yesBad/proton-bridge
1
0
Fork 0
Code Actions Activity

GODT-1833: Build needs test-linux and lint to start and keep vcpkg cache on linux. Builds manuall except linux-qa.

Browse Source
This commit is contained in:
Jakub
2022-09-01 14:20:13 +02:00
parent 310e6ffc0d
commit baecdc4d4f
2 changed files with 68 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

81
.gitlab-ci.yml
View File

@ -40,14 +40,39 @@ stages:
- check - check
- mirror - mirror
.rules-branch-and-MR-always:
rules:
- if: $CI_COMMIT_BRANCH || $CI_PIPELINE_SOURCE == "merge_request_event"
when: always
allow_failure: false
- when: never
.rules-branch-and-MR-manual:
rules:
- if: $CI_COMMIT_BRANCH || $CI_PIPELINE_SOURCE == "merge_request_event"
when: manual
allow_failure: true
- when: never
.rules-branch-manual-MR-always:
rules:
- if: $CI_PIPELINE_SOURCE == "merge_request_event"
when: always
allow_failure: false
- if: $CI_COMMIT_BRANCH
when: manual
allow_failure: true
- when: never
# Stage: CACHE # Stage: CACHE
# This will ensure latest dependency versions and updates the cache for # This will ensure latest dependency versions and updates the cache for
# all other following jobs which only pull the cache. # all other following jobs which only pull the cache.
cache-push: cache-push:
stage: cache stage: cache
only: extends:
- branches - .rules-branch-and-MR-always
script: script:
- echo "" - echo ""
cache: cache:
@ -59,8 +84,8 @@ cache-push:
lint: lint:
stage: test stage: test
only: extends:
- branches - .rules-branch-and-MR-always
before_script: before_script:
- mkdir -p .cache/bin - mkdir -p .cache/bin
- export PATH=$(pwd)/.cache/bin:$PATH - export PATH=$(pwd)/.cache/bin:$PATH
@ -72,8 +97,8 @@ lint:
test-linux: test-linux:
stage: test stage: test
only: extends:
- branches - .rules-branch-manual-MR-always
script: script:
- apt-get -y install pass gnupg rng-tools - apt-get -y install pass gnupg rng-tools
# First have enough of entropy (cat /proc/sys/kernel/random/entropy_avail). # First have enough of entropy (cat /proc/sys/kernel/random/entropy_avail).
@ -88,15 +113,18 @@ test-linux:
- medium - medium
test-windows: test-windows:
extends: .build-windows-base extends:
- .build-windows-base
- .rules-branch-and-MR-manual # GODT-1833: change to .rules-branch-and-MR-always once runner fixed
stage: test stage: test
needs: []
script: script:
- make test - make test
test-integration: test-integration:
stage: test stage: test
only: extends:
- branches - .rules-branch-manual-MR-always
script: script:
- VERBOSITY=debug make -C test test - VERBOSITY=debug make -C test test
tags: tags:
@ -111,12 +139,16 @@ dependency-updates:
.build-base: .build-base:
stage: build stage: build
needs: ["lint"]
rules: rules:
- if: $CI_JOB_NAME =~ /test/ && $CI_PIPELINE_SOURCE == "merge_request_event" # GODT-1833: use `=~ /qa/` after mac and windows runners are fixed
- if: $CI_JOB_NAME =~ /build-linux-qa/ && $CI_PIPELINE_SOURCE == "merge_request_event"
when: always when: always
- if: $CI_JOB_NAME =~ /qa/ && $CI_PIPELINE_SOURCE == "merge_request_event" allow_failure: false
when: always - if: $CI_COMMIT_BRANCH || $CI_PIPELINE_SOURCE == "merge_request_event"
- when: manual when: manual
allow_failure: true
- when: never
before_script: before_script:
- mkdir -p .cache/bin - mkdir -p .cache/bin
- export PATH=$(pwd)/.cache/bin:$PATH - export PATH=$(pwd)/.cache/bin:$PATH
@ -138,6 +170,13 @@ dependency-updates:
build-linux: build-linux:
extends: .build-base extends: .build-base
image: gitlab.protontech.ch:4567/go/bridge-internal:qt6 image: gitlab.protontech.ch:4567/go/bridge-internal:qt6
variables:
VCPKG_DEFAULT_BINARY_CACHE: ${CI_PROJECT_DIR}/.cache
cache:
key: linux-vcpkg
paths:
- .cache
when: 'always'
artifacts: artifacts:
name: "bridge-linux-$CI_COMMIT_SHORT_SHA" name: "bridge-linux-$CI_COMMIT_SHORT_SHA"
@ -213,22 +252,26 @@ build-windows-qa:
name: "bridge-windows-qa-$CI_COMMIT_SHORT_SHA" name: "bridge-windows-qa-$CI_COMMIT_SHORT_SHA"
# Stage: CHECK # Stage: CHECK
check-gobinsec: check-gobinsec:
stage: check stage: check
only: needs: ["build-linux-qa"]
- branches extends:
- .rules-branch-manual-MR-always
cache: cache:
key: gobinsec-cache key: gobinsec-cache-v2
paths: paths:
- gobinsec-cache.yml - ./gobinsec-cache-valid.yml
policy: pull-push policy: pull-push
before_script: before_script:
- mkdir build - mkdir build
- tar -xzf bridge_linux_*.tgz -C build - tar -xzf bridge_linux_*.tgz -C build
- "[ ! -f ./gobinsec-cache-valid.yml ] && wget bridgeteam.protontech.ch/bridgeteam/gobinsec-cache-valid.yml"
- cp ./gobinsec-cache-valid.yml ./gobinsec-cache.yml
script: script:
- "[ ! -f ./gobinsec-cache.yml ] && wget bridgeteam.protontech.ch/bridgeteam/gobinsec-cache.yml"
- cat ./gobinsec-cache.yml - cat ./gobinsec-cache.yml
- gobinsec -wait -cache -config utils/gobinsec_conf.yml build/proton-bridge - gobinsec -wait -cache -config utils/gobinsec_conf.yml build/bridge
- cp ./gobinsec-cache.yml ./gobinsec-cache-valid.yml # Only update cache file if gobinsec succeeds

6
utils/gobinsec_conf.yml
View File

@ -1,5 +1,7 @@
--- ---
wait: true
file: file:
name: "./gobinsec-cache.yml" name: "./gobinsec-cache.yml"
expiration: 24h expiration: 24h
@ -7,3 +9,7 @@ file:
ignore: ignore:
# golang.org/x/net wrong match, we are using 2871e0cb, fixed by 37e1c6af # golang.org/x/net wrong match, we are using 2871e0cb, fixed by 37e1c6af
- "CVE-2021-33194" - "CVE-2021-33194"
# GODT-1853: fix golang.org/x/crypto vulns
- "CVE-2021-43565"
# GODT-1853: fix golang.org/x/crypto vulns
- "CVE-2022-27191"