CVE-2020-10730: vlv: Use strcmp(), not strncmp() checking the NULL terminated control...
[Samba.git] / .gitlab-ci.yml
blobc657b4a1d8f5b47a3e97eb076df7502bf34c04a0
1 # see https://docs.gitlab.com/ce/ci/yaml/README.html for all available options
3 stages:
4   - images
5   - build
6   - analysis
7   - report
9 variables:
10   GIT_STRATEGY: fetch
11   GIT_DEPTH: "3"
12   # "--enable-coverage" or ""
13   SAMBA_CI_AUTOBUILD_ENABLE_COVERAGE: ""
14   #
15   # we run autobuild.py inside a samba CI docker image located on gitlab's registry
16   # overwrite this variable if you want use your own image registry.
17   #
18   # Or better ask for access to the shared development repository, see
19   # https://wiki.samba.org/index.php/Samba_CI_on_gitlab#Getting_Access
20   #
21   SAMBA_CI_CONTAINER_REGISTRY: registry.gitlab.com/samba-team/devel/samba
22   #
23   # Set this to the contents of bootstrap/sha1sum.txt
24   # which is generated by bootstrap/template.py --render
25   #
26   SAMBA_CI_CONTAINER_TAG: 1275dc52ac8c1de5981f267df88b85b6f87e299a
27   #
28   # We use the ubuntu1804 image as default as
29   # it matches what we have on sn-devel-184.
30   #
31   SAMBA_CI_CONTAINER_IMAGE: ubuntu1804
32   #
33   # The following images are available
34   # Please see the samba-o3 sections at the end of this file!
35   # We should run that for each available image
36   #
37   SAMBA_CI_CONTAINER_IMAGE_ubuntu1604: ${SAMBA_CI_CONTAINER_REGISTRY}/samba-ci-ubuntu1604:${SAMBA_CI_CONTAINER_TAG}
38   SAMBA_CI_CONTAINER_IMAGE_ubuntu1804: ${SAMBA_CI_CONTAINER_REGISTRY}/samba-ci-ubuntu1804:${SAMBA_CI_CONTAINER_TAG}
39   SAMBA_CI_CONTAINER_IMAGE_ubuntu2004: ${SAMBA_CI_CONTAINER_REGISTRY}/samba-ci-ubuntu2004:${SAMBA_CI_CONTAINER_TAG}
40   SAMBA_CI_CONTAINER_IMAGE_debian9: ${SAMBA_CI_CONTAINER_REGISTRY}/samba-ci-debian9:${SAMBA_CI_CONTAINER_TAG}
41   SAMBA_CI_CONTAINER_IMAGE_debian10: ${SAMBA_CI_CONTAINER_REGISTRY}/samba-ci-debian10:${SAMBA_CI_CONTAINER_TAG}
42   SAMBA_CI_CONTAINER_IMAGE_opensuse150: ${SAMBA_CI_CONTAINER_REGISTRY}/samba-ci-opensuse150:${SAMBA_CI_CONTAINER_TAG}
43   SAMBA_CI_CONTAINER_IMAGE_opensuse151: ${SAMBA_CI_CONTAINER_REGISTRY}/samba-ci-opensuse151:${SAMBA_CI_CONTAINER_TAG}
44   SAMBA_CI_CONTAINER_IMAGE_fedora31: ${SAMBA_CI_CONTAINER_REGISTRY}/samba-ci-fedora31:${SAMBA_CI_CONTAINER_TAG}
45   SAMBA_CI_CONTAINER_IMAGE_fedora32: ${SAMBA_CI_CONTAINER_REGISTRY}/samba-ci-fedora32:${SAMBA_CI_CONTAINER_TAG}
46   SAMBA_CI_CONTAINER_IMAGE_centos7: ${SAMBA_CI_CONTAINER_REGISTRY}/samba-ci-centos7:${SAMBA_CI_CONTAINER_TAG}
47   SAMBA_CI_CONTAINER_IMAGE_centos8: ${SAMBA_CI_CONTAINER_REGISTRY}/samba-ci-centos8:${SAMBA_CI_CONTAINER_TAG}
49 include:
50   # The image creation details are specified in a separate file
51   # See bootstrap/README.md for details
52   - 'bootstrap/.gitlab-ci.yml'
54 .shared_template:
55   variables:
56     AUTOBUILD_JOB_NAME: $CI_JOB_NAME
57   image: ${SAMBA_CI_CONTAINER_REGISTRY}/samba-ci-${SAMBA_CI_CONTAINER_IMAGE}:${SAMBA_CI_CONTAINER_TAG}
58   stage: build
59   tags:
60     - docker
61     - shared
62   cache:
63     key: ccache.${CI_JOB_NAME}
64     paths:
65       - ccache
66   before_script:
67     - uname -a
68     - lsb_release -a
69     - cat /etc/os-release
70     - mount
71     - df -h
72     - cat /proc/swaps
73     - free -h
74       # ld will fail if coverage enabled, force link ld to ld.bfd
75     - if [ -n "$SAMBA_CI_AUTOBUILD_ENABLE_COVERAGE" ]; then sudo ln -sf $(which ld.bfd) $(which ld); fi
76       # See bootstrap/.gitlab-ci.yml how to generate a new image
77     - echo "SAMBA_CI_CONTAINER_REGISTRY[${SAMBA_CI_CONTAINER_REGISTRY}]"
78     - echo "SAMBA_CI_CONTAINER_TAG[${SAMBA_CI_CONTAINER_TAG}]"
79     - bootstrap/template.py --sha1sum > /tmp/sha1sum-template.txt
80     - diff -u bootstrap/sha1sum.txt /tmp/sha1sum-template.txt
81     - echo "${SAMBA_CI_CONTAINER_TAG}" > /tmp/sha1sum-tag.txt
82     - diff -u bootstrap/sha1sum.txt /tmp/sha1sum-tag.txt
83     - diff -u bootstrap/sha1sum.txt /sha1sum.txt
84     - export CCACHE_BASEDIR="${PWD}"
85     - export CCACHE_DIR="${PWD}/ccache" && mkdir -pv "$CCACHE_DIR"
86     - export CC="ccache cc"
87     - export CXX="ccache c++"
88     - ccache -z -M 500M
89     - ccache -s
90   after_script:
91     - mount
92     - df -h
93     - cat /proc/swaps
94     - free -h
95     - CCACHE_BASEDIR="${PWD}" CCACHE_DIR="${PWD}/ccache" ccache -s -c
96   artifacts:
97     expire_in: 1 week
98     paths:
99       - "*.stdout"
100       - "*.stderr"
101       - "*.info"
102       - system-info.txt
103   retry:
104     max: 2
105     when:
106       - runner_system_failure
107       - stuck_or_timeout_failure
108   script:
109     # gitlab predefines CI_JOB_NAME for each job. The gitlab job usually matches the
110     # autobuild name, which means we can define a default template that runs most autobuild jobs
111     - echo "Running cmd script/autobuild.py $AUTOBUILD_JOB_NAME $SAMBA_CI_AUTOBUILD_ENABLE_COVERAGE --verbose --nocleanup --keeplogs --tail --testbase /tmp/samba-testbase"
112     - script/autobuild.py $AUTOBUILD_JOB_NAME $SAMBA_CI_AUTOBUILD_ENABLE_COVERAGE  --verbose --nocleanup --keeplogs --tail --testbase /tmp/samba-testbase
114 # Ensure when adding a new job below that you also add it to
115 # the dependencies for 'pages' below for the code coverage page
116 # generation.
118 others:
119   extends: .shared_template
120   script:
121     - script/autobuild.py ldb      $SAMBA_CI_AUTOBUILD_ENABLE_COVERAGE --verbose --nocleanup --keeplogs --tail --testbase /tmp/samba-testbase
122     - script/autobuild.py pidl     $SAMBA_CI_AUTOBUILD_ENABLE_COVERAGE --verbose --nocleanup --keeplogs --tail --testbase /tmp/samba-testbase
123     - script/autobuild.py replace  $SAMBA_CI_AUTOBUILD_ENABLE_COVERAGE --verbose --nocleanup --keeplogs --tail --testbase /tmp/samba-testbase
124     - script/autobuild.py talloc   $SAMBA_CI_AUTOBUILD_ENABLE_COVERAGE --verbose --nocleanup --keeplogs --tail --testbase /tmp/samba-testbase
125     - script/autobuild.py tdb      $SAMBA_CI_AUTOBUILD_ENABLE_COVERAGE --verbose --nocleanup --keeplogs --tail --testbase /tmp/samba-testbase
126     - script/autobuild.py tevent   $SAMBA_CI_AUTOBUILD_ENABLE_COVERAGE --verbose --nocleanup --keeplogs --tail --testbase /tmp/samba-testbase
127     - script/autobuild.py samba-xc $SAMBA_CI_AUTOBUILD_ENABLE_COVERAGE --verbose --nocleanup --keeplogs --tail --testbase /tmp/samba-testbase
128     - script/autobuild.py docs-xml $SAMBA_CI_AUTOBUILD_ENABLE_COVERAGE --verbose --nocleanup --keeplogs --tail --testbase /tmp/samba-testbase
130 samba:
131   extends: .shared_template
133 samba-mitkrb5:
134   extends: .shared_template
136 samba-nopython:
137   extends: .shared_template
139 samba-nopython-py2:
140   extends: .shared_template
142 samba-admem:
143   extends: .shared_template
145 samba-ad-dc-2:
146   extends: .shared_template
148 samba-ad-dc-3:
149   extends: .shared_template
151 samba-ad-dc-4:
152   extends: .shared_template
154 samba-ad-dc-5:
155   extends: .shared_template
157 samba-ad-dc-6:
158   extends: .shared_template
160 samba-libs:
161   extends: .shared_template
163 samba-static:
164   extends: .shared_template
166 samba-fuzz:
167   extends: .shared_template
168   image: ${SAMBA_CI_CONTAINER_REGISTRY}/samba-ci-ubuntu1604:${SAMBA_CI_CONTAINER_TAG}
170 ctdb:
171   extends: .shared_template
173 samba-ctdb:
174   extends: .shared_template
176 samba-ad-dc-ntvfs:
177   extends: .shared_template
179 samba-admem-mit:
180   extends: .shared_template
182 samba-ad-dc-4-mitkrb5:
183   extends: .shared_template
185 samba-fips:
186   extends: .shared_template
187   image: $SAMBA_CI_CONTAINER_IMAGE_fedora32
189 .private_template:
190   extends: .shared_template
191   tags:
192     - docker
193     - samba-ci-private
194   only:
195     variables:
196       # These jobs are only run if the gitlab repo has private runners available.
197       # To enable private jobs, you must add the following var and value to
198       # your gitlab repo by navigating to:
199       # settings -> CI/CD -> Environment variables
200       - $SUPPORT_PRIVATE_TEST == "yes"
202 samba-ad-dc-backup:
203   extends: .private_template
205 samba-fileserver:
206   extends: .private_template
208 samba-ad-dc-1:
209   extends: .private_template
211 samba-nt4:
212   extends: .private_template
214 samba-schemaupgrade:
215   extends: .private_template
217 samba-ad-dc-1-mitkrb5:
218   extends: .private_template
220 # 'pages' is a special job which can publish artifacts in `public` dir to gitlab pages
221 pages:
222   image: ${SAMBA_CI_CONTAINER_REGISTRY}/samba-ci-${SAMBA_CI_CONTAINER_IMAGE}:${SAMBA_CI_CONTAINER_TAG}
223   stage: report
224   tags:
225     - docker
226     - shared
227   dependencies:  # tell gitlab to download artifacts for these jobs
228     - others
229     - samba
230     - samba-mitkrb5
231     - samba-nopython
232     - samba-nopython-py2
233     - samba-admem
234     - samba-ad-dc-2
235     - samba-ad-dc-3
236     - samba-ad-dc-4
237     - samba-ad-dc-5
238     - samba-ad-dc-6
239     - samba-libs
240     - samba-static
241     - samba-fuzz
242     # - ctdb  # TODO
243     - samba-ctdb
244     - samba-ad-dc-ntvfs
245     - samba-admem-mit
246     - samba-ad-dc-4-mitkrb5
247     - samba-ad-dc-backup
248     - samba-fileserver
249     - samba-ad-dc-1
250     - samba-nt4
251     - samba-schemaupgrade
252     - samba-ad-dc-1-mitkrb5
253     - samba-fips
254   script:
255     - ./configure.developer
256     - make -j
257     - lcov $(ls *.info | xargs -I{} echo -n "-a {} ") -o all.info
258     - genhtml all.info --output-directory public --prefix=$(pwd) --title "coverage report for $CI_COMMIT_REF_NAME $CI_COMMIT_SHORT_SHA"
259   artifacts:
260     expire_in: 30 days
261     paths:
262       - public
263   only:
264     variables:
265       - $SAMBA_CI_AUTOBUILD_ENABLE_COVERAGE == "--enable-coverage"
267 # Coverity Scan
268 coverity:
269   stage: analysis
270   image: $SAMBA_CI_CONTAINER_IMAGE_fedora32
271   tags:
272     - docker
273     - shared
274   script:
275     - wget https://scan.coverity.com/download/linux64 --post-data "token=$COVERITY_SCAN_TOKEN&project=$COVERITY_SCAN_PROJECT_NAME" -O /tmp/coverity_tool.tgz
276     - tar xf /tmp/coverity_tool.tgz
277     - ./configure.developer --with-system-mitkrb5 --with-experimental-mit-ad-dc
278     - cov-analysis-linux64-*/bin/cov-build --dir cov-int make -j$(nproc)
279     - tar czf cov-int.tar.gz cov-int
280     - curl
281       --form token=$COVERITY_SCAN_TOKEN
282       --form email=$COVERITY_SCAN_EMAIL
283       --form file=@cov-int.tar.gz
284       --form version="`git describe --tags`"
285       --form description="CI build"
286       https://scan.coverity.com/builds?project=$COVERITY_SCAN_PROJECT_NAME
287   only:
288     refs:
289       - master
290       - schedules
291     variables:
292       - $COVERITY_SCAN_TOKEN != null
293       - $COVERITY_SCAN_PROJECT_NAME != null
294       - $COVERITY_SCAN_EMAIL != null
295   artifacts:
296     expire_in: 1 week
297     when: on_failure
298     paths:
299       - cov-int/*.txt
302 # We build samba-o3 on all supported distributions
305 .samba-o3-template:
306   extends: .shared_template
307   variables:
308     AUTOBUILD_JOB_NAME: samba-o3
309   only:
310     variables:
311       # do not run o3 for coverage since they are using different images
312       - $SAMBA_CI_AUTOBUILD_ENABLE_COVERAGE == ""
314 ubuntu1804-samba-o3:
315   extends: .samba-o3-template
316   image: $SAMBA_CI_CONTAINER_IMAGE_ubuntu1804
318 ubuntu2004-samba-o3:
319   extends: .samba-o3-template
320   image: $SAMBA_CI_CONTAINER_IMAGE_ubuntu2004
322 debian10-samba-o3:
323   extends: .samba-o3-template
324   image: $SAMBA_CI_CONTAINER_IMAGE_debian10
326 opensuse150-samba-o3:
327   extends: .samba-o3-template
328   image: $SAMBA_CI_CONTAINER_IMAGE_opensuse150
330 opensuse151-samba-o3:
331   extends: .samba-o3-template
332   image: $SAMBA_CI_CONTAINER_IMAGE_opensuse151
334 centos7-samba-o3:
335   extends: .samba-o3-template
336   image: $SAMBA_CI_CONTAINER_IMAGE_centos7
337   variables:
338     # Git on CentOS doesn't support shallow git cloning
339     GIT_DEPTH: ""
340     # We need a newer GnuTLS version on CentOS7
341     PKG_CONFIG_PATH: "/usr/lib64/compat-gnutls34/pkgconfig:/usr/lib64/compat-nettle32/pkgconfig"
343 centos8-samba-o3:
344   extends: .samba-o3-template
345   image: $SAMBA_CI_CONTAINER_IMAGE_centos8
347 fedora31-samba-o3:
348   extends: .samba-o3-template
349   image: $SAMBA_CI_CONTAINER_IMAGE_fedora31
351 fedora32-samba-o3:
352   extends: .samba-o3-template
353   image: $SAMBA_CI_CONTAINER_IMAGE_fedora32
356 # Keep the samba-o3 sections at the end ...