LEAK_DETECTIVE: no
MONOLITHIC: no
TEST: freebsd
- TRAVIS_OS_NAME: freebsd
+ OS_NAME: freebsd
task:
install_script: ./scripts/test.sh deps
--- /dev/null
+name: "Default CI Build Steps"
+runs:
+ using: "composite"
+ steps:
+ - name: "Install Dependencies"
+ run: ./scripts/test.sh deps
+ shell: bash
+ - name: "Install Python Dependencies"
+ run: ./scripts/test.sh deps
+ shell: bash
+ - name: "Build Dependencies"
+ run: ./scripts/test.sh build-deps
+ shell: bash
+ - name: "Build/Tests"
+ run: ./scripts/test.sh
+ shell: bash
--- /dev/null
+name: Android
+
+on: [push, pull_request]
+
+env:
+ CCACHE_BASEDIR: ${{ github.workspace }}
+ CCACHE_COMPRESS: true
+ CCACHE_MAXSIZE: 400M
+ CC: gcc
+ OS_NAME: linux
+
+jobs:
+ android:
+ runs-on: ubuntu-latest
+ env:
+ TEST: android
+ # since the NDK is newly installed every time, we have to use this to avoid cache misses
+ CCACHE_COMPILERCHECK: content
+ steps:
+ # even though we don't specify a specific version in our gradle files, the
+ # build fails without this because some arbitrary NDK version, that's
+ # weirdly not installed, is requested
+ - name: Install NDK
+ run: yes | sudo ${ANDROID_HOME}/tools/bin/sdkmanager --install 'ndk;21.0.6113669'
+ - uses: actions/checkout@v2
+ - uses: actions/cache@v2
+ with:
+ path: ~/.ccache
+ key: ccache-android-${{ github.ref }}:${{ github.sha }}
+ restore-keys: |
+ ccache-android-${{ github.ref }}:
+ ccache-android-
+ - run: |
+ sudo apt-get install -qq ccache
+ echo "PATH=/usr/lib/ccache:$PATH" >> $GITHUB_ENV
+ ccache -z
+ - uses: ./.github/actions/default
+ - run: ccache -s
+ - if: ${{ success() }}
+ uses: actions/upload-artifact@v2
+ with:
+ name: Lint Results
+ path: src/frontends/android/app/build/reports/lint-results.xml
--- /dev/null
+name: lgtm.com
+
+on: [push]
+
+env:
+ OS_NAME: linux
+
+jobs:
+ lgtm:
+ runs-on: ubuntu-latest
+ env:
+ TEST: lgtm
+ steps:
+ - uses: actions/checkout@v2
+ with:
+ fetch-depth: 0
+ # we don't use github/codeql-action because we can't exclude queries there,
+ # so we continue to use the approach we used on Travis
+ - env:
+ LGTM_TOKEN: ${{ secrets.LGTM_TOKEN }}
+ BUILD_NUMBER: ${{ github.run_id }}
+ COMMIT_ID: ${{ github.sha }}
+ COMMIT_BASE: ${{ github.event.before }}
+ uses: ./.github/actions/default
--- /dev/null
+name: Linux
+
+on: [push, pull_request]
+
+env:
+ # this test case does not actually test anything but tries to access system
+ # directories that might be inaccessible on build hosts
+ TESTS_CASES_EXCLUDE: sw_collector
+ TESTS_REDUCED_KEYLENGTHS: yes
+ CCACHE_BASEDIR: ${{ github.workspace }}
+ CCACHE_COMPRESS: true
+ CCACHE_MAXSIZE: 200M
+ OS_NAME: linux
+
+jobs:
+ latest:
+ runs-on: ubuntu-latest
+ strategy:
+ matrix:
+ test: [ all, default, printf-builtin ]
+ compiler: [ gcc, clang ]
+ leak-detective: [ no, yes ]
+ monolithic: [ no, yes ]
+ exclude:
+ # leaks will show up whether we build monolithic or not
+ - leak-detective: yes
+ monolithic: yes
+ # monolithic builds don't affect the printf-hook implementation
+ - test: printf-builtin
+ monolithic: yes
+ include:
+ - test: apidoc
+ - test: coverage
+ - test: dist
+ - test: nm
+ - test: nm-no-glib
+ - test: fuzzing
+ compiler: clang
+ monolithic: yes
+ env:
+ LEAK_DETECTIVE: ${{ matrix.leak-detective || 'no' }}
+ MONOLITHIC: ${{ matrix.monolithic || 'no' }}
+ CC: ${{ matrix.compiler || 'gcc' }}
+ TEST: ${{ matrix.test }}
+ steps:
+ - uses: actions/checkout@v2
+ - uses: actions/cache@v2
+ with:
+ path: ~/.ccache
+ # with regards to ccache, monolithic builds don't differ from regular
+ # builds and, similarly, builds with leak-detective only differ in two
+ # files (LD itself and library.c); but different tests build different
+ # dependencies, so different caches are needed
+ key: ccache-${{ runner.os }}-${{ env.CC }}-${{ matrix.test }}-${{ github.ref }}:${{ github.sha }}
+ restore-keys: |
+ ccache-${{ runner.os }}-${{ env.CC }}-${{ matrix.test }}-${{ github.ref }}:
+ ccache-${{ runner.os }}-${{ env.CC }}-${{ matrix.test }}-
+ ccache-${{ runner.os }}-${{ env.CC }}-
+ - run: |
+ sudo apt-get install -qq ccache
+ echo "PATH=/usr/lib/ccache:$PATH" >> $GITHUB_ENV
+ ccache -z
+ - uses: ./.github/actions/default
+ - run: ccache -s
+ - if: ${{ success() && matrix.test == 'coverage' }}
+ run: bash <(curl -s https://codecov.io/bash)
+ - if: ${{ failure() }}
+ uses: actions/upload-artifact@v2
+ with:
+ name: Logs ${{ github.job }}
+ path: config.log
+ retention-days: 5
+
+ crypto-plugins:
+ runs-on: ubuntu-latest
+ strategy:
+ matrix:
+ test: [ botan, wolfssl, openssl, gcrypt ]
+ leak-detective: [ no, yes ]
+ env:
+ LEAK_DETECTIVE: ${{ matrix.leak-detective || 'no' }}
+ TEST: ${{ matrix.test }}
+ steps:
+ - uses: actions/checkout@v2
+ - uses: actions/cache@v2
+ with:
+ path: ~/.ccache
+ key: ccache-${{ runner.os }}-${{ env.CC }}-${{ matrix.test }}-${{ github.ref }}:${{ github.sha }}
+ restore-keys: |
+ ccache-${{ runner.os }}-${{ env.CC }}-${{ matrix.test }}-${{ github.ref }}:
+ ccache-${{ runner.os }}-${{ env.CC }}-${{ matrix.test }}-
+ ccache-${{ runner.os }}-${{ env.CC }}-
+ ccache-${{ runner.os }}-${{ env.CC }}-all-${{ github.ref }}:${{ github.sha }}
+ ccache-${{ runner.os }}-${{ env.CC }}-all-${{ github.ref }}:
+ ccache-${{ runner.os }}-${{ env.CC }}-all-
+ ccache-${{ runner.os }}-${{ env.CC }}-
+ - run: |
+ sudo apt-get install -qq ccache
+ echo "PATH=/usr/lib/ccache:$PATH" >> $GITHUB_ENV
+ ccache -z
+ - uses: ./.github/actions/default
+ - run: ccache -s
+ - if: ${{ failure() }}
+ uses: actions/upload-artifact@v2
+ with:
+ name: Logs ${{ github.job }}
+ path: config.log
+ retention-days: 5
+
+ xenial:
+ runs-on: ubuntu-16.04
+ strategy:
+ matrix:
+ test: [ all ]
+ compiler: [ gcc, clang ]
+ include:
+ - test: openssl-1.0
+ - test: openssl-1.0
+ leak-detective: yes
+ env:
+ LEAK_DETECTIVE: ${{ matrix.leak-detective || 'no' }}
+ CC: ${{ matrix.compiler || 'gcc' }}
+ TEST: ${{ matrix.test }}
+ UBUNTU_XENIAL: yes
+ # this is the default with newer versions and fixes builds with clang
+ CCACHE_CPP2: true
+ steps:
+ - uses: actions/checkout@v2
+ - uses: actions/cache@v2
+ with:
+ path: ~/.ccache
+ key: ccache-xenial-${{ env.CC }}-${{ matrix.test }}-${{ github.ref }}:${{ github.sha }}
+ restore-keys: |
+ ccache-xenial-${{ env.CC }}-${{ matrix.test }}-${{ github.ref }}:
+ ccache-xenial-${{ env.CC }}-${{ matrix.test }}-
+ ccache-xenial-${{ env.CC }}-
+ - run: |
+ sudo apt-get install -qq ccache
+ echo "PATH=/usr/lib/ccache:$PATH" >> $GITHUB_ENV
+ ccache -z
+ - uses: ./.github/actions/default
+ - run: ccache -s
+ - if: ${{ failure() }}
+ uses: actions/upload-artifact@v2
+ with:
+ name: Logs ${{ github.job }}
+ path: config.log
+ retention-days: 5
--- /dev/null
+name: macOS
+
+on: [push, pull_request]
+
+env:
+ TESTS_REDUCED_KEYLENGTHS: yes
+ CCACHE_BASEDIR: ${{ github.workspace }}
+ CCACHE_COMPRESS: true
+ CCACHE_MAXSIZE: 100M
+ OS_NAME: macos
+
+jobs:
+ macos:
+ runs-on: macos-latest
+ env:
+ TEST: macos
+ steps:
+ - uses: actions/checkout@v2
+ - uses: actions/cache@v2
+ with:
+ path: ~/Library/Caches/ccache
+ key: ccache-${{ runner.os }}-${{ github.ref }}:${{ github.sha }}
+ restore-keys: |
+ ccache-${{ runner.os }}-${{ github.ref }}:
+ ccache-${{ runner.os }}-
+ - run: |
+ brew install ccache
+ echo "PATH=$(brew --prefix)/opt/ccache/libexec:$PATH" >> $GITHUB_ENV
+ ccache -z
+ - uses: ./.github/actions/default
+ - run: ccache -s
+ - if: ${{ failure() }}
+ uses: actions/upload-artifact@v2
+ with:
+ name: Logs ${{ github.job }}
+ path: config.log
+ retention-days: 5
--- /dev/null
+name: SonarCloud
+
+on: [push]
+
+env:
+ CCACHE_BASEDIR: ${{ github.workspace }}
+ CCACHE_COMPRESS: true
+ CCACHE_MAXSIZE: 200M
+ OS_NAME: linux
+
+jobs:
+ sonarcloud:
+ runs-on: ubuntu-latest
+ env:
+ TEST: sonarcloud
+ steps:
+ - uses: actions/checkout@v2
+ with:
+ fetch-depth: 0
+ - uses: actions/cache@v2
+ with:
+ path: |
+ ~/.ccache
+ ~/.sonar-cache
+ key: ccache-sonarcloud-${{ github.ref }}:${{ github.sha }}
+ restore-keys: |
+ ccache-sonarcloud-${{ github.ref }}:
+ ccache-sonarcloud-
+ - run: |
+ sudo apt-get install -qq ccache
+ echo "PATH=/usr/lib/ccache:$PATH" >> $GITHUB_ENV
+ ccache -z
+ # using SonarSource/sonarcloud-github-action is currently not recommended
+ # for C builds, so we follow the "any CI" instructions
+ - name: Install sonar-scanner
+ env:
+ SONAR_SCANNER_VERSION: 4.4.0.2170
+ run: |
+ export SONAR_SCANNER_HOME=$HOME/.sonar/sonar-scanner-$SONAR_SCANNER_VERSION-linux
+ curl --create-dirs -sSLo $HOME/.sonar/sonar-scanner.zip https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-$SONAR_SCANNER_VERSION-linux.zip
+ unzip -o $HOME/.sonar/sonar-scanner.zip -d $HOME/.sonar/
+ echo "SONAR_SCANNER_OPTS=-server" >> $GITHUB_ENV
+ curl --create-dirs -sSLo $HOME/.sonar/build-wrapper-linux-x86.zip https://sonarcloud.io/static/cpp/build-wrapper-linux-x86.zip
+ unzip -o $HOME/.sonar/build-wrapper-linux-x86.zip -d $HOME/.sonar/
+ echo "PATH=$HOME/.sonar/build-wrapper-linux-x86:$SONAR_SCANNER_HOME/bin:$PATH" >> $GITHUB_ENV
+ - env:
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ BUILD_NUMBER: ${{ github.run_id }}
+ SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+ SONAR_PROJECT: ${{ secrets.SONAR_PROJECT }}
+ SONAR_ORGANIZATION: ${{ secrets.SONAR_ORGANIZATION }}
+ uses: ./.github/actions/default
+ - run: ccache -s
--- /dev/null
+name: Windows
+
+on: [push, pull_request]
+
+env:
+ TESTS_REDUCED_KEYLENGTHS: yes
+ CCACHE_BASEDIR: ${{ github.workspace }}
+ CCACHE_COMPRESS: true
+ CCACHE_MAXSIZE: 200M
+ # since the compilers are newly installed every time, we have to use this to
+ # avoid cache misses
+ CCACHE_COMPILERCHECK: content
+ MONOLITHIC: yes
+
+jobs:
+ cross-compile:
+ runs-on: ubuntu-latest
+ strategy:
+ matrix:
+ test: [ win64, win32 ]
+ env:
+ OS_NAME: linux
+ TEST: ${{ matrix.test }}
+ steps:
+ - uses: actions/checkout@v2
+ - uses: actions/cache@v2
+ with:
+ path: ~/.ccache
+ key: ccache-${{ runner.os }}-${{ matrix.test }}-${{ github.ref }}:${{ github.sha }}
+ restore-keys: |
+ ccache-${{ runner.os }}-${{ matrix.test }}-${{ github.ref }}:
+ ccache-${{ runner.os }}-${{ matrix.test }}-
+ - run: |
+ sudo apt-get install -qq ccache
+ echo "PATH=/usr/lib/ccache:$PATH" >> $GITHUB_ENV
+ ccache -z
+ - uses: ./.github/actions/default
+ - run: ccache -s
+ - if: ${{ failure() }}
+ uses: actions/upload-artifact@v2
+ with:
+ name: Logs ${{ github.job }}
+ path: config.log
+ retention-days: 5
+++ /dev/null
-language: c
-
-os: linux
-dist: bionic
-
-# don't build tags separately
-if: tag IS blank
-
-compiler: gcc
-
-cache: ccache
-
-before_install:
- - travis_retry ./scripts/test.sh deps
- - travis_retry ./scripts/test.sh pydeps
- - travis_retry ./scripts/test.sh build-deps
-
-before_script:
- - sudo sysctl -w net.ipv6.conf.all.disable_ipv6=0 || true
-
-script:
- - ./scripts/test.sh
-
-after_success:
- if [ "$TEST" == "coverage" ]; then
- bash <(curl -s https://codecov.io/bash);
- fi
-
-after_failure:
- - cat config.log
- - sleep 1
-
-env:
- global:
- - TESTS_REDUCED_KEYLENGTHS=yes
- - LEAK_DETECTIVE=no
- - MONOLITHIC=no
-
-jobs:
- include:
- - env: TEST=sonarcloud
- if: |
- type = push AND env(SONAR_TOKEN) IS present AND \
- env(SONAR_PROJECT) IS present AND \
- env(SONAR_ORGANIZATION) IS present
- git:
- depth: false
- cache:
- directories:
- - $HOME/.sonar-cache
- addons:
- sonarcloud: true
- - env: TEST=lgtm
- if: type = push AND env(LGTM_TOKEN) IS present
- git:
- depth: false
- - env: TEST=osx
- compiler: clang
- os: osx
- - env: TEST=android
- install:
- # see https://developer.android.com/studio#command-tools
- - export ANDROID_TOOLS=commandlinetools-linux-6200805_latest.zip
- - export ANDROID_HOME=$HOME/android-sdk
- - wget -nv https://dl.google.com/android/repository/$ANDROID_TOOLS
- - unzip -q $ANDROID_TOOLS -d $ANDROID_HOME && rm $ANDROID_TOOLS
- - export PATH=$PATH:$ANDROID_HOME/tools/bin
- # sdkmanager only works with Java 8
- - export JAVA_HOME=/usr/lib/jvm/java-8-openjdk-amd64
- - yes | sdkmanager --sdk_root=$ANDROID_HOME --licenses >/dev/null
- - yes | sdkmanager --sdk_root=$ANDROID_HOME --install 'ndk;20.0.5594570'
- - mkdir -p $HOME/.gradle
- - echo "org.gradle.daemon=false" >> $HOME/.gradle/gradle.properties
- - echo "org.gradle.console=plain" >> $HOME/.gradle/gradle.properties
- # since the NDK is newly installed everytime, we have to use this to avoid cache misses
- - export CCACHE_COMPILERCHECK=content
- after_success:
- - cat src/frontends/android/app/build/reports/lint-results.xml
- before_cache:
- - rm -f $HOME/.gradle/caches/modules-2/modules-2.lock
- - rm -fr $HOME/.gradle/caches/*/plugin-resolution/
- cache:
- ccache: true
- directories:
- - $HOME/.gradle/caches/
- - $HOME/.gradle/wrapper/
- - $HOME/.android/build-cache
- - env: TEST=all
- - env: TEST=all
- compiler: clang
- - env: TEST=all
- arch: arm64
- - env: TEST=all
- arch: ppc64le
- - env: TEST=all
- arch: s390x
- - env: TEST=all UBUNTU_XENIAL=yes
- dist: xenial
- - env: TEST=all UBUNTU_XENIAL=yes
- dist: xenial
- compiler: clang
- - env: TEST=all MONOLITHIC=yes
- - env: TEST=all MONOLITHIC=yes
- compiler: clang
- - env: TEST=all LEAK_DETECTIVE=yes
- - env: TEST=all LEAK_DETECTIVE=yes
- compiler: clang
- - env: TEST=coverage
- - env: TEST=fuzzing MONOLITHIC=yes
- compiler: clang
- - env: TEST=win64 MONOLITHIC=yes
- - env: TEST=win32 MONOLITHIC=yes
- - env: TEST=dist
- # "default" with GCC is already tested with "dist" above
- - env: TEST=default
- compiler: clang
- - env: TEST=default MONOLITHIC=yes
- - env: TEST=default MONOLITHIC=yes
- compiler: clang
- - env: TEST=default LEAK_DETECTIVE=yes
- - env: TEST=default LEAK_DETECTIVE=yes
- compiler: clang
- # we can't test Vstr as negative int args are not properly passed to CBs
- - env: TEST=printf-builtin
- - env: TEST=printf-builtin
- compiler: clang
- - env: TEST=printf-builtin LEAK_DETECTIVE=yes
- - env: TEST=printf-builtin LEAK_DETECTIVE=yes
- compiler: clang
- - env: TEST=nm
- - env: TEST=nm-no-glib
- # the crypto plugins are build-tested with clang via "all" above
- - env: TEST=botan
- - env: TEST=botan LEAK_DETECTIVE=yes
- - env: TEST=wolfssl
- - env: TEST=wolfssl LEAK_DETECTIVE=yes
- - env: TEST=openssl
- - env: TEST=openssl LEAK_DETECTIVE=yes
- - env: TEST=openssl-1.0 UBUNTU_XENIAL=yes
- dist: xenial
- - env: TEST=openssl-1.0 LEAK_DETECTIVE=yes UBUNTU_XENIAL=yes
- dist: xenial
- - env: TEST=gcrypt
- - env: TEST=gcrypt LEAK_DETECTIVE=yes
- - env: TEST=apidoc
#!/bin/sh
-# Build script for Travis CI
+# Build script for CI
build_botan()
{
cd -
}
-: ${TRAVIS_BUILD_DIR=$PWD}
-: ${DEPS_BUILD_DIR=$TRAVIS_BUILD_DIR/..}
+: ${BUILD_DIR=$PWD}
+: ${DEPS_BUILD_DIR=$BUILD_DIR/..}
: ${DEPS_PREFIX=/usr/local}
TARGET=check
--disable-osx-attr --disable-tkm --disable-uci
--disable-unwind-backtraces
--disable-svc --disable-dbghelp-backtraces --disable-socket-win
- --disable-kernel-wfp --disable-kernel-iph --disable-winhttp"
+ --disable-kernel-wfp --disable-kernel-iph --disable-winhttp
+ --disable-python-eggs-install"
# not enabled on the build server
CONFIG="$CONFIG --disable-af-alg"
- if test "$TRAVIS_CPU_ARCH" != "amd64"; then
- CONFIG="$CONFIG --disable-aesni --disable-rdrand"
- fi
if test "$TEST" != "coverage"; then
CONFIG="$CONFIG --disable-coverage"
else
# not actually required but configure checks for it
DEPS="$DEPS lcov"
fi
- # Botan requires GCC 5.0, so disable it on Ubuntu 16.04
+ # Botan requires newer compilers, so disable it on Ubuntu 16.04
if test -n "$UBUNTU_XENIAL"; then
CONFIG="$CONFIG --disable-botan"
fi
DEPS="$DEPS libcurl4-gnutls-dev libsoup2.4-dev libunbound-dev libldns-dev
libmysqlclient-dev libsqlite3-dev clearsilver-dev libfcgi-dev
- libpcsclite-dev libpam0g-dev binutils-dev libnm-dev libgcrypt20-dev
- libjson-c-dev iptables-dev python-pip libtspi-dev libsystemd-dev"
+ libldap2-dev libpcsclite-dev libpam0g-dev binutils-dev libnm-dev
+ libgcrypt20-dev libjson-c-dev iptables-dev python-pip libtspi-dev
+ libsystemd-dev"
PYDEPS="tox"
if test "$1" = "build-deps"; then
if test -z "$UBUNTU_XENIAL"; then
# no make check for Windows binaries unless we run on a windows host
if test "$APPVEYOR" != "True"; then
TARGET=
- CCACHE=ccache
else
CONFIG="$CONFIG --enable-openssl"
CFLAGS="$CFLAGS -I/c/OpenSSL-$TEST/include"
win64)
CONFIG="--host=x86_64-w64-mingw32 $CONFIG --enable-dbghelp-backtraces"
DEPS="gcc-mingw-w64-x86-64 binutils-mingw-w64-x86-64 mingw-w64-x86-64-dev $DEPS"
- CC="$CCACHE x86_64-w64-mingw32-gcc"
+ CC="x86_64-w64-mingw32-gcc"
;;
win32)
CONFIG="--host=i686-w64-mingw32 $CONFIG"
DEPS="gcc-mingw-w64-i686 binutils-mingw-w64-i686 mingw-w64-i686-dev $DEPS"
- CC="$CCACHE i686-w64-mingw32-gcc"
+ CC="i686-w64-mingw32-gcc"
;;
esac
;;
android)
- DEPS="$DEPS openjdk-8-jdk"
if test "$1" = "deps"; then
git clone git://git.strongswan.org/android-ndk-boringssl.git -b ndk-static \
src/frontends/android/app/src/main/jni/openssl
fi
TARGET=distdir
;;
-osx)
+macos)
# this causes a false positive in ip-packet.c since Xcode 8.3
CFLAGS="$CFLAGS -Wno-address-of-packed-member"
# use the same options as in the Homebrew Formula
--enable-scepclient --enable-socket-default --enable-sshkey
--enable-stroke --enable-swanctl --enable-unity --enable-updown
--enable-x509 --enable-xauth-generic"
- DEPS="bison gettext openssl curl"
+ DEPS="automake autoconf libtool bison gettext openssl curl"
BREW_PREFIX=$(brew --prefix)
export PATH=$BREW_PREFIX/opt/bison/bin:$PATH
export ACLOCAL_PATH=$BREW_PREFIX/opt/gettext/share/aclocal:$ACLOCAL_PATH
if test -z "$1"; then
if test -z "$FUZZING_CORPORA"; then
git clone --depth 1 https://github.com/strongswan/fuzzing-corpora.git fuzzing-corpora
- export FUZZING_CORPORA=$TRAVIS_BUILD_DIR/fuzzing-corpora
+ export FUZZING_CORPORA=$BUILD_DIR/fuzzing-corpora
fi
# these are about the same as those on OSS-Fuzz (except for the
# symbolize options and strip_path_prefix)
DEPS="jq"
if test -z "$1"; then
- # fall back to the parent of the latest commit (on new branches we might
- # not have a range, also on duplicate branches)
- base="${TRAVIS_COMMIT}^"
- if test -n "$TRAVIS_COMMIT_RANGE"; then
- base="${TRAVIS_COMMIT_RANGE%...*}"
- # after rebases, the first commit ID in the range might not be valid
- git rev-parse -q --verify $base
- if [ $? != 0 ]; then
- # this will always compare against master, while the range
- # otherwise only contains "new" commits
- base=$(git merge-base origin/master ${TRAVIS_COMMIT})
- fi
+ base=$COMMIT_BASE
+ # after rebases or for new/duplicate branches, the passed base commit
+ # ID might not be valid
+ git rev-parse -q --verify $base^{commit}
+ if [ $? != 0 ]; then
+ # this will always compare against master, while via base we
+ # otherwise only contains "new" commits
+ base=$(git merge-base origin/master ${COMMIT_ID})
fi
base=$(git rev-parse $base)
project_id=1506185006272
- echo "Starting code review for $TRAVIS_COMMIT (base $base) on lgtm.com"
+ echo "Starting code review for $COMMIT_ID (base $base) on lgtm.com"
git diff --binary $base > lgtm.patch || exit $?
curl -s -X POST --data-binary @lgtm.patch \
- "https://lgtm.com/api/v1.0/codereviews/${project_id}?base=${base}&external-id=${TRAVIS_BUILD_NUMBER}" \
+ "https://lgtm.com/api/v1.0/codereviews/${project_id}?base=${base}&external-id=${BUILD_NUMBER}" \
-H 'Content-Type: application/octet-stream' \
-H 'Accept: application/json' \
-H "Authorization: Bearer ${LGTM_TOKEN}" > lgtm.res || exit $?
case "$1" in
deps)
- case "$TRAVIS_OS_NAME" in
+ case "$OS_NAME" in
linux)
sudo apt-get update -qq && \
sudo apt-get install -qq bison flex gperf gettext $DEPS
;;
- osx)
+ macos)
brew update && \
brew install $DEPS
;;
echo "$ make $TARGET"
case "$TEST" in
sonarcloud)
- # there is an issue with the platform detection that causes sonarqube to
- # fail on bionic with "ERROR: ld.so: object '...libinterceptor-${PLATFORM}.so'
- # from LD_PRELOAD cannot be preloaded (cannot open shared object file)"
- # https://jira.sonarsource.com/browse/CPP-2027
- BW_PATH=$(dirname $(which build-wrapper-linux-x86-64))
- cp $BW_PATH/libinterceptor-x86_64.so $BW_PATH/libinterceptor-haswell.so
# without target, coverage is currently not supported anyway because
# sonarqube only supports gcov, not lcov
build-wrapper-linux-x86-64 --out-dir bw-output make -j4 || exit $?
;;
sonarcloud)
sonar-scanner \
+ -Dsonar.host.url=https://sonarcloud.io \
-Dsonar.projectKey=${SONAR_PROJECT} \
-Dsonar.organization=${SONAR_ORGANIZATION} \
- -Dsonar.projectVersion=$(git describe)+${TRAVIS_BUILD_NUMBER} \
+ -Dsonar.login=${SONAR_TOKEN} \
+ -Dsonar.projectVersion=$(git describe)+${BUILD_NUMBER} \
-Dsonar.sources=. \
-Dsonar.cfamily.threads=2 \
-Dsonar.cfamily.cache.enabled=true \
rm -r strongswan-*
cd src/frontends/android
echo "$ ./gradlew build"
- NDK_CCACHE=ccache ./gradlew build
+ NDK_CCACHE=ccache ./gradlew build || exit $?
;;
*)
;;