1 # In the interest of reliability and performance, please avoid installing
2 # external dependencies here, e.g. via tools/*-setup.sh, apt, dnf, or yum.
3 # Do so in the appropriate Dockerfile at
4 # https://gitlab.com/wireshark/wireshark-containers/ instead.
5 # The resulting images can be found at
6 # https://gitlab.com/wireshark/wireshark-containers/container_registry
17 # Ensure that checkouts are a) fast and b) have a reachable tag. In a
18 # brighter, more glorious future we might be able to use --shallow-since:
19 # https://gitlab.com/gitlab-org/gitlab-runner/-/issues/3460
20 # In the mean time, fetching the last 5000 commits does the job.
21 # Ensure that all variables are string
23 GIT_FETCH_EXTRA_FLAGS: "--depth=5000"
24 CCACHE_DIR: "${CI_PROJECT_DIR}/ccache"
25 # Enable color output in various tools.
26 # CMake, Ninja, and others: https://bixense.com/clicolors/
32 # Skip irrelevant SAST scanners:
33 SAST_EXCLUDED_ANALYZERS: "brakeman,eslint,security-code-scan,semgrep,spotbugs"
35 # Scheduled builds additionally set SCHEDULE_TYPE, which can be one of:
36 # - 2x-daily: Twice daily at 07:00 and 19:00 UTC
37 # - daily: Daily at 10:00 UTC
38 # - weekly: Sunday at 14:00 UTC
39 # - coverity-visual-c++: Monday, Wednesday, & Friday at 12:00 UTC
40 # - coverity-gcc: Sunday, Tuesday, Thursday & Saturday at 12:00 UTC
43 # These must currently be including using "!reference tags". "extends:" and
44 # YAML anchors won't work:
45 # https://gitlab.com/gitlab-org/gitlab/-/issues/322992
47 # Commits that have been approved and merged. Run automatically in the main
48 # repo and allow manual runs in the web UI and in forks.
49 # Release builds: CI_PIPELINE_SOURCE=api
51 # Regular commits: CI_PIPELINE_SOURCE=push, CI_COMMIT_BRANCH=master
52 - if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH == "master" && $CI_PROJECT_URL =~ /.*gitlab.com\/wireshark\/wireshark/'
53 # "Run pipeline" button commits, cherry picks
54 - if: '$CI_PIPELINE_SOURCE == "web" && $CI_COMMIT_BRANCH == "master" && $CI_PROJECT_URL =~ /.*gitlab.com\/wireshark\/wireshark/'
55 # Tagged release builds: CI_PIPELINE_SOURCE=api (should be "web"?)
56 - if: '$CI_PIPELINE_SOURCE == "api"'
57 - if: '$CI_PIPELINE_SOURCE == "push" && $CI_PROJECT_URL !~ /.*gitlab.com\/wireshark\/wireshark/'
59 # Merged commits for runners which are only available in
60 # wireshark/wireshark, e.g. wireshark-windows-*. Run automatically in
61 # the main repo and allow manual runs in the web UI.
63 - if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH == "master" && $CI_PROJECT_URL =~ /.*gitlab.com\/wireshark\/wireshark/'
64 - if: '$CI_PIPELINE_SOURCE == "web" && $CI_COMMIT_BRANCH == "master" && $CI_PROJECT_URL =~ /.*gitlab.com\/wireshark\/wireshark/'
65 - if: '$CI_PIPELINE_SOURCE == "api"'
66 # Incoming merge requests.
68 - if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
69 # Incoming non-detached merge requests. Must be used for runners which are only
70 # available in wireshark/wireshark, e.g. wireshark-windows-*
71 .if-w-w-only-merge-request:
72 - if: '$CI_PIPELINE_SOURCE == "merge_request_event" && $CI_PROJECT_URL =~ /.*gitlab.com\/wireshark\/wireshark/'
73 # Scheduled jobs. Care should be taken when changing this since the scheduler
74 # often doesn't report errors.
76 - if: '$CI_PIPELINE_SOURCE == "schedule" && $SCHEDULE_TYPE == "weekly"'
78 - if: '$CI_PIPELINE_SOURCE == "schedule" && $SCHEDULE_TYPE == "daily"'
79 .if-2x-daily-schedule:
80 - if: '$CI_PIPELINE_SOURCE == "schedule" && $SCHEDULE_TYPE == "2x-daily"'
81 # Fuzz jobs. Care should be taken when changing this since the scheduler
82 # often doesn't report errors.
84 - if: '$CI_PIPELINE_SOURCE == "schedule" && $SCHEDULE_TYPE == "fuzz"'
89 - saas-linux-small-amd64
91 - printf "\e[0Ksection_start:%s:ci_env_section[collapsed=true]\r\e[0KCI environment variables" "$(date +%s)"
92 - env | grep ^CI | sort
93 - printf "\e[0Ksection_end:%s:ci_env_section\r\e[0K" "$(date +%s)"
95 - for builddir in build/packaging/rpm/BUILD/wireshark-*/build build/packaging/rpm/BUILD/wireshark-* build obj-*; do [ ! -d "$builddir/run" ] || break; done
96 - if [[ "$CI_JOB_NAME" == "build:rpm-opensuse-"* ]]; then export LD_LIBRARY_PATH=$builddir/run; fi
97 - if [ -f $builddir/run/tshark ]; then $builddir/run/tshark --version; fi
103 - saas-linux-small-amd64
108 extends: .build-linux
109 image: registry.gitlab.com/wireshark/wireshark-containers/ubuntu-dev
111 # https://gould.cx/ted/blog/2017/06/10/ccache-for-Gitlab-CI/
113 # XXX Use ${CI_JOB_NAME}-${CI_MERGE_REQUEST_TARGET_BRANCH_NAME} instead?
114 key: ${CI_JOB_NAME}-master
118 - printf "\e[0Ksection_start:%s:ci_env_section[collapsed=true]\r\e[0KCI environment variables" "$(date +%s)"
119 - env | grep ^CI | sort
120 - printf "\e[0Ksection_end:%s:ci_env_section\r\e[0K" "$(date +%s)"
122 - export LANG=en_US.UTF-8
123 - export PYTEST_ADDOPTS=--skip-missing-programs=dumpcap,rawshark
125 - ccache --show-stats
126 - export DEB_BUILD_OPTIONS="nocheck parallel=$(( $(getconf _NPROCESSORS_ONLN) + 2 ))"
128 - export MAKEFLAGS=--silent
129 - NUM_COMMITS=$(curl --silent $CI_API_V4_URL/projects/$CI_MERGE_REQUEST_PROJECT_ID/merge_requests/$CI_MERGE_REQUEST_IID/commits | jq length)
130 - echo "$NUM_COMMITS commit(s) in this MR"
134 # setcap restricts our library paths
135 - printf "\e[0Ksection_start:%s:cmake_section[collapsed=true]\r\e[0KRunning CMake" "$( date +%s)"
136 - CFLAGS=-Wl,-rpath=$(pwd)/run CXXFLAGS=-Wl,-rpath=$(pwd)/run cmake -GNinja -DENABLE_CCACHE=ON $CMAKE_ARGS ..
137 - printf "\e[0Ksection_end:%s:cmake_section\r\e[0K" "$( date +%s)"
141 # The cache should be large enough to be useful but it shouldn't take
142 # too long to restore+save each run.
143 - cd "$CI_PROJECT_DIR"
144 - ccache --max-size $( du --total --summarize --block-size=1M *build*/ | awk 'END {printf ("%dM", $1 * 1.5)}' )
147 extends: .build-linux
148 rules: !reference [.if-2x-daily-schedule]
150 # Hack to let ninja make full use of the system on Fedora and Rocky.
151 - export RPM_BUILD_NCPUS=$(( $( getconf _NPROCESSORS_ONLN ) + 2 ))
152 - git config --global user.email "you@example.com"
153 - git config --global user.name "Your Name"
156 - ../tools/make-version.py --set-release ..
157 - mv -v ../wireshark-*.tar.* .
160 - build/packaging/rpm/RPMS
167 rules: !reference [.if-2x-daily-schedule]
173 - if (-Not (Test-Path C:\Development)) { New-Item -Path C:\Development -ItemType "directory" }
174 - $env:WIRESHARK_BASE_DIR = "C:\Development"
175 - $env:Configuration = "RelWithDebInfo"
176 - $env:Path += ";C:\Program Files\CMake\bin"
177 - $env:CMAKE_PREFIX_PATH = "C:\qt\6.5.3\msvc2019_64"
178 # https://help.appveyor.com/discussions/questions/18777-how-to-use-vcvars64bat-from-powershell
179 - cmd.exe /c "call `"C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Auxiliary\Build\vcvars64.bat`" && set > %temp%\vcvars.txt"
180 - Get-Content "$env:temp\vcvars.txt" | Foreach-Object { if ($_ -match "^(.*?)=(.*)$") { Set-Content "env:\$($matches[1])" $matches[2] } }
181 # Testing / debugging only.
182 # - cmd.exe /c "set CI_PIPELINE_SOURCE"
183 # - cmd.exe /c "set CI_PROJECT_URL"
186 #- $env:path.split(";")
193 # macOS runners are still beta:
194 # https://about.gitlab.com/blog/2021/08/23/build-cloud-for-macos-beta/
195 # https://docs.gitlab.com/ee/ci/runners/saas/macos/environment.html#vm-images
196 # https://gitlab.com/gitlab-org/ci-cd/shared-runners/images/macstadium/orka/-/blob/main/toolchain/monterey.yml
199 tags: [ saas-macos-medium-m1 ] # https://docs.gitlab.com/ee/ci/runners/saas/macos/environment.html
201 # https://gould.cx/ted/blog/2017/06/10/ccache-for-Gitlab-CI/
203 key: ${CI_JOB_NAME}-master
207 HOMEBREW_NO_AUTO_UPDATE: "1"
208 HOMEBREW_DISPLAY_INSTALL_TIMES: "1"
209 HOMEBREW_NO_INSTALL_CLEANUP: "1"
210 HOMEBREW_NO_INSTALL_UPGRADE: "1"
211 HOMEBREW_NO_INSTALLED_DEPENDENTS_CHECK: "1"
212 HOMEBREW_NO_UPDATE_REPORT_NEW: "1"
214 - printf "\e[0Ksection_start:%s:ci_env_section[collapsed=true]\r\e[0KCI environment variables" "$(date +%s)"
215 - env | grep ^CI | sort
216 - printf "\e[0Ksection_end:%s:ci_env_section\r\e[0K" "$(date +%s)"
217 - export PATH=$PATH:$HOME/.python-env/bin
219 - printf "\e[0Ksection_start:%s:brew_section[collapsed=true]\r\e[0KInstalling prerequisites" "$( date +%s)"
220 - ./tools/macos-setup-brew.sh --install-optional --install-test-deps
221 - printf "\e[0Ksection_end:%s:brew_section\r\e[0K" "$( date +%s)"
222 # Homebrew implemented PEP 668, so install Python packages using venv for now.
223 - python3 -m venv $HOME/.python-env
224 - $HOME/.python-env/bin/pip3 install pytest pytest-xdist
225 - export PYTEST_ADDOPTS=--skip-missing-programs=dumpcap,rawshark
227 - ccache --show-stats
231 - printf "\e[0Ksection_start:%s:cmake_section[collapsed=true]\r\e[0KRunning CMake" "$( date +%s)"
232 - cmake -G Ninja -DENABLE_CCACHE=ON -DTEST_EXTRA_ARGS=--disable-capture ..
233 - printf "\e[0Ksection_end:%s:cmake_section\r\e[0K" "$( date +%s)"
235 - ninja test-programs
238 # The cache should be large enough to be useful but it shouldn't take
239 # too long to restore+save each run.
240 - ccache --max-size $( gdu --summarize --block-size=1M "$CI_PROJECT_DIR/build" | awk '{printf ("%dM", $1 * 1.5)}' )
245 image: registry.gitlab.com/wireshark/wireshark-containers/mingw-dev
247 - saas-linux-small-amd64
249 # XXX Use ${CI_JOB_NAME}-${CI_MERGE_REQUEST_TARGET_BRANCH_NAME} instead?
250 key: ${CI_JOB_NAME}-master
254 - printf "\e[0Ksection_start:%s:ci_env_section[collapsed=true]\r\e[0KCI environment variables" "$(date +%s)"
255 - env | grep ^CI | sort
256 - printf "\e[0Ksection_end:%s:ci_env_section\r\e[0K" "$(date +%s)"
258 - ccache --show-stats
262 - mingw64-cmake -G Ninja -DENABLE_CCACHE=Yes -DFETCH_lua=Yes ..
265 # The cache should be large enough to be useful but it shouldn't take
266 # too long to restore+save each run.
267 - ccache --max-size $( du --summarize --block-size=1M "$CI_PROJECT_DIR/build" | awk '{printf ("%dM", $1 * 1.5)}' )
271 extends: .build-ubuntu
274 - !reference [.if-w-w-only-merged]
275 - !reference [.if-2x-daily-schedule]
277 - ../tools/make-version.py --set-release --version-file=wireshark_version.txt ..
278 - ../tools/update-appdata.py
279 - printf "\e[0Ksection_start:%s:cmake_section[collapsed=true]\r\e[0KRunning CMake" "$( date +%s)"
280 - cmake -G Ninja $CMAKE_ARGS ..
281 - printf "\e[0Ksection_end:%s:cmake_section\r\e[0K" "$( date +%s)"
283 - build/packaging/source/git-export-release.sh -d .
285 - ninja release_notes
286 - WIRESHARK_VERSION=$(< wireshark_version.txt)
287 - cp -v doc/release-notes.html ../release-notes-${WIRESHARK_VERSION}.html
288 - cp -v doc/release-notes.txt ../release-notes-${WIRESHARK_VERSION}.txt
290 # - ccache --max-size $( du --summarize --block-size=1M "$CI_PROJECT_DIR/build" | awk '{printf ("%dM", $1 * 1.5)}' )
291 - if [ "$CI_JOB_STATUS" != "success" ]; then exit 0 ; fi
292 - if [ -n "$SCHEDULE_TYPE" ] ; then exit 0 ; fi
293 - stat --format="%n %s bytes" wireshark-*.tar.*
294 - for digest in sha512 sha256 sha1 ; do openssl $digest wireshark-*.tar.* ; done
295 # This will break if we produce multiple tarballs, which is arguably a good thing.
296 - if [ -n "$S3_DESTINATION_DIST" ] ; then aws s3 cp wireshark-*.tar.* "$S3_DESTINATION_DIST/" ; fi
298 if [ -n "$S3_DESTINATION_RELEASE" ] ; then
299 aws s3 cp release-notes-*.txt "$S3_DESTINATION_RELEASE/"
300 aws s3 cp release-notes-*.html "$S3_DESTINATION_RELEASE/"
305 - release-notes-*.html
306 - release-notes-*.txt
308 # Job to generate packages for Debian stable
309 Debian Stable APT Package:
310 extends: .build-linux
311 rules: !reference [.if-2x-daily-schedule]
312 image: registry.gitlab.com/wireshark/wireshark-containers/debian-stable-dev
314 - ln --symbolic --no-dereference --force packaging/debian
315 - tools/make-version.py --set-release .
316 # Shared GitLab runners limit the log size to 4M, so reduce verbosity. See
317 # https://gitlab.com/gitlab-com/support-forum/issues/2790
318 - export DEB_BUILD_OPTIONS="nocheck parallel=$(( $(getconf _NPROCESSORS_ONLN) + 2 ))"
320 - export MAKEFLAGS=--silent
321 - CC=/usr/lib/ccache/gcc CXX=/usr/lib/ccache/g++ dpkg-buildpackage -b --no-sign -jauto -zfast
322 # Please don't add a Lintian step unless you can guarantee that someone
323 # will fix any breakages that invariably pop up.
324 - mkdir debian-packages
325 - mv -v ../*.deb debian-packages/
328 - debian-packages/*.deb
331 Debian Stable APT Test:
333 rules: !reference [.if-2x-daily-schedule]
334 image: registry.gitlab.com/wireshark/wireshark-containers/debian-stable-dev
337 - DEBIAN_FRONTEND=noninteractive apt-get install ./debian-packages/*.deb -y
341 needs: [ 'Debian Stable APT Package' ]
345 image: registry.gitlab.com/wireshark/wireshark-containers/fedora-dev
347 # Shared GitLab runners limit the log size to 4M, so reduce verbosity. See
348 # https://gitlab.com/gitlab-com/support-forum/issues/2790
349 - export FORCE_CMAKE_NINJA_NON_VERBOSE=1
350 - printf "\e[0Ksection_start:%s:cmake_section[collapsed=true]\r\e[0KRunning CMake" "$( date +%s)"
352 - printf "\e[0Ksection_end:%s:cmake_section\r\e[0K" "$( date +%s)"
353 - ninja wireshark_rpm
359 # - dnf install -y build/packaging/rpm/RPMS/x86_64/*.rpm
361 # needs: [ 'Fedora RPM Package' ]
363 openSUSE 15.5 RPM Package:
365 image: registry.gitlab.com/wireshark/wireshark-containers/opensuse-15.5-dev
367 - printf "\e[0Ksection_start:%s:cmake_section[collapsed=true]\r\e[0KRunning CMake" "$( date +%s)"
368 - cmake -G Ninja -DUSE_qt6=OFF ..
369 - printf "\e[0Ksection_end:%s:cmake_section\r\e[0K" "$( date +%s)"
370 - ninja wireshark_rpm
372 openSUSE 15.5 RPM Test:
374 image: registry.gitlab.com/wireshark/wireshark-containers/opensuse-15.5-dev
376 - zypper --no-gpg-checks --no-remote install -y build/packaging/rpm/RPMS/x86_64/*.rpm
378 needs: [ 'openSUSE 15.5 RPM Package' ]
380 Rocky Linux 9 RPM Package:
382 image: registry.gitlab.com/wireshark/wireshark-containers/rockylinux-9-dev
384 - printf "\e[0Ksection_start:%s:cmake_section[collapsed=true]\r\e[0KRunning CMake" "$( date +%s)"
385 - cmake -G Ninja -DUSE_qt6=OFF ..
386 - printf "\e[0Ksection_end:%s:cmake_section\r\e[0K" "$( date +%s)"
387 - ninja wireshark_rpm
389 Rocky Linux 9 RPM Test:
391 image: registry.gitlab.com/wireshark/wireshark-containers/rockylinux-9-dev
393 - dnf --nogpgcheck localinstall -y build/packaging/rpm/RPMS/x86_64/*.rpm
395 needs: [ 'Rocky Linux 9 RPM Package' ]
398 extends: .build-ubuntu
399 rules: !reference [.if-2x-daily-schedule]
401 # build-ubuntu puts us in `build`.
403 - ln --symbolic --no-dereference --force packaging/debian
404 - CC=/usr/lib/ccache/gcc CXX=/usr/lib/ccache/g++ MAKE=ninja dpkg-buildpackage -us -uc -rfakeroot -jauto -zfast
405 # Please don't add a Lintian step unless you can guarantee that someone
406 # will fix any breakages that invariably pop up.
407 - mkdir ubuntu-packages
408 - mv ../*.deb ubuntu-packages/
410 # dpkg-buildpackage builds in obj-<triplet>, so we need to override
411 # .build-ubuntu. We also build more stuff, so decrease our multiplier.
412 - ccache --max-size $( du --summarize --block-size=1M --total "$CI_PROJECT_DIR"/obj-* | awk '/total$/ {printf ("%dM", $1 * 1.25)}' )
415 - ubuntu-packages/*.deb
420 rules: !reference [.if-2x-daily-schedule]
421 image: registry.gitlab.com/wireshark/wireshark-containers/ubuntu-dev
424 - DEBIAN_FRONTEND=noninteractive apt-get install ./ubuntu-packages/*.deb -y
428 needs: [ 'Ubuntu APT Package' ]
431 extends: .build-windows
432 rules: !reference [.if-w-w-only-merged]
434 - wireshark-windows-x64-package
436 - $env:WIRESHARK_BASE_DIR = "C:\Development"
437 - $env:Configuration = "RelWithDebInfo"
438 - $env:CMAKE_PREFIX_PATH = "C:\Qt\6.5.3\msvc2019_64"
439 # https://help.appveyor.com/discussions/questions/18777-how-to-use-vcvars64bat-from-powershell
440 - cmd.exe /c "call `"C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Auxiliary\Build\vcvars64.bat`" && set > %temp%\vcvars.txt"
441 - Get-Content "$env:temp\vcvars.txt" | Foreach-Object { if ($_ -match "^(.*?)=(.*)$") { Set-Content "env:\$($matches[1])" $matches[2] } }
445 - C:\Windows\py.exe ..\tools\make-version.py --set-release --version-file=wireshark_version.txt ..
446 - cmake -G "Visual Studio 17 2022" -A x64 -DENABLE_LTO=off -DENABLE_SIGNED_NSIS=on ..
447 - msbuild /verbosity:minimal "/consoleloggerparameters:PerformanceSummary;NoSummary" /maxcpucount Wireshark.sln
448 - msbuild /verbosity:minimal /maxcpucount test-programs.vcxproj
449 - msbuild /verbosity:minimal /maxcpucount wireshark_nsis_prep.vcxproj
450 - msbuild /verbosity:minimal /maxcpucount wireshark_wix_prep.vcxproj
451 - C:\gitlab-builds\bin\sign-files.ps1 -Recurse -Path run\RelWithDebInfo
452 - msbuild /verbosity:minimal wireshark_nsis.vcxproj
453 # No need for explicit signing of NSIS installer here. The signing is done by makensis.
454 - msbuild /verbosity:minimal wireshark_wix.vcxproj
455 - C:\gitlab-builds\bin\sign-files.ps1 -Path packaging\wix\Wireshark-*.msi
456 - msbuild /verbosity:minimal wireshark_portableapps.vcxproj
457 - C:\gitlab-builds\bin\sign-files.ps1 -Path packaging\portableapps\WiresharkPortable*.exe
458 - $plugins = Get-ChildItem run\RelWithDebInfo\plugins\*\*.dll ; signtool verify /q /pa /all run\RelWithDebInfo\*.exe run\RelWithDebInfo\extcap\wireshark\*.exe $plugins run\RelWithDebInfo\libwireshark.dll run\RelWithDebInfo\libwiretap.dll run\RelWithDebInfo\libwsutil.dll packaging\nsis\Wireshark-*-x64.exe packaging\wix\Wireshark-*-x64.msi packaging\portableapps\WiresharkPortable??_*.paf.exe
459 - msbuild /verbosity:minimal pdb_zip_package.vcxproj
460 - C:\gitlab-builds\bin\mse-scan.ps1
461 - run\RelWithDebInfo\tshark --version
462 - $packages = Get-ChildItem "packaging\nsis\Wireshark-*-x64.exe", "packaging\wix\Wireshark-*-x64.msi", "packaging\portableapps\WiresharkPortable??_*.paf.exe", "Wireshark-pdb-*x64.zip"
463 - foreach ($package in $packages) { Write-Host $package.name $(Get-Filehash -Algorithm SHA256 $package).Hash $package.length "bytes" }
464 - if (Test-Path env:MC_DESTINATION_WINDOWS_X64) { C:\gitlab-builds\bin\mc --quiet cp $packages "$env:MC_DESTINATION_WINDOWS_X64/" }
465 - $nsisSha256 = (Get-FileHash -Algorithm SHA256 .\packaging\nsis\Wireshark-*-x64.exe).Hash
466 - $wiresharkVersion = Get-Content .\wireshark_version.txt
467 - Set-Content -Path release-info-$($wiresharkVersion)-windows-x64.ini -Value ("[DEFAULT]`nnsis_sha256 = $nsisSha256")
468 - if (Test-Path env:MC_DESTINATION_RELEASE) { C:\gitlab-builds\bin\mc --quiet cp release-info-$($wiresharkVersion)-windows-x64.ini "$env:MC_DESTINATION_RELEASE/" }
469 - C:\Windows\py.exe -m pytest
472 - build/release-info-*.ini
474 Windows Arm64 Package:
475 extends: .build-windows
476 rules: !reference [.if-w-w-only-merged]
478 - wireshark-windows-arm64-package
480 - $env:WIRESHARK_BASE_DIR = "C:\Development"
481 - $env:Configuration = "RelWithDebInfo"
482 - $env:CMAKE_PREFIX_PATH = "C:\Qt\6.5.3\msvc2019_arm64"
483 # https://help.appveyor.com/discussions/questions/18777-how-to-use-vcvars64bat-from-powershell
484 - cmd.exe /c "call `"C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Auxiliary\Build\vcvarsarm64.bat`" && set > %temp%\vcvars.txt"
485 - Get-Content "$env:temp\vcvars.txt" | Foreach-Object { if ($_ -match "^(.*?)=(.*)$") { Set-Content "env:\$($matches[1])" $matches[2] } }
489 - C:\Windows\py.exe ..\tools\make-version.py --set-release --version-file=wireshark_version.txt ..
490 - cmake -G "Visual Studio 17 2022" -A arm64 -DENABLE_LTO=off -DENABLE_SIGNED_NSIS=on ..
491 - msbuild /verbosity:minimal "/consoleloggerparameters:PerformanceSummary;NoSummary" /maxcpucount Wireshark.sln
492 - msbuild /verbosity:minimal /maxcpucount test-programs.vcxproj
493 - msbuild /verbosity:minimal /maxcpucount wireshark_nsis_prep.vcxproj
494 - C:\gitlab-builds\bin\sign-files.ps1 -Recurse -Path run\RelWithDebInfo
495 - msbuild /verbosity:minimal wireshark_nsis.vcxproj
496 - $plugins = Get-ChildItem run\RelWithDebInfo\plugins\*\*.dll ; signtool verify /q /pa /all run\RelWithDebInfo\*.exe run\RelWithDebInfo\extcap\wireshark\*.exe $plugins run\RelWithDebInfo\libwireshark.dll run\RelWithDebInfo\libwiretap.dll run\RelWithDebInfo\libwsutil.dll packaging\nsis\Wireshark-*-arm64.exe
497 - msbuild /verbosity:minimal pdb_zip_package.vcxproj
498 - C:\gitlab-builds\bin\mse-scan.ps1
499 - run\RelWithDebInfo\tshark --version
500 - $packages = Get-ChildItem "packaging\nsis\Wireshark-*-arm64.exe", "Wireshark-pdb-*arm64.zip"
501 - foreach ($package in $packages) { Write-Host $package.name $(Get-Filehash -Algorithm SHA256 $package).Hash $package.length "bytes" }
502 - if (Test-Path env:MC_DESTINATION_WINDOWS_ARM64) { C:\gitlab-builds\bin\mc --quiet cp $packages "$env:MC_DESTINATION_WINDOWS_ARM64/" }
503 - $nsisSha256 = (Get-FileHash -Algorithm SHA256 .\packaging\nsis\Wireshark-*-arm64.exe).Hash
504 - $wiresharkVersion = Get-Content .\wireshark_version.txt
505 - Set-Content -Path release-info-$($wiresharkVersion)-windows-arm64.ini -Value ("[DEFAULT]`nnsis_sha256 = $nsisSha256")
506 - if (Test-Path env:MC_DESTINATION_RELEASE) { C:\gitlab-builds\bin\mc --quiet cp release-info-$($wiresharkVersion)-windows-arm64.ini "$env:MC_DESTINATION_RELEASE/" }
507 - C:\Windows\py.exe -m pytest
510 - build/release-info-*.ini
512 Windows MinGW-w64 Package:
513 extends: .build-mingw
514 rules: !reference [.if-w-w-only-merged]
516 - mingw64-cmake -G Ninja -DENABLE_CCACHE=Yes -DFETCH_lua=Yes ..
518 - ninja user_guide_html
519 - ninja wireshark_nsis_prep
520 - ninja wireshark_nsis
523 - build/packaging/nsis/wireshark-*.exe
528 rules: !reference [.if-w-w-only-merged]
530 CODE_SIGN_IDENTITY: "Wireshark Foundation"
532 - wireshark-macos-arm-package
535 - export CMAKE_PREFIX_PATH=/usr/local/Qt-6.5.3
536 - export PATH="$PATH:$HOME/bin"
539 - ../tools/make-version.py --set-release --version-file=wireshark_version.txt ..
540 - printf "\e[0Ksection_start:%s:cmake_section[collapsed=true]\r\e[0KRunning CMake" "$( date +%s)"
541 - cmake -DENABLE_CCACHE=ON -DCMAKE_APPLE_SILICON_PROCESSOR=arm64 -DCMAKE_OSX_DEPLOYMENT_TARGET=11.0 -DCMAKE_OSX_ARCHITECTURES=arm64 -DTEST_EXTRA_ARGS=--enable-release -G Ninja ..
542 - printf "\e[0Ksection_end:%s:cmake_section\r\e[0K" "$( date +%s)"
545 - security find-identity -v -s "$CODE_SIGN_IDENTITY"
546 - ninja wireshark_dmg
548 - xcrun notarytool submit Wireshark?[1-9]*.dmg --apple-id "$MACOS_NOTARIZATION_APPLE_ID" --team-id "$MACOS_NOTARIZATION_TEAM_ID" --password "$MACOS_NOTARIZATION_PWD" --wait --timeout 10m
549 - xcrun stapler staple Wireshark?[1-9]*.dmg
550 - spctl --assess --type open --context context:primary-signature --verbose=2 Wireshark?[1-9]*.dmg
551 - stat -f "%N %z bytes" Wireshark*.dmg
552 - for digest in sha512 sha256 sha1 ; do openssl $digest Wireshark*.dmg ; done
554 if [ -n "$S3_DESTINATION_MACOS_ARM64" ] ; then
555 aws s3 cp Wireshark?[1-9]*Arm*.dmg "$S3_DESTINATION_MACOS_ARM64/"
556 aws s3 cp Wireshark?dSYM*Arm*.dmg "$S3_DESTINATION_MACOS_ARM64/"
558 - SPARKLE_SIGNATURE=$( age --decrypt --identity="$MACOS_AGE_IDENTITY" "$MACOS_SPARKLE_BLOB" | /usr/local/Sparkle-2.2.2/bin/sign_update --ed-key-file - Wireshark?[1-9]*.dmg )
559 - $CI_PROJECT_DIR/build/run/tshark --version
560 - DMG_SHA256=$( shasum --algorithm 256 Wireshark?[1-9]*.dmg | awk '{print $1}' )
561 - WIRESHARK_VERSION=$(< ../wireshark_version.txt)
562 - printf '[DEFAULT]\nsparkle_signature = %s\ndmg_sha256 = %s\n' "$SPARKLE_SIGNATURE" "$DMG_SHA256" > release-info-${WIRESHARK_VERSION}-macos-arm64.ini
563 - if [[ -n "$S3_DESTINATION_RELEASE" ]] ; then aws s3 cp release-info-${WIRESHARK_VERSION}-macos-arm64.ini "$S3_DESTINATION_RELEASE/" ; fi
565 - ninja test-programs
569 - build/run/release-info-*.ini
574 rules: !reference [.if-w-w-only-merged]
576 CODE_SIGN_IDENTITY: "Wireshark Foundation"
578 - wireshark-macos-intel-package
581 - export CMAKE_PREFIX_PATH=/usr/local/Qt-6.5.3
582 - export PATH="$PATH:$HOME/bin"
585 - ../tools/make-version.py --set-release --version-file=wireshark_version.txt ..
586 - printf "\e[0Ksection_start:%s:cmake_section[collapsed=true]\r\e[0KRunning CMake" "$( date +%s)"
587 - cmake -DENABLE_CCACHE=ON -DCMAKE_OSX_DEPLOYMENT_TARGET=11.0 -DTEST_EXTRA_ARGS=--enable-release -G Ninja ..
588 - printf "\e[0Ksection_end:%s:cmake_section\r\e[0K" "$( date +%s)"
591 - security find-identity -v -s "$CODE_SIGN_IDENTITY"
592 - ninja wireshark_dmg
594 - xcrun notarytool submit Wireshark?[1-9]*.dmg --apple-id "$MACOS_NOTARIZATION_APPLE_ID" --team-id "$MACOS_NOTARIZATION_TEAM_ID" --password "$MACOS_NOTARIZATION_PWD" --wait --timeout 10m
595 - xcrun stapler staple Wireshark?[1-9]*.dmg
596 - spctl --assess --type open --context context:primary-signature --verbose=2 Wireshark?[1-9]*.dmg
597 - stat -f "%N %z bytes" Wireshark*.dmg
598 - for digest in sha512 sha256 sha1 ; do openssl $digest Wireshark*.dmg ; done
600 if [ -n "$S3_DESTINATION_MACOS_INTEL64" ] ; then
601 aws s3 cp Wireshark?[1-9]*Intel*.dmg "$S3_DESTINATION_MACOS_INTEL64/"
602 aws s3 cp Wireshark?dSYM*Intel*.dmg "$S3_DESTINATION_MACOS_INTEL64/"
604 - SPARKLE_SIGNATURE=$( age --decrypt --identity="$MACOS_AGE_IDENTITY" "$MACOS_SPARKLE_BLOB" | /usr/local/Sparkle-2.2.2/bin/sign_update --ed-key-file - Wireshark?[1-9]*.dmg )
605 - $CI_PROJECT_DIR/build/run/tshark --version
606 - DMG_SHA256=$( shasum --algorithm 256 Wireshark?[1-9]*.dmg | awk '{print $1}' )
607 - WIRESHARK_VERSION=$(< ../wireshark_version.txt)
608 - printf '[DEFAULT]\nsparkle_signature = %s\ndmg_sha256 = %s\n' "$SPARKLE_SIGNATURE" "$DMG_SHA256" > release-info-${WIRESHARK_VERSION}-macos-intel64.ini
609 - if [[ -n "$S3_DESTINATION_RELEASE" ]] ; then aws s3 cp release-info-${WIRESHARK_VERSION}-macos-intel64.ini "$S3_DESTINATION_RELEASE/" ; fi
611 - ninja test-programs
615 - build/run/release-info-*.ini
618 # Build the User's Guide and Developer's Guide
620 extends: .build-linux
621 image: registry.gitlab.com/wireshark/wireshark-containers/ubuntu-dev
623 - if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH == "master" && $CI_PROJECT_URL =~ /.*gitlab.com\/wireshark\/wireshark/'
627 - if: '$CI_PIPELINE_SOURCE == "push"'
631 # XXX We might want to move this to wireshark-ubuntu-dev or debian-setup.sh.
632 - DEBIAN_FRONTEND=noninteractive apt-get update
633 - DEBIAN_FRONTEND=noninteractive apt-get --yes install ruby-asciidoctor-pdf ruby-coderay ruby-dev
634 - NOKOGIRI_USE_SYSTEM_LIBRARIES=1 gem install asciidoctor-epub3
637 - printf "\e[0Ksection_start:%s:cmake_section[collapsed=true]\r\e[0KRunning CMake" "$( date +%s)"
639 - printf "\e[0Ksection_end:%s:cmake_section\r\e[0K" "$( date +%s)"
642 - for HTML_DIR in ws[ud]g_html{,_chunked} ; do zip -9 -r "$HTML_DIR.zip" "$HTML_DIR" ; done
644 if [ -n "$S3_DESTINATION_DOCS" ] ; then
645 for DOC_FILE in ws[ud]g_html{,_chunked}.zip Wireshark*Guide.{epub,pdf} ; do
646 aws s3 cp "$DOC_FILE" "$S3_DESTINATION_DOCS/"
649 - mv -v ws[ud]g_html{,_chunked}.zip Wireshark*Guide.{epub,pdf} ../..
651 - if [ "$CI_JOB_STATUS" != "success" ]; then exit 0 ; fi
655 - wsug_html_chunked.zip
657 - wsdg_html_chunked.zip
658 - "Wireshark User's Guide.pdf"
659 - "Wireshark Developer's Guide.pdf"
660 - "Wireshark User's Guide.epub"
661 - "Wireshark Developer's Guide.epub"
665 # https://docs.gitlab.com/ee/user/gitlab_com/index.html#linux-shared-runners
668 extends: .build-ubuntu
669 rules: !reference [.if-merge-request]
671 GITLAB_REPO: "$CI_MERGE_REQUEST_PROJECT_URL"
673 # glab depends on a valid GITALB_TOKEN variable. It will fail when run under outside projects.
674 - if ! command -V glab 2> /dev/null ; then (cd /tmp ; curl -JLO https://gitlab.com/gitlab-org/cli/-/releases/v1.34.0/downloads/glab_1.34.0_Linux_x86_64.deb ; dpkg --install /tmp/glab_1.34.0_Linux_x86_64.deb ) ; fi
677 if [[ $NUM_COMMITS > 1 ]] ; then
678 MESSAGE="ℹ️ This merge request has more than one commit. Please squash any trivial ones:
680 $(git log --oneline --no-decorate "${CI_COMMIT_SHA}~$NUM_COMMITS..${CI_COMMIT_SHA}")
683 glab mr note $CI_MERGE_REQUEST_IID --unique --message "$MESSAGE" || echo "$MESSAGE"
685 # build-ubuntu puts us in `build`.
689 - ANALYSIS_MESSAGE=$( ./tools/pre-commit "${CI_COMMIT_SHA}~$NUM_COMMITS" ) || PC_EXIT_CODE=1
691 if [ -n "$ANALYSIS_MESSAGE" ] ; then
692 MESSAGE="Pre-commit check results:
697 glab mr note $CI_MERGE_REQUEST_IID --unique --message "$MESSAGE" || echo "$MESSAGE"
700 - ANALYSIS_MESSAGE=$( tools/validate-commit.py ) || VC_EXIT_CODE=1
702 if [[ $VC_EXIT_CODE != 0 ]] ; then
703 MESSAGE="Commit validation failure:
708 glab mr note $CI_MERGE_REQUEST_IID --unique --message "$MESSAGE" || echo "$MESSAGE"
711 - ANALYSIS_MESSAGE=$( python3 tools/checklicenses.py ) || LC_EXIT_CODE=1
713 if [[ $LC_EXIT_CODE != 0 ]] ; then
714 MESSAGE="License check failure:
719 glab mr note $CI_MERGE_REQUEST_IID --unique --message "$MESSAGE" || echo "$MESSAGE"
722 - ANALYSIS_MESSAGE=$( python3 tools/check_help_urls.py ) || HC_EXIT_CODE=1
724 if [[ $HC_EXIT_CODE != 0 ]] ; then
725 MESSAGE="Help URL check failure:
730 glab mr note $CI_MERGE_REQUEST_IID --unique --message "$MESSAGE" || echo "$MESSAGE"
732 - exit $(( PC_EXIT_CODE || VC_EXIT_CODE || LC_EXIT_CODE || HC_EXIT_CODE ))
735 extends: .build-ubuntu
736 rules: !reference [.if-merge-request]
740 needs: [ 'Commit Check' ]
742 # build-ubuntu puts us in `build`.
744 - mv build "🦈 build 🦈"
746 - printf "\e[0Ksection_start:%s:cmake_section[collapsed=true]\r\e[0KRunning CMake" "$( date +%s)"
747 # Test release build.
748 - cmake -G Ninja -DCMAKE_BUILD_TYPE=Debug -DENABLE_CCACHE=ON -DENABLE_WERROR=ON -DCMAKE_EXPORT_COMPILE_COMMANDS=on ..
749 - printf "\e[0Ksection_end:%s:cmake_section\r\e[0K" "$( date +%s)"
750 - script --command ninja --flush --quiet --return ../gcc_report.txt
751 - ansi2html < ../gcc_report.txt > ../gcc_report.html
752 - ninja test-programs
754 - if [ -f run/dumpcap ]; then setcap cap_net_raw,cap_net_admin+eip run/dumpcap; fi
755 - if [ -f run/dumpcap ]; then su user -c "run/dumpcap -D" ; fi
756 - su user -c pytest-3
757 # Test CMake install code and CPack config code. Select any one of the archive generators.
758 - ninja user_guide_html
759 - ninja developer_guide_html
761 - ls wireshark-*.tar.zst{,.sha256}
767 extends: .build-mingw
768 rules: !reference [.if-merge-request]
769 needs: [ 'Commit Check' ]
772 extends: .build-ubuntu
774 - saas-linux-medium-amd64
775 rules: !reference [.if-merge-request]
776 needs: [ 'Commit Check' ]
778 - source /clang-latest.env
779 # build-ubuntu puts us in `build`.
782 - ./tools/cppcheck/cppcheck.sh -l $NUM_COMMITS | tee cppcheck/cppcheck_report.txt
783 - if [[ -s "cppcheck/cppcheck_report.txt" ]]; then ./tools/cppcheck/cppcheck.sh -l $NUM_COMMITS -x > cppcheck/cppcheck_report.xml ; fi
784 - if [[ -s "cppcheck/cppcheck_report.txt" ]]; then cppcheck-htmlreport --file cppcheck/cppcheck_report.xml --report-dir cppcheck ; fi
786 - printf "\e[0Ksection_start:%s:cmake_section[collapsed=true]\r\e[0KRunning CMake" "$( date +%s)"
787 # We don't have an "All options" job, so build fuzzshark and tfshark here.
788 - cmake -DENABLE_CHECKHF_CONFLICT=on -DCMAKE_EXPORT_COMPILE_COMMANDS=on -DCMAKE_C_CLANG_TIDY=clang-tidy-$CLANG_VERSION -DCMAKE_CXX_CLANG_TIDY=clang-tidy-$CLANG_VERSION -DBUILD_fuzzshark=ON -DBUILD_tfshark=On -DBUILD_logray=ON -DENABLE_DEBUG=ON -DENABLE_CCACHE=ON -DENABLE_WERROR=ON -G Ninja ..
789 - printf "\e[0Ksection_end:%s:cmake_section\r\e[0K" "$( date +%s)"
790 - printf "\e[0Ksection_start:%s:asn1_section[collapsed=true]\r\e[0KRegenerating ASN.1 dissectors" "$( date +%s)"
792 - git diff --exit-code ${CI_COMMIT_SHA} ..
793 - printf "\e[0Ksection_end:%s:asn1_section\r\e[0K" "$( date +%s)"
794 - printf "\e[0Ksection_start:%s:pidl_section[collapsed=true]\r\e[0KRegenerating PIDL dissectors" "$( date +%s)"
795 - ninja pidl-dissectors
796 - git diff --exit-code ${CI_COMMIT_SHA} ..
797 - printf "\e[0Ksection_end:%s:pidl_section\r\e[0K" "$( date +%s)"
799 - script --command ninja --flush --quiet --return ../tmp_clang_report.txt
800 - ansi2txt < ../tmp_clang_report.txt > ../clang_report.txt
801 - ansi2html < ../tmp_clang_report.txt > ../html/clang_report.html
802 - ./run/tshark -v 2> >(tee ../checkhf_conflict.txt)
803 - ../tools/validate-clang-check.sh -c $CLANG_VERSION 2> >(tee ../tmp_clang_analyzer_check.txt)
804 - ansi2txt < ../tmp_clang_analyzer_check.txt > ../clang_analyzer_check.txt
805 - ansi2html < ../tmp_clang_analyzer_check.txt > ../html/clang_analyzer_check.html
809 - ./tools/check_typed_item_calls.py --consecutive --label --mask --check-bitmask-fields --commits $NUM_COMMITS | tee item_calls_check.txt
810 - ./tools/check_tfs.py --check-value-strings --commits $NUM_COMMITS | tee tfs_check.txt
811 - ./tools/check_val_to_str.py --commits $NUM_COMMITS | tee val_to_str_check.txt
815 - clang_analyzer_check.txt
817 - item_calls_check.txt
819 - val_to_str_check.txt
820 - checkhf_conflict.txt
824 extends: .build-ubuntu
825 rules: !reference [.if-merge-request]
826 needs: [ 'Commit Check' ]
828 cmake -GNinja -DENABLE_CCACHE=ON \
829 -DENABLE_BROTLI=OFF -DENABLE_CAP=OFF -DENABLE_CHECKHF_CONFLICT=ON -DENABLE_GNUTLS=OFF \
830 -DENABLE_KERBEROS=OFF -DENABLE_LIBXML2=OFF -DENABLE_ILBC=OFF -DENABLE_LUA=OFF -DENABLE_LZ4=OFF \
831 -DENABLE_MINIZIP=OFF -DENABLE_NETLINK=OFF -DENABLE_NGHTTP2=OFF -DENABLE_NGHTTP3=OFF \
832 -DENABLE_BCG729=OFF -DENABLE_OPUS=OFF -DENABLE_PCAP=OFF -DENABLE_PLUGIN_IFDEMO=ON \
833 -DENABLE_PLUGINS=OFF -DENABLE_SBC=OFF -DENABLE_SMI=OFF -DENABLE_SNAPPY=OFF -DENABLE_SPANDSP=OFF \
834 -DENABLE_ZLIB=OFF -DENABLE_ZSTD=OFF -DBUILD_mmdbresolve=OFF ..
837 # Windows runners are still beta, at least technically:
838 # https://docs.gitlab.com/ee/user/gitlab_com/index.html#windows-shared-runners-beta
840 extends: .build-windows
841 rules: !reference [.if-w-w-only-merge-request]
843 - wireshark-windows-merge-req
844 needs: [ 'Commit Check' ]
846 - cmake -G "Visual Studio 17 2022" -A x64 -DENABLE_LTO=off ..
847 - msbuild /verbosity:minimal /maxcpucount /property:Configuration=Debug Wireshark.sln
848 - msbuild /verbosity:minimal /maxcpucount /property:Configuration=Debug test-programs.vcxproj
849 - C:\Windows\py.exe -m pytest --disable-gui --build-type=Debug
853 extends: .build-windows
855 - if: '$CI_PIPELINE_SOURCE == "merge_request_event" && $CI_PROJECT_URL =~ /.*gitlab.com\/wireshark\/wireshark/'
858 - if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
862 - wireshark-windows-merge-req
863 needs: [ 'Commit Check' ]
865 - $env:CMAKE_PREFIX_PATH = "C:\qt\5.15.2\msvc2019_64"
866 - cmake -G "Visual Studio 17 2022" -A x64 -DUSE_qt6=OFF -DENABLE_LTO=off ..
867 - msbuild /verbosity:minimal /maxcpucount ui\qt\qtui.vcxproj
870 extends: .build-macos
871 rules: !reference [.if-w-w-only-merge-request]
873 - printf "\e[0Ksection_start:%s:cmake_section[collapsed=true]\r\e[0KRunning CMake" "$( date +%s)"
874 - cmake -G Ninja -DCMAKE_BUILD_TYPE=Debug -DENABLE_CCACHE=ON -DTEST_EXTRA_ARGS=--disable-capture ..
875 - printf "\e[0Ksection_end:%s:cmake_section\r\e[0K" "$( date +%s)"
877 - ninja test-programs
879 needs: [ 'Commit Check' ]
881 # Adapted from https://www.synopsys.com/blogs/software-security/integrating-coverity-scan-with-gitlab-ci/
882 # and https://gitlab.gnome.org/GNOME/glib/-/blob/8f57a5b9/.gitlab-ci.yml#L481
884 image: registry.gitlab.com/wireshark/wireshark-containers/ubuntu-dev
886 - if: '$CI_PIPELINE_SOURCE == "schedule" && $SCHEDULE_TYPE == "coverity-gcc"'
892 # cov-build doesn’t handle GLIB_DEPRECATED_ENUMERATOR
893 CFLAGS: '-DGLIB_DISABLE_DEPRECATION_WARNINGS'
894 CXXFLAGS: '-DGLIB_DISABLE_DEPRECATION_WARNINGS'
896 - curl --output /tmp/cov-analysis-linux64.tar.gz --form project=$COVERITY_SCAN_PROJECT_NAME --form token=$COVERITY_SCAN_TOKEN https://scan.coverity.com/download/linux64
897 - tar --directory=/tmp --extract --gzip --file /tmp/cov-analysis-linux64.tar.gz
901 - /tmp/cov-analysis-linux64-*/bin/cov-build --return-emit-failures --dir ../cov-int ninja
903 - tar --create --gzip --file cov-int.tar.gz cov-int
904 - echo "export ARTIFACT_JOB_URL=$CI_JOB_URL" > job_environment_variables.sh
905 - echo "export GIT_DESCRIPTION=$( git describe --tags )" >> job_environment_variables.sh
909 - job_environment_variables.sh
912 image: curlimages/curl
914 - if: '$CI_PIPELINE_SOURCE == "schedule" && $SCHEDULE_TYPE == "coverity-gcc"'
917 - . job_environment_variables.sh
918 - echo $ARTIFACT_JOB_URL
919 - echo $GIT_DESCRIPTION
920 - curl --fail --data "project=$COVERITY_SCAN_PROJECT_NAME&token=$COVERITY_SCAN_TOKEN&email=$GITLAB_USER_EMAIL&url=$ARTIFACT_JOB_URL/artifacts/raw/cov-int.tar.gz&version=$GIT_DESCRIPTION&description=Ubuntu $GIT_DESCRIPTION $CI_COMMIT_REF_NAME:$CI_PIPELINE_ID" https://scan.coverity.com/builds
921 needs: [ 'Coverity GCC Scan' ]
923 Coverity Visual C++ Scan:
924 extends: .build-windows
926 - if: '$CI_PIPELINE_SOURCE == "schedule" && $SCHEDULE_TYPE == "coverity-visual-c++"'
928 - wireshark-windows-merge-req
932 - $gitDescription = (( git describe --tags ) | Out-String).Trim()
933 - C:\Windows\System32\curl --output $env:temp\cov-analysis-win64.zip --form project=$COVERITY_SCAN_PROJECT_NAME --form token=$COVERITY_SCAN_TOKEN https://scan.coverity.com/download/win64
934 - C:\ProgramData\chocolatey\tools\7z x "$env:temp\cov-analysis-win64.zip" -y -r -o"$env:temp"
935 - cmake -DTEST_EXTRA_ARGS=--enable-release -DENABLE_LTO=off -G "Visual Studio 17 2022" -A x64 ..
936 - $covAnalysisWin64 = (Get-ChildItem -Path $env:temp -Filter "cov-analysis-win64-*" -Directory)[0].FullName
937 - Invoke-Expression "& $covAnalysisWin64\bin\cov-build.exe --return-emit-failures --dir ..\cov-int msbuild /verbosity:minimal `"/consoleloggerparameters:PerformanceSummary;NoSummary`" /maxcpucount:1 Wireshark.sln"
939 - C:\ProgramData\chocolatey\tools\7z a -tzip cov-int.zip cov-int
940 - '"export ARTIFACT_JOB_URL=$env:CI_JOB_URL" | Out-File -Encoding ascii job_environment_variables.sh'
941 - '"export GIT_DESCRIPTION=$gitDescription" | Out-File -Encoding ascii -Append job_environment_variables.sh'
945 - job_environment_variables.sh
947 Coverity Visual C++ Submit:
948 image: curlimages/curl
950 - if: '$CI_PIPELINE_SOURCE == "schedule" && $SCHEDULE_TYPE == "coverity-visual-c++"'
953 - sed -i -e 's/\r//' job_environment_variables.sh
954 - . job_environment_variables.sh
955 - echo $ARTIFACT_JOB_URL
956 - echo $GIT_DESCRIPTION
957 - curl --fail --data "project=$COVERITY_SCAN_PROJECT_NAME&token=$COVERITY_SCAN_TOKEN&email=$GITLAB_USER_EMAIL&url=$ARTIFACT_JOB_URL/artifacts/raw/cov-int.zip&version=$GIT_DESCRIPTION&description=Windows $GIT_DESCRIPTION $CI_COMMIT_REF_NAME:$CI_PIPELINE_ID" https://scan.coverity.com/builds
958 needs: [ 'Coverity Visual C++ Scan' ]
960 Clang Static Analyzer:
961 extends: .build-ubuntu
962 rules: !reference [.if-daily-schedule]
966 - source /clang-latest.env
967 - scan-build-${CLANG_VERSION} cmake -DCMAKE_BUILD_TYPE=Debug -DENABLE_WERROR=OFF -G Ninja ..
968 - scan-build-${CLANG_VERSION} -o ../sbout ninja
970 - RAW_DIR=$( find ../sbout -type d -name "20??-??-??-*" -printf "%P\n" | head )
971 - SB_DIR="scan-build-$RAW_DIR"
972 - mv "$RAW_DIR" "$SB_DIR"
973 - if [ -d logs ] ; then mv logs $SB_DIR ; fi
974 - chmod -R u=rwX,go=rX "$SB_DIR"
975 - zip -9 -r "${SB_DIR}.zip" "$SB_DIR"
976 - if [ -n "$S3_DESTINATION_ANALYSIS" ] ; then aws s3 cp "${SB_DIR}.zip" "$S3_DESTINATION_ANALYSIS/" ; fi
978 # Windows runners are still beta, at least technically:
979 # https://docs.gitlab.com/ee/user/gitlab_com/index.html#windows-shared-runners-beta
980 Visual Studio Code Analysis:
981 extends: .build-windows
983 - wireshark-windows-dev
985 # The wireshark-windows-* tags are only available in wireshark/wireshark.
986 - if: '$CI_PIPELINE_SOURCE == "schedule" && $SCHEDULE_TYPE == "daily" && $CI_PROJECT_URL =~ /.*gitlab.com\/wireshark\/wireshark/'
988 - py -m venv sarif-tools.venv
989 - sarif-tools.venv\Scripts\pip.exe install sarif-tools
990 - msiexec.exe /i https://awscli.amazonaws.com/AWSCLIV2.msi
991 - $env:Path += ";C:\Program Files\Amazon\AWSCLIV2"
992 - $env:caexcludepath = "C:\Qt;$env:INCLUDE"
993 - cmake -DENABLE_CODE_ANALYSIS=ON -G "Visual Studio 17 2022" -A x64 -DENABLE_LTO=off ..
994 - msbuild /verbosity:minimal "/consoleloggerparameters:PerformanceSummary;NoSummary" /maxcpucount:2 Wireshark.sln
995 - $report = "visual-c++-analyze-" + (Get-Date -format "yyyy-MM-dd") + ".html"
996 - sarif-tools.venv\Scripts\sarif html --output $report
998 if (Test-Path env:S3_DESTINATION_ANALYSIS) {
999 aws s3 cp "$report" "$env:S3_DESTINATION_ANALYSIS/"
1002 # Build all doxygen docs
1004 extends: .build-ubuntu
1005 rules: !reference [.if-daily-schedule]
1007 - printf "\e[0Ksection_start:%s:cmake_section[collapsed=true]\r\e[0KRunning CMake" "$( date +%s)"
1009 - printf "\e[0Ksection_end:%s:cmake_section\r\e[0K" "$( date +%s)"
1010 - ninja wsar_html_zip 2>&1 > doxygen_output.txt | tee doxygen_errors.txt
1011 - mv wsar_html.zip doxygen_{output,errors}.txt ..
1014 if [ -n "$S3_DESTINATION_DOCS" ] ; then
1015 aws s3 cp wsar_html.zip "$S3_DESTINATION_DOCS/"
1018 - if [ "$CI_JOB_STATUS" != "success" ]; then exit 0 ; fi
1021 - doxygen_errors.txt
1022 - doxygen_output.txt
1026 Code Lines and Data:
1027 extends: .build-ubuntu
1028 rules: !reference [.if-daily-schedule]
1031 CLOC_OUT: /tmp/cloc.txt
1032 SCC_OUT: /tmp/scc.txt
1033 SLOC_OUT: /tmp/sloccount.txt
1034 TOKEI_OUT: /tmp/tokei.txt
1036 - DEBIAN_FRONTEND=noninteractive apt-get update
1037 - DEBIAN_FRONTEND=noninteractive apt-get --yes install sloccount cloc curl unzip
1039 - curl -L -O https://github.com/boyter/scc/releases/download/v3.0.0/scc-3.0.0-x86_64-unknown-linux.zip
1040 - unzip scc-3.0.0-x86_64-unknown-linux.zip
1041 - curl -L -O https://github.com/XAMPPRocky/tokei/releases/download/v12.1.2/tokei-x86_64-unknown-linux-gnu.tar.gz
1042 - tar -xf tokei-x86_64-unknown-linux-gnu.tar.gz
1044 - printf "\e[0Ksection_start:%s:cmake_section[collapsed=true]\r\e[0KRunning CMake" "$( date +%s)"
1046 - printf "\e[0Ksection_end:%s:cmake_section\r\e[0K" "$( date +%s)"
1049 - echo -n "cloc version:\ "
1051 - cloc --quiet . | tee $CLOC_OUT
1052 - /tmp/scc --version
1053 - /tmp/scc --not-match 'qt/.*.ts' . | tee $SCC_OUT
1054 - echo -n "SLOCCount version:\ "
1055 - sloccount --version
1056 - sloccount . | awk "/^Computing results/ { results=1 } { if (results) print }" | tee $SLOC_OUT
1057 - /tmp/tokei --version
1058 - /tmp/tokei --exclude 'qt/*.ts' . | tee $TOKEI_OUT
1061 # This file was generated by TShark $(git describe --tags | sed -e 's/^v//') with the
1062 # command \`tshark -G manuf\`. Its canonical location is
1064 # https://www.wireshark.org/download/automated/data/manuf
1066 # The first column contains the MAC address block (24, 28 or 36 bits wide,
1067 # per IEEE allocation sizes), the second column contains the shortened name
1068 # used by Wireshark for address name resolution and the third column contains the
1069 # full vendor name from the registry.
1072 - build/run/tshark -G manuf | sed -e 's,:00:00:00/24,,' >> manuf
1074 if [ -n "$S3_DESTINATION_ANALYSIS" ] ; then
1075 aws s3 cp "$CLOC_OUT" "$S3_DESTINATION_ANALYSIS/"
1076 aws s3 cp "$SCC_OUT" "$S3_DESTINATION_ANALYSIS/"
1077 aws s3 cp "$SLOC_OUT" "$S3_DESTINATION_ANALYSIS/"
1078 aws s3 cp "$TOKEI_OUT" "$S3_DESTINATION_ANALYSIS/"
1081 if [ -n "$S3_DESTINATION_DATA" ] ; then
1082 for DATA_FILE in manuf ; do
1083 aws s3 cp "$DATA_FILE" "$S3_DESTINATION_DATA/"
1091 # Fuzz TShark using ASAN and valgrind.
1093 extends: .build-ubuntu
1095 rules: !reference [.if-fuzz-schedule]
1097 - wireshark-ubuntu-fuzz
1098 resource_group: fuzz-master
1100 INSTALL_PREFIX: "$CI_PROJECT_DIR/_install"
1104 - source /clang-latest.env
1105 - DEBIAN_FRONTEND=noninteractive apt-get update
1106 # Use DPkg::options::="--force-overwrite" until
1107 # https://bugs.launchpad.net/ubuntu/+source/llvm-toolchain-15/+bug/2008755
1108 # https://github.com/llvm/llvm-project/issues/62104
1110 - DEBIAN_FRONTEND=noninteractive apt-get --yes --option DPkg::options::="--force-overwrite" install llvm-$CLANG_VERSION
1116 # The cache should be large enough to be useful but it shouldn't take
1117 # too long to restore+save each run.
1118 - ccache --max-size $( du --summarize --block-size=1M "$CI_PROJECT_DIR/build" | awk '{printf ("%dM", $1 * 1.5)}' )
1119 - if [ "$CI_JOB_STATUS" == "canceled" ]; then exit 0 ; fi
1120 - . /tmp/fuzz_result.sh
1121 - if $FUZZ_PASSED ; then exit 0 ; fi
1122 - echo Fuzzing failed. Generating report.
1123 - FUZZ_CAPTURE=$( find /tmp/fuzz -name "fuzz-*.pcap" -o -name "randpkt-*.pcap" | head -n 1 )
1124 - FUZZ_ERRORS="/tmp/fuzz/$( basename "$FUZZ_CAPTURE" .pcap ).err"
1125 - printf "\nfuzz-test.sh stderr:\n" >> "$FUZZ_ERRORS"
1126 - cat fuzz-test.err >> "$FUZZ_ERRORS"
1128 if [ -n "$S3_DESTINATION_FUZZ" ] ; then
1129 aws s3 cp "$FUZZ_CAPTURE" "$S3_DESTINATION_FUZZ/"
1130 aws s3 cp "$FUZZ_ERRORS" "$S3_DESTINATION_FUZZ/"
1133 ASan Menagerie Fuzz:
1134 extends: .fuzz-ubuntu
1137 WIRESHARK_LOG_FATAL: "critical"
1139 - MAX_SECONDS=$(( 6 * 60 * 60 ))
1140 - printf "\e[0Ksection_start:%s:cmake_section[collapsed=true]\r\e[0KRunning CMake" "$( date +%s)"
1141 - cmake -G Ninja -DBUILD_wireshark=OFF -DCMAKE_BUILD_TYPE=Debug -DENABLE_ASAN=ON -DCMAKE_INSTALL_PREFIX=$INSTALL_PREFIX -DENABLE_CCACHE=ON -DENABLE_WERROR=Off ..
1142 - printf "\e[0Ksection_end:%s:cmake_section\r\e[0K" "$( date +%s)"
1147 # /var/menagerie contains captures harvested from wireshark.org's mailing list, wiki, issues, etc.
1148 # We have more captures than we can fuzz in $MAX_SECONDS, so we shuffle them each run.
1149 - ./tools/fuzz-test.sh -a -2 -P $MIN_PLUGINS -b $INSTALL_PREFIX/bin -d /tmp/fuzz -t $MAX_SECONDS $( shuf -e /var/menagerie/*/* ) 2> fuzz-test.err || FUZZ_PASSED=false
1150 # Signal after_script, which runs in its own shell.
1151 - echo "export FUZZ_PASSED=$FUZZ_PASSED" > /tmp/fuzz_result.sh
1155 extends: .fuzz-ubuntu
1158 WIRESHARK_LOG_FATAL: "critical"
1160 # XXX Reuse fuzz-asan?
1161 - printf "\e[0Ksection_start:%s:cmake_section[collapsed=true]\r\e[0KRunning CMake" "$( date +%s)"
1162 - cmake -G Ninja -DBUILD_wireshark=OFF -DCMAKE_BUILD_TYPE=Debug -DENABLE_ASAN=ON -DCMAKE_INSTALL_PREFIX=$INSTALL_PREFIX -DENABLE_CCACHE=ON -DENABLE_WERROR=Off ..
1163 - printf "\e[0Ksection_end:%s:cmake_section\r\e[0K" "$( date +%s)"
1168 - ./tools/randpkt-test.sh -a -b $INSTALL_PREFIX/bin -d /tmp/fuzz -p $MAX_PASSES 2> fuzz-test.err || FUZZ_PASSED=false
1169 - echo "export FUZZ_PASSED=$FUZZ_PASSED" > /tmp/fuzz_result.sh
1171 needs: [ 'ASan Menagerie Fuzz' ]
1173 Valgrind Menagerie Fuzz:
1174 extends: .fuzz-ubuntu
1175 stage: fuzz-valgrind
1176 resource_group: fuzz-master-valgrind
1178 # Use DWARF-4 debug info. Valgrind does not support Clang 14 with DWARF-5.
1179 # https://gitlab.com/wireshark/wireshark/-/issues/18191
1180 # https://www.mail-archive.com/valgrind-users@lists.sourceforge.net/msg07239.html
1182 WIRESHARK_LOG_FATAL: "critical"
1184 - DEBIAN_FRONTEND=noninteractive apt-get update
1185 - DEBIAN_FRONTEND=noninteractive apt-get --yes install valgrind
1186 - MAX_SECONDS=$(( 3 * 60 * 60 ))
1187 - printf "\e[0Ksection_start:%s:cmake_section[collapsed=true]\r\e[0KRunning CMake" "$( date +%s)"
1188 - cmake -G Ninja -DBUILD_wireshark=OFF -DCMAKE_BUILD_TYPE=Debug -DENABLE_ASAN=OFF -DCMAKE_INSTALL_PREFIX=$INSTALL_PREFIX -DENABLE_CCACHE=ON -DENABLE_WERROR=Off ..
1189 - printf "\e[0Ksection_end:%s:cmake_section\r\e[0K" "$( date +%s)"
1194 - ./tools/fuzz-test.sh -g -P $MIN_PLUGINS -b $INSTALL_PREFIX/bin -d /tmp/fuzz -t $MAX_SECONDS $( shuf -e /var/menagerie/*/* ) 2> fuzz-test.err || FUZZ_PASSED=false
1195 - echo "export FUZZ_PASSED=$FUZZ_PASSED" > /tmp/fuzz_result.sh
1197 needs: [ 'ASan randpkt Fuzz' ]
1201 - template: Security/SAST.gitlab-ci.yml