stages: - bootstrap - build - test - archive variables: # we utilize the images generated by the build-images project, to # speed up CI runs. We also use ccache and store config.cache # to speed up compilation. We include a version number in cache # name to allow expiration of old caches. BUILD_IMAGES_PROJECT: gnutls/build-images DEBIAN_BUILD: buildenv-debian-testing DEBIAN_CROSS_BUILD: buildenv-debian-cross-testing DEBIAN_X86_CROSS_BUILD: buildenv-debian-x86-cross FEDORA_BUILD: buildenv-fedora34 MINGW_BUILD: buildenv-mingw-fedora34 ALPINE_BASE_BUILD: buildenv-alpine-base COMPILER: gcc CPPCHECK_OPTIONS: "--enable=warning --enable=performance --enable=portability --std=c99 --suppressions-list=devel/cppcheck.suppressions --template='{id}:{file}:{line},{severity},{message}'" GET_SOURCES_ATTEMPTS: "3" # With just one virtual core, parallel builds only make sense when # I/O wait is involved. If too many parallel builds are used, the overall # time even increases (e.g. due to more cache misses). # $BUILDJOBS seems to be best with $(nproc)+1, while $CHECKJOBS can be much # higher because several tests have a large I/O waiting time. # The numbers are hard-coded for the platforms without the nproc command. BUILDJOBS: 2 CHECKJOBS: 16 cache: key: "$CI_JOB_NAME-ver24" paths: - cache/ .prepare-ccache: &prepare-ccache # CCache Config - mkdir -p cache - export CCACHE_BASEDIR=${PWD} - export CCACHE_DIR=${PWD}/cache - export CCACHE_FILE=${CCACHE_DIR}/config.cache - export CC="ccache $COMPILER" default: before_script: - *prepare-ccache after_script: # after_script is executed in separate shell - *prepare-ccache - ccache -s .bootstrap: stage: bootstrap tags: - shared - linux script: - SUBMODULE_NOFETCH=1 ./bootstrap artifacts: expire_in: 1 day #when: on_failure paths: - ./ exclude: - .git/ # passing forward .git causes warnings and possibly problems - ./**/.git/ # passing forward .git causes warnings and possibly problems - ./**/*.c - ./**/*.h - ./**/*.o .build: stage: build tags: - shared - linux except: - tags # TODO artifacts: expire_in: 1 day #when: on_failure paths: - ./ exclude: - .git/ # passing forward .git causes warnings and possibly problems - ./**/.git/ # passing forward .git causes warnings and possibly problems - ./**/*.c - ./**/*.h - ./**/*.o .test: stage: test script: - make -j$CHECKJOBS check tags: - shared - linux except: - tags # TODO artifacts: expire_in: 1 week when: on_failure paths: - ./*.log - ./**/*.log .fedora: image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD .fedora-nettle: extends: - .fedora variables: COMPILER: clang NETTLE_DIR: nettle .debian: image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$DEBIAN_BUILD .debian-cross-i686: image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$DEBIAN_X86_CROSS_BUILD .debian-cross-other: image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$DEBIAN_CROSS_BUILD .mingw: image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$MINGW_BUILD variables: COMPILER: "${arch_name}-w64-mingw32-gcc" CFLAGS: "-fstack-protector" CXXFLAGS: "-fstack-protector" LDFLAGS: "-fstack-protector" WINEPATH: "/usr/${arch_name}-w64-mingw32/sys-root/mingw/bin" before_script: - *prepare-ccache - mount -t binfmt_misc binfmt_misc /proc/sys/fs/binfmt_misc - echo ':DOSWin:M::MZ::/usr/bin/wine:' > /proc/sys/fs/binfmt_misc/register .mingw-vista: variables: # Target Vista instead of XP, currently the default in mingw CPPFLAGS: "-D_WIN32_WINNT=0x600" .mingw32: extends: - .mingw variables: arch_bits: 32 arch_name: i686 .mingw64: extends: - .mingw variables: arch_bits: 64 arch_name: x86_64 ############################################################################## ############# Standalone checks without dependencies ######################### ############################################################################## commit-check: stage: test image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$ALPINE_BASE_BUILD needs: [] # can be run immediately before_script: [] after_script: [] except: - master@gnutls/gnutls cache: {} script: # we want $ALPINE_BASE_BUILD without git, so we are adding it here - apk add git bash - devel/check_if_signed retry: 0 doc-dist.Fedora: extends: - .test - .fedora needs: - fedora/bootstrap script: - GUILE=/usr/bin/guile2.2 - GUILD=/usr/bin/guild2.2 - guile_snarf=/usr/bin/guile-snarf2.2 - export GUILE GUILD guile_snarf - CFLAGS="-std=c99 -O2 -g" dash ./configure --disable-gcc-warnings --cache-file $CCACHE_FILE --prefix=/usr --libdir=/usr/lib64 --disable-cxx --disable-non-suiteb-curves --enable-gtk-doc --disable-maintainer-mode --with-pkcs12-iter-count=10000 - make -j$BUILDJOBS -C doc stamp-vti - make -j$BUILDJOBS -C doc stamp-1 - make -j$BUILDJOBS -C doc stamp_enums - make -j$BUILDJOBS - make -j$BUILDJOBS -C doc gnutls.html - texconfig rehash - make -j$BUILDJOBS -C doc/latex gnutls.pdf - DB2EPUBDIR=$(dirname $(find /usr/share/sgml/docbook/xsl-ns-stylesheets-*/epub/bin/ -name dbtoepub -print)) - PATH="$PATH:$DB2EPUBDIR" make -C doc gnutls.epub - make -j$CHECKJOBS distcheck # Two runs, one with normal backend and another with pkcs11 trust store UB+ASAN-Werror.Fedora.x86_64.gcc: extends: - .test - .fedora needs: - fedora/bootstrap script: - export UBSAN_OPTIONS=print_stacktrace=1 - export LSAN_OPTIONS=suppressions=$(pwd)/devel/lsan.supp - export CFLAGS="-std=c99 -O1 -g -Wno-cpp -Werror -fno-omit-frame-pointer -fsanitize=undefined,bool,alignment,null,enum,bounds-strict,address,leak,nonnull-attribute -fno-sanitize-recover=all -fsanitize-address-use-after-scope" - export CXXFLAGS="$CFLAGS" - dash ./configure --cache-file $CCACHE_FILE --disable-guile --disable-doc --disable-hardware-acceleration --with-pkcs12-iter-count=10000 - sed -i 's/-Werror/-Wno-parentheses -Werror/g' src/Makefile - make -j$BUILDJOBS # Use $BUILDJOBS since the fuzzers should use mainly CPU (no blocking I/O) - make -j$BUILDJOBS check -C fuzz - make -j$BUILDJOBS check -C fuzz GNUTLS_CPUID_OVERRIDE=0x1 - make -j$BUILDJOBS check -C fuzz GNUTLS_CPUID_OVERRIDE=0x2 - make -j$BUILDJOBS check -C fuzz GNUTLS_CPUID_OVERRIDE=0x4 - make -j$BUILDJOBS check -C fuzz GNUTLS_CPUID_OVERRIDE=0x8 - make -j$BUILDJOBS check -C fuzz GNUTLS_CPUID_OVERRIDE=0x20 - make -j$CHECKJOBS check -C tests - dash ./configure --cache-file $CCACHE_FILE --disable-guile --disable-doc --disable-hardware-acceleration --with-pkcs12-iter-count=10000 --with-default-trust-store-pkcs11="pkcs11:" --with-system-priority-file=/etc/crypto-policies/back-ends/gnutls.config --with-default-priority-string=@SYSTEM - make clean - sed -i 's/-Werror/-Wno-parentheses -Werror/g' src/Makefile - make -j$BUILDJOBS # Use $BUILDJOBS since most of the job is building all tests, then just running 4 tests - make -j$BUILDJOBS check -C tests TESTS="trust-store p11-kit-load.sh priority-init2 set-default-prio" SUBDIRS=. tags: - shared - linux except: - tags # Same as UB+ASAN-Werror.Fedora.x86_64.gcc, except -DAGGRESSIVE_REALLOC is set UB+ASAN-Werror-aggressive.Fedora.x86_64.gcc: extends: - .test - .fedora needs: - fedora/bootstrap script: - export UBSAN_OPTIONS=print_stacktrace=1 - export LSAN_OPTIONS=suppressions=$(pwd)/devel/lsan.supp - export CFLAGS="-std=c99 -O1 -g -Wno-cpp -Werror -fno-omit-frame-pointer -fsanitize=undefined,bool,alignment,null,enum,bounds-strict,address,leak,nonnull-attribute -fno-sanitize-recover=all -fsanitize-address-use-after-scope -DAGGRESSIVE_REALLOC" - export CXXFLAGS="$CFLAGS" - dash ./configure --cache-file $CCACHE_FILE --disable-guile --disable-doc --disable-hardware-acceleration --with-pkcs12-iter-count=10000 - sed -i 's/-Werror/-Wno-parentheses -Werror/g' src/Makefile - make -j$BUILDJOBS # Use $BUILDJOBS since the fuzzers should use mainly CPU (no blocking I/O) - make -j$BUILDJOBS check -C fuzz - make -j$BUILDJOBS check -C fuzz GNUTLS_CPUID_OVERRIDE=0x1 - make -j$BUILDJOBS check -C fuzz GNUTLS_CPUID_OVERRIDE=0x2 - make -j$BUILDJOBS check -C fuzz GNUTLS_CPUID_OVERRIDE=0x4 - make -j$BUILDJOBS check -C fuzz GNUTLS_CPUID_OVERRIDE=0x8 - make -j$BUILDJOBS check -C fuzz GNUTLS_CPUID_OVERRIDE=0x20 - make -j$CHECKJOBS check -C tests - dash ./configure --cache-file $CCACHE_FILE --disable-guile --disable-doc --disable-hardware-acceleration --with-pkcs12-iter-count=10000 --with-default-trust-store-pkcs11="pkcs11:" --with-system-priority-file=/etc/crypto-policies/back-ends/gnutls.config --with-default-priority-string=@SYSTEM - make clean - sed -i 's/-Werror/-Wno-parentheses -Werror/g' src/Makefile - make -j$BUILDJOBS # Use $BUILDJOBS since most of the job is building all tests, then just running 4 tests - make -j$BUILDJOBS check -C tests TESTS="trust-store p11-kit-load.sh priority-init2 set-default-prio" SUBDIRS=. tags: - shared - linux except: - tags ############################################################################## ########################### Fedora pipelines ################################# ############################################################################## fedora/bootstrap: extends: - .bootstrap - .fedora fedora-notools/build: extends: - .build - .fedora needs: - fedora/bootstrap script: - dash ./configure --cache-file $CCACHE_FILE --disable-gcc-warnings --disable-full-test-suite --disable-doc --disable-guile --disable-tools --enable-tests --with-pkcs12-iter-count=10000 - make -j$BUILDJOBS # build tests, but don't execute them - make -j$BUILDJOBS check TESTS="" fedora-notools/test: extends: - .test - .fedora dependencies: - fedora-notools/build needs: - fedora-notools/build fedora-minimal/build: extends: - .build - .fedora needs: - fedora/bootstrap script: - dnf remove -y libunistring-devel libtasn1-devel libidn-devel - dash ./configure --cache-file $CCACHE_FILE --with-included-libtasn1 --disable-doc --disable-dtls-srtp-support --disable-alpn-support --disable-tests --disable-heartbeat-support --disable-srp-authentication --disable-psk-authentication --disable-anon-authentication --disable-dhe --disable-ecdhe --disable-ocsp --disable-non-suiteb-curves --with-included-unistring --disable-nls --disable-libdane --without-p11-kit --without-tpm --disable-ssl3-support --disable-ssl2-support --disable-doc --enable-openssl-compatibility --disable-gcc-warnings --with-system-priority-file="" --disable-gost --disable-guile --with-pkcs12-iter-count=10000 - make -j$BUILDJOBS # build tests, but don't execute them - make -j$BUILDJOBS check TESTS="" fedora-minimal/test: extends: - .test - .fedora dependencies: - fedora-minimal/build needs: - fedora-minimal/build fedora-SSL-3.0/build: extends: - .build - .fedora needs: - fedora/bootstrap script: - update-crypto-policies --set LEGACY - dash ./configure --disable-tls13-interop --disable-gcc-warnings --cache-file $CCACHE_FILE --enable-sha1-support --enable-ssl3-support --enable-seccomp-tests --disable-doc --disable-guile --disable-strict-der-time --with-pkcs12-iter-count=10000 - make -j$BUILDJOBS # build tests, but don't execute them - make -j$BUILDJOBS check TESTS="" fedora-SSL-3.0/test: extends: - .test - .fedora dependencies: - fedora-SSL-3.0/build needs: - fedora-SSL-3.0/build fedora-FIPS140-2/build: extends: - .build - .fedora needs: - fedora/bootstrap script: - dash ./configure --disable-gcc-warnings --cache-file $CCACHE_FILE --disable-non-suiteb-curves --enable-fips140-mode --disable-doc --disable-full-test-suite --disable-guile --with-pkcs12-iter-count=10000 - make -j$BUILDJOBS # build tests, but don't execute them - GNUTLS_FORCE_FIPS_MODE=1 make -j$BUILDJOBS check TESTS="" fedora-FIPS140-2/test: extends: - .test - .fedora dependencies: - fedora-FIPS140-2/build needs: - fedora-FIPS140-2/build script: - GNUTLS_FORCE_FIPS_MODE=1 make -j$CHECKJOBS check .fedora-nettle/build: extends: - .build - .fedora-nettle needs: - fedora/bootstrap script: - git clone --depth 1 --branch master https://gitlab.com/gnutls/nettle.git nettle-git - pushd nettle-git - ./.bootstrap - ./configure --disable-documentation --prefix=${PWD}/$NETTLE_DIR $NETTLE_CONFIGURE_ARGS - make -j$BUILDJOBS - make -j$BUILDJOBS install - popd - PKG_CONFIG_PATH=${PWD}/$NETTLE_DIR/lib64/pkgconfig dash ./configure --disable-gcc-warnings --disable-doc --disable-guile --with-pkcs12-iter-count=10000 - make -j$BUILDJOBS - make -j$BUILDJOBS check TESTS="" .fedora-nettle/test: extends: - .test - .fedora-nettle script: - PKG_CONFIG_PATH=${PWD}/$NETTLE_DIR/lib64/pkgconfig LD_LIBRARY_PATH=${PWD}/$NETTLE_DIR/lib64 make -j$CHECKJOBS check fedora-nettle/build: extends: - .fedora-nettle/build variables: NETTLE_CONFIGURE_ARGS: "" fedora-nettle/test: extends: - .fedora-nettle/test dependencies: - fedora-nettle/build needs: - fedora-nettle/build fedora-nettle-minigmp/build: extends: - .fedora-nettle/build variables: NETTLE_CONFIGURE_ARGS: "--enable-mini-gmp" fedora-nettle-minigmp/test: extends: - .fedora-nettle/test dependencies: - fedora-nettle-minigmp/build needs: - fedora-nettle-minigmp/build fedora-valgrind/build: extends: - .build - .fedora needs: - fedora/bootstrap script: # gcc in fedora31 inlines strcmp in a way that causes valgrind errors - CFLAGS="-O2 -g -fno-builtin-strcmp" ./configure --disable-gcc-warnings --disable-doc --cache-file $CCACHE_FILE --disable-guile --disable-full-test-suite --enable-valgrind-tests --with-pkcs12-iter-count=10000 - make -j$BUILDJOBS - make -j$BUILDJOBS check TESTS="" only: - branches@gnutls/gnutls fedora-valgrind/test: extends: - .test - .fedora script: - GNUTLS_TEST_TIMEOUT=600000 make -j$(nproc) check dependencies: - fedora-valgrind/build needs: - fedora-valgrind/build timeout: 5h only: - branches@gnutls/gnutls fedora-valgrind-aggressive/build: extends: - .build - .fedora needs: - fedora/bootstrap script: # gcc in fedora31 inlines strcmp in a way that causes valgrind errors - CFLAGS="-O2 -g -fno-builtin-strcmp -DAGGRESSIVE_REALLOC" ./configure --disable-gcc-warnings --disable-doc --cache-file $CCACHE_FILE --disable-guile --disable-full-test-suite --enable-valgrind-tests --with-pkcs12-iter-count=10000 - make -j$BUILDJOBS - make -j$BUILDJOBS check TESTS="" only: - branches@gnutls/gnutls fedora-valgrind-aggressive/test: extends: - .test - .fedora script: - GNUTLS_TEST_TIMEOUT=600000 make -j$(nproc) check dependencies: - fedora-valgrind-aggressive/build needs: - fedora-valgrind-aggressive/build timeout: 5h only: - branches@gnutls/gnutls fedora-threadsan/build: extends: - .build - .fedora needs: - fedora/bootstrap script: - CFLAGS="-fsanitize=thread -g -O2" CXXFLAGS=$CFLAGS dash ./configure --disable-gcc-warnings --disable-doc --cache-file $CCACHE_FILE --disable-non-suiteb-curves --disable-guile --enable-fips140-mode --disable-full-test-suite --with-pkcs12-iter-count=10000 - make -j$BUILDJOBS - make -j$BUILDJOBS -C tests check SUBDIRS=. TESTS="" TSAN_OPTIONS="suppressions=$(pwd)/devel/tsan.supp" GNUTLS_SKIP_FIPS_INTEGRITY_CHECKS=1 GNUTLS_FORCE_FIPS_MODE=1 fedora-threadsan/test: extends: - .test - .fedora dependencies: - fedora-threadsan/build needs: - fedora-threadsan/build script: - make -j$CHECKJOBS -C tests check SUBDIRS=. TESTS="tls-pthread dtls-pthread fips-mode-pthread rng-pthread" TSAN_OPTIONS="suppressions=$(pwd)/devel/tsan.supp" GNUTLS_SKIP_FIPS_INTEGRITY_CHECKS=1 GNUTLS_FORCE_FIPS_MODE=1 fedora-static-analyzers/build: extends: - .build - .fedora needs: - fedora/bootstrap #TODO originally, before_script was set to "/bin/true".. is there a reason not to create the cache? script: - scan-build ./configure --cache-file $CCACHE_FILE --disable-doc --disable-guile --enable-fips140-mode --with-pkcs12-iter-count=10000 - make -j$BUILDJOBS syntax-check gnulib_dir=$GNULIB_SRCDIR - make -j$BUILDJOBS -C gl - scan-build --status-bugs -o scan-build-lib make -j$BUILDJOBS -C lib - scan-build --status-bugs -o scan-build-lib make -j$BUILDJOBS -C libdane - make -j$BUILDJOBS -C src/gl - scan-build --status-bugs -o scan-build-lib make -j$BUILDJOBS -C src #TODO originally, after_script was set to "/bin/true".. is there a reason not to create the cache? fedora-static-analyzers/test: extends: - .test - .fedora dependencies: - fedora-static-analyzers/build needs: - fedora-static-analyzers/build cache: paths: - cache/cppcheck script: - MYPYPATH=$PWD/python mypy python/*.py doc/scripts/*.py src/*.py - flake8 python/*.py doc/scripts/*.py src/*.py - mkdir -p cache/cppcheck - cppcheck --cppcheck-build-dir=cache/cppcheck --force -q -Ilib/includes -Igl/ -Ilib/ -I. --error-exitcode=1 lib/ -i lib/unistring -i lib/minitasn1 -i lib/nettle/backport -i lib/nettle/ecc -j2 $CPPCHECK_OPTIONS - cppcheck --cppcheck-build-dir=cache/cppcheck --force -q -Ilib/includes -Igl/ -Ilibdane/ -I. --error-exitcode=1 libdane/ -j2 $CPPCHECK_OPTIONS # TODO this does not work, so we keep using old job doc-dist.Fedora # Keeping it here until I figure it out. #fedora-docdist/build: # extends: # - .build # - .fedora # script: # - SUBMODULE_NOFETCH=1 ./bootstrap # - GUILE=/usr/bin/guile2.2 # - GUILD=/usr/bin/guild2.2 # - guile_snarf=/usr/bin/guile-snarf2.2 # - export GUILE GUILD guile_snarf # - CFLAGS="-std=c99 -O2 -g" dash ./configure --disable-gcc-warnings --cache-file $CCACHE_FILE --prefix=/usr --libdir=/usr/lib64 --disable-cxx --disable-non-suiteb-curves --enable-gtk-doc --disable-maintainer-mode # - make -j$BUILDJOBS -C doc stamp-vti # - make -j$BUILDJOBS -C doc stamp-1 # - make -j$BUILDJOBS -C doc stamp_enums # - make -j$BUILDJOBS # - make -j$BUILDJOBS -C doc gnutls.html # - make -j$BUILDJOBS -C doc/latex gnutls.pdf # - DB2EPUBDIR=$(dirname $(find /usr/share/sgml/docbook/xsl-ns-stylesheets-*/epub/bin/ -name dbtoepub -print)) # - PATH="$PATH:$DB2EPUBDIR" make -C doc gnutls.epub # # we don't throw away intermediate compilation results as /test job does some compiling, too # artifacts: # expire_in: 1 day # paths: # - ./ # exclude: # - .git/ # passing forward .git causes warnings and possibly problems # - ./**/.git/ # passing forward .git causes warnings and possibly problems # #fedora-docdist/test: # extends: # - .test # - .fedora # dependencies: # - fedora-docdist/build # needs: # - fedora-docdist/build # script: # shall we separate it to two jobs? # - export CFLAGS="-std=c99 -O2 -g" # - DB2EPUBDIR=$(dirname $(find /usr/share/sgml/docbook/xsl-ns-stylesheets-*/epub/bin/ -name dbtoepub -print)) # - PATH="$PATH:$DB2EPUBDIR" make -C doc gnutls.epub # - make -j$CHECKJOBS distcheck fedora-abicoverage/build: extends: - .build - .fedora needs: - fedora/bootstrap script: - GUILE=/usr/bin/guile2.2 - GUILD=/usr/bin/guild2.2 - guile_snarf=/usr/bin/guile-snarf2.2 - export GUILE GUILD guile_snarf - CFLAGS="-g -Og" dash ./configure --disable-gcc-warnings --cache-file $CCACHE_FILE --prefix=/usr --libdir=/usr/lib64 --enable-code-coverage --disable-maintainer-mode --disable-doc --with-pkcs12-iter-count=10000 - make -j$BUILDJOBS - make -j$BUILDJOBS check TESTS="" tags: - shared - linux except: - tags fedora-abicoverage/test: extends: - .test - .fedora dependencies: - fedora-abicoverage/build needs: - fedora-abicoverage/build script: - make abi-check - make pic-check - make -j$CHECKJOBS check - make local-code-coverage-output || true - if objdump -R lib/.libs/libgnutls.so | grep INTERNAL ; then false ; fi artifacts: expire_in: 1 week when: on_failure paths: - ./*.xml - ./*.log - ./**/*.log - gnutls-prev-abi.tmp/ - compat_reports/ ############################################################################## ########################### Debian pipelines ################################# ############################################################################## debian/bootstrap: extends: - .bootstrap - .debian debian/build: extends: - .build - .debian needs: - debian/bootstrap script: - dash ./configure --enable-oldgnutls-interop --disable-gcc-warnings --cache-file $CCACHE_FILE --disable-doc --disable-guile --with-pkcs12-iter-count=10000 LDFLAGS='-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,now' - make -j$BUILDJOBS - make -j$BUILDJOBS check TESTS="" debian/test: extends: - .test - .debian dependencies: - debian/build needs: - debian/build .debian-cross/build: extends: - .build script: - build=$(dpkg-architecture -qDEB_HOST_GNU_TYPE) - host=$(echo $CI_JOB_NAME |cut -d/ -f2) - echo "host is $host" # not setting CC_FOR_BUILD paired with qemu-user/binfmt somehow causes # config.guess to detect the target as the build platform and not activate # cross-compile mode even though --build is given - export CC_FOR_BUILD="ccache gcc" - export CC="ccache $host-gcc" # Debian's softhsm package is not multiarch yet. Missing softhsm libraries # for the target will cause the test suite to fail when p11-kit is enabled. - dash ./configure --build=$build --host=$host --disable-gcc-warnings --cache-file $CCACHE_FILE --disable-doc --disable-guile --without-p11-kit --disable-full-test-suite --with-pkcs12-iter-count=10000 - make -j$BUILDJOBS # build tests, but don't execute them - make -j$BUILDJOBS check TESTS="" tags: - shared - docker - linux .debian-cross/test: extends: - .test script: - make pic-check # Parallel tests cause random failures, likely timing errors - make -j1 check tags: - shared - docker - linux debian-cross-i686/bootstrap: extends: - .bootstrap - .debian-cross-i686 debian-cross/i686-linux-gnu/build: # name is important, see .debian-cross/build extends: - .debian-cross/build - .debian-cross-i686 needs: - debian-cross-i686/bootstrap debian-cross/i686-linux-gnu/test: extends: - .debian-cross/test - .debian-cross-i686 dependencies: - debian-cross/i686-linux-gnu/build needs: - debian-cross/i686-linux-gnu/build debian-cross-other/bootstrap: extends: - .bootstrap - .debian-cross-other debian-cross/arm-linux-gnueabihf/build: # name is important, see .debian-cross/build extends: - .debian-cross/build - .debian-cross-other needs: - debian-cross-other/bootstrap debian-cross/arm-linux-gnueabihf/test: extends: - .debian-cross/test - .debian-cross-other dependencies: - debian-cross/arm-linux-gnueabihf/build needs: - debian-cross/arm-linux-gnueabihf/build timeout: 2h debian-cross/aarch64-linux-gnu/build: # name is important, see .debian-cross/build extends: - .debian-cross/build - .debian-cross-other needs: - debian-cross-other/bootstrap debian-cross/aarch64-linux-gnu/test: extends: - .debian-cross/test - .debian-cross-other dependencies: - debian-cross/aarch64-linux-gnu/build needs: - debian-cross/aarch64-linux-gnu/build timeout: 2h allow_failure: true ############################################################################## ########################### MinGW pipelines ################################## ############################################################################## .mingw/build: extends: - .build script: # - mount -t binfmt_misc binfmt_misc /proc/sys/fs/binfmt_misc # - echo ':DOSWin:M::MZ::/usr/bin/wine:' > /proc/sys/fs/binfmt_misc/register - dash ./configure --disable-gcc-warnings --host=${arch_name}-w64-mingw32 --target=${arch_name}-w64-mingw32 --cache-file $CCACHE_FILE --with-included-libtasn1 --disable-guile --disable-nls --with-included-unistring --disable-non-suiteb-curves --disable-full-test-suite --disable-doc --with-pkcs12-iter-count=10000 - mingw${arch_bits}-make -j$BUILDJOBS - mingw${arch_bits}-make -j$BUILDJOBS -C tests check TESTS="" .mingw/test: extends: - .test script: - mingw${arch_bits}-make -j$CHECKJOBS -C tests check .mingw/archive: stage: archive # TODO this should be here, but I want to see if it works without tagging # only: # - tags script: # Combine generated apps and DLLs. #libwinpthread is required by libgcc #libffi is required by libp11-kit - mkdir -p win${arch_bits}-build/bin win${arch_bits}-build/lib/includes - cp lib/.libs/*.dll src/.libs/*.exe win${arch_bits}-build/bin - ${arch_name}-w64-mingw32-strip --strip-unneeded win${arch_bits}-build/bin/*.dll - ${arch_name}-w64-mingw32-strip win${arch_bits}-build/bin/*.exe - cp /usr/${arch_name}-w64-mingw32/sys-root/mingw/bin/libp11-*.dll win${arch_bits}-build/bin - cp /usr/${arch_name}-w64-mingw32/sys-root/mingw/bin/libnettle-*.dll win${arch_bits}-build/bin - cp /usr/${arch_name}-w64-mingw32/sys-root/mingw/bin/libhogweed-*.dll win${arch_bits}-build/bin - cp /usr/${arch_name}-w64-mingw32/sys-root/mingw/bin/libgmp-*.dll win${arch_bits}-build/bin - cp /usr/${arch_name}-w64-mingw32/sys-root/mingw/bin/libgcc*.dll win${arch_bits}-build/bin - cp /usr/${arch_name}-w64-mingw32/sys-root/mingw/bin/libwinpthread*.dll win${arch_bits}-build/bin - cp /usr/${arch_name}-w64-mingw32/sys-root/mingw/bin/libidn2-*.dll win${arch_bits}-build/bin - cp /usr/${arch_name}-w64-mingw32/sys-root/mingw/bin/libffi-*.dll win${arch_bits}-build/bin - cp lib/.libs/*.a lib/*.def lib/gnutls.pc win${arch_bits}-build/lib - cp lib/includes/gnutls/*.h win${arch_bits}-build/lib/includes artifacts: name: "${CI_PROJECT_NAME}-${CI_JOB_NAME}-${CI_COMMIT_REF_NAME}" paths: - win${arch_bits}-build/ mingw/bootstrap: extends: - .bootstrap - .mingw mingw64/build: extends: - .mingw/build - .mingw64 needs: - mingw/bootstrap mingw64/test: extends: - .mingw/test - .mingw64 dependencies: - mingw64/build needs: - mingw64/build mingw64/archive: extends: - .mingw/archive - .mingw64 dependencies: - mingw64/build needs: # archive only if tests successful - mingw64/build - mingw64/test mingw64-vista/build: extends: - .mingw/build - .mingw64 - .mingw-vista needs: - mingw/bootstrap mingw64-vista/test: extends: - .mingw/test - .mingw64 - .mingw-vista dependencies: - mingw64-vista/build needs: - mingw64-vista/build mingw64-vista/archive: extends: - .mingw/archive - .mingw64 - .mingw-vista dependencies: - mingw64-vista/build needs: # archive only if tests successful - mingw64-vista/build - mingw64-vista/test mingw32/build: extends: - .mingw/build - .mingw32 needs: - mingw/bootstrap mingw32/test: extends: - .mingw/test - .mingw32 dependencies: - mingw32/build needs: - mingw32/build mingw32/archive: extends: - .mingw/archive - .mingw32 dependencies: - mingw32/build needs: # archive only if tests successful - mingw32/build - mingw32/test mingw32-vista/build: extends: - .mingw/build - .mingw32 - .mingw-vista needs: - mingw/bootstrap mingw32-vista/test: extends: - .mingw/test - .mingw32 - .mingw-vista dependencies: - mingw32-vista/build needs: - mingw32-vista/build mingw32-vista/archive: extends: - .mingw/archive - .mingw32 - .mingw-vista dependencies: - mingw32-vista/build needs: # archive only if tests successful - mingw32-vista/build - mingw32-vista/test