variables:
# Not normally needed, but may be if some script uses `apt-get install`.
DEBIAN_FRONTEND: noninteractive
# Locale settings do not affect the build, but might affect tests.
LC_ALL: C
CI_REGISTRY_IMAGE: registry.gitlab.isc.org/isc-projects/images/bind9
CCACHE_DIR: "/ccache"
SOFTHSM2_CONF: "/var/tmp/softhsm2/softhsm2.conf"
# VirtualBox driver needs to set build_dir to "/builds" in gitlab-runner.toml
KYUA_RESULT: "$CI_PROJECT_DIR/kyua.results"
GIT_DEPTH: 1
BUILD_PARALLEL_JOBS: 6
TEST_PARALLEL_JOBS: 6
CONFIGURE: ./configure
CLANG: clang-10
SCAN_BUILD: scan-build-10
SYMBOLIZER: /usr/lib/llvm-10/bin/llvm-symbolizer
ASAN_SYMBOLIZER_PATH: /usr/lib/llvm-10/bin/llvm-symbolizer
CLANG_FORMAT: clang-format-10
CFLAGS_COMMON: -fno-omit-frame-pointer -fno-optimize-sibling-calls -O1 -g -Wall -Wextra
# Pass run-time flags to AddressSanitizer to get core dumps on error.
ASAN_OPTIONS_COMMON: abort_on_error=1:disable_coredump=0:unmap_shadow_on_exit=1
TSAN_OPTIONS_COMMON: "second_deadlock_stack=1 history_size=7 log_exe_name=true log_path=tsan external_symbolizer_path=$SYMBOLIZER"
TARBALL_COMPRESSOR: gzip
TARBALL_EXTENSION: gz
stages:
- precheck
- build
- unit
- system
- docs
- push
- postcheck
- release
### Runner Tag Templates
# Note: BSD runners extract the operating system version to use from job name
.freebsd-amd64: &freebsd_amd64
tags:
- libvirt
- amd64
.linux-amd64: &linux_amd64
tags:
- linux
- amd64
.linux-arm64: &linux_arm64
tags:
- linux
- arm64
.linux-i386: &linux_i386
tags:
- linux
- i386
.openbsd-amd64: &openbsd_amd64
tags:
- libvirt
- amd64
### Docker Image Templates
# Alpine Linux
.alpine-3.11-amd64: &alpine_3_11_amd64_image
image: "$CI_REGISTRY_IMAGE:alpine-3.11-amd64"
<<: *linux_amd64
# CentOS
.centos-centos6-amd64: ¢os_centos6_amd64_image
image: "$CI_REGISTRY_IMAGE:centos-centos6-amd64"
<<: *linux_amd64
.centos-centos7-amd64: ¢os_centos7_amd64_image
image: "$CI_REGISTRY_IMAGE:centos-centos7-amd64"
<<: *linux_amd64
.centos-centos8-amd64: ¢os_centos8_amd64_image
image: "$CI_REGISTRY_IMAGE:centos-centos8-amd64"
<<: *linux_amd64
# Debian
.debian-stretch-amd64: &debian_stretch_amd64_image
image: "$CI_REGISTRY_IMAGE:debian-stretch-amd64"
<<: *linux_amd64
.debian-buster-amd64: &debian_buster_amd64_image
image: "$CI_REGISTRY_IMAGE:debian-buster-amd64"
<<: *linux_amd64
.debian-sid-amd64: &debian_sid_amd64_image
image: "$CI_REGISTRY_IMAGE:debian-sid-amd64"
<<: *linux_amd64
.debian-sid-arm64: &debian_sid_arm64_image
image: "$CI_REGISTRY_IMAGE:debian-sid-arm64"
<<: *linux_arm64
.debian-sid-i386: &debian_sid_i386_image
image: "$CI_REGISTRY_IMAGE:debian-sid-i386"
<<: *linux_i386
# openSUSE Tumbleweed
.tumbleweed-latest-amd64: &tumbleweed_latest_amd64_image
image: "$CI_REGISTRY_IMAGE:tumbleweed-latest-amd64"
<<: *linux_amd64
# Fedora
.fedora-31-amd64: &fedora_31_amd64_image
image: "$CI_REGISTRY_IMAGE:fedora-31-amd64"
<<: *linux_amd64
# Ubuntu
.ubuntu-xenial-amd64: &ubuntu_xenial_amd64_image
image: "$CI_REGISTRY_IMAGE:ubuntu-xenial-amd64"
<<: *linux_amd64
.ubuntu-bionic-amd64: &ubuntu_bionic_amd64_image
image: "$CI_REGISTRY_IMAGE:ubuntu-bionic-amd64"
<<: *linux_amd64
# Base image
# This is a meta image that is used as a base for non-specific jobs
.base: &base_image
<<: *debian_buster_amd64_image
### Job Templates
.default-triggering-rules: &default_triggering_rules
only:
- merge_requests
- tags
- web
- schedules
.release-branch-triggering-rules: &release_branch_triggering_rules
only:
- merge_requests
- tags
- web
- schedules
- master@isc-projects/bind9
- /^v9_[1-9][0-9]$/@isc-projects/bind9
.precheck: &precheck_job
<<: *default_triggering_rules
<<: *base_image
stage: precheck
.autoconf: &autoconf_job
<<: *release_branch_triggering_rules
<<: *base_image
stage: precheck
script:
- autoreconf -fi
artifacts:
untracked: true
expire_in: "1 day"
.configure: &configure |
${CONFIGURE} \
--enable-developer \
--with-randomdev=/dev/urandom \
--with-libtool \
--with-geoip2=auto \
--disable-static \
--with-cmocka \
--with-libxml2 \
--with-libjson \
--prefix=$HOME/.local \
--without-make-clean \
$EXTRA_CONFIGURE \
|| cat config.log
.build: &build_job
<<: *default_triggering_rules
stage: build
before_script:
- test -w "${CCACHE_DIR}" && export PATH="/usr/lib/ccache:${PATH}"
- test -n "${OOT_BUILD_WORKSPACE}" && mkdir "${OOT_BUILD_WORKSPACE}" && cd "${OOT_BUILD_WORKSPACE}"
script:
- *configure
- make depend | grep "error:" && exit 1
- make -j${BUILD_PARALLEL_JOBS:-1} -k all V=1
- test -z "${RUN_MAKE_INSTALL}" || make install
- test -z "${RUN_MAKE_INSTALL}" || sh util/check-make-install
needs:
- job: autoreconf
artifacts: true
artifacts:
untracked: true
expire_in: "1 day"
.windows_build: &windows_build_job
stage: build
tags:
- windows
- amd64
script:
- 'Push-Location "C:/Program Files (x86)/Microsoft Visual Studio/2017/BuildTools/VC/Auxiliary/Build"'
- '& cmd.exe /C "vcvarsall.bat x64 & set" | Foreach-Object { if ($_ -match "(.*?)=(.*)") { Set-Item -force -path "Env:\$($matches[1])" -value "$($matches[2])" } }'
- 'Pop-Location'
- 'Set-Location win32utils'
- '& "C:/Strawberry/perl/bin/perl.exe" Configure
"with-tools-version=15.0"
"with-platform-toolset=v141"
"with-platform-version=10.0.17763.0"
"with-vcredist=C:/Program Files (x86)/Microsoft Visual Studio/2017/BuildTools/VC/Redist/MSVC/14.16.27012/vcredist_x64.exe"
"with-openssl=C:/OpenSSL"
"with-libxml2=C:/libxml2"
"without-python"
"with-system-tests"
x64'
- 'Set-Item -path "Env:CL" -value "/MP$([Math]::Truncate($BUILD_PARALLEL_JOBS/2))"'
- '& msbuild.exe /maxCpuCount:2 /t:Build /p:Configuration=$VSCONF bind9.sln'
needs: []
artifacts:
untracked: true
expire_in: "1 day"
.setup_interfaces: &setup_interfaces |
if [ "$(id -u)" -eq "0" ]; then
sh -x bin/tests/system/ifconfig.sh up;
else
sudo sh -x bin/tests/system/ifconfig.sh up;
fi
.setup_softhsm: &setup_softhsm |
export SLOT=$(sh -x bin/tests/prepare-softhsm2.sh)
test -n "${SLOT}" && test "${SLOT}" -gt 0
.system_test_common: &system_test_common
<<: *default_triggering_rules
stage: system
before_script:
- *setup_interfaces
- *setup_softhsm
script:
- ( cd bin/tests/system && make -j${TEST_PARALLEL_JOBS:-1} -k test V=1 )
- test -s bin/tests/system/systests.output
.system_test: &system_test_job
<<: *system_test_common
artifacts:
untracked: true
expire_in: "1 day"
when: on_failure
.system_test_tsan: &system_test_tsan_job
<<: *system_test_common
allow_failure: true
after_script:
- find bin -name 'tsan.*' -exec python3 util/parse_tsan.py {} \;
artifacts:
expire_in: "1 day"
paths:
- bin/tests/system/*/tsan.*
- bin/tests/system/*/*/tsan.*
- tsan/
when: on_failure
.kyua_report: &kyua_report_html |
kyua --logfile /dev/null report-html \
--force \
--results-file "$KYUA_RESULT" \
--results-filter "" \
--output kyua_html
.windows_system_test: &windows_system_test_job
stage: system
tags:
- windows
- amd64
script:
- 'Push-Location bin/tests/system'
- '$ifIndex = Get-NetIPInterface -AddressFamily IPv4 -InterfaceMetric 75 | Select-Object -ExpandProperty ifIndex'
- '& C:/tools/cygwin/bin/sed.exe -i "s/^exit.*/netsh interface ipv4 set dnsservers $ifIndex dhcp/; s/\(name\|interface\)=Loopback/$ifIndex/;" ifconfig.bat'
- '& C:/tools/cygwin/bin/sed.exe -i "s/kill -f/kill -W/;" conf.sh stop.pl'
- '& cmd.exe /C ifconfig.bat up; ""'
- 'Start-Sleep 2'
- '$Env:Path = "C:/tools/cygwin/bin;$Env:Path"'
- '& sh.exe runall.sh $TEST_PARALLEL_JOBS'
- 'If (Test-Path C:/CrashDumps/*) { dir C:/CrashDumps; Throw }'
artifacts:
untracked: true
expire_in: "1 day"
when: on_failure
only:
- schedules
- tags
- web
.unit_test_common: &unit_test_common
<<: *default_triggering_rules
stage: unit
before_script:
- *setup_softhsm
script:
- make unit
after_script:
- *kyua_report_html
.unit_test: &unit_test_job
<<: *unit_test_common
artifacts:
untracked: true
expire_in: "1 day"
when: on_failure
.unit_test_tsan: &unit_test_tsan_job
<<: *unit_test_common
allow_failure: true
after_script:
- *kyua_report_html
- find lib -name 'tsan.*' -exec python3 util/parse_tsan.py {} \;
artifacts:
expire_in: "1 day"
paths:
- lib/*/tests/tsan.*
- tsan/
- kyua.log
- kyua.results
- kyua_html/
when: on_failure
.cppcheck_args: &run_cppcheck |
cppcheck --enable=warning,performance,portability,information,missingInclude --include=config.h --std=c11 --language=c --project=compile_commands.json --error-exitcode=2 -j ${TEST_PARALLEL_JOBS:-1} --xml --output-file=cppcheck.results --relative-paths="$CI_PROJECT_DIR" --inline-suppr --suppressions-list=util/suppressions.txt
.cppcheck_report: &cppcheck_report_html |
cppcheck-htmlreport --title="BIND 9 ($CI_COMMIT_SHORT_SHA) Cppcheck Report" --file=cppcheck.results --report-dir=cppcheck_html/
.cppcheck: &cppcheck_job
<<: *default_triggering_rules
stage: postcheck
script:
# Workaround for cppcheck 2.0 uninitvar false positives triggered by (&var)->field syntax
# (see: https://sourceforge.net/p/cppcheck/discussion/general/thread/122153e3c1/)
- sed -i '/^#define ISC__BUFFER.*\\$/{s|_b|__b|;N;s|do {|\0 isc_buffer_t *_b = (isc_buffer_t *)__b;|}; /^#define ISC__BUFFER.*REGION.*\\$/{s|_r|__r|;N;s|do {|\0 isc_region_t *_r = (isc_region_t *)__r;|; /USEDREGION/{s|isc_buffer_t|const \0|g}}' lib/isc/include/isc/buffer.h
- *configure
- (make -nwk all || true) | compiledb
- export GCC_VERSION=$(gcc --version | sed -n 's/.* \([0-9]\+\)\.[0-9]\+\.[0-9]\+.*/\1/p')
- sed -i "/gcc\",/a\"-DCPPCHECK\", \"-D__STDC__\", \"-D__GNUC__=${GCC_VERSION}\"," compile_commands.json
- *run_cppcheck
after_script:
- *cppcheck_report_html
artifacts:
paths:
- compile_commands.json
- cppcheck.results
- cppcheck_html/
expire_in: "1 day"
when: on_failure
needs:
- job: autoreconf
artifacts: true
### Job Definitions
# Jobs in the precheck stage
autoreconf:
<<: *autoconf_job
misc:
<<: *precheck_job
script:
- sh util/check-ans-prereq.sh
- sh util/checklibs.sh > checklibs.out
- sh util/tabify-changes < CHANGES > CHANGES.tmp
- diff -urNap CHANGES CHANGES.tmp
- perl util/check-changes CHANGES
- test ! -f CHANGES.SE || sh util/tabify-changes < CHANGES.SE > CHANGES.tmp
- test ! -f CHANGES.SE || diff -urNap CHANGES.SE CHANGES.tmp
- test ! -f CHANGES.SE || perl util/check-changes master=0 CHANGES.SE
- rm CHANGES.tmp
- perl -w util/merge_copyrights
- diff -urNap util/copyrights util/newcopyrights
- rm util/newcopyrights
- perl -w util/update_copyrights < util/copyrights
- if test "$(git status --porcelain | grep -Ev '\?\?' | wc -l)" -gt "0"; then git status --short; exit 1; fi
- xmllint --noout --nonet `git ls-files '*.xml' '*.docbook'`
- xmllint --noout --nonet --html `git ls-files '*.html'`
- sh util/check-win32util-configure
- sh util/check-categories.sh
needs: []
artifacts:
paths:
- util/newcopyrights
- checklibs.out
expire_in: "1 day"
when: on_failure
clang-format:
<<: *precheck_job
needs: []
script:
- if [ -r .clang-format ]; then "${CLANG_FORMAT}" -i -style=file $(git ls-files '*.c' '*.h'); fi
- if test "$(git status --porcelain | grep -Ev '\?\?' | wc -l)" -gt "0"; then git status --short; exit 1; fi
coccinelle:
<<: *precheck_job
needs: []
script:
- util/check-cocci
- if test "$(git status --porcelain | grep -Ev '\?\?' | wc -l)" -gt "0"; then git status --short; exit 1; fi
danger:
<<: *precheck_job
needs: []
script:
- danger-python ci -f
only:
refs:
- merge_requests
variables:
- $DANGER_GITLAB_API_TOKEN
flake8:
<<: *default_triggering_rules
<<: *base_image
stage: postcheck
needs:
- job: autoreconf
artifacts: true
script:
- *configure
- flake8 --max-line-length=80 $(git ls-files '*.py' | grep -vE '(ans\.py|dangerfile\.py)')
only:
- merge_requests
pylint:
<<: *default_triggering_rules
<<: *base_image
stage: postcheck
needs:
- job: autoreconf
artifacts: true
before_script:
script:
- *configure
- PYTHONPATH="$PYTHONPATH:$CI_PROJECT_DIR/bin/python"
- pylint --rcfile $CI_PROJECT_DIR/.pylintrc $(git ls-files '*.py' | grep -vE '(ans\.py|dangerfile\.py|contrib/queryperf/)')
only:
- merge_requests
tarball-create:
stage: precheck
<<: *base_image
script:
- source version
- export BIND_DIRECTORY="bind-${MAJORVER}.${MINORVER}.${PATCHVER}${RELEASETYPE}${RELEASEVER}"
- git archive --prefix="${BIND_DIRECTORY}/" --output="${BIND_DIRECTORY}.tar" HEAD
- mkdir "${BIND_DIRECTORY}"
- echo "SRCID=$(git rev-list --max-count=1 HEAD | cut -b1-7)" > "${BIND_DIRECTORY}/srcid"
- tar --append --file="${BIND_DIRECTORY}.tar" "${BIND_DIRECTORY}/srcid"
- ${TARBALL_COMPRESSOR} "${BIND_DIRECTORY}.tar"
artifacts:
paths:
- bind-*.tar.${TARBALL_EXTENSION}
only:
- tags
# Jobs for doc builds on Debian Sid (amd64)
docs:
<<: *release_branch_triggering_rules
<<: *base_image
stage: docs
script:
- ./configure || cat config.log
- make -C doc/misc docbook
- make -C doc/arm Bv9ARM.html
needs:
- job: autoreconf
artifacts: true
artifacts:
paths:
- doc/arm/
expire_in: "1 month"
push:docs:
<<: *base_image
stage: push
needs:
- job: docs
artifacts: false
script:
- curl -X POST -F token=$GITLAB_PAGES_DOCS_TRIGGER_TOKEN -F ref=master $GITLAB_PAGES_DOCS_TRIGGER_URL
only:
- master@isc-projects/bind9
- /^v9_[1-9][0-9]$/@isc-projects/bind9
# Jobs for regular GCC builds on Alpine Linux 3.11 (amd64)
gcc:alpine3.11:amd64:
variables:
CC: gcc
CFLAGS: "${CFLAGS_COMMON}"
EXTRA_CONFIGURE: "--enable-dnstap"
<<: *alpine_3_11_amd64_image
<<: *build_job
system:gcc:alpine3.11:amd64:
<<: *alpine_3_11_amd64_image
<<: *system_test_job
needs:
- job: gcc:alpine3.11:amd64
artifacts: true
unit:gcc:alpine3.11:amd64:
<<: *alpine_3_11_amd64_image
<<: *unit_test_job
needs:
- job: gcc:alpine3.11:amd64
artifacts: true
# Jobs for regular GCC builds on CentOS 6 (amd64)
gcc:centos6:amd64:
variables:
CC: gcc
CFLAGS: "${CFLAGS_COMMON}"
EXTRA_CONFIGURE: "--with-libidn2 --disable-warn-error"
<<: *centos_centos6_amd64_image
<<: *build_job
system:gcc:centos6:amd64:
<<: *centos_centos6_amd64_image
<<: *system_test_job
needs:
- job: gcc:centos6:amd64
artifacts: true
unit:gcc:centos6:amd64:
<<: *centos_centos6_amd64_image
<<: *unit_test_job
needs:
- job: gcc:centos6:amd64
artifacts: true
# Jobs for regular GCC builds on CentOS 7 (amd64)
gcc:centos7:amd64:
variables:
CC: gcc
CFLAGS: "${CFLAGS_COMMON}"
EXTRA_CONFIGURE: "--enable-dnstap --with-libidn2"
<<: *centos_centos7_amd64_image
<<: *build_job
system:gcc:centos7:amd64:
<<: *centos_centos7_amd64_image
<<: *system_test_job
needs:
- job: gcc:centos7:amd64
artifacts: true
unit:gcc:centos7:amd64:
<<: *centos_centos7_amd64_image
<<: *unit_test_job
needs:
- job: gcc:centos7:amd64
artifacts: true
# Jobs for regular GCC builds on CentOS 8 (amd64)
gcc:centos8:amd64:
variables:
CC: gcc
CFLAGS: "${CFLAGS_COMMON}"
EXTRA_CONFIGURE: "--with-libidn2"
<<: *centos_centos8_amd64_image
<<: *build_job
system:gcc:centos8:amd64:
<<: *centos_centos8_amd64_image
<<: *system_test_job
needs:
- job: gcc:centos8:amd64
artifacts: true
unit:gcc:centos8:amd64:
<<: *centos_centos8_amd64_image
<<: *unit_test_job
needs:
- job: gcc:centos8:amd64
artifacts: true
# Jobs for regular GCC builds on Debian 9 Stretch (amd64)
gcc:stretch:amd64:
variables:
CC: gcc
CFLAGS: "${CFLAGS_COMMON} -O2"
<<: *debian_stretch_amd64_image
<<: *build_job
system:gcc:stretch:amd64:
<<: *debian_stretch_amd64_image
<<: *system_test_job
needs:
- job: gcc:stretch:amd64
artifacts: true
unit:gcc:stretch:amd64:
<<: *debian_stretch_amd64_image
<<: *unit_test_job
needs:
- job: gcc:stretch:amd64
artifacts: true
# Jobs for regular GCC builds on Debian 10 Buster (amd64)
gcc:buster:amd64:
variables:
CC: gcc
CFLAGS: "${CFLAGS_COMMON}"
<<: *debian_buster_amd64_image
<<: *build_job
system:gcc:buster:amd64:
<<: *debian_buster_amd64_image
<<: *system_test_job
needs:
- job: gcc:buster:amd64
artifacts: true
unit:gcc:buster:amd64:
<<: *debian_buster_amd64_image
<<: *unit_test_job
needs:
- job: gcc:buster:amd64
artifacts: true
# Jobs for scan-build builds on Debian Buster (amd64)
.scan_build: &scan_build |
${SCAN_BUILD} --html-title="BIND 9 ($CI_COMMIT_SHORT_SHA)" \
--keep-cc \
--status-bugs \
--keep-going \
-o scan-build.reports \
make -j${BUILD_PARALLEL_JOBS:-1} all V=1
scan-build:
<<: *default_triggering_rules
<<: *base_image
stage: postcheck
variables:
CC: "${CLANG}"
CFLAGS: "${CFLAGS_COMMON}"
CONFIGURE: "${SCAN_BUILD} ./configure"
EXTRA_CONFIGURE: "--enable-dnstap --with-libidn2"
script:
- *configure
- *scan_build
needs:
- job: autoreconf
artifacts: true
artifacts:
paths:
- scan-build.reports/
expire_in: "1 day"
when: on_failure
# Jobs for regular GCC builds on Debian Sid (amd64)
# Also tests configration option: --without-lmdb.
gcc:sid:amd64:
variables:
CC: gcc
CFLAGS: "${CFLAGS_COMMON} -O3"
EXTRA_CONFIGURE: "--enable-dnstap --with-libidn2 --without-lmdb"
RUN_MAKE_INSTALL: 1
<<: *debian_sid_amd64_image
<<: *build_job
system:gcc:sid:amd64:
<<: *debian_sid_amd64_image
<<: *system_test_job
needs:
- job: gcc:sid:amd64
artifacts: true
unit:gcc:sid:amd64:
<<: *debian_sid_amd64_image
<<: *unit_test_job
needs:
- job: gcc:sid:amd64
artifacts: true
cppcheck:
<<: *base_image
<<: *cppcheck_job
# Job for out-of-tree GCC build on Debian Sid (amd64)
# Also tests configration option: --with-lmdb.
gcc:out-of-tree:
variables:
CC: gcc
CFLAGS: "${CFLAGS_COMMON} -Og"
CONFIGURE: ../configure
EXTRA_CONFIGURE: "--enable-dnstap --with-libidn2 --with-lmdb"
RUN_MAKE_INSTALL: 1
OOT_BUILD_WORKSPACE: workspace
<<: *base_image
<<: *build_job
# Jobs for tarball GCC builds on Debian Sid (amd64)
gcc:tarball:
variables:
CC: gcc
EXTRA_CONFIGURE: "--enable-dnstap --with-libidn2"
RUN_MAKE_INSTALL: 1
<<: *base_image
<<: *build_job
before_script:
- tar --extract --file bind-*.tar.${TARBALL_EXTENSION}
- rm -f bind-*.tar.${TARBALL_EXTENSION}
- cd bind-*
needs:
- job: tarball-create
artifacts: true
only:
- tags
system:gcc:tarball:
<<: *base_image
<<: *system_test_job
before_script:
- cd bind-*
- *setup_interfaces
needs:
- job: gcc:tarball
artifacts: true
only:
- tags
unit:gcc:tarball:
<<: *base_image
<<: *unit_test_job
before_script:
- cd bind-*
needs:
- job: gcc:tarball
artifacts: true
only:
- tags
# Jobs for regular GCC builds on Debian Sid (arm64)
gcc:sid:arm64:
variables:
CC: gcc
CFLAGS: "${CFLAGS_COMMON} -Og"
EXTRA_CONFIGURE: "--with-libidn2"
<<: *debian_sid_arm64_image
<<: *build_job
system:gcc:sid:arm64:
<<: *debian_sid_arm64_image
<<: *system_test_job
needs:
- job: gcc:sid:arm64
artifacts: true
unit:gcc:sid:arm64:
<<: *debian_sid_arm64_image
<<: *unit_test_job
needs:
- job: gcc:sid:arm64
artifacts: true
# Jobs for regular GCC builds on Debian Sid (i386)
gcc:sid:i386:
variables:
CC: gcc
CFLAGS: "${CFLAGS_COMMON}"
EXTRA_CONFIGURE: "--with-libidn2 --without-python"
<<: *debian_sid_i386_image
<<: *build_job
system:gcc:sid:i386:
<<: *debian_sid_i386_image
<<: *system_test_job
needs:
- job: gcc:sid:i386
artifacts: true
unit:gcc:sid:i386:
<<: *debian_sid_i386_image
<<: *unit_test_job
needs:
- job: gcc:sid:i386
artifacts: true
# Jobs for regular GCC builds on openSUSE Tumbleweed (amd64)
gcc:tumbleweed:amd64:
variables:
CC: gcc
CFLAGS: "${CFLAGS_COMMON}"
EXTRA_CONFIGURE: "--with-libidn2"
<<: *tumbleweed_latest_amd64_image
<<: *build_job
system:gcc:tumbleweed:amd64:
<<: *tumbleweed_latest_amd64_image
<<: *system_test_job
needs:
- job: gcc:tumbleweed:amd64
artifacts: true
unit:gcc:tumbleweed:amd64:
<<: *tumbleweed_latest_amd64_image
<<: *unit_test_job
needs:
- job: gcc:tumbleweed:amd64
artifacts: true
# Jobs for regular GCC builds on Fedora 31 (amd64)
gcc:fedora31:amd64:
variables:
CC: gcc
CFLAGS: "${CFLAGS_COMMON} -O1"
EXTRA_CONFIGURE: "--with-libidn2"
<<: *fedora_31_amd64_image
<<: *build_job
system:gcc:fedora31:amd64:
<<: *fedora_31_amd64_image
<<: *system_test_job
needs:
- job: gcc:fedora31:amd64
artifacts: true
unit:gcc:fedora31:amd64:
<<: *fedora_31_amd64_image
<<: *unit_test_job
needs:
- job: gcc:fedora31:amd64
artifacts: true
# Jobs for regular GCC builds on Ubuntu 16.04 Xenial Xerus (amd64)
gcc:xenial:amd64:
variables:
CC: gcc
CFLAGS: "${CFLAGS_COMMON} -O2"
EXTRA_CONFIGURE: "--disable-geoip"
<<: *ubuntu_xenial_amd64_image
<<: *build_job
system:gcc:xenial:amd64:
<<: *ubuntu_xenial_amd64_image
<<: *system_test_job
needs:
- job: gcc:xenial:amd64
artifacts: true
unit:gcc:xenial:amd64:
<<: *ubuntu_xenial_amd64_image
<<: *unit_test_job
needs:
- job: gcc:xenial:amd64
artifacts: true
# Jobs for regular GCC builds on Ubuntu 18.04 Bionic Beaver (amd64)
gcc:bionic:amd64:
variables:
CC: gcc
CFLAGS: "${CFLAGS_COMMON} -Og"
EXTRA_CONFIGURE: "--with-libidn2"
<<: *ubuntu_bionic_amd64_image
<<: *build_job
system:gcc:bionic:amd64:
<<: *ubuntu_bionic_amd64_image
<<: *system_test_job
needs:
- job: gcc:bionic:amd64
artifacts: true
unit:gcc:bionic:amd64:
<<: *ubuntu_bionic_amd64_image
<<: *unit_test_job
needs:
- job: gcc:bionic:amd64
artifacts: true
# Jobs for builds with ASAN enabled
gcc:asan:
variables:
CC: gcc
CFLAGS: "${CFLAGS_COMMON} -fsanitize=address,undefined -DISC_MEM_USE_INTERNAL_MALLOC=0"
LDFLAGS: "-fsanitize=address,undefined"
EXTRA_CONFIGURE: "--with-libidn2"
<<: *base_image
<<: *build_job
system:gcc:asan:
variables:
ASAN_OPTIONS: ${ASAN_OPTIONS_COMMON}
<<: *base_image
<<: *system_test_job
needs:
- job: gcc:asan
artifacts: true
unit:gcc:asan:
variables:
ASAN_OPTIONS: ${ASAN_OPTIONS_COMMON}
<<: *base_image
<<: *unit_test_job
needs:
- job: gcc:asan
artifacts: true
clang:asan:
variables:
CC: ${CLANG}
CFLAGS: "${CFLAGS_COMMON} -fsanitize=address,undefined -DISC_MEM_USE_INTERNAL_MALLOC=0"
LDFLAGS: "-fsanitize=address,undefined"
EXTRA_CONFIGURE: "--with-libidn2"
<<: *base_image
<<: *build_job
system:clang:asan:
variables:
ASAN_OPTIONS: ${ASAN_OPTIONS_COMMON}
<<: *base_image
<<: *system_test_job
needs:
- job: clang:asan
artifacts: true
unit:clang:asan:
variables:
ASAN_OPTIONS: ${ASAN_OPTIONS_COMMON}
<<: *base_image
<<: *unit_test_job
needs:
- job: clang:asan
artifacts: true
# Jobs for builds with TSAN enabled
gcc:tsan:
<<: *base_image
<<: *build_job
variables:
CC: gcc
CFLAGS: "${CFLAGS_COMMON} -fsanitize=thread -DISC_MEM_USE_INTERNAL_MALLOC=0"
LDFLAGS: "-fsanitize=thread"
EXTRA_CONFIGURE: "--with-libidn2 --enable-pthread-rwlock"
system:gcc:tsan:
variables:
TSAN_OPTIONS: ${TSAN_OPTIONS_COMMON}
<<: *base_image
<<: *system_test_tsan_job
needs:
- job: gcc:tsan
artifacts: true
unit:gcc:tsan:
variables:
TSAN_OPTIONS: ${TSAN_OPTIONS_COMMON}
<<: *base_image
<<: *unit_test_tsan_job
needs:
- job: gcc:tsan
artifacts: true
clang:tsan:
<<: *base_image
<<: *build_job
variables:
CC: "${CLANG}"
CFLAGS: "${CFLAGS_COMMON} -fsanitize=thread -DISC_MEM_USE_INTERNAL_MALLOC=0"
LDFLAGS: "-fsanitize=thread"
EXTRA_CONFIGURE: "--with-libidn2 --enable-pthread-rwlock"
system:clang:tsan:
variables:
TSAN_OPTIONS: ${TSAN_OPTIONS_COMMON}
<<: *base_image
<<: *system_test_tsan_job
needs:
- job: clang:tsan
artifacts: true
unit:clang:tsan:
variables:
TSAN_OPTIONS: ${TSAN_OPTIONS_COMMON}
<<: *base_image
<<: *unit_test_tsan_job
needs:
- job: clang:tsan
artifacts: true
# Jobs for mutex-based atomics on Debian SID (amd64)
gcc:mutexatomics:
variables:
CC: gcc
CFLAGS: "${CFLAGS_COMMON} -DISC_MEM_USE_INTERNAL_MALLOC=0"
EXTRA_CONFIGURE: "--with-libidn2 --enable-mutex-atomics"
<<: *base_image
<<: *build_job
system:gcc:mutexatomics:
<<: *base_image
<<: *system_test_job
needs:
- job: gcc:mutexatomics
artifacts: true
unit:gcc:mutexatomics:
<<: *base_image
<<: *unit_test_job
needs:
- job: gcc:mutexatomics
artifacts: true
# Jobs for Clang builds on Debian Buster (amd64)
clang:buster:amd64:
variables:
CC: ${CLANG}
CFLAGS: "${CFLAGS_COMMON} -Wenum-conversion"
EXTRA_CONFIGURE: "--with-python=python3"
<<: *debian_buster_amd64_image
<<: *build_job
system:clang:buster:amd64:
<<: *debian_buster_amd64_image
<<: *system_test_job
needs:
- job: clang:buster:amd64
artifacts: true
unit:clang:buster:amd64:
<<: *debian_buster_amd64_image
<<: *unit_test_job
needs:
- job: clang:buster:amd64
artifacts: true
# Jobs for PKCS#11-enabled GCC builds on Debian Sid (amd64)
gcc:pkcs11:
variables:
CC: gcc
CFLAGS: "${CFLAGS_COMMON}"
EXTRA_CONFIGURE: "--enable-native-pkcs11 --with-pkcs11=/usr/lib/softhsm/libsofthsm2.so"
<<: *base_image
<<: *build_job
system:gcc:pkcs11:
<<: *base_image
<<: *system_test_job
needs:
- job: gcc:pkcs11
artifacts: true
unit:gcc:pkcs11:
<<: *base_image
<<: *unit_test_job
needs:
- job: gcc:pkcs11
artifacts: true
# Jobs for Clang builds on FreeBSD 11.3 (amd64)
clang:freebsd11.3:amd64:
variables:
CFLAGS: "${CFLAGS_COMMON}"
USER: gitlab-runner
<<: *freebsd_amd64
<<: *build_job
system:clang:freebsd11.3:amd64:
<<: *freebsd_amd64
<<: *system_test_job
variables:
USER: gitlab-runner
TEST_PARALLEL_JOBS: 4
needs:
- job: clang:freebsd11.3:amd64
artifacts: true
unit:clang:freebsd11.3:amd64:
<<: *freebsd_amd64
<<: *unit_test_job
needs:
- job: clang:freebsd11.3:amd64
artifacts: true
# Jobs for Clang builds on FreeBSD 12.1 (amd64)
clang:freebsd12.1:amd64:
variables:
CFLAGS: "${CFLAGS_COMMON}"
EXTRA_CONFIGURE: "--enable-dnstap"
USER: gitlab-runner
<<: *freebsd_amd64
<<: *build_job
system:clang:freebsd12.1:amd64:
<<: *freebsd_amd64
<<: *system_test_job
variables:
USER: gitlab-runner
TEST_PARALLEL_JOBS: 4
needs:
- job: clang:freebsd12.1:amd64
artifacts: true
unit:clang:freebsd12.1:amd64:
<<: *freebsd_amd64
<<: *unit_test_job
needs:
- job: clang:freebsd12.1:amd64
artifacts: true
# Jobs for Clang builds on OpenBSD 6.6 (amd64)
clang:openbsd6.6:amd64:
variables:
CC: clang
USER: gitlab-runner
<<: *openbsd_amd64
<<: *build_job
system:clang:openbsd6.6:amd64:
<<: *openbsd_amd64
<<: *system_test_job
variables:
USER: gitlab-runner
needs:
- job: clang:openbsd6.6:amd64
artifacts: true
only:
- schedules
- web
# Jobs with libtool disabled
nolibtool:sid:amd64:
variables:
CC: gcc
CFLAGS: "${CFLAGS_COMMON}"
EXTRA_CONFIGURE: "--with-libidn2 --without-libtool --with-dlopen"
<<: *debian_sid_amd64_image
<<: *build_job
system:nolibtool:sid:amd64:
<<: *debian_sid_amd64_image
<<: *system_test_job
needs:
- job: nolibtool:sid:amd64
artifacts: true
unit:nolibtool:sid:amd64:
<<: *debian_sid_amd64_image
<<: *unit_test_job
needs:
- job: nolibtool:sid:amd64
artifacts: true
# Jobs for Visual Studio 2017 builds on Windows (amd64)
msvc:windows:amd64:
<<: *windows_build_job
<<: *default_triggering_rules
variables:
VSCONF: Release
system:msvc:windows:amd64:
<<: *windows_system_test_job
variables:
VSCONF: Release
needs:
- job: msvc:windows:amd64
artifacts: true
msvc-debug:windows:amd64:
<<: *windows_build_job
variables:
VSCONF: Debug
only:
- schedules
- tags
- web
system:msvc-debug:windows:amd64:
<<: *windows_system_test_job
variables:
VSCONF: Debug
needs:
- job: msvc-debug:windows:amd64
artifacts: true
# Job producing a release tarball
release:
<<: *base_image
stage: release
script:
# Determine BIND version
- source version
- export BIND_DIRECTORY="bind-${MAJORVER}.${MINORVER}.${PATCHVER}${RELEASETYPE}${RELEASEVER}"
# Remove redundant files and system test utilities from Windows build artifacts
- find Build/Release/ -name "*.pdb" -print -delete
- find Build/Debug/ \( -name "*.bsc" -o -name "*.idb" \) -print -delete
- find Build/ -regextype posix-extended -regex "Build/.*/($(find bin/tests/ -type f | sed -nE "s|^bin/tests(/system)?/win32/(.*)\.vcxproj$|\2|p" | paste -d"|" -s))\..*" -print -delete
# Create Windows zips
- openssl dgst -sha256 "${BIND_DIRECTORY}.tar.${TARBALL_EXTENSION}" | tee Build/Release/SHA256 Build/Debug/SHA256
- ( cd Build/Release; zip "../../BIND${BIND_DIRECTORY#bind-}.x64.zip" * )
- ( cd Build/Debug; zip "../../BIND${BIND_DIRECTORY#bind-}.debug.x64.zip" * )
# Prepare release tarball contents (tarballs + zips + documentation)
- mkdir -p release/doc/arm
- pushd release
- mv "../${BIND_DIRECTORY}.tar.${TARBALL_EXTENSION}" ../BIND*.zip .
- tar --extract --file="${BIND_DIRECTORY}.tar.${TARBALL_EXTENSION}"
- mv "${BIND_DIRECTORY}"/{CHANGES*,COPYRIGHT,LICENSE,README,srcid} .
- mv "${BIND_DIRECTORY}"/doc/arm/{Bv9ARM{*.html,.pdf},man.*,notes.{html,pdf,txt}} doc/arm/
- rm -rf "${BIND_DIRECTORY}"
- cp doc/arm/notes.html "RELEASE-NOTES-${BIND_DIRECTORY}.html"
- cp doc/arm/notes.pdf "RELEASE-NOTES-${BIND_DIRECTORY}.pdf"
- cp doc/arm/notes.txt "RELEASE-NOTES-${BIND_DIRECTORY}.txt"
- popd
# Create release tarball
- tar --create --file="${CI_COMMIT_TAG}.tar.gz" --gzip release/
needs:
- job: tarball-create
artifacts: true
- job: msvc:windows:amd64
artifacts: true
- job: msvc-debug:windows:amd64
artifacts: true
only:
- tags
artifacts:
paths:
- "*.tar.gz"
expire_in: "1 day"
# Coverity Scan analysis upload
.coverity_cache_prep: &coverity_cache_prep |
test -f cov-analysis-linux64.md5 && test -f cov-analysis-linux64.tgz || (
curl --output cov-analysis-linux64.md5 https://scan.coverity.com/download/linux64 \
--form project=$COVERITY_SCAN_PROJECT_NAME \
--form token=$COVERITY_SCAN_TOKEN \
--form md5=1
curl --output cov-analysis-linux64.tgz https://scan.coverity.com/download/linux64 \
--form project=$COVERITY_SCAN_PROJECT_NAME \
--form token=$COVERITY_SCAN_TOKEN
)
test "$(md5sum cov-analysis-linux64.tgz | awk '{ print $1 }')" = "$(cat cov-analysis-linux64.md5)"
tar --extract --gzip --file=cov-analysis-linux64.tgz
test -d cov-analysis-linux64-2019.03
.coverity_build: &coverity_build |
cov-analysis-linux64-2019.03/bin/cov-build --dir cov-int sh -c 'make -j${BUILD_PARALLEL_JOBS:-1} -k all V=1'
tar --create --gzip --file=cov-int.tar.gz cov-int/
curl -v https://scan.coverity.com/builds?project=$COVERITY_SCAN_PROJECT_NAME \
--form token=$COVERITY_SCAN_TOKEN \
--form email=bind-changes@isc.org \
--form file=@cov-int.tar.gz \
--form version="$(git rev-parse --short HEAD)" \
--form description="$(git rev-parse --short HEAD) / $CI_COMMIT_TITLE / $CI_COMMIT_REF_NAME:$CI_PIPELINE_ID" 2>&1 \
| tee curl-response.txt
grep -q 'Build successfully submitted' curl-response.txt
coverity:
<<: *base_image
stage: postcheck
variables:
CC: gcc
CFLAGS: "${CFLAGS_COMMON} -Og"
EXTRA_CONFIGURE: "--enable-dnstap --with-libidn2"
script:
- *coverity_cache_prep
- *configure
- *coverity_build
needs:
- job: autoreconf
artifacts: true
artifacts:
paths:
- curl-response.txt
- cov-int.tar.gz
expire_in: "1 week"
when: on_failure
only:
variables:
- $COVERITY_SCAN_PROJECT_NAME
- $COVERITY_SCAN_TOKEN
cache:
key: cov-analysis-linux64-2019.03
paths:
- cov-analysis-linux64.md5
- cov-analysis-linux64.tgz
# Respdiff test
respdiff:
<<: *base_image
stage: system
variables:
CC: gcc
CFLAGS: "${CFLAGS_COMMON} -Og"
BIND_BASELINE_VERSION: v9_11_3
script:
- ./configure --without-make-clean
- make -j${BUILD_PARALLEL_JOBS:-1} V=1
- *setup_interfaces
- git clone --depth 1 https://gitlab-ci-token:${CI_JOB_TOKEN}@gitlab.isc.org/isc-private/bind-qa.git
- git clone --branch "${BIND_BASELINE_VERSION}" --depth 1 https://gitlab.isc.org/isc-projects/bind9.git refbind
- cd refbind/
- ./configure --without-make-clean
- make -j${BUILD_PARALLEL_JOBS:-1} V=1
- cd ../bind-qa/bind9/respdiff
- bash respdiff.sh -q "${PWD}/100k_mixed.txt" -c 3 -w "${PWD}/rspworkdir" "${CI_PROJECT_DIR}/refbind" "${CI_PROJECT_DIR}"
needs:
- job: tarball-create
artifacts: true
only:
- tags
artifacts:
paths:
- refbind
untracked: true
expire_in: "1 day"
when: on_failure
# ABI check
abi-check:
<<: *base_image
stage: build
needs:
- job: autoreconf
artifacts: true
variables:
CC: gcc
CFLAGS: "${CFLAGS_COMMON} -Og"
BIND_BASELINE_VERSION: v9_11_19
script:
- *configure
- make -j${BUILD_PARALLEL_JOBS:-1} V=1
- git clone --branch "${BIND_BASELINE_VERSION}" --depth 1 https://gitlab.isc.org/isc-projects/bind9.git refbind
- cd refbind/
- *configure
- make -j${BUILD_PARALLEL_JOBS:-1} V=1
- cd ..
- util/api-checker.sh . refbind
artifacts:
paths:
- "*-lib*.html"
- "*-lib*.txt"
- "abi-*.dump"
expire_in: "1 week"
only:
- master@isc-projects/bind9
- /^v9_[1-9][0-9]$/@isc-projects/bind9