GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 00:37:00 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
bf8616cbca32dd5f55b3d100f5266b7ba8043c7c
ocserv/.gitlab-ci.yml
Alan Jowett b43e782b12 Add support for RFC6750 bearer tokens to ocserv 
This permits the validation of OpenID Connect auth tokens OpenID
Connect is an OAuth 2.0 protocol used to identify a resource owner
(VPN client end-user) to a resource server (VPN server) intermediated
by an Authorization server.

Resolves: #240

Signed-off-by: Alan TG Jowett <alan.jowett@microsoft.com>
2020-03-09 21:48:04 +01:00

404 lines
9.9 KiB
YAML
Raw Blame History

stages:
- testing
- deploy
variables:
BUILD_IMAGES_PROJECT: openconnect/build-images
DEBIAN_BUILD: buildenv-debian
FEDORA_BUILD: buildenv-fedora
UBUNTU16_BUILD: buildenv-ubuntu
UBUNTU18_BUILD: buildenv-ubuntu18
CENTOS8_BUILD: buildenv-centos8
CENTOS7_BUILD: buildenv-centos7
CENTOS6_BUILD: buildenv-centos6
JOBS: 2
Debian:
stage: testing
image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$DEBIAN_BUILD
script:
- chmod -R o-w tests/data/raddb
- git submodule update --init && autoreconf -fvi &&
./configure --without-nuttcp-tests --without-docker-tests --enable-oidc-auth && make -j$JOBS && make check -j$JOBS
tags:
- shared
- linux
except:
- tags
- schedules
artifacts:
expire_in: 1 week
when: on_failure
paths:
- ./*.log
- ./tests/*.log
Ubuntu16.04:
stage: testing
image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$UBUNTU16_BUILD
script:
- git submodule update --init
- autoreconf -fvi
- ./configure --without-nuttcp-tests --without-docker-tests
- make -j$JOBS
- make check -j$JOBS
tags:
- shared
- linux
except:
- tags
- schedules
artifacts:
expire_in: 1 week
when: on_failure
paths:
- ./*.log
- ./tests/*.log
Ubuntu18.04:
stage: testing
image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$UBUNTU18_BUILD
script:
- git submodule update --init
- autoreconf -fvi
- ./configure --without-nuttcp-tests --without-docker-tests --enable-oidc-auth
- make -j$JOBS
- make check -j$JOBS
tags:
- shared
- linux
except:
- tags
- schedules
artifacts:
expire_in: 1 week
when: on_failure
paths:
- ./*.log
- ./tests/*.log
Centos8:
stage: testing
image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$CENTOS8_BUILD
script:
- git submodule update --init
- autoreconf -fvi
- ./configure --without-http-parser
- chmod og-w tests/data/raddb
- chmod og-w tests/data/raddb/*
- make -j$JOBS
- make check VERBOSE=1 -j$JOBS
tags:
- shared
- linux
except:
- tags
- schedules
artifacts:
expire_in: 1 week
when: on_failure
paths:
- ./*.log
- ./tests/*.log
Centos7:
stage: testing
image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$CENTOS7_BUILD
script:
- git submodule update --init
- autoreconf -fvi
- ./configure --without-docker-tests
- make -j$JOBS
- make check -j$JOBS
tags:
- shared
- linux
except:
- tags
- schedules
artifacts:
expire_in: 1 week
when: on_failure
paths:
- ./*.log
- ./tests/*.log
RPM/epel7:
stage: deploy
image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$CENTOS7_BUILD
script:
- git submodule update --init
- autoreconf -fvi
- ./configure
- touch ChangeLog
- make dist
- CURDIR=$(pwd)
- TARFILE=$(find ./ -name '*.tar.xz')
- RPMVERSION=$(cat /usr/local/rpms/ocserv/*.spec|grep ^Version|awk '{print $2}')
- NEWVERSION=$(echo $TARFILE|sed -e 's/ocserv-//' -e 's/\.tar\.xz//' -e 's|./||')
- echo "tarfile $TARFILE" && echo "rpm $RPMVERSION" && echo "new $NEWVERSION"
- cp $TARFILE /usr/local/rpms/ocserv
- cd /usr/local/rpms/ocserv
- sed -i -e "s/$RPMVERSION/$NEWVERSION/" -e 's/have_gpgv2 1/have_gpgv2 0/g' *.spec
- cat sources|grep -v "ocserv-$RPMVERSION" >sources.tmp
- sha512sum --tag ocserv-$NEWVERSION.tar.xz >>sources.tmp
- mv sources.tmp sources
- touch ocserv-$NEWVERSION.tar.xz.sig
- fedpkg --release el7 local
- cd $CURDIR
- find /usr/local/rpms/ocserv -name '*.rpm' -exec cp '{}' ./ ';'
tags:
- shared
- linux
except:
- tags
- schedules
artifacts:
expire_in: 1 week
when: on_success
paths:
- ./*.rpm
RPM/epel8:
stage: deploy
image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$CENTOS8_BUILD
script:
- git submodule update --init
- autoreconf -fvi
- ./configure
- touch ChangeLog
- make dist
- CURDIR=$(pwd)
- TARFILE=$(find ./ -name '*.tar.xz')
- RPMVERSION=$(cat /usr/local/rpms/ocserv/*.spec|grep ^Version|awk '{print $2}')
- NEWVERSION=$(echo $TARFILE|sed -e 's/ocserv-//' -e 's/\.tar\.xz//' -e 's|./||')
- echo "tarfile $TARFILE" && echo "rpm $RPMVERSION" && echo "new $NEWVERSION"
- cp $TARFILE /usr/local/rpms/ocserv
- cd /usr/local/rpms/ocserv
- sed -i -e "s/$RPMVERSION/$NEWVERSION/" -e 's/have_gpgv2 1/have_gpgv2 0/g' *.spec
- cat sources|grep -v "ocserv-$RPMVERSION" >sources.tmp
- sha512sum --tag ocserv-$NEWVERSION.tar.xz >>sources.tmp
- mv sources.tmp sources
- touch ocserv-$NEWVERSION.tar.xz.sig
- fedpkg --release el8 local
- cd $CURDIR
- find /usr/local/rpms/ocserv -name '*.rpm' -exec cp '{}' ./ ';'
tags:
- shared
- linux
except:
- tags
- schedules
artifacts:
expire_in: 1 week
when: on_success
paths:
- ./*.rpm
Coverity:
stage: testing
image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD
only:
- schedules
- coverity
script:
- wget https://scan.coverity.com/download/linux64 --post-data "token=$COVERITY_SCAN_TOKEN&project=$COVERITY_SCAN_PROJECT_NAME" -O /tmp/coverity_tool.tgz
- tar xfz /tmp/coverity_tool.tgz
- git submodule update --init
- autoreconf -fvi
- CFLAGS="-g -O0" ./configure --disable-maintainer-mode --without-docker-tests --with-werror
- cov-analysis-linux64-*/bin/cov-build --dir cov-int make -j$JOBS
- tar cfz cov-int.tar.gz cov-int
- curl https://scan.coverity.com/builds?project=$COVERITY_SCAN_PROJECT_NAME
--form token=$COVERITY_SCAN_TOKEN --form email=n.mavrogiannopoulos@gmail.com
--form file=@cov-int.tar.gz --form version="`git describe --tags`"
--form description="CI build"
tags:
- shared
- linux
artifacts:
expire_in: 1 week
when: on_failure
paths:
- cov-int/*.txt
Fedora:
stage: testing
image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD
script:
# ensure gcov scripts are writable
- umask 000
- chmod -R o-w tests/data/raddb
- git submodule update --init
- autoreconf -fvi
- CFLAGS="-g -O0" ./configure --disable-maintainer-mode --without-docker-tests --with-werror --enable-code-coverage --enable-kerberos-tests --enable-oidc-auth
- make -j$JOBS
- make check -j$JOBS COVERAGE=1
- make files-update
- make dist
- make local-code-coverage-output
tags:
- shared
- linux
except:
- tags
artifacts:
expire_in: 1 day
untracked: true
when: always
Centos6:
stage: testing
image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$CENTOS6_BUILD
script:
- sed -i 's/AM_PROG_AR//g' configure.ac
- git submodule update --init
- autoreconf -fvi
- CFLAGS="$CFLAGS -I/usr/include/libev -I/usr/include/gnutls30" LIBGNUTLS_LIBS="-L/usr/lib64/gnutls30/ -lgnutls" PKG_CONFIG_LIBDIR="/usr/lib64/gnutls30/pkgconfig:/usr/lib64/pkgconfig" ./configure --disable-systemd --enable-local-libopts --without-docker-tests
- make -j$JOBS
- make check -j$JOBS
tags:
- shared
- linux
except:
- tags
- schedules
artifacts:
expire_in: 1 week
when: on_failure
paths:
- ./*.log
- ./tests/*.log
minimal:
stage: testing
image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$CENTOS7_BUILD
script:
- git submodule update --init
- autoreconf -fvi
- ./configure --without-docker-tests --without-libnl --without-liboath --without-pam --without-radius --without-utmp --without-libwrap --without-http-parser --without-lz4 --without-gssapi --without-pcl-lib --without-protobuf
- make -j$JOBS
- make check -j$JOBS XFAIL_TESTS="lz4-compression"
tags:
- shared
- linux
except:
- tags
- schedules
artifacts:
expire_in: 1 week
when: on_failure
paths:
- ./*.log
- tests/*.log
# We do not compile with PAM under address sanitizer since we are using co-routines
# without instrumentation for sanitizer.
.asan/Fedora:
stage: testing
image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD
script:
- chmod o-w tests/data/raddb
- git submodule update --init
- autoreconf -fvi
- CFLAGS="-fsanitize=address -g -O2" LDFLAGS="-static-libasan" ./configure --without-pam --without-docker-tests
- make -j$JOBS
- make check -j$JOBS VERBOSE=1
tags:
- shared
- linux
except:
- tags
- schedules
artifacts:
expire_in: 1 week
when: on_failure
paths:
- ./*.log
- tests/*.log
ubsan/Fedora:
stage: testing
image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD
script:
- chmod -R o-w tests/data/raddb
- git submodule update --init
- autoreconf -fvi
- CFLAGS="-fsanitize=undefined -fsanitize=bool -fsanitize=alignment -fsanitize=null -fsanitize=bounds-strict -fsanitize=enum -fno-sanitize-recover -g -O2" ./configure --without-docker-tests
- make -j$JOBS
- make check -j$JOBS
tags:
- shared
- linux
except:
- tags
- schedules
artifacts:
expire_in: 1 week
when: on_failure
paths:
- ./*.log
- tests/*.log
static-analyzers/Fedora:
stage: testing
image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD
script:
- autoreconf -fvi
- scan-build ./configure
- scan-build --status-bugs -o scan-build-src make -j$JOBS
- cppcheck --force -q -Isrc/ -Isrc/occtl -Igl/ -I. --error-exitcode=1 src/ -i src/inih
tags:
- shared
- linux
except:
- tags
- schedules
artifacts:
expire_in: 1 week
when: on_failure
paths:
- scan-build-src/*
FreeBSD:
stage: testing
script:
- git submodule update --init
- sh autogen.sh
- mkdir build
- cd build
- LIBS="-L/usr/local/lib" ../configure --disable-nls --without-root-tests
- gmake -j$JOBS
- gmake check -j$JOBS
tags:
- freebsd
only:
- branches@openconnect/ocserv
except:
- tags
- schedules
artifacts:
expire_in: 1 week
when: on_failure
paths:
- build/*.log
- build/tests/*.log
pages:
stage: deploy
image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD
script:
- mkdir -p public/coverage
- make V=1 CODE_COVERAGE_OUTPUT_DIRECTORY=public/coverage CODE_COVERAGE_BRANCH_COVERAGE=1 code-coverage-capture
- make CODE_COVERAGE_OUTPUT_DIRECTORY=public/coverage local-code-coverage-output
tags:
- shared
- linux
dependencies:
- Fedora
only:
- master@openconnect/ocserv
artifacts:
paths:
- public
Reference in New Issue View Git Blame Copy Permalink