4 - if: $CI_MERGE_REQUEST_IID
6 - if: '$CI_COMMIT_BRANCH =~ /^master|stable|testing|devel$/'
11 GET_SOURCES_ATTEMPTS: 10
14 - export DEBIAN_FRONTEND=noninteractive
17 .prepare-lint-po: &prepare-lint-po
18 - apt-get -qy install git i18nspector
19 - git clone https://gitlab.tails.boum.org/tails/jenkins-tools.git /tmp/jenkins-tools
23 - if: '$CI_COMMIT_BRANCH == "master"'
24 - if: '$CI_MERGE_REQUEST_TARGET_BRANCH_NAME == "master"'
28 - apt-get -qy install ikiwiki po4a libyaml-perl libyaml-libyaml-perl libyaml-syck-perl perlmagick
34 - if: '$CI_COMMIT_BRANCH =~ /^master|stable|testing|devel$/'
40 - /tmp/jenkins-tools/slaves/lint_po
44 - apt-get -qy install python3-bandit file
46 - './bin/bandit-tree --configfile .bandit.yml
57 image: debian:bookworm
59 - apt-get -qy install black
70 - apt-get -qy install ruff findutils git
72 - ./bin/test-utils/ruff HEAD "origin/${CI_MERGE_REQUEST_TARGET_BRANCH_NAME:?}" --output-format=junit --output-file=ruff.xml
78 check-website-core-pages:
80 - apt-get -qy install git
81 - ./bin/check-core-pages
85 - if: '$CI_COMMIT_BRANCH =~ /^master|stable|testing|devel$/'
90 - apt-get -qy install python3 gettext
91 - ./bin/check-po-msgfmt
95 - if: '$CI_COMMIT_BRANCH =~ /^master|stable|testing|devel$/'
100 - apt-get -qy install git ruby
101 - ./bin/sanity-check-website
103 check-translatable-live-website-urls:
105 - apt-get -qy install python3-polib
106 - ./bin/check-translatable-live-website-urls po/tails.pot
108 check-locale-descriptions:
110 - apt-get -qy install python3 python3-requests python3-toml python3-bs4
111 - echo 'If this fails, look at https://tails.net/contribute/release_process/update_locale_descriptions/'
112 - ./bin/locale-descriptions suggest
115 image: debian:bookworm
117 - apt-get -qy install rubocop
119 - rubocop --format junit --out rubocop.xml --format markdown
127 - if: '$CI_COMMIT_BRANCH != "master"'
129 - './bin/test-utils/test-iuk'
133 - if: '$CI_COMMIT_BRANCH != "master"'
135 - 'cat config/chroot_local-packageslists/tails-perl5lib.list
137 | xargs apt-get -qy install'
138 - 'apt-get -qy install
140 libdist-zilla-plugin-test-notabs-perl
141 libdist-zilla-plugin-test-perl-critic-perl
142 libdist-zilla-app-command-authordebs-perl
145 - apt-get update -qq # Take into account APT configuration added by apt-file
146 # Otherwise, apt-get called by "dzil authordebs --install" asks confirmation
147 - echo 'APT::Get::Assume-Yes "true";' > /etc/apt/apt.conf.d/yes
148 - cd $CI_PROJECT_DIR/config/chroot_local-includes/usr/src/perl5lib
149 - dzil authordebs --install
153 image: debian:testing
155 - apt-get -qy install python3 shellcheck xmlstarlet file
156 - shellcheck --version
157 - './bin/shellcheck-tree --format=checkstyle
158 | xmlstarlet tr config/ci/shellcheck/checkstyle2junit.xslt
163 junit: shellcheck.xml
165 test-persistent-storage-config-file:
167 - apt-get -qy install python3 python3-gi acl
168 - config/chroot_local-includes/usr/lib/python3/dist-packages/tps/configuration/config_file_test.py
172 - apt-get -qy install python3 python3-sh python3-toml python3-requests python3-bs4
173 - config/chroot_local-includes/usr/local/lib/tails-gdm-error-message doctest --verbose
174 - env PYTHONPATH=config/chroot_local-includes/usr/lib/python3/dist-packages python3 config/chroot_local-includes/usr/local/bin/tails-documentation --doctest
175 - ./bin/locale-descriptions doctest
179 - if: '$CI_COMMIT_BRANCH != "master"'
181 - 'cat config/chroot_local-packageslists/tor-connection-assistant.list
183 | xargs apt-get -qy install'
184 - 'cd config/chroot_local-includes/usr/lib/python3/dist-packages ; find tca -name "*.py" -print0 | xargs -0 -L1 env PYTHONPATH=. python3 -m doctest'
188 - if: '$CI_COMMIT_BRANCH != "master"'
190 - 'cat config/chroot_local-packageslists/tor-connection-assistant.list
192 | xargs apt-get -qy install'
193 - 'PYTHONPATH=config/chroot_local-includes/usr/lib/python3/dist-packages env python3 ./config/chroot_local-includes/usr/local/lib/tca-portal --doctest-only --log-level DEBUG'
198 - if: '$CI_COMMIT_BRANCH != "master"'
200 - apt-get -qy install python3 python3-atomicwrites python3-sh python3-gi git
201 - 'cd config/chroot_local-includes/usr/lib/python3/dist-packages ; find tailslib -name "*.py" -print0 | grep --null-data -v -e netnsdrop.py -e gnome.py | xargs -0 -L1 env PYTHONPATH=. python3 -m doctest'
205 - if: '$CI_COMMIT_BRANCH != "master"'
207 - 'cat config/chroot_local-packageslists/whisperback.list | grep -E -v "^#"
208 | xargs apt-get -qy install'
209 - apt-get -qy install python3-pytest
210 - 'PYTHONPATH=config/chroot_local-includes/usr/lib/python3/dist-packages
211 pytest-3 --verbose --junit-xml=report.xml
212 config/chroot_local-includes/usr/lib/python3/dist-packages/whisperBack/test.py'
218 apt-snapshots-expiry:
220 - apt-get -qy install curl git
221 - ./bin/apt-snapshots-expiry
223 - if: '$CI_COMMIT_BRANCH =~ /^stable|testing|devel$/'
226 - config/APT_snapshots.d/*/serial
227 - vagrant/definitions/tails-builder/config/APT_snapshots.d/*/serial
229 .install-https-get-expired-build-deps: &install-https-get-expired-build-deps
230 - apt-get -qy install --no-install-recommends golang-go ca-certificates
232 .build-https-get-expired: &build-https-get-expired
233 - go build -o ./https-get-expired config/chroot_local-includes/usr/src/https-get-expired.go
235 .test-https-get-expired: &test-https-get-expired
236 - echo "Basic check:"
237 - ./https-get-expired -reject-expired https://tails.net/
238 - echo "Let's pretend we are in the past. Then, this certificate is still good."
239 - ./https-get-expired -current-time 2000-01-01 -reject-expired https://tails.net/
240 - echo "Let's pretend we are in the future. Then, this certificate is expired"
241 - "! ./https-get-expired -current-time 2090-01-01 -reject-expired https://tails.net/"
242 - "! ./https-get-expired -reject-expired https://wrong.host.badssl.com/"
243 - "! ./https-get-expired -reject-expired https://self-signed.badssl.com/"
244 - "! ./https-get-expired -reject-expired https://untrusted-root.badssl.com/"
245 - "! ./https-get-expired -reject-expired https://expired.badssl.com/"
246 - echo "Invalid host"
247 - "! ./https-get-expired -reject-expired https://nxdomain.tails.net/"
248 - "./bin/test-utils/https-get-expired-test-all"
252 - if: '$CI_COMMIT_BRANCH =~ /^stable|testing|devel$/'
255 - config/chroot_local-includes/usr/src/https-get-expired.go
256 - config/chroot_local-includes/etc/default/htpdate.pools
258 - *install-https-get-expired-build-deps
259 - *build-https-get-expired
260 - *test-https-get-expired
262 https-get-expired-sid:
263 # this job gives us results using a future version of Golang compared to the one we actually use
266 - if: '$CI_COMMIT_BRANCH == "devel"'
269 - config/chroot_local-includes/usr/src/https-get-expired.go
270 - config/chroot_local-includes/etc/default/htpdate.pools
272 - *install-https-get-expired-build-deps
273 - *build-https-get-expired
274 - *test-https-get-expired