# SPDX-FileCopyrightText: 2021-2023 Heiko Schaefer # SPDX-FileCopyrightText: 2021-2022 Nora Widdecke # SPDX-License-Identifier: CC0-1.0 stages: - lint - test - virtual-test - hw-builddeps - hw-import - hw-keygen variables: CARGO_HOME: cargo/ CARGO_TERM_VERBOSE: 'true' cache: &general_cache_config # default key is default # default policy is pull-push paths: - target/ - $CARGO_HOME .report-rust: &report-rust - cargo --version - rustc --version reuse: stage: lint image: name: fsfe/reuse:latest entrypoint: [ "" ] script: - reuse lint dependencies: [ ] cache: [ ] cargo-fmt: stage: lint image: rust:latest before_script: - export CARGO_HOME="/usr/local/cargo" # HACK: set back to its default - rustup toolchain install nightly && rustup component add --toolchain nightly rustfmt - *report-rust script: - cargo +nightly fmt -- --check cache: [ ] cargo-deny: stage: lint image: rust:latest before_script: # The cargo deny binary is cached, so installing it errors if it was # restored from cache. Ignore that error. # Clear the cache to force a rebuild. - cargo install --locked cargo-deny || true - *report-rust script: - cargo deny check cache: paths: - cargo/bin/cargo-deny key: "deny" cargo-clippy: stage: lint image: rust:latest before_script: - mkdir -p /run/user/$UID - apt update -y -qq - apt install -y -qq --no-install-recommends git clang make pkg-config nettle-dev libssl-dev capnproto ca-certificates libpcsclite-dev - apt clean - *report-rust script: - rustup component add clippy - cargo clippy --verbose --tests -- -D warnings cache: # inherit all general cache settings <<: *general_cache_config # override the key key: "rust-latest" udeps: stage: lint image: rustlang/rust:nightly-slim before_script: - mkdir -p /run/user/$UID - apt update -y -qq - apt install -y -qq --no-install-recommends curl git clang make pkg-config nettle-dev libssl-dev capnproto ca-certificates libpcsclite-dev - apt clean - cargo install cargo-udeps script: - cargo udeps --workspace --all-features --all-targets cache: [ ] cargo-test: stage: test image: rust:latest before_script: - mkdir -p /run/user/$UID - apt update -y -qq - apt install -y -qq --no-install-recommends git clang make pkg-config nettle-dev libssl-dev capnproto ca-certificates libpcsclite-dev - apt clean - *report-rust script: # there is no virtual card in this image, so subplot does not generate tests # that would require one. - cargo test cache: # inherit all general cache settings <<: *general_cache_config # override the key key: "rust-latest" cargo-test-debian-bookworm: stage: test image: debian:bookworm-slim before_script: - mkdir -p /run/user/$UID - apt update -y -qq - apt install -y -qq --no-install-recommends git rustc cargo clang make pkg-config nettle-dev libssl-dev capnproto ca-certificates libpcsclite-dev - apt clean - *report-rust script: # there is no virtual card in this image, so subplot does not generate tests # that would require one. - cargo test cache: # inherit all general cache settings <<: *general_cache_config # override the key key: "bookworm" run_cardtest_smartpgp: stage: virtual-test image: registry.gitlab.com/openpgp-card/virtual-cards/smartpgp-builddeps before_script: - *report-rust script: - sh /start.sh # - RUST_BACKTRACE=1 cargo run -p openpgp-card-tools --bin opgpcard -- status # - RUST_BACKTRACE=1 cargo run -p openpgp-card-tools --bin opgpcard -- info - RUST_BACKTRACE=1 cargo run -p openpgp-card-tests --bin import -- $CONFIG - RUST_BACKTRACE=1 cargo run -p openpgp-card-tests --bin keygen -- $CONFIG variables: CONFIG: "card-functionality/ci/virt-smartpgp.toml" cache: # inherit all general cache settings <<: *general_cache_config # override the key # (the base image of run_cardtest uses bookworm) key: "bookworm" run_cardtest_opcard_rs: stage: virtual-test image: registry.gitlab.com/openpgp-card/virtual-cards/opcard-rs-builddeps before_script: - *report-rust script: - sh /start.sh # - RUST_BACKTRACE=1 cargo run -p openpgp-card-tools --bin opgpcard -- status # - RUST_BACKTRACE=1 cargo run -p openpgp-card-tools --bin opgpcard -- info - RUST_BACKTRACE=1 cargo run -p openpgp-card-tests --bin import -- $CONFIG - RUST_BACKTRACE=1 cargo run -p openpgp-card-tests --bin keygen -- $CONFIG variables: CONFIG: "card-functionality/ci/virt-opcard-rs.toml" cache: # inherit all general cache settings <<: *general_cache_config # override the key # (the base image of run_cardtest uses bookworm) key: "bookworm" run_cardtest_ykneo: stage: virtual-test image: registry.gitlab.com/openpgp-card/virtual-cards/ykneo-builddeps before_script: - *report-rust script: - sh /start.sh # - RUST_BACKTRACE=1 cargo run -p openpgp-card-tools --bin opgpcard -- status # - RUST_BACKTRACE=1 cargo run -p openpgp-card-tools --bin opgpcard -- info - RUST_BACKTRACE=1 cargo run -p openpgp-card-tests --bin import -- $CONFIG - RUST_BACKTRACE=1 cargo run -p openpgp-card-tests --bin keygen -- $CONFIG variables: CONFIG: "card-functionality/ci/virt-ykneo.toml" cache: # inherit all general cache settings <<: *general_cache_config # override the key # (the base image of run_cardtest uses bookworm) key: "bookworm" run_cardtest_fluffypgp: stage: virtual-test image: registry.gitlab.com/openpgp-card/virtual-cards/fluffypgp-builddeps before_script: - *report-rust script: - sh /start.sh # - RUST_BACKTRACE=1 cargo run -p openpgp-card-tools --bin opgpcard -- status # - RUST_BACKTRACE=1 cargo run -p openpgp-card-tools --bin opgpcard -- info - RUST_BACKTRACE=1 cargo run -p openpgp-card-tests --bin import -- $CONFIG - RUST_BACKTRACE=1 cargo run -p openpgp-card-tests --bin keygen -- $CONFIG variables: CONFIG: "card-functionality/ci/virt-fluffypgp.toml" cache: # inherit all general cache settings <<: *general_cache_config # override the key # (the base image of run_cardtest uses bookworm) key: "bookworm" hardware-builddeps: stage: hw-builddeps needs: [ ] image: docker:stable services: - docker:dind before_script: - docker info - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY script: - docker pull $IMAGE_LATEST || true - docker build --cache-from $IMAGE_LATEST --file=$DOCKERFILE -t $IMAGE_LATEST -t $IMAGE_SHA . - docker push $IMAGE_SHA - docker push $IMAGE_LATEST only: variables: # Forks of this project do not have access to cookiejar's hardware tokens - $CI_PROJECT_NAMESPACE == "openpgp-card" changes: - card-functionality/docker/Dockerfile.hardware-builddeps - .gitlab-ci.yml variables: IMAGE_LATEST: $CI_REGISTRY_IMAGE/hardware-builddeps:latest IMAGE_SHA: $CI_REGISTRY_IMAGE/hardware-builddeps:$CI_COMMIT_SHA DOCKERFILE: card-functionality/docker/Dockerfile.hardware-builddeps cache: [ ] .hw-test-template: image: registry.gitlab.com/openpgp-card/openpgp-card/hardware-builddeps only: variables: # Forks of this project do not have access to cookiejar's hardware tokens - $CI_PROJECT_NAMESPACE == "openpgp-card" tags: - card parallel: matrix: - CONFIG: - "card-functionality/ci/basic-2_1.toml" - "card-functionality/ci/nitro-pro1.toml" - "card-functionality/ci/nitro-pro2.toml" - "card-functionality/ci/nitro-start.toml" before_script: - *report-rust script: - RUST_BACKTRACE=1 RUST_LOG=debug cargo run --bin $ARG -- $CONFIG cache: # inherit all general cache settings <<: *general_cache_config # cookiejar does not access the cache of the shared gitlab runners, # so use a different key for clarity key: "cookiejar" import: extends: .hw-test-template stage: hw-import variables: ARG: import keygen: extends: .hw-test-template stage: hw-keygen timeout: 2h variables: ARG: keygen