ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity

github: Migrate from Travis CI to Github Actions 

On travis-ci.com (travis-ci.org will be discontinued by the end of the
year) we are now charged for each minute.  We only got 10000 credits in
a trial plan, which we used up with a few builds.  Minutes also cost a
different amount of credits on different platforms: 10 on Linux,
but 50 on macOS (installing the dependencies on macOS alone took 12-15
minutes on Travis for some reason, takes about half on Github's runners).

No native Windows build yet as we have the same issue as on AppVeyor where
threading/streaming tests might get stuck.  And there is also only a
single Windows platform to test on.  Plus building/testing on Windows is
very slow (and getting ccache to work seems tricky).

The 'sw_collector' test case had to be disabled because we can't access
/usr/local/share on the Github build hosts (the process is just blocked
in readdir() and eventually times out).

Unfortunately, we can't test on different architectures anymore (in
particular ARM and the big-endian IBM Z/x390x).
This commit is contained in:
Tobias Brunner 2020-11-26 10:53:45 +01:00
parent eb4cd8e3b1
commit de401e0e89
10 changed files with 396 additions and 187 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.cirrus.yml
View File

@ -6,7 +6,7 @@ env:
LEAK_DETECTIVE: no
MONOLITHIC: no
TEST: freebsd
TRAVIS_OS_NAME: freebsd
OS_NAME: freebsd
task:
install_script: ./scripts/test.sh deps

16
.github/actions/default/action.yml vendored Normal file
View File

@ -0,0 +1,16 @@
name: "Default CI Build Steps"
runs:
using: "composite"
steps:
- name: "Install Dependencies"
run: ./scripts/test.sh deps
shell: bash
- name: "Install Python Dependencies"
run: ./scripts/test.sh deps
shell: bash
- name: "Build Dependencies"
run: ./scripts/test.sh build-deps
shell: bash
- name: "Build/Tests"
run: ./scripts/test.sh
shell: bash

43
.github/workflows/android.yml vendored Normal file
View File

@ -0,0 +1,43 @@
name: Android
on: [push, pull_request]
env:
CCACHE_BASEDIR: ${{ github.workspace }}
CCACHE_COMPRESS: true
CCACHE_MAXSIZE: 400M
CC: gcc
OS_NAME: linux
jobs:
android:
runs-on: ubuntu-latest
env:
TEST: android
# since the NDK is newly installed every time, we have to use this to avoid cache misses
CCACHE_COMPILERCHECK: content
steps:
# even though we don't specify a specific version in our gradle files, the
# build fails without this because some arbitrary NDK version, that's
# weirdly not installed, is requested
- name: Install NDK
run: yes | sudo ${ANDROID_HOME}/tools/bin/sdkmanager --install 'ndk;21.0.6113669'
- uses: actions/checkout@v2
- uses: actions/cache@v2
with:
path: ~/.ccache
key: ccache-android-${{ github.ref }}:${{ github.sha }}
restore-keys: |
ccache-android-${{ github.ref }}:
ccache-android-
- run: |
sudo apt-get install -qq ccache
echo "PATH=/usr/lib/ccache:$PATH" >> $GITHUB_ENV
ccache -z
- uses: ./.github/actions/default
- run: ccache -s
- if: ${{ success() }}
uses: actions/upload-artifact@v2
with:
name: Lint Results
path: src/frontends/android/app/build/reports/lint-results.xml

24
.github/workflows/lgtm.yml vendored Normal file
View File

@ -0,0 +1,24 @@
name: lgtm.com
on: [push]
env:
OS_NAME: linux
jobs:
lgtm:
runs-on: ubuntu-latest
env:
TEST: lgtm
steps:
- uses: actions/checkout@v2
with:
fetch-depth: 0
# we don't use github/codeql-action because we can't exclude queries there,
# so we continue to use the approach we used on Travis
- env:
LGTM_TOKEN: ${{ secrets.LGTM_TOKEN }}
BUILD_NUMBER: ${{ github.run_id }}
COMMIT_ID: ${{ github.sha }}
COMMIT_BASE: ${{ github.event.before }}
uses: ./.github/actions/default

148
.github/workflows/linux.yml vendored Normal file
View File

@ -0,0 +1,148 @@
name: Linux
on: [push, pull_request]
env:
# this test case does not actually test anything but tries to access system
# directories that might be inaccessible on build hosts
TESTS_CASES_EXCLUDE: sw_collector
TESTS_REDUCED_KEYLENGTHS: yes
CCACHE_BASEDIR: ${{ github.workspace }}
CCACHE_COMPRESS: true
CCACHE_MAXSIZE: 200M
OS_NAME: linux
jobs:
latest:
runs-on: ubuntu-latest
strategy:
matrix:
test: [ all, default, printf-builtin ]
compiler: [ gcc, clang ]
leak-detective: [ no, yes ]
monolithic: [ no, yes ]
exclude:
# leaks will show up whether we build monolithic or not
- leak-detective: yes
monolithic: yes
# monolithic builds don't affect the printf-hook implementation
- test: printf-builtin
monolithic: yes
include:
- test: apidoc
- test: coverage
- test: dist
- test: nm
- test: nm-no-glib
- test: fuzzing
compiler: clang
monolithic: yes
env:
LEAK_DETECTIVE: ${{ matrix.leak-detective || 'no' }}
MONOLITHIC: ${{ matrix.monolithic || 'no' }}
CC: ${{ matrix.compiler || 'gcc' }}
TEST: ${{ matrix.test }}
steps:
- uses: actions/checkout@v2
- uses: actions/cache@v2
with:
path: ~/.ccache
# with regards to ccache, monolithic builds don't differ from regular
# builds and, similarly, builds with leak-detective only differ in two
# files (LD itself and library.c); but different tests build different
# dependencies, so different caches are needed
key: ccache-${{ runner.os }}-${{ env.CC }}-${{ matrix.test }}-${{ github.ref }}:${{ github.sha }}
restore-keys: |
ccache-${{ runner.os }}-${{ env.CC }}-${{ matrix.test }}-${{ github.ref }}:
ccache-${{ runner.os }}-${{ env.CC }}-${{ matrix.test }}-
ccache-${{ runner.os }}-${{ env.CC }}-
- run: |
sudo apt-get install -qq ccache
echo "PATH=/usr/lib/ccache:$PATH" >> $GITHUB_ENV
ccache -z
- uses: ./.github/actions/default
- run: ccache -s
- if: ${{ success() && matrix.test == 'coverage' }}
run: bash <(curl -s https://codecov.io/bash)
- if: ${{ failure() }}
uses: actions/upload-artifact@v2
with:
name: Logs ${{ github.job }}
path: config.log
retention-days: 5
crypto-plugins:
runs-on: ubuntu-latest
strategy:
matrix:
test: [ botan, wolfssl, openssl, gcrypt ]
leak-detective: [ no, yes ]
env:
LEAK_DETECTIVE: ${{ matrix.leak-detective || 'no' }}
TEST: ${{ matrix.test }}
steps:
- uses: actions/checkout@v2
- uses: actions/cache@v2
with:
path: ~/.ccache
key: ccache-${{ runner.os }}-${{ env.CC }}-${{ matrix.test }}-${{ github.ref }}:${{ github.sha }}
restore-keys: |
ccache-${{ runner.os }}-${{ env.CC }}-${{ matrix.test }}-${{ github.ref }}:
ccache-${{ runner.os }}-${{ env.CC }}-${{ matrix.test }}-
ccache-${{ runner.os }}-${{ env.CC }}-
ccache-${{ runner.os }}-${{ env.CC }}-all-${{ github.ref }}:${{ github.sha }}
ccache-${{ runner.os }}-${{ env.CC }}-all-${{ github.ref }}:
ccache-${{ runner.os }}-${{ env.CC }}-all-
ccache-${{ runner.os }}-${{ env.CC }}-
- run: |
sudo apt-get install -qq ccache
echo "PATH=/usr/lib/ccache:$PATH" >> $GITHUB_ENV
ccache -z
- uses: ./.github/actions/default
- run: ccache -s
- if: ${{ failure() }}
uses: actions/upload-artifact@v2
with:
name: Logs ${{ github.job }}
path: config.log
retention-days: 5
xenial:
runs-on: ubuntu-16.04
strategy:
matrix:
test: [ all ]
compiler: [ gcc, clang ]
include:
- test: openssl-1.0
- test: openssl-1.0
leak-detective: yes
env:
LEAK_DETECTIVE: ${{ matrix.leak-detective || 'no' }}
CC: ${{ matrix.compiler || 'gcc' }}
TEST: ${{ matrix.test }}
UBUNTU_XENIAL: yes
# this is the default with newer versions and fixes builds with clang
CCACHE_CPP2: true
steps:
- uses: actions/checkout@v2
- uses: actions/cache@v2
with:
path: ~/.ccache
key: ccache-xenial-${{ env.CC }}-${{ matrix.test }}-${{ github.ref }}:${{ github.sha }}
restore-keys: |
ccache-xenial-${{ env.CC }}-${{ matrix.test }}-${{ github.ref }}:
ccache-xenial-${{ env.CC }}-${{ matrix.test }}-
ccache-xenial-${{ env.CC }}-
- run: |
sudo apt-get install -qq ccache
echo "PATH=/usr/lib/ccache:$PATH" >> $GITHUB_ENV
ccache -z
- uses: ./.github/actions/default
- run: ccache -s
- if: ${{ failure() }}
uses: actions/upload-artifact@v2
with:
name: Logs ${{ github.job }}
path: config.log
retention-days: 5

37
.github/workflows/macos.yml vendored Normal file
View File

@ -0,0 +1,37 @@
name: macOS
on: [push, pull_request]
env:
TESTS_REDUCED_KEYLENGTHS: yes
CCACHE_BASEDIR: ${{ github.workspace }}
CCACHE_COMPRESS: true
CCACHE_MAXSIZE: 100M
OS_NAME: macos
jobs:
macos:
runs-on: macos-latest
env:
TEST: macos
steps:
- uses: actions/checkout@v2
- uses: actions/cache@v2
with:
path: ~/Library/Caches/ccache
key: ccache-${{ runner.os }}-${{ github.ref }}:${{ github.sha }}
restore-keys: |
ccache-${{ runner.os }}-${{ github.ref }}:
ccache-${{ runner.os }}-
- run: |
brew install ccache
echo "PATH=$(brew --prefix)/opt/ccache/libexec:$PATH" >> $GITHUB_ENV
ccache -z
- uses: ./.github/actions/default
- run: ccache -s
- if: ${{ failure() }}
uses: actions/upload-artifact@v2
with:
name: Logs ${{ github.job }}
path: config.log
retention-days: 5

53
.github/workflows/sonarcloud.yml vendored Normal file
View File

@ -0,0 +1,53 @@
name: SonarCloud
on: [push]
env:
CCACHE_BASEDIR: ${{ github.workspace }}
CCACHE_COMPRESS: true
CCACHE_MAXSIZE: 200M
OS_NAME: linux
jobs:
sonarcloud:
runs-on: ubuntu-latest
env:
TEST: sonarcloud
steps:
- uses: actions/checkout@v2
with:
fetch-depth: 0
- uses: actions/cache@v2
with:
path: |
~/.ccache
~/.sonar-cache
key: ccache-sonarcloud-${{ github.ref }}:${{ github.sha }}
restore-keys: |
ccache-sonarcloud-${{ github.ref }}:
ccache-sonarcloud-
- run: |
sudo apt-get install -qq ccache
echo "PATH=/usr/lib/ccache:$PATH" >> $GITHUB_ENV
ccache -z
# using SonarSource/sonarcloud-github-action is currently not recommended
# for C builds, so we follow the "any CI" instructions
- name: Install sonar-scanner
env:
SONAR_SCANNER_VERSION: 4.4.0.2170
run: |
export SONAR_SCANNER_HOME=$HOME/.sonar/sonar-scanner-$SONAR_SCANNER_VERSION-linux
curl --create-dirs -sSLo $HOME/.sonar/sonar-scanner.zip https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-$SONAR_SCANNER_VERSION-linux.zip
unzip -o $HOME/.sonar/sonar-scanner.zip -d $HOME/.sonar/
echo "SONAR_SCANNER_OPTS=-server" >> $GITHUB_ENV
curl --create-dirs -sSLo $HOME/.sonar/build-wrapper-linux-x86.zip https://sonarcloud.io/static/cpp/build-wrapper-linux-x86.zip
unzip -o $HOME/.sonar/build-wrapper-linux-x86.zip -d $HOME/.sonar/
echo "PATH=$HOME/.sonar/build-wrapper-linux-x86:$SONAR_SCANNER_HOME/bin:$PATH" >> $GITHUB_ENV
- env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
BUILD_NUMBER: ${{ github.run_id }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
SONAR_PROJECT: ${{ secrets.SONAR_PROJECT }}
SONAR_ORGANIZATION: ${{ secrets.SONAR_ORGANIZATION }}
uses: ./.github/actions/default
- run: ccache -s

44
.github/workflows/windows.yml vendored Normal file
View File

@ -0,0 +1,44 @@
name: Windows
on: [push, pull_request]
env:
TESTS_REDUCED_KEYLENGTHS: yes
CCACHE_BASEDIR: ${{ github.workspace }}
CCACHE_COMPRESS: true
CCACHE_MAXSIZE: 200M
# since the compilers are newly installed every time, we have to use this to
# avoid cache misses
CCACHE_COMPILERCHECK: content
MONOLITHIC: yes
jobs:
cross-compile:
runs-on: ubuntu-latest
strategy:
matrix:
test: [ win64, win32 ]
env:
OS_NAME: linux
TEST: ${{ matrix.test }}
steps:
- uses: actions/checkout@v2
- uses: actions/cache@v2
with:
path: ~/.ccache
key: ccache-${{ runner.os }}-${{ matrix.test }}-${{ github.ref }}:${{ github.sha }}
restore-keys: |
ccache-${{ runner.os }}-${{ matrix.test }}-${{ github.ref }}:
ccache-${{ runner.os }}-${{ matrix.test }}-
- run: |
sudo apt-get install -qq ccache
echo "PATH=/usr/lib/ccache:$PATH" >> $GITHUB_ENV
ccache -z
- uses: ./.github/actions/default
- run: ccache -s
- if: ${{ failure() }}
uses: actions/upload-artifact@v2
with:
name: Logs ${{ github.job }}
path: config.log
retention-days: 5

145
.travis.yml
View File

@ -1,145 +0,0 @@
language: c
os: linux
dist: bionic
# don't build tags separately
if: tag IS blank
compiler: gcc
cache: ccache
before_install:
- travis_retry ./scripts/test.sh deps
- travis_retry ./scripts/test.sh pydeps
- travis_retry ./scripts/test.sh build-deps
before_script:
- sudo sysctl -w net.ipv6.conf.all.disable_ipv6=0 || true
script:
- ./scripts/test.sh
after_success:
if [ "$TEST" == "coverage" ]; then
bash <(curl -s https://codecov.io/bash);
fi
after_failure:
- cat config.log
- sleep 1
env:
global:
- TESTS_REDUCED_KEYLENGTHS=yes
- LEAK_DETECTIVE=no
- MONOLITHIC=no
jobs:
include:
- env: TEST=sonarcloud
if: |
type = push AND env(SONAR_TOKEN) IS present AND \
env(SONAR_PROJECT) IS present AND \
env(SONAR_ORGANIZATION) IS present
git:
depth: false
cache:
directories:
- $HOME/.sonar-cache
addons:
sonarcloud: true
- env: TEST=lgtm
if: type = push AND env(LGTM_TOKEN) IS present
git:
depth: false
- env: TEST=osx
compiler: clang
os: osx
- env: TEST=android
install:
# see https://developer.android.com/studio#command-tools
- export ANDROID_TOOLS=commandlinetools-linux-6200805_latest.zip
- export ANDROID_HOME=$HOME/android-sdk
- wget -nv https://dl.google.com/android/repository/$ANDROID_TOOLS
- unzip -q $ANDROID_TOOLS -d $ANDROID_HOME && rm $ANDROID_TOOLS
- export PATH=$PATH:$ANDROID_HOME/tools/bin
# sdkmanager only works with Java 8
- export JAVA_HOME=/usr/lib/jvm/java-8-openjdk-amd64
- yes | sdkmanager --sdk_root=$ANDROID_HOME --licenses >/dev/null
- yes | sdkmanager --sdk_root=$ANDROID_HOME --install 'ndk;20.0.5594570'
- mkdir -p $HOME/.gradle
- echo "org.gradle.daemon=false" >> $HOME/.gradle/gradle.properties
- echo "org.gradle.console=plain" >> $HOME/.gradle/gradle.properties
# since the NDK is newly installed everytime, we have to use this to avoid cache misses
- export CCACHE_COMPILERCHECK=content
after_success:
- cat src/frontends/android/app/build/reports/lint-results.xml
before_cache:
- rm -f $HOME/.gradle/caches/modules-2/modules-2.lock
- rm -fr $HOME/.gradle/caches/*/plugin-resolution/
cache:
ccache: true
directories:
- $HOME/.gradle/caches/
- $HOME/.gradle/wrapper/
- $HOME/.android/build-cache
- env: TEST=all
- env: TEST=all
compiler: clang
- env: TEST=all
arch: arm64
- env: TEST=all
arch: ppc64le
- env: TEST=all
arch: s390x
- env: TEST=all UBUNTU_XENIAL=yes
dist: xenial
- env: TEST=all UBUNTU_XENIAL=yes
dist: xenial
compiler: clang
- env: TEST=all MONOLITHIC=yes
- env: TEST=all MONOLITHIC=yes
compiler: clang
- env: TEST=all LEAK_DETECTIVE=yes
- env: TEST=all LEAK_DETECTIVE=yes
compiler: clang
- env: TEST=coverage
- env: TEST=fuzzing MONOLITHIC=yes
compiler: clang
- env: TEST=win64 MONOLITHIC=yes
- env: TEST=win32 MONOLITHIC=yes
- env: TEST=dist
# "default" with GCC is already tested with "dist" above
- env: TEST=default
compiler: clang
- env: TEST=default MONOLITHIC=yes
- env: TEST=default MONOLITHIC=yes
compiler: clang
- env: TEST=default LEAK_DETECTIVE=yes
- env: TEST=default LEAK_DETECTIVE=yes
compiler: clang
# we can't test Vstr as negative int args are not properly passed to CBs
- env: TEST=printf-builtin
- env: TEST=printf-builtin
compiler: clang
- env: TEST=printf-builtin LEAK_DETECTIVE=yes
- env: TEST=printf-builtin LEAK_DETECTIVE=yes
compiler: clang
- env: TEST=nm
- env: TEST=nm-no-glib
# the crypto plugins are build-tested with clang via "all" above
- env: TEST=botan
- env: TEST=botan LEAK_DETECTIVE=yes
- env: TEST=wolfssl
- env: TEST=wolfssl LEAK_DETECTIVE=yes
- env: TEST=openssl
- env: TEST=openssl LEAK_DETECTIVE=yes
- env: TEST=openssl-1.0 UBUNTU_XENIAL=yes
dist: xenial
- env: TEST=openssl-1.0 LEAK_DETECTIVE=yes UBUNTU_XENIAL=yes
dist: xenial
- env: TEST=gcrypt
- env: TEST=gcrypt LEAK_DETECTIVE=yes
- env: TEST=apidoc

71
scripts/test.sh
View File

@ -1,5 +1,5 @@
#!/bin/sh
# Build script for Travis CI
# Build script for CI
build_botan()
{
@ -88,8 +88,8 @@ build_tss2()
cd -
}
: ${TRAVIS_BUILD_DIR=$PWD}
: ${DEPS_BUILD_DIR=$TRAVIS_BUILD_DIR/..}
: ${BUILD_DIR=$PWD}
: ${DEPS_BUILD_DIR=$BUILD_DIR/..}
: ${DEPS_PREFIX=/usr/local}
TARGET=check
@ -140,26 +140,25 @@ all|coverage|sonarcloud)
--disable-osx-attr --disable-tkm --disable-uci
--disable-unwind-backtraces
--disable-svc --disable-dbghelp-backtraces --disable-socket-win
--disable-kernel-wfp --disable-kernel-iph --disable-winhttp"
--disable-kernel-wfp --disable-kernel-iph --disable-winhttp
--disable-python-eggs-install"
# not enabled on the build server
CONFIG="$CONFIG --disable-af-alg"
if test "$TRAVIS_CPU_ARCH" != "amd64"; then
CONFIG="$CONFIG --disable-aesni --disable-rdrand"
fi
if test "$TEST" != "coverage"; then
CONFIG="$CONFIG --disable-coverage"
else
# not actually required but configure checks for it
DEPS="$DEPS lcov"
fi
# Botan requires GCC 5.0, so disable it on Ubuntu 16.04
# Botan requires newer compilers, so disable it on Ubuntu 16.04
if test -n "$UBUNTU_XENIAL"; then
CONFIG="$CONFIG --disable-botan"
fi
DEPS="$DEPS libcurl4-gnutls-dev libsoup2.4-dev libunbound-dev libldns-dev
libmysqlclient-dev libsqlite3-dev clearsilver-dev libfcgi-dev
libpcsclite-dev libpam0g-dev binutils-dev libnm-dev libgcrypt20-dev
libjson-c-dev iptables-dev python-pip libtspi-dev libsystemd-dev"
libldap2-dev libpcsclite-dev libpam0g-dev binutils-dev libnm-dev
libgcrypt20-dev libjson-c-dev iptables-dev python-pip libtspi-dev
libsystemd-dev"
PYDEPS="tox"
if test "$1" = "build-deps"; then
if test -z "$UBUNTU_XENIAL"; then
@ -183,7 +182,6 @@ win*)
# no make check for Windows binaries unless we run on a windows host
if test "$APPVEYOR" != "True"; then
TARGET=
CCACHE=ccache
else
CONFIG="$CONFIG --enable-openssl"
CFLAGS="$CFLAGS -I/c/OpenSSL-$TEST/include"
@ -196,24 +194,23 @@ win*)
win64)
CONFIG="--host=x86_64-w64-mingw32 $CONFIG --enable-dbghelp-backtraces"
DEPS="gcc-mingw-w64-x86-64 binutils-mingw-w64-x86-64 mingw-w64-x86-64-dev $DEPS"
CC="$CCACHE x86_64-w64-mingw32-gcc"
CC="x86_64-w64-mingw32-gcc"
;;
win32)
CONFIG="--host=i686-w64-mingw32 $CONFIG"
DEPS="gcc-mingw-w64-i686 binutils-mingw-w64-i686 mingw-w64-i686-dev $DEPS"
CC="$CCACHE i686-w64-mingw32-gcc"
CC="i686-w64-mingw32-gcc"
;;
esac
;;
android)
DEPS="$DEPS openjdk-8-jdk"
if test "$1" = "deps"; then
git clone git://git.strongswan.org/android-ndk-boringssl.git -b ndk-static \
src/frontends/android/app/src/main/jni/openssl
fi
TARGET=distdir
;;
osx)
macos)
# this causes a false positive in ip-packet.c since Xcode 8.3
CFLAGS="$CFLAGS -Wno-address-of-packed-member"
# use the same options as in the Homebrew Formula
@ -227,7 +224,7 @@ osx)
--enable-scepclient --enable-socket-default --enable-sshkey
--enable-stroke --enable-swanctl --enable-unity --enable-updown
--enable-x509 --enable-xauth-generic"
DEPS="bison gettext openssl curl"
DEPS="automake autoconf libtool bison gettext openssl curl"
BREW_PREFIX=$(brew --prefix)
export PATH=$BREW_PREFIX/opt/bison/bin:$PATH
export ACLOCAL_PATH=$BREW_PREFIX/opt/gettext/share/aclocal:$ACLOCAL_PATH
@ -271,7 +268,7 @@ fuzzing)
if test -z "$1"; then
if test -z "$FUZZING_CORPORA"; then
git clone --depth 1 https://github.com/strongswan/fuzzing-corpora.git fuzzing-corpora
export FUZZING_CORPORA=$TRAVIS_BUILD_DIR/fuzzing-corpora
export FUZZING_CORPORA=$BUILD_DIR/fuzzing-corpora
fi
# these are about the same as those on OSS-Fuzz (except for the
# symbolize options and strip_path_prefix)
@ -306,26 +303,22 @@ lgtm)
DEPS="jq"
if test -z "$1"; then
# fall back to the parent of the latest commit (on new branches we might
# not have a range, also on duplicate branches)
base="${TRAVIS_COMMIT}^"
if test -n "$TRAVIS_COMMIT_RANGE"; then
base="${TRAVIS_COMMIT_RANGE%...*}"
# after rebases, the first commit ID in the range might not be valid
git rev-parse -q --verify $base
if [ $? != 0 ]; then
# this will always compare against master, while the range
# otherwise only contains "new" commits
base=$(git merge-base origin/master ${TRAVIS_COMMIT})
fi
base=$COMMIT_BASE
# after rebases or for new/duplicate branches, the passed base commit
# ID might not be valid
git rev-parse -q --verify $base^{commit}
if [ $? != 0 ]; then
# this will always compare against master, while via base we
# otherwise only contains "new" commits
base=$(git merge-base origin/master ${COMMIT_ID})
fi
base=$(git rev-parse $base)
project_id=1506185006272
echo "Starting code review for $TRAVIS_COMMIT (base $base) on lgtm.com"
echo "Starting code review for $COMMIT_ID (base $base) on lgtm.com"
git diff --binary $base > lgtm.patch || exit $?
curl -s -X POST --data-binary @lgtm.patch \
"https://lgtm.com/api/v1.0/codereviews/${project_id}?base=${base}&external-id=${TRAVIS_BUILD_NUMBER}" \
"https://lgtm.com/api/v1.0/codereviews/${project_id}?base=${base}&external-id=${BUILD_NUMBER}" \
-H 'Content-Type: application/octet-stream' \
-H 'Accept: application/json' \
-H "Authorization: Bearer ${LGTM_TOKEN}" > lgtm.res || exit $?
@ -373,12 +366,12 @@ esac
case "$1" in
deps)
case "$TRAVIS_OS_NAME" in
case "$OS_NAME" in
linux)
sudo apt-get update -qq && \
sudo apt-get install -qq bison flex gperf gettext $DEPS
;;
osx)
macos)
brew update && \
brew install $DEPS
;;
@ -423,12 +416,6 @@ esac
echo "$ make $TARGET"
case "$TEST" in
sonarcloud)
# there is an issue with the platform detection that causes sonarqube to
# fail on bionic with "ERROR: ld.so: object '...libinterceptor-${PLATFORM}.so'
# from LD_PRELOAD cannot be preloaded (cannot open shared object file)"
# https://jira.sonarsource.com/browse/CPP-2027
BW_PATH=$(dirname $(which build-wrapper-linux-x86-64))
cp $BW_PATH/libinterceptor-x86_64.so $BW_PATH/libinterceptor-haswell.so
# without target, coverage is currently not supported anyway because
# sonarqube only supports gcov, not lcov
build-wrapper-linux-x86-64 --out-dir bw-output make -j4 || exit $?
@ -448,9 +435,11 @@ apidoc)
;;
sonarcloud)
sonar-scanner \
-Dsonar.host.url=https://sonarcloud.io \
-Dsonar.projectKey=${SONAR_PROJECT} \
-Dsonar.organization=${SONAR_ORGANIZATION} \
-Dsonar.projectVersion=$(git describe)+${TRAVIS_BUILD_NUMBER} \
-Dsonar.login=${SONAR_TOKEN} \
-Dsonar.projectVersion=$(git describe)+${BUILD_NUMBER} \
-Dsonar.sources=. \
-Dsonar.cfamily.threads=2 \
-Dsonar.cfamily.cache.enabled=true \
@ -462,7 +451,7 @@ android)
rm -r strongswan-*
cd src/frontends/android
echo "$ ./gradlew build"
NDK_CCACHE=ccache ./gradlew build
NDK_CCACHE=ccache ./gradlew build || exit $?
;;
*)
;;