# SPDX-License-Identifier: GPL-3.0-or-later # vim:foldmethod=marker variables: DEBIAN_FRONTEND: noninteractive LC_ALL: C.UTF-8 GIT_SUBMODULE_STRATEGY: recursive GIT_STRATEGY: clone # sometimes unclean submodule dirs otherwise RESPDIFF_PRIORITY: 5 DISTROTEST_PRIORITY: 6 RESPDIFF_COUNT: 1 RESPDIFF_FORCE: 0 RESPERF_FORCE: 0 KNOT_VERSION: '3.3' LIBKRES_ABI: 9 LIBKRES_NAME: libkres MESON_TEST: meson test -C build_ci* -t 4 --print-errorlogs PREFIX: $CI_PROJECT_DIR/.local EMAIL: 'ci@nic' # IMAGE_TAG is a Git branch/tag name from https://gitlab.nic.cz/knot/knot-resolver-ci # In general, keep it pointing to a tag - use a branch only for development. # More info in the knot-resolver-ci repository. IMAGE_TAG: 'v20240924' IMAGE_PREFIX: '$CI_REGISTRY/knot/knot-resolver-ci' image: $IMAGE_PREFIX/debian12-knot_3_3:$IMAGE_TAG default: interruptible: true tags: - docker - linux - amd64 stages: - build - sanity - test - respdiff - deploy - pkg # https://docs.gitlab.com/ce/ci/jobs/job_control.html#select-different-runner-tags-for-each-parallel-matrix-job .multi_platform: &multi_platform parallel: matrix: - PLATFORM: [ amd64, arm64 ] tags: # some will override this part - ${PLATFORM} - docker - linux .common: &common except: refs: - master@knot/knot-resolver - master@knot/security/knot-resolver - tags variables: - $SKIP_CI == "1" tags: - docker - linux - amd64 # Tests which decided to skip themselves get orange non-failure. allow_failure: exit_codes: - 77 .after_build: &after_build <<: *common needs: - build-stable before_script: # meson detects changes and performs useless rebuild; hide the log - ninja -C build_ci* &>/dev/null - rm build_ci*/meson-logs/testlog*.txt # start with clean testlog artifacts: when: always # The deckard-specific parts are a little messy, but they're hard to separate in YAML. paths: - build_ci*/meson-logs/testlog*.txt - tmpdeckard* - build_ci*/meson-logs/integration.deckard.junit.xml reports: junit: build_ci*/meson-logs/integration.deckard.junit.xml .after_build_arch: &after_build_arch <<: *after_build image: $IMAGE_PREFIX/arch:$IMAGE_TAG needs: - build-arch .nodep: &nodep <<: *common needs: [] # build {{{ .build: &build <<: *common stage: build artifacts: when: always paths: - .local - build_ci* - pkg reports: junit: build_ci*/meson-logs/testlog.junit.xml before_script: - "echo \"PATH: $PATH\"" - "echo \"Using Python at: $(which python)\"" after_script: - ci/fix-meson-junit.sh build_ci*/meson-logs/testlog.junit.xml archive: <<: *build except: null script: - apkg make-archive build-arch: <<: *build image: $IMAGE_PREFIX/arch:$IMAGE_TAG script: - meson build_ci_arch --prefix=$PREFIX -Dmalloc=disabled -Dwerror=true - ninja -C build_ci_arch - ninja -C build_ci_arch install >/dev/null - ${MESON_TEST} --suite unit --suite config --suite dnstap --no-suite snowflake build-stable: <<: *build script: - meson build_ci_stable --prefix=$PREFIX -Dmalloc=disabled -Dwerror=true -Dextra_tests=enabled -Dbench=enabled - ninja -C build_ci_stable - ninja -C build_ci_stable install >/dev/null - ${MESON_TEST} --suite unit --suite config --suite dnstap --no-suite snowflake # This is currently the same as stable - uncomment this once Knot 3.4 is # released and we are building against that, to keep sanity-checking the 3.3 # support. # #build-deb12-knot33: # <<: *build # image: $IMAGE_PREFIX/debian12-knot_3_3:$IMAGE_TAG # script: # - meson build_ci_deb12_knot33 --prefix=$PREFIX -Dmalloc=disabled -Dwerror=true -Dextra_tests=enabled # - ninja -C build_ci_deb12_knot33 # - ninja -C build_ci_deb12_knot33 install >/dev/null # - ${MESON_TEST} --suite unit --suite config --suite dnstap --no-suite snowflake build-deb12-knot-master: <<: *build image: $IMAGE_PREFIX/debian12-knot_master:$IMAGE_TAG script: - meson build_ci_deb12_knot_master --prefix=$PREFIX -Dmalloc=disabled -Dwerror=true -Dextra_tests=enabled - ninja -C build_ci_deb12_knot_master - ninja -C build_ci_deb12_knot_master install >/dev/null - ${MESON_TEST} --suite unit --suite config --suite dnstap --no-suite snowflake allow_failure: true build-stable-asan-gcc: <<: *build script: - CFLAGS=-fno-sanitize-recover=all meson build_ci_asan_gcc --prefix=$PREFIX -Dmalloc=jemalloc -Db_sanitize=address,undefined -Dextra_tests=enabled - ninja -C build_ci_asan_gcc - ninja -C build_ci_asan_gcc install >/dev/null - MESON_TESTTHREADS=1 ${MESON_TEST} --suite unit --suite dnstap --no-suite skip_asan --no-suite snowflake - MESON_TESTTHREADS=1 ASAN_OPTIONS=detect_leaks=0 ${MESON_TEST} --suite config --no-suite skip_asan --no-suite snowflake # TODO: Clang sanitizer seems to be broken in the current version of Debian. Use # GCC above and maybe re-enable the Clang one once we update at some point. #build-stable-asan-clang: # <<: *build # script: # # issues with UBSan and ASan in CI: # # - `ahocorasick.so` causes C++ problems # # - `--default-library=shared` causes link problems # - CC=clang CXX=clang++ CFLAGS=-fno-sanitize-recover=all CXXFLAGS=-fno-sanitize=undefined meson build_ci_asan_clang --default-library=static --prefix=$PREFIX -Dmalloc=jemalloc -Db_sanitize=address,undefined -Dextra_tests=enabled # - ninja -C build_ci_asan_clang # - ninja -C build_ci_asan_clang install >/dev/null # # TODO _leaks: not sure what exactly is wrong in leak detection on config tests # # TODO skip_asan: all three of these disappear locally when using gcc 9.1 (except some leaks) # - MESON_TESTTHREADS=1 ASAN_OPTIONS=detect_leaks=0 ${MESON_TEST} --suite unit --suite config --suite dnstap --no-suite skip_asan --no-suite snowflake build:macOS: <<: *nodep image: python:3-alpine only: refs: - branches@knot/knot-resolver stage: build when: delayed start_in: 3 minutes # allow some time for mirroring, job creation script: - pip3 install -U requests - python3 ./ci/gh_actions.py ${CI_COMMIT_REF_NAME} ${CI_COMMIT_SHA} .docker: &docker <<: *nodep except: null image: docker:latest variables: DOCKER_HUB_REGISTRY: cznic/knot-resolver GITLAB_REGISTRY: ${CI_REGISTRY}/knot/knot-resolver/cross-platform tags: - amd64 - dind docker:build: <<: *docker <<: *multi_platform stage: build except: - tags script: - docker buildx build --no-cache -t knot-resolver:${PLATFORM} . after_script: - docker rmi --force knot-resolver:${PLATFORM} - docker rmi $(docker images -f "dangling=true" -q) tags: - ${PLATFORM} - dind docker:build:cross-platform: <<: *docker stage: build only: - master@knot/knot-resolver - tags before_script: - > docker buildx create --name kres-builder --driver docker-container --bootstrap --use - echo "$CI_REGISTRY_PASSWORD" | docker login $CI_REGISTRY -u $CI_REGISTRY_USER --password-stdin script: - > docker buildx build --no-cache --platform linux/amd64,linux/arm64/v8,linux/arm/v7 --provenance=false --pull --push --tag ${GITLAB_REGISTRY}:${CI_COMMIT_REF_NAME} . docker:test:cross-platform: <<: *docker <<: *multi_platform stage: test only: - tags - master@knot/knot-resolver needs: - docker:build:cross-platform image: name: ${GITLAB_REGISTRY}:${CI_COMMIT_REF_NAME} entrypoint: [""] before_script: - apt-get update - apt-get -y install knot-dnsutils curl git - /usr/bin/knot-resolver -c /etc/knot-resolver/config.yaml > knot-resolver.log & script: # check that the resolver responds to queries - kdig nic.cz @localhost#53 - kdig +tcp nic.cz @localhost#53 - kdig +tls nic.cz @localhost#853 - kdig +https nic.cz @localhost#443 # run some packaging tests - tests/packaging/kresctl.sh - tests/packaging/interactive/etag.sh - tests/packaging/interactive/schema.sh - tests/packaging/interactive/reload.sh - tests/packaging/interactive/metrics.sh - tests/packaging/interactive/cache-clear.sh - tests/packaging/interactive/workers.sh - kresctl stop artifacts: when: always paths: - knot-resolver.log tags: - docker - ${PLATFORM} dockerhub:deploy: <<: *docker stage: deploy when: manual only: - tags needs: - docker:test:cross-platform before_script: - echo "$DOCKER_HUB_TOKEN" | docker login -u $DOCKER_HUB_USER --password-stdin script: - > docker buildx imagetools create -t ${DOCKER_HUB_REGISTRY}:${CI_COMMIT_REF_NAME} -t ${DOCKER_HUB_REGISTRY}:6 ${GITLAB_REGISTRY}:${CI_COMMIT_REF_NAME} # }}} # sanity {{{ .sanity: &sanity <<: *nodep stage: sanity authors: <<: *sanity only: refs: - /^release.*$/ script: - LC_ALL=en_US.UTF-8 scripts/update-authors.sh news: <<: *sanity only: refs: - /^release.*$/ script: - head -n 1 NEWS | grep -q $(date +%Y-%m-%d) trivial_checks: # aggregated to save some processing <<: *sanity script: - ci/no_assert_check.sh - ci/deckard_commit_check.sh lint:luacheck: <<: *sanity script: - meson build_ci_lint &>/dev/null - ninja -C build_ci* luacheck lint:pedantic: <<: *after_build stage: sanity script: - meson build_pedantic_gcc -Dwerror=true -Dc_args='-Wpedantic' -Dextra_tests=enabled - ninja -C build_pedantic_gcc - > CC=clang CXX=clang++ meson build_pedantic_clang -Dwerror=true -Dextra_tests=enabled -Dc_args=' -Wpedantic -Wno-newline-eof -Wno-gnu-zero-variadic-macro-arguments -Wno-gnu-folding-constant' - ninja -C build_pedantic_clang lint:tidy: <<: *after_build_arch stage: sanity script: - ninja -C build_ci* tidy # Coverity reference: https://www.synopsys.com/blogs/software-security/integrating-coverity-scan-with-gitlab-ci/ lint:coverity: <<: *sanity image: $IMAGE_PREFIX/coverity:$IMAGE_TAG only: refs: - nightly@knot/knot-resolver - coverity@knot/knot-resolver script: - meson build_ci_cov --prefix=$PREFIX - /opt/cov-analysis/bin/cov-build --dir cov-int ninja -C build_ci_cov - tar cfz cov-int.tar.gz cov-int - curl https://scan.coverity.com/builds?project=$COVERITY_SCAN_PROJECT_NAME --form token=$COVERITY_SCAN_TOKEN --form email="knot-resolver@labs.nic.cz" --form file=@cov-int.tar.gz --form version="`git describe --tags`" --form description="`git describe --tags` / $CI_COMMIT_TITLE / $CI_COMMIT_REF_NAME:$CI_PIPELINE_ID" --fail-with-body .kres-gen: &kres-gen <<: *sanity script: - meson build_ci_lib --prefix=$PREFIX -Dkres_gen_test=false - ninja -C build_ci_lib daemon/kresd - ninja -C build_ci_lib kres-gen - git diff --quiet || (git diff; exit 1) kres-gen-33: <<: *kres-gen image: $IMAGE_PREFIX/debian12-knot_3_3:$IMAGE_TAG root.hints: <<: *sanity only: refs: - /^release.*$/ script: - scripts/update-root-hints.sh ci-image-is-tag: <<: *sanity image: alpine:3 variables: GIT_STRATEGY: none script: - apk add git - ( git ls-remote --tags --exit-code https://gitlab.nic.cz/knot/knot-resolver-ci.git refs/tags/$IMAGE_TAG && echo "Everything is OK!" ) || (echo "'$IMAGE_TAG' is not a tag (probably a branch). Make sure to set it to a tag in production!"; exit 2) # }}} # test {{{ .test_flaky: &test_flaky <<: *after_build stage: test retry: max: 1 when: - script_failure deckard: <<: *test_flaky # Deckard won't work with jemalloc due to a faketime bug: # https://github.com/wolfcw/libfaketime/issues/130 only: # trigger job only in repos under our control (privileged runner required) - branches@knot/knot-resolver - branches@knot/security/knot-resolver tags: - privileged - amd64 variables: TMPDIR: $CI_PROJECT_DIR script: - ${MESON_TEST} --suite integration respdiff:basic: <<: *after_build stage: test needs: - build-stable-asan-gcc script: - ulimit -n "$(ulimit -Hn)" # applies only for kresd ATM - ./ci/respdiff/start-resolvers.sh - ./ci/respdiff/run-respdiff-tests.sh udp - $PREFIX/sbin/kres-cache-gc -c . -u 0 # simple GC sanity check - cat results/respdiff.txt - echo 'test if mismatch rate < 1.0 %' - grep -q '^target disagrees.*0\.[0-9][0-9] %' results/respdiff.txt after_script: - killall --wait kresd artifacts: when: always paths: - kresd.log* - results/*.txt - results/*.png - results/respdiff.db/data.mdb* - ./*.info test:valgrind: <<: *test_flaky script: - > ${MESON_TEST} --suite unit --suite config --no-suite skip_valgrind --no-suite snowflake --wrap="valgrind --leak-check=full --trace-children=yes --quiet --suppressions=/lj.supp" - > MESON_TESTTHREADS=1 ${MESON_TEST} --no-suite skip_valgrind --wrap="valgrind --leak-check=full --trace-children=yes --quiet --suppressions=/lj.supp" --suite snowflake manager: stage: test needs: [] trigger: include: .gitlab-ci.manager.yml strategy: depend except: refs: - master@knot/knot-resolver - master@knot/security/knot-resolver - tags variables: - $SKIP_CI == "1" pytests: <<: *test_flaky needs: - build-stable-asan-gcc artifacts: when: always paths: - build_ci*/meson-logs/testlog*.txt - tests/pytests/*.html - tests/pytests/*.junit.xml reports: # Can't have multiple junit XMLs? junit: tests/pytests/pytests.parallel.junit.xml script: - ${MESON_TEST} --suite pytests # }}} # respdiff {{{ .condor: &condor <<: *common tags: - condor needs: [] only: # trigger job only in repos under our control - branches@knot/knot-resolver - branches@knot/security/knot-resolver # The set of respdiff+resperf jobs takes over two hours to execute. when: manual .respdiff: &respdiff <<: *condor stage: respdiff script: - git diff-index --name-only origin/master | grep -qEv '^(AUTHORS|ci/|config.mk|COPYING|distro/|doc/|etc/|NEWS|README.md|scripts/|tests/|\.gitignore|\.gitlab-ci\.yml|\.travis\.yml)' || test $RESPDIFF_FORCE -gt 0 || exit 77 - test ! -f /var/tmp/respdiff-jobs/buffer/buffer_$RESPDIFF_TEST_stats.json || test $RESPDIFF_FORCE -gt 0 || ( echo "Reference unstable, try again in ~3h or use RESPDIFF_FORCE=1."; exit 1 ) - export LABEL=gl$(date +%s) - export COMMITDIR="/var/tmp/respdiff-jobs/$(git rev-parse --short HEAD)-$LABEL" - export TESTDIR="$COMMITDIR/$RESPDIFF_TEST" - ln -s $COMMITDIR respdiff_commitdir - > sudo -u respdiff /var/opt/respdiff/contrib/job_manager/submit.py -w -p $RESPDIFF_PRIORITY -c $RESPDIFF_COUNT $(sudo -u respdiff /var/opt/respdiff/contrib/job_manager/create.py "$(git rev-parse --short HEAD)" -l $LABEL -t $RESPDIFF_TEST --knot-branch=$KNOT_VERSION --respdiff-stats /var/tmp/respdiff-jobs/ref_current/*_${RESPDIFF_TEST}_stats.json) - for f in $TESTDIR/*.json; do test -s "$f" || (cat $TESTDIR/*stderr*; cat $TESTDIR/j*_docker.txt; exit 1); done - sudo -u respdiff /var/opt/respdiff/contrib/job_manager/plot_ref.sh $TESTDIR/.. /var/tmp/respdiff-jobs/ref_current $RESPDIFF_TEST after_script: - 'cp -t . respdiff_commitdir/$RESPDIFF_TEST/j* ||:' - 'cp -t . respdiff_commitdir/*$RESPDIFF_TEST*.png ||:' - 'cat respdiff_commitdir/$RESPDIFF_TEST/*histogram.tar.gz | tar -xf - -i ||:' artifacts: when: always expire_in: 1 week paths: - ./j* - ./*.png - ./*histogram/* fwd-tls6-kresd.udp6: <<: *respdiff variables: RESPDIFF_TEST: shortlist.fwd-tls6-kresd.udp6 fwd-udp6-kresd.udp6: <<: *respdiff variables: RESPDIFF_TEST: shortlist.fwd-udp6-kresd.udp6 iter.udp6: <<: *respdiff variables: RESPDIFF_TEST: shortlist.iter.udp6 iter.tls6: <<: *respdiff variables: RESPDIFF_TEST: shortlist.iter.tls6 fwd-udp6-unbound.udp6: <<: *respdiff variables: RESPDIFF_TEST: shortlist.fwd-udp6-unbound.udp6 fwd-udp6-unbound.tcp6: <<: *respdiff variables: RESPDIFF_TEST: shortlist.fwd-udp6-unbound.tcp6 fwd-udp6-unbound.tls6: <<: *respdiff variables: RESPDIFF_TEST: shortlist.fwd-udp6-unbound.tls6 .resperf: &resperf <<: *condor stage: respdiff script: - git diff-index --name-only origin/master | grep -qEv '^(AUTHORS|ci/|config.mk|COPYING|distro/|doc/|etc/|NEWS|README.md|scripts/|tests/|\.gitignore|\.gitlab-ci\.yml|\.travis\.yml)' || test $RESPERF_FORCE -gt 0 || exit 77 - export LABEL=gl$(date +%s) - export COMMITDIR="/var/tmp/respdiff-jobs/$(git rev-parse --short HEAD)-$LABEL" - export TESTDIR="$COMMITDIR/$RESPERF_TEST" - ln -s $COMMITDIR resperf_commitdir - > sudo -u respdiff /var/opt/respdiff/contrib/job_manager/submit.py -w $(sudo -u respdiff /var/opt/respdiff/contrib/job_manager/create.py "$(git rev-parse --short HEAD)" -l $LABEL --asan -t $RESPERF_TEST --knot-branch=$KNOT_VERSION) - export EXITCODE=$(cat $TESTDIR/j*_exitcode) - if [[ "$EXITCODE" == "0" ]]; then cat $TESTDIR/j*_resperf.txt; else cat $TESTDIR/j*_docker.txt; fi - exit $EXITCODE after_script: - 'cp -t . resperf_commitdir/$RESPERF_TEST/j* ||:' artifacts: when: always expire_in: 1 week paths: - ./j* rp:fwd-tls6.udp-asan: <<: *resperf variables: RESPERF_TEST: resperf.fwd-tls6.udp rp:fwd-udp6.udp-asan: <<: *resperf variables: RESPERF_TEST: resperf.fwd-udp6.udp rp:iter.udp-asan: <<: *resperf variables: RESPERF_TEST: resperf.iter.udp # }}} # deploy {{{ # copy snapshot of current master to nightly branch for further processing # (this is workaround for missing complex conditions for job limits in Gitlab) nightly:copy: stage: deploy needs: [] only: variables: - $CREATE_NIGHTLY == "1" refs: - master@knot/knot-resolver script: - 'tmp_file=$(mktemp)' # delete nightly branch - 'STATUS=$(curl --request PUT --header "PRIVATE-TOKEN: $GITLAB_API_TOKEN" -s -o ${tmp_file} -w "%{http_code}" "https://gitlab.nic.cz/api/v4/projects/147/repository/branches/nightly/unprotect")' - '[ "x${STATUS}" == "x200" ] || { cat ${tmp_file}; rm ${tmp_file}; exit 1; }' # no output from DELETE command - 'STATUS=$(curl --request DELETE --header "PRIVATE-TOKEN: $GITLAB_API_TOKEN" -s -o ${tmp_file} -w "%{http_code}" "https://gitlab.nic.cz/api/v4/projects/147/repository/branches/nightly")' # recreate nightly branch from current master - 'STATUS=$(curl --request POST --header "PRIVATE-TOKEN: $GITLAB_API_TOKEN" -s -o ${tmp_file} -w "%{http_code}" "https://gitlab.nic.cz/api/v4/projects/147/repository/branches?branch=nightly&ref=master")' - '[ "x${STATUS}" == "x201" ] || { cat ${tmp_file}; rm ${tmp_file}; exit 1; }' - 'STATUS=$(curl --request PUT --header "PRIVATE-TOKEN: $GITLAB_API_TOKEN" -s -o ${tmp_file} -w "%{http_code}" "https://gitlab.nic.cz/api/v4/projects/147/repository/branches/nightly/protect")' - '[ "x${STATUS}" == "x200" ] || { cat ${tmp_file}; rm ${tmp_file}; exit 1; }' - 'rm ${tmp_file}' obs:trigger: &obs_trigger stage: deploy only: variables: - $OBS_REPO dependencies: # wait for previous stages to finish - archive environment: name: OBS/$OBS_REPO url: https://build.opensuse.org/package/show/home:CZ-NIC:$OBS_REPO/knot-resolver tags: - condor allow_failure: false # required to make when: manual action blocking script: - python3 -m venv ./venv - source ./venv/bin/activate - pip install --upgrade pip - pip install apkg - scripts/ci/make-obs.sh - echo y | scripts/ci/build-in-obs.sh $OBS_REPO obs:release: <<: *obs_trigger only: - tags variables: OBS_REPO: knot-resolver-latest when: manual obs:odvr: <<: *obs_trigger stage: pkg # last stage to ensure it doesn't block anything only: - tags variables: OBS_REPO: knot-resolver-odvr when: manual # }}} # pkg {{{ .pkg_deb_extras: &pkg_deb_extras before_script: - apt update .enable_repo_build: &enable_repo_build before_script: - ./scripts/ci/enable-repo-cznic-labs.sh knot-dns .pkg_test: &pkg_test stage: pkg needs: - pkg:make-archive tags: - lxc - amd64 script: # make sure the archive from pkg:make-archive is available - apkg info cache | grep archive/dev - apkg install --build-dep - apkg test --test-dep after_script: - journalctl -u knot-resolver.service artifacts: expire_in: 1 week paths: - pkg/pkgs/ .pkg_test_user: &pkg_test_user <<: *pkg_test script: - apkg info cache | grep archive/dev - apkg build-dep --test-dep - apkg make-archive - chgrp -R test . - chmod -R g+rwX . - find -type d -exec chmod g+s {} + - git config core.sharedRepository group - sudo -u test git config --global --add safe.directory '*' - sudo -u test apkg build - apkg install - apkg test .pkg_test_deb: &pkg_test_deb <<: *pkg_test <<: *pkg_deb_extras pkg:make-archive: # archive is created once and reused in other pkg jobs <<: *pkg_deb_extras stage: pkg image: $CI_REGISTRY/packaging/apkg/full/ubuntu-24.04 tags: - lxc - amd64 needs: [] artifacts: paths: - pkg/ script: - apkg build-dep - apkg make-archive pkg:debian-12: <<: *pkg_test_deb <<: *enable_repo_build image: $CI_REGISTRY/packaging/apkg/full/debian-12 pkg:debian-11: <<: *pkg_test_deb <<: *enable_repo_build image: $CI_REGISTRY/packaging/apkg/full/debian-11 pkg:ubuntu-24.10: <<: *pkg_test_deb image: $CI_REGISTRY/packaging/apkg/full/ubuntu-24.10 pkg:ubuntu-24.04: <<: *pkg_test_deb image: $CI_REGISTRY/packaging/apkg/full/ubuntu-24.04 pkg:ubuntu-22.04: <<: *pkg_test_deb <<: *enable_repo_build image: $CI_REGISTRY/packaging/apkg/full/ubuntu-22.04 pkg:ubuntu-20.04: <<: *pkg_test_deb <<: *enable_repo_build image: $CI_REGISTRY/packaging/apkg/full/ubuntu-20.04 pkg:fedora-41: <<: *pkg_test image: $CI_REGISTRY/packaging/apkg/full/fedora-41 pkg:fedora-40: <<: *pkg_test image: $CI_REGISTRY/packaging/apkg/full/fedora-40 pkg:alma-9: <<: *pkg_test image: $CI_REGISTRY/packaging/apkg/full/alma-9 before_script: # python-watchdog is not included in the official Alma 9 packages # install it using PyPi just for testing - pip3 install watchdog pkg:arch: <<: *pkg_test_user image: $CI_REGISTRY/packaging/apkg/full/arch before_script: # prometheus and watchdog are optional dependencies, but our `apkg test` needs them - pacman -Syu --noconfirm python-prometheus_client python-watchdog # RHEL 8 derivatives would need more work due to *default* python being old #pkg:rocky-8: # <<: *pkg_test # image: $CI_REGISTRY/packaging/apkg/full/rocky-8 # Leap 15.4 would need more work due to *default* python being old #pkg:opensuse-15.4: # <<: *pkg_test # <<: *enable_repo_build # image: $CI_REGISTRY/packaging/apkg/full/opensuse-15.4 # allow_failure: true # SUSE is always special # }}} # docs: {{{ docs:build: stage: build needs: [] script: - git submodule update --init --recursive - pip3 install -U -r doc/requirements.txt - pip3 install -U sphinx_rtd_theme - meson build_doc -Ddoc=enabled - ninja -C build_doc doc artifacts: paths: - doc/html # This job deploys the Knot Resolver documentation into a development # environment, which may be found at # . # The actual URL is found in the `environment.url` property, where # $CI_PROJECT_NAMESPACE will be "knot" on the upstream GitLab. docs:develop: stage: deploy needs: - docs:build except: refs: - tags script: - echo "Propagating artifacts into develop environment" artifacts: paths: - doc/html environment: name: docs-develop/$CI_COMMIT_REF_NAME url: https://www.knot-resolver.cz/documentation/artifacts/$CI_JOB_ID/index.html # This job deploys the Knot Resolver documentation into a release environment, # which may be found at # . # The actual URL is found in the `environment.url` property, where # $CI_PROJECT_NAMESPACE will be "knot" on the upstream GitLab. # The job requires the `DOCS_ENV_NAME` variable to be set by the user. docs:release: stage: deploy needs: - docs:build only: refs: - tags script: echo "Propagating artifacts into release environment" artifacts: paths: - doc/html environment: name: docs-release/$CI_COMMIT_TAG url: https://www.knot-resolver.cz/documentation/artifacts/$CI_JOB_ID/index.html # This job deploys the current docs as pages: stage: deploy needs: - docs:build script: mv doc/html public when: manual artifacts: paths: - public # This job pushes the Knot Resolver documentation into a new branch of the # `websites/knot-resolver.cz` repository. docs:website: stage: deploy needs: - docs:build when: manual variables: script: - "SRC_COMMIT_REF=\"$CI_COMMIT_TAG$CI_COMMIT_BRANCH$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME\"" - "git clone \"https://gitlab-ci-token:$WEBSITE_DOCS_CI_TOKEN@$CI_SERVER_HOST:$CI_SERVER_PORT/websites/knot-resolver.cz.git\" website" - "cp --recursive --verbose \"doc/html\" \"website/content/documentation/$SRC_COMMIT_REF\"" - cd website - "git checkout -b \"docs/$SRC_COMMIT_REF\"" - "git add \"content/documentation/$SRC_COMMIT_REF\"" - "git commit -m \"docs: $SRC_COMMIT_REF\"" - "git push --force --set-upstream origin \"docs/$SRC_COMMIT_REF\"" # }}}