This is the bulk of the CI/CD overhaul.
Most of the changes are to the `.gitlab-ci.yml` file, where the build
images used are replaced with the ones provided by the
`knot-resolver-ci` repository. Some cleanups have also been done.
The commit also adds unit testing with Knot Resolver built against
multiple versions of Knot DNS, including the `master` branch. The
`master` branch image is built nightly in the `knot-resolver-ci` repo.
We have also removed `scan-build`, as its tests change frequently, with
lots of false-positives, which are very different on each version, and
there is no good way to ignore some detections. Clang-Tidy covers some
of the same issues, and we also have Coverity Scan. Should be more than
enough.
A few config tests were also excluded in the AddressSanitizer tests,
because they produce false-positives.
PREFIX: $CI_PROJECT_DIR/.local
EMAIL: 'ci@nic'
-image: $CI_REGISTRY/knot/knot-resolver/ci/debian-11:knot-$KNOT_VERSION
+ # IMAGE_TAG is a Git branch/tag name from https://gitlab.nic.cz/knot/knot-resolver-ci
+ # In general, keep it pointing to a tag - use a branch only for development.
+ # More info in the knot-resolver-ci repository.
+ IMAGE_TAG: 'v20240506'
+ IMAGE_PREFIX: '$CI_REGISTRY/knot/knot-resolver-ci'
+
+image: $IMAGE_PREFIX/debian12-knot_3_3:$IMAGE_TAG
default:
interruptible: true
tags:
.after_build: &after_build
<<: *common
needs:
- - build
+ - build-stable
before_script:
# meson detects changes and performs useless rebuild; hide the log
- ninja -C build_ci* &>/dev/null
- pkg
reports:
junit: build_ci*/meson-logs/testlog.junit.xml
+ before_script:
+ - "echo \"PATH: $PATH\""
+ - "echo \"Using Python at: $(which python)\""
after_script:
- ci/fix-meson-junit.sh build_ci*/meson-logs/testlog.junit.xml
script:
- apkg make-archive
-build:
+build-stable:
+ <<: *build
+ script:
+ - meson build_ci_stable --prefix=$PREFIX -Dmalloc=disabled -Dwerror=true -Dextra_tests=enabled
+ - ninja -C build_ci_stable
+ - ninja -C build_ci_stable install >/dev/null
+ - ${MESON_TEST} --suite unit --suite config --suite dnstap --no-suite snowflake
+
+build-deb11-knot31:
+ <<: *build
+ image: $IMAGE_PREFIX/debian11-knot_3_1:$IMAGE_TAG
+ script:
+ - meson build_ci_deb11_knot31 --prefix=$PREFIX -Dmalloc=disabled -Dwerror=true -Dextra_tests=enabled
+ - ninja -C build_ci_deb11_knot31
+ - ninja -C build_ci_deb11_knot31 install >/dev/null
+ - ${MESON_TEST} --suite unit --suite config --suite dnstap --no-suite snowflake
+
+build-deb11-knot32:
+ <<: *build
+ image: $IMAGE_PREFIX/debian11-knot_3_2:$IMAGE_TAG
+ script:
+ - meson build_ci_deb11_knot32 --prefix=$PREFIX -Dmalloc=disabled -Dwerror=true -Dextra_tests=enabled
+ - ninja -C build_ci_deb11_knot32
+ - ninja -C build_ci_deb11_knot32 install >/dev/null
+ - ${MESON_TEST} --suite unit --suite config --suite dnstap --no-suite snowflake
+
+build-deb12-knot32:
<<: *build
+ image: $IMAGE_PREFIX/debian12-knot_3_2:$IMAGE_TAG
script:
- - meson build_ci --prefix=$PREFIX -Dmalloc=disabled -Dwerror=true -Dextra_tests=enabled
- - ninja -C build_ci
- - ninja -C build_ci install >/dev/null
+ - meson build_ci_deb12_knot32 --prefix=$PREFIX -Dmalloc=disabled -Dwerror=true -Dextra_tests=enabled
+ - ninja -C build_ci_deb12_knot32
+ - ninja -C build_ci_deb12_knot32 install >/dev/null
- ${MESON_TEST} --suite unit --suite config --suite dnstap --no-suite snowflake
-build-knot32:
+build-deb12-knot-master:
<<: *build
- image: $CI_REGISTRY/knot/knot-resolver/ci/debian-11:knot-3.2
+ image: $IMAGE_PREFIX/debian12-knot_master:$IMAGE_TAG
script:
- - meson build_ci_knot32 --prefix=$PREFIX -Dmalloc=disabled -Dwerror=true -Dextra_tests=enabled
- - ninja -C build_ci_knot32
- - ninja -C build_ci_knot32 install >/dev/null
+ - meson build_ci_deb12_knot_master --prefix=$PREFIX -Dmalloc=disabled -Dwerror=true -Dextra_tests=enabled
+ - ninja -C build_ci_deb12_knot_master
+ - ninja -C build_ci_deb12_knot_master install >/dev/null
- ${MESON_TEST} --suite unit --suite config --suite dnstap --no-suite snowflake
+ allow_failure: true
-build-asan:
+build-stable-asan-gcc:
<<: *build
script:
- # issues with UBSan and ASan in CI:
- # - `ahocorasick.so` causes C++ problems
- # - `--default-library=shared` causes link problems
- - CC=clang CXX=clang++ CFLAGS=-fno-sanitize-recover=all CXXFLAGS=-fno-sanitize=undefined meson build_ci_asan --default-library=static --prefix=$PREFIX -Dmalloc=jemalloc -Db_sanitize=address,undefined -Dextra_tests=enabled
- - ninja -C build_ci_asan
- - ninja -C build_ci_asan install >/dev/null
- # TODO _leaks: not sure what exactly is wrong in leak detection on config tests
- # TODO skip_asan: all three of these disappear locally when using gcc 9.1 (except some leaks)
- - MESON_TESTTHREADS=1 ASAN_OPTIONS=detect_leaks=0 ${MESON_TEST} --suite unit --suite config --suite dnstap --no-suite skip_asan --no-suite snowflake
+ - CFLAGS=-fno-sanitize-recover=all meson build_ci_asan_gcc --prefix=$PREFIX -Dmalloc=jemalloc -Db_sanitize=address,undefined -Dextra_tests=enabled
+ - ninja -C build_ci_asan_gcc
+ - ninja -C build_ci_asan_gcc install >/dev/null
+ - MESON_TESTTHREADS=1 ${MESON_TEST} --suite unit --suite dnstap --no-suite skip_asan --no-suite snowflake
+ - MESON_TESTTHREADS=1 ASAN_OPTIONS=detect_leaks=0 ${MESON_TEST} --suite config --no-suite skip_asan --no-suite snowflake
+
+
+# TODO: Clang sanitizer seems to be broken in the current version of Debian. Use
+# GCC above and maybe re-enable the Clang one once we update at some point.
+
+#build-stable-asan-clang:
+# <<: *build
+# script:
+# # issues with UBSan and ASan in CI:
+# # - `ahocorasick.so` causes C++ problems
+# # - `--default-library=shared` causes link problems
+# - CC=clang CXX=clang++ CFLAGS=-fno-sanitize-recover=all CXXFLAGS=-fno-sanitize=undefined meson build_ci_asan_clang --default-library=static --prefix=$PREFIX -Dmalloc=jemalloc -Db_sanitize=address,undefined -Dextra_tests=enabled
+# - ninja -C build_ci_asan_clang
+# - ninja -C build_ci_asan_clang install >/dev/null
+# # TODO _leaks: not sure what exactly is wrong in leak detection on config tests
+# # TODO skip_asan: all three of these disappear locally when using gcc 9.1 (except some leaks)
+# - MESON_TESTTHREADS=1 ASAN_OPTIONS=detect_leaks=0 ${MESON_TEST} --suite unit --suite config --suite dnstap --no-suite skip_asan --no-suite snowflake
build:macOS:
<<: *nodep
+ image: python:3-alpine
only:
refs:
- branches@knot/knot-resolver
when: delayed
start_in: 3 minutes # allow some time for mirroring, job creation
script:
- - ci/gh_actions.py ${CI_COMMIT_REF_NAME} ${CI_COMMIT_SHA}
+ - pip3 install -U requests
+ - python3 ./ci/gh_actions.py ${CI_COMMIT_REF_NAME} ${CI_COMMIT_SHA}
docker:
<<: *nodep
-Wpedantic -Wno-newline-eof -Wno-gnu-zero-variadic-macro-arguments -Wno-gnu-folding-constant'
- ninja -C build_pedantic_clang
-lint:scan-build:
- <<: *after_build
- # TODO migrate lint to debian-11
- image: $CI_REGISTRY/knot/knot-resolver/ci/debian-buster:knot-$KNOT_VERSION
- before_script:
- # -- end TODO
- stage: sanity
- artifacts:
- when: on_failure
- expire_in: '1 day'
- paths:
- - build_ci*/meson-logs/scanbuild
- script:
- - export SCANBUILD="$(realpath ./scripts/run-scanbuild-with-args.sh)"
- - ninja -C build_ci* scan-build || true
- - test "$(ls build_ci*/meson-logs/scanbuild/*/report-*.html | wc -l)" = 22 # we have this many errors ATM :-)
-
lint:tidy:
<<: *after_build
- # TODO migrate lint to debian-11
- image: $CI_REGISTRY/knot/knot-resolver/ci/debian-buster:knot-$KNOT_VERSION
- before_script:
- # -- end TODO
stage: sanity
script:
- ninja -C build_ci* tidy
# Coverity reference: https://www.synopsys.com/blogs/software-security/integrating-coverity-scan-with-gitlab-ci/
lint:coverity:
<<: *sanity
- image: $CI_REGISTRY/knot/knot-resolver/ci/debian-11-coverity:knot-$KNOT_VERSION
+ image: $IMAGE_PREFIX/coverity:$IMAGE_TAG
only:
refs:
- nightly@knot/knot-resolver
- ninja -C build_ci_lib daemon/kresd
- ninja -C build_ci_lib kres-gen
- git diff --quiet || (git diff; exit 1)
-kres-gen-30:
- <<: *kres-gen
- image: $CI_REGISTRY/knot/knot-resolver/ci/debian-11:knot-3.0
kres-gen-31:
<<: *kres-gen
- image: $CI_REGISTRY/knot/knot-resolver/ci/debian-11:knot-3.1
+ image: $IMAGE_PREFIX/debian11-knot_3_1:$IMAGE_TAG
kres-gen-32:
<<: *kres-gen
- image: $CI_REGISTRY/knot/knot-resolver/ci/debian-11:knot-3.2
+ image: $IMAGE_PREFIX/debian12-knot_3_2:$IMAGE_TAG
root.hints:
<<: *sanity
- /^release.*$/
script:
- scripts/update-root-hints.sh
+
+ci-image-is-tag:
+ <<: *sanity
+ image: alpine:3
+ variables:
+ GIT_STRATEGY: none
+ script:
+ - apk add git
+ - (
+ git ls-remote --tags --exit-code
+ https://gitlab.nic.cz/knot/knot-resolver-ci.git
+ refs/tags/$IMAGE_TAG
+ && echo "Everything is OK!"
+ )
+ || (echo "'$IMAGE_TAG' is not a tag (probably a branch). Make sure to set it to a tag in production!"; exit 2)
# }}}
# test {{{
<<: *after_build
stage: test
needs:
- - build-asan
+ - build-stable-asan-gcc
script:
- ulimit -n "$(ulimit -Hn)" # applies only for kresd ATM
- ./ci/respdiff/start-resolvers.sh
include: ci/pkgtest.yaml
strategy: depend
needs:
- - build
+ - build-stable
variables: # https://gitlab.nic.cz/help/ci/yaml/README.md#artifact-downloads-to-child-pipelines
PARENT_PIPELINE_ID: $CI_PIPELINE_ID
except:
pytests:
<<: *test_flaky
needs:
- - build-asan
+ - build-stable-asan-gcc
artifacts:
when: always
paths:
# docs: {{{
docs:build:
- image: $CI_REGISTRY/packaging/apkg/lxc/fedora-36
stage: deploy
needs: []
script:
- git submodule update --init --recursive
- - apkg build-dep -y
- - dnf install -y python3-sphinx texinfo doxygen
- pip3 install -U -r doc/requirements.txt
- pip3 install -U sphinx_rtd_theme
- meson build_doc -Ddoc=enabled
+++ /dev/null
-# Container images for CI
-
-## Image purpose
-
-### debian-11
-
-The main image used by shared runners to execute most CI builds and tests.
-
-### debian-11-coverity
-
-A stripped down version of `debian-11`. It only contains build (not test)
-dependencies of `kresd`. It also contains the `cov-build` tool for generating
-inputs for [Coverity Scan](https://scan.coverity.com/).
-
-It is used by the `coverity` CI job to generate and send data to Coverity Scan
-for analysis.
-
-To build this image, you need to retrieve the Coverity Scan token from the
-dashboard and pass it to the `build.sh` script using the `COVERITY_SCAN_TOKEN`
-environment variable, e.g.:
-
-```
-$ COVERITY_SCAN_TOKEN=the_secret_token ./build.sh debian-11-coverity
-```
-
-### debian-buster (10)
-
-Used to serve the same purpose as `debian-11`. As of 2022-03-09, it is still
-used by some jobs (linters).
-
-## Maintenance
-
-The `ci/images/` directory contains utility scripts to build, push or update
-the container images.
-
-```
-$ ./build.sh debian-11 # builds a debian-11 image locally
-$ ./push.sh debian-11 # pushes the local image into target registry
-$ ./update.sh debian-11 # utility wrapper that both builds and pushes the image
-$ ./update.sh */ # use shell expansion of dirnames to update all images
-```
-
-By default, a branch of Knot DNS deemed to be stable is selected according to
-the `vars.sh` file. To build an image for a different Knot DNS branch, set the
-`KNOT_BRANCH` environment variable to the name of the branch, e.g.:
-
-```
-$ KNOT_BRANCH='3.2' ./update.sh debian-11
-```
+++ /dev/null
-#!/bin/bash
-# build specified docker image
-
-CURRENT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" >/dev/null 2>&1 && pwd)"
-source "${CURRENT_DIR}"/vars.sh "$@"
-set -ex
-
-if [ -n "$COVERITY_SCAN_TOKEN" ]; then
- SECRETS="$SECRETS --secret id=coverity-token,env=COVERITY_SCAN_TOKEN"
-fi
-
-DOCKERFILE="$(realpath "${IMAGE}")/Dockerfile"
-
-cd "$CURRENT_DIR/../.."
-export DOCKER_BUILDKIT=1 # Enables using secrets in docker-build
-docker build \
- --pull \
- --no-cache \
- --tag "${FULL_NAME}" \
- --file "${DOCKERFILE}" \
- . \
- --build-arg KNOT_BRANCH=${KNOT_BRANCH} \
- $SECRETS
+++ /dev/null
-# SPDX-License-Identifier: GPL-3.0-or-later
-
-FROM debian:bullseye
-MAINTAINER Knot Resolver <knot-resolver@labs.nic.cz>
-# >= 3.0 needed because of --enable-xdp=yes
-ARG KNOT_BRANCH=3.1
-ARG COVERITY_SCAN_PROJECT_NAME=CZ-NIC/knot-resolver
-ENV DEBIAN_FRONTEND=noninteractive
-
-WORKDIR /root
-CMD ["/bin/bash"]
-
-# generic cleanup
-RUN apt-get update -qq
-
-# Knot and Knot Resolver dependencies
-RUN apt-get install -y -qqq git make cmake pkg-config meson \
- build-essential bsdmainutils libtool autoconf libcmocka-dev \
- liburcu-dev libgnutls28-dev libedit-dev liblmdb-dev libcap-ng-dev libsystemd-dev \
- libelf-dev libmnl-dev libidn11-dev libuv1-dev \
- libluajit-5.1-dev lua-http libssl-dev libnghttp2-dev
-
-# LuaJIT binary for stand-alone scripting
-RUN apt-get install -y -qqq luajit
-
-# build and install latest version of Knot DNS
-RUN git clone --depth=1 --branch=$KNOT_BRANCH https://gitlab.nic.cz/knot/knot-dns.git /tmp/knot
-WORKDIR /tmp/knot
-RUN pwd
-RUN autoreconf -if
-RUN ./configure --prefix=/usr --enable-xdp=yes
-RUN CFLAGS="-g" make
-RUN make install
-RUN ldconfig
-
-# curl and tar (for downloading Coverity tools and uploading logs)
-RUN apt-get install -y curl tar
-
-RUN --mount=type=secret,id=coverity-token \
- curl -o /tmp/cov-analysis-linux64.tar.gz https://scan.coverity.com/download/cxx/linux64 \
- --form project=$COVERITY_SCAN_PROJECT_NAME --form token=$(cat /run/secrets/coverity-token)
-RUN tar xfz /tmp/cov-analysis-linux64.tar.gz
-RUN mv cov-analysis-linux64-* /opt/cov-analysis
+++ /dev/null
-# SPDX-License-Identifier: GPL-3.0-or-later
-
-FROM debian:bullseye
-MAINTAINER Knot Resolver <knot-resolver@labs.nic.cz>
-# >= 3.0 needed because of --enable-xdp=yes
-ARG KNOT_BRANCH=3.1
-ENV DEBIAN_FRONTEND=noninteractive
-
-WORKDIR /root
-CMD ["/bin/bash"]
-
-# generic cleanup
-RUN apt-get update -qq
-
-# Knot and Knot Resolver dependencies
-RUN apt-get install -y -qqq git make cmake pkg-config meson \
- build-essential bsdmainutils libtool autoconf libcmocka-dev \
- liburcu-dev libgnutls28-dev libedit-dev liblmdb-dev libcap-ng-dev libsystemd-dev \
- libelf-dev libmnl-dev libidn11-dev libuv1-dev libjemalloc-dev \
- libluajit-5.1-dev lua-http libssl-dev libnghttp2-dev
-
-# Build and testing deps for Resolver's dnstap module (go stuff is just for testing)
-RUN apt-get install -y -qqq \
- protobuf-c-compiler libprotobuf-c-dev libfstrm-dev \
- golang-any
-COPY ./tests/dnstap /root/tests/dnstap
-WORKDIR /root/tests/dnstap/src/dnstap-test
-RUN go get .
-WORKDIR /root
-
-# documentation dependencies
-RUN apt-get install -y -qqq doxygen python3-sphinx python3-breathe python3-sphinx-rtd-theme
-
-# Python packages required for Deckard CI
-# Python: grab latest versions from PyPi
-# (Augeas binding in Debian packages are slow and buggy)
-RUN apt-get install -y -qqq python3-pip wget augeas-tools
-RUN pip3 install --upgrade pip
-RUN pip3 install pylint
-RUN pip3 install pep8
-# FIXME replace with dnspython >= 2.2.0 once released
-RUN pip3 install git+https://github.com/bwelling/dnspython.git@72348d4698a8f8b209fbdf9e72738904ad31b930
-# tests/pytest dependencies: skip over broken versions
-RUN pip3 install jinja2 'pytest != 6.0.0' pytest-html pytest-xdist pytest-forked
-# apkg for packaging
-RUN pip3 install apkg
-
-# packet capture tools for Deckard
-RUN apt-get install --no-install-suggests --no-install-recommends -y -qqq tcpdump wireshark-common
-
-# Faketime for Deckard
-RUN apt-get install -y -qqq faketime
-
-# C dependencies for python-augeas
-RUN apt-get install -y -qqq libaugeas-dev libffi-dev
-# Python dependencies for Deckard
-RUN wget https://gitlab.nic.cz/knot/deckard/raw/master/requirements.txt -O /tmp/deckard-req.txt
-RUN pip3 install -r /tmp/deckard-req.txt
-
-# build and install latest version of Knot DNS
-RUN git clone --depth=1 --branch=$KNOT_BRANCH https://gitlab.nic.cz/knot/knot-dns.git /tmp/knot
-WORKDIR /tmp/knot
-RUN pwd
-RUN autoreconf -if
-RUN ./configure --prefix=/usr --enable-xdp=yes
-RUN CFLAGS="-g" make
-RUN make install
-RUN ldconfig
-
-# Valgrind for kresd CI
-RUN apt-get install valgrind -y -qqq
-RUN wget https://github.com/LuaJIT/LuaJIT/raw/v2.1.0-beta3/src/lj.supp -O /lj.supp
-# TODO: rebuild LuaJIT with Valgrind support
-
-# Lua lint for kresd CI
-RUN apt-get install luarocks -y -qqq
-RUN luarocks --lua-version 5.1 install luacheck
-
-# respdiff for kresd CI
-RUN apt-get install lmdb-utils -y -qqq
-RUN git clone --depth=1 https://gitlab.nic.cz/knot/respdiff /var/opt/respdiff
-RUN pip3 install -r /var/opt/respdiff/requirements.txt
-
-# Python static analysis for respdiff
-RUN pip3 install mypy
-RUN pip3 install flake8
-
-# Python requests for CI scripts
-RUN pip3 install requests
-
-# docker-py for packaging tests
-RUN pip3 install docker
-
-# Unbound for respdiff
-RUN apt-get install unbound unbound-anchor -y -qqq
-RUN printf "server:\n interface: 127.0.0.1@53535\n use-syslog: yes\n do-ip6: no\nremote-control:\n control-enable: no\n" >> /etc/unbound/unbound.conf
-
-# BIND for respdiff
-RUN apt-get install bind9 -y -qqq
-RUN printf '\nOPTIONS="-4 $OPTIONS"' >> /etc/default/bind9
-RUN printf 'options {\n directory "/var/cache/bind";\n listen-on port 53533 { 127.0.0.1; };\n listen-on-v6 port 53533 { ::1; };\n};\n' > /etc/bind/named.conf.options
-
-# PowerDNS Recursor for Deckard CI
-RUN apt-get install pdns-recursor -y -qqq
-
-# dnsdist for Deckard CI
-RUN apt-get install dnsdist -y -qqq
-
-# code coverage
-RUN apt-get install -y -qqq lcov
-RUN luarocks --lua-version 5.1 install luacov
-
-# LuaJIT binary for stand-alone scripting
-RUN apt-get install -y -qqq luajit
-
-# clang for kresd CI, version updated as debian updates it
-RUN apt-get install -y -qqq clang clang-tools clang-tidy
-
-# OpenBuildService CLI tool
-RUN apt-get install -y osc
-
-# curl (API)
-RUN apt-get install -y curl
-
-# configure knot-resolver-testing OBS repo for dependencies missing in Debian
-RUN echo 'deb http://download.opensuse.org/repositories/home:/CZ-NIC:/knot-resolver-testing/Debian_11/ /' > /etc/apt/sources.list.d/knot-resolver-testing.list
-RUN wget -nv https://download.opensuse.org/repositories/home:CZ-NIC:knot-resolver-testing/Debian_11/Release.key -O Release.key
-RUN APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=1 apt-key add Release.key
-RUN rm Release.key
-RUN apt-get update -qq
-
-# packages from our knot-resolver-testing repo
-RUN apt-get update
-RUN apt-get install -y -qqq lua-psl
-
-# en_US.UTF-8 locale for scripts.update-authors.sh
-RUN apt-get install -y -qqq locales
-RUN sed -i "/en_US.UTF-8/ s/^#\(.*\)/\1/" /etc/locale.gen
-RUN locale-gen
-
-# SonarCloud scanner
-RUN wget -O /var/opt/wrapper.zip https://sonarcloud.io/static/cpp/build-wrapper-linux-x86.zip
-RUN wget -O /var/opt/scanner.zip https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-5.0.1.3006-linux.zip
-RUN unzip -d /var/opt /var/opt/wrapper.zip
-RUN unzip -d /var/opt /var/opt/scanner.zip
-ENV PATH "$PATH:/var/opt/build-wrapper-linux-x86:/var/opt/sonar-scanner-5.0.1.3006-linux/bin"
+++ /dev/null
-# SPDX-License-Identifier: GPL-3.0-or-later
-
-FROM debian:buster
-MAINTAINER Knot Resolver <knot-resolver@labs.nic.cz>
-# >= 3.0 needed because of --enable-xdp=yes
-ARG KNOT_BRANCH=3.0
-ENV DEBIAN_FRONTEND=noninteractive
-
-WORKDIR /root
-CMD ["/bin/bash"]
-
-# generic cleanup
-RUN apt-get update -qq
-# TODO: run upgrade once buster reaches a stable release
-# RUN apt-get upgrade -y -qqq
-
-# Knot and Knot Resolver dependencies
-RUN apt-get install -y -qqq git make cmake pkg-config meson \
- build-essential bsdmainutils libtool autoconf libcmocka-dev \
- liburcu-dev libgnutls28-dev libedit-dev liblmdb-dev libcap-ng-dev libsystemd-dev \
- libelf-dev libmnl-dev libidn11-dev libuv1-dev \
- libluajit-5.1-dev lua-http libssl-dev libnghttp2-dev
-
-# Build and testing deps for Resolver's dnstap module (go stuff is just for testing)
-RUN apt-get install -y -qqq \
- protobuf-c-compiler libprotobuf-c-dev libfstrm-dev \
- golang-any
-COPY ./tests/dnstap /root/tests/dnstap
-WORKDIR /root/tests/dnstap/src/dnstap-test
-RUN go get .
-WORKDIR /root
-
-# documentation dependencies
-RUN apt-get install -y -qqq doxygen python3-sphinx python3-breathe python3-sphinx-rtd-theme
-
-# Python packages required for Deckard CI
-# Python: grab latest versions from PyPi
-# (Augeas binding in Debian packages are slow and buggy)
-RUN apt-get install -y -qqq python3-pip wget augeas-tools
-RUN pip3 install --upgrade pip
-RUN pip3 install pylint
-RUN pip3 install pep8
-RUN pip3 install pytest-xdist
-# tests/pytest dependencies: skip over broken versions
-RUN pip3 install 'dnspython != 2.0.0' 'jinja2 == 2.11.3' 'pytest != 6.0.0' pytest-html pytest-xdist
-
-# packet capture tools for Deckard
-RUN apt-get install --no-install-suggests --no-install-recommends -y -qqq tcpdump wireshark-common
-
-# Faketime for Deckard
-RUN apt-get install -y -qqq faketime
-
-# C dependencies for python-augeas
-RUN apt-get install -y -qqq libaugeas-dev libffi-dev
-# Python dependencies for Deckard
-RUN wget https://gitlab.nic.cz/knot/deckard/raw/master/requirements.txt -O /tmp/deckard-req.txt
-RUN pip3 install -r /tmp/deckard-req.txt
-
-# build and install latest version of Knot DNS
-RUN git clone --depth=1 --branch=$KNOT_BRANCH https://gitlab.nic.cz/knot/knot-dns.git /tmp/knot
-WORKDIR /tmp/knot
-RUN pwd
-RUN autoreconf -if
-RUN ./configure --prefix=/usr --enable-xdp=yes
-RUN CFLAGS="-g" make
-RUN make install
-RUN ldconfig
-
-# Valgrind for kresd CI
-RUN apt-get install valgrind -y -qqq
-RUN wget https://github.com/LuaJIT/LuaJIT/raw/v2.1.0-beta3/src/lj.supp -O /lj.supp
-# TODO: rebuild LuaJIT with Valgrind support
-
-# Lua lint for kresd CI
-RUN apt-get install luarocks -y -qqq
-RUN luarocks --lua-version 5.1 install luacheck
-
-# respdiff for kresd CI
-RUN apt-get install lmdb-utils -y -qqq
-RUN git clone --depth=1 https://gitlab.nic.cz/knot/respdiff /var/opt/respdiff
-RUN pip3 install -r /var/opt/respdiff/requirements.txt
-
-# Python static analysis for respdiff
-RUN pip3 install mypy
-RUN pip3 install flake8
-
-# Python requests for CI scripts
-RUN pip3 install requests
-
-# docker-py for packaging tests
-RUN pip3 install docker
-
-# Unbound for respdiff
-RUN apt-get install unbound unbound-anchor -y -qqq
-RUN printf "server:\n interface: 127.0.0.1@53535\n use-syslog: yes\n do-ip6: no\nremote-control:\n control-enable: no\n" >> /etc/unbound/unbound.conf
-
-# BIND for respdiff
-RUN apt-get install bind9 -y -qqq
-RUN printf '\nOPTIONS="-4 $OPTIONS"' >> /etc/default/bind9
-RUN printf 'options {\n directory "/var/cache/bind";\n listen-on port 53533 { 127.0.0.1; };\n listen-on-v6 port 53533 { ::1; };\n};\n' > /etc/bind/named.conf.options
-
-# PowerDNS Recursor for Deckard CI
-RUN apt-get install pdns-recursor -y -qqq
-
-# code coverage
-RUN apt-get install -y -qqq lcov
-RUN luarocks --lua-version 5.1 install luacov
-
-# LuaJIT binary for stand-alone scripting
-RUN apt-get install -y -qqq luajit
-
-# clang for kresd CI, version updated as debian updates it
-RUN apt-get install -y -qqq clang clang-tools clang-tidy
-
-# OpenBuildService CLI tool
-RUN apt-get install -y osc
-
-# curl (API)
-RUN apt-get install -y curl
-
-# configure knot-resolver-testing OBS repo for dependencies missing in Debian
-RUN echo 'deb http://download.opensuse.org/repositories/home:/CZ-NIC:/knot-resolver-testing/Debian_10/ /' > /etc/apt/sources.list.d/knot-resolver-testing.list
-RUN wget -nv https://download.opensuse.org/repositories/home:CZ-NIC:knot-resolver-testing/Debian_10/Release.key -O Release.key
-RUN APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=1 apt-key add Release.key
-RUN rm Release.key
-RUN apt-get update -qq
-
-# packages from our knot-resolver-testing repo
-RUN apt-get install -y -qqq lua-http lua-psl
-
-# en_US.UTF-8 locale for scripts.update-authors.sh
-RUN apt-get install -y -qqq locales
-RUN sed -i "/en_US.UTF-8/ s/^#\(.*\)/\1/" /etc/locale.gen
-RUN locale-gen
-
-# SonarCloud scanner
-RUN wget -O /var/opt/wrapper.zip https://sonarcloud.io/static/cpp/build-wrapper-linux-x86.zip
-RUN wget -O /var/opt/scanner.zip https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-4.4.0.2170-linux.zip
-RUN unzip -d /var/opt /var/opt/wrapper.zip
-RUN unzip -d /var/opt /var/opt/scanner.zip
-ENV PATH "$PATH:/var/opt/build-wrapper-linux-x86:/var/opt/sonar-scanner-4.4.0.2170-linux/bin"
-
-# let's get newer meson from backports
-RUN echo 'deb http://deb.debian.org/debian buster-backports main' > /etc/apt/sources.list.d/backports.list
-RUN apt-get update -qq
-RUN apt-get -t buster-backports install -y -qqq meson
+++ /dev/null
-#!/bin/bash
-# upload docker image into registry
-
-CURRENT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" >/dev/null 2>&1 && pwd)"
-source "${CURRENT_DIR}"/vars.sh "$@"
-set -ex
-
-docker push "${FULL_NAME}"
+++ /dev/null
-#!/bin/bash
-# build and upload docker image(s) into registry
-#
-# this is a simple wrapper around build.sh and update.sh
-#
-# to build & upload all images: ./update.sh */
-
-if [[ $# -le 0 ]]; then
- echo "usage: $0 IMAGE..."
- exit 1
-fi
-set -e
-
-for ARG in "$@"
-do
- IMAGE=${ARG%/}
- echo "Building $IMAGE..."
- ./build.sh $IMAGE
- echo "Pushing $IMAGE..."
- ./push.sh $IMAGE
-done
-
+++ /dev/null
-#!/bin/bash
-# define common variables for image build scripts
-
-KNOT_BRANCH="${KNOT_BRANCH:-3.1}"
-
-REGISTRY="registry.nic.cz/knot/knot-resolver/ci"
-IMAGE=$1
-if [ -z "${IMAGE}" ]; then
- echo "image name not provided"
- exit 1
-fi
-TAG="knot-${KNOT_BRANCH}"
-FULL_NAME="${REGISTRY}/${IMAGE}:${TAG}"
)
config_tests += [
- ['hints', files('tests/hints.test.lua'), ['skip_asan']],
+ ['hints', files('tests/hints.test.lua')],
]
config_tests += [
['http', files('http.test.lua')],
['http.doh', files('http_doh.test.lua')],
- ['http.tls', files('test_tls/tls.test.lua')],
+ ['http.tls', files('test_tls/tls.test.lua'), ['skip_asan']],
]
# install static files
# SPDX-License-Identifier: GPL-3.0-or-later
config_tests += [
- ['basic', files('basic.test.lua'), ['skip_asan']],
- ['cache', files('cache.test.lua'), ['skip_asan']],
+ ['basic', files('basic.test.lua')],
+ ['cache', files('cache.test.lua')],
['net', files('net.test.lua'), ['config_net']],
['doh2', files('doh2.test.lua')],
['lru', files('lru.test.lua')],
projects / thirdparty / knot-resolver.git / commitdiff
