X-Git-Url: http://git.ipfire.org/?p=thirdparty%2Fsystemd.git;a=blobdiff_plain;f=.travis.yml;h=dd34e9c82ac9f5a0fd84a8e11d423ea5412cc6f3;hp=fc135868715fd3f954d39227bcf7df95d8659e17;hb=1faba68fd76ca0df5ac8b51320488aea11db2f20;hpb=d4f5c001536038261b0b791cf72e3766d93ee402 diff --git a/.travis.yml b/.travis.yml index fc135868715..dd34e9c82ac 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,180 +1,159 @@ sudo: required - +dist: xenial services: - docker +env: + global: + - AUTHOR_EMAIL="$(git log -1 $TRAVIS_COMMIT --pretty=\"%aE\")" + - CI_MANAGERS="$TRAVIS_BUILD_DIR/travis-ci/managers" + - CI_TOOLS="$TRAVIS_BUILD_DIR/travis-ci/tools" + - REPO_ROOT="$TRAVIS_BUILD_DIR" + +stages: + - name: Build & test + if: type != cron + + - name: Fuzzit-Fuzzing + if: type = cron + + - name: Fuzzit-Sanity + if: type != cron + + # Run Coverity periodically instead of for each commit/PR + - name: Coverity + if: type = cron + jobs: include: - - stage: build docker image + - stage: Build & test + name: Debian Testing + language: bash env: - # The machine id will be passed to Dockerfile for later checks - - MACHINE_ID=$(cat /var/lib/dbus/machine-id) - before_script: &update - # Ensure the latest version of docker is installed - - sudo apt-get update + - DEBIAN_RELEASE="testing" + - CONT_NAME="systemd-debian-$DEBIAN_RELEASE" + - DOCKER_EXEC="docker exec -ti $CONT_NAME" + before_install: - sudo apt-get -y -o Dpkg::Options::="--force-confnew" install docker-ce - docker --version - - env > .env + install: + - $CI_MANAGERS/debian.sh SETUP script: - # Copy content of CI_DIR into WORKDIR - - find $CI_DIR -maxdepth 1 -type f -exec cp -t . {} + - - echo "ENV GIT_SHA ${TRAVIS_COMMIT}" >> Dockerfile - - echo "ENV MACHINE_ID ${MACHINE_ID}" >> Dockerfile - - echo "$(git log -1 ${TRAVIS_COMMIT})" >> COMMITINFO - # Build docker container - - $CI_SCRIPT_DIR/build-docker-image.sh - - - docker login -u="${DOCKER_USERNAME}" -p="${DOCKER_PASSWORD}" - - docker push ${DOCKER_REPOSITORY} - - - stage: build - language: c - compiler: gcc + - set -e + # Build systemd + - $CI_MANAGERS/debian.sh RUN + - set +e + after_script: + - $CI_MANAGERS/debian.sh CLEANUP + + - name: Debian Testing (ASan+UBSan) + language: bash + env: + - DEBIAN_RELEASE="testing" + - CONT_NAME="systemd-debian-$DEBIAN_RELEASE" + - DOCKER_EXEC="docker exec -ti $CONT_NAME" + before_install: + - sudo apt-get -y -o Dpkg::Options::="--force-confnew" install docker-ce + - docker --version + install: + - $CI_MANAGERS/debian.sh SETUP + script: + - set -e + - $CI_MANAGERS/debian.sh RUN_ASAN + - set +e + after_script: + - $CI_MANAGERS/debian.sh CLEANUP + + - name: Debian Testing (clang) + language: bash + env: + - DEBIAN_RELEASE="testing" + - CONT_NAME="systemd-debian-$DEBIAN_RELEASE" + - DOCKER_EXEC="docker exec -ti $CONT_NAME" + before_install: + - sudo apt-get -y -o Dpkg::Options::="--force-confnew" install docker-ce + - docker --version + install: + - $CI_MANAGERS/debian.sh SETUP + script: + - set -e + - $CI_MANAGERS/debian.sh RUN_CLANG + - set +e + after_script: + - $CI_MANAGERS/debian.sh CLEANUP + + - name: Debian Testing (clang ASan+UBSan) + language: bash env: - # The machine id will be passed to container - - MACHINE_ID=$(cat /var/lib/dbus/machine-id) - before_script: *update + - DEBIAN_RELEASE="testing" + - CONT_NAME="systemd-debian-$DEBIAN_RELEASE" + - DOCKER_EXEC="docker exec -ti $CONT_NAME" + before_install: + - sudo apt-get -y -o Dpkg::Options::="--force-confnew" install docker-ce + - docker --version + install: + - $CI_MANAGERS/debian.sh SETUP + script: + - set -e + - $CI_MANAGERS/debian.sh RUN_CLANG_ASAN + - set +e + after_script: + - $CI_MANAGERS/debian.sh CLEANUP + + - stage: Fuzzit-Sanity + name: Continuous Fuzzing Sanity via Fuzzit (sanity) + language: bash script: - - docker run -dit --name travis_build ${DOCKER_REPOSITORY}:${TRAVIS_COMMIT} bash - - docker exec -u 0 -ti travis_build bash -c "echo ${MACHINE_ID} > /etc/machine-id" - - docker exec -ti travis_build meson build - - docker exec -ti travis_build ninja -C build - # Commit it to the new image that will be used for testing - - docker commit -m "systemd build state" -a "${AUTHOR_NAME}" travis_build ${DOCKER_REPOSITORY}:${TRAVIS_COMMIT} - - docker login -u="${DOCKER_USERNAME}" -p="${DOCKER_PASSWORD}" - - docker push ${DOCKER_REPOSITORY}:${TRAVIS_COMMIT} + - set -e + - $CI_MANAGERS/fuzzit.sh sanity + - set +e - - stage: test - language: c - compiler: gcc - before_script: *update + - stage: Fuzzit-Fuzzing + name: Continuous Fuzzing Sanity via Fuzzit (fuzzing daily) + language: bash script: - - docker run --privileged --net=host -dit --name travis_test ${DOCKER_REPOSITORY}:${TRAVIS_COMMIT} bash - - docker exec -ti travis_test ninja -C build test - - docker commit -m "systemd test state" -a "${AUTHOR_NAME}" travis_test ${DOCKER_REPOSITORY}:${TRAVIS_COMMIT} - - docker login -u="${DOCKER_USERNAME}" -p="${DOCKER_PASSWORD}" - - docker push ${DOCKER_REPOSITORY}:${TRAVIS_COMMIT} + - set -e + - $CI_MANAGERS/fuzzit.sh fuzzing + - set +e - - stage: coverity scan - language: c - compiler: gcc - before_script: *update + - stage: Coverity + language: bash env: + - FEDORA_RELEASE="latest" + - CONT_NAME="coverity-fedora-$FEDORA_RELEASE" + - DOCKER_EXEC="docker exec -ti $CONT_NAME" + - TOOL_BASE="/var/tmp/coverity-scan-analysis" + - DOCKER_RUN="docker run -v $TOOL_BASE:$TOOL_BASE:rw --env-file .cov-env" + # Coverity env variables + - PLATFORM="$(uname)" + - TOOL_ARCHIVE="/var/tmp/cov-analysis-$PLATFORM.tgz + - SCAN_URL="https://scan.coverity.com" + - UPLOAD_URL="https://scan.coverity.com/builds" - COVERITY_SCAN_PROJECT_NAME="$TRAVIS_REPO_SLUG" - COVERITY_SCAN_NOTIFICATION_EMAIL="${AUTHOR_EMAIL}" - COVERITY_SCAN_BRANCH_PATTERN="$TRAVIS_BRANCH" - # Disable CCACHE for cov-build to compilation units correctly - - CCACHE_DISABLE=1 - # Token for systemd/systemd Coverity Scan Analysis - # The next declaration is the encrypted COVERITY_SCAN_TOKEN, created - # via the "travis encrypt" command using the project repo's public key - - secure: "UNQLspT89GYWuVKFqW5W5RyqqnYg5RvX20IrNraOddhpdV9nhKBtozrfmhGXDGZwfHGWHt6g7YROlD/NIMvDvThVJIEYvSQiXCoo2zRrwkl2siET5MjPfRG8numiLq0KX47KGmyBJISJZCgDUdNGqqGwgf7AhDN78I3XtgqjFT1z0mGl8n0wiFpKPi7i3nECvF4Mk7xCCHqwByaq0z5G9NkVlOvP1EyCxwv3B6I5Umfch7ibp7iH44YnVXILK+yEry5dMuctYwYkDouR80ChEPQQ5fhhpO4++HJmFuSpfMTeCHpucAd2xwSUijejYeN/GNQ177GxSSk/8hRBGcuSK8T/WJ+KiuJPhZObV8mw+a6+qdQssWY4F9jya5ZKbZ/yTbxjtQ0m4AgtL28P9bEze8pLh16zFMX+hIEuoFSNmJqmtNttfbD5TKyYVZml59s9wvhlvMnlNpRSQva88OAOjXtiA41g+XtTxxpfW9mgd7HYhzSBs1efNiK7PfkANgve7KIYMAmCAqasgb1IIAyX7stOlJH06QOFXNH55PmJLkkKyL3SMQzgryMDWegU+XbS8t43r0x14WLuE7sc9JtnOr/G8hthFaMRp8xLy9aCBwyEIkEsyWa50VMoZDa3Spdb4r1CKBwcGdCbyE4rCehwEIznbfrsSovhwiUds7bbhBU=" - script: - # Copy content of CI_DIR into WORKDIR - - find $CI_DIR -maxdepth 1 -type f -exec cp -t . {} + - # Build container for current user - - $CI_SCRIPT_DIR/build-docker-image.sh - - # For kernel version 4.8+ - - sudo sysctl vsyscall=emulate || true - # Prepare environment for Coverity tool - - | - PLATFORM=`uname` - export TOOL_BASE="/tmp/coverity-scan-analysis" - export SCAN_URL="https://scan.coverity.com" - export UPLOAD_URL="https://scan.coverity.com/builds" - export TOOL_ARCHIVE="/tmp/cov-analysis-${PLATFORM}.tgz" - - # Get Coverity tool - - $CI_TOOL_DIR/get-coverity.sh - - TOOL_DIR="$(find $TOOL_BASE -type d -name 'cov-analysis*')" - - # Export env variables for Coverity scan + # Encrypted COVERITY_SCAN_TOKEN env variable + # Generated using `travis encrypt -r systemd/systemd COVERITY_SCAN_TOKEN=xxxx` + - secure: "jKSz+Y1Mv8xMpQHh7g5lzW7E6HQGndFz/vKDJQ1CVShwFoyjV3Zu+MFS3UYKlh1236zL0Z4dvsYFx/b3Hq8nxZWCrWeZs2NdXgy/wh8LZhxwzcGYigp3sIA/cYdP5rDjFJO0MasNkl25/rml8+eZWz+8/xQic98UQHjSco/EOWtssoRcg0J0c4eDM7bGLfIQWE73NNY1Q1UtWjKmx1kekVrM8dPmHXJ9aERka7bmcbJAcKd6vabs6DQ5AfWccUPIn/EsRYqIJTRxJrFYU6XizANZ1a7Vwk/DWHZUEn2msxcZw5BbAMDTMx0TbfrNkKSHMHuvQUCu6KCBAq414i+LgkMfmQ2SWwKiIUsud1kxXX3ZPl9bxDv1HkvVdcniC/EM7lNEEVwm4meOnjuhI2lhOyOjmP3FTSlMHGP7xlK8DS2k9fqL58vn0BaSjwWgd+2+HuL2+nJmxcK1eLGzKqaostFxrk2Xs2vPZkUdV2nWY/asUrcWHml6YlWDn2eP83pfwxHYsMiEHY/rTKvxeVY+iirO/AphoO+eaYu7LvjKZU1Yx5Z4u/SnGWAiCH0yhMis0bWmgi7SCbw+sDd2uya+aoiLIGiB2ChW7hXHXCue/dif6/gLU7b+L8R00pQwnWdvKUPoIJCmZJYCluTeib4jpW+EmARB2+nR8wms2K9FGKM=" + before_install: + - sudo apt-get -y -o Dpkg::Options::="--force-confnew" install docker-ce + - docker --version + install: + # Install Coverity on the host + - $CI_TOOLS/get-coverity.sh + # Export necessary env variables for Coverity - env | grep -E "TRAVIS|COV|TOOL|URL" > .cov-env - - | - docker run -dit --env-file .cov-env \ - -v ${TOOL_BASE}:${TOOL_BASE}:ro \ - --name travis_coverity_scan ${DOCKER_REPOSITORY}:${TRAVIS_COMMIT} bash - # Make sure Coverity script is executable - - docker cp tools/coverity.sh travis_coverity_scan:/usr/local/bin - # Preconfigure with meson to prevent Coverity from capturing meson metadata - # Set compiler flag to prevent emit failure - - docker exec -it travis_coverity_scan sh -c "CFLAGS='-D_Float128=long\ double' meson cov-build -Dman=false" - # Run Coverity Analysis - - docker exec -it travis_coverity_scan coverity.sh build - - docker exec -it travis_coverity_scan coverity.sh upload - - - stage: clean docker - language: python - # python: - # - "3.6" Probably broken ATM - env: - - SIZE_LIMIT="3000" # Limit in MBs - - TAG_LIMIT="3" # Number of tags to be kept at the time - before-script: - - sudo apt-get -y install python3 + # Pull a Docker image and start a new container + - $CI_MANAGERS/fedora.sh SETUP script: - # Get docker-remote tool and setup venv - - sudo $CI_TOOL_DIR/get-docker-remote.sh - # Activate virtual environment to be able to use docker-remote safely - - source venv/bin/activate - # Check the size and tag limit of the repo - - REPO_SIZE=$(docker-remote repository --size $DOCKER_REPOSITORY) - - TAG_COUNT=$(docker-remote tags --count $DOCKER_REPOSITORY) - - 'echo -e "\033[33;1mCurrent repository size: $REPO_SIZE in $TAG_COUNT tags \033[0m"' - - | - if [[ ${REPO_SIZE%.*} -gt $SIZE_LIMIT ]] || [[ $TAG_COUNT -gt $TAG_LIMIT ]] - then - docker-remote --login $DOCKER_USERNAME:$DOCKER_PASSWORD \ - tags --assumeyes --pop-back --keep $TAG_LIMIT $DOCKER_REPOSITORY - fi - - - -# Specify the order of stages and conditions -stages: - # Helper stage to determine whether coverity stage should be allowed - - name: initialization - - - name: build docker image - if: type != cron - - name: build - if: type != cron - - name: test - if: type != cron - - # These stages run separately, the resulting container will not be pushed to Docker Hub - # This stage will only run on special conditions - - name: coverity scan - if: type = cron - - # Check for repository size and clean Docker repo if necessary - - name: clean Docker - if: type = cron - -env: - global: - # Secure Docker Hub credentials - - secure: "TY61ufmEJyxCer8vuAlQ3mYwGRynFZXPCFTxKgIzobAHHyE1Zwx0bZDDwDd88Gdgz7EGnOJtMABfa0axfPOK9il5u7lYmmZ8Usa0HAvKavkpSRnw2b16zz88N98x3DyaIquvg2J8iQpHHoM32+BGiAS7P8BiYTO6r+E0CMPYC0Ylh7eHVSBGfWbR9m+yCo/mDIEAWyop6Jv4rTMN4qP9U7e6Kou7m/AJeiCWMaR7rlanpLFNQi3+qF/Mt5dbE7LVLNSOkmpg/FPw34g4RC5mfLAh+c8YBadqo6kFA6qV1b931or0aZUYVtobI6UwC9U1GGqzfCTjXuVMNgPBBQ6n3JMt91mFFkP0lXdGMxpBNbwFL/btBrt2a359L/wNtqv6PuSJwJ3oTe/FP++X6xjbM7LcAHZMWZiK+0BFefNOUcRzBpaEJ2nGNzcLKHn4Bl0pl4LwZ0uVocN8RBwHnDX+hyUwwQPoQTLJQB9tpwDweIzftt9KmrIHmL9v7KZXR4s/8CKpNfVQ/XSysdtsK+7EKK5AsnbMNrZLjpH7D0Lo/Xp92/eJ2UGyqI7awJbJGPV2FNwyGcojDEXIBUsVssUjb5+B4LpHP1x4UQe/m9SuPJdtRB0R7PKe/tyPD3GTyfVO9K7imQATDdnMY32nkWXmXej8YWo76yA732rTZRZtFAc=" - - secure: "NAEzWn5Ru6IqDA1RSyTVhpIp2iQluumg0EOI111EN7qWWGUDNgAZi+QgvRI+OBNyuMpBpN/GX1Ys4YxUDos1F/fhm2vytoB4A/LG463FQsSVP3wnyMFJTSOI8H0jgK41xj79qiww7edbfq93MZ/XS95Ws4tUTi/0etUGvAgIHGgofFCPPdMNkOvSHLgzSnYfydzLuD9FVpCgvpbJnQ+47XHyN+sKoA+OlZ+EfIOVZt+Mk/dqYrsM7MRKEfplk1MvUiJpHvrw+xWTslCIiO03V6ws091fBMgedIFRpsySrsd1KwH8JIeOK6KFn5W7Q53auzZkKYk7ymknlJt4WVBy7Qg33njMQ53t3qMQYTRUIV4dcR60cdII7tatzgpKBcycxHQMAshOYPT6pYhSsO6JEKgiO+ZhOxvqWGwtEeH9Zq7P4ft8Q7GJhRkdi0X0WY7/6RjwinO/1LLj1LODim3mDFfAK7xS7e+nQW/JEOdWohT2+qm97j9IOZeQtPtdqZP9F8HJXgw6WjiGJIXMF3Ov9GkQh4uJyMYJ6hN7T3iRoenV86Dzgg6u5Ku131Ziwvlm+n94qlXF8Jl47wCcAS7VmyYxMft1gH+Zs+4Wq7KO0vysmnEk6rCqb87ZQSDOdTzBfK9HTyyAqmBCgS4Dp5x7/xOBMVXfq/SOb9c3Sh/JItA=" - - DOCKER_REPOSITORY=$DOCKER_USERNAME/systemd - - - ADMIN_EMAIL=macermak@redhat.com - - - AUTHOR_NAME="$(git log -1 $TRAVIS_COMMIT --pretty=\"%aN\")" - - AUTHOR_EMAIL="$(git log -1 $TRAVIS_COMMIT --pretty=\"%aE\")" - - - CI_DIR="$TRAVIS_BUILD_DIR/travis-ci" - - CI_TOOL_DIR="$CI_DIR/tools" - - CI_SCRIPT_DIR="$CI_DIR/scripts" - -notifications: - email: - recipients: - - ${ADMIN_EMAIL} - - ${AUTHOR_EMAIL} - irc: - channels: - - "irc.freenode.org#systemd" - on_success: change - on_failure: always + - set -e + # Preconfigure with meson to prevent Coverity from capturing meson metadata + # Set compiler flag to prevent emit failure + - $DOCKER_EXEC sh -c "CFLAGS='-D_Float128=long\ double -D_Float64=double -D_Float64x=long\ double -D_Float32=float -D_Float32x=double' meson cov-build -Dman=false" + # Run Coverity + - $DOCKER_EXEC tools/coverity.sh build + - $DOCKER_EXEC tools/coverity.sh upload + + - set +e + after_script: + - $CI_MANAGERS/fedora.sh CLEANUP