3 - if: $CI_MERGE_REQUEST_IID
5 - if: '$CI_COMMIT_BRANCH =~ /^master|stable|testing|devel$/'
10 GET_SOURCES_ATTEMPTS: 10
13 - export DEBIAN_FRONTEND=noninteractive
16 .prepare-lint-po: &prepare-lint-po
17 - apt-get -qy install git i18nspector
18 - git clone https://gitlab.tails.boum.org/tails/jenkins-tools.git /tmp/jenkins-tools
22 - if: '$CI_COMMIT_BRANCH == "master"'
23 - if: '$CI_MERGE_REQUEST_TARGET_BRANCH_NAME == "master"'
27 - apt-get -qy install ikiwiki po4a libyaml-perl libyaml-libyaml-perl libyaml-syck-perl perlmagick
33 - if: '$CI_COMMIT_BRANCH =~ /^master|stable|testing|devel$/'
39 - /tmp/jenkins-tools/slaves/lint_po
43 - apt-get -qy install python3-bandit file
45 - './bin/bandit-tree --configfile .bandit.yml
55 check-website-core-pages:
57 - apt-get -qy install git
58 - ./bin/check-core-pages
62 - if: '$CI_COMMIT_BRANCH =~ /^master|stable|testing|devel$/'
67 - apt-get -qy install python3 gettext
68 - ./bin/check-po-msgfmt
72 - if: '$CI_COMMIT_BRANCH =~ /^master|stable|testing|devel$/'
77 - apt-get -qy install git ruby
78 - ./bin/sanity-check-website
80 check-translatable-live-website-urls:
82 - apt-get -qy install python3-polib
83 - ./bin/check-translatable-live-website-urls po/tails.pot
87 - if: '$CI_COMMIT_BRANCH != "master"'
89 - './bin/test-utils/test-iuk'
93 - if: '$CI_COMMIT_BRANCH != "master"'
95 - 'cat config/chroot_local-packageslists/tails-perl5lib.list
97 | xargs apt-get -qy install'
98 - 'apt-get -qy install
100 libdist-zilla-plugin-test-notabs-perl
101 libdist-zilla-plugin-test-perl-critic-perl
102 libdist-zilla-app-command-authordebs-perl
105 - apt-get update -qq # Take into account APT configuration added by apt-file
106 # Otherwise, apt-get called by "dzil authordebs --install" asks confirmation
107 - echo 'APT::Get::Assume-Yes "true";' > /etc/apt/apt.conf.d/yes
108 - cd $CI_PROJECT_DIR/config/chroot_local-includes/usr/src/perl5lib
109 - dzil authordebs --install
113 image: debian:testing
115 - apt-get -qy install python3 shellcheck xmlstarlet file
116 - shellcheck --version
117 - './bin/shellcheck-tree --format=checkstyle
118 | xmlstarlet tr config/ci/shellcheck/checkstyle2junit.xslt
123 junit: shellcheck.xml
125 test-persistent-storage-config-file:
127 - apt-get -qy install python3 python3-gi acl
128 - config/chroot_local-includes/usr/lib/python3/dist-packages/tps/configuration/config_file_test.py
132 - apt-get -qy install python3 python3-sh
133 - config/chroot_local-includes/usr/local/lib/tails-gdm-error-message doctest --verbose
134 - env PYTHONPATH=config/chroot_local-includes/usr/lib/python3/dist-packages python3 config/chroot_local-includes/usr/local/bin/tails-documentation --doctest
138 - if: '$CI_COMMIT_BRANCH != "master"'
140 - 'cat config/chroot_local-packageslists/tor-connection-assistant.list
142 | xargs apt-get -qy install'
143 - 'cd config/chroot_local-includes/usr/lib/python3/dist-packages ; find tca -name "*.py" -print0 | xargs -0 -L1 env PYTHONPATH=. python3 -m doctest'
147 - if: '$CI_COMMIT_BRANCH != "master"'
149 - 'cat config/chroot_local-packageslists/tor-connection-assistant.list
151 | xargs apt-get -qy install'
152 - 'PYTHONPATH=config/chroot_local-includes/usr/lib/python3/dist-packages env python3 ./config/chroot_local-includes/usr/local/lib/tca-portal --doctest-only --log-level DEBUG'
157 - if: '$CI_COMMIT_BRANCH != "master"'
159 - apt-get -qy install python3 python3-atomicwrites python3-sh git
160 - 'cd config/chroot_local-includes/usr/lib/python3/dist-packages ; find tailslib -name "*.py" -print0 | grep --null-data -v -e netnsdrop.py -e gnome.py | xargs -0 -L1 env PYTHONPATH=. python3 -m doctest'
164 - if: '$CI_COMMIT_BRANCH != "master"'
166 - 'cat config/chroot_local-packageslists/whisperback.list | grep -E -v "^#"
167 | xargs apt-get -qy install'
168 - apt-get -qy install python3-pytest
169 - 'PYTHONPATH=config/chroot_local-includes/usr/lib/python3/dist-packages
170 pytest-3 --verbose --junit-xml=report.xml
171 config/chroot_local-includes/usr/lib/python3/dist-packages/whisperBack/test.py'
177 apt-snapshots-expiry:
179 - apt-get -qy install curl git
180 - ./bin/apt-snapshots-expiry
182 - if: '$CI_COMMIT_BRANCH =~ /^stable|testing|devel$/'
185 - config/APT_snapshots.d/*/serial
186 - vagrant/definitions/tails-builder/config/APT_snapshots.d/*/serial
188 .install-https-get-expired-build-deps: &install-https-get-expired-build-deps
189 - apt-get -qy install --no-install-recommends golang-go ca-certificates
191 .build-https-get-expired: &build-https-get-expired
192 - go build -o ./https-get-expired config/chroot_local-includes/usr/src/https-get-expired.go
194 .test-https-get-expired: &test-https-get-expired
195 - echo "Basic check:"
196 - ./https-get-expired -reject-expired https://tails.boum.org/
197 - echo "Let's pretend we are in the past. Then, this certificate is still good."
198 - ./https-get-expired -current-time 2000-01-01 -reject-expired https://tails.boum.org/
199 - echo "Let's pretend we are in the future. Then, this certificate is expired"
200 - "! ./https-get-expired -current-time 2090-01-01 -reject-expired https://tails.boum.org/"
201 - "! ./https-get-expired -reject-expired https://wrong.host.badssl.com/"
202 - "! ./https-get-expired -reject-expired https://self-signed.badssl.com/"
203 - "! ./https-get-expired -reject-expired https://untrusted-root.badssl.com/"
204 - "! ./https-get-expired -reject-expired https://expired.badssl.com/"
205 - echo "Invalid host"
206 - "! ./https-get-expired -reject-expired https://nxdomain.tails.boum.org/"
207 - "./bin/test-utils/https-get-expired-test-all"
211 - if: '$CI_COMMIT_BRANCH =~ /^stable|testing|devel$/'
214 - config/chroot_local-includes/usr/src/https-get-expired.go
215 - config/chroot_local-includes/etc/default/htpdate.pools
217 - *install-https-get-expired-build-deps
218 - *build-https-get-expired
219 - *test-https-get-expired
221 https-get-expired-sid:
222 # this job gives us results using a future version of Golang compared to the one we actually use
225 - if: '$CI_COMMIT_BRANCH == "devel"'
228 - config/chroot_local-includes/usr/src/https-get-expired.go
229 - config/chroot_local-includes/etc/default/htpdate.pools
231 - *install-https-get-expired-build-deps
232 - *build-https-get-expired
233 - *test-https-get-expired