# In the interest of reliability and performance, please avoid installing # external dependencies here, e.g. via tools/*-setup.sh, apt, dnf, or yum. # Do so in the appropriate Dockerfile at # https://gitlab.com/wireshark/wireshark-containers/ instead. # The resulting images can be found at # https://hub.docker.com/r/wireshark/wireshark-centos-7-dev # https://hub.docker.com/r/wireshark/wireshark-centos-8-dev # https://hub.docker.com/r/wireshark/wireshark-debian-stable-dev # https://hub.docker.com/r/wireshark/wireshark-fedora-dev # https://hub.docker.com/r/wireshark/wireshark-opensuse-15.2-dev # https://hub.docker.com/r/wireshark/wireshark-ubuntu-dev stages: - build - analysis - test variables: # Ensure that checkouts are a) fast and b) have a reachable tag. In a # brighter, more glorious future we might be able to use --shallow-since: # https://gitlab.com/gitlab-org/gitlab-runner/-/issues/3460 # In the mean time, fetching the last 5000 commits does the job. GIT_DEPTH: "1" GIT_FETCH_EXTRA_FLAGS: "--depth=5000" CCACHE_DIR: "${CI_PROJECT_DIR}/ccache" # Preferred version of clang available on wireshark-ubuntu-dev CLANG_VERSION: 12 # Enable color output in CMake, Ninja, and other tools. https://bixense.com/clicolors/ CLICOLOR_FORCE: 1 # Scheduled builds additionally set SCHEDULE_TYPE, which can be one of: # - daily: Daily at 10:00 UTC # - coverity-visual-c++: Monday, Wednesday, & Friday at 12:00 UTC # - coverity-gcc: Sunday, Tuesday, Thursday & Saturday at 12:00 UTC # Common rules # Commits that have been approved and merged. Run automatically in the main # repo and allow manual runs in forks. .if-merged: rules: - if: '$CI_PIPELINE_SOURCE == "push" && $CI_PROJECT_URL =~ /.*gitlab.com\/wireshark\/wireshark/' when: always - if: '$CI_PROJECT_URL !~ /.*gitlab.com\/wireshark\/wireshark/' when: manual - when: never # Incoming merge requests. .if-merge-request: rules: - if: '$CI_PIPELINE_SOURCE == "merge_request_event"' # Incoming non-detached merge requests. Must be used for runners which are only # available in wireshark/wireshark, e.g. wireshark-windows-* .if-attached-merge-request: rules: - if: '$CI_PIPELINE_SOURCE == "merge_request_event" && $CI_PROJECT_URL =~ /.*gitlab.com\/wireshark\/wireshark/' when: always # Daily jobs # Schedules don't appear to work with "extends" or YAML anchors, unfortunately. # .if-daily-schedule # rules: # - if: '$CI_PIPELINE_SOURCE == "schedule" && $SCHEDULE_TYPE == "daily"' # when: always .build: stage: build after_script: - for builddir in build/packaging/rpm/BUILD/wireshark-*/build build/packaging/rpm/BUILD/wireshark-* build obj-*; do [ ! -d "$builddir/run" ] || break; done - if [[ "$CI_JOB_NAME" == "build:rpm-opensuse-"* ]]; then export LD_LIBRARY_PATH=$builddir/run; fi - if [ -f $builddir/run/tshark ]; then $builddir/run/tshark --version; fi needs: [] .build-ubuntu: extends: .build image: wireshark/wireshark-ubuntu-dev retry: 1 # https://gould.cx/ted/blog/2017/06/10/ccache-for-Gitlab-CI/ cache: # XXX Use ${CI_JOB_NAME}-${CI_MERGE_REQUEST_TARGET_BRANCH_NAME} instead? key: ${CI_JOB_NAME}-master paths: - ccache/ before_script: - useradd user - export LANG=en_US.UTF-8 - export PYTEST_ADDOPTS=--skip-missing-programs=dumpcap,rawshark - mkdir -p ccache - ccache --show-stats - export DEB_BUILD_OPTIONS=nocheck,parallel=$(( $(getconf _NPROCESSORS_ONLN) + 2 )) - export DH_QUIET=1 - export MAKEFLAGS=--silent - mkdir build - cd build after_script: # The cache should be large enough to be useful but it shouldn't take # too long to restore+save each run. - ccache --max-size $( du --summarize --block-size=1M "$CI_PROJECT_DIR/build" | awk '{printf ("%dM", $1 * 1.5)}' ) script: # setcap restricts our library paths - CFLAGS=-Wl,-rpath=$(pwd)/run CXXFLAGS=-Wl,-rpath=$(pwd)/run cmake -GNinja $CMAKE_ARGS .. - ninja - ninja install - ninja shellcheck - ninja test-programs - chown -R user . - if [ -f run/dumpcap ]; then setcap cap_net_raw,cap_net_admin+eip run/dumpcap; fi - if [ -f run/dumpcap ]; then su user -c "run/dumpcap -D" ; fi - su user -c pytest-3 .build-rpm: extends: .build before_script: # It might make sense to set "GIT_STRATEGY: none" and build from # the tarball. - git config --global user.email "you@example.com" - git config --global user.name "Your Name" - mkdir build - cd build - perl ../tools/make-version.pl --set-release - mv -v ../wireshark-*.tar.* . artifacts: paths: - build/packaging/rpm/RPMS expire_in: 3 days .build-windows: stage: build before_script: - if (-Not (Test-Path C:\Development)) { New-Item -Path C:\Development -ItemType "directory" } - $env:WIRESHARK_BASE_DIR = "C:\Development" - $env:Configuration = "RelWithDebInfo" - $env:Path += ";C:\Program Files\CMake\bin" - $env:Path += ";C:\Strawberry\c\bin;C:\Strawberry\perl\site\bin;C:\Strawberry\perl\bin" - $env:Path += ";C:\qt\5.15.1\msvc2019_64\bin" # https://help.appveyor.com/discussions/questions/18777-how-to-use-vcvars64bat-from-powershell - cmd.exe /c "call `"C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\VC\Auxiliary\Build\vcvars64.bat`" && set > %temp%\vcvars.txt" - Get-Content "$env:temp\vcvars.txt" | Foreach-Object { if ($_ -match "^(.*?)=(.*)$") { Set-Content "env:\$($matches[1])" $matches[2] } } # Testing / debugging only. # - cmd.exe /c "set CI_PIPELINE_SOURCE" # - cmd.exe /c "set CI_PROJECT_URL" #- dir c:\ #- dir c:\qt #- $env:path.split(";") #- cmd.exe /c "set" #- Get-Location - mkdir build - cd build needs: [] # Rely on fedora:latest and debian-stable jobs for testing a recent GCC version. clang-latest: extends: - .build-ubuntu - .if-merged variables: CC: "clang-$CLANG_VERSION" CXX: "clang++-$CLANG_VERSION" build:ubuntu-dist: stage: .pre extends: - .build-ubuntu - .if-merged script: - perl ../tools/make-version.pl --set-release || ../perl make-version.pl --set-release - cmake -G Ninja $CMAKE_ARGS -DENABLE_CCACHE=ON .. - cd $CI_PROJECT_DIR - build/packaging/source/git-export-release.sh -d . after_script: # - ccache --max-size $( du --summarize --block-size=1M "$CI_PROJECT_DIR/build" | awk '{printf ("%dM", $1 * 1.5)}' ) - for digest in sha256 rmd160 sha1 ; do openssl $digest wireshark-*.tar.* ; done # This will break if we produce multiple tarballs, which is arguably a good thing. - if [ -n "$AWS_ACCESS_KEY_ID" ] && [ -n "$AWS_SECRET_ACCESS_KEY" ] && [ -n "$S3_DESTINATION_DIST" ] ; then aws s3 cp wireshark-*.tar.* "$S3_DESTINATION_DIST/" ; fi artifacts: paths: - wireshark-*.tar.* # The custom CentOS 7 image pre-installs dependencies and compilers to speed up the build: # https://hub.docker.com/r/wireshark/wireshark-centos-7-dev # https://gitlab.com/wireshark/wireshark-containers/-/tree/master/dev/centos-7 build:rpm-centos-7: extends: .build-rpm image: wireshark/wireshark-centos-7-dev script: - cmake3 -GNinja .. - ninja-build rpm-package needs: - build:ubuntu-dist test:rpm-centos-7: stage: test image: wireshark/wireshark-centos-7-dev script: - yum --nogpgcheck localinstall -y build/packaging/rpm/RPMS/x86_64/*.rpm - tshark --version needs: - build:rpm-centos-7 variables: GIT_STRATEGY: none build:rpm-centos-8: extends: .build-rpm image: wireshark/wireshark-centos-8-dev script: - cmake -GNinja .. - ninja-build rpm-package needs: - build:ubuntu-dist test:rpm-centos-8: stage: test image: wireshark/wireshark-centos-8-dev script: - dnf --nogpgcheck localinstall -y build/packaging/rpm/RPMS/x86_64/*.rpm - tshark --version needs: - build:rpm-centos-8 variables: GIT_STRATEGY: none build:rpm-opensuse-15.2: image: wireshark/wireshark-opensuse-15.2-dev extends: .build-rpm script: - cmake -GNinja .. - ninja rpm-package needs: - build:ubuntu-dist test:rpm-opensuse-15.2: image: wireshark/wireshark-opensuse-15.2-dev stage: test script: - zypper --no-gpg-checks install -y build/packaging/rpm/RPMS/x86_64/*.rpm - tshark --version variables: GIT_STRATEGY: none needs: - build:rpm-opensuse-15.2 build:rpm-fedora: extends: .build-rpm image: wireshark/wireshark-fedora-dev script: # Shared GitLab runners limit the log size to 4M, so reduce verbosity. See # https://gitlab.com/gitlab-com/support-forum/issues/2790 - export FORCE_CMAKE_NINJA_NON_VERBOSE=1 - cmake3 -GNinja .. - ninja rpm-package needs: - build:ubuntu-dist # test:rpm-fedora: # image: fedora # stage: test # script: # - dnf install -y build/packaging/rpm/RPMS/x86_64/*.rpm # - tshark --version # variables: # GIT_STRATEGY: none # needs: # - build:rpm-fedora # Job to generate packages for Debian stable build:debian-stable: extends: - .build - .if-merged image: wireshark/wireshark-debian-stable-dev script: - perl tools/make-version.pl --set-release # Shared GitLab runners limit the log size to 4M, so reduce verbosity. See # https://gitlab.com/gitlab-com/support-forum/issues/2790 - export DH_QUIET=1 - export MAKEFLAGS=--silent - dpkg-buildpackage -b --no-sign -jauto - mkdir debian-packages - mv ../*.deb debian-packages/ artifacts: paths: - debian-packages/*.deb expire_in: 3 days test:debian-stable: image: wireshark/wireshark-debian-stable-dev stage: test script: - DEBIAN_FRONTEND=noninteractive apt-get install ./debian-packages/*.deb -y - tshark --version variables: GIT_STRATEGY: none needs: - build:debian-stable # Build Wireshark manuals # Note: Need ubuntu:focal with `ruby-coderay` and `ruby-asciidoctor-pdf` packages to build PDF docs docbook: stage: build image: wireshark/wireshark-ubuntu-dev rules: - changes: - "docbook/**" - "epan/wslua/**" script: - mkdir build - cd build - cmake -GNinja .. - ninja all_guides after_script: - mv build/docbook/wsug_html/ . - mv build/docbook/wsug_html_chunked/ . - mv build/docbook/wsdg_html/ . - mv build/docbook/wsdg_html_chunked/ . artifacts: paths: - wsug_html/ - wsug_html_chunked/ - wsdg_html/ - wsdg_html_chunked/ needs: [] # Build all doxygen docs doxygen_all: image: wireshark/wireshark-ubuntu-dev rules: - if: '$CI_PIPELINE_SOURCE == "schedule" && $SCHEDULE_TYPE == "daily"' when: always stage: build script: - mkdir build - cd build - cmake -GNinja .. - ninja wsar_html 2>&1 > doxygen_output.txt | tee doxygen_errors.txt after_script: - mv build/wsar_html . - mv build/doxygen_output.txt . - mv build/doxygen_errors.txt . artifacts: when: always paths: - doxygen_errors.txt - doxygen_output.txt - wsar_html needs: [] # https://docs.gitlab.com/ee/user/gitlab_com/index.html#linux-shared-runners merge-req:commit-checks: extends: - .build-ubuntu - .if-merge-request tags: - docker script: # build-ubuntu puts us in `build`. - cd .. - bash ./tools/pre-commit 'HEAD^1' - tools/validate-commit.py merge-req:ubuntu-dpkg: extends: - .build-ubuntu - .if-merge-request tags: - docker script: # build-ubuntu puts us in `build`. - cd .. - CC=/usr/lib/ccache/gcc CXX=/usr/lib/ccache/g++ MAKE=ninja dpkg-buildpackage -us -uc -rfakeroot -jauto -Zgzip -zfast - lintian --suppress-tags library-not-linked-against-libc,copyright-excludes-files-in-native-package --display-experimental --display-info --pedantic --profile debian after_script: # dpkg-buildpackage builds in obj-, so we need to override # .build-ubuntu. We also build more stuff, so decrease our multiplier. - ccache --max-size $( du --summarize --block-size=1M --total "$CI_PROJECT_DIR"/obj-* | awk '/total$/ {printf ("%dM", $1 * 1.25)}' ) merge-req:ubuntu-gcc-ctest: extends: - .build-ubuntu - .if-merge-request tags: - docker script: # build-ubuntu puts us in `build`. - CC=gcc CXX=g++ cmake -DENABLE_EXTRA_COMPILER_WARNINGS=on -DCMAKE_EXPORT_COMPILE_COMMANDS=on -DENABLE_CCACHE=ON -G Ninja .. - script --command ninja --flush --quiet --return ../gcc_report.txt - ansi2html < ../gcc_report.txt > ../gcc_report.html - ninja test-programs - chown -R user . - su user -c "ctest --parallel $(getconf _NPROCESSORS_ONLN) --force-new-ctest-process --verbose" artifacts: paths: - gcc_report.html merge-req:ubuntu-clang-other-tests: extends: - .build-ubuntu - .if-merge-request tags: - docker variables: CC: "clang-$CLANG_VERSION" CXX: "clang++-$CLANG_VERSION" script: # build-ubuntu puts us in `build`. - cd .. - python3 tools/checklicenses.py - ./tools/cppcheck/cppcheck.sh -l 1 -x | tee cppcheck_report.xml - ./tools/check_typed_item_calls.py --commits 1 | tee item_calls_check.txt - ./tools/check_tfs.py --commits 1 | tee tfs_check.txt - if [[ -s "cppcheck_report.xml" ]]; then cppcheck-htmlreport --file cppcheck_report.xml --report-dir . ; fi - cd build - cmake -DENABLE_EXTRA_COMPILER_WARNINGS=on -DENABLE_CHECKHF_CONFLICT=on -DCMAKE_EXPORT_COMPILE_COMMANDS=on -DENABLE_CCACHE=ON -G Ninja .. - script --command ninja --flush --quiet --return ../clang_report.txt - ansi2html < ../clang_report.txt > ../clang_report.html - ./run/tshark -v - ../tools/validate-clang-check.sh -c $CLANG_VERSION - ninja checkAPI artifacts: paths: - clang_report.html - cppcheck_report.html - cppcheck_report.xml - item_calls_check.txt - tfs_check.txt # Windows runners are still beta, at least technically: # https://docs.gitlab.com/ee/user/gitlab_com/index.html#windows-shared-runners-beta merge-req:windows: extends: - .build-windows - .if-attached-merge-request tags: - wireshark-windows-merge-req script: - cmake -G "Visual Studio 16 2019" -A x64 -DENABLE_LTO=off .. - msbuild /verbosity:minimal "/consoleloggerparameters:PerformanceSummary;NoSummary" /maxcpucount Wireshark.sln - msbuild /verbosity:minimal test-programs.vcxproj - ctest -C RelWithDebInfo --parallel 3 --force-new-ctest-process --verbose # Adapted from https://www.synopsys.com/blogs/software-security/integrating-coverity-scan-with-gitlab-ci/ # and https://gitlab.gnome.org/GNOME/glib/-/blob/8f57a5b9/.gitlab-ci.yml#L481 coverity-gcc: image: wireshark/wireshark-ubuntu-dev rules: - if: '$CI_PIPELINE_SOURCE == "schedule" && $SCHEDULE_TYPE == "coverity-gcc"' when: always stage: analysis needs: [] variables: CC: gcc CXX: g++ # cov-build doesn’t handle GLIB_DEPRECATED_ENUMERATOR CFLAGS: '-DGLIB_DISABLE_DEPRECATION_WARNINGS' CXXFLAGS: '-DGLIB_DISABLE_DEPRECATION_WARNINGS' script: - curl --output /tmp/cov-analysis-linux64.tar.gz --form project=$COVERITY_SCAN_PROJECT_NAME --form token=$COVERITY_SCAN_TOKEN https://scan.coverity.com/download/linux64 - tar --directory=/tmp --extract --gzip --file /tmp/cov-analysis-linux64.tar.gz - mkdir build - cd build - cmake -G Ninja .. - /tmp/cov-analysis-linux64-*/bin/cov-build --return-emit-failures --dir cov-int ninja - tar --create --gzip --file cov-int.tar.gz cov-int # - curl --form file=@cov-int.tar.gz --form token=$COVERITY_SCAN_TOKEN --form email=$GITLAB_USER_EMAIL --form description="Ubuntu $( git describe --tags ) $CI_COMMIT_REF_NAME:$CI_PIPELINE_ID" --form version=$( git describe --tags ) https://scan.coverity.com/builds?project=$COVERITY_SCAN_PROJECT_NAME - curl --data "project=$COVERITY_SCAN_PROJECT_NAME&token=$COVERITY_SCAN_TOKEN&email=$GITLAB_USER_EMAIL&url=$CI_JOB_URL/artifacts/file/build/cov-int.tar.gz&version=$( git describe --tags )&description=Ubuntu $( git describe --tags ) $CI_COMMIT_REF_NAME:$CI_PIPELINE_ID" https://scan.coverity.com/builds artifacts: paths: - build/cov-int.tar.gz coverity-visual-c++: extends: .build-windows rules: - if: '$CI_PIPELINE_SOURCE == "schedule" && $SCHEDULE_TYPE == "coverity-visual-c++"' when: always tags: - wireshark-windows-merge-req stage: analysis needs: [] script: - $gitDescription = (( git describe --tags ) | Out-String).Trim() - C:\Windows\System32\curl --output $env:temp\cov-analysis-win64.zip --form project=$COVERITY_SCAN_PROJECT_NAME --form token=$COVERITY_SCAN_TOKEN https://scan.coverity.com/download/win64 - C:\ProgramData\chocolatey\tools\7z x "$env:temp\cov-analysis-win64.zip" -y -r -o"$env:temp" - cmake -DTEST_EXTRA_ARGS=--enable-release -DENABLE_LTO=off -G "Visual Studio 16 2019" -A x64 .. - $covAnalysisWin64 = (Get-ChildItem -Path $env:temp -Filter "cov-analysis-win64-*" -Directory)[0].FullName - Invoke-Expression "& $covAnalysisWin64\bin\cov-build.exe --return-emit-failures --dir cov-int msbuild /verbosity:minimal `"/consoleloggerparameters:PerformanceSummary;NoSummary`" /maxcpucount:1 Wireshark.sln" - C:\ProgramData\chocolatey\tools\7z a -tzip cov-int.zip cov-int # - C:\Windows\System32\curl --form file=@cov-int.zip --form token=$COVERITY_SCAN_TOKEN--form email=$GITLAB_USER_EMAIL --form description="Windows $gitDescription $env:CI_COMMIT_REF_NAME`:$env:CI_PIPELINE_ID" --form version=$gitDescription https://scan.coverity.com/builds?project=$COVERITY_SCAN_PROJECT_NAME - curl --data "project=$COVERITY_SCAN_PROJECT_NAME&token=$COVERITY_SCAN_TOKEN&email=$GITLAB_USER_EMAIL&url=$CI_JOB_URL/artifacts/file/build/cov-int.zip&version=$gitDescription&description=Windows $gitDescription $env:CI_COMMIT_REF_NAME`:$env:CI_PIPELINE_ID" https://scan.coverity.com/builds artifacts: paths: - build/cov-int.zip clang-scan-build: image: wireshark/wireshark-ubuntu-dev rules: - if: '$CI_PIPELINE_SOURCE == "schedule" && $SCHEDULE_TYPE == "daily"' when: always stage: analysis needs: [] variables: CC: "clang-${CLANG_VERSION}" CXX: "clang++-${CLANG_VERSION}" script: - mkdir build - cd build - scan-build-${CLANG_VERSION} cmake -DCMAKE_BUILD_TYPE=Debug -DDISABLE_WERROR=ON -G Ninja .. - scan-build-${CLANG_VERSION} -o ../sbout ninja - cd ../sbout - RAW_DIR=$( find ../sbout -type d -name "20??-??-??-*" -printf "%P\n" | head ) - SB_DIR="scan-build-$RAW_DIR" - mv "$RAW_DIR" "$SB_DIR" - if [ -d logs ] ; then mv logs $SB_DIR ; fi - chmod -R u=rwX,go=rX "$SB_DIR" - zip -9 -r "${SB_DIR}.zip" "$SB_DIR" - if [ -n "$AWS_ACCESS_KEY_ID" ] && [ -n "$AWS_SECRET_ACCESS_KEY" ] && [ -n "$S3_DESTINATION_ANALYSIS" ] ; then aws s3 cp "${SB_DIR}.zip" "$S3_DESTINATION_ANALYSIS/" ; fi # Windows runners are still beta, at least technically: # https://docs.gitlab.com/ee/user/gitlab_com/index.html#windows-shared-runners-beta build:windows-vs-code-analysis: extends: .build-windows tags: - wireshark-windows-dev rules: # The wireshark-windows-* tags are only available in wireshark/wireshark. - if: '$CI_PIPELINE_SOURCE == "schedule" && $SCHEDULE_TYPE == "daily" && $CI_PROJECT_URL =~ /.*gitlab.com\/wireshark\/wireshark/' when: always script: - $env:caexcludepath = "C:\Qt;$env:INCLUDE" - cmake -DENABLE_CODE_ANALYSIS=ON -G "Visual Studio 16 2019" -A x64 -DENABLE_LTO=off .. - msbuild /verbosity:minimal "/consoleloggerparameters:PerformanceSummary;NoSummary" /maxcpucount:2 Wireshark.sln sloccount: extends: .build-ubuntu rules: - if: '$CI_PIPELINE_SOURCE == "schedule" && $SCHEDULE_TYPE == "daily"' when: always stage: analysis variables: SLOC_OUT: sloccount.txt needs: [] script: - cmake -G Ninja .. - ninja - cd .. - echo -n "SLOCCount version:\ " - sloccount --version - sloccount . | awk "/^Computing results/ { results=1 } { if (results) print }" > $SLOC_OUT - cat $SLOC_OUT - if [ -n "$AWS_ACCESS_KEY_ID" ] && [ -n "$AWS_SECRET_ACCESS_KEY" ] && [ -n "$S3_DESTINATION_ANALYSIS" ] ; then aws s3 cp "$SLOC_OUT" "$S3_DESTINATION_ANALYSIS/" ; fi