ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity
Files
ef3bd208aa8848415ee4daf9833c970a4eacb0a0
bind9/.gitlab-ci.yml
Michal Nowak cf7db2003b Run unit tests on OpenBSD in GitLab CI 
Unlike other maintained BIND branches, the "main" BIND branch does not
require Kyua for running unit tests, which has been an obstacle for
adding an OpenBSD unit test job to GitLab CI.  Experiments show that a
complete BIND unit test suite completes in a few minutes on OpenBSD and
that unit tests are not as severely affected by OpenBSD performance
issues as system tests are.  Add a GitLab CI job which runs unit tests
on OpenBSD to every pipeline.
2020-10-21 13:06:52 +02:00

1428 lines
37 KiB
YAML
Raw Blame History

variables:
# Not normally needed, but may be if some script uses `apt-get install`.
DEBIAN_FRONTEND: noninteractive
# Locale settings do not affect the build, but might affect tests.
LC_ALL: C
CI_REGISTRY_IMAGE: registry.gitlab.isc.org/isc-projects/images/bind9
CCACHE_DIR: "/ccache"
SOFTHSM2_CONF: "/var/tmp/softhsm2/softhsm2.conf"
# VirtualBox driver needs to set build_dir to "/builds" in gitlab-runner.toml
KYUA_RESULT: "$CI_PROJECT_DIR/kyua.results"
GIT_DEPTH: 1
BUILD_PARALLEL_JOBS: 6
TEST_PARALLEL_JOBS: 6
CONFIGURE: ./configure
CLANG: clang-10
SCAN_BUILD: scan-build-10
ASAN_SYMBOLIZER_PATH: /usr/lib/llvm-10/bin/llvm-symbolizer
CLANG_FORMAT: clang-format-10
CFLAGS_COMMON: -fno-omit-frame-pointer -fno-optimize-sibling-calls -O1 -g -Wall -Wextra
# Pass run-time flags to AddressSanitizer to get core dumps on error.
ASAN_OPTIONS_COMMON: abort_on_error=1:disable_coredump=0:unmap_shadow_on_exit=1
TSAN_OPTIONS_COMMON: "second_deadlock_stack=1 history_size=7 log_exe_name=true log_path=tsan external_symbolizer_path=/usr/lib/llvm-10/bin/llvm-symbolizer"
TARBALL_EXTENSION: xz
AM_COLOR_TESTS: always
WITHOUT_READLINE: "--without-readline"
WITH_READLINE: "--with-readline"
WITH_READLINE_EDITLINE: "--with-readline=editline"
WITH_READLINE_LIBEDIT: "--with-readline=libedit"
WITH_READLINE_READLINE: "--with-readline=readline"
stages:
- autoconf
- precheck
- build
- unit
- system
- docs
- push
- postcheck
- release
### Runner Tag Templates
.libvirt-amd64: &libvirt_amd64
tags:
- libvirt
- amd64
.linux-amd64: &linux_amd64
tags:
- linux
- amd64
.linux-i386: &linux_i386
tags:
- linux
- i386
### Docker Image Templates
# Alpine Linux
.alpine-3.12-amd64: &alpine_3_12_amd64_image
image: "$CI_REGISTRY_IMAGE:alpine-3.12-amd64"
<<: *linux_amd64
# CentOS
.centos-centos7-amd64: &centos_centos7_amd64_image
image: "$CI_REGISTRY_IMAGE:centos-centos7-amd64"
<<: *linux_amd64
.centos-centos8-amd64: &centos_centos8_amd64_image
image: "$CI_REGISTRY_IMAGE:centos-centos8-amd64"
<<: *linux_amd64
# Debian
.debian-stretch-amd64: &debian_stretch_amd64_image
image: "$CI_REGISTRY_IMAGE:debian-stretch-amd64"
<<: *linux_amd64
.debian-buster-amd64: &debian_buster_amd64_image
image: "$CI_REGISTRY_IMAGE:debian-buster-amd64"
<<: *linux_amd64
.debian-sid-amd64: &debian_sid_amd64_image
image: "$CI_REGISTRY_IMAGE:debian-sid-amd64"
<<: *linux_amd64
.debian-sid-i386: &debian_sid_i386_image
image: "$CI_REGISTRY_IMAGE:debian-sid-i386"
<<: *linux_i386
# openSUSE Tumbleweed
.tumbleweed-latest-amd64: &tumbleweed_latest_amd64_image
image: "$CI_REGISTRY_IMAGE:tumbleweed-latest-amd64"
<<: *linux_amd64
# Fedora
.fedora-32-amd64: &fedora_32_amd64_image
image: "$CI_REGISTRY_IMAGE:fedora-32-amd64"
<<: *linux_amd64
# Ubuntu
.ubuntu-xenial-amd64: &ubuntu_xenial_amd64_image
image: "$CI_REGISTRY_IMAGE:ubuntu-xenial-amd64"
<<: *linux_amd64
.ubuntu-focal-amd64: &ubuntu_focal_amd64_image
image: "$CI_REGISTRY_IMAGE:ubuntu-focal-amd64"
<<: *linux_amd64
# Base image
# This is a meta image that is used as a base for non-specific jobs
.base: &base_image
<<: *debian_buster_amd64_image
### QCOW2 Image Templates
.freebsd-11-amd64: &freebsd_11_amd64_image
image: "freebsd-11.4-x86_64"
<<: *libvirt_amd64
.freebsd-12-amd64: &freebsd_12_amd64_image
image: "freebsd-12.1-x86_64"
<<: *libvirt_amd64
.openbsd-amd64: &openbsd_amd64_image
image: "openbsd-6.7-x86_64"
<<: *libvirt_amd64
### Job Templates
.default-triggering-rules: &default_triggering_rules
only:
- merge_requests
- tags
- web
- schedules
.release-branch-triggering-rules: &release_branch_triggering_rules
only:
- merge_requests
- tags
- web
- schedules
- main@isc-projects/bind9
- /^v9_[1-9][0-9]$/@isc-projects/bind9
.precheck: &precheck_job
<<: *default_triggering_rules
<<: *base_image
stage: precheck
.autoconf: &autoconf_job
<<: *release_branch_triggering_rules
<<: *base_image
stage: autoconf
script:
- autoreconf -fi
artifacts:
untracked: true
expire_in: "1 day"
.configure: &configure |
${CONFIGURE} \
--disable-maintainer-mode \
--enable-developer \
--with-cmocka \
--with-libxml2 \
--with-json-c \
--prefix=$HOME/.local \
$EXTRA_CONFIGURE \
|| cat config.log
.check_readline_setup: &check_readline_setup |
if [[ -n "${WITHOUT_READLINE}" ]]; then \
! grep "^#define HAVE_READLINE" config.h; \
elif [[ -n "${WITH_READLINE}" ]]; then \
grep -e "^#define HAVE_READLINE_READLINE" \
-e "^#define HAVE_READLINE_LIBEDIT" \
-e "^#define HAVE_READLINE_EDITLINE" config.h; \
elif [[ -n "${WITH_READLINE_EDITLINE}" ]]; then \
grep "^#define HAVE_READLINE_EDITLINE" config.h; \
elif [[ -n "${WITH_READLINE_LIBEDIT}" ]]; then \
grep "^#define HAVE_READLINE_LIBEDIT" config.h; \
elif [[ -n "${WITH_READLINE_READLINE}" ]]; then \
grep "^#define HAVE_READLINE_READLINE" config.h; \
fi
.build: &build_job
<<: *default_triggering_rules
stage: build
before_script:
- test -w "${CCACHE_DIR}" && export PATH="/usr/lib/ccache:${PATH}"
- test -n "${OUT_OF_TREE_WORKSPACE}" && mkdir "${OUT_OF_TREE_WORKSPACE}" && cd "${OUT_OF_TREE_WORKSPACE}"
script:
- *configure
- *check_readline_setup
- make -j${BUILD_PARALLEL_JOBS:-1} -k all V=1
- test -z "${RUN_MAKE_INSTALL}" || make install
- test -z "${RUN_MAKE_INSTALL}" || sh util/check-make-install
- if test -z "${OUT_OF_TREE_WORKSPACE}" && test "$(git status --porcelain | grep -Ev '\?\?' | wc -l)" -gt "0"; then git status --short; exit 1; fi
after_script:
- test -n "${OUT_OF_TREE_WORKSPACE}" && mv "${OUT_OF_TREE_WORKSPACE}" "${CI_PROJECT_DIR}"
needs:
- job: autoreconf
artifacts: true
artifacts:
untracked: true
expire_in: "1 day"
.windows_build: &windows_build_job
stage: build
tags:
- windows
- amd64
script:
- 'Push-Location "C:/Program Files (x86)/Microsoft Visual Studio/2017/BuildTools/VC/Auxiliary/Build"'
- '& cmd.exe /C "vcvarsall.bat x64 & set" | Foreach-Object { if ($_ -match "(.*?)=(.*)") { Set-Item -force -path "Env:\$($matches[1])" -value "$($matches[2])" } }'
- 'Pop-Location'
- 'Set-Location win32utils'
- '& "C:/Strawberry/perl/bin/perl.exe" Configure
"with-tools-version=15.0"
"with-platform-toolset=v141"
"with-platform-version=10.0.17763.0"
"with-vcredist=C:/Program Files (x86)/Microsoft Visual Studio/2017/BuildTools/VC/Redist/MSVC/14.16.27012/vcredist_x64.exe"
"with-openssl=C:/OpenSSL"
"with-libxml2=C:/libxml2"
"with-libuv=C:/libuv"
"without-python"
"with-system-tests"
x64'
- 'Set-Item -path "Env:CL" -value "/MP$([Math]::Truncate($BUILD_PARALLEL_JOBS/2))"'
- '& msbuild.exe /maxCpuCount:2 /t:Build /p:Configuration=$VSCONF bind9.sln'
needs: []
artifacts:
untracked: true
expire_in: "1 day"
when: always
.setup_interfaces: &setup_interfaces |
if [ "$(id -u)" -eq "0" ]; then
sh -x bin/tests/system/ifconfig.sh up;
else
sudo sh -x bin/tests/system/ifconfig.sh up;
fi
.setup_softhsm: &setup_softhsm |
export SLOT=$(sh -x bin/tests/prepare-softhsm2.sh)
test -n "${SLOT}" && test "${SLOT}" -gt 0
.system_test_common: &system_test_common
<<: *default_triggering_rules
stage: system
before_script:
- *setup_softhsm
# Move the artifacts from the out-of-tree build job to their original location (the out-of-tree workspace).
- test -n "${OUT_OF_TREE_WORKSPACE}" && mv "$(basename "${OUT_OF_TREE_WORKSPACE}")" "${OUT_OF_TREE_WORKSPACE}"
# Continue work in the out-of-tree workspace.
- test -n "${OUT_OF_TREE_WORKSPACE}" && cd "${OUT_OF_TREE_WORKSPACE}"
- *setup_interfaces
script:
- cd bin/tests/system
- make -j${TEST_PARALLEL_JOBS:-1} -k check V=1
after_script:
- test -n "${OUT_OF_TREE_WORKSPACE}" && cd "${OUT_OF_TREE_WORKSPACE}"
- test -d bind-* && cd bind-*
- cat bin/tests/system/test-suite.log
- test -n "${OUT_OF_TREE_WORKSPACE}" && mv "${OUT_OF_TREE_WORKSPACE}" "${CI_PROJECT_DIR}"
.system_test: &system_test_job
<<: *system_test_common
artifacts:
untracked: true
expire_in: "1 day"
when: on_failure
.system_test_tsan: &system_test_tsan_job
<<: *system_test_common
allow_failure: true
after_script:
- cat bin/tests/system/test-suite.log
- find bin -name 'tsan.*' -exec python3 util/parse_tsan.py {} \;
artifacts:
expire_in: "1 day"
untracked: true
when: on_failure
.kyua_report: &kyua_report_html |
kyua --logfile /dev/null report-html \
--force \
--results-file "$KYUA_RESULT" \
--results-filter "" \
--output kyua_html
.windows_system_test: &windows_system_test_job
stage: system
tags:
- windows
- amd64
script:
- 'Push-Location bin/tests/system'
- '$ifIndex = Get-NetIPInterface -AddressFamily IPv4 -InterfaceMetric 75 | Select-Object -ExpandProperty ifIndex'
- '& C:/tools/cygwin/bin/sed.exe -i "s/^exit.*/netsh interface ipv4 set dnsservers $ifIndex dhcp/; s/\(name\|interface\)=Loopback/$ifIndex/;" ifconfig.bat'
- '& C:/tools/cygwin/bin/sed.exe -i "s/kill -f/kill -W/;" conf.sh stop.pl'
- '& cmd.exe /C ifconfig.bat up; ""'
- 'Start-Sleep 2'
- '$Env:Path = "C:/tools/cygwin/bin;$Env:Path"'
- '& sh.exe runall.sh $TEST_PARALLEL_JOBS'
- 'If (Test-Path C:/CrashDumps/*) { dir C:/CrashDumps; Throw }'
artifacts:
untracked: true
expire_in: "1 day"
when: on_failure
only:
- schedules
- tags
- web
.unit_test_common: &unit_test_common
<<: *default_triggering_rules
stage: unit
before_script:
- *setup_softhsm
script:
- make -j${TEST_PARALLEL_JOBS:-1} -k unit V=1
.unit_test: &unit_test_job
<<: *unit_test_common
artifacts:
untracked: true
expire_in: "1 day"
when: on_failure
.unit_test_tsan: &unit_test_tsan_job
<<: *unit_test_common
after_script:
- find lib -name 'tsan.*' -exec python3 util/parse_tsan.py {} \;
artifacts:
expire_in: "1 day"
paths:
- lib/*/tests/tsan.*
- tsan/
when: on_failure
.cppcheck_args: &run_cppcheck |
cppcheck --enable=warning,performance,portability,information,missingInclude --include=config.h --std=c11 --language=c --project=compile_commands.json --error-exitcode=2 -j ${TEST_PARALLEL_JOBS:-1} --xml --output-file=cppcheck.results --relative-paths="$CI_PROJECT_DIR" --inline-suppr --suppressions-list=util/suppressions.txt
.cppcheck_report: &cppcheck_report_html |
cppcheck-htmlreport --title="BIND 9 ($CI_COMMIT_SHORT_SHA) Cppcheck Report" --file=cppcheck.results --report-dir=cppcheck_html/
.cppcheck: &cppcheck_job
<<: *default_triggering_rules
stage: postcheck
script:
# Workaround for cppcheck 2.0 uninitvar false positives triggered by (&var)->field syntax
# (see: https://sourceforge.net/p/cppcheck/discussion/general/thread/122153e3c1/)
- sed -i '/^#define ISC__BUFFER.*\\$/{s|_b|__b|;N;s|do {|\0 isc_buffer_t *_b = (isc_buffer_t *)__b;|}; /^#define ISC__BUFFER.*REGION.*\\$/{s|_r|__r|;N;s|do {|\0 isc_region_t *_r = (isc_region_t *)__r;|; /USEDREGION/{s|isc_buffer_t|const \0|g}}' lib/isc/include/isc/buffer.h
- *configure
- (make -nwk all || true) | compiledb
- export GCC_VERSION=$(gcc --version | sed -n 's/.* \([0-9]\+\)\.[0-9]\+\.[0-9]\+.*/\1/p')
- sed -i "/gcc\",/a\"-DCPPCHECK\", \"-D__STDC__\", \"-D__GNUC__=${GCC_VERSION}\"," compile_commands.json
- *run_cppcheck
after_script:
- *cppcheck_report_html
artifacts:
paths:
- compile_commands.json
- cppcheck.results
- cppcheck_html/
expire_in: "1 day"
when: on_failure
needs:
- job: autoreconf
artifacts: true
### Job Definitions
# Jobs in the precheck stage
autoreconf:
<<: *autoconf_job
misc:
<<: *precheck_job
script:
- sh util/checklibs.sh > checklibs.out
- sh util/tabify-changes < CHANGES > CHANGES.tmp
- diff -urNap CHANGES CHANGES.tmp
- perl util/check-changes CHANGES
- test ! -f CHANGES.SE || sh util/tabify-changes < CHANGES.SE > CHANGES.tmp
- test ! -f CHANGES.SE || diff -urNap CHANGES.SE CHANGES.tmp
- test ! -f CHANGES.SE || perl util/check-changes master=0 CHANGES.SE
- rm CHANGES.tmp
- perl -w util/merge_copyrights
- diff -urNap util/copyrights util/newcopyrights
- rm util/newcopyrights
- perl -w util/update_copyrights < util/copyrights
- if test "$(git status --porcelain | grep -Ev '\?\?' | wc -l)" -gt "0"; then git status --short; exit 1; fi
- xmllint --noout --nonet `git ls-files '*.xml' '*.docbook'`
- sh util/check-win32util-configure
- sh util/check-categories.sh
- if git grep SYSTEMTESTTOP -- ':!.gitlab-ci.yml'; then echo 'Please use relative paths instead of $SYSTEMTESTTOP.'; exit 1; fi
needs: []
artifacts:
paths:
- util/newcopyrights
- checklibs.out
expire_in: "1 day"
when: on_failure
clang-format:
<<: *precheck_job
needs: []
script:
- if [ -r .clang-format ]; then "${CLANG_FORMAT}" -i -style=file $(git ls-files '*.c' '*.h'); fi
- if test "$(git status --porcelain | grep -Ev '\?\?' | wc -l)" -gt "0"; then git status --short; exit 1; fi
coccinelle:
<<: *precheck_job
needs: []
script:
- util/check-cocci
- if test "$(git status --porcelain | grep -Ev '\?\?' | wc -l)" -gt "0"; then git status --short; exit 1; fi
danger:
<<: *precheck_job
needs: []
script:
- danger-python ci -f
only:
refs:
- merge_requests
variables:
- $DANGER_GITLAB_API_TOKEN
flake8:
<<: *default_triggering_rules
<<: *base_image
stage: postcheck
needs:
- job: autoreconf
artifacts: true
script:
- *configure
- flake8 --max-line-length=80 $(git ls-files '*.py' | grep -vE '(ans\.py|dangerfile\.py)')
only:
- merge_requests
pylint:
<<: *default_triggering_rules
<<: *base_image
stage: postcheck
needs:
- job: autoreconf
artifacts: true
script:
- *configure
- PYTHONPATH="$PYTHONPATH:$CI_PROJECT_DIR/bin/python"
- pylint --rcfile $CI_PROJECT_DIR/.pylintrc $(git ls-files '*.py' | grep -vE '(ans\.py|dangerfile\.py)')
only:
- merge_requests
tarball-create:
stage: precheck
<<: *base_image
<<: *default_triggering_rules
script:
- ./configure --enable-maintainer-mode
- make maintainer-clean
- autoreconf -fi
- ./configure --enable-maintainer-mode
- make -j${BUILD_PARALLEL_JOBS:-1} all V=1
- if test "$(git status --porcelain | grep -Ev '\?\?' | wc -l)" -gt "0"; then git status --short; exit 1; fi
- make -j${BUILD_PARALLEL_JOBS:-1} dist V=1
artifacts:
paths:
- bind-*.tar.${TARBALL_EXTENSION}
needs:
- job: autoreconf
artifacts: true
# Jobs for doc builds on Debian 10 "buster" (amd64)
docs:
<<: *release_branch_triggering_rules
<<: *base_image
stage: docs
before_script:
- test -w "${CCACHE_DIR}" && export PATH="/usr/lib/ccache:${PATH}"
script:
- *configure
- make -j${BUILD_PARALLEL_JOBS:-1} -k doc V=1
needs:
- job: autoreconf
artifacts: true
allow_failure: false
artifacts:
paths:
- doc/arm/
- doc/man/
- doc/misc/
expire_in: "1 month"
push:docs:
<<: *base_image
stage: push
needs:
- job: docs
artifacts: false
script:
- curl -X POST -F token=$GITLAB_PAGES_DOCS_TRIGGER_TOKEN -F ref=main $GITLAB_PAGES_DOCS_TRIGGER_URL
only:
- main@isc-projects/bind9
- /^v9_[1-9][0-9]$/@isc-projects/bind9
# Jobs for regular GCC builds on Alpine Linux 3.12 (amd64)
gcc:alpine3.12:amd64:
variables:
CC: gcc
CFLAGS: "${CFLAGS_COMMON}"
EXTRA_CONFIGURE: "--enable-dnstap ${WITHOUT_READLINE}"
<<: *alpine_3_12_amd64_image
<<: *build_job
system:gcc:alpine3.12:amd64:
<<: *alpine_3_12_amd64_image
<<: *system_test_job
needs:
- job: gcc:alpine3.12:amd64
artifacts: true
unit:gcc:alpine3.12:amd64:
<<: *alpine_3_12_amd64_image
<<: *unit_test_job
needs:
- job: gcc:alpine3.12:amd64
artifacts: true
# Jobs for regular GCC builds on CentOS 7 (amd64)
gcc:centos7:amd64:
variables:
CC: gcc
CFLAGS: "${CFLAGS_COMMON}"
EXTRA_CONFIGURE: "--enable-dnstap --with-libidn2"
<<: *centos_centos7_amd64_image
<<: *build_job
system:gcc:centos7:amd64:
<<: *centos_centos7_amd64_image
<<: *system_test_job
needs:
- job: gcc:centos7:amd64
artifacts: true
unit:gcc:centos7:amd64:
<<: *centos_centos7_amd64_image
<<: *unit_test_job
needs:
- job: gcc:centos7:amd64
artifacts: true
# Jobs for regular GCC builds on CentOS 8 (amd64)
gcc:centos8:amd64:
variables:
CC: gcc
CFLAGS: "${CFLAGS_COMMON}"
EXTRA_CONFIGURE: "--enable-buffer-useinline --with-libidn2"
<<: *centos_centos8_amd64_image
<<: *build_job
system:gcc:centos8:amd64:
<<: *centos_centos8_amd64_image
<<: *system_test_job
needs:
- job: gcc:centos8:amd64
artifacts: true
unit:gcc:centos8:amd64:
<<: *centos_centos8_amd64_image
<<: *unit_test_job
needs:
- job: gcc:centos8:amd64
artifacts: true
# Jobs for regular GCC builds on Debian 9 "stretch" (amd64)
gcc:stretch:amd64:
variables:
CC: gcc
CFLAGS: "${CFLAGS_COMMON} -O2"
<<: *debian_stretch_amd64_image
<<: *build_job
system:gcc:stretch:amd64:
<<: *debian_stretch_amd64_image
<<: *system_test_job
needs:
- job: gcc:stretch:amd64
artifacts: true
unit:gcc:stretch:amd64:
<<: *debian_stretch_amd64_image
<<: *unit_test_job
needs:
- job: gcc:stretch:amd64
artifacts: true
# Jobs for regular GCC builds on Debian 10 "buster" (amd64)
gcc:buster:amd64:
variables:
CC: gcc
CFLAGS: "${CFLAGS_COMMON}"
EXTRA_CONFIGURE: "${WITH_READLINE_LIBEDIT}"
<<: *debian_buster_amd64_image
<<: *build_job
system:gcc:buster:amd64:
<<: *debian_buster_amd64_image
<<: *system_test_job
needs:
- job: gcc:buster:amd64
artifacts: true
unit:gcc:buster:amd64:
<<: *debian_buster_amd64_image
<<: *unit_test_job
needs:
- job: gcc:buster:amd64
artifacts: true
# Jobs for scan-build builds on Debian 10 "buster" (amd64)
.scan_build: &scan_build |
${SCAN_BUILD} --html-title="BIND 9 ($CI_COMMIT_SHORT_SHA)" \
--keep-cc \
--status-bugs \
--keep-going \
-o scan-build.reports \
make -j${BUILD_PARALLEL_JOBS:-1} all V=1
scan-build:
<<: *default_triggering_rules
<<: *base_image
stage: postcheck
variables:
CC: "${CLANG}"
CFLAGS: "${CFLAGS_COMMON}"
CONFIGURE: "${SCAN_BUILD} ./configure"
EXTRA_CONFIGURE: "--enable-dnstap --with-libidn2"
script:
- *configure
- *scan_build
needs:
- job: autoreconf
artifacts: true
artifacts:
paths:
- scan-build.reports/
expire_in: "1 day"
when: on_failure
# Jobs for regular GCC builds on Debian "sid" (amd64)
# Also tests configration option: --without-lmdb.
gcc:sid:amd64:
variables:
CC: gcc
CFLAGS: "${CFLAGS_COMMON} -O3"
EXTRA_CONFIGURE: "--enable-dnstap --with-libidn2 --without-lmdb"
RUN_MAKE_INSTALL: 1
<<: *debian_sid_amd64_image
<<: *build_job
system:gcc:sid:amd64:
<<: *debian_sid_amd64_image
<<: *system_test_job
needs:
- job: gcc:sid:amd64
artifacts: true
unit:gcc:sid:amd64:
<<: *debian_sid_amd64_image
<<: *unit_test_job
needs:
- job: gcc:sid:amd64
artifacts: true
cppcheck:
<<: *base_image
<<: *cppcheck_job
# Job for out-of-tree GCC build on Debian "sid" (amd64)
# Also tests configration option: --with-lmdb.
gcc:out-of-tree:
variables:
CC: gcc
CFLAGS: "${CFLAGS_COMMON} -Og"
CONFIGURE: "${CI_PROJECT_DIR}/configure"
EXTRA_CONFIGURE: "--enable-dnstap --with-libidn2 --with-lmdb"
RUN_MAKE_INSTALL: 1
OUT_OF_TREE_WORKSPACE: /tmp/out_of_tree_workspace
<<: *base_image
<<: *build_job
system:gcc:out-of-tree:
variables:
OUT_OF_TREE_WORKSPACE: /tmp/out_of_tree_workspace
needs:
- job: gcc:out-of-tree
artifacts: true
<<: *base_image
<<: *system_test_job
only:
- schedules
- tags
- web
# Jobs for tarball GCC builds on Debian 10 "buster" (amd64)
gcc:tarball:
variables:
CC: gcc
EXTRA_CONFIGURE: "--enable-dnstap --with-libidn2"
RUN_MAKE_INSTALL: 1
<<: *base_image
<<: *build_job
before_script:
- tar --extract --file bind-*.tar.${TARBALL_EXTENSION}
- rm -f bind-*.tar.${TARBALL_EXTENSION}
- cd bind-*
needs:
- job: tarball-create
artifacts: true
only:
- schedules
- tags
system:gcc:tarball:
<<: *base_image
<<: *system_test_job
before_script:
- cd bind-*
- *setup_interfaces
needs:
- job: gcc:tarball
artifacts: true
only:
- schedules
- tags
unit:gcc:tarball:
<<: *base_image
<<: *unit_test_job
before_script:
- cd bind-*
needs:
- job: gcc:tarball
artifacts: true
only:
- schedules
- tags
# Jobs for regular GCC builds on Debian "sid" (i386)
gcc:sid:i386:
variables:
CC: gcc
CFLAGS: "${CFLAGS_COMMON}"
EXTRA_CONFIGURE: "--with-libidn2"
<<: *debian_sid_i386_image
<<: *build_job
system:gcc:sid:i386:
<<: *debian_sid_i386_image
<<: *system_test_job
needs:
- job: gcc:sid:i386
artifacts: true
unit:gcc:sid:i386:
<<: *debian_sid_i386_image
<<: *unit_test_job
needs:
- job: gcc:sid:i386
artifacts: true
# Jobs for regular GCC builds on openSUSE Tumbleweed (amd64)
gcc:tumbleweed:amd64:
variables:
CC: gcc
CFLAGS: "${CFLAGS_COMMON}"
EXTRA_CONFIGURE: "--with-libidn2 ${WITH_READLINE_READLINE}"
<<: *tumbleweed_latest_amd64_image
<<: *build_job
system:gcc:tumbleweed:amd64:
<<: *tumbleweed_latest_amd64_image
<<: *system_test_job
needs:
- job: gcc:tumbleweed:amd64
artifacts: true
unit:gcc:tumbleweed:amd64:
<<: *tumbleweed_latest_amd64_image
<<: *unit_test_job
needs:
- job: gcc:tumbleweed:amd64
artifacts: true
# Jobs for regular GCC builds on Ubuntu 16.04 Xenial Xerus (amd64)
gcc:xenial:amd64:
variables:
CC: gcc
CFLAGS: "${CFLAGS_COMMON} -O2"
EXTRA_CONFIGURE: "--disable-geoip"
<<: *ubuntu_xenial_amd64_image
<<: *build_job
system:gcc:xenial:amd64:
<<: *ubuntu_xenial_amd64_image
<<: *system_test_job
needs:
- job: gcc:xenial:amd64
artifacts: true
unit:gcc:xenial:amd64:
<<: *ubuntu_xenial_amd64_image
<<: *unit_test_job
needs:
- job: gcc:xenial:amd64
artifacts: true
# Jobs for regular GCC builds on Ubuntu 20.04 Focal Fossa (amd64)
gcc:focal:amd64:
variables:
CC: gcc
CFLAGS: "${CFLAGS_COMMON} -Og"
EXTRA_CONFIGURE: "--with-libidn2"
<<: *ubuntu_focal_amd64_image
<<: *build_job
system:gcc:focal:amd64:
<<: *ubuntu_focal_amd64_image
<<: *system_test_job
needs:
- job: gcc:focal:amd64
artifacts: true
unit:gcc:focal:amd64:
<<: *ubuntu_focal_amd64_image
<<: *unit_test_job
needs:
- job: gcc:focal:amd64
artifacts: true
# Jobs for ASAN builds on Debian 10 "buster" (amd64)
gcc:asan:
variables:
CC: gcc
CFLAGS: "${CFLAGS_COMMON} -fsanitize=address,undefined -DISC_MEM_USE_INTERNAL_MALLOC=0"
LDFLAGS: "-fsanitize=address,undefined"
EXTRA_CONFIGURE: "--with-libidn2"
<<: *base_image
<<: *build_job
system:gcc:asan:
variables:
ASAN_OPTIONS: ${ASAN_OPTIONS_COMMON}
<<: *base_image
<<: *system_test_job
needs:
- job: gcc:asan
artifacts: true
unit:gcc:asan:
variables:
ASAN_OPTIONS: ${ASAN_OPTIONS_COMMON}
<<: *base_image
<<: *unit_test_job
needs:
- job: gcc:asan
artifacts: true
clang:asan:
variables:
CC: ${CLANG}
CFLAGS: "${CFLAGS_COMMON} -fsanitize=address,undefined -DISC_MEM_USE_INTERNAL_MALLOC=0"
LDFLAGS: "-fsanitize=address,undefined"
EXTRA_CONFIGURE: "--with-libidn2"
<<: *base_image
<<: *build_job
system:clang:asan:
variables:
ASAN_OPTIONS: ${ASAN_OPTIONS_COMMON}
<<: *base_image
<<: *system_test_job
needs:
- job: clang:asan
artifacts: true
unit:clang:asan:
variables:
ASAN_OPTIONS: ${ASAN_OPTIONS_COMMON}
<<: *base_image
<<: *unit_test_job
needs:
- job: clang:asan
artifacts: true
# Jobs for TSAN builds on Debian 10 "buster" (amd64)
gcc:tsan:
<<: *base_image
<<: *build_job
variables:
CC: gcc
CFLAGS: "${CFLAGS_COMMON} -fsanitize=thread -DISC_MEM_USE_INTERNAL_MALLOC=0"
LDFLAGS: "-fsanitize=thread"
EXTRA_CONFIGURE: "--with-libidn2 --enable-pthread-rwlock"
system:gcc:tsan:
variables:
TSAN_OPTIONS: ${TSAN_OPTIONS_COMMON}
<<: *base_image
<<: *system_test_tsan_job
needs:
- job: gcc:tsan
artifacts: true
unit:gcc:tsan:
variables:
TSAN_OPTIONS: ${TSAN_OPTIONS_COMMON}
<<: *base_image
<<: *unit_test_tsan_job
needs:
- job: gcc:tsan
artifacts: true
clang:tsan:
<<: *base_image
<<: *build_job
variables:
CC: "${CLANG}"
CFLAGS: "${CFLAGS_COMMON} -fsanitize=thread -DISC_MEM_USE_INTERNAL_MALLOC=0"
LDFLAGS: "-fsanitize=thread"
EXTRA_CONFIGURE: "--with-libidn2 --enable-pthread-rwlock"
system:clang:tsan:
variables:
TSAN_OPTIONS: ${TSAN_OPTIONS_COMMON}
<<: *base_image
<<: *system_test_tsan_job
needs:
- job: clang:tsan
artifacts: true
unit:clang:tsan:
variables:
TSAN_OPTIONS: ${TSAN_OPTIONS_COMMON}
<<: *base_image
<<: *unit_test_tsan_job
needs:
- job: clang:tsan
artifacts: true
# Jobs for builds with mutex-based atomics on Debian 10 "buster" (amd64)
gcc:mutexatomics:
variables:
CC: gcc
CFLAGS: "${CFLAGS_COMMON} -DISC_MEM_USE_INTERNAL_MALLOC=0"
EXTRA_CONFIGURE: "--with-libidn2 --enable-mutex-atomics"
<<: *base_image
<<: *build_job
system:gcc:mutexatomics:
<<: *base_image
<<: *system_test_job
needs:
- job: gcc:mutexatomics
artifacts: true
unit:gcc:mutexatomics:
<<: *base_image
<<: *unit_test_job
needs:
- job: gcc:mutexatomics
artifacts: true
# Jobs for Clang builds on Debian 10 "buster" (amd64)
clang:buster:amd64:
variables:
CC: ${CLANG}
CFLAGS: "${CFLAGS_COMMON} -Wenum-conversion"
<<: *debian_buster_amd64_image
<<: *build_job
system:clang:buster:amd64:
<<: *debian_buster_amd64_image
<<: *system_test_job
needs:
- job: clang:buster:amd64
artifacts: true
unit:clang:buster:amd64:
<<: *debian_buster_amd64_image
<<: *unit_test_job
needs:
- job: clang:buster:amd64
artifacts: true
# Jobs for PKCS#11-enabled GCC builds on Debian "sid" (amd64)
gcc:softhsm2.4:
variables:
CC: gcc
CFLAGS: "${CFLAGS_COMMON}"
EXTRA_CONFIGURE: "--enable-native-pkcs11 --with-pkcs11=/usr/lib/softhsm/libsofthsm2.so"
<<: *base_image
<<: *build_job
system:gcc:softhsm2.4:
<<: *base_image
<<: *system_test_job
needs:
- job: gcc:softhsm2.4
artifacts: true
unit:gcc:softhsm2.4:
<<: *base_image
<<: *unit_test_job
needs:
- job: gcc:softhsm2.4
artifacts: true
# Jobs for PKCS#11-enabled GCC builds on Fedora 32 (amd64)
gcc:softhsm2.6:
variables:
CC: gcc
CFLAGS: "${CFLAGS_COMMON} -O1"
EXTRA_CONFIGURE: "--with-libidn2 --enable-native-pkcs11 --with-pkcs11=/usr/lib64/pkcs11/libsofthsm2.so"
<<: *fedora_32_amd64_image
<<: *build_job
system:gcc:softhsm2.6:
<<: *fedora_32_amd64_image
<<: *system_test_job
needs:
- job: gcc:softhsm2.6
artifacts: true
unit:gcc:softhsm2.6:
<<: *fedora_32_amd64_image
<<: *unit_test_job
needs:
- job: gcc:softhsm2.6
artifacts: true
# Jobs for Clang builds on FreeBSD 11 (amd64)
clang:freebsd11:amd64:
variables:
CFLAGS: "${CFLAGS_COMMON}"
EXTRA_CONFIGURE: "${WITH_READLINE}"
USER: gitlab-runner
<<: *freebsd_11_amd64_image
<<: *build_job
system:clang:freebsd11:amd64:
<<: *freebsd_11_amd64_image
<<: *system_test_job
variables:
USER: gitlab-runner
TEST_PARALLEL_JOBS: 4
needs:
- job: clang:freebsd11:amd64
artifacts: true
unit:clang:freebsd11:amd64:
<<: *freebsd_11_amd64_image
<<: *unit_test_job
needs:
- job: clang:freebsd11:amd64
artifacts: true
# Jobs for Clang builds on FreeBSD 12 (amd64)
clang:freebsd12:amd64:
variables:
CFLAGS: "${CFLAGS_COMMON}"
EXTRA_CONFIGURE: "--enable-dnstap ${WITH_READLINE_EDITLINE}"
USER: gitlab-runner
<<: *freebsd_12_amd64_image
<<: *build_job
system:clang:freebsd12:amd64:
<<: *freebsd_12_amd64_image
<<: *system_test_job
variables:
USER: gitlab-runner
TEST_PARALLEL_JOBS: 4
needs:
- job: clang:freebsd12:amd64
artifacts: true
unit:clang:freebsd12:amd64:
<<: *freebsd_12_amd64_image
<<: *unit_test_job
needs:
- job: clang:freebsd12:amd64
artifacts: true
# Jobs for Clang builds on OpenBSD (amd64)
clang:openbsd:amd64:
variables:
CC: clang
USER: gitlab-runner
<<: *openbsd_amd64_image
<<: *build_job
system:clang:openbsd:amd64:
<<: *openbsd_amd64_image
<<: *system_test_job
variables:
USER: gitlab-runner
needs:
- job: clang:openbsd:amd64
artifacts: true
only:
- schedules
- web
unit:clang:openbsd:amd64:
<<: *openbsd_amd64_image
<<: *unit_test_job
variables:
USER: gitlab-runner
needs:
- job: clang:openbsd:amd64
artifacts: true
# Jobs for Visual Studio 2017 builds on Windows (amd64)
msvc:windows:amd64:
<<: *windows_build_job
<<: *default_triggering_rules
variables:
VSCONF: Release
system:msvc:windows:amd64:
<<: *windows_system_test_job
variables:
VSCONF: Release
needs:
- job: msvc:windows:amd64
artifacts: true
msvc-debug:windows:amd64:
<<: *windows_build_job
variables:
VSCONF: Debug
only:
- schedules
- tags
- web
system:msvc-debug:windows:amd64:
<<: *windows_system_test_job
variables:
VSCONF: Debug
needs:
- job: msvc-debug:windows:amd64
artifacts: true
# Job producing a release tarball
release:
<<: *base_image
stage: release
script:
- export BIND_DIRECTORY="$(basename "$(find . -name "bind-*.tar.*" -printf "%f")" ".tar.${TARBALL_EXTENSION}")"
# Remove redundant files and system test utilities from Windows build artifacts
- find Build/Release/ -name "*.pdb" -print -delete
- find Build/Debug/ \( -name "*.bsc" -o -name "*.idb" \) -print -delete
- find Build/ -regextype posix-extended -regex "Build/.*/($(find bin/tests/ -type f | sed -nE "s|^bin/tests(/system)?/win32/(.*)\.vcxproj$|\2|p" | paste -d"|" -s))\..*" -print -delete
# Create Windows zips
- openssl dgst -sha256 "${BIND_DIRECTORY}.tar.${TARBALL_EXTENSION}" | tee Build/Release/SHA256 Build/Debug/SHA256
- cp "doc/arm/_build/latex/Bv9ARM.pdf" Build/Release/
- cp "doc/arm/_build/latex/Bv9ARM.pdf" Build/Debug/
- ( cd Build/Release; zip "../../BIND${BIND_DIRECTORY#bind-}.x64.zip" * )
- ( cd Build/Debug; zip "../../BIND${BIND_DIRECTORY#bind-}.debug.x64.zip" * )
# Prepare release tarball contents (tarballs + zips + documentation)
- mkdir -p release/doc/arm
- pushd release
- mv "../${BIND_DIRECTORY}.tar.${TARBALL_EXTENSION}" ../BIND*.zip .
- tar --extract --file="${BIND_DIRECTORY}.tar.${TARBALL_EXTENSION}"
- mv "${BIND_DIRECTORY}"/{CHANGES*,COPYRIGHT,LICENSE,README.md,srcid} .
- rm -rf "${BIND_DIRECTORY}"
- mv "../doc/arm/_build/html" doc/arm/
- mv "../doc/arm/_build/latex/Bv9ARM.pdf" doc/arm/
- mv "../doc/arm/_build/epub/Bv9ARM.epub" doc/arm/
- echo '<!DOCTYPE HTML><html lang="en"><meta http-equiv="refresh" content="0; url=doc/arm/html/notes.html"><title>Redirect</title></html>' > "RELEASE-NOTES-${BIND_DIRECTORY}.html"
- popd
# Create release tarball
- tar --create --file="${CI_COMMIT_TAG}.tar.gz" --gzip release/
needs:
- job: tarball-create
artifacts: true
- job: msvc:windows:amd64
artifacts: true
- job: msvc-debug:windows:amd64
artifacts: true
- job: docs
artifacts: true
only:
- tags
artifacts:
paths:
- "*.tar.gz"
expire_in: "1 day"
# Coverity Scan analysis upload
.coverity_cache_prep: &coverity_cache_prep |
test -f cov-analysis-linux64.md5 && test -f cov-analysis-linux64.tgz || (
curl --output cov-analysis-linux64.md5 https://scan.coverity.com/download/linux64 \
--form project=$COVERITY_SCAN_PROJECT_NAME \
--form token=$COVERITY_SCAN_TOKEN \
--form md5=1
curl --output cov-analysis-linux64.tgz https://scan.coverity.com/download/linux64 \
--form project=$COVERITY_SCAN_PROJECT_NAME \
--form token=$COVERITY_SCAN_TOKEN
)
test "$(md5sum cov-analysis-linux64.tgz | awk '{ print $1 }')" = "$(cat cov-analysis-linux64.md5)"
tar --extract --gzip --file=cov-analysis-linux64.tgz
test -d cov-analysis-linux64-2019.03
.coverity_build: &coverity_build |
cov-analysis-linux64-2019.03/bin/cov-build --dir cov-int sh -c 'make -j${BUILD_PARALLEL_JOBS:-1} -k all V=1'
tar --create --gzip --file=cov-int.tar.gz cov-int/
curl -v https://scan.coverity.com/builds?project=$COVERITY_SCAN_PROJECT_NAME \
--form token=$COVERITY_SCAN_TOKEN \
--form email=bind-changes@isc.org \
--form file=@cov-int.tar.gz \
--form version="$(git rev-parse --short HEAD)" \
--form description="$(git rev-parse --short HEAD) / $CI_COMMIT_TITLE / $CI_COMMIT_REF_NAME:$CI_PIPELINE_ID" 2>&1 \
| tee curl-response.txt
grep -q 'Build successfully submitted' curl-response.txt
coverity:
<<: *base_image
stage: postcheck
variables:
CC: gcc
CFLAGS: "${CFLAGS_COMMON} -Og"
EXTRA_CONFIGURE: "--enable-dnstap --with-libidn2"
script:
- *coverity_cache_prep
- *configure
- *coverity_build
needs:
- job: autoreconf
artifacts: true
artifacts:
paths:
- curl-response.txt
- cov-int.tar.gz
expire_in: "1 week"
when: on_failure
only:
variables:
- $COVERITY_SCAN_PROJECT_NAME
- $COVERITY_SCAN_TOKEN
cache:
key: cov-analysis-linux64-2019.03
paths:
- cov-analysis-linux64.md5
- cov-analysis-linux64.tgz
# Respdiff test
respdiff:
<<: *base_image
stage: system
variables:
CC: gcc
CFLAGS: "${CFLAGS_COMMON} -Og"
BIND_BASELINE_VERSION: v9_11_3
script:
- autoreconf -fi
- ./configure
- make -j${BUILD_PARALLEL_JOBS:-1} V=1
- *setup_interfaces
- git clone --depth 1 https://gitlab-ci-token:${CI_JOB_TOKEN}@gitlab.isc.org/isc-private/bind-qa.git
- git clone --branch "${BIND_BASELINE_VERSION}" --depth 1 https://gitlab.isc.org/isc-projects/bind9.git refbind
- cd refbind/
- ./configure
- make -j${BUILD_PARALLEL_JOBS:-1} V=1
- cd ../bind-qa/bind9/respdiff
- bash respdiff.sh -q "${PWD}/100k_mixed.txt" -c 3 -w "${PWD}/rspworkdir" "${CI_PROJECT_DIR}/refbind" "${CI_PROJECT_DIR}"
needs:
- job: tarball-create
artifacts: true
only:
- tags
artifacts:
paths:
- refbind
untracked: true
expire_in: "1 day"
when: on_failure
# ABI check
abi-check:
<<: *base_image
stage: build
needs:
- job: autoreconf
artifacts: true
variables:
CC: gcc
CFLAGS: "${CFLAGS_COMMON} -Og"
EXTRA_CONFIGURE: "--enable-dnstap --with-libidn2"
BIND_BASELINE_VERSION: v9_17_5
script:
- *configure
- make -j${BUILD_PARALLEL_JOBS:-1} V=1
- git clone --branch "${BIND_BASELINE_VERSION}" --depth 1 https://gitlab.isc.org/isc-projects/bind9.git refbind
- cd refbind/
- autoreconf -fi
- *configure
- make -j${BUILD_PARALLEL_JOBS:-1} V=1
- cd ..
- util/api-checker.sh . refbind
artifacts:
paths:
- "*-lib*.html"
- "*-lib*.txt"
- "abi-*.dump"
expire_in: "1 week"
only:
- main@isc-projects/bind9
- /^v9_[1-9][0-9]$/@isc-projects/bind9
gcov:
<<: *base_image
stage: build
needs:
- job: autoreconf
artifacts: true
variables:
CC: gcc
CFLAGS: "${CFLAGS_COMMON} --coverage -O0"
EXTRA_CONFIGURE: "--enable-dnstap --with-libidn2"
script:
- *configure
- *setup_interfaces
- *setup_softhsm
- make -j${BUILD_PARALLEL_JOBS:-1} -k all V=1
- make -j${TEST_PARALLEL_JOBS:-1} -k unit V=1 || true
- make -C bin/tests/system -j${TEST_PARALLEL_JOBS:-1} -k check V=1 || cat bin/tests/system/test-suite.log
# *.gcno and *.gcda files generated for shared library objects are created
# in directories in which gcovr is unable to process them properly
# (.../.libs/...). Move such *.gcno and *.gcda files one level higher.
- find . -regex ".*/\.libs/.*\.\(gcda\|gcno\)" -execdir mv "{}" .. \;
# Help gcovr process the nasty tricks in lib/dns/code.h, where we include C
# source files from lib/dns/rdata/*/, using an even nastier trick.
- find lib/dns/rdata/* -name "*.c" -execdir cp -f "{}" ../../ \;
- gcovr --root . --exclude-directories bin/tests --exclude-directories doc --exclude-directories libltdl --exclude-directories lib/samples --exclude 'lib/.*/tests/.*' --html-details -o coverage.html
- gcovr --root . --exclude-directories bin/tests --exclude-directories doc --exclude-directories libltdl --exclude-directories lib/samples --exclude 'lib/.*/tests/.*' -o coverage.txt
- tail -n 3 coverage.txt
artifacts:
paths:
- coverage*.html
only:
- main@isc-projects/bind9
- /^v9_[1-9][0-9]$/@isc-projects/bind9
# Pairwise testing of ./configure options
pairwise:
<<: *base_image
stage: build
needs:
- job: autoreconf
artifacts: true
script:
- util/pairwise-testing.sh
artifacts:
paths:
- pairwise-commands.txt
- pairwise-model.txt
- pairwise-output.*.txt
when: on_failure
only:
variables:
- $PAIRWISE_TESTING
View Git Blame Copy Permalink