crypto: Forbid broken unloading of secrets
[qemu/ar7.git] / .gitlab-ci.yml
blob7c0db64710ba025f5a7dee2f67dff85109afce41
1 # Currently we have two build stages after our containers are built:
2 #  - build (for traditional build and test or first stage build)
3 #  - test (for test stages, using build artefacts from a build stage)
4 stages:
5   - containers
6   - containers-layer2
7   - build
8   - test
10 include:
11   - local: '/.gitlab-ci.d/edk2.yml'
12   - local: '/.gitlab-ci.d/opensbi.yml'
13   - local: '/.gitlab-ci.d/containers.yml'
14   - local: '/.gitlab-ci.d/crossbuilds.yml'
16 .native_build_job_template: &native_build_job_definition
17   stage: build
18   image: $CI_REGISTRY_IMAGE/qemu/$IMAGE:latest
19   before_script:
20     - JOBS=$(expr $(nproc) + 1)
21     - sed -i s,git.qemu.org/git,gitlab.com/qemu-project, .gitmodules
22   script:
23     - mkdir build
24     - cd build
25     - if test -n "$TARGETS";
26       then
27         ../configure --enable-werror $CONFIGURE_ARGS --target-list="$TARGETS" ;
28       else
29         ../configure --enable-werror $CONFIGURE_ARGS ;
30       fi || { cat config.log meson-logs/meson-log.txt && exit 1; }
31     - make -j"$JOBS"
32     - if test -n "$MAKE_CHECK_ARGS";
33       then
34         make -j"$JOBS" $MAKE_CHECK_ARGS ;
35       fi
37 .native_test_job_template: &native_test_job_definition
38   stage: test
39   image: $CI_REGISTRY_IMAGE/qemu/$IMAGE:latest
40   script:
41     - scripts/git-submodule.sh update
42         $(grep GIT_SUBMODULES build/config-host.mak | sed 's/GIT_SUBMODULES=//')
43     - cd build
44     - find . -type f -exec touch {} +
45     # Avoid recompiling by hiding ninja with NINJA=":"
46     - make NINJA=":" $MAKE_CHECK_ARGS
48 .acceptance_template: &acceptance_definition
49   cache:
50     key: "${CI_JOB_NAME}-cache"
51     paths:
52       - ${CI_PROJECT_DIR}/avocado-cache
53     policy: pull-push
54   artifacts:
55     name: "$CI_JOB_NAME-$CI_COMMIT_REF_SLUG"
56     when: always
57     expire_in: 2 days
58     paths:
59       - build/tests/results/latest/results.xml
60       - build/tests/results/latest/test-results
61     reports:
62       junit: build/tests/results/latest/results.xml
63   before_script:
64     - mkdir -p ~/.config/avocado
65     - echo "[datadir.paths]" > ~/.config/avocado/avocado.conf
66     - echo "cache_dirs = ['${CI_PROJECT_DIR}/avocado-cache']"
67            >> ~/.config/avocado/avocado.conf
68     - echo -e '[job.output.testlogs]\nstatuses = ["FAIL"]'
69            >> ~/.config/avocado/avocado.conf
70     - if [ -d ${CI_PROJECT_DIR}/avocado-cache ]; then
71         du -chs ${CI_PROJECT_DIR}/avocado-cache ;
72       fi
73     - export AVOCADO_ALLOW_UNTRUSTED_CODE=1
74   after_script:
75     - cd build
76     - du -chs ${CI_PROJECT_DIR}/avocado-cache
78 build-system-alpine:
79   <<: *native_build_job_definition
80   variables:
81     IMAGE: alpine
82     TARGETS: aarch64-softmmu alpha-softmmu cris-softmmu hppa-softmmu
83       moxie-softmmu microblazeel-softmmu mips64el-softmmu
84     MAKE_CHECK_ARGS: check-build
85     CONFIGURE_ARGS: --enable-docs
86   artifacts:
87     expire_in: 2 days
88     paths:
89       - .git-submodule-status
90       - build
92 check-system-alpine:
93   <<: *native_test_job_definition
94   needs:
95     - job: build-system-alpine
96       artifacts: true
97   variables:
98     IMAGE: alpine
99     MAKE_CHECK_ARGS: check
101 acceptance-system-alpine:
102   <<: *native_test_job_definition
103   needs:
104     - job: build-system-alpine
105       artifacts: true
106   variables:
107     IMAGE: alpine
108     MAKE_CHECK_ARGS: check-acceptance
109   <<: *acceptance_definition
111 build-system-ubuntu:
112   <<: *native_build_job_definition
113   variables:
114     IMAGE: ubuntu2004
115     CONFIGURE_ARGS: --enable-fdt=system --enable-slirp=system
116     TARGETS: aarch64-softmmu alpha-softmmu cris-softmmu hppa-softmmu
117       moxie-softmmu microblazeel-softmmu mips64el-softmmu
118     MAKE_CHECK_ARGS: check-build
119   artifacts:
120     expire_in: 2 days
121     paths:
122       - build
124 check-system-ubuntu:
125   <<: *native_test_job_definition
126   needs:
127     - job: build-system-ubuntu
128       artifacts: true
129   variables:
130     IMAGE: ubuntu2004
131     MAKE_CHECK_ARGS: check
133 acceptance-system-ubuntu:
134   <<: *native_test_job_definition
135   needs:
136     - job: build-system-ubuntu
137       artifacts: true
138   variables:
139     IMAGE: ubuntu2004
140     MAKE_CHECK_ARGS: check-acceptance
141   <<: *acceptance_definition
143 build-system-debian:
144   <<: *native_build_job_definition
145   variables:
146     IMAGE: debian-amd64
147     CONFIGURE_ARGS: --enable-fdt=system
148     TARGETS: arm-softmmu avr-softmmu i386-softmmu mipsel-softmmu
149       riscv64-softmmu sh4eb-softmmu sparc-softmmu xtensaeb-softmmu
150     MAKE_CHECK_ARGS: check-build
151   artifacts:
152     expire_in: 2 days
153     paths:
154       - build
156 check-system-debian:
157   <<: *native_test_job_definition
158   needs:
159     - job: build-system-debian
160       artifacts: true
161   variables:
162     IMAGE: debian-amd64
163     MAKE_CHECK_ARGS: check
165 # No targets are built here, just tools, docs, and unit tests. This
166 # also feeds into the eventual documentation deployment steps later
167 build-tools-and-docs-debian:
168   <<: *native_build_job_definition
169   variables:
170     IMAGE: debian-amd64
171     MAKE_CHECK_ARGS: check-unit check-softfloat ctags TAGS cscope
172     CONFIGURE_ARGS: --disable-system --disable-user --enable-docs --enable-tools
173   artifacts:
174     expire_in: 2 days
175     paths:
176       - build
178 acceptance-system-debian:
179   <<: *native_test_job_definition
180   needs:
181     - job: build-system-debian
182       artifacts: true
183   variables:
184     IMAGE: debian-amd64
185     MAKE_CHECK_ARGS: check-acceptance
186   <<: *acceptance_definition
188 build-system-fedora:
189   <<: *native_build_job_definition
190   variables:
191     IMAGE: fedora
192     CONFIGURE_ARGS: --disable-gcrypt --enable-nettle --enable-docs
193              --enable-fdt=system --enable-slirp=system --enable-capstone=system
194     TARGETS: tricore-softmmu microblaze-softmmu mips-softmmu
195       xtensa-softmmu m68k-softmmu riscv32-softmmu ppc-softmmu sparc64-softmmu
196     MAKE_CHECK_ARGS: check-build
197   artifacts:
198     expire_in: 2 days
199     paths:
200       - build
202 check-system-fedora:
203   <<: *native_test_job_definition
204   needs:
205     - job: build-system-fedora
206       artifacts: true
207   variables:
208     IMAGE: fedora
209     MAKE_CHECK_ARGS: check
211 acceptance-system-fedora:
212   <<: *native_test_job_definition
213   needs:
214     - job: build-system-fedora
215       artifacts: true
216   variables:
217     IMAGE: fedora
218     MAKE_CHECK_ARGS: check-acceptance
219   <<: *acceptance_definition
221 build-system-centos:
222   <<: *native_build_job_definition
223   variables:
224     IMAGE: centos8
225     CONFIGURE_ARGS: --disable-nettle --enable-gcrypt --enable-fdt=system
226     TARGETS: ppc64-softmmu or1k-softmmu s390x-softmmu
227       x86_64-softmmu rx-softmmu sh4-softmmu nios2-softmmu
228     MAKE_CHECK_ARGS: check-build
229   artifacts:
230     expire_in: 2 days
231     paths:
232       - build
234 check-system-centos:
235   <<: *native_test_job_definition
236   needs:
237     - job: build-system-centos
238       artifacts: true
239   variables:
240     IMAGE: centos8
241     MAKE_CHECK_ARGS: check
243 acceptance-system-centos:
244   <<: *native_test_job_definition
245   needs:
246     - job: build-system-centos
247       artifacts: true
248   variables:
249     IMAGE: centos8
250     MAKE_CHECK_ARGS: check-acceptance
251   <<: *acceptance_definition
253 build-system-opensuse:
254   <<: *native_build_job_definition
255   variables:
256     IMAGE: opensuse-leap
257     CONFIGURE_ARGS: --enable-fdt=system
258     TARGETS: s390x-softmmu x86_64-softmmu aarch64-softmmu
259     MAKE_CHECK_ARGS: check-build
260   artifacts:
261     expire_in: 2 days
262     paths:
263       - build
265 check-system-opensuse:
266   <<: *native_test_job_definition
267   needs:
268     - job: build-system-opensuse
269       artifacts: true
270   variables:
271     IMAGE: opensuse-leap
272     MAKE_CHECK_ARGS: check
274 acceptance-system-opensuse:
275    <<: *native_test_job_definition
276    needs:
277      - job: build-system-opensuse
278        artifacts: true
279    variables:
280      IMAGE: opensuse-leap
281      MAKE_CHECK_ARGS: check-acceptance
282    <<: *acceptance_definition
285 build-disabled:
286   <<: *native_build_job_definition
287   variables:
288     IMAGE: fedora
289     CONFIGURE_ARGS:
290       --disable-attr
291       --disable-auth-pam
292       --disable-avx2
293       --disable-bochs
294       --disable-brlapi
295       --disable-bzip2
296       --disable-cap-ng
297       --disable-capstone
298       --disable-cloop
299       --disable-coroutine-pool
300       --disable-curl
301       --disable-curses
302       --disable-dmg
303       --disable-docs
304       --disable-gcrypt
305       --disable-glusterfs
306       --disable-gnutls
307       --disable-gtk
308       --disable-guest-agent
309       --disable-iconv
310       --disable-keyring
311       --disable-kvm
312       --disable-libiscsi
313       --disable-libpmem
314       --disable-libssh
315       --disable-libudev
316       --disable-libusb
317       --disable-libxml2
318       --disable-linux-aio
319       --disable-live-block-migration
320       --disable-lzo
321       --disable-malloc-trim
322       --disable-mpath
323       --disable-nettle
324       --disable-numa
325       --disable-opengl
326       --disable-parallels
327       --disable-pie
328       --disable-qcow1
329       --disable-qed
330       --disable-qom-cast-debug
331       --disable-rbd
332       --disable-rdma
333       --disable-replication
334       --disable-sdl
335       --disable-seccomp
336       --disable-sheepdog
337       --disable-slirp
338       --disable-smartcard
339       --disable-snappy
340       --disable-sparse
341       --disable-spice
342       --disable-strip
343       --disable-tpm
344       --disable-usb-redir
345       --disable-vdi
346       --disable-vhost-crypto
347       --disable-vhost-net
348       --disable-vhost-scsi
349       --disable-vhost-user
350       --disable-vhost-vdpa
351       --disable-vhost-vsock
352       --disable-virglrenderer
353       --disable-vnc
354       --disable-vte
355       --disable-vvfat
356       --disable-xen
357       --disable-zstd
358     TARGETS: arm-softmmu i386-softmmu ppc64-softmmu mips64-softmmu
359       s390x-softmmu i386-linux-user
360     MAKE_CHECK_ARGS: check-qtest SPEED=slow
362 # This jobs explicitly disable TCG (--disable-tcg), KVM is detected by
363 # the configure script. The container doesn't contain Xen headers so
364 # Xen accelerator is not detected / selected. As result it build the
365 # i386-softmmu and x86_64-softmmu with KVM being the single accelerator
366 # available.
367 build-tcg-disabled:
368   <<: *native_build_job_definition
369   variables:
370     IMAGE: centos8
371   script:
372     - mkdir build
373     - cd build
374     - ../configure --disable-tcg --audio-drv-list="" || { cat config.log meson-logs/meson-log.txt && exit 1; }
375     - make -j"$JOBS"
376     - make check-unit
377     - make check-qapi-schema
378     - cd tests/qemu-iotests/
379     - ./check -raw 001 002 003 004 005 008 009 010 011 012 021 025 032 033 048
380             052 063 077 086 101 104 106 113 148 150 151 152 157 159 160 163
381             170 171 183 184 192 194 197 208 215 221 222 226 227 236 253 277
382     - ./check -qcow2 028 051 056 057 058 065 068 082 085 091 095 096 102 122
383             124 132 139 142 144 145 151 152 155 157 165 194 196 197 200 202
384             208 209 215 216 218 222 227 234 246 247 248 250 254 255 257 258
385             260 261 262 263 264 270 272 273 277 279
387 build-user:
388   <<: *native_build_job_definition
389   variables:
390     IMAGE: debian-all-test-cross
391     CONFIGURE_ARGS: --disable-tools --disable-system
392     MAKE_CHECK_ARGS: check-tcg
394 build-user-static:
395   <<: *native_build_job_definition
396   variables:
397     IMAGE: debian-all-test-cross
398     CONFIGURE_ARGS: --disable-tools --disable-system --static
399     MAKE_CHECK_ARGS: check-tcg
401 # Only build the softmmu targets we have check-tcg tests for
402 build-some-softmmu:
403   <<: *native_build_job_definition
404   variables:
405     IMAGE: debian-all-test-cross
406     CONFIGURE_ARGS: --disable-tools --enable-debug-tcg
407     TARGETS: xtensa-softmmu arm-softmmu aarch64-softmmu alpha-softmmu
408     MAKE_CHECK_ARGS: check-tcg
410 # Run check-tcg against linux-user (with plugins)
411 # we skip sparc64-linux-user until it has been fixed somewhat
412 # we skip cris-linux-user as it doesn't use the common run loop
413 build-user-plugins:
414   <<: *native_build_job_definition
415   variables:
416     IMAGE: debian-all-test-cross
417     CONFIGURE_ARGS: --disable-tools --disable-system --enable-plugins --enable-debug-tcg --target-list-exclude=sparc64-linux-user,cris-linux-user
418     MAKE_CHECK_ARGS: check-tcg
419   timeout: 1h 30m
421 build-user-centos7:
422   <<: *native_build_job_definition
423   variables:
424     IMAGE: centos7
425     CONFIGURE_ARGS: --disable-system --disable-tools --disable-docs
426     MAKE_CHECK_ARGS: check-tcg
428 build-some-softmmu-plugins:
429   <<: *native_build_job_definition
430   variables:
431     IMAGE: debian-all-test-cross
432     CONFIGURE_ARGS: --disable-tools --disable-user --enable-plugins --enable-debug-tcg
433     TARGETS: xtensa-softmmu arm-softmmu aarch64-softmmu alpha-softmmu
434     MAKE_CHECK_ARGS: check-tcg
436 build-clang:
437   <<: *native_build_job_definition
438   variables:
439     IMAGE: fedora
440     CONFIGURE_ARGS: --cc=clang --cxx=clang++
441     TARGETS: alpha-softmmu arm-softmmu m68k-softmmu mips64-softmmu
442       ppc-softmmu s390x-softmmu arm-linux-user
443     MAKE_CHECK_ARGS: check
445 # These targets are on the way out
446 build-deprecated:
447   <<: *native_build_job_definition
448   variables:
449     IMAGE: debian-all-test-cross
450     CONFIGURE_ARGS: --disable-docs --disable-tools
451     MAKE_CHECK_ARGS: build-tcg
452     TARGETS: ppc64abi32-linux-user tilegx-linux-user lm32-softmmu
453       unicore32-softmmu
454   artifacts:
455     expire_in: 2 days
456     paths:
457       - build
459 # We split the check-tcg step as test failures are expected but we still
460 # want to catch the build breaking.
461 check-deprecated:
462   <<: *native_test_job_definition
463   needs:
464     - job: build-deprecated
465       artifacts: true
466   variables:
467     IMAGE: debian-all-test-cross
468     MAKE_CHECK_ARGS: check-tcg
469   allow_failure: true
471 build-oss-fuzz:
472   <<: *native_build_job_definition
473   variables:
474     IMAGE: fedora
475   script:
476     - mkdir build-oss-fuzz
477     - CC="clang" CXX="clang++" CFLAGS="-fsanitize=address"
478       ./scripts/oss-fuzz/build.sh
479     - export ASAN_OPTIONS="fast_unwind_on_malloc=0"
480     - for fuzzer in $(find ./build-oss-fuzz/DEST_DIR/ -executable -type f
481                       | grep -v slirp); do
482         grep "LLVMFuzzerTestOneInput" ${fuzzer} > /dev/null 2>&1 || continue ;
483         echo Testing ${fuzzer} ... ;
484         "${fuzzer}" -runs=1 -seed=1 || exit 1 ;
485       done
486     # Unrelated to fuzzer: run some tests with -fsanitize=address
487     - cd build-oss-fuzz && make check-qtest-i386 check-unit
489 build-tci:
490   <<: *native_build_job_definition
491   variables:
492     IMAGE: fedora
493   script:
494     - TARGETS="aarch64 alpha arm hppa m68k microblaze moxie ppc64 s390x x86_64"
495     - mkdir build
496     - cd build
497     - ../configure --enable-tcg-interpreter
498         --target-list="$(for tg in $TARGETS; do echo -n ${tg}'-softmmu '; done)" || { cat config.log meson-logs/meson-log.txt && exit 1; }
499     - make -j"$JOBS"
500     - make run-tcg-tests-x86_64-softmmu
501     - make tests/qtest/boot-serial-test tests/qtest/cdrom-test tests/qtest/pxe-test
502     - for tg in $TARGETS ; do
503         export QTEST_QEMU_BINARY="./qemu-system-${tg}" ;
504         ./tests/qtest/boot-serial-test || exit 1 ;
505         ./tests/qtest/cdrom-test || exit 1 ;
506       done
507     - QTEST_QEMU_BINARY="./qemu-system-x86_64" ./tests/qtest/pxe-test
508     - QTEST_QEMU_BINARY="./qemu-system-s390x" ./tests/qtest/pxe-test -m slow
510 # Alternate coroutines implementations are only really of interest to KVM users
511 # However we can't test against KVM on Gitlab-CI so we can only run unit tests
512 build-coroutine-ucontext:
513   <<: *native_build_job_definition
514   variables:
515     IMAGE: ubuntu2004
516     CONFIGURE_ARGS: --with-coroutine=ucontext --disable-tcg
517     MAKE_CHECK_ARGS: check-unit
519 build-coroutine-sigaltstack:
520   <<: *native_build_job_definition
521   variables:
522     IMAGE: ubuntu2004
523     CONFIGURE_ARGS: --with-coroutine=sigaltstack --disable-tcg
524     MAKE_CHECK_ARGS: check-unit
526 # Most jobs test latest gcrypt or nettle builds
528 # These jobs test old gcrypt and nettle from RHEL7
529 # which had some API differences.
530 build-crypto-old-nettle:
531   <<: *native_build_job_definition
532   variables:
533     IMAGE: centos7
534     TARGETS: x86_64-softmmu x86_64-linux-user
535     CONFIGURE_ARGS: --disable-gcrypt --enable-nettle
536     MAKE_CHECK_ARGS: check-build
537   artifacts:
538     paths:
539       - build
541 check-crypto-old-nettle:
542   <<: *native_test_job_definition
543   needs:
544     - job: build-crypto-old-nettle
545       artifacts: true
546   variables:
547     IMAGE: centos7
548     MAKE_CHECK_ARGS: check
551 build-crypto-old-gcrypt:
552   <<: *native_build_job_definition
553   variables:
554     IMAGE: centos7
555     TARGETS: x86_64-softmmu x86_64-linux-user
556     CONFIGURE_ARGS: --disable-nettle --enable-gcrypt
557     MAKE_CHECK_ARGS: check-build
558   artifacts:
559     paths:
560       - build
562 check-crypto-old-gcrypt:
563   <<: *native_test_job_definition
564   needs:
565     - job: build-crypto-old-gcrypt
566       artifacts: true
567   variables:
568     IMAGE: centos7
569     MAKE_CHECK_ARGS: check
572 build-crypto-only-gnutls:
573   <<: *native_build_job_definition
574   variables:
575     IMAGE: centos7
576     TARGETS: x86_64-softmmu x86_64-linux-user
577     CONFIGURE_ARGS: --disable-nettle --disable-gcrypt --enable-gnutls
578     MAKE_CHECK_ARGS: check-build
579   artifacts:
580     paths:
581       - build
583 check-crypto-only-gnutls:
584   <<: *native_test_job_definition
585   needs:
586     - job: build-crypto-only-gnutls
587       artifacts: true
588   variables:
589     IMAGE: centos7
590     MAKE_CHECK_ARGS: check
592 # We don't need to exercise every backend with every front-end
593 build-trace-multi-user:
594   <<: *native_build_job_definition
595   variables:
596     IMAGE: ubuntu2004
597     CONFIGURE_ARGS: --enable-trace-backends=log,simple,syslog --disable-system
599 build-trace-ftrace-system:
600   <<: *native_build_job_definition
601   variables:
602     IMAGE: ubuntu2004
603     CONFIGURE_ARGS: --enable-trace-backends=ftrace --target-list=x86_64-softmmu
605 build-trace-ust-system:
606   <<: *native_build_job_definition
607   variables:
608     IMAGE: ubuntu2004
609     CONFIGURE_ARGS: --enable-trace-backends=ust --target-list=x86_64-softmmu
611 # Check our reduced build configurations
612 build-without-default-devices:
613   <<: *native_build_job_definition
614   variables:
615     IMAGE: centos8
616     CONFIGURE_ARGS: --without-default-devices --disable-user
618 build-without-default-features:
619   <<: *native_build_job_definition
620   variables:
621     IMAGE: debian-amd64
622     CONFIGURE_ARGS: --without-default-features --disable-user
623         --target-list-exclude=arm-softmmu,i386-softmmu,mipsel-softmmu,mips64-softmmu,ppc-softmmu
624     MAKE_CHECK_ARGS: check-unit
626 check-patch:
627   stage: build
628   image: $CI_REGISTRY_IMAGE/qemu/centos8:latest
629   script: .gitlab-ci.d/check-patch.py
630   except:
631     variables:
632       - $CI_PROJECT_NAMESPACE == 'qemu-project' && $CI_COMMIT_BRANCH == 'master'
633   variables:
634     GIT_DEPTH: 1000
635   allow_failure: true
637 check-dco:
638   stage: build
639   image: $CI_REGISTRY_IMAGE/qemu/centos8:latest
640   script: .gitlab-ci.d/check-dco.py
641   except:
642     variables:
643       - $CI_PROJECT_NAMESPACE == 'qemu-project' && $CI_COMMIT_BRANCH == 'master'
644   variables:
645     GIT_DEPTH: 1000
647 build-libvhost-user:
648   stage: build
649   image: $CI_REGISTRY_IMAGE/qemu/fedora:latest
650   before_script:
651     - dnf install -y meson ninja-build
652   script:
653     - mkdir subprojects/libvhost-user/build
654     - cd subprojects/libvhost-user/build
655     - meson
656     - ninja
658 # Prepare for GitLab pages deployment. Anything copied into the
659 # "public" directory will be deployed to $USER.gitlab.io/$PROJECT
660 pages:
661   image: $CI_REGISTRY_IMAGE/qemu/debian-amd64:latest
662   stage: test
663   needs:
664     - job: build-tools-and-docs-debian
665   script:
666     - mkdir -p public
667     # HTML-ised source tree
668     - make gtags
669     - htags -anT --tree-view=filetree -m qemu_init
670         -t "Welcome to the QEMU sourcecode"
671     - mv HTML public/src
672     # Project documentation
673     - make -C build install DESTDIR=$(pwd)/temp-install
674     - mv temp-install/usr/local/share/doc/qemu/* public/
675   artifacts:
676     paths:
677       - public