include: - remote: 'https://gitlab.gnome.org/Infrastructure/freedesktop-ci-templates/-/raw/145b1bc7ef1702d2bd71584010d7113c6786a506/templates/fedora.yml' - component: gitlab.gnome.org/GNOME/citemplates/release-service@master inputs: dist-job-name: "build-release-tarball" tarball-artifact-path: "${TARBALL_ARTIFACT_PATH}" stages: - prepare - build - deploy variables: FDO_UPSTREAM_REPO: gnome/libsecret TARBALL_ARTIFACT_PATH: "_build/meson-dist/${CI_PROJECT_NAME}-${CI_COMMIT_TAG}.tar.xz" CPPCHECK_OPTIONS: "--enable=warning --enable=style --enable=performance --enable=portability --std=c99 --template='{id}:{file}:{line},{severity},{message}'" .fedora.container.common: variables: # When branching a stable release, change 'main' to the # release branch name to ensure that a new image will # be created, tailored for the stable branch. BRANCH_NAME: 'main' CONTAINER_TAG: '2025-01-15.0' FEDORA_VERSION: latest # Derive FDO variables from this automatically. # DO NOT edit, instead change the variables above FDO_REPO_SUFFIX: '${BRANCH_NAME}' FDO_DISTRIBUTION_TAG: '${CONTAINER_TAG}-fedora-${FEDORA_VERSION}' FDO_DISTRIBUTION_VERSION: '${FEDORA_VERSION}' ############################################# # Create CI Docker Images # ############################################# # See also https://gitlab.gnome.org/Infrastructure/freedesktop-ci-templates build.container.fedora@x86_64: extends: - '.fdo.container-build@fedora' - '.fedora.container.common' stage: prepare variables: # no need to pull the whole tree for rebuilding the image GIT_STRATEGY: none # Expiry sets fdo.expires on the image FDO_EXPIRES_AFTER: 8w FDO_DISTRIBUTION_PACKAGES: >- clang-analyzer cppcheck dbus-x11 diffutils docbook-style-xsl gettext gi-docgen git gjs glib2-devel gnutls-devel gobject-introspection-devel lcov libasan libgcrypt-devel libpamtest-devel libubsan libxslt meson pam-devel pam_wrapper python3-dbus python3-gobject redhat-rpm-config swtpm swtpm-tools tpm2-abrmd tpm2-tss-devel vala valgrind-devel ############################################# # STAGE: BUILD # ############################################# .build: extends: - '.fdo.suffixed-image@fedora' - '.fedora.container.common' parallel: matrix: - CRYPTO: libgcrypt - CRYPTO: gnutls GNUTLS_FORCE_FIPS_MODE: [0, 1] - CRYPTO: disabled fedora:Werror: stage: build extends: - .build script: - meson _build -Dwerror=true -Dc_args=-Wno-error=deprecated-declarations -Dgtk_doc=false -Dcrypto=$CRYPTO - meson compile -C _build - meson test -C _build --print-errorlogs artifacts: reports: junit: "_build/meson-logs/testlog.junit.xml" name: "libsecret-werror-${CI_JOB_NAME}-${CI_COMMIT_REF_NAME}" when: always paths: - "_build/config.h" - "_build/meson-logs" fedora:asan: stage: build extends: - .build script: - export LSAN_OPTIONS=suppressions=$PWD/build/lsan.supp - meson _build -Db_sanitize=address -Dgtk_doc=false -Dintrospection=false -Dcrypto=$CRYPTO - meson compile -C _build - meson test -C _build --print-errorlogs artifacts: reports: junit: "_build/meson-logs/testlog.junit.xml" name: "libsecret-asan-${CI_JOB_NAME}-${CI_COMMIT_REF_NAME}" when: always paths: - "_build/config.h" - "_build/meson-logs" fedora:ubsan: stage: build extends: - .build script: - meson _build -Db_sanitize=undefined -Dgtk_doc=false -Dcrypto=$CRYPTO - meson compile -C _build - meson test -C _build --print-errorlogs artifacts: reports: junit: "_build/meson-logs/testlog.junit.xml" name: "libsecret-ubsan-${CI_JOB_NAME}-${CI_COMMIT_REF_NAME}" when: always paths: - "_build/config.h" - "_build/meson-logs" fedora-static-analyzers/test: stage: build extends: - .build script: - meson _build -Dgtk_doc=false -Dcrypto=$CRYPTO - meson compile -C _build --ninja-args scan-build - cppcheck --force -q $CPPCHECK_OPTIONS libsecret/ egg/ tool/ artifacts: when: on_failure paths: - _build/meson-logs/testlog.txt fedora:PAM: stage: build extends: - .build script: - meson _build -Dwerror=true -Dc_args=-Wno-error=deprecated-declarations -Dgtk_doc=false -Dpam=true - meson compile -C _build - meson test -C _build --print-errorlogs artifacts: reports: junit: "_build/meson-logs/testlog.junit.xml" name: "libsecret-pam-${CI_JOB_NAME}-${CI_COMMIT_REF_NAME}" when: always paths: - "_build/config.h" - "_build/meson-logs" fedora:coverage: extends: - '.fdo.suffixed-image@fedora' - '.fedora.container.common' stage: build script: - meson _build -Db_coverage=true -Dtpm2=true -Dgtk_doc=false - meson compile -C _build - export XDG_CONFIG_HOME=$HOME/.config - /usr/share/swtpm/swtpm-create-user-config-files --root - mkdir -p ${XDG_CONFIG_HOME}/mytpm1 - swtpm_setup --tpm2 --tpmstate $XDG_CONFIG_HOME/mytpm1 --createek --allow-signing --decryption --create-ek-cert --create-platform-cert --lock-nvram --overwrite --display - swtpm socket --tpm2 --tpmstate dir=$XDG_CONFIG_HOME/mytpm1 --flags startup-clear --ctrl type=tcp,port=2322 --server type=tcp,port=2321 --daemon - 'tpm2-abrmd --logger=stdout --tcti=swtpm: --session --allow-root --flush-all &' - 'export TCTI=tabrmd:bus_type=session' - meson test -C _build --print-errorlogs - ninja coverage-html -C _build coverage: '/^\s+lines.+:\s+([\d.]+\%)\s+/' artifacts: name: "libsecret-${CI_JOB_NAME}-${CI_COMMIT_REF_NAME}" when: on_success paths: - _build/meson-logs/coveragereport/ # https://github.com/linux-test-project/lcov/issues/58 allow_failure: true reference: extends: - '.fdo.suffixed-image@fedora' - '.fedora.container.common' stage: build variables: MESON_ARGS: >- -Dgtk_doc=true -Dvapi=false -Dmanpage=false script: - meson ${MESON_ARGS} _build - ninja -C _build - mv _build/docs/reference/libsecret/libsecret-1 _reference artifacts: paths: - _reference ############################################# # STAGE: DEPLOY # ############################################# build-release-tarball: extends: - '.fdo.suffixed-image@fedora' - '.fedora.container.common' stage: deploy script: - meson setup _build - meson dist -C _build artifacts: paths: - $TARBALL_ARTIFACT_PATH pages: stage: deploy script: - mkdir public - mv _build/meson-logs/coveragereport public/coverage - mv _reference/* public/ artifacts: when: on_success paths: - public # https://github.com/linux-test-project/lcov/issues/58 allow_failure: true