stages: - preliminaries # signoff / static analysis - testing - deploy variables: BUILD_IMAGES_PROJECT: openconnect/build-images ALPINE_BUILD: buildenv-alpine DEBIAN_BUILD: buildenv-debian DEBIAN_X86_CROSS_BUILD: buildenv-debian-x86 FEDORA_BUILD: buildenv-fedora42 UBUNTU20_BUILD: buildenv-ubuntu20 UBUNTU22_BUILD: buildenv-ubuntu22 CENTOS8_BUILD: buildenv-centos8 CENTOS9_BUILD: buildenv-centos9 CENTOS10_BUILD: buildenv-centos10 MINIMALCONFIG: "--without-protobuf --without-libtalloc-prefix --without-libnl --without-maxmind --without-geoip --without-libreadline-prefix --without-liboath --without-libc-prefix --without-pam --without-radius --without-libcrypt-prefix --without-utmp --without-libutil-prefix --without-libwrap --without-libwrap-prefix --without-libseccomp-prefix --without-libsystemd-prefix --without-llhttp --without-lz4 --without-gssapi --without-pcl-lib --disable-rpath --disable-seccomp --disable-anyconnect-compat --disable-compression" JOBS: 4 Signoff: stage: preliminaries script: # Quoted to work around https://gitlab.com/gitlab-org/gitlab-foss/-/issues/20177 - 'echo "Checking for new commits without Signed-off-by: tags as described in https://gitlab.com/openconnect/ocserv/-/blob/master/CONTRIBUTING.md"' # Last bad commit - 'git log 6a65e3acdd3251fe20815cc2984a2781d9717173.. --grep "(^Signed-off-by)|(^Merge branch)|(^This reverts commit)" --extended-regexp --invert-grep --exit-code' - echo "None (good)" Debian: stage: testing image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$DEBIAN_BUILD script: - chmod -R o-w tests/data/raddb - git submodule update --init - autoreconf -fvi - ./configure --enable-oidc-auth - make -j$JOBS - export OCSERV_ALLOW_BROKEN_CLIENTS=1 - make check -j$JOBS tags: - saas-linux-medium-amd64 except: - tags - schedules artifacts: expire_in: 1 week when: on_failure paths: - ./*.log - ./tests/*.log i386/Debian: stage: testing image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$DEBIAN_X86_CROSS_BUILD script: - git submodule update --init - autoreconf -fvi # Radius seems to be malfunctioning on i386 build - ./configure --enable-oidc-auth --without-radius - make -j$JOBS - make check -j$JOBS VERBOSE=1 tags: - saas-linux-medium-amd64 except: - tags - schedules artifacts: expire_in: 1 week when: on_failure paths: - ./*.log - ./tests/*.log Ubuntu20.04: stage: testing image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$UBUNTU20_BUILD script: - git submodule update --init - autoreconf -fvi - ./configure --enable-oidc-auth --enable-latency-stats - make -j$JOBS - export MALLOC_CHECK_=3 - make check -j$JOBS tags: - saas-linux-medium-amd64 except: - tags - schedules artifacts: expire_in: 1 week when: on_failure paths: - ./*.log - ./tests/*.log Ubuntu22.04: stage: testing image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$UBUNTU22_BUILD script: - git submodule update --init - autoreconf -fvi - ./configure --enable-oidc-auth --enable-latency-stats - make -j$JOBS - export MALLOC_CHECK_=3 # There is an issue with gssapi on this version of Ubuntu. While # the package exists, it doesn't work as openssl doesn't support # md4. See https://bugs.launchpad.net/ubuntu/+source/gss-ntlmssp/+bug/1995915 - make check -j$JOBS XFAIL_TESTS="test-gssapi" tags: - saas-linux-medium-amd64 except: - tags - schedules artifacts: expire_in: 1 week when: on_failure paths: - ./*.log - ./tests/*.log Centos8: stage: testing image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$CENTOS8_BUILD script: - git submodule update --init - autoreconf -fvi - ./configure - chmod og-w tests/data/raddb - chmod og-w tests/data/raddb/* - make -j$JOBS - make check VERBOSE=1 -j$JOBS tags: - saas-linux-medium-amd64 except: - tags - schedules artifacts: expire_in: 1 week when: on_failure paths: - ./*.log - ./tests/*.log Centos9: stage: testing image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$CENTOS9_BUILD script: - git submodule update --init - autoreconf -fvi - ./configure - chmod og-w tests/data/raddb - chmod og-w tests/data/raddb/* - make -j$JOBS - make check VERBOSE=1 -j$JOBS tags: - saas-linux-medium-amd64 except: - tags - schedules artifacts: expire_in: 1 week when: on_failure paths: - ./*.log - ./tests/*.log Centos10: stage: testing image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$CENTOS10_BUILD script: - git submodule update --init - autoreconf -fvi - ./configure - chmod og-w tests/data/raddb - chmod og-w tests/data/raddb/* - make -j$JOBS - make check VERBOSE=1 -j$JOBS tags: - saas-linux-medium-amd64 except: - tags - schedules artifacts: expire_in: 1 week when: on_failure paths: - ./*.log - ./tests/*.log Coverity: stage: preliminaries image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$CENTOS8_BUILD only: - schedules - coverity script: - wget --quiet https://scan.coverity.com/download/linux64 --post-data "token=$COVERITY_SCAN_TOKEN&project=$COVERITY_SCAN_PROJECT_NAME" -O /tmp/coverity_tool.tgz - tar xfz /tmp/coverity_tool.tgz - git submodule update --init - autoreconf -fvi - CFLAGS="-g -O0" ./configure --disable-maintainer-mode --enable-latency-stats - cov-analysis-linux64-*/bin/cov-build --dir cov-int make -j$JOBS - tar cfz cov-int.tar.gz cov-int - curl https://scan.coverity.com/builds?project=$COVERITY_SCAN_PROJECT_NAME --form token=$COVERITY_SCAN_TOKEN --form email=n.mavrogiannopoulos@gmail.com --form file=@cov-int.tar.gz --form version="`git describe --tags`" --form description="CI build" tags: - saas-linux-small-amd64 artifacts: expire_in: 1 week when: on_failure paths: - cov-int/*.txt # Test building with musl musl/Alpine: stage: testing image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$ALPINE_BUILD script: - autoreconf -fvi - ./configure --disable-maintainer-mode --with-werror - make -j$JOBS tags: - saas-linux-small-amd64 except: - tags - schedules artifacts: expire_in: 1 week untracked: true when: on_failure Fedora: stage: testing image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD script: # ensure gcov scripts are writable - umask 000 - chmod -R o-w tests/data/raddb - git submodule update --init - autoreconf -fvi - CFLAGS="-g -O0" ./configure --enable-code-coverage --with-kerberos-tests --enable-oidc-auth - make -j$JOBS - make check -j$JOBS COVERAGE=1 VERBOSE=1 - make local-code-coverage-output coverage: '/coverage lines: \d+\.\d+/' tags: - saas-linux-medium-amd64 except: - tags artifacts: expire_in: 1 day untracked: true when: always noprocfs/distcheck/Fedora: stage: testing image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD script: - chmod -R o-w tests/data/raddb - git submodule update --init - autoreconf -fvi - ac_cv_file_FILE__proc_self_exe=no ./configure --disable-namespaces - make -j$JOBS - make distcheck VERBOSE=1 DISTCHECK_CONFIGURE_FLAGS="--disable-maintainer-mode" TESTS="" tags: - saas-linux-small-amd64 except: - tags - schedules artifacts: expire_in: 1 week untracked: true when: on_failure clang/Fedora: stage: testing image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD script: - chmod -R o-w tests/data/raddb - git submodule update --init - autoreconf -fvi - CC=clang ./configure --with-werror - make -j$JOBS - make check -j$JOBS tags: - saas-linux-medium-amd64 except: - tags - schedules artifacts: expire_in: 1 week untracked: true when: on_failure # Tests seccomp filters by asking seccomp to fail with a trap seccomp/Fedora: stage: testing image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD script: - chmod -R o-w tests/data/raddb - git submodule update --init - autoreconf -fvi - ./configure --with-kerberos-tests --enable-oidc-auth --with-seccomp-trap - make -j$JOBS - make check -j$JOBS tags: - saas-linux-medium-amd64 except: - tags - schedules artifacts: expire_in: 1 week untracked: true when: on_failure minimal: stage: testing image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$CENTOS8_BUILD script: - git submodule update --init - autoreconf -fvi - ./configure $MINIMALCONFIG - make -j$JOBS - make check -j$JOBS XFAIL_TESTS="lz4-compression lzs-compression" tags: - saas-linux-medium-amd64 except: - tags - schedules artifacts: expire_in: 1 week when: on_failure paths: - ./*.log - tests/*.log # Build a minimal version with every optional feature disabled minimal/Ubuntu20.04: stage: testing image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$UBUNTU20_BUILD script: - git submodule update --init - autoreconf -fvi - ./configure $MINIMALCONFIG - make -j$JOBS - make check -j$JOBS XFAIL_TESTS="lz4-compression lzs-compression" tags: - saas-linux-medium-amd64 except: - tags - schedules artifacts: expire_in: 1 week when: on_failure paths: - ./*.log - ./tests/*.log # We do not compile with PAM under address sanitizer since we are using co-routines # without instrumentation for sanitizer. asan/clang/Fedora: stage: testing image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD script: - chmod -R o-w tests/data/raddb - git submodule update --init - autoreconf -fvi - CC=clang CFLAGS="-fsanitize=address -fno-optimize-sibling-calls -fno-omit-frame-pointer -g -O1" ./configure --without-pam --without-asan-broken-tests - make -j$JOBS - make check -j$JOBS tags: - saas-linux-medium-amd64 except: - tags - schedules artifacts: expire_in: 1 week when: on_failure paths: - ./*.log - tests/*.log ubsan/Fedora: stage: testing image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD script: - chmod -R o-w tests/data/raddb - git submodule update --init - autoreconf -fvi - export UBCFLAGS="-Wall -Wextra -fsanitize=undefined -fsanitize=bool -fsanitize=alignment -fsanitize=null -fsanitize=bounds-strict -fsanitize=enum -fno-sanitize-recover -g -O2 -Werror" - CFLAGS="$UBCFLAGS" ./configure - make -j$JOBS - make check -j$JOBS CFLAGS="$UBCFLAGS -Wno-unused-function -Wno-unused-parameter" tags: - saas-linux-medium-amd64 except: - tags - schedules artifacts: expire_in: 1 week when: on_failure paths: - ./*.log - tests/*.log static-analyzer/Fedora: stage: preliminaries image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD script: - autoreconf -fvi -Werror - scan-build ./configure --enable-oidc-auth --enable-latency-stats --without-protobuf - scan-build --status-bugs -o scan-build-src make -j$JOBS tags: - saas-linux-medium-amd64 except: - tags - schedules artifacts: expire_in: 1 week when: on_failure paths: - scan-build-src/* codingstyle/Fedora: stage: preliminaries image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD script: - find src/ tests/ -name '*.[ch]'| grep -Ev '^(src/http-heads.h|src/pcl|src/protobuf|src/ccan|src/gnulib|src/inih|src/llhttp)'| xargs -I{} clang-format -style=file --dry-run {} -Werror tags: - saas-linux-small-amd64 except: - tags - schedules .FreeBSD: stage: testing script: - git submodule update --init - sh autogen.sh - mkdir build - cd build - LIBS="-L/usr/local/lib" ../configure --disable-nls --without-root-tests - gmake -j$JOBS - gmake check -j$JOBS tags: - freebsd only: - branches@openconnect/ocserv except: - tags - schedules artifacts: expire_in: 1 week when: on_failure paths: - build/*.log - build/tests/*.log pages: stage: deploy image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD script: - mkdir -p public/coverage - make V=1 CODE_COVERAGE_OUTPUT_DIRECTORY=public/coverage CODE_COVERAGE_BRANCH_COVERAGE=1 code-coverage-capture - make CODE_COVERAGE_OUTPUT_DIRECTORY=public/coverage local-code-coverage-output tags: - saas-linux-small-amd64 dependencies: - Fedora only: - master@openconnect/ocserv artifacts: paths: - public triage: stage: preliminaries image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD script: - gem install gitlab-triage - gitlab-triage --source-id $CI_PROJECT_ID --token "$API_TOKEN" tags: - saas-linux-small-amd64 only: - schedules codespell/Fedora: stage: preliminaries image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD script: - git submodule update --init - autoreconf -fvi - ./configure - make codespell tags: - saas-linux-small-amd64