stages: - initialization - stage1-testing - stage2-testing # we utilize the images generated by the build-images project, to # speed up CI runs. variables: BUILD_IMAGES_PROJECT: gnutls/build-images DEBIAN_BUILD: buildenv-debian-stretch FEDORA_BUILD: buildenv-f25 FEDORA_X86_BUILD: buildenv-f23-x86 GET_SOURCES_ATTEMPTS: "3" ################ # Initialization ################ init/Fedora/x86_64: stage: initialization image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD script: - make autoreconf tags: - shared artifacts: untracked: true expire_in: 1 day ######################################## # Stage 1, syntax and simple build+check ######################################## # Main build (used in stage2) - compile with C99 ABI-check/Fedora/x86_64: stage: stage1-testing image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD script: - CFLAGS="-std=c99 -O2 -g" ./configure --prefix=/usr --libdir=/usr/lib64 --disable-cxx --enable-code-coverage --disable-non-suiteb-curves --disable-maintainer-mode --disable-doc && make -j$(nproc) - make abi-check - make pic-check tags: - shared except: - tags dependencies: - init/Fedora/x86_64 artifacts: untracked: true expire_in: 1 day syntax-check/Fedora/x86_64: stage: stage1-testing image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD script: - ./configure --prefix=/usr --libdir=/usr/lib64 --disable-cxx --disable-non-suiteb-curves --disable-maintainer-mode --disable-guile - make syntax-check tags: - shared dependencies: - init/Fedora/x86_64 except: - tags cppcheck/Fedora/x86_64: stage: stage1-testing image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD script: - ./configure --prefix=/usr --libdir=/usr/lib64 --disable-cxx --disable-non-suiteb-curves --disable-maintainer-mode --disable-guile --enable-fips140-mode - cppcheck --force -q -Ilib/include -Igl/ -Ilib/ -I. --error-exitcode=1 lib/ -i lib/unistring - cppcheck --force -q -Ilib/include -Igl/ -Ilibdane/ -I. --error-exitcode=1 libdane/ tags: - shared except: - tags dependencies: - init/Fedora/x86_64 artifacts: expire_in: 1 week when: on_failure paths: - ./*.log - tests/*.log - tests/*/*.log ################################################## # Stage 2, documentation, and advanced checks ################################################## dist/Fedora: stage: stage2-testing image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD script: - git submodule update --init - CFLAGS="-std=c99 -O2 -g" ./configure --prefix=/usr --libdir=/usr/lib64 --disable-cxx --disable-non-suiteb-curves --enable-gtk-doc --disable-maintainer-mode && make -C doc stamp-vti && make -C doc stamp-1 && make -j$(nproc) - make -C doc gnutls.html - PATH="$PATH:/usr/share/sgml/docbook/xsl-stylesheets-1.79.1/epub/bin/" make -C doc gnutls.epub && make -C doc/latex gnutls.pdf - make dist tags: - shared dependencies: - init/Fedora/x86_64 except: - tags coverage/Fedora: stage: stage2-testing image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD script: - git submodule update --init - make -j$(nproc) check - make local-code-coverage-output || true tags: - shared dependencies: - ABI-check/Fedora/x86_64 except: - tags artifacts: expire_in: 1 week when: always paths: - GnuTLS*-coverage/* minimal/Fedora/x86_64: stage: stage2-testing image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD script: - dnf remove -y libunistring-devel libtasn1-devel libidn-devel && ./configure --with-included-libtasn1 --enable-valgrind-tests --disable-doc --disable-dtls-srtp-support --disable-alpn-support --disable-rsa-export --disable-heartbeat-support --disable-srp-authentication --disable-psk-authentication --disable-anon-authentication --disable-dhe --disable-ecdhe --disable-openpgp-authentication --disable-ocsp --disable-session-tickets --disable-non-suiteb-curves --with-included-unistring --disable-nls --disable-crywrap --disable-libdane --without-p11-kit --without-tpm --disable-ssl3-support --disable-ssl2-support --without-zlib --disable-doc --disable-tests --enable-openssl-compatibility && make -j$(nproc) dependencies: - init/Fedora/x86_64 tags: - shared except: - tags no-SSL-3.0/Fedora/x86_64: stage: stage2-testing image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD script: - mkdir -p build && cd build && ../configure --disable-ssl3-support --disable-ssl2-support --disable-full-test-suite --enable-seccomp-tests --disable-doc --disable-guile && make -j$(nproc) && make check -j$(nproc) tags: - shared except: - tags dependencies: - init/Fedora/x86_64 artifacts: expire_in: 1 week when: on_failure paths: - build/guile/tests/*.log - build/tests/*.log - build/*.log - build/tests/*/*.log - build/tests/suite/*/*.log FIPS140-2/Fedora/x86_64: stage: stage2-testing image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD script: - mkdir -p build && cd build && ../configure --disable-non-suiteb-curves --enable-fips140-mode --disable-doc --disable-full-test-suite --disable-guile - make -j$(nproc) - GNUTLS_SKIP_FIPS_INTEGRITY_CHECKS=1 GNUTLS_FORCE_FIPS_MODE=1 make check -j$(nproc) - make check -j$(nproc) tags: - shared except: - tags dependencies: - init/Fedora/x86_64 artifacts: when: on_failure paths: - build/guile/tests/*.log - build/tests/*.log - build/tests/*/*.log IDNA2003/Fedora/x86_64: stage: stage2-testing image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD script: - mkdir -p build && cd build && ../configure --without-libidn2 --disable-doc --disable-guile --disable-full-test-suite && make -j$(nproc) && make check -j$(nproc) tags: - shared except: - tags dependencies: - init/Fedora/x86_64 artifacts: when: on_failure paths: - build/guile/tests/*.log - build/tests/*.log - build/tests/*/*.log no-openpgp/Fedora/x86_64: stage: stage2-testing image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD script: - mkdir -p build && cd build && ../configure --disable-openpgp-authentication --disable-doc --disable-guile --disable-full-test-suite - make -j$(nproc) - make abi-check - make check -j$(nproc) tags: - shared except: - tags dependencies: - init/Fedora/x86_64 artifacts: when: on_failure paths: - build/guile/tests/*.log - build/tests/*.log - build/tests/*/*.log - build/compat_reports/* valgrind/Fedora/x86_64: stage: stage2-testing image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD script: - ./configure --disable-doc --disable-guile --disable-full-test-suite --enable-valgrind-tests - make -j$(nproc) - make check -j$(nproc) tags: - shared except: - tags dependencies: - init/Fedora/x86_64 artifacts: expire_in: 1 week when: on_failure paths: - ./*.log - tests/*.log - tests/*/*.log no-tools/Fedora/x86_64: stage: stage2-testing image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD script: - ./configure --disable-full-test-suite --disable-doc --disable-guile --disable-tools --enable-tests - make -j$(nproc) - make -j$(nproc) check tags: - shared except: - tags dependencies: - init/Fedora/x86_64 artifacts: expire_in: 1 week when: on_failure paths: - ./*.log - tests/*.log - tests/*/*.log asan/Fedora/x86_64: stage: stage2-testing image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD script: - git submodule update --init - CFLAGS="-fsanitize=address -g -O2" LDFLAGS="-static-libasan" ./configure --disable-doc --disable-non-suiteb-curves --disable-guile - make -j$(nproc) - make check -j$(nproc) tags: - shared except: - tags dependencies: - init/Fedora/x86_64 artifacts: expire_in: 1 week when: on_failure paths: - ./*.log - tests/*.log - tests/*/*.log - tests/suite/*/*.log clang-analyzer/Fedora/x86_64: stage: stage2-testing image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD script: - scan-build ./configure --disable-doc --disable-guile --enable-fips140-mode --enable-valgrind-tests - make -j$(nproc) -C gl - scan-build --status-bugs -o scan-build-lib make -j$(nproc) -C lib - scan-build --status-bugs -o scan-build-libdane make -j$(nproc) -C libdane tags: - shared except: - tags dependencies: - init/Fedora/x86_64 artifacts: expire_in: 1 week when: on_failure paths: - scan-build-lib/* - scan-build-libdane/* MinGW32/DLLs: stage: stage2-testing image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD script: - mount -t binfmt_misc binfmt_misc /proc/sys/fs/binfmt_misc && echo ':DOSWin:M::MZ::/usr/bin/wine:' > /proc/sys/fs/binfmt_misc/register && rm -f tests/suite/mini-eagain2.c - mingw32-configure --with-included-libtasn1 --disable-nls --disable-guile --with-included-unistring --enable-local-libopts --disable-non-suiteb-curves --disable-doc && mingw32-make -j$(nproc) && mingw32-make -C tests check -j$(nproc) # Combine generated apps and DLLs. #libwinpthread is required by libgcc #libffi is required by libp11-kit - mkdir -p win32-build/bin && mkdir -p win32-build/lib/includes && cp lib/.libs/*.dll src/.libs/*.exe win32-build/bin && i686-w64-mingw32-strip --strip-unneeded win32-build/bin/*.dll && i686-w64-mingw32-strip win32-build/bin/*.exe && cp /usr/i686-w64-mingw32/sys-root/mingw/bin/libp11-*.dll win32-build/bin && cp /usr/i686-w64-mingw32/sys-root/mingw/bin/libnettle-*.dll win32-build/bin && cp /usr/i686-w64-mingw32/sys-root/mingw/bin/libhogweed-*.dll win32-build/bin && cp /usr/i686-w64-mingw32/sys-root/mingw/bin/libgmp-*.dll win32-build/bin && cp /usr/i686-w64-mingw32/sys-root/mingw/bin/libgcc*.dll win32-build/bin && cp /usr/i686-w64-mingw32/sys-root/mingw/bin/libwinpthread*.dll win32-build/bin && cp /usr/i686-w64-mingw32/sys-root/mingw/bin/libidn2-*.dll win32-build/bin && cp /usr/i686-w64-mingw32/sys-root/mingw/bin/iconv*.dll win32-build/bin && cp /usr/i686-w64-mingw32/sys-root/mingw/bin/libffi-*.dll win32-build/bin && cp lib/.libs/*.a lib/*.def lib/gnutls.pc win32-build/lib && cp lib/includes/gnutls/*.h win32-build/lib/includes dependencies: - init/Fedora/x86_64 tags: - shared - docker only: - tags artifacts: paths: - win32-build/ MinGW64/DLLs: stage: stage2-testing image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD script: - mount -t binfmt_misc binfmt_misc /proc/sys/fs/binfmt_misc && echo ':DOSWin:M::MZ::/usr/bin/wine:' > /proc/sys/fs/binfmt_misc/register && rm -f tests/suite/mini-eagain2.c - mingw64-configure --with-included-libtasn1 --disable-guile --disable-nls --with-included-unistring --enable-local-libopts --disable-non-suiteb-curves --disable-doc && mingw64-make -j$(nproc) && mingw64-make -C tests check -j$(nproc) # Combine generated apps and DLLs. #libwinpthread is required by libgcc #libffi is required by libp11-kit - mkdir -p win64-build/bin && mkdir -p win64-build/lib/includes && cp lib/.libs/*.dll src/.libs/*.exe win64-build/bin && x86_64-w64-mingw32-strip --strip-unneeded win64-build/bin/*.dll && x86_64-w64-mingw32-strip win64-build/bin/*.exe && cp /usr/x86_64-w64-mingw32/sys-root/mingw/bin/libp11-*.dll win64-build/bin && cp /usr/x86_64-w64-mingw32/sys-root/mingw/bin/libnettle-*.dll win64-build/bin && cp /usr/x86_64-w64-mingw32/sys-root/mingw/bin/libhogweed-*.dll win64-build/bin && cp /usr/x86_64-w64-mingw32/sys-root/mingw/bin/libgmp-*.dll win64-build/bin && cp /usr/x86_64-w64-mingw32/sys-root/mingw/bin/libgcc*.dll win64-build/bin && cp /usr/x86_64-w64-mingw32/sys-root/mingw/bin/libwinpthread*.dll win64-build/bin && cp /usr/x86_64-w64-mingw32/sys-root/mingw/bin/libidn2-*.dll win64-build/bin && cp /usr/x86_64-w64-mingw32/sys-root/mingw/bin/iconv*.dll win64-build/bin && cp /usr/x86_64-w64-mingw32/sys-root/mingw/bin/libffi-*.dll win64-build/bin && cp lib/.libs/*.a lib/*.def lib/gnutls.pc win64-build/lib && cp lib/includes/gnutls/*.h win64-build/lib/includes tags: - shared - docker only: - tags dependencies: - init/Fedora/x86_64 artifacts: paths: - win64-build/ MinGW64: stage: stage2-testing image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD script: - mount -t binfmt_misc binfmt_misc /proc/sys/fs/binfmt_misc && echo ':DOSWin:M::MZ::/usr/bin/wine64:' > /proc/sys/fs/binfmt_misc/register && rm -f tests/suite/mini-eagain2.c && mkdir -p build && cd build && mingw64-configure --with-included-libtasn1 --disable-guile --with-included-unistring --enable-local-libopts --without-p11-kit --disable-non-suiteb-curves --disable-doc && mingw64-make -j$(nproc) && mingw64-make -C tests check -j$(nproc) tags: - shared - docker except: - tags dependencies: - init/Fedora/x86_64 artifacts: expire_in: 1 week when: on_failure paths: - build/*.log - build/tests/*.log - build/tests/*/*.log MinGW32: stage: stage2-testing image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD script: - mount -t binfmt_misc binfmt_misc /proc/sys/fs/binfmt_misc && echo ':DOSWin:M::MZ::/usr/bin/wine:' > /proc/sys/fs/binfmt_misc/register && rm -f tests/suite/mini-eagain2.c && mkdir -p build && cd build && mingw32-configure --with-included-libtasn1 --disable-guile --with-included-unistring --enable-local-libopts --without-p11-kit --disable-non-suiteb-curves --disable-doc && mingw32-make -j$(nproc) && mingw32-make -C tests check -j$(nproc) tags: - shared - docker except: - tags dependencies: - init/Fedora/x86_64 artifacts: expire_in: 1 week when: on_failure paths: - build/*.log - build/tests/*.log - build/tests/*/*.log # That is a specific runner that we cannot enable universally. # We restrict it to builds under the $BUILD_IMAGES_PROJECT project. FreeBSD10/x86_64: stage: stage2-testing image: before_script: - /usr/bin/true script: - gmake autoreconf && rm -f tests/suite/mini-eagain2.c && LIBS="-L/usr/local/lib" ./configure --with-included-libtasn1 --disable-guile --with-included-unistring --disable-doc && gmake -j$(sysctl hw.ncpu | awk '{print $2}') && gmake check -j$(sysctl hw.ncpu | awk '{print $2}') tags: - freebsd only: - branches@$BUILD_IMAGES_PROJECT except: - tags artifacts: expire_in: 1 week when: on_failure paths: - ./*.log - tests/*.log - tests/*/*.log # We need a clean 32-bit fedora for testing Fedora/x86: stage: stage2-testing image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_X86_BUILD script: - git submodule update --init - make autoreconf && mkdir -p build && cd build && ../configure --build=i686-redhat-linux --target=i686-redhat-linux --disable-cxx --enable-local-libopts --disable-non-suiteb-curves --enable-seccomp-tests --disable-doc --disable-guile && make -j$(nproc) && make check -j$(nproc) && make pic-check tags: - shared except: - tags dependencies: [] artifacts: expire_in: 1 week when: on_failure paths: - build/*.log - build/tests/*.log - build/tests/*/*.log - build/tests/suite/*/*.log ubsan-Werror/Fedora/x86_64: stage: stage2-testing image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD script: - git submodule update --init - CFLAGS="-fsanitize=undefined -fno-sanitize-recover -g -O2" LDFLAGS="-static-libubsan" ./configure --disable-non-suiteb-curves --disable-guile --disable-doc - make -j$(nproc) -C gl - make -j$(nproc) -C lib CFLAGS="-Werror -O2 -g" - make -j$(nproc) -C libdane CFLAGS="-Werror -O2 -g" - make -j$(nproc) - make check -j$(nproc) tags: - shared except: - tags dependencies: - init/Fedora/x86_64 artifacts: when: on_failure paths: - guile/tests/*.log - ./*.log - tests/*.log - tests/*/*.log - tests/suite/*/*.log build/Debian/x86_64: stage: stage2-testing image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$DEBIAN_BUILD script: - git submodule update --init - make autoreconf && mkdir -p build && cd build && ../configure --disable-doc --disable-guile && make -j$(nproc) && make check -j$(nproc) tags: - shared except: - tags dependencies: [] artifacts: when: on_failure paths: - build/guile/tests/*.log - build/*.log - build/tests/*.log - build/tests/*/*.log - build/tests/suite/*/*.log