stages:
- autoconf
- quick-checks
+ - other-checks
- build
- unit
- system
- performance
- docs
- - other-checks
- postmerge
- release
expire_in: "1 week"
when: on_failure
-coccinelle:
- <<: *other_checks_job
- rules:
- - if: '$CI_MERGE_REQUEST_DIFF_BASE_SHA != null'
- changes:
- - '**/*.c'
- - '**/*.h'
- - 'cocci/**'
- - 'util/check-cocci.sh'
- - *rule_mr_manual
- - *rule_tag
- - *rule_source_other_than_mr
- needs: []
- script:
- - util/check-cocci.sh
- - if test "$(git status --porcelain | grep -Ev '\?\?' | wc -l)" -gt "0"; then git status --short; exit 1; fi
-
doctest:
<<: *quick_checks_job
# This script needs to: 1) fail if the doctest fails, 2) fail if
rules:
- if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
+mypy:
+ <<: *quick_checks_job
+ <<: *python_triggering_rules
+ script:
+ - mypy "bin/tests/system/isctest/"
+
+# Jobs in the other-checks stage
+
checkbashisms:
<<: *other_checks_job
<<: *shell_triggering_rules
script:
- checkbashisms $(find . -path './.git' -prune -o -type f -exec sh -c 'head -n 1 "{}" | grep -qsF "#!/bin/sh"' \; -print)
-mypy:
- <<: *quick_checks_job
- <<: *python_triggering_rules
+coccinelle:
+ <<: *other_checks_job
+ rules:
+ - if: '$CI_MERGE_REQUEST_DIFF_BASE_SHA != null'
+ changes:
+ - '**/*.c'
+ - '**/*.h'
+ - 'cocci/**'
+ - 'util/check-cocci.sh'
+ - *rule_mr_manual
+ - *rule_tag
+ - *rule_source_other_than_mr
+ needs: []
script:
- - mypy "bin/tests/system/isctest/"
+ - util/check-cocci.sh
+ - if test "$(git status --porcelain | grep -Ev '\?\?' | wc -l)" -gt "0"; then git status --short; exit 1; fi
+
+# Jobs for scan-build builds on Debian 13 "trixie" (amd64)
+
+.scan_build: &scan_build
+ - ${SCAN_BUILD} --html-title="BIND 9 ($CI_COMMIT_SHORT_SHA)"
+ --keep-cc
+ --status-bugs
+ --keep-going
+ -o scan-build.reports make -j${BUILD_PARALLEL_JOBS:-1} all V=1
+
+scan-build:
+ <<: *other_checks_job
+ variables:
+ CC: "${CLANG}"
+ CFLAGS: "${CFLAGS_COMMON}"
+ CONFIGURE: "${SCAN_BUILD} ./configure"
+ EXTRA_CONFIGURE: "--with-libidn2"
+ before_script:
+ - *list_installed_package_versions
+ script:
+ - *configure
+ - *scan_build
+ needs:
+ - job: autoreconf
+ artifacts: true
+ artifacts:
+ paths:
+ - scan-build.reports/
+ when: on_failure
+
+# Coverity Scan analysis upload
+
+.coverity_prep: &coverity_prep
+ - curl --output /tmp/cov-analysis-linux64.md5 https://scan.coverity.com/download/linux64
+ --form project=$COVERITY_SCAN_PROJECT_NAME
+ --form token=$COVERITY_SCAN_TOKEN
+ --form md5=1
+ - curl --output /tmp/cov-analysis-linux64.tgz https://scan.coverity.com/download/linux64
+ --form project=$COVERITY_SCAN_PROJECT_NAME
+ --form token=$COVERITY_SCAN_TOKEN
+ - test "$(md5sum /tmp/cov-analysis-linux64.tgz | awk '{ print $1 }')" = "$(cat /tmp/cov-analysis-linux64.md5)"
+ - tar --extract --gzip --file=/tmp/cov-analysis-linux64.tgz --directory=/tmp
+ - test -d /tmp/cov-analysis-linux64-*
+
+.coverity_build: &coverity_build
+ - /tmp/cov-analysis-linux64-*/bin/cov-build --dir /tmp/cov-int sh -c 'make -j${BUILD_PARALLEL_JOBS:-1} -k all V=1'
+ - tar --create --gzip --file=/tmp/cov-int.tar.gz --directory /tmp cov-int
+ - curl -v https://scan.coverity.com/builds?project=$COVERITY_SCAN_PROJECT_NAME
+ --form token=$COVERITY_SCAN_TOKEN
+ --form email=bind-changes@isc.org
+ --form file=@/tmp/cov-int.tar.gz
+ --form version="$(git rev-parse --short HEAD)"
+ --form description="$(git rev-parse --short HEAD) / $CI_COMMIT_TITLE / $CI_COMMIT_REF_NAME:$CI_PIPELINE_ID" 2>&1
+ | tee curl-response.txt
+ - grep -q 'Build successfully submitted' curl-response.txt
+
+coverity:
+ <<: *other_checks_job
+ variables:
+ CC: gcc
+ CFLAGS: "${CFLAGS_COMMON} -Og"
+ EXTRA_CONFIGURE: "--with-libidn2"
+ script:
+ - *coverity_prep
+ - *configure
+ - *coverity_build
+ after_script:
+ - mv -v /tmp/cov-int.tar.gz ${CI_PROJECT_DIR}/
+ needs:
+ - job: autoreconf
+ artifacts: true
+ artifacts:
+ paths:
+ - curl-response.txt
+ - cov-int.tar.gz
+ expire_in: "1 week"
+ when: on_failure
+ rules:
+ - if: '$COVERITY_SCAN_PROJECT_NAME != null && $COVERITY_SCAN_TOKEN != null'
tarball-create:
<<: *build_job
<<: *debian_trixie_amd64cross32_image
<<: *build_job
-# Jobs for scan-build builds on Debian 13 "trixie" (amd64)
-
-.scan_build: &scan_build
- - ${SCAN_BUILD} --html-title="BIND 9 ($CI_COMMIT_SHORT_SHA)"
- --keep-cc
- --status-bugs
- --keep-going
- -o scan-build.reports make -j${BUILD_PARALLEL_JOBS:-1} all V=1
-
-scan-build:
- <<: *other_checks_job
- variables:
- CC: "${CLANG}"
- CFLAGS: "${CFLAGS_COMMON}"
- CONFIGURE: "${SCAN_BUILD} ./configure"
- EXTRA_CONFIGURE: "--with-libidn2"
- before_script:
- - *list_installed_package_versions
- script:
- - *configure
- - *scan_build
- needs:
- - job: autoreconf
- artifacts: true
- artifacts:
- paths:
- - scan-build.reports/
- when: on_failure
-
# Jobs for regular GCC builds on Debian "sid" (amd64)
# Also tests configration option: --without-lmdb.
tsan:stress:
<<: *default_triggering_rules
- stage: other-checks
+ stage: system
variables:
PARENT_PIPELINE_ID: $CI_PIPELINE_ID
trigger:
script:
- bind9-qa/releng/push_to_customer_repository.py --tag "$CI_COMMIT_TAG" --entitlements isc-customer-settings/entitlements.yaml --force
-# Coverity Scan analysis upload
-
-.coverity_prep: &coverity_prep
- - curl --output /tmp/cov-analysis-linux64.md5 https://scan.coverity.com/download/linux64
- --form project=$COVERITY_SCAN_PROJECT_NAME
- --form token=$COVERITY_SCAN_TOKEN
- --form md5=1
- - curl --output /tmp/cov-analysis-linux64.tgz https://scan.coverity.com/download/linux64
- --form project=$COVERITY_SCAN_PROJECT_NAME
- --form token=$COVERITY_SCAN_TOKEN
- - test "$(md5sum /tmp/cov-analysis-linux64.tgz | awk '{ print $1 }')" = "$(cat /tmp/cov-analysis-linux64.md5)"
- - tar --extract --gzip --file=/tmp/cov-analysis-linux64.tgz --directory=/tmp
- - test -d /tmp/cov-analysis-linux64-*
-
-.coverity_build: &coverity_build
- - /tmp/cov-analysis-linux64-*/bin/cov-build --dir /tmp/cov-int sh -c 'make -j${BUILD_PARALLEL_JOBS:-1} -k all V=1'
- - tar --create --gzip --file=/tmp/cov-int.tar.gz --directory /tmp cov-int
- - curl -v https://scan.coverity.com/builds?project=$COVERITY_SCAN_PROJECT_NAME
- --form token=$COVERITY_SCAN_TOKEN
- --form email=bind-changes@isc.org
- --form file=@/tmp/cov-int.tar.gz
- --form version="$(git rev-parse --short HEAD)"
- --form description="$(git rev-parse --short HEAD) / $CI_COMMIT_TITLE / $CI_COMMIT_REF_NAME:$CI_PIPELINE_ID" 2>&1
- | tee curl-response.txt
- - grep -q 'Build successfully submitted' curl-response.txt
-
-coverity:
- <<: *other_checks_job
- variables:
- CC: gcc
- CFLAGS: "${CFLAGS_COMMON} -Og"
- EXTRA_CONFIGURE: "--with-libidn2"
- script:
- - *coverity_prep
- - *configure
- - *coverity_build
- after_script:
- - mv -v /tmp/cov-int.tar.gz ${CI_PROJECT_DIR}/
- needs:
- - job: autoreconf
- artifacts: true
- artifacts:
- paths:
- - curl-response.txt
- - cov-int.tar.gz
- expire_in: "1 week"
- when: on_failure
- rules:
- - if: '$COVERITY_SCAN_PROJECT_NAME != null && $COVERITY_SCAN_TOKEN != null'
-
# Respdiff tests
respdiff:
artifacts: true
gcov:
- <<: *other_checks_job
+ <<: *default_triggering_rules
+ <<: *base_image
+ stage: system
needs:
- job: system:gcc:trixie:amd64
artifacts: true
projects / thirdparty / bind9.git / commitdiff
