ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity
Files
a92a89f4fa4fb19deaae5e8055cdd445e4e50883
bind9/.gitlab-ci.yml
Ondřej Surý ca228ec3e5 Disable jemalloc for Address and Thread Sanitizers 
The Address and Thread Sanitizers both intercept the malloc calls and
using the extended jemalloc API interferes with that.  This commit
disables the use of jemalloc for both ASAN and TSAN enabled builds to
eliminate both false positives and false negatives.
2021-07-09 15:58:02 +02:00

1437 lines
37 KiB
YAML
Raw Blame History

variables:
# Not normally needed, but may be if some script uses `apt-get install`.
DEBIAN_FRONTEND: noninteractive
# Locale settings do not affect the build, but might affect tests.
LC_ALL: C
CI_REGISTRY_IMAGE: registry.gitlab.isc.org/isc-projects/images/bind9
CCACHE_DIR: "/ccache"
SOFTHSM2_CONF: "/var/tmp/softhsm2/softhsm2.conf"
GIT_DEPTH: 1
BUILD_PARALLEL_JOBS: 6
TEST_PARALLEL_JOBS: 6
CONFIGURE: ./configure
CLANG: clang-12
SCAN_BUILD: scan-build-12
ASAN_SYMBOLIZER_PATH: /usr/lib/llvm-12/bin/llvm-symbolizer
CLANG_FORMAT: clang-format-12
CFLAGS_COMMON: -fno-omit-frame-pointer -fno-optimize-sibling-calls -O1 -g -Wall -Wextra
# Pass run-time flags to AddressSanitizer to get core dumps on error.
ASAN_OPTIONS_COMMON: abort_on_error=1:disable_coredump=0:unmap_shadow_on_exit=1
TSAN_OPTIONS_COMMON: "disable_coredump=0 second_deadlock_stack=1 history_size=7 log_exe_name=true log_path=tsan external_symbolizer_path=/usr/lib/llvm-12/bin/llvm-symbolizer"
TARBALL_EXTENSION: xz
AM_COLOR_TESTS: always
WITHOUT_READLINE: "--without-readline"
WITH_READLINE: "--with-readline"
WITH_READLINE_EDITLINE: "--with-readline=editline"
WITH_READLINE_LIBEDIT: "--with-readline=libedit"
WITH_READLINE_READLINE: "--with-readline=readline"
INSTALL_PATH: "${CI_PROJECT_DIR}/.local"
# In multithreaded unit tests, abort on the first failure
CMOCKA_TEST_ABORT: 1
# Disable pytest's "cacheprovider" plugin to prevent it from creating
# cross-testrun files as there is no need to use that feature in CI.
PYTEST_ADDOPTS: "-p no:cacheprovider"
# Default platforms to run "stress" tests on
BIND_STRESS_TEST_OS: linux
BIND_STRESS_TEST_ARCH: amd64
stages:
- autoconf
- precheck
- build
- unit
- system
- performance
- docs
- push
- postcheck
- release
### Runner Tag Templates
.libvirt-amd64: &libvirt_amd64
tags:
- libvirt
- amd64
.linux-amd64: &linux_amd64
tags:
- linux
- amd64
.linux-stress-amd64: &linux_stress_amd64
tags:
- amd64
- aws
- linux-stress
- stress
.linux-stress-arm64: &linux_stress_arm64
tags:
- aarch64
- aws
- linux-stress
- stress
.freebsd-stress-amd64: &freebsd_stress_amd64
tags:
- amd64
- aws
- bsd-stress
- stress
### Docker Image Templates
# Alpine Linux
.alpine-3.14-amd64: &alpine_3_14_amd64_image
image: "$CI_REGISTRY_IMAGE:alpine-3.14-amd64"
<<: *linux_amd64
# CentOS
.centos-centos7-amd64: &centos_centos7_amd64_image
image: "$CI_REGISTRY_IMAGE:centos-centos7-amd64"
<<: *linux_amd64
.centos-centos8-amd64: &centos_centos8_amd64_image
image: "$CI_REGISTRY_IMAGE:centos-centos8-amd64"
<<: *linux_amd64
# Debian
.debian-stretch-amd64: &debian_stretch_amd64_image
image: "$CI_REGISTRY_IMAGE:debian-stretch-amd64"
<<: *linux_amd64
.debian-buster-amd64: &debian_buster_amd64_image
image: "$CI_REGISTRY_IMAGE:debian-buster-amd64"
<<: *linux_amd64
.debian-sid-amd64: &debian_sid_amd64_image
image: "$CI_REGISTRY_IMAGE:debian-sid-amd64"
<<: *linux_amd64
# openSUSE Tumbleweed
.tumbleweed-latest-amd64: &tumbleweed_latest_amd64_image
image: "$CI_REGISTRY_IMAGE:tumbleweed-latest-amd64"
<<: *linux_amd64
# Fedora
.fedora-34-amd64: &fedora_34_amd64_image
image: "$CI_REGISTRY_IMAGE:fedora-34-amd64"
<<: *linux_amd64
.fedora-34-arm64: &fedora_34_arm64_image
image: "$CI_REGISTRY_IMAGE:fedora-34-arm64"
<<: *linux_stress_arm64
# Ubuntu
.ubuntu-bionic-amd64: &ubuntu_bionic_amd64_image
image: "$CI_REGISTRY_IMAGE:ubuntu-bionic-amd64"
<<: *linux_amd64
.ubuntu-focal-amd64: &ubuntu_focal_amd64_image
image: "$CI_REGISTRY_IMAGE:ubuntu-focal-amd64"
<<: *linux_amd64
# Base image
# This is a meta image that is used as a base for non-specific jobs
.base: &base_image
<<: *debian_buster_amd64_image
### QCOW2 Image Templates
.freebsd-11-amd64: &freebsd_11_amd64_image
image: "freebsd-11.4-x86_64"
<<: *libvirt_amd64
.freebsd-12-amd64: &freebsd_12_amd64_image
image: "freebsd-12.2-x86_64"
<<: *libvirt_amd64
.freebsd-13-amd64: &freebsd_13_amd64_image
image: "freebsd-13.0-x86_64"
<<: *libvirt_amd64
.openbsd-amd64: &openbsd_amd64_image
image: "openbsd-6.9-x86_64"
<<: *libvirt_amd64
### Job Templates
.default-triggering-rules: &default_triggering_rules
only:
- merge_requests
- tags
- web
- schedules
.release-branch-triggering-rules: &release_branch_triggering_rules
only:
- merge_requests
- tags
- web
- schedules
- main@isc-projects/bind9
- /^v9_[1-9][0-9]$/@isc-projects/bind9
.schedules-tags-web-triggering-rules: &schedules_tags_web_triggering_rules
only:
- schedules
- tags
- web
.precheck: &precheck_job
<<: *default_triggering_rules
<<: *base_image
stage: precheck
.autoconf: &autoconf_job
<<: *release_branch_triggering_rules
<<: *base_image
stage: autoconf
script:
- autoreconf -fi
artifacts:
untracked: true
expire_in: "1 day"
.configure: &configure |
${CONFIGURE} \
--disable-maintainer-mode \
--enable-developer \
--enable-option-checking=fatal \
--enable-dnstap \
--with-cmocka \
--with-libxml2 \
--with-json-c \
$EXTRA_CONFIGURE \
|| (test -s config.log && cat config.log; exit 1)
.check_readline_setup: &check_readline_setup |
if [[ -n "${WITHOUT_READLINE}" ]]; then \
! grep "^#define HAVE_READLINE" config.h; \
elif [[ -n "${WITH_READLINE}" ]]; then \
grep -e "^#define HAVE_READLINE_READLINE" \
-e "^#define HAVE_READLINE_LIBEDIT" \
-e "^#define HAVE_READLINE_EDITLINE" config.h; \
elif [[ -n "${WITH_READLINE_EDITLINE}" ]]; then \
grep "^#define HAVE_READLINE_EDITLINE" config.h; \
elif [[ -n "${WITH_READLINE_LIBEDIT}" ]]; then \
grep "^#define HAVE_READLINE_LIBEDIT" config.h; \
elif [[ -n "${WITH_READLINE_READLINE}" ]]; then \
grep "^#define HAVE_READLINE_READLINE" config.h; \
fi
# Move the out-of-tree workspace to CI project dir to save it for use in
# dependent jobs.
.save_out_of_tree_workspace: &save_out_of_tree_workspace
- test -n "${OUT_OF_TREE_WORKSPACE}" && mv "${OUT_OF_TREE_WORKSPACE}" "${CI_PROJECT_DIR}"
# Move the artifacts from the out-of-tree build job to their original
# location (the out-of-tree workspace) and then continue work in the
# out-of-tree workspace.
.retrieve_out_of_tree_workspace: &retrieve_out_of_tree_workspace
- test -n "${OUT_OF_TREE_WORKSPACE}" && mv "$(basename "${OUT_OF_TREE_WORKSPACE}")" "${OUT_OF_TREE_WORKSPACE}"
- test -n "${OUT_OF_TREE_WORKSPACE}" && cd "${OUT_OF_TREE_WORKSPACE}"
.build: &build_job
<<: *default_triggering_rules
stage: build
before_script:
- test -w "${CCACHE_DIR}" && export PATH="/usr/lib/ccache:${PATH}"
- test -n "${OUT_OF_TREE_WORKSPACE}" && mkdir "${OUT_OF_TREE_WORKSPACE}" && cd "${OUT_OF_TREE_WORKSPACE}"
script:
- *configure
- *check_readline_setup
- make -j${BUILD_PARALLEL_JOBS:-1} -k all V=1
- test -z "${RUN_MAKE_INSTALL}" || make DESTDIR="${INSTALL_PATH}" install
- test -z "${RUN_MAKE_INSTALL}" || DESTDIR="${INSTALL_PATH}" sh util/check-make-install
- if [[ "${CFLAGS}" == *"-fsanitize=address"* ]]; then ( ! grep -F AddressSanitizer config.log ); fi
- if test -z "${OUT_OF_TREE_WORKSPACE}" && test "$(git status --porcelain | grep -Ev '\?\?' | wc -l)" -gt "0"; then git status --short; exit 1; fi
after_script:
- *save_out_of_tree_workspace
needs:
- job: autoreconf
artifacts: true
artifacts:
untracked: true
expire_in: "1 day"
.setup_interfaces: &setup_interfaces |
if [ "$(id -u)" -eq "0" ]; then
sh -x bin/tests/system/ifconfig.sh up;
else
sudo sh -x bin/tests/system/ifconfig.sh up;
fi
.setup_softhsm: &setup_softhsm |
export SLOT=$(sh -x bin/tests/prepare-softhsm2.sh)
test -n "${SLOT}" && test "${SLOT}" -gt 0
.system_test_common: &system_test_common
<<: *default_triggering_rules
stage: system
before_script:
- *setup_softhsm
- *retrieve_out_of_tree_workspace
- *setup_interfaces
script:
- cd bin/tests/system
- make -j${TEST_PARALLEL_JOBS:-1} -k check V=1
- if git rev-parse > /dev/null 2>&1; then ( ! grep "^I:.*:file.*not removed$" *.log ); fi
after_script:
- test -n "${OUT_OF_TREE_WORKSPACE}" && cd "${OUT_OF_TREE_WORKSPACE}"
- test -d bind-* && cd bind-*
- cat bin/tests/system/test-suite.log
- *save_out_of_tree_workspace
.system_test: &system_test_job
<<: *system_test_common
artifacts:
untracked: true
expire_in: "1 day"
when: on_failure
.system_test_gcov: &system_test_gcov_job
<<: *system_test_common
artifacts:
untracked: true
expire_in: "1 day"
when: always
.system_test_tsan: &system_test_tsan_job
<<: *system_test_common
after_script:
- cat bin/tests/system/test-suite.log
- find bin -name 'tsan.*' -exec python3 util/parse_tsan.py {} \;
artifacts:
expire_in: "1 day"
untracked: true
when: on_failure
.unit_test_common: &unit_test_common
<<: *default_triggering_rules
stage: unit
before_script:
- *setup_softhsm
- *retrieve_out_of_tree_workspace
script:
- make -j${TEST_PARALLEL_JOBS:-1} -k unit V=1
after_script:
- *save_out_of_tree_workspace
.unit_test: &unit_test_job
<<: *unit_test_common
artifacts:
untracked: true
expire_in: "1 day"
when: on_failure
.unit_test_gcov: &unit_test_gcov_job
<<: *unit_test_common
artifacts:
untracked: true
expire_in: "1 day"
when: always
.unit_test_tsan: &unit_test_tsan_job
<<: *unit_test_common
after_script:
- find lib -name 'tsan.*' -exec python3 util/parse_tsan.py {} \;
artifacts:
expire_in: "1 day"
paths:
- lib/*/tests/tsan.*
- tsan/
when: on_failure
.cppcheck_args: &run_cppcheck |
cppcheck --enable=warning,performance,portability,information,missingInclude --include=config.h --std=c11 --language=c --project=compile_commands.json --error-exitcode=2 -j ${TEST_PARALLEL_JOBS:-1} --xml --output-file=cppcheck.results --relative-paths="$CI_PROJECT_DIR" --inline-suppr --suppressions-list=util/suppressions.txt
.cppcheck_report: &cppcheck_report_html |
cppcheck-htmlreport --title="BIND 9 ($CI_COMMIT_SHORT_SHA) Cppcheck Report" --file=cppcheck.results --report-dir=cppcheck_html/
.cppcheck: &cppcheck_job
<<: *default_triggering_rules
stage: postcheck
script:
- *configure
- (make -nwk all || true) | compiledb
- export GCC_VERSION=$(gcc --version | sed -n 's/.* \([0-9]\+\)\.[0-9]\+\.[0-9]\+.*/\1/p')
- sed -i "/gcc\",/a\"-DCPPCHECK\", \"-D__STDC__\", \"-D__GNUC__=${GCC_VERSION}\"," compile_commands.json
- *run_cppcheck
after_script:
- *cppcheck_report_html
artifacts:
paths:
- compile_commands.json
- cppcheck.results
- cppcheck_html/
expire_in: "1 day"
when: on_failure
needs:
- job: autoreconf
artifacts: true
### Job Definitions
# Jobs in the precheck stage
autoreconf:
<<: *autoconf_job
misc:
<<: *precheck_job
script:
- sh util/checklibs.sh > checklibs.out
- sh util/tabify-changes < CHANGES > CHANGES.tmp
- diff -urNap CHANGES CHANGES.tmp
- perl util/check-changes CHANGES
- sh util/check-line-length.sh CHANGES
- test ! -f CHANGES.SE || sh util/tabify-changes < CHANGES.SE > CHANGES.tmp
- test ! -f CHANGES.SE || diff -urNap CHANGES.SE CHANGES.tmp
- test ! -f CHANGES.SE || perl util/check-changes master=0 CHANGES.SE
- test ! -f CHANGES.SE || sh util/check-line-length.sh CHANGES.SE
- rm CHANGES.tmp
- perl -w util/merge_copyrights
- diff -urNap util/copyrights util/newcopyrights
- rm util/newcopyrights
- perl -w util/update_copyrights < util/copyrights
- if test "$(git status --porcelain | grep -Ev '\?\?' | wc -l)" -gt "0"; then git status --short; exit 1; fi
- xmllint --noout --nonet `git ls-files '*.xml' '*.docbook'`
- sh util/check-categories.sh
- if git grep SYSTEMTESTTOP -- ':!.gitlab-ci.yml'; then echo 'Please use relative paths instead of $SYSTEMTESTTOP.'; exit 1; fi
- bash util/unused-headers.sh
- bash util/xmllint-html.sh
needs: []
artifacts:
paths:
- util/newcopyrights
- checklibs.out
expire_in: "1 day"
when: on_failure
clang-format:
<<: *precheck_job
needs: []
script:
- if [ -r .clang-format ]; then "${CLANG_FORMAT}" -i -style=file $(git ls-files '*.c' '*.h'); fi
- if test "$(git status --porcelain | grep -Ev '\?\?' | wc -l)" -gt "0"; then git status --short; exit 1; fi
coccinelle:
<<: *precheck_job
needs: []
script:
- util/check-cocci
- if test "$(git status --porcelain | grep -Ev '\?\?' | wc -l)" -gt "0"; then git status --short; exit 1; fi
danger:
<<: *precheck_job
needs: []
script:
- danger-python ci -f
only:
refs:
- merge_requests
variables:
- $DANGER_GITLAB_API_TOKEN
flake8:
<<: *default_triggering_rules
<<: *base_image
stage: postcheck
needs:
- job: autoreconf
artifacts: true
script:
- *configure
- flake8 --max-line-length=80 $(git ls-files '*.py' | grep -vE '(ans\.py|dangerfile\.py)')
pylint:
<<: *default_triggering_rules
<<: *base_image
stage: postcheck
needs:
- job: autoreconf
artifacts: true
script:
- *configure
- PYTHONPATH="$PYTHONPATH:$CI_PROJECT_DIR/bin/python"
- pylint --rcfile $CI_PROJECT_DIR/.pylintrc $(git ls-files '*.py' | grep -vE '(ans\.py|dangerfile\.py)')
tarball-create:
stage: precheck
<<: *base_image
<<: *default_triggering_rules
script:
- ./configure --enable-maintainer-mode
- make maintainer-clean
- autoreconf -fi
- ./configure --enable-maintainer-mode
- make -j${BUILD_PARALLEL_JOBS:-1} all V=1
- if test "$(git status --porcelain | grep -Ev '\?\?' | wc -l)" -gt "0"; then git status --short; exit 1; fi
- make -j${BUILD_PARALLEL_JOBS:-1} dist V=1
artifacts:
paths:
- bind-*.tar.${TARBALL_EXTENSION}
needs:
- job: autoreconf
artifacts: true
# Jobs for doc builds on Debian 10 "buster" (amd64)
docs:
<<: *release_branch_triggering_rules
<<: *base_image
stage: docs
before_script:
- test -w "${CCACHE_DIR}" && export PATH="/usr/lib/ccache:${PATH}"
script:
- *configure
- make -j${BUILD_PARALLEL_JOBS:-1} -k doc V=1
- qpdf --check doc/arm/_build/latex/Bv9ARM.pdf
- find doc/man/ -maxdepth 1 -name "*.[0-9]" -exec mandoc -T lint "{}" \; | ( ! grep -v -e "skipping paragraph macro. sp after" -e "unknown font, skipping request. ft C" )
needs:
- job: autoreconf
artifacts: true
allow_failure: false
artifacts:
paths:
- doc/arm/
- doc/man/
- doc/misc/
expire_in: "1 month"
push:docs:
<<: *base_image
stage: push
needs:
- job: docs
artifacts: false
script:
- curl -X POST -F token=$GITLAB_PAGES_DOCS_TRIGGER_TOKEN -F ref=main $GITLAB_PAGES_DOCS_TRIGGER_URL
only:
- main@isc-projects/bind9
- /^v9_[1-9][0-9]$/@isc-projects/bind9
# Jobs for regular GCC builds on Alpine Linux 3.14 (amd64)
gcc:alpine3.14:amd64:
variables:
CC: gcc
CFLAGS: "${CFLAGS_COMMON}"
EXTRA_CONFIGURE: "${WITHOUT_READLINE}"
<<: *alpine_3_14_amd64_image
<<: *build_job
system:gcc:alpine3.14:amd64:
<<: *alpine_3_14_amd64_image
<<: *system_test_job
needs:
- job: gcc:alpine3.14:amd64
artifacts: true
unit:gcc:alpine3.14:amd64:
<<: *alpine_3_14_amd64_image
<<: *unit_test_job
needs:
- job: gcc:alpine3.14:amd64
artifacts: true
# Jobs for regular GCC builds on CentOS 7 (amd64)
gcc:centos7:amd64:
variables:
CC: gcc
CFLAGS: "${CFLAGS_COMMON}"
EXTRA_CONFIGURE: "--with-libidn2"
<<: *centos_centos7_amd64_image
<<: *build_job
system:gcc:centos7:amd64:
<<: *centos_centos7_amd64_image
<<: *system_test_job
needs:
- job: gcc:centos7:amd64
artifacts: true
unit:gcc:centos7:amd64:
<<: *centos_centos7_amd64_image
<<: *unit_test_job
needs:
- job: gcc:centos7:amd64
artifacts: true
# Jobs for regular GCC builds on CentOS 8 (amd64)
gcc:centos8:amd64:
variables:
CC: gcc
CFLAGS: "${CFLAGS_COMMON}"
EXTRA_CONFIGURE: "--enable-buffer-useinline --with-libidn2"
<<: *centos_centos8_amd64_image
<<: *build_job
system:gcc:centos8:amd64:
<<: *centos_centos8_amd64_image
<<: *system_test_job
needs:
- job: gcc:centos8:amd64
artifacts: true
unit:gcc:centos8:amd64:
<<: *centos_centos8_amd64_image
<<: *unit_test_job
needs:
- job: gcc:centos8:amd64
artifacts: true
# Jobs for regular GCC builds on Debian 9 "stretch" (amd64)
gcc:stretch:amd64:
variables:
CC: gcc
CFLAGS: "${CFLAGS_COMMON} -O2"
EXTRA_CONFIGURE: "--without-cmocka --without-gssapi"
<<: *debian_stretch_amd64_image
<<: *build_job
system:gcc:stretch:amd64:
<<: *debian_stretch_amd64_image
<<: *system_test_job
needs:
- job: gcc:stretch:amd64
artifacts: true
unit:gcc:stretch:amd64:
<<: *debian_stretch_amd64_image
<<: *unit_test_job
needs:
- job: gcc:stretch:amd64
artifacts: true
# Jobs for regular GCC builds on Debian 10 "buster" (amd64)
gcc:buster:amd64:
variables:
CC: gcc
CFLAGS: "${CFLAGS_COMMON} --coverage -O0"
EXTRA_CONFIGURE: "--with-libidn2 ${WITH_READLINE_LIBEDIT}"
<<: *debian_buster_amd64_image
<<: *build_job
system:gcc:buster:amd64:
<<: *debian_buster_amd64_image
<<: *system_test_gcov_job
needs:
- job: unit:gcc:buster:amd64
artifacts: true
unit:gcc:buster:amd64:
<<: *debian_buster_amd64_image
<<: *unit_test_gcov_job
needs:
- job: gcc:buster:amd64
artifacts: true
# Jobs for scan-build builds on Debian 10 "buster" (amd64)
.scan_build: &scan_build |
${SCAN_BUILD} --html-title="BIND 9 ($CI_COMMIT_SHORT_SHA)" \
--keep-cc \
--status-bugs \
--keep-going \
-o scan-build.reports \
make -j${BUILD_PARALLEL_JOBS:-1} all V=1
scan-build:
<<: *default_triggering_rules
<<: *base_image
stage: postcheck
variables:
CC: "${CLANG}"
CFLAGS: "${CFLAGS_COMMON}"
CONFIGURE: "${SCAN_BUILD} ./configure"
EXTRA_CONFIGURE: "--with-libidn2"
script:
- *configure
- *scan_build
needs:
- job: autoreconf
artifacts: true
artifacts:
paths:
- scan-build.reports/
expire_in: "1 day"
when: on_failure
# Jobs for regular GCC builds on Debian "sid" (amd64)
# Also tests configration option: --without-lmdb.
gcc:sid:amd64:
variables:
CC: gcc
CFLAGS: "${CFLAGS_COMMON} -O3"
EXTRA_CONFIGURE: "--with-libidn2 --without-lmdb"
RUN_MAKE_INSTALL: 1
<<: *debian_sid_amd64_image
<<: *build_job
system:gcc:sid:amd64:
<<: *debian_sid_amd64_image
<<: *system_test_job
needs:
- job: gcc:sid:amd64
artifacts: true
unit:gcc:sid:amd64:
<<: *debian_sid_amd64_image
<<: *unit_test_job
needs:
- job: gcc:sid:amd64
artifacts: true
cppcheck:
<<: *base_image
<<: *cppcheck_job
# Job for out-of-tree GCC build on Debian "sid" (amd64)
# Also tests configration option: --with-lmdb.
gcc:out-of-tree:
variables:
CC: gcc
CFLAGS: "${CFLAGS_COMMON} -Og"
CONFIGURE: "${CI_PROJECT_DIR}/configure"
EXTRA_CONFIGURE: "--with-libidn2 --with-lmdb"
RUN_MAKE_INSTALL: 1
OUT_OF_TREE_WORKSPACE: /tmp/out_of_tree_workspace
<<: *base_image
<<: *build_job
system:gcc:out-of-tree:
variables:
OUT_OF_TREE_WORKSPACE: /tmp/out_of_tree_workspace
needs:
- job: gcc:out-of-tree
artifacts: true
<<: *base_image
<<: *system_test_job
<<: *schedules_tags_web_triggering_rules
unit:gcc:out-of-tree:
variables:
OUT_OF_TREE_WORKSPACE: /tmp/out_of_tree_workspace
needs:
- job: gcc:out-of-tree
artifacts: true
<<: *base_image
<<: *unit_test_job
<<: *schedules_tags_web_triggering_rules
# Jobs for tarball GCC builds on Debian 10 "buster" (amd64)
gcc:tarball:
variables:
CC: gcc
EXTRA_CONFIGURE: "--with-libidn2"
RUN_MAKE_INSTALL: 1
<<: *base_image
<<: *build_job
before_script:
- tar --extract --file bind-*.tar.${TARBALL_EXTENSION}
- rm -f bind-*.tar.${TARBALL_EXTENSION}
- cd bind-*
needs:
- job: tarball-create
artifacts: true
system:gcc:tarball:
<<: *base_image
<<: *system_test_job
<<: *schedules_tags_web_triggering_rules
before_script:
- cd bind-*
- *setup_interfaces
needs:
- job: gcc:tarball
artifacts: true
unit:gcc:tarball:
<<: *base_image
<<: *unit_test_job
<<: *schedules_tags_web_triggering_rules
before_script:
- cd bind-*
needs:
- job: gcc:tarball
artifacts: true
# Jobs for debug GCC builds on openSUSE Tumbleweed (amd64)
gcc:tumbleweed:amd64:
variables:
CC: gcc
CFLAGS: "${CFLAGS_COMMON} -DDEBUG"
EXTRA_CONFIGURE: "--with-libidn2 ${WITH_READLINE_READLINE}"
<<: *tumbleweed_latest_amd64_image
<<: *build_job
system:gcc:tumbleweed:amd64:
<<: *tumbleweed_latest_amd64_image
<<: *system_test_job
needs:
- job: gcc:tumbleweed:amd64
artifacts: true
unit:gcc:tumbleweed:amd64:
<<: *tumbleweed_latest_amd64_image
<<: *unit_test_job
needs:
- job: gcc:tumbleweed:amd64
artifacts: true
# Jobs for regular GCC builds on Ubuntu 18.04 Bionic Beaver (amd64)
gcc:bionic:amd64:
variables:
CC: gcc
CFLAGS: "${CFLAGS_COMMON} -O2"
EXTRA_CONFIGURE: "--disable-dnstap --disable-geoip"
<<: *ubuntu_bionic_amd64_image
<<: *build_job
system:gcc:bionic:amd64:
<<: *ubuntu_bionic_amd64_image
<<: *system_test_job
needs:
- job: gcc:bionic:amd64
artifacts: true
unit:gcc:bionic:amd64:
<<: *ubuntu_bionic_amd64_image
<<: *unit_test_job
needs:
- job: gcc:bionic:amd64
artifacts: true
# Jobs for regular GCC builds on Ubuntu 20.04 Focal Fossa (amd64)
gcc:focal:amd64:
variables:
CC: gcc
CFLAGS: "${CFLAGS_COMMON} -Og"
EXTRA_CONFIGURE: "--with-libidn2"
<<: *ubuntu_focal_amd64_image
<<: *build_job
system:gcc:focal:amd64:
<<: *ubuntu_focal_amd64_image
<<: *system_test_job
needs:
- job: gcc:focal:amd64
artifacts: true
unit:gcc:focal:amd64:
<<: *ubuntu_focal_amd64_image
<<: *unit_test_job
needs:
- job: gcc:focal:amd64
artifacts: true
# Jobs for ASAN builds on Debian 10 "buster" (amd64)
gcc:asan:
variables:
CC: gcc
CFLAGS: "${CFLAGS_COMMON} -fsanitize=address,undefined"
LDFLAGS: "-fsanitize=address,undefined"
EXTRA_CONFIGURE: "--with-libidn2 --without-jemalloc"
<<: *base_image
<<: *build_job
system:gcc:asan:
variables:
ASAN_OPTIONS: ${ASAN_OPTIONS_COMMON}
<<: *base_image
<<: *system_test_job
needs:
- job: gcc:asan
artifacts: true
unit:gcc:asan:
variables:
ASAN_OPTIONS: ${ASAN_OPTIONS_COMMON}
<<: *base_image
<<: *unit_test_job
needs:
- job: gcc:asan
artifacts: true
clang:asan:
variables:
CC: ${CLANG}
CFLAGS: "${CFLAGS_COMMON} -fsanitize=address,undefined"
LDFLAGS: "-fsanitize=address,undefined"
EXTRA_CONFIGURE: "--with-libidn2 --without-jemalloc"
<<: *base_image
<<: *build_job
system:clang:asan:
variables:
ASAN_OPTIONS: ${ASAN_OPTIONS_COMMON}
<<: *base_image
<<: *system_test_job
needs:
- job: clang:asan
artifacts: true
unit:clang:asan:
variables:
ASAN_OPTIONS: ${ASAN_OPTIONS_COMMON}
<<: *base_image
<<: *unit_test_job
needs:
- job: clang:asan
artifacts: true
# Jobs for TSAN builds on Debian 10 "buster" (amd64)
gcc:tsan:
<<: *base_image
<<: *build_job
variables:
CC: gcc
CFLAGS: "${CFLAGS_COMMON} -fsanitize=thread"
LDFLAGS: "-fsanitize=thread"
EXTRA_CONFIGURE: "--with-libidn2 --enable-pthread-rwlock --without-jemalloc"
system:gcc:tsan:
variables:
TSAN_OPTIONS: ${TSAN_OPTIONS_COMMON}
<<: *base_image
<<: *system_test_tsan_job
needs:
- job: gcc:tsan
artifacts: true
unit:gcc:tsan:
variables:
TSAN_OPTIONS: ${TSAN_OPTIONS_COMMON} suppressions=$CI_PROJECT_DIR/tsan-suppressions.txt
<<: *base_image
<<: *unit_test_tsan_job
needs:
- job: gcc:tsan
artifacts: true
clang:tsan:
<<: *base_image
<<: *build_job
variables:
CC: "${CLANG}"
CFLAGS: "${CFLAGS_COMMON} -fsanitize=thread"
LDFLAGS: "-fsanitize=thread"
EXTRA_CONFIGURE: "--with-libidn2 --enable-pthread-rwlock --without-jemalloc"
system:clang:tsan:
variables:
TSAN_OPTIONS: ${TSAN_OPTIONS_COMMON}
<<: *base_image
<<: *system_test_tsan_job
needs:
- job: clang:tsan
artifacts: true
unit:clang:tsan:
variables:
TSAN_OPTIONS: ${TSAN_OPTIONS_COMMON} suppressions=$CI_PROJECT_DIR/tsan-suppressions.txt
<<: *base_image
<<: *unit_test_tsan_job
needs:
- job: clang:tsan
artifacts: true
# Jobs for Clang builds on Debian 10 "buster" (amd64)
clang:buster:amd64:
variables:
CC: ${CLANG}
CFLAGS: "${CFLAGS_COMMON} -Wenum-conversion"
<<: *debian_buster_amd64_image
<<: *build_job
system:clang:buster:amd64:
<<: *debian_buster_amd64_image
<<: *system_test_job
needs:
- job: clang:buster:amd64
artifacts: true
unit:clang:buster:amd64:
<<: *debian_buster_amd64_image
<<: *unit_test_job
needs:
- job: clang:buster:amd64
artifacts: true
# Jobs for PKCS#11-enabled GCC builds on Debian "sid" (amd64)
gcc:softhsm2.4:
variables:
CC: gcc
CFLAGS: "${CFLAGS_COMMON}"
EXTRA_CONFIGURE: "--without-jemalloc --enable-native-pkcs11 --with-pkcs11=/usr/lib/softhsm/libsofthsm2.so"
<<: *base_image
<<: *build_job
system:gcc:softhsm2.4:
<<: *base_image
<<: *system_test_job
needs:
- job: gcc:softhsm2.4
artifacts: true
unit:gcc:softhsm2.4:
<<: *base_image
<<: *unit_test_job
needs:
- job: gcc:softhsm2.4
artifacts: true
# Jobs for PKCS#11-enabled GCC builds on Fedora 34 (amd64)
gcc:softhsm2.6:
variables:
CC: gcc
CFLAGS: "${CFLAGS_COMMON} -O1"
EXTRA_CONFIGURE: "--with-libidn2 --enable-native-pkcs11 --with-pkcs11=/usr/lib64/pkcs11/libsofthsm2.so"
<<: *fedora_34_amd64_image
<<: *build_job
system:gcc:softhsm2.6:
<<: *fedora_34_amd64_image
<<: *system_test_job
needs:
- job: gcc:softhsm2.6
artifacts: true
unit:gcc:softhsm2.6:
<<: *fedora_34_amd64_image
<<: *unit_test_job
needs:
- job: gcc:softhsm2.6
artifacts: true
# Jobs for Clang builds on FreeBSD 11 (amd64)
clang:freebsd11:amd64:
variables:
CFLAGS: "${CFLAGS_COMMON}"
EXTRA_CONFIGURE: "${WITH_READLINE}"
USER: gitlab-runner
<<: *freebsd_11_amd64_image
<<: *build_job
<<: *schedules_tags_web_triggering_rules
system:clang:freebsd11:amd64:
<<: *freebsd_11_amd64_image
<<: *system_test_job
<<: *schedules_tags_web_triggering_rules
variables:
USER: gitlab-runner
TEST_PARALLEL_JOBS: 4
needs:
- job: clang:freebsd11:amd64
artifacts: true
unit:clang:freebsd11:amd64:
<<: *freebsd_11_amd64_image
<<: *unit_test_job
<<: *schedules_tags_web_triggering_rules
needs:
- job: clang:freebsd11:amd64
artifacts: true
# Jobs for Clang builds on FreeBSD 12 (amd64)
clang:freebsd12:amd64:
variables:
CFLAGS: "${CFLAGS_COMMON}"
EXTRA_CONFIGURE: "${WITH_READLINE_EDITLINE}"
USER: gitlab-runner
<<: *freebsd_12_amd64_image
<<: *build_job
system:clang:freebsd12:amd64:
<<: *freebsd_12_amd64_image
<<: *system_test_job
variables:
USER: gitlab-runner
TEST_PARALLEL_JOBS: 4
needs:
- job: clang:freebsd12:amd64
artifacts: true
unit:clang:freebsd12:amd64:
<<: *freebsd_12_amd64_image
<<: *unit_test_job
needs:
- job: clang:freebsd12:amd64
artifacts: true
# Jobs for Clang builds on FreeBSD 13 (amd64)
clang:freebsd13:amd64:
variables:
CFLAGS: "${CFLAGS_COMMON}"
EXTRA_CONFIGURE: "${WITH_READLINE_LIBEDIT}"
USER: gitlab-runner
<<: *freebsd_13_amd64_image
<<: *build_job
system:clang:freebsd13:amd64:
<<: *freebsd_13_amd64_image
<<: *system_test_job
variables:
USER: gitlab-runner
TEST_PARALLEL_JOBS: 4
needs:
- job: clang:freebsd13:amd64
artifacts: true
unit:clang:freebsd13:amd64:
<<: *freebsd_13_amd64_image
<<: *unit_test_job
needs:
- job: clang:freebsd13:amd64
artifacts: true
# Jobs for Clang builds on OpenBSD (amd64)
clang:openbsd:amd64:
variables:
CC: clang
USER: gitlab-runner
EXTRA_CONFIGURE: "--disable-dnstap"
<<: *openbsd_amd64_image
<<: *build_job
system:clang:openbsd:amd64:
<<: *openbsd_amd64_image
<<: *system_test_job
variables:
USER: gitlab-runner
needs:
- job: clang:openbsd:amd64
artifacts: true
only:
- schedules
- web
unit:clang:openbsd:amd64:
<<: *openbsd_amd64_image
<<: *unit_test_job
variables:
USER: gitlab-runner
needs:
- job: clang:openbsd:amd64
artifacts: true
# Job producing a release tarball
release:
<<: *base_image
stage: release
script:
- export BIND_DIRECTORY="$(basename "$(find . -name "bind-*.tar.*" -printf "%f")" ".tar.${TARBALL_EXTENSION}")"
# Prepare release tarball contents (tarballs + documentation)
- mkdir -p release/doc/arm
- pushd release
- mv "../${BIND_DIRECTORY}.tar.${TARBALL_EXTENSION}" ../BIND*.zip .
- tar --extract --file="${BIND_DIRECTORY}.tar.${TARBALL_EXTENSION}"
- mv "${BIND_DIRECTORY}"/{CHANGES*,COPYRIGHT,LICENSE,README.md,srcid} .
- rm -rf "${BIND_DIRECTORY}"
- mv "../doc/arm/_build/html" doc/arm/
- mv "../doc/arm/_build/latex/Bv9ARM.pdf" doc/arm/
- mv "../doc/arm/_build/epub/Bv9ARM.epub" doc/arm/
- echo '<!DOCTYPE HTML><html lang="en"><meta http-equiv="refresh" content="0; url=doc/arm/html/notes.html"><title>Redirect</title></html>' > "RELEASE-NOTES-${BIND_DIRECTORY}.html"
- popd
# Create release tarball
- tar --create --file="${CI_COMMIT_TAG}.tar.gz" --gzip release/
needs:
- job: tarball-create
artifacts: true
- job: docs
artifacts: true
only:
- tags
artifacts:
paths:
- "*.tar.gz"
expire_in: "1 day"
# Coverity Scan analysis upload
.coverity_cache_prep: &coverity_cache_prep |
test -f cov-analysis-linux64.md5 && test -f cov-analysis-linux64.tgz || (
curl --output cov-analysis-linux64.md5 https://scan.coverity.com/download/linux64 \
--form project=$COVERITY_SCAN_PROJECT_NAME \
--form token=$COVERITY_SCAN_TOKEN \
--form md5=1
curl --output cov-analysis-linux64.tgz https://scan.coverity.com/download/linux64 \
--form project=$COVERITY_SCAN_PROJECT_NAME \
--form token=$COVERITY_SCAN_TOKEN
)
test "$(md5sum cov-analysis-linux64.tgz | awk '{ print $1 }')" = "$(cat cov-analysis-linux64.md5)"
tar --extract --gzip --file=cov-analysis-linux64.tgz
test -d cov-analysis-linux64-2020.09
.coverity_build: &coverity_build |
cov-analysis-linux64-2020.09/bin/cov-build --dir cov-int sh -c 'make -j${BUILD_PARALLEL_JOBS:-1} -k all V=1'
tar --create --gzip --file=cov-int.tar.gz cov-int/
curl -v https://scan.coverity.com/builds?project=$COVERITY_SCAN_PROJECT_NAME \
--form token=$COVERITY_SCAN_TOKEN \
--form email=bind-changes@isc.org \
--form file=@cov-int.tar.gz \
--form version="$(git rev-parse --short HEAD)" \
--form description="$(git rev-parse --short HEAD) / $CI_COMMIT_TITLE / $CI_COMMIT_REF_NAME:$CI_PIPELINE_ID" 2>&1 \
| tee curl-response.txt
grep -q 'Build successfully submitted' curl-response.txt
coverity:
<<: *base_image
stage: postcheck
variables:
CC: gcc
CFLAGS: "${CFLAGS_COMMON} -Og"
EXTRA_CONFIGURE: "--with-libidn2"
script:
- *coverity_cache_prep
- *configure
- *coverity_build
needs:
- job: autoreconf
artifacts: true
artifacts:
paths:
- curl-response.txt
- cov-int.tar.gz
expire_in: "1 week"
when: on_failure
only:
variables:
- $COVERITY_SCAN_PROJECT_NAME
- $COVERITY_SCAN_TOKEN
cache:
key: cov-analysis-linux64-2020.09
paths:
- cov-analysis-linux64.md5
- cov-analysis-linux64.tgz
# Respdiff test
respdiff:
<<: *base_image
stage: system
variables:
CC: gcc
CFLAGS: "${CFLAGS_COMMON} -Og"
BIND_BASELINE_VERSION: v9_11_24
script:
- autoreconf -fi
- ./configure
- make -j${BUILD_PARALLEL_JOBS:-1} V=1
- *setup_interfaces
- git clone --depth 1 https://gitlab-ci-token:${CI_JOB_TOKEN}@gitlab.isc.org/isc-private/bind-qa.git
- git clone --branch "${BIND_BASELINE_VERSION}" --depth 1 https://gitlab.isc.org/isc-projects/bind9.git refbind
- cd refbind/
- ./configure
- make -j${BUILD_PARALLEL_JOBS:-1} V=1
- cd ../bind-qa/bind9/respdiff
- bash respdiff.sh -q "${PWD}/100k_mixed.txt" -c 3 -w "${PWD}/rspworkdir" "${CI_PROJECT_DIR}/refbind" "${CI_PROJECT_DIR}"
needs:
- job: tarball-create
artifacts: true
only:
- tags
artifacts:
paths:
- refbind
untracked: true
expire_in: "1 day"
when: on_failure
# "Stress" tests
.stress: &stress_job
stage: performance
script:
- *configure
- *setup_interfaces
- *setup_softhsm
- make -j${BUILD_PARALLEL_JOBS:-1} -k all V=1
- make DESTDIR="${INSTALL_PATH}" install
- git clone --depth 1 https://gitlab-ci-token:${CI_JOB_TOKEN}@gitlab.isc.org/isc-private/bind-qa.git
- cd bind-qa/bind9/stress
- LD_LIBRARY_PATH="${INSTALL_PATH}/usr/local/lib" BIND_INSTALL_PATH="${INSTALL_PATH}/usr/local" WORKSPACE="${CI_PROJECT_DIR}" bash stress.sh
needs:
- job: autoreconf
artifacts: true
artifacts:
untracked: true
expire_in: "1 day"
when: always
timeout: 2h
stress:authoritative:fedora:34:amd64:
<<: *fedora_34_amd64_image
<<: *linux_stress_amd64
<<: *stress_job
variables:
CC: gcc
FLAME: /usr/bin/flame
MODE: authoritative
RATE: 10000
RUN_TIME: 1
only:
variables:
- $CI_COMMIT_TAG || ($BIND_STRESS_TEST_OS =~ /linux/i && $BIND_STRESS_TEST_MODE =~ /authoritative/i && $BIND_STRESS_TEST_ARCH =~ /amd64/i)
stress:recursive:fedora:34:amd64:
<<: *fedora_34_amd64_image
<<: *linux_stress_amd64
<<: *stress_job
variables:
CC: gcc
FLAME: /usr/bin/flame
MODE: recursive
RATE: 10000
RUN_TIME: 1
only:
variables:
- $CI_COMMIT_TAG || ($BIND_STRESS_TEST_OS =~ /linux/i && $BIND_STRESS_TEST_MODE =~ /recursive/i && $BIND_STRESS_TEST_ARCH =~ /amd64/i)
stress:authoritative:fedora:34:arm64:
<<: *fedora_34_arm64_image
<<: *linux_stress_arm64
<<: *stress_job
variables:
CC: gcc
FLAME: /usr/bin/flame
MODE: authoritative
RATE: 10000
RUN_TIME: 1
only:
variables:
- $CI_COMMIT_TAG || ($BIND_STRESS_TEST_OS =~ /linux/i && $BIND_STRESS_TEST_MODE =~ /authoritative/i && $BIND_STRESS_TEST_ARCH =~ /arm64/i)
stress:recursive:fedora:34:arm64:
<<: *fedora_34_arm64_image
<<: *linux_stress_arm64
<<: *stress_job
variables:
CC: gcc
FLAME: /usr/bin/flame
MODE: recursive
RATE: 10000
RUN_TIME: 1
only:
variables:
- $CI_COMMIT_TAG || ($BIND_STRESS_TEST_OS =~ /linux/i && $BIND_STRESS_TEST_MODE =~ /recursive/i && $BIND_STRESS_TEST_ARCH =~ /arm64/i)
stress:authoritative:freebsd12:amd64:
<<: *freebsd_12_amd64_image
<<: *freebsd_stress_amd64
<<: *stress_job
variables:
CC: clang
FLAME: /usr/local/bin/flame
MODE: authoritative
RATE: 10000
RUN_TIME: 1
only:
variables:
- $CI_COMMIT_TAG || ($BIND_STRESS_TEST_OS =~ /freebsd/i && $BIND_STRESS_TEST_MODE =~ /authoritative/i && $BIND_STRESS_TEST_ARCH =~ /amd64/i)
stress:recursive:freebsd12:amd64:
<<: *freebsd_12_amd64_image
<<: *freebsd_stress_amd64
<<: *stress_job
variables:
CC: clang
FLAME: /usr/local/bin/flame
MODE: recursive
RATE: 10000
RUN_TIME: 1
only:
variables:
- $CI_COMMIT_TAG || ($BIND_STRESS_TEST_OS =~ /freebsd/i && $BIND_STRESS_TEST_MODE =~ /recursive/i && $BIND_STRESS_TEST_ARCH =~ /amd64/i)
gcov:
<<: *base_image
<<: *default_triggering_rules
stage: postcheck
needs:
- job: system:gcc:buster:amd64
artifacts: true
script:
# *.gcno and *.gcda files generated for shared library objects are created
# in directories in which gcovr is unable to process them properly
# (.../.libs/...). Move such *.gcno and *.gcda files one level higher.
- find . -regex ".*/\.libs/.*\.\(gcda\|gcno\)" -execdir mv "{}" .. \;
# Help gcovr process the nasty tricks in lib/dns/code.h, where we include C
# source files from lib/dns/rdata/*/, using an even nastier trick.
- find lib/dns/rdata/* -name "*.c" -execdir cp -f "{}" ../../ \;
# Generate XML file in the Cobertura XML format suitable for use by GitLab
# for the purpose of displaying code coverage information in the diff view
# of a given merge request.
- gcovr --root . --exclude-directories bin/tests --exclude-directories doc --exclude-directories lib/samples --exclude 'lib/.*/tests/.*' --xml -o coverage.xml
- gcovr --root . --exclude-directories bin/tests --exclude-directories doc --exclude-directories lib/samples --exclude 'lib/.*/tests/.*' --html-details -o coverage.html
- gcovr --root . --exclude-directories bin/tests --exclude-directories doc --exclude-directories lib/samples --exclude 'lib/.*/tests/.*' -o coverage.txt
- tail -n 3 coverage.txt
artifacts:
paths:
- coverage*.html
- coverage.txt
- coverage.xml
reports:
cobertura: coverage.xml
# Pairwise testing of ./configure options
pairwise:
<<: *base_image
stage: build
needs:
- job: autoreconf
artifacts: true
script:
- util/pairwise-testing.sh
artifacts:
paths:
- pairwise-commands.txt
- pairwise-model.txt
- pairwise-output.*.txt
when: on_failure
only:
variables:
- $PAIRWISE_TESTING
View Git Blame Copy Permalink