Revert "CVE-2018-16860 selftest: Add test for S4U2Self with unkeyed checksum"

[gd/samba-autobuild/.git] / .gitlab-ci.yml

# see https://docs.gitlab.com/ce/ci/yaml/README.html for all available options

stages:
  - images
  - build
  - analysis
  - report

variables:
  GIT_STRATEGY: fetch
  GIT_DEPTH: "3"
  # "--enable-coverage" or ""
  SAMBA_CI_AUTOBUILD_ENABLE_COVERAGE: ""
  #
  # we run autobuild.py inside a samba CI docker image located on gitlab's registry
  # overwrite this variable if you want use your own image registry.
  #
  # Or better ask for access to the shared development repository, see
  # https://wiki.samba.org/index.php/Samba_CI_on_gitlab#Getting_Access
  #
  SAMBA_CI_CONTAINER_REGISTRY: registry.gitlab.com/samba-team/devel/samba
  #
  # Set this to the contents of bootstrap/sha1sum.txt
  # which is generated by bootstrap/template.py --render
  #
  SAMBA_CI_CONTAINER_TAG: c6ee634a9467e84ee8dd858b0b363f7a75973a66
  #
  # We use the ubuntu1804 image as default as
  # it matches what we have on sn-devel-184.
  #
  SAMBA_CI_CONTAINER_IMAGE: ubuntu1804
  #
  # The following images are available
  # Please see the samba-o3 sections at the end of this file!
  # We should run that for each available image
  #
  SAMBA_CI_CONTAINER_IMAGE_ubuntu1604: ${SAMBA_CI_CONTAINER_REGISTRY}/samba-ci-ubuntu1604:${SAMBA_CI_CONTAINER_TAG}
  SAMBA_CI_CONTAINER_IMAGE_ubuntu1804: ${SAMBA_CI_CONTAINER_REGISTRY}/samba-ci-ubuntu1804:${SAMBA_CI_CONTAINER_TAG}
  SAMBA_CI_CONTAINER_IMAGE_ubuntu2004: ${SAMBA_CI_CONTAINER_REGISTRY}/samba-ci-ubuntu2004:${SAMBA_CI_CONTAINER_TAG}
  SAMBA_CI_CONTAINER_IMAGE_debian9: ${SAMBA_CI_CONTAINER_REGISTRY}/samba-ci-debian9:${SAMBA_CI_CONTAINER_TAG}
  SAMBA_CI_CONTAINER_IMAGE_debian10: ${SAMBA_CI_CONTAINER_REGISTRY}/samba-ci-debian10:${SAMBA_CI_CONTAINER_TAG}
  SAMBA_CI_CONTAINER_IMAGE_opensuse150: ${SAMBA_CI_CONTAINER_REGISTRY}/samba-ci-opensuse150:${SAMBA_CI_CONTAINER_TAG}
  SAMBA_CI_CONTAINER_IMAGE_opensuse151: ${SAMBA_CI_CONTAINER_REGISTRY}/samba-ci-opensuse151:${SAMBA_CI_CONTAINER_TAG}
  SAMBA_CI_CONTAINER_IMAGE_fedora31: ${SAMBA_CI_CONTAINER_REGISTRY}/samba-ci-fedora31:${SAMBA_CI_CONTAINER_TAG}
  SAMBA_CI_CONTAINER_IMAGE_fedora32: ${SAMBA_CI_CONTAINER_REGISTRY}/samba-ci-fedora32:${SAMBA_CI_CONTAINER_TAG}
  SAMBA_CI_CONTAINER_IMAGE_centos7: ${SAMBA_CI_CONTAINER_REGISTRY}/samba-ci-centos7:${SAMBA_CI_CONTAINER_TAG}
  SAMBA_CI_CONTAINER_IMAGE_centos8: ${SAMBA_CI_CONTAINER_REGISTRY}/samba-ci-centos8:${SAMBA_CI_CONTAINER_TAG}

include:
  # The image creation details are specified in a separate file
  # See bootstrap/README.md for details
  - 'bootstrap/.gitlab-ci.yml'

.shared_template:
  variables:
    AUTOBUILD_JOB_NAME: $CI_JOB_NAME
  image: ${SAMBA_CI_CONTAINER_REGISTRY}/samba-ci-${SAMBA_CI_CONTAINER_IMAGE}:${SAMBA_CI_CONTAINER_TAG}
  stage: build
  tags:
    - docker
    - shared
  cache:
    key: ccache.${CI_JOB_NAME}
    paths:
      - ccache
  before_script:
    - uname -a
    - lsb_release -a
    - cat /etc/os-release
    - mount
    - df -h
    - cat /proc/swaps
    - free -h
      # ld will fail if coverage enabled, force link ld to ld.bfd
    - if [ -n "$SAMBA_CI_AUTOBUILD_ENABLE_COVERAGE" ]; then sudo ln -sf $(which ld.bfd) $(which ld); fi
      # See bootstrap/.gitlab-ci.yml how to generate a new image
    - echo "SAMBA_CI_CONTAINER_REGISTRY[${SAMBA_CI_CONTAINER_REGISTRY}]"
    - echo "SAMBA_CI_CONTAINER_TAG[${SAMBA_CI_CONTAINER_TAG}]"
    - bootstrap/template.py --sha1sum > /tmp/sha1sum-template.txt
    - diff -u bootstrap/sha1sum.txt /tmp/sha1sum-template.txt
    - echo "${SAMBA_CI_CONTAINER_TAG}" > /tmp/sha1sum-tag.txt
    - diff -u bootstrap/sha1sum.txt /tmp/sha1sum-tag.txt
    - diff -u bootstrap/sha1sum.txt /sha1sum.txt
    - export CCACHE_BASEDIR="${PWD}"
    - export CCACHE_DIR="${PWD}/ccache" && mkdir -pv "$CCACHE_DIR"
    - export CC="ccache cc"
    - export CXX="ccache c++"
    - ccache -z -M 500M
    - ccache -s
  after_script:
    - mount
    - df -h
    - cat /proc/swaps
    - free -h
    - CCACHE_BASEDIR="${PWD}" CCACHE_DIR="${PWD}/ccache" ccache -s -c
  artifacts:
    expire_in: 1 week
    paths:
      - "*.stdout"
      - "*.stderr"
      - "*.info"
      - system-info.txt
  retry:
    max: 2
    when:
      - runner_system_failure
      - stuck_or_timeout_failure
  script:
    # gitlab predefines CI_JOB_NAME for each job. The gitlab job usually matches the
    # autobuild name, which means we can define a default template that runs most autobuild jobs
    - echo "Running cmd script/autobuild.py $AUTOBUILD_JOB_NAME $SAMBA_CI_AUTOBUILD_ENABLE_COVERAGE --verbose --nocleanup --keeplogs --tail --testbase /tmp/samba-testbase"
    - script/autobuild.py $AUTOBUILD_JOB_NAME $SAMBA_CI_AUTOBUILD_ENABLE_COVERAGE  --verbose --nocleanup --keeplogs --tail --testbase /tmp/samba-testbase

# Ensure when adding a new job below that you also add it to
# the dependencies for 'pages' below for the code coverage page
# generation.

others:
  extends: .shared_template
  script:
    - script/autobuild.py ldb      $SAMBA_CI_AUTOBUILD_ENABLE_COVERAGE --verbose --nocleanup --keeplogs --tail --testbase /tmp/samba-testbase
    - script/autobuild.py pidl     $SAMBA_CI_AUTOBUILD_ENABLE_COVERAGE --verbose --nocleanup --keeplogs --tail --testbase /tmp/samba-testbase
    - script/autobuild.py replace  $SAMBA_CI_AUTOBUILD_ENABLE_COVERAGE --verbose --nocleanup --keeplogs --tail --testbase /tmp/samba-testbase
    - script/autobuild.py talloc   $SAMBA_CI_AUTOBUILD_ENABLE_COVERAGE --verbose --nocleanup --keeplogs --tail --testbase /tmp/samba-testbase
    - script/autobuild.py tdb      $SAMBA_CI_AUTOBUILD_ENABLE_COVERAGE --verbose --nocleanup --keeplogs --tail --testbase /tmp/samba-testbase
    - script/autobuild.py tevent   $SAMBA_CI_AUTOBUILD_ENABLE_COVERAGE --verbose --nocleanup --keeplogs --tail --testbase /tmp/samba-testbase
    - script/autobuild.py samba-xc $SAMBA_CI_AUTOBUILD_ENABLE_COVERAGE --verbose --nocleanup --keeplogs --tail --testbase /tmp/samba-testbase

samba:
  extends: .shared_template

samba-mitkrb5:
  extends: .shared_template

samba-nopython:
  extends: .shared_template

samba-nopython-py2:
  extends: .shared_template

samba-admem:
  extends: .shared_template

samba-ad-dc-2:
  extends: .shared_template

samba-ad-dc-3:
  extends: .shared_template

samba-ad-dc-4:
  extends: .shared_template

samba-ad-dc-5:
  extends: .shared_template

samba-ad-dc-6:
  extends: .shared_template

samba-libs:
  extends: .shared_template

samba-static:
  extends: .shared_template

samba-fuzz:
  extends: .shared_template
  image: ${SAMBA_CI_CONTAINER_REGISTRY}/samba-ci-ubuntu1604:${SAMBA_CI_CONTAINER_TAG}

ctdb:
  extends: .shared_template

samba-ctdb:
  extends: .shared_template

samba-ad-dc-ntvfs:
  extends: .shared_template

samba-admem-mit:
  extends: .shared_template

samba-ad-dc-4-mitkrb5:
  extends: .shared_template

samba-ad-dc-fips:
  extends: .shared_template
  image: $SAMBA_CI_CONTAINER_IMAGE_fedora31

.private_template:
  extends: .shared_template
  tags:
    - docker
    - samba-ci-private
  only:
    variables:
      # These jobs are only run if the gitlab repo has private runners available.
      # To enable private jobs, you must add the following var and value to
      # your gitlab repo by navigating to:
      # settings -> CI/CD -> Environment variables
      - $SUPPORT_PRIVATE_TEST == "yes"

samba-ad-dc-backup:
  extends: .private_template

samba-fileserver:
  extends: .private_template

samba-ad-dc-1:
  extends: .private_template

samba-nt4:
  extends: .private_template

samba-schemaupgrade:
  extends: .private_template

samba-ad-dc-1-mitkrb5:
  extends: .private_template

# 'pages' is a special job which can publish artifacts in `public` dir to gitlab pages
pages:
  image: ${SAMBA_CI_CONTAINER_REGISTRY}/samba-ci-${SAMBA_CI_CONTAINER_IMAGE}:${SAMBA_CI_CONTAINER_TAG}
  stage: report
  tags:
    - docker
    - shared
  dependencies:  # tell gitlab to download artifacts for these jobs
    - others
    - samba
    - samba-mitkrb5
    - samba-nopython
    - samba-nopython-py2
    - samba-admem
    - samba-ad-dc-2
    - samba-ad-dc-3
    - samba-ad-dc-4
    - samba-ad-dc-5
    - samba-ad-dc-6
    - samba-libs
    - samba-static
    - samba-fuzz
    # - ctdb  # TODO
    - samba-ctdb
    - samba-ad-dc-ntvfs
    - samba-admem-mit
    - samba-ad-dc-4-mitkrb5
    - samba-ad-dc-backup
    - samba-fileserver
    - samba-ad-dc-1
    - samba-nt4
    - samba-schemaupgrade
    - samba-ad-dc-1-mitkrb5
    - samba-ad-dc-fips
  script:
    - ./configure.developer
    - make -j
    - lcov $(ls *.info | xargs -I{} echo -n "-a {} ") -o all.info
    - genhtml all.info --output-directory public --prefix=$(pwd) --title "coverage report for $CI_COMMIT_REF_NAME $CI_COMMIT_SHORT_SHA"
  artifacts:
    expire_in: 30 days
    paths:
      - public
  only:
    variables:
      - $SAMBA_CI_AUTOBUILD_ENABLE_COVERAGE == "--enable-coverage"

# Coverity Scan
coverity:
  stage: analysis
  image: $SAMBA_CI_CONTAINER_IMAGE_fedora32
  tags:
    - docker
    - shared
  script:
    - wget https://scan.coverity.com/download/linux64 --post-data "token=$COVERITY_SCAN_TOKEN&project=$COVERITY_SCAN_PROJECT_NAME" -O /tmp/coverity_tool.tgz
    - tar xf /tmp/coverity_tool.tgz
    - ./configure.developer --with-system-mitkrb5 --with-experimental-mit-ad-dc
    - cov-analysis-linux64-*/bin/cov-build --dir cov-int make -j$(nproc)
    - tar czf cov-int.tar.gz cov-int
    - curl
      --form token=$COVERITY_SCAN_TOKEN
      --form email=$COVERITY_SCAN_EMAIL
      --form file=@cov-int.tar.gz
      --form version="`git describe --tags`"
      --form description="CI build"
      https://scan.coverity.com/builds?project=$COVERITY_SCAN_PROJECT_NAME
  only:
    refs:
      - master
      - schedules
    variables:
      - $COVERITY_SCAN_TOKEN != null
      - $COVERITY_SCAN_PROJECT_NAME != null
      - $COVERITY_SCAN_EMAIL != null
  artifacts:
    expire_in: 1 week
    when: on_failure
    paths:
      - cov-int/*.txt

#
# We build samba-o3 on all supported distributions
#

.samba-o3-template:
  extends: .shared_template
  variables:
    AUTOBUILD_JOB_NAME: samba-o3
  only:
    variables:
      # do not run o3 for coverage since they are using different images
      - $SAMBA_CI_AUTOBUILD_ENABLE_COVERAGE == ""

ubuntu1804-samba-o3:
  extends: .samba-o3-template
  image: $SAMBA_CI_CONTAINER_IMAGE_ubuntu1804

ubuntu2004-samba-o3:
  extends: .samba-o3-template
  image: $SAMBA_CI_CONTAINER_IMAGE_ubuntu2004

debian10-samba-o3:
  extends: .samba-o3-template
  image: $SAMBA_CI_CONTAINER_IMAGE_debian10

opensuse150-samba-o3:
  extends: .samba-o3-template
  image: $SAMBA_CI_CONTAINER_IMAGE_opensuse150

opensuse151-samba-o3:
  extends: .samba-o3-template
  image: $SAMBA_CI_CONTAINER_IMAGE_opensuse151

centos7-samba-o3:
  extends: .samba-o3-template
  image: $SAMBA_CI_CONTAINER_IMAGE_centos7
  variables:
    # Git on CentOS doesn't support shallow git cloning
    GIT_DEPTH: ""
    # We need a newer GnuTLS version on CentOS7
    PKG_CONFIG_PATH: "/usr/lib64/compat-gnutls34/pkgconfig:/usr/lib64/compat-nettle32/pkgconfig"

centos8-samba-o3:
  extends: .samba-o3-template
  image: $SAMBA_CI_CONTAINER_IMAGE_centos8

fedora31-samba-o3:
  extends: .samba-o3-template
  image: $SAMBA_CI_CONTAINER_IMAGE_fedora31

fedora32-samba-o3:
  extends: .samba-o3-template
  image: $SAMBA_CI_CONTAINER_IMAGE_fedora32

#
# Keep the samba-o3 sections at the end ...
#