variables: BUILD_IMAGES_PROJECT: libssh/build-images FEDORA_BUILD: buildenv-fedora UBUNTU_BUILD: buildenv-ubuntu CENTOS7_BUILD: buildenv-centos7 TUMBLEWEED_BUILD: buildenv-tumbleweed MINGW_BUILD: buildenv-mingw .tests: before_script: - mkdir -p obj && cd obj script: - make -j$(nproc) && ctest --output-on-failure # Do not use after_script as it does not make the targets fail tags: - shared except: - tags artifacts: expire_in: 1 week when: on_failure paths: - obj/ .fedora: extends: .tests image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD .tumbleweed: extends: .tests image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$TUMBLEWEED_BUILD ############################################################################### # CentOS builds # ############################################################################### # pkd tests fail on CentOS7 docker images, so we don't use -DSERVER_TESTING=ON centos7/openssl_1.0.x/x86_64: image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$CENTOS7_BUILD extends: .tests before_script: - mkdir -p obj && cd obj && cmake3 -DCMAKE_BUILD_TYPE=RelWithDebInfo -DPICKY_DEVELOPER=ON -DWITH_SFTP=ON -DWITH_SERVER=ON -DWITH_ZLIB=ON -DWITH_PCAP=ON -DUNIT_TESTING=ON -DCLIENT_TESTING=ON .. ############################################################################### # Fedora builds # ############################################################################### fedora/openssl_1.1.x/x86_64: extends: .fedora before_script: - mkdir -p obj && cd obj && cmake -DCMAKE_INSTALL_PREFIX=/tmp/local -DCMAKE_BUILD_TYPE=RelWithDebInfo -DPICKY_DEVELOPER=ON -DWITH_BLOWFISH_CIPHER=ON -DWITH_SFTP=ON -DWITH_SERVER=ON -DWITH_ZLIB=ON -DWITH_PCAP=ON -DWITH_DEBUG_CRYPTO=ON -DWITH_DEBUG_PACKET=ON -DWITH_DEBUG_CALLTRACE=ON -DUNIT_TESTING=ON -DCLIENT_TESTING=ON -DSERVER_TESTING=ON -DWITH_PKCS11_URI=ON .. script: - make -j$(nproc) && ctest --output-on-failure && make install fedora/openssl_1.1.x/x86_64/fips: extends: .fedora before_script: - echo "# userspace fips" > /etc/system-fips # We do not need the kernel part, but in case we ever do: # mkdir -p /var/tmp/userspace-fips # echo 1 > /var/tmp/userspace-fips/fips_enabled # mount --bind /var/tmp/userspace-fips/fips_enabled /proc/sys/crypto/fips_enabled - update-crypto-policies --show - update-crypto-policies --set FIPS - update-crypto-policies --show - mkdir -p obj && cd obj && cmake -DCMAKE_BUILD_TYPE=RelWithDebInfo -DPICKY_DEVELOPER=ON -DWITH_BLOWFISH_CIPHER=ON -DWITH_SFTP=ON -DWITH_SERVER=ON -DWITH_ZLIB=ON -DWITH_PCAP=ON -DWITH_DEBUG_CRYPTO=ON -DWITH_DEBUG_PACKET=ON -DWITH_DEBUG_CALLTRACE=ON -DUNIT_TESTING=ON -DCLIENT_TESTING=ON -DSERVER_TESTING=ON .. script: - make -j$(nproc) && OPENSSL_FORCE_FIPS_MODE=1 ctest --output-on-failure fedora/openssl_1.1.x/x86_64/minimal: extends: .fedora before_script: - mkdir -p obj && cd obj && cmake -DCMAKE_BUILD_TYPE=RelWithDebInfo -DPICKY_DEVELOPER=ON -DWITH_SFTP=OFF -DWITH_SERVER=OFF -DWITH_ZLIB=OFF -DWITH_PCAP=OFF -DUNIT_TESTING=ON -DCLIENT_TESTING=ON -DWITH_GEX=OFF .. # Address sanitizer doesn't mix well with LD_PRELOAD used in the testsuite # so, this is only enabled for unit tests right now. # TODO: add -DCLIENT_TESTING=ON -DSERVER_TESTING=ON fedora/address-sanitizer: extends: .fedora before_script: - mkdir -p obj && cd obj && cmake -DCMAKE_BUILD_TYPE=AddressSanitizer -DCMAKE_C_COMPILER=clang -DCMAKE_CXX_COMPILER=clang++ -DPICKY_DEVELOPER=ON -DWITH_SFTP=ON -DWITH_SERVER=ON -DWITH_ZLIB=ON -DWITH_PCAP=ON -DUNIT_TESTING=ON -DFUZZ_TESTING=ON .. # This is disabled as it report OpenSSL issues # It also has ethe same issues with cwrap as AddressSanitizer .fedora/memory-sanitizer: extends: .fedora before_script: - mkdir -p obj && cd obj && cmake -DCMAKE_BUILD_TYPE=MemorySanitizer -DCMAKE_C_COMPILER=clang -DCMAKE_CXX_COMPILER=clang++ -DPICKY_DEVELOPER=ON -DWITH_SFTP=ON -DWITH_SERVER=ON -DWITH_ZLIB=ON -DWITH_PCAP=ON -DUNIT_TESTING=ON .. fedora/undefined-sanitizer: extends: .fedora before_script: - mkdir -p obj && cd obj && cmake -DCMAKE_BUILD_TYPE=UndefinedSanitizer -DPICKY_DEVELOPER=ON -DWITH_SFTP=ON -DWITH_SERVER=ON -DWITH_ZLIB=ON -DWITH_PCAP=ON -DUNIT_TESTING=ON -DCLIENT_TESTING=ON -DSERVER_TESTING=ON .. fedora/libgcrypt/x86_64: extends: .fedora before_script: - mkdir -p obj && cd obj && cmake -DCMAKE_BUILD_TYPE=RelWithDebInfo -DPICKY_DEVELOPER=ON -DWITH_SFTP=ON -DWITH_SERVER=ON -DWITH_ZLIB=ON -DWITH_PCAP=ON -DUNIT_TESTING=ON -DCLIENT_TESTING=ON -DSERVER_TESTING=ON -DWITH_GCRYPT=ON -DWITH_DEBUG_CRYPTO=ON .. fedora/mbedtls/x86_64: extends: .fedora before_script: - mkdir -p obj && cd obj && cmake -DCMAKE_BUILD_TYPE=RelWithDebInfo -DPICKY_DEVELOPER=ON -DWITH_SFTP=ON -DWITH_SERVER=ON -DWITH_ZLIB=ON -DWITH_PCAP=ON -DUNIT_TESTING=ON -DCLIENT_TESTING=ON -DSERVER_TESTING=ON -DWITH_MBEDTLS=ON -DWITH_DEBUG_CRYPTO=ON .. # Unit testing only, no client and pkd testing, because cwrap is not available # for MinGW fedora/mingw64: image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$MINGW_BUILD extends: .tests before_script: - export WINEPATH=/usr/x86_64-w64-mingw32/sys-root/mingw/bin - export WINEDEBUG=-all - mkdir obj && cd obj && mingw64-cmake -DCMAKE_BUILD_TYPE=RelWithDebInfo -DPICKY_DEVELOPER=ON -DWITH_SFTP=ON -DWITH_SERVER=ON -DWITH_ZLIB=ON -DWITH_PCAP=ON -DUNIT_TESTING=ON .. # Unit testing only, no client and pkd testing, because cwrap is not available # for MinGW fedora/mingw32: image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$MINGW_BUILD extends: .tests before_script: - export WINEPATH=/usr/i686-w64-mingw32/sys-root/mingw/bin - export WINEDEBUG=-all - mkdir obj && cd obj && mingw32-cmake -DCMAKE_BUILD_TYPE=RelWithDebInfo -DPICKY_DEVELOPER=ON -DWITH_SFTP=ON -DWITH_SERVER=ON -DWITH_ZLIB=ON -DWITH_PCAP=ON -DUNIT_TESTING=ON .. ############################################################################### # Fedora csbuild # ############################################################################### .csbuild: variables: GIT_DEPTH: "100" image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD before_script: - | if [[ -z "$CI_COMMIT_BEFORE_SHA" ]]; then export CI_COMMIT_BEFORE_SHA=$(git rev-parse "${CI_COMMIT_SHA}~20") fi # Check if the commit exists in this branch # This is not the case for a force push git branch --contains $CI_COMMIT_BEFORE_SHA 2>/dev/null || export CI_COMMIT_BEFORE_SHA=$(git rev-parse "${CI_COMMIT_SHA}~20") export CI_COMMIT_RANGE="$CI_COMMIT_BEFORE_SHA..$CI_COMMIT_SHA" tags: - shared except: - tags artifacts: expire_in: 1 week when: on_failure paths: - obj-csbuild/ fedora/csbuild/openssl_1.1.x: extends: .csbuild script: - csbuild --build-dir=obj-csbuild --build-cmd "rm -rf CMakeFiles CMakeCache.txt && cmake -DCMAKE_BUILD_TYPE=Debug -DPICKY_DEVELOPER=ON -DUNIT_TESTING=ON -DCLIENT_TESTING=ON -DSERVER_TESTING=ON -DFUZZ_TESTING=ON @SRCDIR@ && make clean && make -j$(nproc)" --git-commit-range $CI_COMMIT_RANGE --color --print-current --print-fixed fedora/csbuild/libgcrypt: extends: .csbuild script: - csbuild --build-dir=obj-csbuild --build-cmd "rm -rf CMakeFiles CMakeCache.txt && cmake -DCMAKE_BUILD_TYPE=Debug -DPICKY_DEVELOPER=ON -DUNIT_TESTING=ON -DCLIENT_TESTING=ON -DSERVER_TESTING=ON -DFUZZ_TESTING=ON -DWITH_GCRYPT=ON @SRCDIR@ && make clean && make -j$(nproc)" --git-commit-range $CI_COMMIT_RANGE --color --print-current --print-fixed fedora/csbuild/mbedtls: extends: .csbuild script: - csbuild --build-dir=obj-csbuild --build-cmd "rm -rf CMakeFiles CMakeCache.txt && cmake -DCMAKE_BUILD_TYPE=Debug -DPICKY_DEVELOPER=ON -DUNIT_TESTING=ON -DCLIENT_TESTING=ON -DSERVER_TESTING=ON -DFUZZ_TESTING=ON -DWITH_MBEDTLS=ON @SRCDIR@ && make clean && make -j$(nproc)" --git-commit-range $CI_COMMIT_RANGE --color --print-current --print-fixed ############################################################################### # Ubuntu builds # ############################################################################### ubuntu/openssl_1.1.x/x86_64: image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$UBUNTU_BUILD extends: .tests before_script: - mkdir -p obj && cd obj && cmake -DCMAKE_INSTALL_PREFIX=/tmp/local -DCMAKE_BUILD_TYPE=RelWithDebInfo -DPICKY_DEVELOPER=ON -DWITH_BLOWFISH_CIPHER=ON -DWITH_SFTP=ON -DWITH_SERVER=ON -DWITH_ZLIB=ON -DWITH_PCAP=ON -DWITH_DEBUG_CRYPTO=ON -DWITH_DEBUG_PACKET=ON -DWITH_DEBUG_CALLTRACE=ON -DUNIT_TESTING=ON -DCLIENT_TESTING=ON -DSERVER_TESTING=ON .. ############################################################################### # Tumbleweed builds # ############################################################################### tumbleweed/openssl_1.1.x/x86_64/gcc: extends: .tumbleweed before_script: - mkdir -p obj && cd obj && cmake -DCMAKE_BUILD_TYPE=RelWithDebInfo -DPICKY_DEVELOPER=ON -DWITH_SFTP=ON -DWITH_SERVER=ON -DWITH_ZLIB=ON -DWITH_PCAP=ON -DKRB5_CONFIG=/usr/lib/mit/bin/krb5-config -DUNIT_TESTING=ON -DSERVER_TESTING=ON .. tumbleweed/openssl_1.1.x/x86/gcc: extends: .tumbleweed before_script: - mkdir -p obj && cd obj && cmake -DCMAKE_TOOLCHAIN_FILE=../cmake/Toolchain-cross-m32.cmake -DCMAKE_BUILD_TYPE=RelWithDebInfo -DPICKY_DEVELOPER=ON -DWITH_SFTP=ON -DWITH_SERVER=ON -DWITH_ZLIB=ON -DWITH_PCAP=ON -DUNIT_TESTING=ON .. tumbleweed/openssl_1.1.x/x86_64/gcc7: extends: .tumbleweed before_script: - mkdir -p obj && cd obj && cmake -DCMAKE_C_COMPILER=gcc-7 -DCMAKE_CXX_COMPILER=g++-7 -DCMAKE_BUILD_TYPE=RelWithDebInfo -DPICKY_DEVELOPER=ON -DWITH_SFTP=ON -DWITH_SERVER=ON -DWITH_ZLIB=ON -DWITH_PCAP=ON -DKRB5_CONFIG=/usr/lib/mit/bin/krb5-config -DUNIT_TESTING=ON -DCLIENT_TESTING=ON -DSERVER_TESTING=ON .. tumbleweed/openssl_1.1.x/x86/gcc7: extends: .tumbleweed before_script: - mkdir -p obj && cd obj && cmake -DCMAKE_TOOLCHAIN_FILE=../cmake/Toolchain-cross-m32.cmake -DCMAKE_C_COMPILER=gcc-7 -DCMAKE_CXX_COMPILER=g++-7 -DCMAKE_BUILD_TYPE=RelWithDebInfo -DPICKY_DEVELOPER=ON -DWITH_SFTP=ON -DWITH_SERVER=ON -DWITH_ZLIB=ON -DWITH_PCAP=ON -DUNIT_TESTING=ON .. tumbleweed/openssl_1.1.x/x86_64/clang: extends: .tumbleweed before_script: - mkdir -p obj && cd obj && cmake -DCMAKE_BUILD_TYPE=RelWithDebInfo -DCMAKE_C_COMPILER=clang -DCMAKE_CXX_COMPILER=clang++ -DPICKY_DEVELOPER=ON -DWITH_SFTP=ON -DWITH_SERVER=ON -DWITH_ZLIB=ON -DWITH_PCAP=ON -DKRB5_CONFIG=/usr/lib/mit/bin/krb5-config -DUNIT_TESTING=ON -DCLIENT_TESTING=ON -DSERVER_TESTING=ON .. tumbleweed/docs: extends: .tumbleweed before_script: - mkdir -p obj && cd obj && cmake .. script: - make docs tumbleweed/undefined-sanitizer: extends: .tumbleweed before_script: - mkdir -p obj && cd obj && cmake -DCMAKE_BUILD_TYPE=UndefinedSanitizer -DPICKY_DEVELOPER=ON -DWITH_SFTP=ON -DWITH_SERVER=ON -DWITH_ZLIB=ON -DWITH_PCAP=ON -DUNIT_TESTING=ON -DSERVER_TESTING=ON .. tumbleweed/static-analysis: image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$TUMBLEWEED_BUILD script: - export CCC_CC=clang - export CCC_CXX=clang++ - mkdir -p obj && cd obj && scan-build cmake -DCMAKE_BUILD_TYPE=Debug -DCMAKE_C_COMPILER=clang -DCMAKE_CXX_COMPILER=clang++ -DPICKY_DEVELOPER=ON -DWITH_SFTP=ON -DWITH_SERVER=ON -DWITH_ZLIB=ON -DWITH_PCAP=ON -DUNIT_TESTING=ON -DSERVER_TESTING=ON .. && scan-build --status-bugs -o scan make -j$(nproc) tags: - shared except: - tags artifacts: expire_in: 1 week when: on_failure paths: - obj/scan ############################################################################### # FreeBSD builds # ############################################################################### # That is a specific runner that we cannot enable universally. # We restrict it to builds under the $BUILD_IMAGES_PROJECT project. freebsd/x86_64: image: extends: .tests before_script: - mkdir -p obj && cd obj && cmake -DCMAKE_BUILD_TYPE=RelWithDebInfo -DPICKY_DEVELOPER=ON -DWITH_SFTP=ON -DWITH_SERVER=ON -DWITH_ZLIB=ON -DWITH_PCAP=ON -DUNIT_TESTING=ON .. script: - make && ctest --output-on-failure tags: - freebsd only: - branches@libssh/libssh-mirror - branches@cryptomilk/libssh-mirror ############################################################################### # Visual Studio builds # ############################################################################### .vs: variables: ErrorActionPreference: STOP script: - cmake --build . - ctest --output-on-failure tags: - vs2017 - windows except: - tags only: - branches@libssh/libssh-mirror - branches@ansasaki/libssh-mirror - branches@cryptomilk/libssh-mirror - branches@jjelen/libssh-mirror artifacts: expire_in: 1 week when: on_failure paths: - obj/ visualstudio/x86_64: extends: .vs before_script: - $env:VCPKG_DEFAULT_TRIPLET="x64-windows" - mkdir -p obj; if ($?) {cd obj}; if (! $?) {exit 1} - cmake -A x64 -DCMAKE_TOOLCHAIN_FILE="$env:VCPKG_TOOLCHAIN_FILE" -DPICKY_DEVELOPER=ON -DWITH_SFTP=ON -DWITH_SERVER=ON -DWITH_ZLIB=ON -DWITH_PCAP=ON -DUNIT_TESTING=ON .. visualstudio/x86: extends: .vs before_script: - $env:VCPKG_DEFAULT_TRIPLET="x86-windows" - mkdir -p obj; if ($?) {cd obj}; if (! $?) {exit 1} - cmake -DCMAKE_TOOLCHAIN_FILE="$env:VCPKG_TOOLCHAIN_FILE" -DPICKY_DEVELOPER=ON -DWITH_SFTP=ON -DWITH_SERVER=ON -DWITH_ZLIB=ON -DWITH_PCAP=ON -DUNIT_TESTING=ON ..