_EXIT_CODE=1
734     - TESTCASES+="<testcase class='commit_checks.validate_commit' name='tools/validate-commit.py' time='1.0'"
735     - |
736       if [[ $VC_EXIT_CODE != 0 ]] ; then
737         TESTCASES+="><failure>Validate-commit check results:
739         $ANALYSIS_MESSAGE
740         </failure></testcase>"
741         FAILURE_COUNT=$(( FAILURE_COUNT + 1 ))
742       else
743         TESTCASES+="/>"
744       fi
745     - LC_EXIT_CODE=0
746     - ANALYSIS_MESSAGE=$( python3 tools/checklicenses.py ) || LC_EXIT_CODE=1
747     - TESTCASES+="<testcase class='commit_checks.check_licenses' name='tools/checklicenses.py' time='1.0'"
748     - |
749       if [[ $LC_EXIT_CODE != 0 ]] ; then
750         TESTCASES+="><failure>License check failure:
752         $ANALYSIS_MESSAGE
753         </failure></testcase>"
754         FAILURE_COUNT=$(( FAILURE_COUNT + 1 ))
755       else
756         TESTCASES+="/>"
757       fi
758     - HC_EXIT_CODE=0
759     - ANALYSIS_MESSAGE=$( python3 tools/check_help_urls.py ) || HC_EXIT_CODE=1
760     - TESTCASES+="<testcase class='commit_checks.check_help_urls' name='tools/check_help_urls.py' time='1.0'"
761     - |
762       if [[ $HC_EXIT_CODE != 0 ]] ; then
763         TESTCASES+="><failure>Help URL check failure:
765         $ANALYSIS_MESSAGE
766         </failure></testcase>"
767         FAILURE_COUNT=$(( FAILURE_COUNT + 1 ))
768       else
769         TESTCASES+="/>"
770       fi
771     - |
772       cat > commit_checks.xml <<FIN
773       <?xml version="1.0" encoding="utf-8"?>
774       <testsuites><testsuite name="Commit Checks" errors="0" failures="$FAILURE_COUNT" skipped="0" tests="5" time="5">
775       $TESTCASES
776       </testsuite></testsuites>
777       FIN
778     # - cat commit_checks.xml
779     - exit $(( PC_EXIT_CODE || VC_EXIT_CODE || LC_EXIT_CODE || HC_EXIT_CODE ))
780   artifacts:
781     when: always
782     paths:
783       - commit_checks.xml
784     reports:
785       junit: commit_checks.xml
787 Ubuntu GCC Build:
788   extends: .build-ubuntu
789   rules: !reference [.if-merge-request]
790   variables:
791     CC: "gcc"
792     CXX: "g++"
793   needs: [ 'Commit Check' ]
794   script:
795     - source /gcc-latest.env
796     # build-ubuntu puts us in `build`.
797     - cd ..
798     - mv build "🦈 build 🦈"
799     - cd "🦈 build 🦈"
800     - printf "\e[0Ksection_start:%s:cmake_section[collapsed=true]\r\e[0KRunning CMake" "$( date +%s)"
801     # Test release build.
802     - cmake -G Ninja -DCMAKE_BUILD_TYPE=Debug -DENABLE_CCACHE=ON -DENABLE_WERROR=ON -DCMAKE_EXPORT_COMPILE_COMMANDS=on ..
803     - printf "\e[0Ksection_end:%s:cmake_section\r\e[0K" "$( date +%s)"
804     - script --command ninja --flush --quiet --return ../gcc_report.txt
805     - ansi2html < ../gcc_report.txt > ../gcc_report.html
806     - ninja test-programs
807     - chown -R user .
808     - if [ -f run/dumpcap ]; then setcap cap_net_raw,cap_net_admin+eip run/dumpcap; fi
809     - if [ -f run/dumpcap ]; then su user -c "run/dumpcap -D" ; fi
810     - su user -c "pytest-3 --junitxml=../ubuntu_tests.xml"
811     # Test CMake install code and CPack config code. Select any one of the archive generators.
812     - ninja user_guide_html
813     - ninja developer_guide_html
814     - cpack -G TZST .
815     - ls wireshark-*.tar.zst{,.sha256}
816   artifacts:
817     when: always
818     paths:
819       - gcc_report.html
820     reports:
821       junit: ubuntu_tests.xml
823 Ubuntu Qt5 Build:
824   extends: .build-ubuntu
825   rules:
826     - if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
827       interruptible: true
828       changes:
829         - "ui/**/*"
830     - if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
831       when: manual
832       allow_failure: true
833   needs: [ 'Commit Check' ]
834   script:
835     - printf "\e[0Ksection_start:%s:cmake_section[collapsed=true]\r\e[0KRunning CMake" "$( date +%s)"
836     - cmake -G Ninja -DENABLE_CCACHE=ON -DENABLE_WERROR=ON -DUSE_qt6=OFF ..
837     - printf "\e[0Ksection_end:%s:cmake_section\r\e[0K" "$( date +%s)"
838     - ninja
839     - run/wireshark -v
841 Fedora MinGW Build:
842   extends: .build-mingw
843   rules: !reference [.if-merge-request]
844   needs: [ 'Commit Check' ]
846 Clang + Code Checks:
847   extends: .build-ubuntu
848   tags:
849     - saas-linux-medium-amd64
850   rules: !reference [.if-merge-request]
851   needs: [ 'Commit Check' ]
852   script:
853     - source /clang-latest.env
854     - apt-get update && apt-get --yes install python3-venv
855     - python3 -m venv $CI_PROJECT_DIR/.venv
856     - source $CI_PROJECT_DIR/.venv/bin/activate
857     # build-ubuntu puts us in `build`.
858     - cd ..
859     - mkdir cppcheck
860     - ./tools/cppcheck/cppcheck.sh -l $NUM_COMMITS | tee cppcheck/cppcheck_report.txt
861     - if [[ -s "cppcheck/cppcheck_report.txt" ]]; then ./tools/cppcheck/cppcheck.sh -l $NUM_COMMITS -x > cppcheck/cppcheck_report.xml ; fi
862     - if [[ -s "cppcheck/cppcheck_report.txt" ]]; then cppcheck-htmlreport --file cppcheck/cppcheck_report.xml  --report-dir cppcheck ; fi
863     - cd build
864     - printf "\e[0Ksection_start:%s:cmake_section[collapsed=true]\r\e[0KRunning CMake" "$( date +%s)"
865     # We don't have an "All options" job, so build fuzzshark and tfshark here.
866     - cmake -DENABLE_CHECKHF_CONFLICT=on -DCMAKE_EXPORT_COMPILE_COMMANDS=on -DCMAKE_C_CLANG_TIDY=clang-tidy-$CLANG_VERSION -DCMAKE_CXX_CLANG_TIDY=clang-tidy-$CLANG_VERSION -DBUILD_fuzzshark=ON -DBUILD_tfshark=On -DBUILD_stratoshark=ON -DENABLE_DEBUG=ON -DENABLE_CCACHE=ON -DENABLE_WERROR=ON -G Ninja ..
867     - printf "\e[0Ksection_end:%s:cmake_section\r\e[0K" "$( date +%s)"
868     - printf "\e[0Ksection_start:%s:asn1_section[collapsed=false]\r\e[0KRegenerating ASN.1 dissectors" "$( date +%s)"
869     - ninja --quiet asn1
870     - git diff --exit-code ${CI_COMMIT_SHA} ..
871     - printf "\e[0Ksection_end:%s:asn1_section\r\e[0K" "$( date +%s)"
872     - printf "\e[0Ksection_start:%s:pidl_section[collapsed=true]\r\e[0KRegenerating PIDL dissectors" "$( date +%s)"
873     - ninja pidl-dissectors
874     - ninja idl2wrs-dissectors
875     - git diff --exit-code ${CI_COMMIT_SHA} ..
876     - printf "\e[0Ksection_end:%s:pidl_section\r\e[0K" "$( date +%s)"
877     - mkdir ../html
878     - script --command ninja --flush --quiet --return ../tmp_clang_report.txt
879     - ansi2txt < ../tmp_clang_report.txt > ../clang_report.txt
880     - ansi2html < ../tmp_clang_report.txt > ../html/clang_report.html
881     - ./run/tshark -v 2> >(tee ../checkhf_conflict.txt)
882     - ../tools/validate-clang-check.sh -c $CLANG_VERSION 2> >(tee ../tmp_clang_analyzer_check.txt)
883     - ansi2txt < ../tmp_clang_analyzer_check.txt > ../clang_analyzer_check.txt
884     - ansi2html < ../tmp_clang_analyzer_check.txt > ../html/clang_analyzer_check.html
885     - ninja checkAPI
886     - ninja shellcheck
887     - cd ..
888     - pip3 install pyspellchecker
889     - ./tools/check_spelling.py --no-wikipedia --comments --commits $NUM_COMMITS | tee spelling_check.txt
890     - ./tools/check_typed_item_calls.py --consecutive --label --mask --check-bitmask-fields --commits $NUM_COMMITS | tee item_calls_check.txt
891     - ./tools/check_tfs.py --check-value-strings --commits $NUM_COMMITS | tee tfs_check.txt
892     - ./tools/check_val_to_str.py --commits $NUM_COMMITS | tee val_to_str_check.txt
893     - ./tools/check_col_apis.py --commits $NUM_COMMITS | tee col_apis_check.txt
894   artifacts:
895     paths:
896       - clang_report.txt
897       - clang_analyzer_check.txt
898       - cppcheck
899       - spelling_check.txt
900       - item_calls_check.txt
901       - tfs_check.txt
902       - val_to_str_check.txt
903       - col_apis_check.txt
904       - checkhf_conflict.txt
905       - html/
907 No options:
908   extends: .build-ubuntu
909   rules: !reference [.if-merge-request]
910   needs: [ 'Commit Check' ]
911   script: |
912     cmake -GNinja -DENABLE_CCACHE=ON \
913       -DENABLE_BROTLI=OFF -DENABLE_CAP=OFF -DENABLE_CHECKHF_CONFLICT=ON -DENABLE_GNUTLS=OFF \
914       -DENABLE_KERBEROS=OFF -DENABLE_LIBXML2=OFF -DENABLE_ILBC=OFF -DENABLE_LUA=OFF -DENABLE_LZ4=OFF \
915       -DENABLE_MINIZIP=OFF -DENABLE_NETLINK=OFF -DENABLE_NGHTTP2=OFF -DENABLE_NGHTTP3=OFF \
916       -DENABLE_BCG729=OFF -DENABLE_OPUS=OFF -DENABLE_PCAP=OFF -DENABLE_PLUGIN_IFDEMO=ON \
917       -DENABLE_PLUGINS=OFF -DENABLE_SBC=OFF -DENABLE_SMI=OFF -DENABLE_SNAPPY=OFF -DENABLE_SPANDSP=OFF \
918       -DENABLE_ZLIB=OFF -DENABLE_ZSTD=OFF -DBUILD_mmdbresolve=OFF ..
919     ninja
921 # Windows runners are still beta, at least technically:
922 # https://docs.gitlab.com/ee/user/gitlab_com/index.html#windows-shared-runners-beta
923 Windows Build:
924   extends: .build-windows
925   rules: !reference [.if-w-w-only-merge-request]
926   tags:
927     - wireshark-windows-merge-req
928   needs: [ 'Commit Check' ]
929   script:
930     # lib{sinsp,scap} don't support Configuration=Debug, so we can't enable
931     # BUILD_stratoshark or BUILD_falcodump here just yet.
932     - cmake -G "Visual Studio 17 2022" -A x64 -DENABLE_LTO=off ..
933     - msbuild /verbosity:minimal /maxcpucount /property:Configuration=Debug Wireshark.sln
934     - msbuild /verbosity:minimal /maxcpucount /property:Configuration=Debug test-programs.vcxproj
935     - C:\Windows\py.exe -m pytest --disable-gui --build-type=Debug --junitxml=../windows_tests.xml
936   artifacts:
937     when: always
938     reports:
939       junit: windows_tests.xml
941 macOS Build:
942   extends: .build-macos
943   rules: !reference [.if-w-w-only-merge-request]
944   script:
945     - printf "\e[0Ksection_start:%s:cmake_section[collapsed=true]\r\e[0KRunning CMake" "$( date +%s)"
946     - cmake -G Ninja -DCMAKE_BUILD_TYPE=Debug -DENABLE_CCACHE=ON -DTEST_EXTRA_ARGS=--disable-capture ..
947     - printf "\e[0Ksection_end:%s:cmake_section\r\e[0K" "$( date +%s)"
948     - ninja
949     - ninja test-programs
950     - pytest --disable-capture --junitxml=../macos_tests.xml
951   artifacts:
952     when: always
953     reports:
954       junit: macos_tests.xml
955   needs: [ 'Commit Check' ]
957 # Adapted from https://www.synopsys.com/blogs/software-security/integrating-coverity-scan-with-gitlab-ci/
958 # and https://gitlab.gnome.org/GNOME/glib/-/blob/8f57a5b9/.gitlab-ci.yml#L481
959 Coverity GCC Scan:
960   image: registry.gitlab.com/wireshark/wireshark-containers/ubuntu-dev
961   rules:
962     - if: '$CI_PIPELINE_SOURCE == "schedule" && $SCHEDULE_TYPE == "coverity-gcc"'
963   stage: analysis
964   needs: []
965   variables:
966     CC: gcc
967     CXX: g++
968     # cov-build doesn’t handle GLIB_DEPRECATED_ENUMERATOR
969     CFLAGS: '-DGLIB_DISABLE_DEPRECATION_WARNINGS'
970     CXXFLAGS: '-DGLIB_DISABLE_DEPRECATION_WARNINGS'
971   script:
972     - curl --output /tmp/cov-analysis-linux64.tar.gz --form project=$COVERITY_SCAN_PROJECT_NAME --form token=$COVERITY_SCAN_TOKEN https://scan.coverity.com/download/linux64
973     - tar --directory=/tmp --extract --gzip --file /tmp/cov-analysis-linux64.tar.gz
974     - mkdir build
975     - cd build
976     - cmake -G Ninja ..
977     - /tmp/cov-analysis-linux64-*/bin/cov-build --return-emit-failures --dir ../cov-int ninja
978     - cd ..
979     - tar --create --gzip --file cov-int.tar.gz cov-int
980     - echo "export ARTIFACT_JOB_URL=$CI_JOB_URL" > job_environment_variables.sh
981     - echo "export GIT_DESCRIPTION=$( git describe --tags )" >> job_environment_variables.sh
982   artifacts:
983     paths:
984       - cov-int.tar.gz
985       - job_environment_variables.sh
987 Coverity GCC Submit:
988   image: curlimages/curl
989   rules:
990     - if: '$CI_PIPELINE_SOURCE == "schedule" && $SCHEDULE_TYPE == "coverity-gcc"'
991   stage: .post
992   script:
993     - . job_environment_variables.sh
994     - echo $ARTIFACT_JOB_URL
995     - echo $GIT_DESCRIPTION
996     - curl --fail --data "project=$COVERITY_SCAN_PROJECT_NAME&token=$COVERITY_SCAN_TOKEN&email=$GITLAB_USER_EMAIL&url=$ARTIFACT_JOB_URL/artifacts/raw/cov-int.tar.gz&version=$GIT_DESCRIPTION&description=Ubuntu $GIT_DESCRIPTION $CI_COMMIT_REF_NAME:$CI_PIPELINE_ID" https://scan.coverity.com/builds
997   needs: [ 'Coverity GCC Scan' ]
999 Coverity Visual C++ Scan:
1000   extends: .build-windows
1001   rules:
1002     - if: '$CI_PIPELINE_SOURCE == "schedule" && $SCHEDULE_TYPE == "coverity-visual-c++"'
1003   tags:
1004     - wireshark-windows-merge-req
1005   stage: analysis
1006   needs: []
1007   script:
1008     - $gitDescription = (( git describe --tags ) | Out-String).Trim()
1009     - C:\Windows\System32\curl --output $env:temp\cov-analysis-win64.zip --form project=$COVERITY_SCAN_PROJECT_NAME --form token=$COVERITY_SCAN_TOKEN https://scan.coverity.com/download/win64
1010     - C:\ProgramData\chocolatey\tools\7z x "$env:temp\cov-analysis-win64.zip" -y -r -o"$env:temp"
1011     - cmake -DTEST_EXTRA_ARGS=--enable-release -DENABLE_LTO=off -G "Visual Studio 17 2022" -A x64 ..
1012     - $covAnalysisWin64 = (Get-ChildItem -Path $env:temp -Filter "cov-analysis-win64-*" -Directory)[0].FullName
1013     - Invoke-Expression "& $covAnalysisWin64\bin\cov-build.exe --return-emit-failures --dir ..\cov-int msbuild /verbosity:minimal `"/consoleloggerparameters:PerformanceSummary;NoSummary`" /maxcpucount:1 Wireshark.sln"
1014     - cd ..
1015     - C:\ProgramData\chocolatey\tools\7z a -tzip cov-int.zip cov-int
1016     - '"export ARTIFACT_JOB_URL=$env:CI_JOB_URL" | Out-File -Encoding ascii job_environment_variables.sh'
1017     - '"export GIT_DESCRIPTION=$gitDescription" | Out-File -Encoding ascii -Append job_environment_variables.sh'
1018   artifacts:
1019     paths:
1020       - cov-int.zip
1021       - job_environment_variables.sh
1023 Coverity Visual C++ Submit:
1024   image: curlimages/curl
1025   rules:
1026     - if: '$CI_PIPELINE_SOURCE == "schedule" && $SCHEDULE_TYPE == "coverity-visual-c++"'
1027   stage: .post
1028   script:
1029     - sed -i -e 's/\r//' job_environment_variables.sh
1030     - . job_environment_variables.sh
1031     - echo $ARTIFACT_JOB_URL
1032     - echo $GIT_DESCRIPTION
1033     - curl --fail --data "project=$COVERITY_SCAN_PROJECT_NAME&token=$COVERITY_SCAN_TOKEN&email=$GITLAB_USER_EMAIL&url=$ARTIFACT_JOB_URL/artifacts/raw/cov-int.zip&version=$GIT_DESCRIPTION&description=Windows $GIT_DESCRIPTION $CI_COMMIT_REF_NAME:$CI_PIPELINE_ID" https://scan.coverity.com/builds
1034   needs: [ 'Coverity Visual C++ Scan' ]
1036 Clang Static Analyzer:
1037   extends: .build-ubuntu
1038   rules: !reference [.if-daily-schedule]
1039   stage: analysis
1040   needs: []
1041   script:
1042     - source /clang-latest.env
1043     - scan-build-${CLANG_VERSION} --exclude tools cmake -DCMAKE_BUILD_TYPE=Debug -DENABLE_WERROR=OFF -G Ninja ..
1044     - scan-build-${CLANG_VERSION} --exclude tools -o ../sbout ninja
1045     - cd ../sbout
1046     - RAW_DIR=$( find ../sbout -type d -name "20??-??-??-*" -printf "%P\n" | head )
1047     - SB_DIR="scan-build-$RAW_DIR"
1048     - mv "$RAW_DIR" "$SB_DIR"
1049     - if [ -d logs ] ; then mv logs $SB_DIR ; fi
1050     - chmod -R u=rwX,go=rX "$SB_DIR"
1051     - zip -9 -r "${SB_DIR}.zip" "$SB_DIR"
1052     - if [ -n "$MC_DESTINATION_ANALYSIS" ] ; then mc --quiet cp "${SB_DIR}.zip" "$MC_DESTINATION_ANALYSIS/" ; fi
1054 # Windows runners are still beta, at least technically:
1055 # https://docs.gitlab.com/ee/user/gitlab_com/index.html#windows-shared-runners-beta
1056 Visual Studio Code Analysis:
1057   extends: .build-windows
1058   tags:
1059     - wireshark-windows-dev
1060   rules:
1061     # The wireshark-windows-* tags are only available in wireshark/wireshark.
1062     - if: '$CI_PIPELINE_SOURCE == "schedule" && $SCHEDULE_TYPE == "daily" && $CI_PROJECT_URL =~ /.*gitlab.com\/wireshark\/wireshark/'
1063   script:
1064     - py -m venv sarif-tools.venv
1065     - sarif-tools.venv\Scripts\pip.exe install sarif-tools
1066     - New-Item -Path C:\MinIO -Type "directory"
1067     - Invoke-Webrequest -OutFile C:\MinIO\mc.exe https://dl.min.io/client/mc/release/windows-amd64/archive/mc.RELEASE.2024-07-03T20-17-25Z
1068     - if ($( Get-FileHash -Algorithm SHA256 -Path C:\MinIO\mc.exe ).Hash -ne "A379139FB32C0ADDB6C05786782602B5106D13402759AC1B4A88285A4D5EAAD3" ) { Exit 1 }
1069     - $env:caexcludepath = "C:\Qt;$env:INCLUDE"
1070     - cmake -DENABLE_CODE_ANALYSIS=ON -G "Visual Studio 17 2022" -A x64 -DENABLE_LTO=off ..
1071     - msbuild /verbosity:minimal "/consoleloggerparameters:PerformanceSummary;NoSummary" /maxcpucount:2 Wireshark.sln
1072     - $report = "visual-c++-analyze-" + (Get-Date -format "yyyy-MM-dd") + ".html"
1073     - sarif-tools.venv\Scripts\sarif html --output $report
1074     - if (Test-Path env:MC_DESTINATION_ANALYSIS) { C:\MinIO\mc --quiet cp "$report" "$env:MC_DESTINATION_ANALYSIS/" }
1076 # Build all doxygen docs
1077 API Reference:
1078   extends: .build-ubuntu
1079   rules: !reference [.if-daily-schedule]
1080   script:
1081     - printf "\e[0Ksection_start:%s:cmake_section[collapsed=true]\r\e[0KRunning CMake" "$( date +%s)"
1082     - cmake -GNinja ..
1083     - printf "\e[0Ksection_end:%s:cmake_section\r\e[0K" "$( date +%s)"
1084     - ninja wsar_html_zip 2>&1 > doxygen_output.txt | tee doxygen_errors.txt
1085     - mv wsar_html.zip doxygen_{output,errors}.txt ..
1086     - cd ..
1087     - if [ -n "$MC_DESTINATION_DOCS" ] ; then mc --quiet cp wsar_html.zip "$MC_DESTINATION_DOCS/" ; fi
1088   after_script:
1089     - if [ "$CI_JOB_STATUS" != "success" ]; then exit 0 ; fi
1090   artifacts:
1091     paths:
1092     - doxygen_errors.txt
1093     - doxygen_output.txt
1094     - wsar_html.zip
1095   needs: []
1097 Code Lines and Data:
1098   extends: .build-ubuntu
1099   rules: !reference [.if-daily-schedule]
1100   stage: analysis
1101   variables:
1102     CLOC_OUT: /tmp/cloc.txt
1103     SCC_OUT: /tmp/scc.txt
1104     SLOC_OUT: /tmp/sloccount.txt
1105     TOKEI_OUT: /tmp/tokei.txt
1106   script:
1107     - DEBIAN_FRONTEND=noninteractive apt-get update
1108     - DEBIAN_FRONTEND=noninteractive apt-get --yes install sloccount cloc curl unzip
1109     - pushd /tmp
1110     - curl -L -O https://github.com/boyter/scc/releases/download/v3.0.0/scc-3.0.0-x86_64-unknown-linux.zip
1111     - unzip scc-3.0.0-x86_64-unknown-linux.zip
1112     - curl -L -O https://github.com/XAMPPRocky/tokei/releases/download/v12.1.2/tokei-x86_64-unknown-linux-gnu.tar.gz
1113     - tar -xf tokei-x86_64-unknown-linux-gnu.tar.gz
1114     - popd
1115     - printf "\e[0Ksection_start:%s:cmake_section[collapsed=true]\r\e[0KRunning CMake" "$( date +%s)"
1116     - cmake -G Ninja ..
1117     - printf "\e[0Ksection_end:%s:cmake_section\r\e[0K" "$( date +%s)"
1118     - ninja
1119     - cd ..
1120     - echo -n "cloc version:\ "
1121     - cloc --version
1122     - cloc --quiet . | tee $CLOC_OUT
1123     - /tmp/scc --version
1124     - /tmp/scc --not-match 'qt/.*.ts' . | tee $SCC_OUT
1125     - echo -n "SLOCCount version:\ "
1126     - sloccount --version
1127     - sloccount . | awk "/^Computing results/ { results=1 } { if (results) print }" | tee $SLOC_OUT
1128     - /tmp/tokei --version
1129     - /tmp/tokei --exclude 'qt/*.ts' . | tee $TOKEI_OUT
1130     - |
1131       cat > manuf <<FIN
1132       # This file was generated by TShark $(git describe --tags | sed -e 's/^v//') with the
1133       # command \`tshark -G manuf\`. Its canonical location is
1134       #
1135       # https://www.wireshark.org/download/automated/data/manuf.gz
1136       #
1137       # The first column contains the MAC address block (24, 28 or 36 bits wide,
1138       # per IEEE allocation sizes), the second column contains the shortened name
1139       # used by Wireshark for address name resolution and the third column contains the
1140       # full vendor name from the registry.
1141       #
1142       FIN
1143     - build/run/tshark -G manuf | sed -e 's,:00:00:00/24,,' >> manuf
1144     - gzip --best --keep manuf
1145     - if [ -n "$MC_DESTINATION_ANALYSIS" ] ; then mc --quiet cp "$CLOC_OUT" "$SCC_OUT" "$SLOC_OUT" "$TOKEI_OUT" "$MC_DESTINATION_ANALYSIS/" ; fi
1146     - if [ -n "$MC_DESTINATION_DATA" ] ; then mc --quiet cp manuf manuf.gz "$MC_DESTINATION_DATA/" ; fi
1147   artifacts:
1148     paths:
1149     - manuf
1150     - manuf.gz
1151   needs: []
1153 # Fuzz TShark using ASAN and valgrind.
1154 .fuzz-ubuntu:
1155   extends: .build-ubuntu
1156   retry: 0
1157   rules: !reference [.if-fuzz-schedule]
1158   tags:
1159     - wireshark-ubuntu-fuzz
1160   resource_group: fuzz-master
1161   variables:
1162     INSTALL_PREFIX: "$CI_PROJECT_DIR/_install"
1163     MIN_PLUGINS: 10
1164     MAX_PASSES: 15
1165   before_script:
1166     - source /clang-latest.env
1167     - DEBIAN_FRONTEND=noninteractive apt-get update
1168     # Use DPkg::options::="--force-overwrite" until
1169     # https://bugs.launchpad.net/ubuntu/+source/llvm-toolchain-15/+bug/2008755
1170     # https://github.com/llvm/llvm-project/issues/62104
1171     # are fixed.
1172     - DEBIAN_FRONTEND=noninteractive apt-get --yes --option DPkg::options::="--force-overwrite" install llvm-$CLANG_VERSION
1173     - mkdir -p ccache
1174     - mkdir /tmp/fuzz
1175     - mkdir build
1176     - cd build
1177   after_script:
1178     # The cache should be large enough to be useful but it shouldn't take
1179     # too long to restore+save each run.
1180     - ccache --max-size $( du --summarize --block-size=1M "$CI_PROJECT_DIR/build" | awk '{printf ("%dM", $1 * 1.5)}' )
1181     - if [ "$CI_JOB_STATUS" == "canceled" ]; then exit 0 ; fi
1182     - . /tmp/fuzz_result.sh
1183     - if $FUZZ_PASSED ; then exit 0 ; fi
1184     - echo Fuzzing failed. Generating report.
1185     - FUZZ_CAPTURE=$( find /tmp/fuzz -name "fuzz-*.pcap" -o -name "randpkt-*.pcap" | head -n 1 )
1186     - FUZZ_ERRORS="/tmp/fuzz/$( basename "$FUZZ_CAPTURE" .pcap ).err"
1187     - printf "\nfuzz-test.sh stderr:\n" >> "$FUZZ_ERRORS"
1188     - cat fuzz-test.err >> "$FUZZ_ERRORS"
1189     - if [ -n "$MC_DESTINATION_FUZZ" ] ; then mc --quiet cp "$FUZZ_CAPTURE" "$FUZZ_ERRORS" "$MC_DESTINATION_FUZZ/" ; fi
1191 ASan Menagerie Fuzz:
1192   extends: .fuzz-ubuntu
1193   stage: fuzz-asan
1194   variables:
1195     WIRESHARK_LOG_FATAL: "critical"
1196   script:
1197     - MAX_SECONDS=$(( 6 * 60 * 60 ))
1198     - printf "\e[0Ksection_start:%s:cmake_section[collapsed=true]\r\e[0KRunning CMake" "$( date +%s)"
1199     - cmake -G Ninja -DBUILD_wireshark=OFF -DCMAKE_BUILD_TYPE=Debug -DENABLE_ASAN=ON -DCMAKE_INSTALL_PREFIX=$INSTALL_PREFIX -DENABLE_CCACHE=ON -DENABLE_WERROR=Off ..
1200     - printf "\e[0Ksection_end:%s:cmake_section\r\e[0K" "$( date +%s)"
1201     - ninja
1202     - ninja install
1203     - cd ..
1204     - FUZZ_PASSED=true
1205     # /var/menagerie contains captures harvested from wireshark.org's mailing list, wiki, issues, etc.
1206     # We have more captures than we can fuzz in $MAX_SECONDS, so we shuffle them each run.
1207     - ./tools/fuzz-test.sh -a -2 -P $MIN_PLUGINS -b $INSTALL_PREFIX/bin -d /tmp/fuzz -t $MAX_SECONDS $( shuf -e /var/menagerie/*/* ) 2> fuzz-test.err || FUZZ_PASSED=false
1208     # Signal after_script, which runs in its own shell.
1209     - echo "export FUZZ_PASSED=$FUZZ_PASSED" > /tmp/fuzz_result.sh
1210     - $FUZZ_PASSED
1212 ASan randpkt Fuzz:
1213   extends: .fuzz-ubuntu
1214   stage: fuzz-randpkt
1215   variables:
1216     WIRESHARK_LOG_FATAL: "critical"
1217   script:
1218     # XXX Reuse fuzz-asan?
1219     - printf "\e[0Ksection_start:%s:cmake_section[collapsed=true]\r\e[0KRunning CMake" "$( date +%s)"
1220     - cmake -G Ninja -DBUILD_wireshark=OFF -DCMAKE_BUILD_TYPE=Debug -DENABLE_ASAN=ON -DCMAKE_INSTALL_PREFIX=$INSTALL_PREFIX -DENABLE_CCACHE=ON -DENABLE_WERROR=Off ..
1221     - printf "\e[0Ksection_end:%s:cmake_section\r\e[0K" "$( date +%s)"
1222     - ninja
1223     - ninja install
1224     - cd ..
1225     - FUZZ_PASSED=true
1226     - ./tools/randpkt-test.sh -a -b $INSTALL_PREFIX/bin -d /tmp/fuzz -p $MAX_PASSES 2> fuzz-test.err || FUZZ_PASSED=false
1227     - echo "export FUZZ_PASSED=$FUZZ_PASSED" > /tmp/fuzz_result.sh
1228     - $FUZZ_PASSED
1229   needs: [ 'ASan Menagerie Fuzz' ]
1231 Valgrind Menagerie Fuzz:
1232   extends: .fuzz-ubuntu
1233   stage: fuzz-valgrind
1234   resource_group: fuzz-master-valgrind
1235   variables:
1236     # Use DWARF-4 debug info. Valgrind does not support Clang 14 with DWARF-5.
1237     # https://gitlab.com/wireshark/wireshark/-/issues/18191
1238     # https://www.mail-archive.com/valgrind-users@lists.sourceforge.net/msg07239.html
1239     CFLAGS: "-gdwarf-4"
1240     WIRESHARK_LOG_FATAL: "critical"
1241   script:
1242     - DEBIAN_FRONTEND=noninteractive apt-get update
1243     - DEBIAN_FRONTEND=noninteractive apt-get --yes install valgrind
1244     - MAX_SECONDS=$(( 3 * 60 * 60 ))
1245     - printf "\e[0Ksection_start:%s:cmake_section[collapsed=true]\r\e[0KRunning CMake" "$( date +%s)"
1246     - cmake -G Ninja -DBUILD_wireshark=OFF -DCMAKE_BUILD_TYPE=Debug -DENABLE_ASAN=OFF -DCMAKE_INSTALL_PREFIX=$INSTALL_PREFIX -DENABLE_CCACHE=ON -DENABLE_WERROR=Off ..
1247     - printf "\e[0Ksection_end:%s:cmake_section\r\e[0K" "$( date +%s)"
1248     - ninja
1249     - ninja install
1250     - cd ..
1251     - FUZZ_PASSED=true
1252     - ./tools/fuzz-test.sh -g -P $MIN_PLUGINS -b $INSTALL_PREFIX/bin -d /tmp/fuzz -t $MAX_SECONDS $( shuf -e /var/menagerie/*/* ) 2> fuzz-test.err || FUZZ_PASSED=false
1253     - echo "export FUZZ_PASSED=$FUZZ_PASSED" > /tmp/fuzz_result.sh
1254     - $FUZZ_PASSED
1255   needs: [ 'ASan randpkt Fuzz' ]
1258 include:
1259   - template: Security/SAST.gitlab-ci.yml