| include: |
| - template: Code-Quality.gitlab-ci.yml |
| - template: License-Scanning.gitlab-ci.yml |
| - template: SAST.gitlab-ci.yml |
| |
| image: registry.gitlab.com/buildstream/buildstream-docker-images/testsuite-debian:10-${DOCKER_IMAGE_VERSION} |
| |
| cache: |
| key: "$CI_JOB_NAME-" |
| paths: |
| - cache/ |
| |
| stages: |
| - test |
| - post |
| - publish |
| |
| variables: |
| # SAST related variables |
| SAST_DEFAULT_ANALYZERS: "bandit, secrets" |
| SAST_DISABLE_DIND: "true" |
| SAST_GOSEC_LEVEL: 2 |
| CI_PROJECT_REPOSITORY_LANGUAGES: "python" |
| |
| # Our own variables |
| # Version of the docker images we should use for all the images. |
| # This is taken from buildstream/buildstream-docker-images |
| DOCKER_IMAGE_VERSION: master-154893333 |
| PYTEST_ADDOPTS: "--color=yes" |
| INTEGRATION_CACHE: "${CI_PROJECT_DIR}/cache/integration-cache" |
| PYTEST_ARGS: "--color=yes --integration -n 2" |
| TEST_COMMAND: "tox -- ${PYTEST_ARGS}" |
| TOXENV: py36, py37, py38, py36-plugins, py37-plugins, py38-plugins |
| COVERAGE_PREFIX: "${CI_JOB_NAME}." |
| |
| |
| ##################################################### |
| # Test stage # |
| ##################################################### |
| |
| # Run premerge commits |
| # |
| .tests-template: &tests |
| stage: test |
| |
| before_script: |
| # Diagnostics |
| - mount |
| - df -h |
| - tox --version |
| |
| script: |
| - mkdir -p "${INTEGRATION_CACHE}" |
| - useradd -Um buildstream |
| - chown -R buildstream:buildstream . |
| |
| # Run the tests as a simple user to test for permission issues |
| - su buildstream -c "${TEST_COMMAND}" |
| |
| after_script: |
| except: |
| - schedules |
| artifacts: |
| paths: |
| - .coverage-reports |
| |
| tests-debian-10: |
| image: registry.gitlab.com/buildstream/buildstream-docker-images/testsuite-debian:10-${DOCKER_IMAGE_VERSION} |
| <<: *tests |
| |
| tests-fedora-30: |
| image: registry.gitlab.com/buildstream/buildstream-docker-images/testsuite-fedora:30-${DOCKER_IMAGE_VERSION} |
| <<: *tests |
| |
| tests-fedora-31: |
| image: registry.gitlab.com/buildstream/buildstream-docker-images/testsuite-fedora:31-${DOCKER_IMAGE_VERSION} |
| <<: *tests |
| |
| tests-ubuntu-18.04: |
| image: registry.gitlab.com/buildstream/buildstream-docker-images/testsuite-ubuntu:18.04-${DOCKER_IMAGE_VERSION} |
| <<: *tests |
| |
| tests-centos-7.7: |
| <<: *tests |
| image: registry.gitlab.com/buildstream/buildstream-docker-images/testsuite-centos:7.7.1908-${DOCKER_IMAGE_VERSION} |
| |
| tests-python-3.8-buster: |
| image: registry.gitlab.com/buildstream/buildstream-docker-images/testsuite-python:3.8-buster-${DOCKER_IMAGE_VERSION} |
| <<: *tests |
| variables: |
| # This particular testsuite image has both Python 3.7 and Python 3.8 so we |
| # need to explicitly force the 3.8 environment. |
| # Once Python 3.8 is available in distros, we should switch to such an |
| |
| # Our testsuite has issues with coverage on Python 3.8 so disable coverage |
| # in the meantime. For more details, see |
| # https://gitlab.com/BuildStream/buildstream/issues/1173. |
| TOXENV: py38-nocover,py38-plugins-nocover |
| |
| # Test the master version of some external plugins |
| tests-plugins-master: |
| <<: *tests |
| allow_failure: true |
| |
| variables: |
| BST_PLUGINS_EXPERIMENTAL_VERSION: master |
| |
| overnight-fedora-30-aarch64: |
| image: registry.gitlab.com/buildstream/buildstream-docker-images/testsuite-fedora:aarch64-30-${DOCKER_IMAGE_VERSION} |
| tags: |
| - aarch64 |
| <<: *tests |
| # We need to override the exclusion from the template |
| # in order to run on schedules |
| except: [] |
| only: |
| - schedules |
| |
| tests-userchroot: |
| image: registry.gitlab.com/buildstream/buildstream-docker-images/testsuite-fedora:31-${DOCKER_IMAGE_VERSION} |
| <<: *tests |
| variables: |
| BST_CAS_STAGING_ROOT: "/builds/userchroot" |
| |
| script: |
| - mkdir -p "${INTEGRATION_CACHE}" |
| - useradd -Um buildstream |
| |
| # Use buildbox-run-userchroot and hardlinking |
| - ln -svf buildbox-run-userchroot /usr/local/bin/buildbox-run |
| - rm -vf /usr/local/bin/buildbox-fuse |
| |
| # When using userchroot, buildbox-casd must run as a separate user |
| - useradd -g buildstream buildbox-casd |
| - chown buildbox-casd:buildstream /usr/local/bin/buildbox-casd |
| - chmod u+s /usr/local/bin/buildbox-casd |
| |
| # Set up staging root with permissions required by userchroot, |
| # must be on same filesystem as current directory to support hardlinks |
| - mkdir -p "${BST_CAS_STAGING_ROOT}" |
| - chown -R buildbox-casd:buildstream "${BST_CAS_STAGING_ROOT}" |
| # userchroot doesn't allow group/world-writable base directory |
| - chmod go-w /builds |
| - echo buildbox-casd:${BST_CAS_STAGING_ROOT} > /etc/userchroot.conf |
| |
| - chown -R buildstream:buildstream . |
| |
| # Run the tests as a simple user to test for permission issues |
| - su buildstream -c "umask 002 && ${TEST_COMMAND}" |
| |
| tests-fedora-missing-deps: |
| # Ensure that tests behave nicely while missing bwrap and ostree |
| image: registry.gitlab.com/buildstream/buildstream-docker-images/testsuite-fedora:31-${DOCKER_IMAGE_VERSION} |
| <<: *tests |
| |
| script: |
| # We remove the Bubblewrap and OSTree packages here so that we catch any |
| # codepaths that try to use them. Removing OSTree causes fuse-libs to |
| # disappear unless we mark it as user-installed. |
| - dnf mark install fuse-libs systemd-udev |
| - dnf erase -y bubblewrap ostree |
| |
| - useradd -Um buildstream |
| - chown -R buildstream:buildstream . |
| |
| - ${TEST_COMMAND} |
| - ${PLUGINS_TESTS_COMMAND} |
| |
| |
| tests-fedora-update-deps: |
| # Check if the tests pass after updating requirements to their latest |
| # allowed version. |
| allow_failure: true |
| image: registry.gitlab.com/buildstream/buildstream-docker-images/testsuite-fedora:31-${DOCKER_IMAGE_VERSION} |
| <<: *tests |
| |
| script: |
| - useradd -Um buildstream |
| - chown -R buildstream:buildstream . |
| |
| - make --always-make --directory requirements |
| - cat requirements/*.txt |
| |
| - su buildstream -c "${TEST_COMMAND}" |
| - su buildstream -c "${PLUGINS_TESTS_COMMAND}" |
| |
| tests-remote-execution: |
| allow_failure: true |
| image: registry.gitlab.com/buildstream/buildstream-docker-images/testsuite-fedora:31-${DOCKER_IMAGE_VERSION} |
| <<: *tests |
| before_script: |
| - dnf install -y docker docker-compose |
| - docker-compose --file ${COMPOSE_MANIFEST} up --detach |
| after_script: |
| - docker-compose --file ${COMPOSE_MANIFEST} stop |
| - docker-compose --file ${COMPOSE_MANIFEST} logs |
| - docker-compose --file ${COMPOSE_MANIFEST} down |
| services: |
| - docker:stable-dind |
| variables: |
| DOCKER_HOST: tcp://docker:2375 |
| DOCKER_DRIVER: overlay2 |
| # Required to be able to connect to the docker daemon. See https://gitlab.com/gitlab-org/gitlab-runner/issues/4501 |
| DOCKER_TLS_CERTDIR: "" |
| COMPOSE_MANIFEST: .gitlab-ci/buildgrid-compose.yml |
| ARTIFACT_CACHE_SERVICE: http://docker:50052 |
| REMOTE_EXECUTION_SERVICE: http://docker:50051 |
| SOURCE_CACHE_SERVICE: http://docker:50052 |
| PYTEST_ARGS: "--color=yes --remote-execution" |
| |
| tests-spawn-multiprocessing-start-method: |
| image: registry.gitlab.com/buildstream/buildstream-docker-images/testsuite-fedora:31-${DOCKER_IMAGE_VERSION} |
| <<: *tests |
| variables: |
| BST_FORCE_START_METHOD: "spawn" |
| script: |
| # FIXME: Until all the tests pass as normal, override which tests will run here. |
| - mkdir -p "${INTEGRATION_CACHE}" |
| - useradd -Um buildstream |
| - chown -R buildstream:buildstream . |
| - su buildstream -c "tox -- ${PYTEST_ARGS} tests/{artifactcache,cachekey,elements,format,frontend,internals,plugins,sourcecache}" |
| |
| tests-no-usedevelop: |
| # Ensure that tests also pass without `--develop` flag. |
| image: registry.gitlab.com/buildstream/buildstream-docker-images/testsuite-fedora:31-${DOCKER_IMAGE_VERSION} |
| <<: *tests |
| variables: |
| TOXENV: py36-nocover,py37-nocover,py38-nocover |
| |
| |
| # Run type checkers |
| mypy: |
| stage: test |
| |
| script: |
| - tox -e mypy |
| except: |
| - schedules |
| |
| # Lint separately from testing |
| lint: |
| image: registry.gitlab.com/buildstream/buildstream-docker-images/testsuite-fedora:31-${DOCKER_IMAGE_VERSION} |
| stage: test |
| |
| before_script: |
| # Diagnostics |
| - python3 --version |
| |
| script: |
| - tox -e format-check,lint |
| except: |
| - schedules |
| |
| # Catch regressions in native windows support |
| tests-win32-master: |
| stage: test |
| variables: |
| LC_ALL: C.UTF-8 |
| LANG: C.UTF-8 |
| tags: |
| - win32 |
| script: |
| - tox -e win32 |
| only: |
| - master |
| except: |
| - schedules |
| |
| # Optional test to catch regressions in native windows support on non-master branches |
| tests-win32-non-master: |
| stage: test |
| variables: |
| LC_ALL: C.UTF-8 |
| LANG: C.UTF-8 |
| tags: |
| - win32 |
| script: |
| - tox -e win32 |
| except: |
| - master |
| when: manual |
| |
| tests-wsl-master: |
| stage: test |
| variables: |
| LC_ALL: C.UTF-8 |
| LANG: C.UTF-8 |
| tags: |
| - wsl |
| before_script: |
| - mount |
| - df -h |
| - PATH=/root/.local/bin:$PATH tox --version |
| script: |
| # Install static buildbox binaries |
| - wget https://buildbox-casd-binaries.nyc3.cdn.digitaloceanspaces.com/buildbox-x86_64-linux-0.0.9-983edf11.tar.xz |
| - tar -C /root/.local/bin -xf buildbox-x86_64-linux-0.0.9-983edf11.tar.xz |
| |
| - PATH=/root/.local/bin:$PATH ${TEST_COMMAND} |
| only: |
| - master |
| except: |
| - schedules |
| |
| tests-wsl-non-master: |
| stage: test |
| variables: |
| LC_ALL: C.UTF-8 |
| LANG: C.UTF-8 |
| tags: |
| - wsl |
| before_script: |
| - mount |
| - df -h |
| - PATH=/root/.local/bin:$PATH tox --version |
| script: |
| # Install static buildbox binaries |
| - wget https://buildbox-casd-binaries.nyc3.cdn.digitaloceanspaces.com/buildbox-x86_64-linux-0.0.9-983edf11.tar.xz |
| - tar -C /root/.local/bin -xf buildbox-x86_64-linux-0.0.9-983edf11.tar.xz |
| |
| - PATH=/root/.local/bin:$PATH ${TEST_COMMAND} |
| when: manual |
| except: |
| - master |
| |
| # Automatically build documentation for every commit, we want to know |
| # if building documentation fails even if we're not deploying it. |
| docs: |
| stage: test |
| variables: |
| BST_FORCE_SESSION_REBUILD: 1 |
| script: |
| - env BST_SOURCE_CACHE="$(pwd)/cache/integration-cache/sources" tox -e docs |
| - mv doc/build/html public |
| except: |
| - schedules |
| artifacts: |
| paths: |
| - public/ |
| |
| .overnight-tests: &overnight-tests-template |
| stage: test |
| image: registry.gitlab.com/buildstream/buildstream-docker-images/testsuite-fedora:31-${DOCKER_IMAGE_VERSION} |
| variables: |
| FD_SDK_REF: valentindavid/bst2 |
| BST_EXT_REF: 1.93.3 |
| before_script: |
| - | |
| mkdir -p "${HOME}/.config" |
| cat <<EOF >"${HOME}/.config/buildstream.conf" |
| scheduler: |
| fetchers: 2 |
| EOF |
| - dnf install -y ostree python3-gobject-base |
| # Install pinned BuildStream dependencies, BuildStream from the local repository |
| # and bst-plugins-expeirmental from its repository |
| - | |
| pip3 install \ |
| -r requirements/requirements.txt . \ |
| git+https://gitlab.com/buildstream/bst-plugins-experimental.git@${BST_EXT_REF}#egg=bst_plugins_experimental[cargo] \ |
| . |
| - git clone https://gitlab.com/freedesktop-sdk/freedesktop-sdk.git |
| - git -C freedesktop-sdk checkout ${FD_SDK_REF} |
| artifacts: |
| paths: |
| - "${HOME}/.cache/buildstream/logs" |
| only: |
| - schedules |
| |
| overnight-tests: |
| <<: *overnight-tests-template |
| script: |
| - make -C freedesktop-sdk |
| tags: |
| - overnight-tests |
| |
| overnight-tests-no-cache: |
| <<: *overnight-tests-template |
| script: |
| - sed -i '/artifacts:/,+1 d' freedesktop-sdk/project.conf |
| - make -C freedesktop-sdk |
| tags: |
| - overnight-tests |
| |
| # These tests might be a bit more flaky since they randomize the order |
| # They will also take longer to run. Hence run them only nightly |
| overnight-randomized: |
| image: registry.gitlab.com/buildstream/buildstream-docker-images/testsuite-fedora:31-master-97748867 |
| <<: *tests |
| |
| script: |
| - mkdir -p "${INTEGRATION_CACHE}" |
| - useradd -Um buildstream |
| - chown -R buildstream:buildstream . |
| |
| # Don't run tests multiprocessed here, the randomized order doesn't like that |
| - su buildstream -c "tox -e py36-randomized,py37-randomized,py38-randomized -- --color=yes --integration" |
| - su buildstream -c "tox -e py36-randomized-external,py37-randomized-external,py38-randomized-external -- --color=yes --integration" |
| |
| # We need to override the exclusion from the template in order to run on schedules |
| except: [] |
| only: |
| - schedules |
| |
| ##################################################### |
| # Post stage # |
| ##################################################### |
| |
| analysis: |
| stage: post |
| script: |
| - | |
| pip3 install radon |
| mkdir analysis |
| |
| - | |
| echo "Calculating Maintainability Index" |
| radon mi -s -j src/buildstream > analysis/mi.json |
| radon mi -s src/buildstream |
| |
| - | |
| echo "Calculating Cyclomatic Complexity" |
| radon cc -a -s -j src/buildstream > analysis/cc.json |
| radon cc -a -s src/buildstream |
| |
| - | |
| echo "Calculating Raw Metrics" |
| radon raw -s -j src/buildstream > analysis/raw.json |
| radon raw -s src/buildstream |
| |
| except: |
| - schedules |
| artifacts: |
| paths: |
| - analysis/ |
| |
| # Collate coverage reports |
| # |
| coverage: |
| stage: post |
| coverage: '/TOTAL +\d+ +\d+ +(\d+\.\d+)%/' |
| script: |
| - cp -a .coverage-reports/ ./coverage-sources |
| - tox -e coverage |
| - cp -a .coverage-reports/ ./coverage-report |
| dependencies: |
| - tests-centos-7.7 |
| - tests-debian-10 |
| - tests-fedora-30 |
| - tests-fedora-31 |
| - tests-fedora-missing-deps |
| - tests-fedora-update-deps |
| - tests-remote-execution |
| - tests-ubuntu-18.04 |
| - tests-userchroot |
| except: |
| - schedules |
| artifacts: |
| paths: |
| - coverage-sources/ |
| - coverage-report/ |
| |
| # Deploy, only for merges which land on master branch. |
| # |
| pages: |
| stage: publish |
| dependencies: |
| - coverage |
| - docs |
| variables: |
| ACME_DIR: public/.well-known/acme-challenge |
| COVERAGE_DIR: public/coverage |
| script: |
| - mkdir -p ${ACME_DIR} |
| # Required to finish the creation of the Let's Encrypt certificate, |
| # which allows using https://docs.buildstream.build/ for accessing |
| # the documentation. |
| - echo ${ACME_CHALLENGE} > ${ACME_DIR}/$(echo ${ACME_CHALLENGE} | cut -c1-43) |
| - mkdir -p ${COVERAGE_DIR} |
| - cp -a ./coverage-report/ ${COVERAGE_DIR} |
| artifacts: |
| paths: |
| - public/ |
| only: |
| # |
| # FIXME: |
| # |
| # Ideally we want to publish to a different subdir of |
| # pages depending on which stable branch we are building here, |
| # not currently automatically supported but can be worked around. |
| # |
| # See https://gitlab.com/gitlab-org/gitlab-ce/issues/35141 |
| # |
| - master |
| except: |
| - schedules |