variables: DEBIAN_FRONTEND: noninteractive LC_ALL: C.UTF-8 GIT_SUBMODULE_STRATEGY: recursive GIT_STRATEGY: clone # sometimes unclean submodule dirs otherwise PREFIX: $CI_PROJECT_DIR/.local LD_LIBRARY_PATH: $CI_PROJECT_DIR/.local/lib RESPDIFF_PRIORITY: 5 RESPDIFF_COUNT: 1 RESPDIFF_FORCE: 0 RESPERF_FORCE: 0 KNOT_VERSION: '2.7' image: $CI_REGISTRY/knot/knot-resolver/ci/debian-buster:knot-$KNOT_VERSION stages: - build - test - coverage - extended - deploy .build: &build variables: CFLAGS: -ggdb stage: build except: - master script: - rm daemon/lua/kres-gen.lua - make -k all - STATUS="$(git status --untracked-files=normal --porcelain)" - test -n "${STATUS}" && echo "${STATUS}" && echo "Build + install made working tree dirty, did you forget to update something?" && exit 2 - make install artifacts: untracked: true tags: - docker - linux - amd64 build:linux:amd64: <<: *build build:asan:linux:amd64: <<: *build variables: CFLAGS: -ggdb3 -O0 -fsanitize=address -fno-omit-frame-pointer build:turris:omnia: image: $CI_REGISTRY/knot/knot-resolver/ci/turris:omnia stage: build except: - master script: - ./scripts/make-archive.sh - cp knot-resolver*.tar.xz /tmp/turris/dl/ - ./scripts/make-distrofiles.sh - cp -r distro/turris /tmp/turris/package/knot-resolver - pushd /tmp/turris - export PATH=$PATH:$PWD/staging_dir/toolchain-*/bin - USE_CCACHE=n make CC=arm-openwrt-linux-gcc CXX=arm-openwrt-linux-g++ LD=arm-openwrt-linux-ld -C $PWD V=s - popd - cp /tmp/turris/bin/mvebu-musl/packages/base/*.ipk ./ artifacts: paths: - "*.ipk" tags: - docker - linux - amd64 lint:pedantic: stage: test # could be in build already, but let's not block the test stage if this fails dependencies: [] # do not download build artifacts except: - master image: $CI_REGISTRY/knot/knot-resolver/ci/debian-unstable:knot-$KNOT_VERSION # newer Debian for newer compilers variables: CFLAGS: -Werror -Wall -Wpedantic -ggdb -std=gnu11 script: - make -k all - make clean - make -k all CC=clang CXX=clang++ \ CFLAGS="$CFLAGS -Wno-newline-eof -Wno-gnu-zero-variadic-macro-arguments -Wno-gnu-folding-constant" tags: - docker - linux - amd64 srpm: stage: build except: - master allow_failure: true # don't block testing pipeline in case of failure image: $CI_REGISTRY/knot/knot-resolver/ci/fedora script: - scripts/make-srpm.sh artifacts: when: always expire_in: '1 week' paths: - "*.src.rpm" tags: - docker - linux - amd64 lint:lua: stage: test except: - master dependencies: [] # do not download build artifacts script: - make lint-lua tags: - docker lint:c: stage: test except: - master image: $CI_REGISTRY/knot/knot-resolver/ci/debian-unstable:knot-$KNOT_VERSION # newer Debian for newer Clang dependencies: [] # do not download build artifacts script: - make lint-c CLANG_TIDY="clang-tidy -quiet" tags: - docker lint:clang-scan-build: stage: test except: - master image: $CI_REGISTRY/knot/knot-resolver/ci/debian-unstable:knot-$KNOT_VERSION # newer Debian for newer Clang dependencies: [] # do not download build artifacts script: - MAKEFLAGS="-k -j$(nproc)" SCAN_BUILD="scan-build -o scan-results --status-bugs -no-failure-reports" ./tests/clang_scan_build.sh make || true - test "$(ls scan-results/*/report-*.html | wc -l)" = 6 # we have this many errors ATM :-) artifacts: when: on_failure expire_in: '1 day' paths: - scan-results tags: - docker test:linux:amd64: stage: test except: - master script: # recompile everything otherwise lcov will bark because Git files will be "newer" than gcda files # this is caused by interaction between Git approach to timestamps and Gitlab artifacts - git clean -xdf - make - MAKEFLAGS="--jobs $(nproc)" make -k check - MAKEFLAGS="--jobs $(nproc)" test "${COVERAGE:-0}" -eq 1 && make coverage-c COVERAGE_STAGE=gcov-check || echo "code coverage skipped" dependencies: [] artifacts: expire_in: 1 hour paths: - ./*.info tags: - docker - linux - amd64 docker:build: stage: test image: docker:latest except: - master tags: - dind dependencies: [] variables: DOCKER_IMAGE_NAME: knot-resolver-test:${CI_COMMIT_SHA} script: - docker build --no-cache -t ${DOCKER_IMAGE_NAME} . - echo "quit()" | docker run -i ${DOCKER_IMAGE_NAME} after_script: # remove dangling images to avoid running out of disk space - docker rmi ${DOCKER_IMAGE_NAME} - docker rmi $(docker images -f "dangling=true" -q) installcheck:linux:amd64: # TODO use debian-buster once lua packet resize issue is resolved image: $CI_REGISTRY/knot/knot-resolver/ci/debian-stable:knot-$KNOT_VERSION stage: test except: - master script: # recompile everything otherwise lcov will bark because Git files will be "newer" than gcda files # this is caused by interaction between Git approach to timestamps and Gitlab artifacts - git clean -xdf - make install - MAKEFLAGS="--jobs $(nproc) --keep-going" make -k installcheck - MAKEFLAGS="--jobs $(nproc)" test "${COVERAGE:-0}" -eq 1 && make coverage-c coverage-lua COVERAGE_STAGE=gcov-installcheck || echo "code coverage skipped" dependencies: [] artifacts: expire_in: 1 hour paths: - ./*.info tags: - docker - linux - amd64 doc: stage: test except: - master script: - SPHINXFLAGS="-W" make doc dependencies: [] artifacts: expire_in: 1 hour paths: - ./doc/* tags: - docker deckard:linux:amd64: stage: test except: refs: - master variables: # prevent unstable test from cancelling nightly OBS build - $SKIP_DECKARD == "1" variables: TMPDIR: $CI_PROJECT_DIR script: - DECKARDFLAGS="-n $(nproc)" PATH="$PREFIX/sbin:$PATH" make check-integration # these errors are side-effect of Git way of handling file timestamps - MAKEFLAGS="--jobs $(nproc)" test "${COVERAGE:-0}" -eq 1 && make coverage-c coverage-lua COVERAGE_STAGE=gcov-deckard 2>&1 | grep -vE '(source file is newer than notes file)|(the message is displayed only once per source file)' || echo "code coverage skipped" dependencies: - build:linux:amd64 artifacts: when: always paths: - ./*.info - tmpdeckard* expire_in: 1 week tags: - docker - linux - amd64 installcheck:valgrind:linux:amd64: stage: test except: - master script: - DEBUGGER="valgrind --leak-check=full --trace-children=yes --quiet --suppressions=/lj.supp" make -k installcheck dependencies: - build:linux:amd64 tags: - docker - linux - amd64 osx:build: stage: test except: - master script: - ci/travis.py ${CI_COMMIT_REF_NAME} dependencies: [] tags: - docker # temporarily disabled - we need to fix issues first #deckard:linux:amd64:valgrind: # stage: test # script: # # TODO: valgrind missing parameter --error-exitcode=1 to fail make on error # - cd tests/deckard && DAEMON=valgrind ADDITIONAL="--leak-check=full --trace-children=yes --quiet --suppressions=/lj.supp $PREFIX/sbin/kresd -f 1" MAKEFLAGS="-j $(nproc) --keep-going" make # artifacts: # when: on_failure # expire_in: 1 week # paths: # - tmpdeckard* # dependencies: # - build:linux:amd64 # tags: # - docker # - linux # - amd64 test:linux:amd64:valgrind: stage: test except: - master variables: TMPDIR: $CI_PROJECT_DIR script: - DEBUGGER="valgrind --error-exitcode=1 --leak-check=full --trace-children=yes --quiet --suppressions=/lj.supp" make -k check dependencies: - build:linux:amd64 tags: - docker - linux - amd64 pytests:lint: stage: test dependencies: [] except: - master script: - ./ci/pytests/lint.sh tags: - docker - linux - amd64 pytests:run: stage: test dependencies: - build:asan:linux:amd64 except: - master script: - pushd tests/pytests/proxy && make all && popd - PATH="$PREFIX/sbin:$PATH" ./ci/pytests/run.sh &> pytests.log.txt after_script: - tail -1 pytests.log.txt - echo "See pytests.html or pytests.log.txt for full report." artifacts: when: always expire_in: 1 week paths: - pytest* tags: - docker - linux - amd64 pytests:extended: stage: extended dependencies: - build:asan:linux:amd64 except: - master script: - PATH="$PREFIX/sbin:$PATH" ./ci/pytests/run-extended.sh tags: - docker - linux - amd64 .respdiff: &respdiff stage: extended dependencies: [] only: # trigger job only in repos under our control - branches@knot/knot-resolver - branches@knot/knot-resolver-security except: - master script: - git diff-index --name-only origin/master | grep -qEv '^(AUTHORS|ci/|config.mk|COPYING|distro/|doc/|etc/|NEWS|README.md|scripts/|tests/|\.gitignore|\.gitlab-ci\.yml|\.travis\.yml)' || test $RESPDIFF_FORCE -gt 0 || exit 0 - export LABEL=gl$(date +%s) - export COMMITDIR="/var/tmp/respdiff-jobs/$(git rev-parse --short HEAD)-$LABEL" - export TESTDIR="$COMMITDIR/$RESPDIFF_TEST" - ln -s $COMMITDIR respdiff_commitdir - > sudo -u respdiff /var/opt/respdiff/contrib/job_manager/submit.py -w -p $RESPDIFF_PRIORITY -c $RESPDIFF_COUNT $(sudo -u respdiff /var/opt/respdiff/contrib/job_manager/create.py "$(git rev-parse --short HEAD)" -l $LABEL -t $RESPDIFF_TEST --respdiff-stats /var/tmp/respdiff-jobs/ref_current/*_${RESPDIFF_TEST}_stats.json) - for f in $TESTDIR/*.json; do test -s "$f" || (cat $TESTDIR/*stderr*; exit 1); done - sudo -u respdiff /var/opt/respdiff/contrib/job_manager/plot_ref.sh $TESTDIR/.. /var/tmp/respdiff-jobs/ref_current $RESPDIFF_TEST after_script: - 'cp -t . respdiff_commitdir/$RESPDIFF_TEST/j* ||:' - 'cp -t . respdiff_commitdir/*$RESPDIFF_TEST*.png ||:' artifacts: when: always expire_in: 1 week paths: - ./j* - ./*.png tags: - respdiff respdiff:fwd-tls6-kresd.udp6: <<: *respdiff variables: RESPDIFF_TEST: shortlist.fwd-tls6-kresd.udp6.j256 respdiff:fwd-udp6-kresd.udp6: <<: *respdiff variables: RESPDIFF_TEST: shortlist.fwd-udp6-kresd.udp6.j384 respdiff:iter.udp6: <<: *respdiff variables: RESPDIFF_TEST: shortlist.iter.udp6.j384 respdiff:iter.tls6: <<: *respdiff variables: RESPDIFF_TEST: shortlist.iter.tls6.j384 respdiff:fwd-udp6-unbound.udp6: <<: *respdiff variables: RESPDIFF_TEST: shortlist.fwd-udp6-unbound.udp6.j256 respdiff:fwd-udp6-unbound.tcp6: <<: *respdiff variables: RESPDIFF_TEST: shortlist.fwd-udp6-unbound.tcp6.j256 respdiff:fwd-udp6-unbound.tls6: <<: *respdiff variables: RESPDIFF_TEST: shortlist.fwd-udp6-unbound.tls6.j256 respdiff:iter:udp:linux:amd64: stage: test except: - master script: - source <(./scripts/coverage_env.sh "$(pwd)" "$(pwd)/coverage.stats/respdiff" "iter/udp" --export) - ulimit -n "$(ulimit -Hn)" # applies only for kresd ATM - ./ci/respdiff/start-resolvers.sh - ./ci/respdiff/run-respdiff-tests.sh udp - cat results/respdiff.txt - echo 'test if mismatch rate < 1.0 %' - grep -q '^target disagrees.*0\.[0-9][0-9] %' results/respdiff.txt - killall --wait kresd - MAKEFLAGS="--jobs $(nproc)" test "${COVERAGE:-0}" -eq 1 && make coverage-c coverage-lua COVERAGE_STAGE=gcov-respdiff-iter-udp | grep -vE '(source file is newer than notes file)|(the message is displayed only once per source file)' || echo "code coverage skipped" dependencies: - build:asan:linux:amd64 artifacts: when: always expire_in: '1 week' paths: - kresd.log.xz - results/*.txt - results/*.png - results/respdiff.db/data.mdb.xz - ./*.info tags: - docker - linux - amd64 .resperf: &resperf stage: extended dependencies: [] only: # trigger job only in repos under our control - branches@knot/knot-resolver - branches@knot/knot-resolver-security except: - master script: - git diff-index --name-only origin/master | grep -qEv '^(AUTHORS|ci/|config.mk|COPYING|distro/|doc/|etc/|NEWS|README.md|scripts/|tests/|\.gitignore|\.gitlab-ci\.yml|\.travis\.yml)' || test $RESPERF_FORCE -gt 0 || exit 0 - export LABEL=gl$(date +%s) - export COMMITDIR="/var/tmp/respdiff-jobs/$(git rev-parse --short HEAD)-$LABEL" - export TESTDIR="$COMMITDIR/$RESPERF_TEST" - ln -s $COMMITDIR resperf_commitdir - > sudo -u respdiff /var/opt/respdiff/contrib/job_manager/submit.py -w $(sudo -u respdiff /var/opt/respdiff/contrib/job_manager/create.py "$(git rev-parse --short HEAD)" -l $LABEL --asan -t $RESPERF_TEST) - export EXITCODE=$(cat $TESTDIR/j*_exitcode) - if [[ "$EXITCODE" == "0" ]]; then cat $TESTDIR/j*_resperf.txt; else cat $TESTDIR/j*_kresd.docker.txt; fi - exit $EXITCODE after_script: - 'cp -t . resperf_commitdir/$RESPERF_TEST/j* ||:' artifacts: when: always expire_in: 1 week paths: - ./j* tags: - respdiff resperf:fwd-tls6.udp-asan: <<: *resperf variables: RESPERF_TEST: resperf.fwd-tls6.udp resperf:fwd-udp6.udp-asan: <<: *resperf variables: RESPERF_TEST: resperf.fwd-udp6.udp resperf:iter.udp-asan: <<: *resperf variables: RESPERF_TEST: resperf.iter.udp distro:fedora-29: stage: test except: - master image: $CI_REGISTRY/knot/knot-resolver/ci/fedora only: # trigger job only in repos under our control - branches@knot/knot-resolver - branches@knot/knot-resolver-security dependencies: - srpm script: - mock --no-clean --old-chroot -r fedora-29-x86_64 --rebuild *.src.rpm || (cat /var/lib/mock/fedora-29-x86_64/result/build.log; false) after_script: - mv /var/lib/mock/fedora-29-x86_64/result fedora-29-x86_64 artifacts: when: always expire_in: '1 week' paths: - fedora-29-x86_64/ tags: - privileged # mock requires additional capabilities (e.g. mount) distro:epel-7: stage: test except: - master image: $CI_REGISTRY/knot/knot-resolver/ci/fedora only: # trigger job only in repos under our control - branches@knot/knot-resolver - branches@knot/knot-resolver-security dependencies: - srpm script: - mock --no-clean --dnf --old-chroot -r epel-7-x86_64 --rebuild *.src.rpm || (cat /var/lib/mock/epel-7-x86_64/result/build.log; false) after_script: - mv /var/lib/mock/epel-7-x86_64/result epel-7-x86_64 artifacts: when: always expire_in: '1 week' paths: - epel-7-x86_64/ tags: - privileged # mock require additional capabilities (e.g. mount) # compute coverage for runs with COVERAGE=1 coverage: stage: coverage except: - master - branches@knot/knot-resolver-security only: variables: - $COVERAGE == "1" script: - make coverage artifacts: expire_in: '1 week' paths: - coverage coverage: '/lines\.+:\s(\d+.\d+\%)/' dependencies: - build:linux:amd64 - test:linux:amd64 - installcheck:linux:amd64 - deckard:linux:amd64 - respdiff:iter:udp:linux:amd64 tags: - docker - linux - amd64 # publish coverage only for master branch pages: stage: deploy only: refs: - nightly@knot/knot-resolver variables: - $COVERAGE == "1" dependencies: - coverage script: - mv coverage/ public/ artifacts: expire_in: '30 days' paths: - public # trigger obs build for master branch obs:devel: stage: deploy only: variables: - $OBS_BUILD == "1" refs: - nightly@knot/knot-resolver dependencies: [] script: - scripts/make-archive.sh - scripts/make-distrofiles.sh - echo -e "[general]\napiurl = https://api.opensuse.org\n\n[https://api.opensuse.org]\nuser = CZ-NIC-automation\npass = $OBS_PASSWORD" > /root/.oscrc - scripts/build-in-obs.sh knot-dns-devel # build against latest development version of knot - scripts/build-in-obs.sh knot-resolver-devel # build against knot in knot-resolver-latest pkg:debian:symbols:libkres: variables: LIB_NAME: libkres LIB_ABI: 9 stage: deploy only: variables: - $OBS_BUILD == "1" refs: - nightly@knot/knot-resolver except: - master script: - ln -s distro/deb debian - sed -i "s/__VERSION__/99/g" distro/deb/changelog - dpkg-gensymbols -c4 -elib/$LIB_NAME.so.$LIB_ABI -P. -p$LIB_NAME$LIB_ABI allow_failure: true dependencies: - build:linux:amd64 # copy snapshot of current master to nightly branch for further processing # (this is workaround for missing complex conditions for job limits in Gitlab) nightly:copy: stage: deploy only: variables: - $CREATE_NIGHTLY == "1" refs: - master@knot/knot-resolver dependencies: [] script: # delete nightly branch - 'curl --request PUT --header "PRIVATE-TOKEN: $GITLAB_API_TOKEN" "https://gitlab.labs.nic.cz/api/v4/projects/147/repository/branches/nightly/unprotect"' - 'curl --request DELETE --header "PRIVATE-TOKEN: $GITLAB_API_TOKEN" "https://gitlab.labs.nic.cz/api/v4/projects/147/repository/branches/nightly"' # recreate nightly branch from current master - 'curl --request POST --header "PRIVATE-TOKEN: $GITLAB_API_TOKEN" "https://gitlab.labs.nic.cz/api/v4/projects/147/repository/branches?branch=nightly&ref=master"' - 'curl --request PUT --header "PRIVATE-TOKEN: $GITLAB_API_TOKEN" "https://gitlab.labs.nic.cz/api/v4/projects/147/repository/branches/nightly/protect"' #arm_build: # image: cznic/armhf-ubuntu:16.04 # stage: build # script: # - make -k all # tags: # - docker # - linux # - arm #arm_test: # image: armv7/armhf-ubuntu:16.04 # stage: test # script: # - make -k check # tags: # - docker # - linux # - arm