dfb7f3275d
- A flagfile requires manual management with touch and rm, replace it
with an environment variable that can be set more conveniently.
- Removing tools/tests/opgpcard.rs is not necessary, the file it links
to is always generated in build.rs, either with subplot tests or
without. But it is always there, so cargo test does not fail for
that reason.
301 lines
9.2 KiB
YAML
301 lines
9.2 KiB
YAML
# SPDX-FileCopyrightText: 2021-2022 Heiko Schaefer <heiko@schaefer.name>
|
|
# SPDX-FileCopyrightText: 2021-2022 Nora Widdecke <mail@nora.pink>
|
|
# SPDX-License-Identifier: CC0-1.0
|
|
|
|
stages:
|
|
- lint
|
|
- test
|
|
- virtual-test
|
|
- hw-builddeps
|
|
- hw-import
|
|
- hw-keygen
|
|
|
|
variables:
|
|
CARGO_HOME: cargo/
|
|
CARGO_TERM_VERBOSE: 'true'
|
|
|
|
cache: &general_cache_config
|
|
# default key is default
|
|
# default policy is pull-push
|
|
paths:
|
|
- target/
|
|
- $CARGO_HOME
|
|
|
|
.report-rust: &report-rust
|
|
- cargo --version
|
|
- rustc --version
|
|
|
|
reuse:
|
|
stage: lint
|
|
image:
|
|
name: fsfe/reuse:latest
|
|
entrypoint: [ "" ]
|
|
script:
|
|
- reuse lint
|
|
dependencies: [ ]
|
|
cache: [ ]
|
|
|
|
cargo-fmt:
|
|
stage: lint
|
|
image: rust:latest
|
|
before_script:
|
|
- rustup component add rustfmt
|
|
- *report-rust
|
|
script:
|
|
- cargo fmt -- --check
|
|
cache: [ ]
|
|
|
|
cargo-deny:
|
|
stage: lint
|
|
image: rust:latest
|
|
before_script:
|
|
# The cargo deny binary is cached, so installing it errors if it was
|
|
# restored from cache. Ignore that error.
|
|
# Clear the cache to force a rebuild.
|
|
- cargo install --locked cargo-deny || true
|
|
- *report-rust
|
|
script:
|
|
- cargo deny check
|
|
cache:
|
|
paths:
|
|
- cargo/bin/cargo-deny
|
|
key: "deny"
|
|
|
|
cargo-clippy:
|
|
stage: lint
|
|
image: rust:latest
|
|
before_script:
|
|
- mkdir -p /run/user/$UID
|
|
- apt update -y -qq
|
|
- apt install -y -qq --no-install-recommends git clang make pkg-config nettle-dev libssl-dev capnproto ca-certificates libpcsclite-dev
|
|
- apt clean
|
|
- *report-rust
|
|
script:
|
|
- rustup component add clippy
|
|
- cargo clippy --verbose --tests -- -D warnings
|
|
cache:
|
|
# inherit all general cache settings
|
|
<<: *general_cache_config
|
|
# override the key
|
|
key: "rust-latest"
|
|
|
|
udeps:
|
|
stage: lint
|
|
image: rustlang/rust:nightly-slim
|
|
before_script:
|
|
- mkdir -p /run/user/$UID
|
|
- apt update -y -qq
|
|
- apt install -y -qq --no-install-recommends curl git clang make pkg-config nettle-dev libssl-dev capnproto ca-certificates libpcsclite-dev
|
|
- apt clean
|
|
- curl --location --output /tmp/cargo-udeps.tar.gz https://github.com/est31/cargo-udeps/releases/download/v0.1.33/cargo-udeps-v0.1.33-x86_64-unknown-linux-gnu.tar.gz
|
|
- tar --extract --verbose --gzip --file /tmp/cargo-udeps.tar.gz --directory /usr/local/bin/ --strip-components=2 ./cargo-udeps-v0.1.33-x86_64-unknown-linux-gnu/cargo-udeps
|
|
script:
|
|
- cargo udeps --workspace --all-features --all-targets
|
|
cache: [ ]
|
|
|
|
cargo-test:
|
|
stage: test
|
|
image: rust:latest
|
|
before_script:
|
|
- mkdir -p /run/user/$UID
|
|
- apt update -y -qq
|
|
- apt install -y -qq --no-install-recommends git clang make pkg-config nettle-dev libssl-dev capnproto ca-certificates libpcsclite-dev
|
|
- apt clean
|
|
- *report-rust
|
|
script:
|
|
# there is no virtual card in this image, so subplot does not generate tests
|
|
# that would require one.
|
|
- cargo test
|
|
cache:
|
|
# inherit all general cache settings
|
|
<<: *general_cache_config
|
|
# override the key
|
|
key: "rust-latest"
|
|
|
|
cargo-test-debian-bookworm:
|
|
stage: test
|
|
image: debian:bookworm-slim
|
|
before_script:
|
|
- mkdir -p /run/user/$UID
|
|
- apt update -y -qq
|
|
- apt install -y -qq --no-install-recommends git rustc cargo clang make pkg-config nettle-dev libssl-dev capnproto ca-certificates libpcsclite-dev
|
|
- apt clean
|
|
- *report-rust
|
|
script:
|
|
# there is no virtual card in this image, so subplot does not generate tests
|
|
# that would require one.
|
|
- cargo test
|
|
cache:
|
|
# inherit all general cache settings
|
|
<<: *general_cache_config
|
|
# override the key
|
|
key: "bookworm"
|
|
|
|
subplot:
|
|
stage: virtual-test
|
|
image: registry.gitlab.com/openpgp-card/virtual-cards/smartpgp-builddeps
|
|
before_script:
|
|
- mkdir -p /run/user/$UID
|
|
- apt update -y -qq
|
|
- apt install -y -qq --no-install-recommends git clang make pkg-config nettle-dev libssl-dev capnproto ca-certificates libpcsclite-dev
|
|
- apt clean
|
|
- /etc/init.d/pcscd start
|
|
- su - -c "sh /home/jcardsim/run-card.sh >/dev/null" jcardsim
|
|
- *report-rust
|
|
script:
|
|
# make sure a virtual card is available, so that the subplot tests are
|
|
# generated
|
|
- CARD_BASED_TESTS=true cargo test
|
|
cache:
|
|
# inherit all general cache settings
|
|
<<: *general_cache_config
|
|
# subplot uses tests/virtual-card-available to indicate that tests which use
|
|
# virtual cards should be created. The cache with this file should not be
|
|
# shared.
|
|
key: "subplot"
|
|
|
|
run_cardtest_smartpgp:
|
|
stage: virtual-test
|
|
image: registry.gitlab.com/openpgp-card/virtual-cards/smartpgp-builddeps
|
|
before_script:
|
|
- *report-rust
|
|
script:
|
|
- sh /start.sh
|
|
- RUST_BACKTRACE=1 cargo run -p openpgp-card-tools --bin opgpcard -- status
|
|
- RUST_BACKTRACE=1 cargo run -p openpgp-card-tools --bin opgpcard -- info
|
|
- RUST_BACKTRACE=1 cargo run -p openpgp-card-tests --bin import -- $CONFIG
|
|
- RUST_BACKTRACE=1 cargo run -p openpgp-card-tests --bin keygen -- $CONFIG
|
|
variables:
|
|
CONFIG: "card-functionality/ci/virt-smartpgp.toml"
|
|
cache:
|
|
# inherit all general cache settings
|
|
<<: *general_cache_config
|
|
# override the key
|
|
# (the base image of run_cardtest uses bookworm)
|
|
key: "bookworm"
|
|
|
|
run_cardtest_opcard_rs:
|
|
stage: virtual-test
|
|
image: registry.gitlab.com/openpgp-card/virtual-cards/opcard-rs-builddeps
|
|
before_script:
|
|
- *report-rust
|
|
script:
|
|
- sh /start.sh
|
|
- RUST_BACKTRACE=1 cargo run -p openpgp-card-tools --bin opgpcard -- status
|
|
- RUST_BACKTRACE=1 cargo run -p openpgp-card-tools --bin opgpcard -- info
|
|
- RUST_BACKTRACE=1 cargo run -p openpgp-card-tests --bin import -- $CONFIG
|
|
- RUST_BACKTRACE=1 cargo run -p openpgp-card-tests --bin keygen -- $CONFIG
|
|
variables:
|
|
CONFIG: "card-functionality/ci/virt-opcard-rs.toml"
|
|
cache:
|
|
# inherit all general cache settings
|
|
<<: *general_cache_config
|
|
# override the key
|
|
# (the base image of run_cardtest uses bookworm)
|
|
key: "bookworm"
|
|
|
|
run_cardtest_ykneo:
|
|
stage: virtual-test
|
|
image: registry.gitlab.com/openpgp-card/virtual-cards/ykneo-builddeps
|
|
before_script:
|
|
- *report-rust
|
|
script:
|
|
- sh /start.sh
|
|
- RUST_BACKTRACE=1 cargo run -p openpgp-card-tools --bin opgpcard -- status
|
|
- RUST_BACKTRACE=1 cargo run -p openpgp-card-tools --bin opgpcard -- info
|
|
- RUST_BACKTRACE=1 cargo run -p openpgp-card-tests --bin import -- $CONFIG
|
|
- RUST_BACKTRACE=1 cargo run -p openpgp-card-tests --bin keygen -- $CONFIG
|
|
variables:
|
|
CONFIG: "card-functionality/ci/virt-ykneo.toml"
|
|
cache:
|
|
# inherit all general cache settings
|
|
<<: *general_cache_config
|
|
# override the key
|
|
# (the base image of run_cardtest uses bookworm)
|
|
key: "bookworm"
|
|
|
|
run_cardtest_fluffypgp:
|
|
stage: virtual-test
|
|
image: registry.gitlab.com/openpgp-card/virtual-cards/fluffypgp-builddeps
|
|
before_script:
|
|
- *report-rust
|
|
script:
|
|
- sh /start.sh
|
|
- RUST_BACKTRACE=1 cargo run -p openpgp-card-tools --bin opgpcard -- status
|
|
- RUST_BACKTRACE=1 cargo run -p openpgp-card-tools --bin opgpcard -- info
|
|
- RUST_BACKTRACE=1 cargo run -p openpgp-card-tests --bin import -- $CONFIG
|
|
- RUST_BACKTRACE=1 cargo run -p openpgp-card-tests --bin keygen -- $CONFIG
|
|
variables:
|
|
CONFIG: "card-functionality/ci/virt-fluffypgp.toml"
|
|
cache:
|
|
# inherit all general cache settings
|
|
<<: *general_cache_config
|
|
# override the key
|
|
# (the base image of run_cardtest uses bookworm)
|
|
key: "bookworm"
|
|
|
|
hardware-builddeps:
|
|
stage: hw-builddeps
|
|
needs: [ ]
|
|
image: docker:stable
|
|
services:
|
|
- docker:dind
|
|
before_script:
|
|
- docker info
|
|
- docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
|
|
script:
|
|
- docker pull $IMAGE_LATEST || true
|
|
- docker build --cache-from $IMAGE_LATEST --file=$DOCKERFILE -t $IMAGE_LATEST -t $IMAGE_SHA .
|
|
- docker push $IMAGE_SHA
|
|
- docker push $IMAGE_LATEST
|
|
only:
|
|
variables:
|
|
# Forks of this project do not have access to cookiejar's hardware tokens
|
|
- $CI_PROJECT_NAMESPACE == "openpgp-card"
|
|
changes:
|
|
- card-functionality/docker/Dockerfile.hardware-builddeps
|
|
- .gitlab-ci.yml
|
|
variables:
|
|
IMAGE_LATEST: $CI_REGISTRY_IMAGE/hardware-builddeps:latest
|
|
IMAGE_SHA: $CI_REGISTRY_IMAGE/hardware-builddeps:$CI_COMMIT_SHA
|
|
DOCKERFILE: card-functionality/docker/Dockerfile.hardware-builddeps
|
|
cache: [ ]
|
|
|
|
.hw-test-template:
|
|
image: registry.gitlab.com/openpgp-card/openpgp-card/hardware-builddeps
|
|
only:
|
|
variables:
|
|
# Forks of this project do not have access to cookiejar's hardware tokens
|
|
- $CI_PROJECT_NAMESPACE == "openpgp-card"
|
|
tags:
|
|
- card
|
|
parallel:
|
|
matrix:
|
|
- CONFIG:
|
|
- "card-functionality/ci/basic-2_1.toml"
|
|
- "card-functionality/ci/nitro-pro1.toml"
|
|
- "card-functionality/ci/nitro-pro2.toml"
|
|
- "card-functionality/ci/nitro-start.toml"
|
|
before_script:
|
|
- *report-rust
|
|
script:
|
|
- RUST_BACKTRACE=1 RUST_LOG=debug cargo run --bin $ARG -- $CONFIG
|
|
cache:
|
|
# inherit all general cache settings
|
|
<<: *general_cache_config
|
|
# cookiejar does not access the cache of the shared gitlab runners,
|
|
# so use a different key for clarity
|
|
key: "cookiejar"
|
|
|
|
import:
|
|
extends: .hw-test-template
|
|
stage: hw-import
|
|
variables:
|
|
ARG: import
|
|
|
|
keygen:
|
|
extends: .hw-test-template
|
|
stage: hw-keygen
|
|
timeout: 2h
|
|
variables:
|
|
ARG: keygen
|