include:
  - component: gitlab.gnome.org/GNOME/citemplates/release-service@master
    inputs:
      dist-job-name: "build-release-tarball"
      tarball-artifact-path: "${TARBALL_ARTIFACT_PATH}"

image: registry.gitlab.gnome.org/gnome/libsecret/master:v6

stages:
  - build
  - deploy

variables:
  TARBALL_ARTIFACT_PATH: "_build/meson-dist/${CI_PROJECT_NAME}-${CI_COMMIT_TAG}.tar.xz"
  CPPCHECK_OPTIONS: "--enable=warning --enable=style --enable=performance --enable=portability --std=c99 --template='{id}:{file}:{line},{severity},{message}'"

.build:
  parallel:
    matrix:
      - CRYPTO: libgcrypt
      - CRYPTO: gnutls
        GNUTLS_FORCE_FIPS_MODE: [0, 1]
      - CRYPTO: disabled

fedora:Werror:
  stage: build
  extends:
    - .build
  script:
    - meson _build -Dwerror=true -Dc_args=-Wno-error=deprecated-declarations -Dgtk_doc=false -Dcrypto=$CRYPTO
    - meson compile -C _build
    - meson test -C _build --print-errorlogs
  artifacts:
    reports:
      junit: "_build/meson-logs/testlog.junit.xml"
    name: "libsecret-werror-${CI_JOB_NAME}-${CI_COMMIT_REF_NAME}"
    when: always
    paths:
      - "_build/config.h"
      - "_build/meson-logs"

fedora:asan:
  stage: build
  extends:
    - .build
  script:
    - export LSAN_OPTIONS=suppressions=$PWD/build/lsan.supp
    - meson _build -Db_sanitize=address -Dgtk_doc=false -Dintrospection=false -Dcrypto=$CRYPTO
    - meson compile -C _build
    - meson test -C _build --print-errorlogs
  artifacts:
    reports:
      junit: "_build/meson-logs/testlog.junit.xml"
    name: "libsecret-asan-${CI_JOB_NAME}-${CI_COMMIT_REF_NAME}"
    when: always
    paths:
      - "_build/config.h"
      - "_build/meson-logs"

fedora:ubsan:
  stage: build
  extends:
    - .build
  script:
    - meson _build -Db_sanitize=undefined -Dgtk_doc=false -Dcrypto=$CRYPTO
    - meson compile -C _build
    - meson test -C _build --print-errorlogs
  artifacts:
    reports:
      junit: "_build/meson-logs/testlog.junit.xml"
    name: "libsecret-ubsan-${CI_JOB_NAME}-${CI_COMMIT_REF_NAME}"
    when: always
    paths:
      - "_build/config.h"
      - "_build/meson-logs"

fedora-static-analyzers/test:
  stage: build
  extends:
    - .build
  script:
    - meson _build -Dgtk_doc=false -Dcrypto=$CRYPTO
    - meson compile -C _build --ninja-args scan-build
    - cppcheck --force -q $CPPCHECK_OPTIONS libsecret/ egg/ tool/
  artifacts:
    when: on_failure
    paths:
      - _build/meson-logs/testlog.txt

fedora:PAM:
  stage: build
  extends:
    - .build
  script:
    - meson _build -Dwerror=true -Dc_args=-Wno-error=deprecated-declarations -Dgtk_doc=false -Dpam=true
    - meson compile -C _build
    - meson test -C _build --print-errorlogs
  artifacts:
    reports:
      junit: "_build/meson-logs/testlog.junit.xml"
    name: "libsecret-pam-${CI_JOB_NAME}-${CI_COMMIT_REF_NAME}"
    when: always
    paths:
      - "_build/config.h"
      - "_build/meson-logs"

fedora:coverage:
  stage: build
  script:
    - meson _build -Db_coverage=true -Dtpm2=true -Dgtk_doc=false
    - meson compile -C _build
    - export XDG_CONFIG_HOME=$HOME/.config
    - /usr/share/swtpm/swtpm-create-user-config-files --root
    - mkdir -p ${XDG_CONFIG_HOME}/mytpm1
    - swtpm_setup --tpm2 --tpmstate $XDG_CONFIG_HOME/mytpm1 --createek --allow-signing --decryption --create-ek-cert --create-platform-cert --lock-nvram --overwrite --display
    - swtpm socket --tpm2 --tpmstate dir=$XDG_CONFIG_HOME/mytpm1 --flags startup-clear --ctrl type=tcp,port=2322 --server type=tcp,port=2321 --daemon
    - 'tpm2-abrmd --logger=stdout --tcti=swtpm: --session --allow-root --flush-all &'
    - 'export TCTI=tabrmd:bus_type=session'
    - meson test -C _build --print-errorlogs
    - ninja coverage-html -C _build
  coverage: '/^\s+lines.+:\s+([\d.]+\%)\s+/'
  artifacts:
    name: "libsecret-${CI_JOB_NAME}-${CI_COMMIT_REF_NAME}"
    when: on_success
    paths:
      - _build/meson-logs/coveragereport/
  # https://github.com/linux-test-project/lcov/issues/58
  allow_failure: true

build-release-tarball:
  stage: deploy
  script:
    - meson setup _build
    - meson dist -C _build
  artifacts:
    paths:
      - $TARBALL_ARTIFACT_PATH
  rules:
    - if: $CI_COMMIT_REF_PROTECTED

reference:
  stage: build
  variables:
    MESON_ARGS: >-
      -Dgtk_doc=true
      -Dvapi=false
      -Dmanpage=false
  script:
    - meson ${MESON_ARGS} _build
    - ninja -C _build
    - mv _build/docs/reference/libsecret/libsecret-1 _reference
  artifacts:
    paths:
      - _reference

pages:
  stage: deploy
  script:
    - mkdir public
    - mv _build/meson-logs/coveragereport public/coverage
    - mv _reference/* public/
  artifacts:
    when: on_success
    paths:
      - public
  # https://github.com/linux-test-project/lcov/issues/58
  allow_failure: true