Merge branch 'nielsdg/use-fdo-ci-template' into 'main'

ci: Use fdo-ci-templates for building Dockers See merge request GNOME/libsecret!155
2025-01-31 08:28:34 +00:00 · 2025-01-15 01:58:21 +00:00 · 2025-01-15 01:58:21 +00:00 · 13636affee
commit 13636affee
parent 666f0f82fe 693fa19f72
5 changed files with 94 additions and 217 deletions
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@ -1,20 +1,90 @@
 include:
  - remote: 'https://gitlab.gnome.org/Infrastructure/freedesktop-ci-templates/-/raw/145b1bc7ef1702d2bd71584010d7113c6786a506/templates/fedora.yml'
  - component: gitlab.gnome.org/GNOME/citemplates/release-service@master
    inputs:
      dist-job-name: "build-release-tarball"
      tarball-artifact-path: "${TARBALL_ARTIFACT_PATH}"
 image: registry.gitlab.gnome.org/gnome/libsecret/master:v6
 stages:
  - prepare
  - build
  - deploy
 variables:
  FDO_UPSTREAM_REPO: gnome/libsecret
  TARBALL_ARTIFACT_PATH: "_build/meson-dist/${CI_PROJECT_NAME}-${CI_COMMIT_TAG}.tar.xz"
  CPPCHECK_OPTIONS: "--enable=warning --enable=style --enable=performance --enable=portability --std=c99 --template='{id}:{file}:{line},{severity},{message}'"
 .fedora.container.common:
  variables:
    # When branching a stable release, change 'main' to the
    # release branch name to ensure that a new image will
    # be created, tailored for the stable branch.
    BRANCH_NAME: 'main'
    CONTAINER_TAG: '2025-01-15.0'
    FEDORA_VERSION: latest
    # Derive FDO variables from this automatically.
    # DO NOT edit, instead change the variables above
    FDO_REPO_SUFFIX: '${BRANCH_NAME}'
    FDO_DISTRIBUTION_TAG: '${CONTAINER_TAG}-fedora-${FEDORA_VERSION}'
    FDO_DISTRIBUTION_VERSION: '${FEDORA_VERSION}'
 #############################################
 #          Create CI Docker Images          #
 #############################################
 # See also https://gitlab.gnome.org/Infrastructure/freedesktop-ci-templates
 build.container.fedora@x86_64:
  extends:
  - '.fdo.container-build@fedora'
  - '.fedora.container.common'
  stage: prepare
  variables:
    # no need to pull the whole tree for rebuilding the image
    GIT_STRATEGY: none
    # Expiry sets fdo.expires on the image
    FDO_EXPIRES_AFTER: 8w
    FDO_DISTRIBUTION_PACKAGES: >-
      clang-analyzer
      cppcheck
      dbus-x11
      diffutils
      docbook-style-xsl
      gettext
      gi-docgen
      git
      gjs
      glib2-devel
      gnutls-devel
      gobject-introspection-devel
      lcov
      libasan
      libgcrypt-devel
      libpamtest-devel
      libubsan
      libxslt
      meson
      pam-devel
      pam_wrapper
      python3-dbus
      python3-gobject
      redhat-rpm-config
      swtpm
      swtpm-tools
      tpm2-abrmd
      tpm2-tss-devel
      vala
      valgrind-devel
 #############################################
 #               STAGE: BUILD                #
 #############################################
 .build:
  extends:
    - '.fdo.suffixed-image@fedora'
    - '.fedora.container.common'
  parallel:
    matrix:
      - CRYPTO: libgcrypt
@ -127,18 +197,10 @@ fedora:coverage:
  # https://github.com/linux-test-project/lcov/issues/58
  allow_failure: true
 build-release-tarball:
  stage: deploy
  script:
    - meson setup _build
    - meson dist -C _build
  artifacts:
    paths:
      - $TARBALL_ARTIFACT_PATH
  rules:
    - if: $CI_COMMIT_REF_PROTECTED
 reference:
  extends:
    - '.fdo.suffixed-image@fedora'
    - '.fedora.container.common'
  stage: build
  variables:
    MESON_ARGS: >-
@ -153,6 +215,23 @@ reference:
    paths:
      - _reference
 #############################################
 #              STAGE: DEPLOY                #
 #############################################
 build-release-tarball:
  extends:
    - '.fdo.suffixed-image@fedora'
    - '.fedora.container.common'
  stage: deploy
  script:
    - meson setup _build
    - meson dist -C _build
  artifacts:
    paths:
      - $TARBALL_ARTIFACT_PATH
 pages:
  stage: deploy
  script:
--- a/.gitlab-ci/README.md
+++ b/.gitlab-ci/README.md
@ -1,25 +0,0 @@
 # CI support stuff
 ## Docker image
 GitLab CI jobs run in a Docker image, defined here. To update that image
 (perhaps to install some more packages):
 1. Edit `.gitlab-ci/$BRANCH.Dockerfile` with the changes you want
 1. Run `.gitlab-ci/run-docker.sh build --branch=$BRANCH --version=1` to build
   the new image (bump the version from the latest listed for the main branch)
   https://gitlab.gnome.org/GNOME/libsecret/container_registry). If `--branch`
   is not specified, it will use the default branch
 1. Run `.gitlab-ci/run-docker.sh push --branch=$BRANCH --version=1` to upload
   the new image to the GNOME GitLab Docker registry
    * If this is the first time you're doing this, you'll need to log into the
      registry
    * If you use 2-factor authentication on your GNOME GitLab account, you'll
      need to [create a personal access token][pat] and use that rather than
      your normal password — the token should have `read_registry` and
      `write_registry` permissions
 1. Edit `.gitlab-ci.yml` (in the root of this repository) to use your new
   image
 [pat]: https://gitlab.gnome.org/-/profile/personal_access_tokens
 [cs]: https://scan.coverity.com/
--- a/.gitlab-ci/master.Dockerfile
+++ b/.gitlab-ci/master.Dockerfile
@ -1,42 +0,0 @@
 FROM fedora:39
 RUN dnf update -y \
    && dnf install -y \
           clang-analyzer \
           cppcheck \
           dbus-x11 \
           docbook-style-xsl \
           gettext \
           gi-docgen \
           git \
           glib2-devel \
           gnutls-devel \
           gobject-introspection-devel \
           lcov \
           libasan \
           libubsan \
           libgcrypt-devel \
           libxslt \
           meson \
           python3-dbus \
           python3-gobject \
           redhat-rpm-config \
           swtpm \
           swtpm-tools \
           tpm2-abrmd \
           tpm2-tss-devel \
           vala \
           valgrind-devel \
           pam-devel \
           libpamtest-devel \
           pam_wrapper \
    && dnf clean all
 ARG HOST_USER_ID=5555
 ENV HOST_USER_ID ${HOST_USER_ID}
 RUN useradd -u $HOST_USER_ID -ms /bin/bash -p password user
 USER user
 WORKDIR /home/user
 ENV LANG C.UTF-8
--- a/.gitlab-ci/run-docker.sh
+++ b/.gitlab-ci/run-docker.sh
@ -1,135 +0,0 @@
 #!/bin/bash
 read_arg() {
    # $1 = arg name
    # $2 = arg value
    # $3 = arg parameter
    local rematch='^[^=]*=(.*)$'
    if [[ $2 =~ $rematch ]]; then
        read -r "$1" <<< "${BASH_REMATCH[1]}"
    else
        read -r "$1" <<< "$3"
        # There is no way to shift our callers args, so
        # return 1 to indicate they should do it instead.
        return 1
    fi
 }
 if type -p podman &>/dev/null; then
    # Using podman
    DOCKER_CMD="podman"
    # Docker is actually implemented by podman, and its OCI output
    # is incompatible with some of the dockerd instances on GitLab
    # CI runners.
    export BUILDAH_FORMAT=docker
 elif getent group docker | grep -q "\b${USER}\b"; then
    DOCKER_CMD="docker"
 else
    DOCKER_CMD="sudo docker"
 fi
 set -e
 branch=""
 version=""
 build=0
 run=0
 push=0
 list=0
 print_help=0
 no_login=0
 while (($# > 0)); do
    case "${1%%=*}" in
        build) build=1;;
        run) run=1;;
        push) push=1;;
        list) list=1;;
        help) print_help=1;;
        --branch|-b) read_arg branch "$@" || shift;;
        --version|-v) read_arg version "$@" || shift;;
        --no-login) no_login=1;;
        *) echo -e "\\e[1;31mERROR\\e[0m: Unknown option '$1'"; exit 1;;
    esac
    shift
 done
 if [ $print_help == 1 ]; then
    echo "$0 - Build and run Docker images"
    echo ""
    echo "Usage: $0 <command> [options] [basename]"
    echo ""
    echo "Available commands"
    echo ""
    echo "  build     - Build Docker image"
    echo "  run       - Run Docker image"
    echo "  push      - Push Docker image to the registry"
    echo "  list      - List available images"
    echo "  help      - This help message"
    echo ""
    exit 0
 fi
 cd "$(dirname "$0")"
 if [ $list == 1 ]; then
    echo "Available Docker images:"
    for f in *.Dockerfile; do
        filename=$( basename -- "$f" )
        basename="${filename%.*}"
        echo -e "  \\e[1;39m$basename\\e[0m"
    done
    exit 0
 fi
 # We really need to know the branch name after this point
 if [[ -z "${branch}" ]]; then
    branch=master
 fi
 DOCKERFILE="${branch}.Dockerfile"
 if [ ! -f "$DOCKERFILE" ]; then
    echo -e "\\e[1;31mERROR\\e[0m: '$DOCKERFILE' not found"
    exit 1
 fi
 if [ -z "${version}" ]; then
    version="latest"
 else
    version="v$version"
 fi
 TAG="registry.gitlab.gnome.org/gnome/libsecret/${branch}:${version}"
 if [ $build == 1 ]; then
    echo -e "\\e[1;32mBUILDING\\e[0m: ${TAG} for branch '${branch}'"
    $DOCKER_CMD build \
        --build-arg HOST_USER_ID="$UID" \
        --tag "${TAG}" \
        --file "$DOCKERFILE" .
    exit $?
 fi
 if [ $push == 1 ]; then
    echo -e "\\e[1;32mPUSHING\\e[0m: ${TAG} for branch '${branch}'"
    if [ $no_login == 0 ]; then
        $DOCKER_CMD login registry.gitlab.gnome.org
    fi
    $DOCKER_CMD push "${TAG}"
    exit $?
 fi
 if [ $run == 1 ]; then
    echo -e "\\e[1;32mRUNNING\\e[0m: ${TAG} for branch '${branch}'"
    $DOCKER_CMD run \
        --rm \
        --volume "$(pwd)/..:/home/user/app" \
        --workdir "/home/user/app" \
        --tty \
        --interactive "${TAG}" \
        bash
    exit $?
 fi
--- a/libsecret/meson.build
+++ b/libsecret/meson.build
@ -314,11 +314,11 @@ if get_option('introspection')
    valatests = [
      {
        'name': 'test-vala-lang',
-        'cflags': [],
+        'cflags': [ '-Wno-unused-but-set-variable' ],
      },
      {
        'name': 'test-vala-unstable',
-        'cflags': [ '-DSECRET_WITH_UNSTABLE' ],
+        'cflags': [ '-DSECRET_WITH_UNSTABLE', '-DSECRET_API_SUBJECT_TO_CHANGE' ],
      },
    ]