search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
updated PO files
[tails.git] / .gitlab-ci.yml
blobdaaa5d7ad872b6c0e47776f43e5c604c7e7732cc
1 workflow:
2   rules:
3     - if: $CI_FORCE_RUN
4     - if: $CI_MERGE_REQUEST_IID
5     - if: $CI_COMMIT_TAG
6     - if: '$CI_COMMIT_BRANCH =~ /^master|stable|testing|devel$/'
7
8 image: debian:bullseye
9
10 variables:
11     GET_SOURCES_ATTEMPTS: 10
12
13 before_script:
14   - export DEBIAN_FRONTEND=noninteractive
15   - apt-get update -qq
16
17 .prepare-lint-po: &prepare-lint-po
18   - apt-get -qy install git i18nspector
19   - git clone https://gitlab.tails.boum.org/tails/jenkins-tools.git /tmp/jenkins-tools
20
21 build-website:
22   rules:
23     - if: '$CI_COMMIT_BRANCH == "master"'
24     - if: '$CI_MERGE_REQUEST_TARGET_BRANCH_NAME == "master"'
25     - changes:
26         - .gitlab-ci.yml
27   script:
28     - apt-get -qy install ikiwiki po4a libyaml-perl libyaml-libyaml-perl libyaml-syck-perl perlmagick
29     - ./build-website
30
31 lint-po:
32   image: debian:testing
33   rules:
34     - if: '$CI_COMMIT_BRANCH =~ /^master|stable|testing|devel$/'
35     - changes:
36         - .gitlab-ci.yml
37         - ./**.po
38   script:
39     - *prepare-lint-po
40     - /tmp/jenkins-tools/slaves/lint_po
41
42 bandit:
43   script:
44   - apt-get -qy install python3-bandit file
45   - bandit --version
46   - './bin/bandit-tree --configfile .bandit.yml
47                        -ll
48                        --format xml
49                        --output bandit.xml
50                        .'
51   artifacts:
52     when: always
53     reports:
54       junit: bandit.xml
55
56 check-black:
57   image: debian:bookworm
58   script:
59   - apt-get -qy install black
60   - black --version
61   - black --check .
62
63 ruff-changed-files:
64   only:
65     - merge_requests
66
67   image: debian:sid
68
69   script:
70     - apt-get -qy install ruff findutils git
71     - ruff --version
72     - ./bin/test-utils/ruff HEAD "origin/${CI_MERGE_REQUEST_TARGET_BRANCH_NAME:?}" --output-format=junit --output-file=ruff.xml
73   artifacts:
74     when: always
75     reports:
76       junit: ruff.xml
77
78 check-website-core-pages:
79   script:
80     - apt-get -qy install git
81     - ./bin/check-core-pages
82
83 check-po-msgfmt:
84   rules:
85     - if: '$CI_COMMIT_BRANCH =~ /^master|stable|testing|devel$/'
86     - changes:
87         - .gitlab-ci.yml
88         - ./**.po
89   script:
90     - apt-get -qy install python3 gettext
91     - ./bin/check-po-msgfmt
92
93 check-po-meta-date:
94   rules:
95     - if: '$CI_COMMIT_BRANCH =~ /^master|stable|testing|devel$/'
96     - changes:
97         - .gitlab-ci.yml
98         - ./**.po
99   script:
100     - apt-get -qy install git ruby
101     - ./bin/sanity-check-website
102
103 check-translatable-live-website-urls:
104   script:
105     - apt-get -qy install python3-polib
106     - ./bin/check-translatable-live-website-urls po/tails.pot
107
108 check-locale-descriptions:
109   script:
110     - apt-get -qy install python3 python3-requests python3-toml python3-bs4
111     - echo 'If this fails, look at https://tails.net/contribute/release_process/update_locale_descriptions/'
112     - ./bin/locale-descriptions suggest
113
114 rubocop:
115   image: debian:bookworm
116   script:
117   - apt-get -qy install rubocop
118   - rubocop --version
119   - rubocop --format junit --out rubocop.xml --format markdown
120   artifacts:
121     when: always
122     reports:
123       junit: rubocop.xml
124
125 test-iuk:
126   rules:
127     - if: '$CI_COMMIT_BRANCH != "master"'
128   script:
129   - './bin/test-utils/test-iuk'
130
131 test-perl5lib:
132   rules:
133     - if: '$CI_COMMIT_BRANCH != "master"'
134   script:
135   - 'cat config/chroot_local-packageslists/tails-perl5lib.list
136        | grep -E -v "^#"
137        | xargs apt-get -qy install'
138   - 'apt-get -qy install
139        apt-file
140        libdist-zilla-plugin-test-notabs-perl
141        libdist-zilla-plugin-test-perl-critic-perl
142        libdist-zilla-app-command-authordebs-perl
143        libmodule-build-perl
144        sudo'
145   - apt-get update -qq # Take into account APT configuration added by apt-file
146   # Otherwise, apt-get called by "dzil authordebs --install" asks confirmation
147   - echo 'APT::Get::Assume-Yes "true";' > /etc/apt/apt.conf.d/yes
148   - cd $CI_PROJECT_DIR/config/chroot_local-includes/usr/src/perl5lib
149   - dzil authordebs --install
150   - dzil test --all
151
152 shellcheck:
153   image: debian:testing
154   script:
155   - apt-get -qy install python3 shellcheck xmlstarlet file
156   - shellcheck --version
157   - './bin/shellcheck-tree --format=checkstyle
158        | xmlstarlet tr config/ci/shellcheck/checkstyle2junit.xslt
159        > shellcheck.xml'
160   artifacts:
161     when: always
162     reports:
163       junit: shellcheck.xml
164
165 test-persistent-storage-config-file:
166   script:
167     - apt-get -qy install python3 python3-gi acl
168     - config/chroot_local-includes/usr/lib/python3/dist-packages/tps/configuration/config_file_test.py
169
170 test-python-doctest:
171   script:
172     - apt-get -qy install python3 python3-sh python3-toml python3-requests python3-bs4
173     - config/chroot_local-includes/usr/local/lib/tails-gdm-error-message doctest --verbose
174     - env PYTHONPATH=config/chroot_local-includes/usr/lib/python3/dist-packages python3 config/chroot_local-includes/usr/local/bin/tails-documentation --doctest
175     - ./bin/locale-descriptions doctest
176
177 test-tca:
178   rules:
179     - if: '$CI_COMMIT_BRANCH != "master"'
180   script:
181     - 'cat config/chroot_local-packageslists/tor-connection-assistant.list
182        | grep -E -v "^#"
183        | xargs apt-get -qy install'
184     - 'cd config/chroot_local-includes/usr/lib/python3/dist-packages ; find tca -name "*.py" -print0 | xargs -0 -L1 env PYTHONPATH=. python3 -m doctest'
185
186 test-tca-portal:
187   rules:
188     - if: '$CI_COMMIT_BRANCH != "master"'
189   script:
190     - 'cat config/chroot_local-packageslists/tor-connection-assistant.list
191        | grep -E -v "^#"
192        | xargs apt-get -qy install'
193     - 'PYTHONPATH=config/chroot_local-includes/usr/lib/python3/dist-packages env python3 ./config/chroot_local-includes/usr/local/lib/tca-portal --doctest-only --log-level DEBUG'
194
195
196 test-tailslib:
197   rules:
198     - if: '$CI_COMMIT_BRANCH != "master"'
199   script:
200     - apt-get -qy install python3 python3-atomicwrites python3-sh python3-gi git
201     - 'cd config/chroot_local-includes/usr/lib/python3/dist-packages ; find tailslib -name "*.py" -print0 | grep --null-data -v -e netnsdrop.py -e gnome.py | xargs -0 -L1 env PYTHONPATH=. python3 -m doctest'
202
203 test-whisperback:
204   rules:
205     - if: '$CI_COMMIT_BRANCH != "master"'
206   script:
207     - 'cat config/chroot_local-packageslists/whisperback.list | grep -E -v "^#"
208          | xargs apt-get -qy install'
209     - apt-get -qy install python3-pytest
210     - 'PYTHONPATH=config/chroot_local-includes/usr/lib/python3/dist-packages
211          pytest-3 --verbose --junit-xml=report.xml
212          config/chroot_local-includes/usr/lib/python3/dist-packages/whisperBack/test.py'
213   artifacts:
214     when: always
215     reports:
216       junit: report.xml
217
218 apt-snapshots-expiry:
219   script:
220     - apt-get -qy install curl git
221     - ./bin/apt-snapshots-expiry
222   rules:
223     - if: '$CI_COMMIT_BRANCH =~ /^stable|testing|devel$/'
224     - changes:
225         - .gitlab-ci.yml
226         - config/APT_snapshots.d/*/serial
227         - vagrant/definitions/tails-builder/config/APT_snapshots.d/*/serial
228
229 .install-https-get-expired-build-deps: &install-https-get-expired-build-deps
230   - apt-get -qy install --no-install-recommends golang-go ca-certificates
231
232 .build-https-get-expired: &build-https-get-expired
233   - go build -o ./https-get-expired config/chroot_local-includes/usr/src/https-get-expired.go
234
235 .test-https-get-expired: &test-https-get-expired
236   - echo "Basic check:"
237   - ./https-get-expired -reject-expired https://tails.net/
238   - echo "Let's pretend we are in the past. Then, this certificate is still good."
239   - ./https-get-expired -current-time 2000-01-01 -reject-expired https://tails.net/
240   - echo "Let's pretend we are in the future. Then, this certificate is expired"
241   - "! ./https-get-expired -current-time 2090-01-01 -reject-expired https://tails.net/"
242   - "! ./https-get-expired -reject-expired https://wrong.host.badssl.com/"
243   - "! ./https-get-expired -reject-expired https://self-signed.badssl.com/"
244   - "! ./https-get-expired -reject-expired https://untrusted-root.badssl.com/"
245   - "! ./https-get-expired -reject-expired https://expired.badssl.com/"
246   - echo "Invalid host"
247   - "! ./https-get-expired -reject-expired https://nxdomain.tails.net/"
248   - "./bin/test-utils/https-get-expired-test-all"
249
250 https-get-expired:
251   rules:
252     - if: '$CI_COMMIT_BRANCH =~ /^stable|testing|devel$/'
253     - changes:
254         - .gitlab-ci.yml
255         - config/chroot_local-includes/usr/src/https-get-expired.go
256         - config/chroot_local-includes/etc/default/htpdate.pools
257   script:
258     - *install-https-get-expired-build-deps
259     - *build-https-get-expired
260     - *test-https-get-expired
261
262 https-get-expired-sid:
263   # this job gives us results using a future version of Golang compared to the one we actually use
264   image: debian:sid
265   rules:
266     - if: '$CI_COMMIT_BRANCH == "devel"'
267     - changes:
268         - .gitlab-ci.yml
269         - config/chroot_local-includes/usr/src/https-get-expired.go
270         - config/chroot_local-includes/etc/default/htpdate.pools
271   script:
272     - *install-https-get-expired-build-deps
273     - *build-https-get-expired
274     - *test-https-get-expired
Tor-ified, amnesic Live system