Merge branch 'nielsdg/use-fdo-ci-template' into 'main'

ci: Use fdo-ci-templates for building Dockers

See merge request GNOME/libsecret!155

.gitlab-ci.yml

@@ -1,20 +1,90 @@
 include:
+  - remote: 'https://gitlab.gnome.org/Infrastructure/freedesktop-ci-templates/-/raw/145b1bc7ef1702d2bd71584010d7113c6786a506/templates/fedora.yml'
   - component: gitlab.gnome.org/GNOME/citemplates/release-service@master
     inputs:
       dist-job-name: "build-release-tarball"
       tarball-artifact-path: "${TARBALL_ARTIFACT_PATH}"
 
-image: registry.gitlab.gnome.org/gnome/libsecret/master:v6
-
 stages:
+  - prepare
   - build
   - deploy
 
 variables:
+  FDO_UPSTREAM_REPO: gnome/libsecret
   TARBALL_ARTIFACT_PATH: "_build/meson-dist/${CI_PROJECT_NAME}-${CI_COMMIT_TAG}.tar.xz"
   CPPCHECK_OPTIONS: "--enable=warning --enable=style --enable=performance --enable=portability --std=c99 --template='{id}:{file}:{line},{severity},{message}'"
 
+.fedora.container.common:
+  variables:
+    # When branching a stable release, change 'main' to the
+    # release branch name to ensure that a new image will
+    # be created, tailored for the stable branch.
+    BRANCH_NAME: 'main'
+    CONTAINER_TAG: '2025-01-15.0'
+    FEDORA_VERSION: latest
+    # Derive FDO variables from this automatically.
+    # DO NOT edit, instead change the variables above
+    FDO_REPO_SUFFIX: '${BRANCH_NAME}'
+    FDO_DISTRIBUTION_TAG: '${CONTAINER_TAG}-fedora-${FEDORA_VERSION}'
+    FDO_DISTRIBUTION_VERSION: '${FEDORA_VERSION}'
+
+#############################################
+#          Create CI Docker Images          #
+#############################################
+
+# See also https://gitlab.gnome.org/Infrastructure/freedesktop-ci-templates
+build.container.fedora@x86_64:
+  extends:
+  - '.fdo.container-build@fedora'
+  - '.fedora.container.common'
+  stage: prepare
+  variables:
+    # no need to pull the whole tree for rebuilding the image
+    GIT_STRATEGY: none
+    # Expiry sets fdo.expires on the image
+    FDO_EXPIRES_AFTER: 8w
+    FDO_DISTRIBUTION_PACKAGES: >-
+      clang-analyzer
+      cppcheck
+      dbus-x11
+      diffutils
+      docbook-style-xsl
+      gettext
+      gi-docgen
+      git
+      gjs
+      glib2-devel
+      gnutls-devel
+      gobject-introspection-devel
+      lcov
+      libasan
+      libgcrypt-devel
+      libpamtest-devel
+      libubsan
+      libxslt
+      meson
+      pam-devel
+      pam_wrapper
+      python3-dbus
+      python3-gobject
+      redhat-rpm-config
+      swtpm
+      swtpm-tools
+      tpm2-abrmd
+      tpm2-tss-devel
+      vala
+      valgrind-devel
+
+
+#############################################
+#               STAGE: BUILD                #
+#############################################
+
 .build:
+  extends:
+    - '.fdo.suffixed-image@fedora'
+    - '.fedora.container.common'
   parallel:
     matrix:
       - CRYPTO: libgcrypt
@@ -127,18 +197,10 @@ fedora:coverage:
   # https://github.com/linux-test-project/lcov/issues/58
   allow_failure: true
 
-build-release-tarball:
-  stage: deploy
-  script:
-    - meson setup _build
-    - meson dist -C _build
-  artifacts:
-    paths:
-      - $TARBALL_ARTIFACT_PATH
-  rules:
-    - if: $CI_COMMIT_REF_PROTECTED
-
 reference:
+  extends:
+    - '.fdo.suffixed-image@fedora'
+    - '.fedora.container.common'
   stage: build
   variables:
     MESON_ARGS: >-
@@ -153,6 +215,23 @@ reference:
     paths:
       - _reference
 
+
+#############################################
+#              STAGE: DEPLOY                #
+#############################################
+
+build-release-tarball:
+  extends:
+    - '.fdo.suffixed-image@fedora'
+    - '.fedora.container.common'
+  stage: deploy
+  script:
+    - meson setup _build
+    - meson dist -C _build
+  artifacts:
+    paths:
+      - $TARBALL_ARTIFACT_PATH
+
 pages:
   stage: deploy
   script:

.gitlab-ci/README.md

@@ -1,25 +0,0 @@
-# CI support stuff
-
-## Docker image
-
-GitLab CI jobs run in a Docker image, defined here. To update that image
-(perhaps to install some more packages):
-
-1. Edit `.gitlab-ci/$BRANCH.Dockerfile` with the changes you want
-1. Run `.gitlab-ci/run-docker.sh build --branch=$BRANCH --version=1` to build
-   the new image (bump the version from the latest listed for the main branch)
-   https://gitlab.gnome.org/GNOME/libsecret/container_registry). If `--branch`
-   is not specified, it will use the default branch
-1. Run `.gitlab-ci/run-docker.sh push --branch=$BRANCH --version=1` to upload
-   the new image to the GNOME GitLab Docker registry
-    * If this is the first time you're doing this, you'll need to log into the
-      registry
-    * If you use 2-factor authentication on your GNOME GitLab account, you'll
-      need to [create a personal access token][pat] and use that rather than
-      your normal password — the token should have `read_registry` and
-      `write_registry` permissions
-1. Edit `.gitlab-ci.yml` (in the root of this repository) to use your new
-   image
-
-[pat]: https://gitlab.gnome.org/-/profile/personal_access_tokens
-[cs]: https://scan.coverity.com/

.gitlab-ci/master.Dockerfile

@@ -1,42 +0,0 @@
-FROM fedora:39
-
-RUN dnf update -y \
-    && dnf install -y \
-           clang-analyzer \
-           cppcheck \
-           dbus-x11 \
-           docbook-style-xsl \
-           gettext \
-           gi-docgen \
-           git \
-           glib2-devel \
-           gnutls-devel \
-           gobject-introspection-devel \
-           lcov \
-           libasan \
-           libubsan \
-           libgcrypt-devel \
-           libxslt \
-           meson \
-           python3-dbus \
-           python3-gobject \
-           redhat-rpm-config \
-           swtpm \
-           swtpm-tools \
-           tpm2-abrmd \
-           tpm2-tss-devel \
-           vala \
-           valgrind-devel \
-           pam-devel \
-           libpamtest-devel \
-           pam_wrapper \
-    && dnf clean all
-
-ARG HOST_USER_ID=5555
-ENV HOST_USER_ID ${HOST_USER_ID}
-RUN useradd -u $HOST_USER_ID -ms /bin/bash -p password user
-
-USER user
-WORKDIR /home/user
-
-ENV LANG C.UTF-8

.gitlab-ci/run-docker.sh

@@ -1,135 +0,0 @@
-#!/bin/bash
-
-read_arg() {
-    # $1 = arg name
-    # $2 = arg value
-    # $3 = arg parameter
-    local rematch='^[^=]*=(.*)$'
-    if [[ $2 =~ $rematch ]]; then
-        read -r "$1" <<< "${BASH_REMATCH[1]}"
-    else
-        read -r "$1" <<< "$3"
-        # There is no way to shift our callers args, so
-        # return 1 to indicate they should do it instead.
-        return 1
-    fi
-}
-
-if type -p podman &>/dev/null; then
-    # Using podman
-    DOCKER_CMD="podman"
-    # Docker is actually implemented by podman, and its OCI output
-    # is incompatible with some of the dockerd instances on GitLab
-    # CI runners.
-    export BUILDAH_FORMAT=docker
-elif getent group docker | grep -q "\b${USER}\b"; then
-    DOCKER_CMD="docker"
-else
-    DOCKER_CMD="sudo docker"
-fi
-
-set -e
-
-branch=""
-version=""
-build=0
-run=0
-push=0
-list=0
-print_help=0
-no_login=0
-
-while (($# > 0)); do
-    case "${1%%=*}" in
-        build) build=1;;
-        run) run=1;;
-        push) push=1;;
-        list) list=1;;
-        help) print_help=1;;
-        --branch|-b) read_arg branch "$@" || shift;;
-        --version|-v) read_arg version "$@" || shift;;
-        --no-login) no_login=1;;
-        *) echo -e "\\e[1;31mERROR\\e[0m: Unknown option '$1'"; exit 1;;
-    esac
-    shift
-done
-
-if [ $print_help == 1 ]; then
-    echo "$0 - Build and run Docker images"
-    echo ""
-    echo "Usage: $0 <command> [options] [basename]"
-    echo ""
-    echo "Available commands"
-    echo ""
-    echo "  build     - Build Docker image"
-    echo "  run       - Run Docker image"
-    echo "  push      - Push Docker image to the registry"
-    echo "  list      - List available images"
-    echo "  help      - This help message"
-    echo ""
-    exit 0
-fi
-
-cd "$(dirname "$0")"
-
-if [ $list == 1 ]; then
-    echo "Available Docker images:"
-    for f in *.Dockerfile; do
-        filename=$( basename -- "$f" )
-        basename="${filename%.*}"
-
-        echo -e "  \\e[1;39m$basename\\e[0m"
-    done
-    exit 0
-fi
-
-# We really need to know the branch name after this point
-if [[ -z "${branch}" ]]; then
-    branch=master
-fi
-
-DOCKERFILE="${branch}.Dockerfile"
-if [ ! -f "$DOCKERFILE" ]; then
-    echo -e "\\e[1;31mERROR\\e[0m: '$DOCKERFILE' not found"
-    exit 1
-fi
-
-if [ -z "${version}" ]; then
-    version="latest"
-else
-    version="v$version"
-fi
-
-TAG="registry.gitlab.gnome.org/gnome/libsecret/${branch}:${version}"
-
-if [ $build == 1 ]; then
-    echo -e "\\e[1;32mBUILDING\\e[0m: ${TAG} for branch '${branch}'"
-    $DOCKER_CMD build \
-        --build-arg HOST_USER_ID="$UID" \
-        --tag "${TAG}" \
-        --file "$DOCKERFILE" .
-    exit $?
-fi
-
-if [ $push == 1 ]; then
-    echo -e "\\e[1;32mPUSHING\\e[0m: ${TAG} for branch '${branch}'"
-
-    if [ $no_login == 0 ]; then
-        $DOCKER_CMD login registry.gitlab.gnome.org
-    fi
-
-    $DOCKER_CMD push "${TAG}"
-    exit $?
-fi
-
-if [ $run == 1 ]; then
-    echo -e "\\e[1;32mRUNNING\\e[0m: ${TAG} for branch '${branch}'"
-    $DOCKER_CMD run \
-        --rm \
-        --volume "$(pwd)/..:/home/user/app" \
-        --workdir "/home/user/app" \
-        --tty \
-        --interactive "${TAG}" \
-        bash
-    exit $?
-fi

libsecret/meson.build

@@ -314,11 +314,11 @@ if get_option('introspection')
     valatests = [
       {
         'name': 'test-vala-lang',
-        'cflags': [],
+        'cflags': [ '-Wno-unused-but-set-variable' ],
       },
       {
         'name': 'test-vala-unstable',
-        'cflags': [ '-DSECRET_WITH_UNSTABLE' ],
+        'cflags': [ '-DSECRET_WITH_UNSTABLE', '-DSECRET_API_SUBJECT_TO_CHANGE' ],
       },
     ]