github: Migrate from Travis CI to Github Actions
On travis-ci.com (travis-ci.org will be discontinued by the end of the year) we are now charged for each minute. We only got 10000 credits in a trial plan, which we used up with a few builds. Minutes also cost a different amount of credits on different platforms: 10 on Linux, but 50 on macOS (installing the dependencies on macOS alone took 12-15 minutes on Travis for some reason, takes about half on Github's runners). No native Windows build yet as we have the same issue as on AppVeyor where threading/streaming tests might get stuck. And there is also only a single Windows platform to test on. Plus building/testing on Windows is very slow (and getting ccache to work seems tricky). The 'sw_collector' test case had to be disabled because we can't access /usr/local/share on the Github build hosts (the process is just blocked in readdir() and eventually times out). Unfortunately, we can't test on different architectures anymore (in particular ARM and the big-endian IBM Z/x390x).
This commit is contained in:
parent
eb4cd8e3b1
commit
de401e0e89
|
@ -6,7 +6,7 @@ env:
|
|||
LEAK_DETECTIVE: no
|
||||
MONOLITHIC: no
|
||||
TEST: freebsd
|
||||
TRAVIS_OS_NAME: freebsd
|
||||
OS_NAME: freebsd
|
||||
|
||||
task:
|
||||
install_script: ./scripts/test.sh deps
|
||||
|
|
|
@ -0,0 +1,16 @@
|
|||
name: "Default CI Build Steps"
|
||||
runs:
|
||||
using: "composite"
|
||||
steps:
|
||||
- name: "Install Dependencies"
|
||||
run: ./scripts/test.sh deps
|
||||
shell: bash
|
||||
- name: "Install Python Dependencies"
|
||||
run: ./scripts/test.sh deps
|
||||
shell: bash
|
||||
- name: "Build Dependencies"
|
||||
run: ./scripts/test.sh build-deps
|
||||
shell: bash
|
||||
- name: "Build/Tests"
|
||||
run: ./scripts/test.sh
|
||||
shell: bash
|
|
@ -0,0 +1,43 @@
|
|||
name: Android
|
||||
|
||||
on: [push, pull_request]
|
||||
|
||||
env:
|
||||
CCACHE_BASEDIR: ${{ github.workspace }}
|
||||
CCACHE_COMPRESS: true
|
||||
CCACHE_MAXSIZE: 400M
|
||||
CC: gcc
|
||||
OS_NAME: linux
|
||||
|
||||
jobs:
|
||||
android:
|
||||
runs-on: ubuntu-latest
|
||||
env:
|
||||
TEST: android
|
||||
# since the NDK is newly installed every time, we have to use this to avoid cache misses
|
||||
CCACHE_COMPILERCHECK: content
|
||||
steps:
|
||||
# even though we don't specify a specific version in our gradle files, the
|
||||
# build fails without this because some arbitrary NDK version, that's
|
||||
# weirdly not installed, is requested
|
||||
- name: Install NDK
|
||||
run: yes | sudo ${ANDROID_HOME}/tools/bin/sdkmanager --install 'ndk;21.0.6113669'
|
||||
- uses: actions/checkout@v2
|
||||
- uses: actions/cache@v2
|
||||
with:
|
||||
path: ~/.ccache
|
||||
key: ccache-android-${{ github.ref }}:${{ github.sha }}
|
||||
restore-keys: |
|
||||
ccache-android-${{ github.ref }}:
|
||||
ccache-android-
|
||||
- run: |
|
||||
sudo apt-get install -qq ccache
|
||||
echo "PATH=/usr/lib/ccache:$PATH" >> $GITHUB_ENV
|
||||
ccache -z
|
||||
- uses: ./.github/actions/default
|
||||
- run: ccache -s
|
||||
- if: ${{ success() }}
|
||||
uses: actions/upload-artifact@v2
|
||||
with:
|
||||
name: Lint Results
|
||||
path: src/frontends/android/app/build/reports/lint-results.xml
|
|
@ -0,0 +1,24 @@
|
|||
name: lgtm.com
|
||||
|
||||
on: [push]
|
||||
|
||||
env:
|
||||
OS_NAME: linux
|
||||
|
||||
jobs:
|
||||
lgtm:
|
||||
runs-on: ubuntu-latest
|
||||
env:
|
||||
TEST: lgtm
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
with:
|
||||
fetch-depth: 0
|
||||
# we don't use github/codeql-action because we can't exclude queries there,
|
||||
# so we continue to use the approach we used on Travis
|
||||
- env:
|
||||
LGTM_TOKEN: ${{ secrets.LGTM_TOKEN }}
|
||||
BUILD_NUMBER: ${{ github.run_id }}
|
||||
COMMIT_ID: ${{ github.sha }}
|
||||
COMMIT_BASE: ${{ github.event.before }}
|
||||
uses: ./.github/actions/default
|
|
@ -0,0 +1,148 @@
|
|||
name: Linux
|
||||
|
||||
on: [push, pull_request]
|
||||
|
||||
env:
|
||||
# this test case does not actually test anything but tries to access system
|
||||
# directories that might be inaccessible on build hosts
|
||||
TESTS_CASES_EXCLUDE: sw_collector
|
||||
TESTS_REDUCED_KEYLENGTHS: yes
|
||||
CCACHE_BASEDIR: ${{ github.workspace }}
|
||||
CCACHE_COMPRESS: true
|
||||
CCACHE_MAXSIZE: 200M
|
||||
OS_NAME: linux
|
||||
|
||||
jobs:
|
||||
latest:
|
||||
runs-on: ubuntu-latest
|
||||
strategy:
|
||||
matrix:
|
||||
test: [ all, default, printf-builtin ]
|
||||
compiler: [ gcc, clang ]
|
||||
leak-detective: [ no, yes ]
|
||||
monolithic: [ no, yes ]
|
||||
exclude:
|
||||
# leaks will show up whether we build monolithic or not
|
||||
- leak-detective: yes
|
||||
monolithic: yes
|
||||
# monolithic builds don't affect the printf-hook implementation
|
||||
- test: printf-builtin
|
||||
monolithic: yes
|
||||
include:
|
||||
- test: apidoc
|
||||
- test: coverage
|
||||
- test: dist
|
||||
- test: nm
|
||||
- test: nm-no-glib
|
||||
- test: fuzzing
|
||||
compiler: clang
|
||||
monolithic: yes
|
||||
env:
|
||||
LEAK_DETECTIVE: ${{ matrix.leak-detective || 'no' }}
|
||||
MONOLITHIC: ${{ matrix.monolithic || 'no' }}
|
||||
CC: ${{ matrix.compiler || 'gcc' }}
|
||||
TEST: ${{ matrix.test }}
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
- uses: actions/cache@v2
|
||||
with:
|
||||
path: ~/.ccache
|
||||
# with regards to ccache, monolithic builds don't differ from regular
|
||||
# builds and, similarly, builds with leak-detective only differ in two
|
||||
# files (LD itself and library.c); but different tests build different
|
||||
# dependencies, so different caches are needed
|
||||
key: ccache-${{ runner.os }}-${{ env.CC }}-${{ matrix.test }}-${{ github.ref }}:${{ github.sha }}
|
||||
restore-keys: |
|
||||
ccache-${{ runner.os }}-${{ env.CC }}-${{ matrix.test }}-${{ github.ref }}:
|
||||
ccache-${{ runner.os }}-${{ env.CC }}-${{ matrix.test }}-
|
||||
ccache-${{ runner.os }}-${{ env.CC }}-
|
||||
- run: |
|
||||
sudo apt-get install -qq ccache
|
||||
echo "PATH=/usr/lib/ccache:$PATH" >> $GITHUB_ENV
|
||||
ccache -z
|
||||
- uses: ./.github/actions/default
|
||||
- run: ccache -s
|
||||
- if: ${{ success() && matrix.test == 'coverage' }}
|
||||
run: bash <(curl -s https://codecov.io/bash)
|
||||
- if: ${{ failure() }}
|
||||
uses: actions/upload-artifact@v2
|
||||
with:
|
||||
name: Logs ${{ github.job }}
|
||||
path: config.log
|
||||
retention-days: 5
|
||||
|
||||
crypto-plugins:
|
||||
runs-on: ubuntu-latest
|
||||
strategy:
|
||||
matrix:
|
||||
test: [ botan, wolfssl, openssl, gcrypt ]
|
||||
leak-detective: [ no, yes ]
|
||||
env:
|
||||
LEAK_DETECTIVE: ${{ matrix.leak-detective || 'no' }}
|
||||
TEST: ${{ matrix.test }}
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
- uses: actions/cache@v2
|
||||
with:
|
||||
path: ~/.ccache
|
||||
key: ccache-${{ runner.os }}-${{ env.CC }}-${{ matrix.test }}-${{ github.ref }}:${{ github.sha }}
|
||||
restore-keys: |
|
||||
ccache-${{ runner.os }}-${{ env.CC }}-${{ matrix.test }}-${{ github.ref }}:
|
||||
ccache-${{ runner.os }}-${{ env.CC }}-${{ matrix.test }}-
|
||||
ccache-${{ runner.os }}-${{ env.CC }}-
|
||||
ccache-${{ runner.os }}-${{ env.CC }}-all-${{ github.ref }}:${{ github.sha }}
|
||||
ccache-${{ runner.os }}-${{ env.CC }}-all-${{ github.ref }}:
|
||||
ccache-${{ runner.os }}-${{ env.CC }}-all-
|
||||
ccache-${{ runner.os }}-${{ env.CC }}-
|
||||
- run: |
|
||||
sudo apt-get install -qq ccache
|
||||
echo "PATH=/usr/lib/ccache:$PATH" >> $GITHUB_ENV
|
||||
ccache -z
|
||||
- uses: ./.github/actions/default
|
||||
- run: ccache -s
|
||||
- if: ${{ failure() }}
|
||||
uses: actions/upload-artifact@v2
|
||||
with:
|
||||
name: Logs ${{ github.job }}
|
||||
path: config.log
|
||||
retention-days: 5
|
||||
|
||||
xenial:
|
||||
runs-on: ubuntu-16.04
|
||||
strategy:
|
||||
matrix:
|
||||
test: [ all ]
|
||||
compiler: [ gcc, clang ]
|
||||
include:
|
||||
- test: openssl-1.0
|
||||
- test: openssl-1.0
|
||||
leak-detective: yes
|
||||
env:
|
||||
LEAK_DETECTIVE: ${{ matrix.leak-detective || 'no' }}
|
||||
CC: ${{ matrix.compiler || 'gcc' }}
|
||||
TEST: ${{ matrix.test }}
|
||||
UBUNTU_XENIAL: yes
|
||||
# this is the default with newer versions and fixes builds with clang
|
||||
CCACHE_CPP2: true
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
- uses: actions/cache@v2
|
||||
with:
|
||||
path: ~/.ccache
|
||||
key: ccache-xenial-${{ env.CC }}-${{ matrix.test }}-${{ github.ref }}:${{ github.sha }}
|
||||
restore-keys: |
|
||||
ccache-xenial-${{ env.CC }}-${{ matrix.test }}-${{ github.ref }}:
|
||||
ccache-xenial-${{ env.CC }}-${{ matrix.test }}-
|
||||
ccache-xenial-${{ env.CC }}-
|
||||
- run: |
|
||||
sudo apt-get install -qq ccache
|
||||
echo "PATH=/usr/lib/ccache:$PATH" >> $GITHUB_ENV
|
||||
ccache -z
|
||||
- uses: ./.github/actions/default
|
||||
- run: ccache -s
|
||||
- if: ${{ failure() }}
|
||||
uses: actions/upload-artifact@v2
|
||||
with:
|
||||
name: Logs ${{ github.job }}
|
||||
path: config.log
|
||||
retention-days: 5
|
|
@ -0,0 +1,37 @@
|
|||
name: macOS
|
||||
|
||||
on: [push, pull_request]
|
||||
|
||||
env:
|
||||
TESTS_REDUCED_KEYLENGTHS: yes
|
||||
CCACHE_BASEDIR: ${{ github.workspace }}
|
||||
CCACHE_COMPRESS: true
|
||||
CCACHE_MAXSIZE: 100M
|
||||
OS_NAME: macos
|
||||
|
||||
jobs:
|
||||
macos:
|
||||
runs-on: macos-latest
|
||||
env:
|
||||
TEST: macos
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
- uses: actions/cache@v2
|
||||
with:
|
||||
path: ~/Library/Caches/ccache
|
||||
key: ccache-${{ runner.os }}-${{ github.ref }}:${{ github.sha }}
|
||||
restore-keys: |
|
||||
ccache-${{ runner.os }}-${{ github.ref }}:
|
||||
ccache-${{ runner.os }}-
|
||||
- run: |
|
||||
brew install ccache
|
||||
echo "PATH=$(brew --prefix)/opt/ccache/libexec:$PATH" >> $GITHUB_ENV
|
||||
ccache -z
|
||||
- uses: ./.github/actions/default
|
||||
- run: ccache -s
|
||||
- if: ${{ failure() }}
|
||||
uses: actions/upload-artifact@v2
|
||||
with:
|
||||
name: Logs ${{ github.job }}
|
||||
path: config.log
|
||||
retention-days: 5
|
|
@ -0,0 +1,53 @@
|
|||
name: SonarCloud
|
||||
|
||||
on: [push]
|
||||
|
||||
env:
|
||||
CCACHE_BASEDIR: ${{ github.workspace }}
|
||||
CCACHE_COMPRESS: true
|
||||
CCACHE_MAXSIZE: 200M
|
||||
OS_NAME: linux
|
||||
|
||||
jobs:
|
||||
sonarcloud:
|
||||
runs-on: ubuntu-latest
|
||||
env:
|
||||
TEST: sonarcloud
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
with:
|
||||
fetch-depth: 0
|
||||
- uses: actions/cache@v2
|
||||
with:
|
||||
path: |
|
||||
~/.ccache
|
||||
~/.sonar-cache
|
||||
key: ccache-sonarcloud-${{ github.ref }}:${{ github.sha }}
|
||||
restore-keys: |
|
||||
ccache-sonarcloud-${{ github.ref }}:
|
||||
ccache-sonarcloud-
|
||||
- run: |
|
||||
sudo apt-get install -qq ccache
|
||||
echo "PATH=/usr/lib/ccache:$PATH" >> $GITHUB_ENV
|
||||
ccache -z
|
||||
# using SonarSource/sonarcloud-github-action is currently not recommended
|
||||
# for C builds, so we follow the "any CI" instructions
|
||||
- name: Install sonar-scanner
|
||||
env:
|
||||
SONAR_SCANNER_VERSION: 4.4.0.2170
|
||||
run: |
|
||||
export SONAR_SCANNER_HOME=$HOME/.sonar/sonar-scanner-$SONAR_SCANNER_VERSION-linux
|
||||
curl --create-dirs -sSLo $HOME/.sonar/sonar-scanner.zip https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-$SONAR_SCANNER_VERSION-linux.zip
|
||||
unzip -o $HOME/.sonar/sonar-scanner.zip -d $HOME/.sonar/
|
||||
echo "SONAR_SCANNER_OPTS=-server" >> $GITHUB_ENV
|
||||
curl --create-dirs -sSLo $HOME/.sonar/build-wrapper-linux-x86.zip https://sonarcloud.io/static/cpp/build-wrapper-linux-x86.zip
|
||||
unzip -o $HOME/.sonar/build-wrapper-linux-x86.zip -d $HOME/.sonar/
|
||||
echo "PATH=$HOME/.sonar/build-wrapper-linux-x86:$SONAR_SCANNER_HOME/bin:$PATH" >> $GITHUB_ENV
|
||||
- env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
BUILD_NUMBER: ${{ github.run_id }}
|
||||
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
|
||||
SONAR_PROJECT: ${{ secrets.SONAR_PROJECT }}
|
||||
SONAR_ORGANIZATION: ${{ secrets.SONAR_ORGANIZATION }}
|
||||
uses: ./.github/actions/default
|
||||
- run: ccache -s
|
|
@ -0,0 +1,44 @@
|
|||
name: Windows
|
||||
|
||||
on: [push, pull_request]
|
||||
|
||||
env:
|
||||
TESTS_REDUCED_KEYLENGTHS: yes
|
||||
CCACHE_BASEDIR: ${{ github.workspace }}
|
||||
CCACHE_COMPRESS: true
|
||||
CCACHE_MAXSIZE: 200M
|
||||
# since the compilers are newly installed every time, we have to use this to
|
||||
# avoid cache misses
|
||||
CCACHE_COMPILERCHECK: content
|
||||
MONOLITHIC: yes
|
||||
|
||||
jobs:
|
||||
cross-compile:
|
||||
runs-on: ubuntu-latest
|
||||
strategy:
|
||||
matrix:
|
||||
test: [ win64, win32 ]
|
||||
env:
|
||||
OS_NAME: linux
|
||||
TEST: ${{ matrix.test }}
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
- uses: actions/cache@v2
|
||||
with:
|
||||
path: ~/.ccache
|
||||
key: ccache-${{ runner.os }}-${{ matrix.test }}-${{ github.ref }}:${{ github.sha }}
|
||||
restore-keys: |
|
||||
ccache-${{ runner.os }}-${{ matrix.test }}-${{ github.ref }}:
|
||||
ccache-${{ runner.os }}-${{ matrix.test }}-
|
||||
- run: |
|
||||
sudo apt-get install -qq ccache
|
||||
echo "PATH=/usr/lib/ccache:$PATH" >> $GITHUB_ENV
|
||||
ccache -z
|
||||
- uses: ./.github/actions/default
|
||||
- run: ccache -s
|
||||
- if: ${{ failure() }}
|
||||
uses: actions/upload-artifact@v2
|
||||
with:
|
||||
name: Logs ${{ github.job }}
|
||||
path: config.log
|
||||
retention-days: 5
|
145
.travis.yml
145
.travis.yml
|
@ -1,145 +0,0 @@
|
|||
language: c
|
||||
|
||||
os: linux
|
||||
dist: bionic
|
||||
|
||||
# don't build tags separately
|
||||
if: tag IS blank
|
||||
|
||||
compiler: gcc
|
||||
|
||||
cache: ccache
|
||||
|
||||
before_install:
|
||||
- travis_retry ./scripts/test.sh deps
|
||||
- travis_retry ./scripts/test.sh pydeps
|
||||
- travis_retry ./scripts/test.sh build-deps
|
||||
|
||||
before_script:
|
||||
- sudo sysctl -w net.ipv6.conf.all.disable_ipv6=0 || true
|
||||
|
||||
script:
|
||||
- ./scripts/test.sh
|
||||
|
||||
after_success:
|
||||
if [ "$TEST" == "coverage" ]; then
|
||||
bash <(curl -s https://codecov.io/bash);
|
||||
fi
|
||||
|
||||
after_failure:
|
||||
- cat config.log
|
||||
- sleep 1
|
||||
|
||||
env:
|
||||
global:
|
||||
- TESTS_REDUCED_KEYLENGTHS=yes
|
||||
- LEAK_DETECTIVE=no
|
||||
- MONOLITHIC=no
|
||||
|
||||
jobs:
|
||||
include:
|
||||
- env: TEST=sonarcloud
|
||||
if: |
|
||||
type = push AND env(SONAR_TOKEN) IS present AND \
|
||||
env(SONAR_PROJECT) IS present AND \
|
||||
env(SONAR_ORGANIZATION) IS present
|
||||
git:
|
||||
depth: false
|
||||
cache:
|
||||
directories:
|
||||
- $HOME/.sonar-cache
|
||||
addons:
|
||||
sonarcloud: true
|
||||
- env: TEST=lgtm
|
||||
if: type = push AND env(LGTM_TOKEN) IS present
|
||||
git:
|
||||
depth: false
|
||||
- env: TEST=osx
|
||||
compiler: clang
|
||||
os: osx
|
||||
- env: TEST=android
|
||||
install:
|
||||
# see https://developer.android.com/studio#command-tools
|
||||
- export ANDROID_TOOLS=commandlinetools-linux-6200805_latest.zip
|
||||
- export ANDROID_HOME=$HOME/android-sdk
|
||||
- wget -nv https://dl.google.com/android/repository/$ANDROID_TOOLS
|
||||
- unzip -q $ANDROID_TOOLS -d $ANDROID_HOME && rm $ANDROID_TOOLS
|
||||
- export PATH=$PATH:$ANDROID_HOME/tools/bin
|
||||
# sdkmanager only works with Java 8
|
||||
- export JAVA_HOME=/usr/lib/jvm/java-8-openjdk-amd64
|
||||
- yes | sdkmanager --sdk_root=$ANDROID_HOME --licenses >/dev/null
|
||||
- yes | sdkmanager --sdk_root=$ANDROID_HOME --install 'ndk;20.0.5594570'
|
||||
- mkdir -p $HOME/.gradle
|
||||
- echo "org.gradle.daemon=false" >> $HOME/.gradle/gradle.properties
|
||||
- echo "org.gradle.console=plain" >> $HOME/.gradle/gradle.properties
|
||||
# since the NDK is newly installed everytime, we have to use this to avoid cache misses
|
||||
- export CCACHE_COMPILERCHECK=content
|
||||
after_success:
|
||||
- cat src/frontends/android/app/build/reports/lint-results.xml
|
||||
before_cache:
|
||||
- rm -f $HOME/.gradle/caches/modules-2/modules-2.lock
|
||||
- rm -fr $HOME/.gradle/caches/*/plugin-resolution/
|
||||
cache:
|
||||
ccache: true
|
||||
directories:
|
||||
- $HOME/.gradle/caches/
|
||||
- $HOME/.gradle/wrapper/
|
||||
- $HOME/.android/build-cache
|
||||
- env: TEST=all
|
||||
- env: TEST=all
|
||||
compiler: clang
|
||||
- env: TEST=all
|
||||
arch: arm64
|
||||
- env: TEST=all
|
||||
arch: ppc64le
|
||||
- env: TEST=all
|
||||
arch: s390x
|
||||
- env: TEST=all UBUNTU_XENIAL=yes
|
||||
dist: xenial
|
||||
- env: TEST=all UBUNTU_XENIAL=yes
|
||||
dist: xenial
|
||||
compiler: clang
|
||||
- env: TEST=all MONOLITHIC=yes
|
||||
- env: TEST=all MONOLITHIC=yes
|
||||
compiler: clang
|
||||
- env: TEST=all LEAK_DETECTIVE=yes
|
||||
- env: TEST=all LEAK_DETECTIVE=yes
|
||||
compiler: clang
|
||||
- env: TEST=coverage
|
||||
- env: TEST=fuzzing MONOLITHIC=yes
|
||||
compiler: clang
|
||||
- env: TEST=win64 MONOLITHIC=yes
|
||||
- env: TEST=win32 MONOLITHIC=yes
|
||||
- env: TEST=dist
|
||||
# "default" with GCC is already tested with "dist" above
|
||||
- env: TEST=default
|
||||
compiler: clang
|
||||
- env: TEST=default MONOLITHIC=yes
|
||||
- env: TEST=default MONOLITHIC=yes
|
||||
compiler: clang
|
||||
- env: TEST=default LEAK_DETECTIVE=yes
|
||||
- env: TEST=default LEAK_DETECTIVE=yes
|
||||
compiler: clang
|
||||
# we can't test Vstr as negative int args are not properly passed to CBs
|
||||
- env: TEST=printf-builtin
|
||||
- env: TEST=printf-builtin
|
||||
compiler: clang
|
||||
- env: TEST=printf-builtin LEAK_DETECTIVE=yes
|
||||
- env: TEST=printf-builtin LEAK_DETECTIVE=yes
|
||||
compiler: clang
|
||||
- env: TEST=nm
|
||||
- env: TEST=nm-no-glib
|
||||
# the crypto plugins are build-tested with clang via "all" above
|
||||
- env: TEST=botan
|
||||
- env: TEST=botan LEAK_DETECTIVE=yes
|
||||
- env: TEST=wolfssl
|
||||
- env: TEST=wolfssl LEAK_DETECTIVE=yes
|
||||
- env: TEST=openssl
|
||||
- env: TEST=openssl LEAK_DETECTIVE=yes
|
||||
- env: TEST=openssl-1.0 UBUNTU_XENIAL=yes
|
||||
dist: xenial
|
||||
- env: TEST=openssl-1.0 LEAK_DETECTIVE=yes UBUNTU_XENIAL=yes
|
||||
dist: xenial
|
||||
- env: TEST=gcrypt
|
||||
- env: TEST=gcrypt LEAK_DETECTIVE=yes
|
||||
- env: TEST=apidoc
|
|
@ -1,5 +1,5 @@
|
|||
#!/bin/sh
|
||||
# Build script for Travis CI
|
||||
# Build script for CI
|
||||
|
||||
build_botan()
|
||||
{
|
||||
|
@ -88,8 +88,8 @@ build_tss2()
|
|||
cd -
|
||||
}
|
||||
|
||||
: ${TRAVIS_BUILD_DIR=$PWD}
|
||||
: ${DEPS_BUILD_DIR=$TRAVIS_BUILD_DIR/..}
|
||||
: ${BUILD_DIR=$PWD}
|
||||
: ${DEPS_BUILD_DIR=$BUILD_DIR/..}
|
||||
: ${DEPS_PREFIX=/usr/local}
|
||||
|
||||
TARGET=check
|
||||
|
@ -140,26 +140,25 @@ all|coverage|sonarcloud)
|
|||
--disable-osx-attr --disable-tkm --disable-uci
|
||||
--disable-unwind-backtraces
|
||||
--disable-svc --disable-dbghelp-backtraces --disable-socket-win
|
||||
--disable-kernel-wfp --disable-kernel-iph --disable-winhttp"
|
||||
--disable-kernel-wfp --disable-kernel-iph --disable-winhttp
|
||||
--disable-python-eggs-install"
|
||||
# not enabled on the build server
|
||||
CONFIG="$CONFIG --disable-af-alg"
|
||||
if test "$TRAVIS_CPU_ARCH" != "amd64"; then
|
||||
CONFIG="$CONFIG --disable-aesni --disable-rdrand"
|
||||
fi
|
||||
if test "$TEST" != "coverage"; then
|
||||
CONFIG="$CONFIG --disable-coverage"
|
||||
else
|
||||
# not actually required but configure checks for it
|
||||
DEPS="$DEPS lcov"
|
||||
fi
|
||||
# Botan requires GCC 5.0, so disable it on Ubuntu 16.04
|
||||
# Botan requires newer compilers, so disable it on Ubuntu 16.04
|
||||
if test -n "$UBUNTU_XENIAL"; then
|
||||
CONFIG="$CONFIG --disable-botan"
|
||||
fi
|
||||
DEPS="$DEPS libcurl4-gnutls-dev libsoup2.4-dev libunbound-dev libldns-dev
|
||||
libmysqlclient-dev libsqlite3-dev clearsilver-dev libfcgi-dev
|
||||
libpcsclite-dev libpam0g-dev binutils-dev libnm-dev libgcrypt20-dev
|
||||
libjson-c-dev iptables-dev python-pip libtspi-dev libsystemd-dev"
|
||||
libldap2-dev libpcsclite-dev libpam0g-dev binutils-dev libnm-dev
|
||||
libgcrypt20-dev libjson-c-dev iptables-dev python-pip libtspi-dev
|
||||
libsystemd-dev"
|
||||
PYDEPS="tox"
|
||||
if test "$1" = "build-deps"; then
|
||||
if test -z "$UBUNTU_XENIAL"; then
|
||||
|
@ -183,7 +182,6 @@ win*)
|
|||
# no make check for Windows binaries unless we run on a windows host
|
||||
if test "$APPVEYOR" != "True"; then
|
||||
TARGET=
|
||||
CCACHE=ccache
|
||||
else
|
||||
CONFIG="$CONFIG --enable-openssl"
|
||||
CFLAGS="$CFLAGS -I/c/OpenSSL-$TEST/include"
|
||||
|
@ -196,24 +194,23 @@ win*)
|
|||
win64)
|
||||
CONFIG="--host=x86_64-w64-mingw32 $CONFIG --enable-dbghelp-backtraces"
|
||||
DEPS="gcc-mingw-w64-x86-64 binutils-mingw-w64-x86-64 mingw-w64-x86-64-dev $DEPS"
|
||||
CC="$CCACHE x86_64-w64-mingw32-gcc"
|
||||
CC="x86_64-w64-mingw32-gcc"
|
||||
;;
|
||||
win32)
|
||||
CONFIG="--host=i686-w64-mingw32 $CONFIG"
|
||||
DEPS="gcc-mingw-w64-i686 binutils-mingw-w64-i686 mingw-w64-i686-dev $DEPS"
|
||||
CC="$CCACHE i686-w64-mingw32-gcc"
|
||||
CC="i686-w64-mingw32-gcc"
|
||||
;;
|
||||
esac
|
||||
;;
|
||||
android)
|
||||
DEPS="$DEPS openjdk-8-jdk"
|
||||
if test "$1" = "deps"; then
|
||||
git clone git://git.strongswan.org/android-ndk-boringssl.git -b ndk-static \
|
||||
src/frontends/android/app/src/main/jni/openssl
|
||||
fi
|
||||
TARGET=distdir
|
||||
;;
|
||||
osx)
|
||||
macos)
|
||||
# this causes a false positive in ip-packet.c since Xcode 8.3
|
||||
CFLAGS="$CFLAGS -Wno-address-of-packed-member"
|
||||
# use the same options as in the Homebrew Formula
|
||||
|
@ -227,7 +224,7 @@ osx)
|
|||
--enable-scepclient --enable-socket-default --enable-sshkey
|
||||
--enable-stroke --enable-swanctl --enable-unity --enable-updown
|
||||
--enable-x509 --enable-xauth-generic"
|
||||
DEPS="bison gettext openssl curl"
|
||||
DEPS="automake autoconf libtool bison gettext openssl curl"
|
||||
BREW_PREFIX=$(brew --prefix)
|
||||
export PATH=$BREW_PREFIX/opt/bison/bin:$PATH
|
||||
export ACLOCAL_PATH=$BREW_PREFIX/opt/gettext/share/aclocal:$ACLOCAL_PATH
|
||||
|
@ -271,7 +268,7 @@ fuzzing)
|
|||
if test -z "$1"; then
|
||||
if test -z "$FUZZING_CORPORA"; then
|
||||
git clone --depth 1 https://github.com/strongswan/fuzzing-corpora.git fuzzing-corpora
|
||||
export FUZZING_CORPORA=$TRAVIS_BUILD_DIR/fuzzing-corpora
|
||||
export FUZZING_CORPORA=$BUILD_DIR/fuzzing-corpora
|
||||
fi
|
||||
# these are about the same as those on OSS-Fuzz (except for the
|
||||
# symbolize options and strip_path_prefix)
|
||||
|
@ -306,26 +303,22 @@ lgtm)
|
|||
DEPS="jq"
|
||||
|
||||
if test -z "$1"; then
|
||||
# fall back to the parent of the latest commit (on new branches we might
|
||||
# not have a range, also on duplicate branches)
|
||||
base="${TRAVIS_COMMIT}^"
|
||||
if test -n "$TRAVIS_COMMIT_RANGE"; then
|
||||
base="${TRAVIS_COMMIT_RANGE%...*}"
|
||||
# after rebases, the first commit ID in the range might not be valid
|
||||
git rev-parse -q --verify $base
|
||||
if [ $? != 0 ]; then
|
||||
# this will always compare against master, while the range
|
||||
# otherwise only contains "new" commits
|
||||
base=$(git merge-base origin/master ${TRAVIS_COMMIT})
|
||||
fi
|
||||
base=$COMMIT_BASE
|
||||
# after rebases or for new/duplicate branches, the passed base commit
|
||||
# ID might not be valid
|
||||
git rev-parse -q --verify $base^{commit}
|
||||
if [ $? != 0 ]; then
|
||||
# this will always compare against master, while via base we
|
||||
# otherwise only contains "new" commits
|
||||
base=$(git merge-base origin/master ${COMMIT_ID})
|
||||
fi
|
||||
base=$(git rev-parse $base)
|
||||
project_id=1506185006272
|
||||
|
||||
echo "Starting code review for $TRAVIS_COMMIT (base $base) on lgtm.com"
|
||||
echo "Starting code review for $COMMIT_ID (base $base) on lgtm.com"
|
||||
git diff --binary $base > lgtm.patch || exit $?
|
||||
curl -s -X POST --data-binary @lgtm.patch \
|
||||
"https://lgtm.com/api/v1.0/codereviews/${project_id}?base=${base}&external-id=${TRAVIS_BUILD_NUMBER}" \
|
||||
"https://lgtm.com/api/v1.0/codereviews/${project_id}?base=${base}&external-id=${BUILD_NUMBER}" \
|
||||
-H 'Content-Type: application/octet-stream' \
|
||||
-H 'Accept: application/json' \
|
||||
-H "Authorization: Bearer ${LGTM_TOKEN}" > lgtm.res || exit $?
|
||||
|
@ -373,12 +366,12 @@ esac
|
|||
|
||||
case "$1" in
|
||||
deps)
|
||||
case "$TRAVIS_OS_NAME" in
|
||||
case "$OS_NAME" in
|
||||
linux)
|
||||
sudo apt-get update -qq && \
|
||||
sudo apt-get install -qq bison flex gperf gettext $DEPS
|
||||
;;
|
||||
osx)
|
||||
macos)
|
||||
brew update && \
|
||||
brew install $DEPS
|
||||
;;
|
||||
|
@ -423,12 +416,6 @@ esac
|
|||
echo "$ make $TARGET"
|
||||
case "$TEST" in
|
||||
sonarcloud)
|
||||
# there is an issue with the platform detection that causes sonarqube to
|
||||
# fail on bionic with "ERROR: ld.so: object '...libinterceptor-${PLATFORM}.so'
|
||||
# from LD_PRELOAD cannot be preloaded (cannot open shared object file)"
|
||||
# https://jira.sonarsource.com/browse/CPP-2027
|
||||
BW_PATH=$(dirname $(which build-wrapper-linux-x86-64))
|
||||
cp $BW_PATH/libinterceptor-x86_64.so $BW_PATH/libinterceptor-haswell.so
|
||||
# without target, coverage is currently not supported anyway because
|
||||
# sonarqube only supports gcov, not lcov
|
||||
build-wrapper-linux-x86-64 --out-dir bw-output make -j4 || exit $?
|
||||
|
@ -448,9 +435,11 @@ apidoc)
|
|||
;;
|
||||
sonarcloud)
|
||||
sonar-scanner \
|
||||
-Dsonar.host.url=https://sonarcloud.io \
|
||||
-Dsonar.projectKey=${SONAR_PROJECT} \
|
||||
-Dsonar.organization=${SONAR_ORGANIZATION} \
|
||||
-Dsonar.projectVersion=$(git describe)+${TRAVIS_BUILD_NUMBER} \
|
||||
-Dsonar.login=${SONAR_TOKEN} \
|
||||
-Dsonar.projectVersion=$(git describe)+${BUILD_NUMBER} \
|
||||
-Dsonar.sources=. \
|
||||
-Dsonar.cfamily.threads=2 \
|
||||
-Dsonar.cfamily.cache.enabled=true \
|
||||
|
@ -462,7 +451,7 @@ android)
|
|||
rm -r strongswan-*
|
||||
cd src/frontends/android
|
||||
echo "$ ./gradlew build"
|
||||
NDK_CCACHE=ccache ./gradlew build
|
||||
NDK_CCACHE=ccache ./gradlew build || exit $?
|
||||
;;
|
||||
*)
|
||||
;;
|
||||
|
|
Loading…
Reference in New Issue