diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index f8a3389bba6daba8494ca132762dab2b40429ebd..8e6f509b5f154af6f020fe3c559c5648b8ab803c 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -12,6 +12,45 @@ variables: image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD +Signoff: + script: + # Quoted to work around https://gitlab.com/gitlab-org/gitlab-foss/-/issues/20177 + - 'echo "Checking for new commits without Signed-off-by: tags as described in https://www.infradead.org/openconnect/contribute.html"' + # Last bad commit + - 'git log ceab1765db11c15a18a0c605812dbc11afd63e8b.. --grep "(^Signed-off-by)|(^Merge branch)|(^This reverts commit)" --extended-regexp --invert-grep --exit-code' + - echo "None (good)" + +Coverity: + image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$CENTOS8_BUILD + only: + - schedules + - coverity + script: + - curl -o /tmp/cov-analysis-linux64.tgz https://scan.coverity.com/download/linux64 + --form project=$COVERITY_SCAN_PROJECT_NAME --form token=$COVERITY_SCAN_TOKEN + - tar xfz /tmp/cov-analysis-linux64.tgz + - ./autogen.sh + - ./configure --with-java --without-gnutls --with-openssl --disable-dsa-tests + - cd java + - ../cov-analysis-linux64-*/bin/cov-build --dir ../cov-int ant + - cd .. + - cov-analysis-linux64-*/bin/cov-build --dir cov-int make -j4 + - make clean + - ./configure --with-java --disable-dsa-tests --without-gnutls-version-check + - cov-analysis-linux64-*/bin/cov-build --dir cov-int make -j4 + - tar cfz cov-int.tar.gz cov-int + - curl https://scan.coverity.com/builds?project=$COVERITY_SCAN_PROJECT_NAME + --form token=$COVERITY_SCAN_TOKEN --form email=email=$GITLAB_USER_EMAIL + --form file=@cov-int.tar.gz --form version="`git describe --tags`" + --form description="`git describe --tags` / $CI_COMMIT_TITLE / $CI_COMMIT_REF_NAME:$CI_PIPELINE_ID " + tags: + - shared + artifacts: + expire_in: 1 week + when: on_failure + paths: + - cov-int/*.txt + CentOS7/GnuTLS: image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$CENTOS7_BUILD script: @@ -32,9 +71,6 @@ CentOS7/GnuTLS: - make VERBOSE=1 XFAIL_TESTS="auth-nonascii ppp-over-tls-sync" -j4 check tags: - shared - except: - - tags - - schedules artifacts: expire_in: 1 week when: on_failure @@ -62,9 +98,6 @@ CentOS7/OpenSSL: - make VERBOSE=1 XFAIL_TESTS="auth-nonascii dtls-psk ppp-over-tls-sync" -j4 check tags: - shared - except: - - tags - - schedules artifacts: expire_in: 1 week when: on_failure @@ -88,9 +121,6 @@ CentOS8/GnuTLS: - make VERBOSE=1 XFAIL_TESTS="auth-nonascii ppp-over-tls-sync" -j4 check tags: - shared - except: - - tags - - schedules artifacts: expire_in: 1 week when: on_failure @@ -115,9 +145,6 @@ CentOS8/OpenSSL: - make VERBOSE=1 XFAIL_TESTS="auth-nonascii obsolete-server-crypto ppp-over-tls-sync" -j4 check tags: - shared - except: - - tags - - schedules artifacts: expire_in: 1 week when: on_failure @@ -139,54 +166,12 @@ CentOS6/OpenSSL: - make VERBOSE=1 XFAIL_TESTS="bad_dtls_test auth-nonascii ppp-over-tls-sync" -j4 check tags: - shared - except: - - tags - - schedules artifacts: expire_in: 1 week when: on_failure paths: - tests/*.log -Signoff: - script: - # Quoted to work around https://gitlab.com/gitlab-org/gitlab-foss/-/issues/20177 - - 'echo "Checking for new commits without Signed-off-by: tags as described in https://www.infradead.org/openconnect/contribute.html"' - # Last bad commit - - 'git log ceab1765db11c15a18a0c605812dbc11afd63e8b.. --grep "(^Signed-off-by)|(^Merge branch)|(^This reverts commit)" --extended-regexp --invert-grep --exit-code' - - echo "None (good)" - -Coverity: - image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$CENTOS8_BUILD - only: - - schedules - - coverity - script: - - curl -o /tmp/cov-analysis-linux64.tgz https://scan.coverity.com/download/linux64 - --form project=$COVERITY_SCAN_PROJECT_NAME --form token=$COVERITY_SCAN_TOKEN - - tar xfz /tmp/cov-analysis-linux64.tgz - - ./autogen.sh - - ./configure --with-java --without-gnutls --with-openssl --disable-dsa-tests - - cd java - - ../cov-analysis-linux64-*/bin/cov-build --dir ../cov-int ant - - cd .. - - cov-analysis-linux64-*/bin/cov-build --dir cov-int make -j4 - - make clean - - ./configure --with-java --disable-dsa-tests --without-gnutls-version-check - - cov-analysis-linux64-*/bin/cov-build --dir cov-int make -j4 - - tar cfz cov-int.tar.gz cov-int - - curl https://scan.coverity.com/builds?project=$COVERITY_SCAN_PROJECT_NAME - --form token=$COVERITY_SCAN_TOKEN --form email=email=$GITLAB_USER_EMAIL - --form file=@cov-int.tar.gz --form version="`git describe --tags`" - --form description="`git describe --tags` / $CI_COMMIT_TITLE / $CI_COMMIT_REF_NAME:$CI_PIPELINE_ID " - tags: - - shared - artifacts: - expire_in: 1 week - when: on_failure - paths: - - cov-int/*.txt - ubsan/GnuTLS/Fedora: image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD script: @@ -201,9 +186,6 @@ ubsan/GnuTLS/Fedora: tags: - shared - linux - except: - - tags - - schedules artifacts: expire_in: 1 week when: on_failure @@ -224,9 +206,6 @@ ubsan/OpenSSL/Fedora: tags: - shared - linux - except: - - tags - - schedules artifacts: expire_in: 1 week when: on_failure @@ -247,9 +226,6 @@ asan/GnuTLS/Fedora: tags: - shared - linux - except: - - tags - - schedules artifacts: expire_in: 1 week when: on_failure @@ -271,9 +247,6 @@ asan/OpenSSL/Fedora: tags: - shared - linux - except: - - tags - - schedules artifacts: expire_in: 1 week when: on_failure @@ -306,9 +279,6 @@ Fedora/GnuTLS: - make VERBOSE=1 OPENSSL_ia32cap=~0x4000000000000000 XFAIL_TESTS="obsolete-server-crypto ppp-over-tls-sync" -j4 check tags: - shared - except: - - tags - - schedules artifacts: expire_in: 1 week when: on_failure @@ -340,9 +310,6 @@ Fedora/GnuTLS/ibmtss: - make VERBOSE=1 OPENSSL_ia32cap=~0x4000000000000000 XFAIL_TESTS="obsolete-server-crypto ppp-over-tls-sync" -j4 check tags: - shared - except: - - tags - - schedules artifacts: expire_in: 1 week when: on_failure @@ -373,9 +340,6 @@ Fedora/GnuTLS/clang: - make VERBOSE=1 OPENSSL_ia32cap=~0x4000000000000000 XFAIL_TESTS="obsolete-server-crypto ppp-over-tls-sync" -j4 check tags: - shared - except: - - tags - - schedules artifacts: expire_in: 1 week when: on_failure @@ -407,9 +371,6 @@ Fedora/OpenSSL: - make VERBOSE=1 XFAIL_TESTS="obsolete-server-crypto auth-swtpm ppp-over-tls-sync" -j4 check tags: - shared - except: - - tags - - schedules artifacts: expire_in: 1 week when: on_failure @@ -440,9 +401,6 @@ Fedora/OpenSSL/clang: - make VERBOSE=1 XFAIL_TESTS="obsolete-server-crypto auth-swtpm ppp-over-tls-sync" -j4 check tags: - shared - except: - - tags - - schedules artifacts: expire_in: 1 week when: on_failure @@ -466,9 +424,6 @@ Ubuntu18.04/GnuTLS: - make VERBOSE=1 XFAIL_TESTS="auth-nonascii ppp-over-tls-sync" -j4 check tags: - shared - except: - - tags - - schedules artifacts: expire_in: 1 week paths: @@ -492,9 +447,6 @@ Ubuntu18.04/OpenSSL: - make VERBOSE=1 XFAIL_TESTS="auth-nonascii obsolete-server-crypto ppp-over-tls-sync" -j4 check tags: - shared - except: - - tags - - schedules artifacts: expire_in: 1 week when: on_failure @@ -514,9 +466,6 @@ MinGW32/GnuTLS: - make VERBOSE=1 -j4 check XFAIL_TESTS="sigterm dtls-psk" tags: - shared - except: - - tags - - schedules artifacts: expire_in: 1 week when: always @@ -537,9 +486,6 @@ MinGW32/OpenSSL: - make VERBOSE=1 -j4 check XFAIL_TESTS="sigterm dtls-psk" tags: - shared - except: - - tags - - schedules artifacts: expire_in: 1 week when: always @@ -561,9 +507,6 @@ MinGW64/GnuTLS: - make VERBOSE=1 -j4 check XFAIL_TESTS="sigterm dtls-psk" tags: - shared - except: - - tags - - schedules artifacts: expire_in: 1 week when: always @@ -585,9 +528,6 @@ MinGW64/OpenSSL: - make VERBOSE=1 -j4 check XFAIL_TESTS="sigterm dtls-psk" tags: - shared - except: - - tags - - schedules artifacts: expire_in: 1 week when: always @@ -652,9 +592,6 @@ static-analyzer/GnuTLS/Fedora: tags: - shared - linux - except: - - tags - - schedules artifacts: expire_in: 1 week when: always @@ -670,9 +607,6 @@ static-analyzer/OpenSSL/Fedora: tags: - shared - linux - except: - - tags - - schedules artifacts: expire_in: 1 week when: on_failure