include:
  - remote: 'https://gitlab.gnome.org/Infrastructure/freedesktop-ci-templates/-/raw/145b1bc7ef1702d2bd71584010d7113c6786a506/templates/fedora.yml'
  - component: gitlab.gnome.org/GNOME/citemplates/release-service@master
    inputs:
      dist-job-name: "build-release-tarball"
      tarball-artifact-path: "${TARBALL_ARTIFACT_PATH}"

stages:
  - prepare
  - build
  - deploy

variables:
  FDO_UPSTREAM_REPO: gnome/libsecret
  TARBALL_ARTIFACT_PATH: "_build/meson-dist/${CI_PROJECT_NAME}-${CI_COMMIT_TAG}.tar.xz"
  CPPCHECK_OPTIONS: "--enable=warning --enable=style --enable=performance --enable=portability --std=c99 --template='{id}:{file}:{line},{severity},{message}'"

.fedora.container.common:
  variables:
    # When branching a stable release, change 'main' to the
    # release branch name to ensure that a new image will
    # be created, tailored for the stable branch.
    BRANCH_NAME: 'main'
    CONTAINER_TAG: '2025-01-15.0'
    FEDORA_VERSION: latest
    # Derive FDO variables from this automatically.
    # DO NOT edit, instead change the variables above
    FDO_REPO_SUFFIX: '${BRANCH_NAME}'
    FDO_DISTRIBUTION_TAG: '${CONTAINER_TAG}-fedora-${FEDORA_VERSION}'
    FDO_DISTRIBUTION_VERSION: '${FEDORA_VERSION}'

#############################################
#          Create CI Docker Images          #
#############################################

# See also https://gitlab.gnome.org/Infrastructure/freedesktop-ci-templates
build.container.fedora@x86_64:
  extends:
  - '.fdo.container-build@fedora'
  - '.fedora.container.common'
  stage: prepare
  variables:
    # no need to pull the whole tree for rebuilding the image
    GIT_STRATEGY: none
    # Expiry sets fdo.expires on the image
    FDO_EXPIRES_AFTER: 8w
    FDO_DISTRIBUTION_PACKAGES: >-
      clang-analyzer
      cppcheck
      dbus-x11
      diffutils
      docbook-style-xsl
      gettext
      gi-docgen
      git
      gjs
      glib2-devel
      gnutls-devel
      gobject-introspection-devel
      lcov
      libasan
      libgcrypt-devel
      libpamtest-devel
      libubsan
      libxslt
      meson
      pam-devel
      pam_wrapper
      python3-dbus
      python3-gobject
      redhat-rpm-config
      swtpm
      swtpm-tools
      tpm2-abrmd
      tpm2-tss-devel
      vala
      valgrind-devel


#############################################
#               STAGE: BUILD                #
#############################################

.build:
  extends:
    - '.fdo.suffixed-image@fedora'
    - '.fedora.container.common'
  parallel:
    matrix:
      - CRYPTO: libgcrypt
      - CRYPTO: gnutls
        GNUTLS_FORCE_FIPS_MODE: [0, 1]
      - CRYPTO: disabled

fedora:Werror:
  stage: build
  extends:
    - .build
  script:
    - meson _build -Dwerror=true -Dc_args=-Wno-error=deprecated-declarations -Dgtk_doc=false -Dcrypto=$CRYPTO
    - meson compile -C _build
    - meson test -C _build --print-errorlogs
  artifacts:
    reports:
      junit: "_build/meson-logs/testlog.junit.xml"
    name: "libsecret-werror-${CI_JOB_NAME}-${CI_COMMIT_REF_NAME}"
    when: always
    paths:
      - "_build/config.h"
      - "_build/meson-logs"

fedora:asan:
  stage: build
  extends:
    - .build
  script:
    - export LSAN_OPTIONS=suppressions=$PWD/build/lsan.supp
    - meson _build -Db_sanitize=address -Dgtk_doc=false -Dintrospection=false -Dcrypto=$CRYPTO
    - meson compile -C _build
    - meson test -C _build --print-errorlogs
  artifacts:
    reports:
      junit: "_build/meson-logs/testlog.junit.xml"
    name: "libsecret-asan-${CI_JOB_NAME}-${CI_COMMIT_REF_NAME}"
    when: always
    paths:
      - "_build/config.h"
      - "_build/meson-logs"

fedora:ubsan:
  stage: build
  extends:
    - .build
  script:
    - meson _build -Db_sanitize=undefined -Dgtk_doc=false -Dcrypto=$CRYPTO
    - meson compile -C _build
    - meson test -C _build --print-errorlogs
  artifacts:
    reports:
      junit: "_build/meson-logs/testlog.junit.xml"
    name: "libsecret-ubsan-${CI_JOB_NAME}-${CI_COMMIT_REF_NAME}"
    when: always
    paths:
      - "_build/config.h"
      - "_build/meson-logs"

fedora-static-analyzers/test:
  stage: build
  extends:
    - .build
  script:
    - meson _build -Dgtk_doc=false -Dcrypto=$CRYPTO
    - meson compile -C _build --ninja-args scan-build
    - cppcheck --force -q $CPPCHECK_OPTIONS libsecret/ egg/ tool/
  artifacts:
    when: on_failure
    paths:
      - _build/meson-logs/testlog.txt

fedora:PAM:
  stage: build
  extends:
    - .build
  script:
    - meson _build -Dwerror=true -Dc_args=-Wno-error=deprecated-declarations -Dgtk_doc=false -Dpam=true
    - meson compile -C _build
    - meson test -C _build --print-errorlogs
  artifacts:
    reports:
      junit: "_build/meson-logs/testlog.junit.xml"
    name: "libsecret-pam-${CI_JOB_NAME}-${CI_COMMIT_REF_NAME}"
    when: always
    paths:
      - "_build/config.h"
      - "_build/meson-logs"

fedora:coverage:
  extends:
    - '.fdo.suffixed-image@fedora'
    - '.fedora.container.common'
  stage: build
  script:
    - meson _build -Db_coverage=true -Dtpm2=true -Dgtk_doc=false
    - meson compile -C _build
    - export XDG_CONFIG_HOME=$HOME/.config
    - /usr/share/swtpm/swtpm-create-user-config-files --root
    - mkdir -p ${XDG_CONFIG_HOME}/mytpm1
    - swtpm_setup --tpm2 --tpmstate $XDG_CONFIG_HOME/mytpm1 --createek --allow-signing --decryption --create-ek-cert --create-platform-cert --lock-nvram --overwrite --display
    - swtpm socket --tpm2 --tpmstate dir=$XDG_CONFIG_HOME/mytpm1 --flags startup-clear --ctrl type=tcp,port=2322 --server type=tcp,port=2321 --daemon
    - 'tpm2-abrmd --logger=stdout --tcti=swtpm: --session --allow-root --flush-all &'
    - 'export TCTI=tabrmd:bus_type=session'
    - meson test -C _build --print-errorlogs
    - ninja coverage-html -C _build
  coverage: '/^\s+lines.+:\s+([\d.]+\%)\s+/'
  artifacts:
    name: "libsecret-${CI_JOB_NAME}-${CI_COMMIT_REF_NAME}"
    when: on_success
    paths:
      - _build/meson-logs/coveragereport/
  # https://github.com/linux-test-project/lcov/issues/58
  allow_failure: true

reference:
  extends:
    - '.fdo.suffixed-image@fedora'
    - '.fedora.container.common'
  stage: build
  variables:
    MESON_ARGS: >-
      -Dgtk_doc=true
      -Dvapi=false
      -Dmanpage=false
  script:
    - meson ${MESON_ARGS} _build
    - ninja -C _build
    - mv _build/docs/reference/libsecret/libsecret-1 _reference
  artifacts:
    paths:
      - _reference


#############################################
#              STAGE: DEPLOY                #
#############################################

build-release-tarball:
  extends:
    - '.fdo.suffixed-image@fedora'
    - '.fedora.container.common'
  stage: deploy
  script:
    - meson setup _build
    - meson dist -C _build
  artifacts:
    paths:
      - $TARBALL_ARTIFACT_PATH

pages:
  stage: deploy
  script:
    - mkdir public
    - mv _build/meson-logs/coveragereport public/coverage
    - mv _reference/* public/
  artifacts:
    when: on_success
    paths:
      - public
  # https://github.com/linux-test-project/lcov/issues/58
  allow_failure: true