# In the interest of reliability and performance, please avoid installing # external dependencies here, e.g. via tools/*-setup.sh, apt, dnf, or yum. # Do so in the appropriate Dockerfile at # https://gitlab.com/wireshark/wireshark-containers/ instead. # The resulting images can be found at # https://hub.docker.com/r/wireshark/wireshark-centos-7-dev # https://hub.docker.com/r/wireshark/wireshark-centos-8-dev # https://hub.docker.com/r/wireshark/wireshark-debian-stable-dev # https://hub.docker.com/r/wireshark/wireshark-fedora-dev # https://hub.docker.com/r/wireshark/wireshark-opensuse-15.2-dev # https://hub.docker.com/r/wireshark/wireshark-ubuntu-dev stages: - build - analysis - test - fuzz-asan - fuzz-randpkt - fuzz-valgrind variables: # Ensure that checkouts are a) fast and b) have a reachable tag. In a # brighter, more glorious future we might be able to use --shallow-since: # https://gitlab.com/gitlab-org/gitlab-runner/-/issues/3460 # In the mean time, fetching the last 5000 commits does the job. GIT_DEPTH: "1" GIT_FETCH_EXTRA_FLAGS: "--depth=5000" CCACHE_DIR: "${CI_PROJECT_DIR}/ccache" # Preferred version of clang available on wireshark-ubuntu-dev CLANG_VERSION: 12 # Enable color output in CMake, Ninja, and other tools. https://bixense.com/clicolors/ CLICOLOR_FORCE: 1 # Scheduled builds additionally set SCHEDULE_TYPE, which can be one of: # - daily: Daily at 10:00 UTC # - coverity-visual-c++: Monday, Wednesday, & Friday at 12:00 UTC # - coverity-gcc: Sunday, Tuesday, Thursday & Saturday at 12:00 UTC # Common rule stanzas # These must currently be including using "!reference tags". "extends:" and # YAML anchors won't work: # https://gitlab.com/gitlab-org/gitlab/-/issues/322992 # Commits that have been approved and merged. Run automatically in the main # repo and allow manual runs in the web UI and in forks. .if-merged: - if: '$CI_PIPELINE_SOURCE == "push" && $CI_PROJECT_URL =~ /.*gitlab.com\/wireshark\/wireshark/' when: always - if: '$CI_PIPELINE_SOURCE == "web"' when: always - if: '$CI_PIPELINE_SOURCE == "push" && $CI_PROJECT_URL !~ /.*gitlab.com\/wireshark\/wireshark/' when: manual # Incoming merge requests. .if-merge-request: - if: '$CI_PIPELINE_SOURCE == "merge_request_event"' when: always # Incoming non-detached merge requests. Must be used for runners which are only # available in wireshark/wireshark, e.g. wireshark-windows-* .if-attached-merge-request: - if: '$CI_PIPELINE_SOURCE == "merge_request_event" && $CI_PROJECT_URL =~ /.*gitlab.com\/wireshark\/wireshark/' when: always # Daily jobs. Care should be taken when changing this since the scheduler # often doesn't report errors. .if-daily-schedule: - if: '$CI_PIPELINE_SOURCE == "schedule" && $SCHEDULE_TYPE == "daily"' when: always # Fuzz jobs. Care should be taken when changing this since the scheduler # often doesn't report errors. .if-fuzz-schedule: - if: '$CI_PIPELINE_SOURCE == "schedule" && $SCHEDULE_TYPE == "fuzz"' when: always .build: stage: build after_script: - for builddir in build/packaging/rpm/BUILD/wireshark-*/build build/packaging/rpm/BUILD/wireshark-* build obj-*; do [ ! -d "$builddir/run" ] || break; done - if [[ "$CI_JOB_NAME" == "build:rpm-opensuse-"* ]]; then export LD_LIBRARY_PATH=$builddir/run; fi - if [ -f $builddir/run/tshark ]; then $builddir/run/tshark --version; fi needs: [] .build-ubuntu: extends: .build image: wireshark/wireshark-ubuntu-dev retry: 1 # https://gould.cx/ted/blog/2017/06/10/ccache-for-Gitlab-CI/ cache: # XXX Use ${CI_JOB_NAME}-${CI_MERGE_REQUEST_TARGET_BRANCH_NAME} instead? key: ${CI_JOB_NAME}-master paths: - ccache/ before_script: - useradd user - export LANG=en_US.UTF-8 - export PYTEST_ADDOPTS=--skip-missing-programs=dumpcap,rawshark - mkdir -p ccache - ccache --show-stats - export DEB_BUILD_OPTIONS=nocheck,parallel=$(( $(getconf _NPROCESSORS_ONLN) + 2 )) - export DH_QUIET=1 - export MAKEFLAGS=--silent - mkdir build - cd build after_script: # The cache should be large enough to be useful but it shouldn't take # too long to restore+save each run. - ccache --max-size $( du --summarize --block-size=1M "$CI_PROJECT_DIR/build" | awk '{printf ("%dM", $1 * 1.5)}' ) script: # setcap restricts our library paths - printf "\e[0Ksection_start:%s:cmake_section[collapsed=true]\r\e[0KRunning CMake" "$( date +%s)" - CFLAGS=-Wl,-rpath=$(pwd)/run CXXFLAGS=-Wl,-rpath=$(pwd)/run cmake -GNinja $CMAKE_ARGS .. - printf "\e[0Ksection_end:%s:cmake_section\r\e[0K" "$( date +%s)" - ninja - ninja install - ninja shellcheck - ninja test-programs - chown -R user . - if [ -f run/dumpcap ]; then setcap cap_net_raw,cap_net_admin+eip run/dumpcap; fi - if [ -f run/dumpcap ]; then su user -c "run/dumpcap -D" ; fi - su user -c pytest-3 .build-rpm: extends: .build rules: !reference [.if-merged] before_script: # It might make sense to set "GIT_STRATEGY: none" and build from # the tarball. - git config --global user.email "you@example.com" - git config --global user.name "Your Name" - mkdir build - cd build - perl ../tools/make-version.pl --set-release - mv -v ../wireshark-*.tar.* . artifacts: paths: - build/packaging/rpm/RPMS expire_in: 3 days needs: - 'Source Package' .test-rpm: rules: !reference [.if-merged] stage: test variables: GIT_STRATEGY: none .build-windows: stage: build before_script: - if (-Not (Test-Path C:\Development)) { New-Item -Path C:\Development -ItemType "directory" } - $env:WIRESHARK_BASE_DIR = "C:\Development" - $env:Configuration = "RelWithDebInfo" - $env:Path += ";C:\Program Files\CMake\bin" - $env:Path += ";C:\Strawberry\c\bin;C:\Strawberry\perl\site\bin;C:\Strawberry\perl\bin" - $env:Path += ";C:\qt\5.15.2\msvc2019_64\bin" # https://help.appveyor.com/discussions/questions/18777-how-to-use-vcvars64bat-from-powershell - cmd.exe /c "call `"C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\VC\Auxiliary\Build\vcvars64.bat`" && set > %temp%\vcvars.txt" - Get-Content "$env:temp\vcvars.txt" | Foreach-Object { if ($_ -match "^(.*?)=(.*)$") { Set-Content "env:\$($matches[1])" $matches[2] } } # Testing / debugging only. # - cmd.exe /c "set CI_PIPELINE_SOURCE" # - cmd.exe /c "set CI_PROJECT_URL" #- dir c:\ #- dir c:\qt #- $env:path.split(";") #- cmd.exe /c "set" #- Get-Location - mkdir build - cd build needs: [] # Rely on fedora:latest and debian-stable jobs for testing a recent GCC version. Latest Clang: extends: .build-ubuntu rules: !reference [.if-merged] variables: CC: "clang-$CLANG_VERSION" CXX: "clang++-$CLANG_VERSION" Source Package: extends: .build-ubuntu stage: .pre rules: !reference [.if-merged] script: - perl ../tools/make-version.pl --set-release || ../perl make-version.pl --set-release - printf "\e[0Ksection_start:%s:cmake_section[collapsed=true]\r\e[0KRunning CMake" "$( date +%s)" - cmake -G Ninja $CMAKE_ARGS -DENABLE_CCACHE=ON .. - printf "\e[0Ksection_end:%s:cmake_section\r\e[0K" "$( date +%s)" - cd $CI_PROJECT_DIR - build/packaging/source/git-export-release.sh -d . after_script: # - ccache --max-size $( du --summarize --block-size=1M "$CI_PROJECT_DIR/build" | awk '{printf ("%dM", $1 * 1.5)}' ) - for digest in sha256 rmd160 sha1 ; do openssl $digest wireshark-*.tar.* ; done # This will break if we produce multiple tarballs, which is arguably a good thing. - if [ -n "$AWS_ACCESS_KEY_ID" ] && [ -n "$AWS_SECRET_ACCESS_KEY" ] && [ -n "$S3_DESTINATION_DIST" ] ; then aws s3 cp wireshark-*.tar.* "$S3_DESTINATION_DIST/" ; fi artifacts: paths: - wireshark-*.tar.* # The custom CentOS 7 image pre-installs dependencies and compilers to speed up the build: # https://hub.docker.com/r/wireshark/wireshark-centos-7-dev # https://gitlab.com/wireshark/wireshark-containers/-/tree/master/dev/centos-7 CentOS 7 RPM Package: extends: .build-rpm image: wireshark/wireshark-centos-7-dev script: - printf "\e[0Ksection_start:%s:cmake_section[collapsed=true]\r\e[0KRunning CMake" "$( date +%s)" - cmake3 -GNinja .. - printf "\e[0Ksection_end:%s:cmake_section\r\e[0K" "$( date +%s)" - ninja-build rpm-package CentOS 7 RPM Test: extends: .test-rpm image: wireshark/wireshark-centos-7-dev script: - yum --nogpgcheck localinstall -y build/packaging/rpm/RPMS/x86_64/*.rpm - tshark --version needs: [ 'CentOS 7 RPM Package' ] CentOS 8 RPM Package: extends: .build-rpm image: wireshark/wireshark-centos-8-dev script: - printf "\e[0Ksection_start:%s:cmake_section[collapsed=true]\r\e[0KRunning CMake" "$( date +%s)" - cmake -GNinja .. - printf "\e[0Ksection_end:%s:cmake_section\r\e[0K" "$( date +%s)" - ninja-build rpm-package CentOS 8 RPM Test: extends: .test-rpm image: wireshark/wireshark-centos-8-dev script: - dnf --nogpgcheck localinstall -y build/packaging/rpm/RPMS/x86_64/*.rpm - tshark --version needs: [ 'CentOS 8 RPM Package' ] openSUSE 15.2 RPM Package: extends: .build-rpm image: wireshark/wireshark-opensuse-15.2-dev script: - printf "\e[0Ksection_start:%s:cmake_section[collapsed=true]\r\e[0KRunning CMake" "$( date +%s)" - cmake -GNinja .. - printf "\e[0Ksection_end:%s:cmake_section\r\e[0K" "$( date +%s)" - ninja rpm-package openSUSE 15.2 RPM Test: extends: .test-rpm image: wireshark/wireshark-opensuse-15.2-dev script: - zypper --no-gpg-checks install -y build/packaging/rpm/RPMS/x86_64/*.rpm - tshark --version needs: [ 'openSUSE 15.2 RPM Package' ] Fedora RPM Package: extends: .build-rpm image: wireshark/wireshark-fedora-dev script: # Shared GitLab runners limit the log size to 4M, so reduce verbosity. See # https://gitlab.com/gitlab-com/support-forum/issues/2790 - export FORCE_CMAKE_NINJA_NON_VERBOSE=1 - printf "\e[0Ksection_start:%s:cmake_section[collapsed=true]\r\e[0KRunning CMake" "$( date +%s)" - cmake3 -GNinja .. - printf "\e[0Ksection_end:%s:cmake_section\r\e[0K" "$( date +%s)" - ninja rpm-package # Fedora RPM Test: # extends: .test-rpm # image: fedora # script: # - dnf install -y build/packaging/rpm/RPMS/x86_64/*.rpm # - tshark --version # needs: [ 'Fedora RPM Package' ] # Job to generate packages for Debian stable Debian Stable APT Package: extends: .build rules: !reference [.if-merged] image: wireshark/wireshark-debian-stable-dev script: - perl tools/make-version.pl --set-release # Shared GitLab runners limit the log size to 4M, so reduce verbosity. See # https://gitlab.com/gitlab-com/support-forum/issues/2790 - export DH_QUIET=1 - export MAKEFLAGS=--silent - dpkg-buildpackage -b --no-sign -jauto - mkdir debian-packages - mv ../*.deb debian-packages/ artifacts: paths: - debian-packages/*.deb expire_in: 3 days Debian Stable APT Test: rules: !reference [.if-merged] image: wireshark/wireshark-debian-stable-dev stage: test script: - DEBIAN_FRONTEND=noninteractive apt-get install ./debian-packages/*.deb -y - tshark --version variables: GIT_STRATEGY: none needs: [ 'Debian Stable APT Package' ] Win64 Package: extends: .build-windows rules: !reference [.if-merged] tags: - wireshark-win64-package before_script: - $env:WIRESHARK_BASE_DIR = "C:\Development" - $env:Configuration = "RelWithDebInfo" - $env:Path += ";C:\Program Files\CMake\bin" - $env:Path += ";C:\Strawberry\c\bin;C:\Strawberry\perl\site\bin;C:\Strawberry\perl\bin" - $env:Path += ";C:\qt\5.15.2\msvc2019_64\bin" - $env:Path += ";C:\Program Files (x86)\NSIS" - $env:Path += ";C:\Program Files (x86)\WiX Toolset v3.11\bin" - $env:Path += ";C:\Program Files\Amazon\AWSCLIV2" # https://help.appveyor.com/discussions/questions/18777-how-to-use-vcvars64bat-from-powershell - cmd.exe /c "call `"C:\Program Files (x86)\Microsoft Visual Studio\2019\Professional\VC\Auxiliary\Build\vcvars64.bat`" && set > %temp%\vcvars.txt" - Get-Content "$env:temp\vcvars.txt" | Foreach-Object { if ($_ -match "^(.*?)=(.*)$") { Set-Content "env:\$($matches[1])" $matches[2] } } - mkdir build - cd build script: - perl ../tools/make-version.pl --set-release - cmake -G "Visual Studio 16 2019" -A x64 -DENABLE_LTO=off .. - msbuild /verbosity:minimal "/consoleloggerparameters:PerformanceSummary;NoSummary" /maxcpucount Wireshark.sln - msbuild /verbosity:minimal /maxcpucount test-programs.vcxproj - msbuild /verbosity:minimal /maxcpucount nsis_package_prep.vcxproj - msbuild /verbosity:minimal /maxcpucount wix_package_prep.vcxproj - C:\gitlab-builds\bin\sign-files.ps1 -Recurse -Path run\RelWithDebInfo - msbuild /verbosity:minimal nsis_package.vcxproj - C:\gitlab-builds\bin\sign-files.ps1 -Path packaging\nsis - msbuild /verbosity:minimal wix_package.vcxproj - C:\gitlab-builds\bin\sign-files.ps1 -Path packaging\wix - msbuild /verbosity:minimal portableapps_package.vcxproj - C:\gitlab-builds\bin\sign-files.ps1 -Path packaging\portableapps - $plugins = Get-ChildItem run\RelWithDebInfo\plugins\*\*.dll ; signtool verify /v /pa /all run\RelWithDebInfo\*.exe run\RelWithDebInfo\extcap\*.exe $plugins run\RelWithDebInfo\libwireshark.dll run\RelWithDebInfo\libwiretap.dll run\RelWithDebInfo\libwsutil.dll packaging\nsis\Wireshark-win??-*.exe packaging\wix\Wireshark-win??-*.msi packaging\portableapps\WiresharkPortable??_*.paf.exe - msbuild /verbosity:minimal pdb_zip_package.vcxproj - C:\gitlab-builds\bin\mse-scan.ps1 - $packages = Get-ChildItem "packaging\nsis\Wireshark-win??-*.exe", "packaging\wix\Wireshark-win??-*.msi", "packaging\portableapps\WiresharkPortable??_*.paf.exe" - foreach ($package in $packages) { certutil -hashfile $package SHA256 } - | if ((Test-Path env:AWS_ACCESS_KEY_ID) -and (Test-Path env:AWS_SECRET_ACCESS_KEY) -and (Test-Path env:S3_DESTINATION_WIN64)) { foreach ($package in $packages) { aws s3 cp "$package" "$env:S3_DESTINATION_WIN64/" } } - ctest -C RelWithDebInfo --parallel 3 --force-new-ctest-process --verbose Win32 Package: extends: .build-windows rules: !reference [.if-merged] tags: - wireshark-win32-package before_script: - $env:WIRESHARK_BASE_DIR = "C:\Development" - $env:Configuration = "RelWithDebInfo" - $env:Path += ";C:\Program Files\CMake\bin" - $env:Path += ";C:\Strawberry\c\bin;C:\Strawberry\perl\site\bin;C:\Strawberry\perl\bin" - $env:Path += ";C:\qt\5.15.2\msvc2019\bin" - $env:Path += ";C:\Program Files (x86)\NSIS" - $env:Path += ";C:\Program Files (x86)\WiX Toolset v3.11\bin" - $env:Path += ";C:\Program Files\Amazon\AWSCLIV2" # https://help.appveyor.com/discussions/questions/18777-how-to-use-vcvars64bat-from-powershell - cmd.exe /c "call `"C:\Program Files (x86)\Microsoft Visual Studio\2019\Professional\VC\Auxiliary\Build\vcvarsamd64_x86.bat`" && set > %temp%\vcvars.txt" - Get-Content "$env:temp\vcvars.txt" | Foreach-Object { if ($_ -match "^(.*?)=(.*)$") { Set-Content "env:\$($matches[1])" $matches[2] } } - $env:Platform = "Win32" - mkdir build - cd build script: - perl ../tools/make-version.pl --set-release - cmake -G "Visual Studio 16 2019" -A Win32 -DENABLE_LTO=off .. - msbuild /verbosity:minimal "/consoleloggerparameters:PerformanceSummary;NoSummary" /maxcpucount Wireshark.sln - msbuild /verbosity:minimal /maxcpucount test-programs.vcxproj - msbuild /verbosity:minimal /maxcpucount nsis_package_prep.vcxproj - msbuild /verbosity:minimal /maxcpucount wix_package_prep.vcxproj - C:\gitlab-builds\bin\sign-files.ps1 -Recurse -Path run\RelWithDebInfo - msbuild /verbosity:minimal nsis_package.vcxproj - C:\gitlab-builds\bin\sign-files.ps1 -Path packaging\nsis - msbuild /verbosity:minimal wix_package.vcxproj - C:\gitlab-builds\bin\sign-files.ps1 -Path packaging\wix - msbuild /verbosity:minimal portableapps_package.vcxproj - C:\gitlab-builds\bin\sign-files.ps1 -Path packaging\portableapps - $plugins = Get-ChildItem run\RelWithDebInfo\plugins\*\*.dll ; signtool verify /v /pa /all run\RelWithDebInfo\*.exe run\RelWithDebInfo\extcap\*.exe $plugins run\RelWithDebInfo\libwireshark.dll run\RelWithDebInfo\libwiretap.dll run\RelWithDebInfo\libwsutil.dll packaging\nsis\Wireshark-win??-*.exe packaging\wix\Wireshark-win??-*.msi packaging\portableapps\WiresharkPortable??_*.paf.exe - msbuild /verbosity:minimal pdb_zip_package.vcxproj - C:\gitlab-builds\bin\mse-scan.ps1 - $packages = Get-ChildItem "packaging\nsis\Wireshark-win??-*.exe", "packaging\wix\Wireshark-win??-*.msi", "packaging\portableapps\WiresharkPortable??_*.paf.exe" - foreach ($package in $packages) { certutil -hashfile $package SHA256 } - | if ((Test-Path env:AWS_ACCESS_KEY_ID) -and (Test-Path env:AWS_SECRET_ACCESS_KEY) -and (Test-Path env:S3_DESTINATION_WIN32)) { foreach ($package in $packages) { aws s3 cp "$package" "$env:S3_DESTINATION_WIN32/" } } - ctest -C RelWithDebInfo --parallel 3 --force-new-ctest-process --verbose # Build the User's Guide and Developer's Guide Documentation: stage: build image: wireshark/wireshark-ubuntu-dev rules: - if: '$CI_PIPELINE_SOURCE == "push" && $CI_PROJECT_URL =~ /.*gitlab.com\/wireshark\/wireshark/' changes: - "docbook/**" - "epan/wslua/**" when: always - if: '$CI_PIPELINE_SOURCE == "push"' changes: - "docbook/**" - "epan/wslua/**" when: manual script: # XXX We might want to move this to wireshark-ubuntu-dev or debian-setup.sh. - DEBIAN_FRONTEND=noninteractive apt-get update - DEBIAN_FRONTEND=noninteractive apt-get --yes install ruby-coderay ruby-asciidoctor-pdf - mkdir build - cd build - printf "\e[0Ksection_start:%s:cmake_section[collapsed=true]\r\e[0KRunning CMake" "$( date +%s)" - cmake -GNinja .. - printf "\e[0Ksection_end:%s:cmake_section\r\e[0K" "$( date +%s)" - ninja all_guides - cd docbook - for HTML_DIR in wsug_html wsug_html_chunked wsdg_html wsdg_html_chunked ; do zip -9 -r "$HTML_DIR.zip" "$HTML_DIR" ; done after_script: - mv -v build/docbook/ws[ud]g_html{,_chunked}.zip . - mv -v build/docbook/{user,developer}-guide.pdf . - | if [ -n "$AWS_ACCESS_KEY_ID" ] && [ -n "$AWS_SECRET_ACCESS_KEY" ] && [ -n "$S3_DESTINATION_DOCS" ] ; then for DOC_FILE in ws[ud]g_html{,_chunked}.zip {user,developer}-guide.pdf ; do aws s3 cp "$DOC_FILE" "$S3_DESTINATION_DOCS/" done fi artifacts: paths: - wsug_html.zip - wsug_html_chunked.zip - wsdg_html.zip - wsdg_html_chunked.zip - user-guide.pdf - developer-guide.pdf needs: [] # https://docs.gitlab.com/ee/user/gitlab_com/index.html#linux-shared-runners Commit Check: extends: .build-ubuntu rules: !reference [.if-merge-request] tags: - docker script: # build-ubuntu puts us in `build`. - cd .. - bash ./tools/pre-commit 'HEAD^1' - tools/validate-commit.py Ubuntu .dpkg: extends: .build-ubuntu rules: !reference [.if-merge-request] tags: - docker script: # build-ubuntu puts us in `build`. - cd .. - CC=/usr/lib/ccache/gcc CXX=/usr/lib/ccache/g++ MAKE=ninja dpkg-buildpackage -us -uc -rfakeroot -jauto -Zgzip -zfast - lintian --suppress-tags library-not-linked-against-libc,copyright-excludes-files-in-native-package --display-experimental --display-info --pedantic --profile debian after_script: # dpkg-buildpackage builds in obj-, so we need to override # .build-ubuntu. We also build more stuff, so decrease our multiplier. - ccache --max-size $( du --summarize --block-size=1M --total "$CI_PROJECT_DIR"/obj-* | awk '/total$/ {printf ("%dM", $1 * 1.25)}' ) GCC Warnings: extends: .build-ubuntu rules: !reference [.if-merge-request] tags: - docker script: # build-ubuntu puts us in `build`. - printf "\e[0Ksection_start:%s:cmake_section[collapsed=true]\r\e[0KRunning CMake" "$( date +%s)" - CC=gcc CXX=g++ cmake -DENABLE_EXTRA_COMPILER_WARNINGS=on -DCMAKE_EXPORT_COMPILE_COMMANDS=on -DENABLE_CCACHE=ON -G Ninja .. - printf "\e[0Ksection_end:%s:cmake_section\r\e[0K" "$( date +%s)" - script --command ninja --flush --quiet --return ../gcc_report.txt - ansi2html < ../gcc_report.txt > ../gcc_report.html - ninja test-programs - chown -R user . - su user -c "ctest --parallel $(getconf _NPROCESSORS_ONLN) --force-new-ctest-process --verbose" artifacts: paths: - gcc_report.html Code Checks + Clang Warnings: extends: .build-ubuntu rules: !reference [.if-merge-request] tags: - docker variables: CC: "clang-$CLANG_VERSION" CXX: "clang++-$CLANG_VERSION" script: # build-ubuntu puts us in `build`. - cd .. - python3 tools/checklicenses.py - ./tools/cppcheck/cppcheck.sh -l 1 -x | tee cppcheck_report.xml - ./tools/check_typed_item_calls.py --commits 1 | tee item_calls_check.txt - ./tools/check_tfs.py --commits 1 | tee tfs_check.txt - if [[ -s "cppcheck_report.xml" ]]; then cppcheck-htmlreport --file cppcheck_report.xml --report-dir . ; fi - cd build - printf "\e[0Ksection_start:%s:cmake_section[collapsed=true]\r\e[0KRunning CMake" "$( date +%s)" - cmake -DENABLE_EXTRA_COMPILER_WARNINGS=on -DENABLE_CHECKHF_CONFLICT=on -DCMAKE_EXPORT_COMPILE_COMMANDS=on -DENABLE_CCACHE=ON -G Ninja .. - printf "\e[0Ksection_end:%s:cmake_section\r\e[0K" "$( date +%s)" - script --command ninja --flush --quiet --return ../clang_report.txt - ansi2html < ../clang_report.txt > ../clang_report.html - ./run/tshark -v - ../tools/validate-clang-check.sh -c $CLANG_VERSION - ninja checkAPI artifacts: paths: - clang_report.html - cppcheck_report.html - cppcheck_report.xml - item_calls_check.txt - tfs_check.txt # Windows runners are still beta, at least technically: # https://docs.gitlab.com/ee/user/gitlab_com/index.html#windows-shared-runners-beta Windows Build: extends: .build-windows rules: !reference [.if-attached-merge-request] tags: - wireshark-windows-merge-req script: - cmake -G "Visual Studio 16 2019" -A x64 -DENABLE_LTO=off .. - msbuild /verbosity:minimal "/consoleloggerparameters:PerformanceSummary;NoSummary" /maxcpucount Wireshark.sln - msbuild /verbosity:minimal /maxcpucount test-programs.vcxproj - ctest -C RelWithDebInfo --parallel 3 --force-new-ctest-process --verbose # Adapted from https://www.synopsys.com/blogs/software-security/integrating-coverity-scan-with-gitlab-ci/ # and https://gitlab.gnome.org/GNOME/glib/-/blob/8f57a5b9/.gitlab-ci.yml#L481 Coverity GCC Scan: image: wireshark/wireshark-ubuntu-dev rules: - if: '$CI_PIPELINE_SOURCE == "schedule" && $SCHEDULE_TYPE == "coverity-gcc"' when: always stage: analysis needs: [] variables: CC: gcc CXX: g++ # cov-build doesn’t handle GLIB_DEPRECATED_ENUMERATOR CFLAGS: '-DGLIB_DISABLE_DEPRECATION_WARNINGS' CXXFLAGS: '-DGLIB_DISABLE_DEPRECATION_WARNINGS' script: - curl --output /tmp/cov-analysis-linux64.tar.gz --form project=$COVERITY_SCAN_PROJECT_NAME --form token=$COVERITY_SCAN_TOKEN https://scan.coverity.com/download/linux64 - tar --directory=/tmp --extract --gzip --file /tmp/cov-analysis-linux64.tar.gz - mkdir build - cd build - cmake -G Ninja .. - /tmp/cov-analysis-linux64-*/bin/cov-build --return-emit-failures --dir ../cov-int ninja - cd .. - tar --create --gzip --file cov-int.tar.gz cov-int - echo "export ARTIFACT_JOB_URL=$CI_JOB_URL" > job_environment_variables.sh - echo "export GIT_DESCRIPTION=$( git describe --tags )" >> job_environment_variables.sh artifacts: paths: - cov-int.tar.gz - job_environment_variables.sh Coverity GCC Submit: image: curlimages/curl rules: - if: '$CI_PIPELINE_SOURCE == "schedule" && $SCHEDULE_TYPE == "coverity-gcc"' when: always stage: .post script: - . job_environment_variables.sh - echo $ARTIFACT_JOB_URL - echo $GIT_DESCRIPTION - curl --fail --data "project=$COVERITY_SCAN_PROJECT_NAME&token=$COVERITY_SCAN_TOKEN&email=$GITLAB_USER_EMAIL&url=$ARTIFACT_JOB_URL/artifacts/raw/cov-int.tar.gz&version=$GIT_DESCRIPTION&description=Ubuntu $GIT_DESCRIPTION $CI_COMMIT_REF_NAME:$CI_PIPELINE_ID" https://scan.coverity.com/builds needs: [ 'Coverity GCC Scan' ] Coverity Visual C++ Scan: extends: .build-windows rules: - if: '$CI_PIPELINE_SOURCE == "schedule" && $SCHEDULE_TYPE == "coverity-visual-c++"' when: always tags: - wireshark-windows-merge-req stage: analysis needs: [] script: - $gitDescription = (( git describe --tags ) | Out-String).Trim() - C:\Windows\System32\curl --output $env:temp\cov-analysis-win64.zip --form project=$COVERITY_SCAN_PROJECT_NAME --form token=$COVERITY_SCAN_TOKEN https://scan.coverity.com/download/win64 - C:\ProgramData\chocolatey\tools\7z x "$env:temp\cov-analysis-win64.zip" -y -r -o"$env:temp" - cmake -DTEST_EXTRA_ARGS=--enable-release -DENABLE_LTO=off -G "Visual Studio 16 2019" -A x64 .. - $covAnalysisWin64 = (Get-ChildItem -Path $env:temp -Filter "cov-analysis-win64-*" -Directory)[0].FullName - Invoke-Expression "& $covAnalysisWin64\bin\cov-build.exe --return-emit-failures --dir ..\cov-int msbuild /verbosity:minimal `"/consoleloggerparameters:PerformanceSummary;NoSummary`" /maxcpucount:1 Wireshark.sln" - cd .. - C:\ProgramData\chocolatey\tools\7z a -tzip cov-int.zip cov-int - '"export ARTIFACT_JOB_URL=$env:CI_JOB_URL" | Out-File -Encoding ascii job_environment_variables.sh' - '"export GIT_DESCRIPTION=$gitDescription" | Out-File -Encoding ascii -Append job_environment_variables.sh' artifacts: paths: - cov-int.zip - job_environment_variables.sh Coverity Visual C++ Submit: image: curlimages/curl rules: - if: '$CI_PIPELINE_SOURCE == "schedule" && $SCHEDULE_TYPE == "coverity-visual-c++"' when: always stage: .post script: - sed -i -e 's/\r//' job_environment_variables.sh - . job_environment_variables.sh - echo $ARTIFACT_JOB_URL - echo $GIT_DESCRIPTION - curl --fail --data "project=$COVERITY_SCAN_PROJECT_NAME&token=$COVERITY_SCAN_TOKEN&email=$GITLAB_USER_EMAIL&url=$ARTIFACT_JOB_URL/artifacts/raw/cov-int.zip&version=$GIT_DESCRIPTION&description=Windows $GIT_DESCRIPTION $CI_COMMIT_REF_NAME:$CI_PIPELINE_ID" https://scan.coverity.com/builds needs: [ 'Coverity Visual C++ Scan' ] Clang Static Analyzer: image: wireshark/wireshark-ubuntu-dev rules: !reference [.if-daily-schedule] stage: analysis needs: [] variables: CC: "clang-${CLANG_VERSION}" CXX: "clang++-${CLANG_VERSION}" script: - mkdir build - cd build - scan-build-${CLANG_VERSION} cmake -DCMAKE_BUILD_TYPE=Debug -DDISABLE_WERROR=ON -G Ninja .. - scan-build-${CLANG_VERSION} -o ../sbout ninja - cd ../sbout - RAW_DIR=$( find ../sbout -type d -name "20??-??-??-*" -printf "%P\n" | head ) - SB_DIR="scan-build-$RAW_DIR" - mv "$RAW_DIR" "$SB_DIR" - if [ -d logs ] ; then mv logs $SB_DIR ; fi - chmod -R u=rwX,go=rX "$SB_DIR" - zip -9 -r "${SB_DIR}.zip" "$SB_DIR" - if [ -n "$AWS_ACCESS_KEY_ID" ] && [ -n "$AWS_SECRET_ACCESS_KEY" ] && [ -n "$S3_DESTINATION_ANALYSIS" ] ; then aws s3 cp "${SB_DIR}.zip" "$S3_DESTINATION_ANALYSIS/" ; fi # Windows runners are still beta, at least technically: # https://docs.gitlab.com/ee/user/gitlab_com/index.html#windows-shared-runners-beta Visual Studio Code Analysis: extends: .build-windows tags: - wireshark-windows-dev rules: # The wireshark-windows-* tags are only available in wireshark/wireshark. - if: '$CI_PIPELINE_SOURCE == "schedule" && $SCHEDULE_TYPE == "daily" && $CI_PROJECT_URL =~ /.*gitlab.com\/wireshark\/wireshark/' when: always script: - $env:caexcludepath = "C:\Qt;$env:INCLUDE" - cmake -DENABLE_CODE_ANALYSIS=ON -G "Visual Studio 16 2019" -A x64 -DENABLE_LTO=off .. - msbuild /verbosity:minimal "/consoleloggerparameters:PerformanceSummary;NoSummary" /maxcpucount:2 Wireshark.sln # Build all doxygen docs API Reference: image: wireshark/wireshark-ubuntu-dev rules: !reference [.if-daily-schedule] stage: build script: - mkdir build - cd build - printf "\e[0Ksection_start:%s:cmake_section[collapsed=true]\r\e[0KRunning CMake" "$( date +%s)" - cmake -GNinja .. - printf "\e[0Ksection_end:%s:cmake_section\r\e[0K" "$( date +%s)" - ninja wsar_html_zip 2>&1 > doxygen_output.txt | tee doxygen_errors.txt after_script: - mv build/wsar_html.zip . - mv build/doxygen_output.txt . - mv build/doxygen_errors.txt . - | if [ -n "$AWS_ACCESS_KEY_ID" ] && [ -n "$AWS_SECRET_ACCESS_KEY" ] && [ -n "$S3_DESTINATION_DOCS" ] ; then aws s3 cp wsar_html.zip "$S3_DESTINATION_DOCS/" fi artifacts: when: always paths: - doxygen_errors.txt - doxygen_output.txt - wsar_html.zip needs: [] Code Lines: extends: .build-ubuntu rules: !reference [.if-daily-schedule] stage: analysis variables: CLOC_OUT: /tmp/cloc.txt SCC_OUT: /tmp/scc.txt SLOC_OUT: /tmp/sloccount.txt TOKEI_OUT: /tmp/tokei.txt script: - DEBIAN_FRONTEND=noninteractive apt-get update - DEBIAN_FRONTEND=noninteractive apt-get --yes install sloccount cloc curl unzip - pushd /tmp - curl -L -O https://github.com/boyter/scc/releases/download/v3.0.0/scc-3.0.0-x86_64-unknown-linux.zip - unzip scc-3.0.0-x86_64-unknown-linux.zip - curl -L -O https://github.com/XAMPPRocky/tokei/releases/download/v12.1.2/tokei-x86_64-unknown-linux-gnu.tar.gz - tar -xf tokei-x86_64-unknown-linux-gnu.tar.gz - popd - DEBIAN_FRONTEND=noninteractive apt-get update - DEBIAN_FRONTEND=noninteractive apt-get --yes install sloccount cloc curl unzip - printf "\e[0Ksection_start:%s:cmake_section[collapsed=true]\r\e[0KRunning CMake" "$( date +%s)" - cmake -G Ninja .. - printf "\e[0Ksection_end:%s:cmake_section\r\e[0K" "$( date +%s)" - ninja - cd .. - echo -n "cloc version:\ " - cloc --version - cloc --quiet . | tee $CLOC_OUT - /tmp/scc --version - /tmp/scc --not-match 'qt/.*.ts' . | tee $SCC_OUT - echo -n "SLOCCount version:\ " - sloccount --version - sloccount . | awk "/^Computing results/ { results=1 } { if (results) print }" | tee $SLOC_OUT - /tmp/tokei --version - /tmp/tokei --exclude 'qt/*.ts' . | tee $TOKEI_OUT - | if [ -n "$AWS_ACCESS_KEY_ID" ] && [ -n "$AWS_SECRET_ACCESS_KEY" ] && [ -n "$S3_DESTINATION_ANALYSIS" ] ; then aws s3 cp "$CLOC_OUT" "$S3_DESTINATION_ANALYSIS/" aws s3 cp "$SCC_OUT" "$S3_DESTINATION_ANALYSIS/" aws s3 cp "$SLOC_OUT" "$S3_DESTINATION_ANALYSIS/" aws s3 cp "$TOKEI_OUT" "$S3_DESTINATION_ANALYSIS/" fi # Fuzz TShark using ASAN and valgrind. .fuzz-ubuntu: extends: .build-ubuntu rules: !reference [.if-fuzz-schedule] tags: - wireshark-ubuntu-fuzz resource_group: fuzz-master variables: CC: "clang-$CLANG_VERSION" CXX: "clang++-$CLANG_VERSION" INSTALL_PREFIX: "$CI_PROJECT_DIR/_install" MIN_PLUGINS: 10 MAX_PASSES: 15 before_script: - mkdir -p ccache # Signal after_script, which runs in its own shell. - echo "export FUZZ_PASSED=true" > /tmp/fuzz_result.sh - mkdir /tmp/fuzz - mkdir build - cd build after_script: - . /tmp/fuzz_result.sh - if $FUZZ_PASSED ; then exit 0 ; fi - echo Fuzzing failed. Generating report. - FUZZ_CAPTURE=$( ls /tmp/fuzz/fuzz-*.pcap | head -n 1 ) - FUZZ_ERRORS="/tmp/fuzz/$( basename "$FUZZ_CAPTURE" .pcap ).err" - printf "\nfuzz-test.sh stderr:\n" >> "$FUZZ_ERRORS" - cat fuzz-test.err >> "$FUZZ_ERRORS" - | if [ -n "$AWS_ACCESS_KEY_ID" ] && [ -n "$AWS_SECRET_ACCESS_KEY" ] && [ -n "$S3_DESTINATION_FUZZ" ] ; then aws s3 cp "$FUZZ_CAPTURE" "$S3_DESTINATION_FUZZ/" aws s3 cp "$FUZZ_ERRORS" "$S3_DESTINATION_FUZZ/" fi # The cache should be large enough to be useful but it shouldn't take # too long to restore+save each run. - ccache --max-size $( du --summarize --block-size=1M "$CI_PROJECT_DIR/build" | awk '{printf ("%dM", $1 * 1.5)}' ) ASan Menagerie Fuzz: extends: .fuzz-ubuntu stage: fuzz-asan script: - MAX_SECONDS=$(( 4 * 60 * 60 )) - printf "\e[0Ksection_start:%s:cmake_section[collapsed=true]\r\e[0KRunning CMake" "$( date +%s)" - cmake -G Ninja -DBUILD_wireshark=OFF -DCMAKE_BUILD_TYPE=Debug -DENABLE_ASAN=ON -DCMAKE_INSTALL_PREFIX=$INSTALL_PREFIX -DENABLE_CCACHE=ON .. - printf "\e[0Ksection_end:%s:cmake_section\r\e[0K" "$( date +%s)" - ninja - ninja install - cd .. # /var/menagerie contains captures harvested from wireshark.org's mailing list, wiki, issues, etc. # We have more captures than we can fuzz in $MAX_SECONDS, so we shuffle them each run. - ./tools/fuzz-test.sh -a -2 -P $MIN_PLUGINS -b $INSTALL_PREFIX/bin -d /tmp/fuzz -t $MAX_SECONDS $( shuf -e /var/menagerie/*/* ) 2> fuzz-test.err || echo "export FUZZ_PASSED=false" > /tmp/fuzz_result.sh ASan randpkt Fuzz: extends: .fuzz-ubuntu stage: fuzz-randpkt script: # XXX Reuse fuzz-asan? - printf "\e[0Ksection_start:%s:cmake_section[collapsed=true]\r\e[0KRunning CMake" "$( date +%s)" - cmake -G Ninja -DBUILD_wireshark=OFF -DCMAKE_BUILD_TYPE=Debug -DENABLE_ASAN=ON -DCMAKE_INSTALL_PREFIX=$INSTALL_PREFIX -DENABLE_CCACHE=ON .. - printf "\e[0Ksection_end:%s:cmake_section\r\e[0K" "$( date +%s)" - ninja - ninja install - cd .. - ./tools/randpkt-test.sh -a -b $INSTALL_PREFIX/bin -d /tmp/fuzz -p $MAX_PASSES 2> fuzz-test.err || echo "export FUZZ_PASSED=false" > /tmp/fuzz_result.sh needs: [ 'ASan Menagerie Fuzz' ] Valgrind Menagerie Fuzz: extends: .fuzz-ubuntu stage: fuzz-valgrind script: - DEBIAN_FRONTEND=noninteractive apt-get update - DEBIAN_FRONTEND=noninteractive apt-get --yes install valgrind - MAX_SECONDS=$(( 3 * 60 * 60 )) - printf "\e[0Ksection_start:%s:cmake_section[collapsed=true]\r\e[0KRunning CMake" "$( date +%s)" - cmake -G Ninja -DBUILD_wireshark=OFF -DCMAKE_BUILD_TYPE=Debug -DENABLE_ASAN=OFF -DCMAKE_INSTALL_PREFIX=$INSTALL_PREFIX -DENABLE_CCACHE=ON .. - printf "\e[0Ksection_end:%s:cmake_section\r\e[0K" "$( date +%s)" - ninja - ninja install - cd .. - ./tools/fuzz-test.sh -g -P $MIN_PLUGINS -b $INSTALL_PREFIX/bin -d /tmp/fuzz -t $MAX_SECONDS $( shuf -e /var/menagerie/*/* ) 2> fuzz-test.err || echo "export FUZZ_PASSED=false" > /tmp/fuzz_result.sh needs: [ 'ASan randpkt Fuzz' ]