mirror of
https://gitlab.gnome.org/GNOME/libsecret.git
synced 2025-01-18 18:08:36 +00:00
250 lines
6.9 KiB
YAML
250 lines
6.9 KiB
YAML
include:
|
|
- remote: 'https://gitlab.gnome.org/Infrastructure/freedesktop-ci-templates/-/raw/145b1bc7ef1702d2bd71584010d7113c6786a506/templates/fedora.yml'
|
|
- component: gitlab.gnome.org/GNOME/citemplates/release-service@master
|
|
inputs:
|
|
dist-job-name: "build-release-tarball"
|
|
tarball-artifact-path: "${TARBALL_ARTIFACT_PATH}"
|
|
|
|
stages:
|
|
- prepare
|
|
- build
|
|
- deploy
|
|
|
|
variables:
|
|
FDO_UPSTREAM_REPO: gnome/libsecret
|
|
TARBALL_ARTIFACT_PATH: "_build/meson-dist/${CI_PROJECT_NAME}-${CI_COMMIT_TAG}.tar.xz"
|
|
CPPCHECK_OPTIONS: "--enable=warning --enable=style --enable=performance --enable=portability --std=c99 --template='{id}:{file}:{line},{severity},{message}'"
|
|
|
|
.fedora.container.common:
|
|
variables:
|
|
# When branching a stable release, change 'main' to the
|
|
# release branch name to ensure that a new image will
|
|
# be created, tailored for the stable branch.
|
|
BRANCH_NAME: 'main'
|
|
CONTAINER_TAG: '2025-01-15.0'
|
|
FEDORA_VERSION: latest
|
|
# Derive FDO variables from this automatically.
|
|
# DO NOT edit, instead change the variables above
|
|
FDO_REPO_SUFFIX: '${BRANCH_NAME}'
|
|
FDO_DISTRIBUTION_TAG: '${CONTAINER_TAG}-fedora-${FEDORA_VERSION}'
|
|
FDO_DISTRIBUTION_VERSION: '${FEDORA_VERSION}'
|
|
|
|
#############################################
|
|
# Create CI Docker Images #
|
|
#############################################
|
|
|
|
# See also https://gitlab.gnome.org/Infrastructure/freedesktop-ci-templates
|
|
build.container.fedora@x86_64:
|
|
extends:
|
|
- '.fdo.container-build@fedora'
|
|
- '.fedora.container.common'
|
|
stage: prepare
|
|
variables:
|
|
# no need to pull the whole tree for rebuilding the image
|
|
GIT_STRATEGY: none
|
|
# Expiry sets fdo.expires on the image
|
|
FDO_EXPIRES_AFTER: 8w
|
|
FDO_DISTRIBUTION_PACKAGES: >-
|
|
clang-analyzer
|
|
cppcheck
|
|
dbus-x11
|
|
diffutils
|
|
docbook-style-xsl
|
|
gettext
|
|
gi-docgen
|
|
git
|
|
gjs
|
|
glib2-devel
|
|
gnutls-devel
|
|
gobject-introspection-devel
|
|
lcov
|
|
libasan
|
|
libgcrypt-devel
|
|
libpamtest-devel
|
|
libubsan
|
|
libxslt
|
|
meson
|
|
pam-devel
|
|
pam_wrapper
|
|
python3-dbus
|
|
python3-gobject
|
|
redhat-rpm-config
|
|
swtpm
|
|
swtpm-tools
|
|
tpm2-abrmd
|
|
tpm2-tss-devel
|
|
vala
|
|
valgrind-devel
|
|
|
|
|
|
#############################################
|
|
# STAGE: BUILD #
|
|
#############################################
|
|
|
|
.build:
|
|
extends:
|
|
- '.fdo.suffixed-image@fedora'
|
|
- '.fedora.container.common'
|
|
parallel:
|
|
matrix:
|
|
- CRYPTO: libgcrypt
|
|
- CRYPTO: gnutls
|
|
GNUTLS_FORCE_FIPS_MODE: [0, 1]
|
|
- CRYPTO: disabled
|
|
|
|
fedora:Werror:
|
|
stage: build
|
|
extends:
|
|
- .build
|
|
script:
|
|
- meson _build -Dwerror=true -Dc_args=-Wno-error=deprecated-declarations -Dgtk_doc=false -Dcrypto=$CRYPTO
|
|
- meson compile -C _build
|
|
- meson test -C _build --print-errorlogs
|
|
artifacts:
|
|
reports:
|
|
junit: "_build/meson-logs/testlog.junit.xml"
|
|
name: "libsecret-werror-${CI_JOB_NAME}-${CI_COMMIT_REF_NAME}"
|
|
when: always
|
|
paths:
|
|
- "_build/config.h"
|
|
- "_build/meson-logs"
|
|
|
|
fedora:asan:
|
|
stage: build
|
|
extends:
|
|
- .build
|
|
script:
|
|
- export LSAN_OPTIONS=suppressions=$PWD/build/lsan.supp
|
|
- meson _build -Db_sanitize=address -Dgtk_doc=false -Dintrospection=false -Dcrypto=$CRYPTO
|
|
- meson compile -C _build
|
|
- meson test -C _build --print-errorlogs
|
|
artifacts:
|
|
reports:
|
|
junit: "_build/meson-logs/testlog.junit.xml"
|
|
name: "libsecret-asan-${CI_JOB_NAME}-${CI_COMMIT_REF_NAME}"
|
|
when: always
|
|
paths:
|
|
- "_build/config.h"
|
|
- "_build/meson-logs"
|
|
|
|
fedora:ubsan:
|
|
stage: build
|
|
extends:
|
|
- .build
|
|
script:
|
|
- meson _build -Db_sanitize=undefined -Dgtk_doc=false -Dcrypto=$CRYPTO
|
|
- meson compile -C _build
|
|
- meson test -C _build --print-errorlogs
|
|
artifacts:
|
|
reports:
|
|
junit: "_build/meson-logs/testlog.junit.xml"
|
|
name: "libsecret-ubsan-${CI_JOB_NAME}-${CI_COMMIT_REF_NAME}"
|
|
when: always
|
|
paths:
|
|
- "_build/config.h"
|
|
- "_build/meson-logs"
|
|
|
|
fedora-static-analyzers/test:
|
|
stage: build
|
|
extends:
|
|
- .build
|
|
script:
|
|
- meson _build -Dgtk_doc=false -Dcrypto=$CRYPTO
|
|
- meson compile -C _build --ninja-args scan-build
|
|
- cppcheck --force -q $CPPCHECK_OPTIONS libsecret/ egg/ tool/
|
|
artifacts:
|
|
when: on_failure
|
|
paths:
|
|
- _build/meson-logs/testlog.txt
|
|
|
|
fedora:PAM:
|
|
stage: build
|
|
extends:
|
|
- .build
|
|
script:
|
|
- meson _build -Dwerror=true -Dc_args=-Wno-error=deprecated-declarations -Dgtk_doc=false -Dpam=true
|
|
- meson compile -C _build
|
|
- meson test -C _build --print-errorlogs
|
|
artifacts:
|
|
reports:
|
|
junit: "_build/meson-logs/testlog.junit.xml"
|
|
name: "libsecret-pam-${CI_JOB_NAME}-${CI_COMMIT_REF_NAME}"
|
|
when: always
|
|
paths:
|
|
- "_build/config.h"
|
|
- "_build/meson-logs"
|
|
|
|
fedora:coverage:
|
|
extends:
|
|
- '.fdo.suffixed-image@fedora'
|
|
- '.fedora.container.common'
|
|
stage: build
|
|
script:
|
|
- meson _build -Db_coverage=true -Dtpm2=true -Dgtk_doc=false
|
|
- meson compile -C _build
|
|
- export XDG_CONFIG_HOME=$HOME/.config
|
|
- /usr/share/swtpm/swtpm-create-user-config-files --root
|
|
- mkdir -p ${XDG_CONFIG_HOME}/mytpm1
|
|
- swtpm_setup --tpm2 --tpmstate $XDG_CONFIG_HOME/mytpm1 --createek --allow-signing --decryption --create-ek-cert --create-platform-cert --lock-nvram --overwrite --display
|
|
- swtpm socket --tpm2 --tpmstate dir=$XDG_CONFIG_HOME/mytpm1 --flags startup-clear --ctrl type=tcp,port=2322 --server type=tcp,port=2321 --daemon
|
|
- 'tpm2-abrmd --logger=stdout --tcti=swtpm: --session --allow-root --flush-all &'
|
|
- 'export TCTI=tabrmd:bus_type=session'
|
|
- meson test -C _build --print-errorlogs
|
|
- ninja coverage-html -C _build
|
|
coverage: '/^\s+lines.+:\s+([\d.]+\%)\s+/'
|
|
artifacts:
|
|
name: "libsecret-${CI_JOB_NAME}-${CI_COMMIT_REF_NAME}"
|
|
when: on_success
|
|
paths:
|
|
- _build/meson-logs/coveragereport/
|
|
# https://github.com/linux-test-project/lcov/issues/58
|
|
allow_failure: true
|
|
|
|
reference:
|
|
extends:
|
|
- '.fdo.suffixed-image@fedora'
|
|
- '.fedora.container.common'
|
|
stage: build
|
|
variables:
|
|
MESON_ARGS: >-
|
|
-Dgtk_doc=true
|
|
-Dvapi=false
|
|
-Dmanpage=false
|
|
script:
|
|
- meson ${MESON_ARGS} _build
|
|
- ninja -C _build
|
|
- mv _build/docs/reference/libsecret/libsecret-1 _reference
|
|
artifacts:
|
|
paths:
|
|
- _reference
|
|
|
|
|
|
#############################################
|
|
# STAGE: DEPLOY #
|
|
#############################################
|
|
|
|
build-release-tarball:
|
|
extends:
|
|
- '.fdo.suffixed-image@fedora'
|
|
- '.fedora.container.common'
|
|
stage: deploy
|
|
script:
|
|
- meson setup _build
|
|
- meson dist -C _build
|
|
artifacts:
|
|
paths:
|
|
- $TARBALL_ARTIFACT_PATH
|
|
|
|
pages:
|
|
stage: deploy
|
|
script:
|
|
- mkdir public
|
|
- mv _build/meson-logs/coveragereport public/coverage
|
|
- mv _reference/* public/
|
|
artifacts:
|
|
when: on_success
|
|
paths:
|
|
- public
|
|
# https://github.com/linux-test-project/lcov/issues/58
|
|
allow_failure: true
|