variables: # Not normally needed, but may be if some script uses `apt-get install`. DEBIAN_FRONTEND: noninteractive # Locale settings do not affect the build, but might affect tests. LC_ALL: C CI_REGISTRY_IMAGE: registry.gitlab.isc.org/isc-projects/images/bind9 CCACHE_DIR: "/ccache" SOFTHSM2_CONF: "/var/tmp/softhsm2/softhsm2.conf" # VirtualBox driver needs to set build_dir to "/builds" in gitlab-runner.toml KYUA_RESULT: "$CI_PROJECT_DIR/kyua.results" GIT_DEPTH: 1 BUILD_PARALLEL_JOBS: 6 TEST_PARALLEL_JOBS: 6 CONFIGURE: ./configure CLANG: clang-10 SCAN_BUILD: scan-build-10 SYMBOLIZER: /usr/lib/llvm-10/bin/llvm-symbolizer ASAN_SYMBOLIZER_PATH: /usr/lib/llvm-10/bin/llvm-symbolizer CLANG_FORMAT: clang-format-10 CFLAGS_COMMON: -fno-omit-frame-pointer -fno-optimize-sibling-calls -O1 -g -Wall -Wextra # Pass run-time flags to AddressSanitizer to get core dumps on error. ASAN_OPTIONS_COMMON: abort_on_error=1:disable_coredump=0:unmap_shadow_on_exit=1 TSAN_OPTIONS_COMMON: "second_deadlock_stack=1 history_size=7 log_exe_name=true log_path=tsan external_symbolizer_path=$SYMBOLIZER" TARBALL_COMPRESSOR: gzip TARBALL_EXTENSION: gz stages: - precheck - build - unit - system - docs - push - postcheck - release ### Runner Tag Templates # Note: BSD runners extract the operating system version to use from job name .freebsd-amd64: &freebsd_amd64 tags: - libvirt - amd64 .linux-amd64: &linux_amd64 tags: - linux - amd64 .linux-arm64: &linux_arm64 tags: - linux - arm64 .linux-i386: &linux_i386 tags: - linux - i386 .openbsd-amd64: &openbsd_amd64 tags: - libvirt - amd64 ### Docker Image Templates # Alpine Linux .alpine-3.11-amd64: &alpine_3_11_amd64_image image: "$CI_REGISTRY_IMAGE:alpine-3.11-amd64" <<: *linux_amd64 # CentOS .centos-centos6-amd64: ¢os_centos6_amd64_image image: "$CI_REGISTRY_IMAGE:centos-centos6-amd64" <<: *linux_amd64 .centos-centos7-amd64: ¢os_centos7_amd64_image image: "$CI_REGISTRY_IMAGE:centos-centos7-amd64" <<: *linux_amd64 .centos-centos8-amd64: ¢os_centos8_amd64_image image: "$CI_REGISTRY_IMAGE:centos-centos8-amd64" <<: *linux_amd64 # Debian .debian-stretch-amd64: &debian_stretch_amd64_image image: "$CI_REGISTRY_IMAGE:debian-stretch-amd64" <<: *linux_amd64 .debian-buster-amd64: &debian_buster_amd64_image image: "$CI_REGISTRY_IMAGE:debian-buster-amd64" <<: *linux_amd64 .debian-sid-amd64: &debian_sid_amd64_image image: "$CI_REGISTRY_IMAGE:debian-sid-amd64" <<: *linux_amd64 .debian-sid-arm64: &debian_sid_arm64_image image: "$CI_REGISTRY_IMAGE:debian-sid-arm64" <<: *linux_arm64 .debian-sid-i386: &debian_sid_i386_image image: "$CI_REGISTRY_IMAGE:debian-sid-i386" <<: *linux_i386 # openSUSE Tumbleweed .tumbleweed-latest-amd64: &tumbleweed_latest_amd64_image image: "$CI_REGISTRY_IMAGE:tumbleweed-latest-amd64" <<: *linux_amd64 # Fedora .fedora-31-amd64: &fedora_31_amd64_image image: "$CI_REGISTRY_IMAGE:fedora-31-amd64" <<: *linux_amd64 # Ubuntu .ubuntu-xenial-amd64: &ubuntu_xenial_amd64_image image: "$CI_REGISTRY_IMAGE:ubuntu-xenial-amd64" <<: *linux_amd64 .ubuntu-bionic-amd64: &ubuntu_bionic_amd64_image image: "$CI_REGISTRY_IMAGE:ubuntu-bionic-amd64" <<: *linux_amd64 # Base image # This is a meta image that is used as a base for non-specific jobs .base: &base_image <<: *debian_buster_amd64_image ### Job Templates .default-triggering-rules: &default_triggering_rules only: - merge_requests - tags - web - schedules .release-branch-triggering-rules: &release_branch_triggering_rules only: - merge_requests - tags - web - schedules - master@isc-projects/bind9 - /^v9_[1-9][0-9]$/@isc-projects/bind9 .precheck: &precheck_job <<: *default_triggering_rules <<: *base_image stage: precheck .autoconf: &autoconf_job <<: *release_branch_triggering_rules <<: *base_image stage: precheck script: - autoreconf -fi artifacts: untracked: true expire_in: "1 day" .configure: &configure | ${CONFIGURE} \ --enable-developer \ --with-randomdev=/dev/urandom \ --with-libtool \ --with-geoip2=auto \ --disable-static \ --with-cmocka \ --with-libxml2 \ --with-libjson \ --prefix=$HOME/.local \ --without-make-clean \ $EXTRA_CONFIGURE \ || cat config.log .build: &build_job <<: *default_triggering_rules stage: build before_script: - test -w "${CCACHE_DIR}" && export PATH="/usr/lib/ccache:${PATH}" - test -n "${OOT_BUILD_WORKSPACE}" && mkdir "${OOT_BUILD_WORKSPACE}" && cd "${OOT_BUILD_WORKSPACE}" script: - *configure - make depend | grep "error:" && exit 1 - make -j${BUILD_PARALLEL_JOBS:-1} -k all V=1 - test -z "${RUN_MAKE_INSTALL}" || make install - test -z "${RUN_MAKE_INSTALL}" || sh util/check-make-install needs: - job: autoreconf artifacts: true artifacts: untracked: true expire_in: "1 day" .windows_build: &windows_build_job stage: build tags: - windows - amd64 script: - 'Push-Location "C:/Program Files (x86)/Microsoft Visual Studio/2017/BuildTools/VC/Auxiliary/Build"' - '& cmd.exe /C "vcvarsall.bat x64 & set" | Foreach-Object { if ($_ -match "(.*?)=(.*)") { Set-Item -force -path "Env:\$($matches[1])" -value "$($matches[2])" } }' - 'Pop-Location' - 'Set-Location win32utils' - '& "C:/Strawberry/perl/bin/perl.exe" Configure "with-tools-version=15.0" "with-platform-toolset=v141" "with-platform-version=10.0.17763.0" "with-vcredist=C:/Program Files (x86)/Microsoft Visual Studio/2017/BuildTools/VC/Redist/MSVC/14.16.27012/vcredist_x64.exe" "with-openssl=C:/OpenSSL" "with-libxml2=C:/libxml2" "without-python" "with-system-tests" x64' - 'Set-Item -path "Env:CL" -value "/MP$([Math]::Truncate($BUILD_PARALLEL_JOBS/2))"' - '& msbuild.exe /maxCpuCount:2 /t:Build /p:Configuration=$VSCONF bind9.sln' needs: [] artifacts: untracked: true expire_in: "1 day" .setup_interfaces: &setup_interfaces | if [ "$(id -u)" -eq "0" ]; then sh -x bin/tests/system/ifconfig.sh up; else sudo sh -x bin/tests/system/ifconfig.sh up; fi .setup_softhsm: &setup_softhsm | export SLOT=$(sh -x bin/tests/prepare-softhsm2.sh) test -n "${SLOT}" && test "${SLOT}" -gt 0 .system_test_common: &system_test_common <<: *default_triggering_rules stage: system before_script: - *setup_interfaces - *setup_softhsm script: - ( cd bin/tests/system && make -j${TEST_PARALLEL_JOBS:-1} -k test V=1 ) - test -s bin/tests/system/systests.output .system_test: &system_test_job <<: *system_test_common artifacts: untracked: true expire_in: "1 day" when: on_failure .system_test_tsan: &system_test_tsan_job <<: *system_test_common allow_failure: true after_script: - find bin -name 'tsan.*' -exec python3 util/parse_tsan.py {} \; artifacts: expire_in: "1 day" paths: - bin/tests/system/*/tsan.* - bin/tests/system/*/*/tsan.* - tsan/ when: on_failure .kyua_report: &kyua_report_html | kyua --logfile /dev/null report-html \ --force \ --results-file "$KYUA_RESULT" \ --results-filter "" \ --output kyua_html .windows_system_test: &windows_system_test_job stage: system tags: - windows - amd64 script: - 'Push-Location bin/tests/system' - '$ifIndex = Get-NetIPInterface -AddressFamily IPv4 -InterfaceMetric 75 | Select-Object -ExpandProperty ifIndex' - '& C:/tools/cygwin/bin/sed.exe -i "s/^exit.*/netsh interface ipv4 set dnsservers $ifIndex dhcp/; s/\(name\|interface\)=Loopback/$ifIndex/;" ifconfig.bat' - '& C:/tools/cygwin/bin/sed.exe -i "s/kill -f/kill -W/;" conf.sh stop.pl' - '& cmd.exe /C ifconfig.bat up; ""' - 'Start-Sleep 2' - '$Env:Path = "C:/tools/cygwin/bin;$Env:Path"' - '& sh.exe runall.sh $TEST_PARALLEL_JOBS' - 'If (Test-Path C:/CrashDumps/*) { dir C:/CrashDumps; Throw }' artifacts: untracked: true expire_in: "1 day" when: on_failure only: - schedules - tags - web .unit_test_common: &unit_test_common <<: *default_triggering_rules stage: unit before_script: - *setup_softhsm script: - make unit after_script: - *kyua_report_html .unit_test: &unit_test_job <<: *unit_test_common artifacts: untracked: true expire_in: "1 day" when: on_failure .unit_test_tsan: &unit_test_tsan_job <<: *unit_test_common allow_failure: true after_script: - *kyua_report_html - find lib -name 'tsan.*' -exec python3 util/parse_tsan.py {} \; artifacts: expire_in: "1 day" paths: - lib/*/tests/tsan.* - tsan/ - kyua.log - kyua.results - kyua_html/ when: on_failure .cppcheck_args: &run_cppcheck | cppcheck --enable=warning,performance,portability,information,missingInclude --include=config.h --std=c11 --language=c --project=compile_commands.json --error-exitcode=2 -j ${TEST_PARALLEL_JOBS:-1} --xml --output-file=cppcheck.results --relative-paths="$CI_PROJECT_DIR" --inline-suppr --suppressions-list=util/suppressions.txt .cppcheck_report: &cppcheck_report_html | cppcheck-htmlreport --title="BIND 9 ($CI_COMMIT_SHORT_SHA) Cppcheck Report" --file=cppcheck.results --report-dir=cppcheck_html/ .cppcheck: &cppcheck_job <<: *default_triggering_rules stage: postcheck script: # Workaround for cppcheck 2.0 uninitvar false positives triggered by (&var)->field syntax # (see: https://sourceforge.net/p/cppcheck/discussion/general/thread/122153e3c1/) - sed -i '/^#define ISC__BUFFER.*\\$/{s|_b|__b|;N;s|do {|\0 isc_buffer_t *_b = (isc_buffer_t *)__b;|}; /^#define ISC__BUFFER.*REGION.*\\$/{s|_r|__r|;N;s|do {|\0 isc_region_t *_r = (isc_region_t *)__r;|; /USEDREGION/{s|isc_buffer_t|const \0|g}}' lib/isc/include/isc/buffer.h - *configure - (make -nwk all || true) | compiledb - export GCC_VERSION=$(gcc --version | sed -n 's/.* \([0-9]\+\)\.[0-9]\+\.[0-9]\+.*/\1/p') - sed -i "/gcc\",/a\"-DCPPCHECK\", \"-D__STDC__\", \"-D__GNUC__=${GCC_VERSION}\"," compile_commands.json - *run_cppcheck after_script: - *cppcheck_report_html artifacts: paths: - compile_commands.json - cppcheck.results - cppcheck_html/ expire_in: "1 day" when: on_failure needs: - job: autoreconf artifacts: true ### Job Definitions # Jobs in the precheck stage autoreconf: <<: *autoconf_job misc: <<: *precheck_job script: - sh util/check-ans-prereq.sh - sh util/checklibs.sh > checklibs.out - sh util/tabify-changes < CHANGES > CHANGES.tmp - diff -urNap CHANGES CHANGES.tmp - perl util/check-changes CHANGES - test ! -f CHANGES.SE || sh util/tabify-changes < CHANGES.SE > CHANGES.tmp - test ! -f CHANGES.SE || diff -urNap CHANGES.SE CHANGES.tmp - test ! -f CHANGES.SE || perl util/check-changes master=0 CHANGES.SE - rm CHANGES.tmp - perl -w util/merge_copyrights - diff -urNap util/copyrights util/newcopyrights - rm util/newcopyrights - perl -w util/update_copyrights < util/copyrights - if test "$(git status --porcelain | grep -Ev '\?\?' | wc -l)" -gt "0"; then git status --short; exit 1; fi - xmllint --noout --nonet `git ls-files '*.xml' '*.docbook'` - xmllint --noout --nonet --html `git ls-files '*.html'` - sh util/check-win32util-configure - sh util/check-categories.sh needs: [] artifacts: paths: - util/newcopyrights - checklibs.out expire_in: "1 day" when: on_failure clang-format: <<: *precheck_job needs: [] script: - if [ -r .clang-format ]; then "${CLANG_FORMAT}" -i -style=file $(git ls-files '*.c' '*.h'); fi - if test "$(git status --porcelain | grep -Ev '\?\?' | wc -l)" -gt "0"; then git status --short; exit 1; fi coccinelle: <<: *precheck_job needs: [] script: - util/check-cocci - if test "$(git status --porcelain | grep -Ev '\?\?' | wc -l)" -gt "0"; then git status --short; exit 1; fi danger: <<: *precheck_job needs: [] script: - danger-python ci -f only: refs: - merge_requests variables: - $DANGER_GITLAB_API_TOKEN flake8: <<: *default_triggering_rules <<: *base_image stage: postcheck needs: - job: autoreconf artifacts: true script: - *configure - flake8 --max-line-length=80 $(git ls-files '*.py' | grep -vE '(ans\.py|dangerfile\.py)') only: - merge_requests pylint: <<: *default_triggering_rules <<: *base_image stage: postcheck needs: - job: autoreconf artifacts: true before_script: script: - *configure - PYTHONPATH="$PYTHONPATH:$CI_PROJECT_DIR/bin/python" - pylint --rcfile $CI_PROJECT_DIR/.pylintrc $(git ls-files '*.py' | grep -vE '(ans\.py|dangerfile\.py|contrib/queryperf/)') only: - merge_requests tarball-create: stage: precheck <<: *base_image script: - source version - export BIND_DIRECTORY="bind-${MAJORVER}.${MINORVER}.${PATCHVER}${RELEASETYPE}${RELEASEVER}" - git archive --prefix="${BIND_DIRECTORY}/" --output="${BIND_DIRECTORY}.tar" HEAD - mkdir "${BIND_DIRECTORY}" - echo "SRCID=$(git rev-list --max-count=1 HEAD | cut -b1-7)" > "${BIND_DIRECTORY}/srcid" - tar --append --file="${BIND_DIRECTORY}.tar" "${BIND_DIRECTORY}/srcid" - ${TARBALL_COMPRESSOR} "${BIND_DIRECTORY}.tar" artifacts: paths: - bind-*.tar.${TARBALL_EXTENSION} only: - tags # Jobs for doc builds on Debian Sid (amd64) docs: <<: *release_branch_triggering_rules <<: *base_image stage: docs script: - ./configure || cat config.log - make -C doc/misc docbook - make -C doc/arm Bv9ARM.html needs: - job: autoreconf artifacts: true artifacts: paths: - doc/arm/ expire_in: "1 month" push:docs: <<: *base_image stage: push needs: - job: docs artifacts: false script: - curl -X POST -F token=$GITLAB_PAGES_DOCS_TRIGGER_TOKEN -F ref=master $GITLAB_PAGES_DOCS_TRIGGER_URL only: - master@isc-projects/bind9 - /^v9_[1-9][0-9]$/@isc-projects/bind9 # Jobs for regular GCC builds on Alpine Linux 3.11 (amd64) gcc:alpine3.11:amd64: variables: CC: gcc CFLAGS: "${CFLAGS_COMMON}" EXTRA_CONFIGURE: "--enable-dnstap" <<: *alpine_3_11_amd64_image <<: *build_job system:gcc:alpine3.11:amd64: <<: *alpine_3_11_amd64_image <<: *system_test_job needs: - job: gcc:alpine3.11:amd64 artifacts: true unit:gcc:alpine3.11:amd64: <<: *alpine_3_11_amd64_image <<: *unit_test_job needs: - job: gcc:alpine3.11:amd64 artifacts: true # Jobs for regular GCC builds on CentOS 6 (amd64) gcc:centos6:amd64: variables: CC: gcc CFLAGS: "${CFLAGS_COMMON}" EXTRA_CONFIGURE: "--with-libidn2 --disable-warn-error" <<: *centos_centos6_amd64_image <<: *build_job system:gcc:centos6:amd64: <<: *centos_centos6_amd64_image <<: *system_test_job needs: - job: gcc:centos6:amd64 artifacts: true unit:gcc:centos6:amd64: <<: *centos_centos6_amd64_image <<: *unit_test_job needs: - job: gcc:centos6:amd64 artifacts: true # Jobs for regular GCC builds on CentOS 7 (amd64) gcc:centos7:amd64: variables: CC: gcc CFLAGS: "${CFLAGS_COMMON}" EXTRA_CONFIGURE: "--enable-dnstap --with-libidn2" <<: *centos_centos7_amd64_image <<: *build_job system:gcc:centos7:amd64: <<: *centos_centos7_amd64_image <<: *system_test_job needs: - job: gcc:centos7:amd64 artifacts: true unit:gcc:centos7:amd64: <<: *centos_centos7_amd64_image <<: *unit_test_job needs: - job: gcc:centos7:amd64 artifacts: true # Jobs for regular GCC builds on CentOS 8 (amd64) gcc:centos8:amd64: variables: CC: gcc CFLAGS: "${CFLAGS_COMMON}" EXTRA_CONFIGURE: "--with-libidn2" <<: *centos_centos8_amd64_image <<: *build_job system:gcc:centos8:amd64: <<: *centos_centos8_amd64_image <<: *system_test_job needs: - job: gcc:centos8:amd64 artifacts: true unit:gcc:centos8:amd64: <<: *centos_centos8_amd64_image <<: *unit_test_job needs: - job: gcc:centos8:amd64 artifacts: true # Jobs for regular GCC builds on Debian 9 Stretch (amd64) gcc:stretch:amd64: variables: CC: gcc CFLAGS: "${CFLAGS_COMMON} -O2" <<: *debian_stretch_amd64_image <<: *build_job system:gcc:stretch:amd64: <<: *debian_stretch_amd64_image <<: *system_test_job needs: - job: gcc:stretch:amd64 artifacts: true unit:gcc:stretch:amd64: <<: *debian_stretch_amd64_image <<: *unit_test_job needs: - job: gcc:stretch:amd64 artifacts: true # Jobs for regular GCC builds on Debian 10 Buster (amd64) gcc:buster:amd64: variables: CC: gcc CFLAGS: "${CFLAGS_COMMON}" <<: *debian_buster_amd64_image <<: *build_job system:gcc:buster:amd64: <<: *debian_buster_amd64_image <<: *system_test_job needs: - job: gcc:buster:amd64 artifacts: true unit:gcc:buster:amd64: <<: *debian_buster_amd64_image <<: *unit_test_job needs: - job: gcc:buster:amd64 artifacts: true # Jobs for scan-build builds on Debian Buster (amd64) .scan_build: &scan_build | ${SCAN_BUILD} --html-title="BIND 9 ($CI_COMMIT_SHORT_SHA)" \ --keep-cc \ --status-bugs \ --keep-going \ -o scan-build.reports \ make -j${BUILD_PARALLEL_JOBS:-1} all V=1 scan-build: <<: *default_triggering_rules <<: *base_image stage: postcheck variables: CC: "${CLANG}" CFLAGS: "${CFLAGS_COMMON}" CONFIGURE: "${SCAN_BUILD} ./configure" EXTRA_CONFIGURE: "--enable-dnstap --with-libidn2" script: - *configure - *scan_build needs: - job: autoreconf artifacts: true artifacts: paths: - scan-build.reports/ expire_in: "1 day" when: on_failure # Jobs for regular GCC builds on Debian Sid (amd64) # Also tests configration option: --without-lmdb. gcc:sid:amd64: variables: CC: gcc CFLAGS: "${CFLAGS_COMMON} -O3" EXTRA_CONFIGURE: "--enable-dnstap --with-libidn2 --without-lmdb" RUN_MAKE_INSTALL: 1 <<: *debian_sid_amd64_image <<: *build_job system:gcc:sid:amd64: <<: *debian_sid_amd64_image <<: *system_test_job needs: - job: gcc:sid:amd64 artifacts: true unit:gcc:sid:amd64: <<: *debian_sid_amd64_image <<: *unit_test_job needs: - job: gcc:sid:amd64 artifacts: true cppcheck: <<: *base_image <<: *cppcheck_job # Job for out-of-tree GCC build on Debian Sid (amd64) # Also tests configration option: --with-lmdb. gcc:out-of-tree: variables: CC: gcc CFLAGS: "${CFLAGS_COMMON} -Og" CONFIGURE: ../configure EXTRA_CONFIGURE: "--enable-dnstap --with-libidn2 --with-lmdb" RUN_MAKE_INSTALL: 1 OOT_BUILD_WORKSPACE: workspace <<: *base_image <<: *build_job # Jobs for tarball GCC builds on Debian Sid (amd64) gcc:tarball: variables: CC: gcc EXTRA_CONFIGURE: "--enable-dnstap --with-libidn2" RUN_MAKE_INSTALL: 1 <<: *base_image <<: *build_job before_script: - tar --extract --file bind-*.tar.${TARBALL_EXTENSION} - rm -f bind-*.tar.${TARBALL_EXTENSION} - cd bind-* needs: - job: tarball-create artifacts: true only: - tags system:gcc:tarball: <<: *base_image <<: *system_test_job before_script: - cd bind-* - *setup_interfaces needs: - job: gcc:tarball artifacts: true only: - tags unit:gcc:tarball: <<: *base_image <<: *unit_test_job before_script: - cd bind-* needs: - job: gcc:tarball artifacts: true only: - tags # Jobs for regular GCC builds on Debian Sid (arm64) gcc:sid:arm64: variables: CC: gcc CFLAGS: "${CFLAGS_COMMON} -Og" EXTRA_CONFIGURE: "--with-libidn2" <<: *debian_sid_arm64_image <<: *build_job system:gcc:sid:arm64: <<: *debian_sid_arm64_image <<: *system_test_job needs: - job: gcc:sid:arm64 artifacts: true unit:gcc:sid:arm64: <<: *debian_sid_arm64_image <<: *unit_test_job needs: - job: gcc:sid:arm64 artifacts: true # Jobs for regular GCC builds on Debian Sid (i386) gcc:sid:i386: variables: CC: gcc CFLAGS: "${CFLAGS_COMMON}" EXTRA_CONFIGURE: "--with-libidn2 --without-python" <<: *debian_sid_i386_image <<: *build_job system:gcc:sid:i386: <<: *debian_sid_i386_image <<: *system_test_job needs: - job: gcc:sid:i386 artifacts: true unit:gcc:sid:i386: <<: *debian_sid_i386_image <<: *unit_test_job needs: - job: gcc:sid:i386 artifacts: true # Jobs for regular GCC builds on openSUSE Tumbleweed (amd64) gcc:tumbleweed:amd64: variables: CC: gcc CFLAGS: "${CFLAGS_COMMON}" EXTRA_CONFIGURE: "--with-libidn2" <<: *tumbleweed_latest_amd64_image <<: *build_job system:gcc:tumbleweed:amd64: <<: *tumbleweed_latest_amd64_image <<: *system_test_job needs: - job: gcc:tumbleweed:amd64 artifacts: true unit:gcc:tumbleweed:amd64: <<: *tumbleweed_latest_amd64_image <<: *unit_test_job needs: - job: gcc:tumbleweed:amd64 artifacts: true # Jobs for regular GCC builds on Fedora 31 (amd64) gcc:fedora31:amd64: variables: CC: gcc CFLAGS: "${CFLAGS_COMMON} -O1" EXTRA_CONFIGURE: "--with-libidn2" <<: *fedora_31_amd64_image <<: *build_job system:gcc:fedora31:amd64: <<: *fedora_31_amd64_image <<: *system_test_job needs: - job: gcc:fedora31:amd64 artifacts: true unit:gcc:fedora31:amd64: <<: *fedora_31_amd64_image <<: *unit_test_job needs: - job: gcc:fedora31:amd64 artifacts: true # Jobs for regular GCC builds on Ubuntu 16.04 Xenial Xerus (amd64) gcc:xenial:amd64: variables: CC: gcc CFLAGS: "${CFLAGS_COMMON} -O2" EXTRA_CONFIGURE: "--disable-geoip" <<: *ubuntu_xenial_amd64_image <<: *build_job system:gcc:xenial:amd64: <<: *ubuntu_xenial_amd64_image <<: *system_test_job needs: - job: gcc:xenial:amd64 artifacts: true unit:gcc:xenial:amd64: <<: *ubuntu_xenial_amd64_image <<: *unit_test_job needs: - job: gcc:xenial:amd64 artifacts: true # Jobs for regular GCC builds on Ubuntu 18.04 Bionic Beaver (amd64) gcc:bionic:amd64: variables: CC: gcc CFLAGS: "${CFLAGS_COMMON} -Og" EXTRA_CONFIGURE: "--with-libidn2" <<: *ubuntu_bionic_amd64_image <<: *build_job system:gcc:bionic:amd64: <<: *ubuntu_bionic_amd64_image <<: *system_test_job needs: - job: gcc:bionic:amd64 artifacts: true unit:gcc:bionic:amd64: <<: *ubuntu_bionic_amd64_image <<: *unit_test_job needs: - job: gcc:bionic:amd64 artifacts: true # Jobs for builds with ASAN enabled gcc:asan: variables: CC: gcc CFLAGS: "${CFLAGS_COMMON} -fsanitize=address,undefined -DISC_MEM_USE_INTERNAL_MALLOC=0" LDFLAGS: "-fsanitize=address,undefined" EXTRA_CONFIGURE: "--with-libidn2" <<: *base_image <<: *build_job system:gcc:asan: variables: ASAN_OPTIONS: ${ASAN_OPTIONS_COMMON} <<: *base_image <<: *system_test_job needs: - job: gcc:asan artifacts: true unit:gcc:asan: variables: ASAN_OPTIONS: ${ASAN_OPTIONS_COMMON} <<: *base_image <<: *unit_test_job needs: - job: gcc:asan artifacts: true clang:asan: variables: CC: ${CLANG} CFLAGS: "${CFLAGS_COMMON} -fsanitize=address,undefined -DISC_MEM_USE_INTERNAL_MALLOC=0" LDFLAGS: "-fsanitize=address,undefined" EXTRA_CONFIGURE: "--with-libidn2" <<: *base_image <<: *build_job system:clang:asan: variables: ASAN_OPTIONS: ${ASAN_OPTIONS_COMMON} <<: *base_image <<: *system_test_job needs: - job: clang:asan artifacts: true unit:clang:asan: variables: ASAN_OPTIONS: ${ASAN_OPTIONS_COMMON} <<: *base_image <<: *unit_test_job needs: - job: clang:asan artifacts: true # Jobs for builds with TSAN enabled gcc:tsan: <<: *base_image <<: *build_job variables: CC: gcc CFLAGS: "${CFLAGS_COMMON} -fsanitize=thread -DISC_MEM_USE_INTERNAL_MALLOC=0" LDFLAGS: "-fsanitize=thread" EXTRA_CONFIGURE: "--with-libidn2 --enable-pthread-rwlock" system:gcc:tsan: variables: TSAN_OPTIONS: ${TSAN_OPTIONS_COMMON} <<: *base_image <<: *system_test_tsan_job needs: - job: gcc:tsan artifacts: true unit:gcc:tsan: variables: TSAN_OPTIONS: ${TSAN_OPTIONS_COMMON} <<: *base_image <<: *unit_test_tsan_job needs: - job: gcc:tsan artifacts: true clang:tsan: <<: *base_image <<: *build_job variables: CC: "${CLANG}" CFLAGS: "${CFLAGS_COMMON} -fsanitize=thread -DISC_MEM_USE_INTERNAL_MALLOC=0" LDFLAGS: "-fsanitize=thread" EXTRA_CONFIGURE: "--with-libidn2 --enable-pthread-rwlock" system:clang:tsan: variables: TSAN_OPTIONS: ${TSAN_OPTIONS_COMMON} <<: *base_image <<: *system_test_tsan_job needs: - job: clang:tsan artifacts: true unit:clang:tsan: variables: TSAN_OPTIONS: ${TSAN_OPTIONS_COMMON} <<: *base_image <<: *unit_test_tsan_job needs: - job: clang:tsan artifacts: true # Jobs for mutex-based atomics on Debian SID (amd64) gcc:mutexatomics: variables: CC: gcc CFLAGS: "${CFLAGS_COMMON} -DISC_MEM_USE_INTERNAL_MALLOC=0" EXTRA_CONFIGURE: "--with-libidn2 --enable-mutex-atomics" <<: *base_image <<: *build_job system:gcc:mutexatomics: <<: *base_image <<: *system_test_job needs: - job: gcc:mutexatomics artifacts: true unit:gcc:mutexatomics: <<: *base_image <<: *unit_test_job needs: - job: gcc:mutexatomics artifacts: true # Jobs for Clang builds on Debian Buster (amd64) clang:buster:amd64: variables: CC: ${CLANG} CFLAGS: "${CFLAGS_COMMON} -Wenum-conversion" EXTRA_CONFIGURE: "--with-python=python3" <<: *debian_buster_amd64_image <<: *build_job system:clang:buster:amd64: <<: *debian_buster_amd64_image <<: *system_test_job needs: - job: clang:buster:amd64 artifacts: true unit:clang:buster:amd64: <<: *debian_buster_amd64_image <<: *unit_test_job needs: - job: clang:buster:amd64 artifacts: true # Jobs for PKCS#11-enabled GCC builds on Debian Sid (amd64) gcc:pkcs11: variables: CC: gcc CFLAGS: "${CFLAGS_COMMON}" EXTRA_CONFIGURE: "--enable-native-pkcs11 --with-pkcs11=/usr/lib/softhsm/libsofthsm2.so" <<: *base_image <<: *build_job system:gcc:pkcs11: <<: *base_image <<: *system_test_job needs: - job: gcc:pkcs11 artifacts: true unit:gcc:pkcs11: <<: *base_image <<: *unit_test_job needs: - job: gcc:pkcs11 artifacts: true # Jobs for Clang builds on FreeBSD 11.3 (amd64) clang:freebsd11.3:amd64: variables: CFLAGS: "${CFLAGS_COMMON}" USER: gitlab-runner <<: *freebsd_amd64 <<: *build_job system:clang:freebsd11.3:amd64: <<: *freebsd_amd64 <<: *system_test_job variables: USER: gitlab-runner TEST_PARALLEL_JOBS: 4 needs: - job: clang:freebsd11.3:amd64 artifacts: true unit:clang:freebsd11.3:amd64: <<: *freebsd_amd64 <<: *unit_test_job needs: - job: clang:freebsd11.3:amd64 artifacts: true # Jobs for Clang builds on FreeBSD 12.1 (amd64) clang:freebsd12.1:amd64: variables: CFLAGS: "${CFLAGS_COMMON}" EXTRA_CONFIGURE: "--enable-dnstap" USER: gitlab-runner <<: *freebsd_amd64 <<: *build_job system:clang:freebsd12.1:amd64: <<: *freebsd_amd64 <<: *system_test_job variables: USER: gitlab-runner TEST_PARALLEL_JOBS: 4 needs: - job: clang:freebsd12.1:amd64 artifacts: true unit:clang:freebsd12.1:amd64: <<: *freebsd_amd64 <<: *unit_test_job needs: - job: clang:freebsd12.1:amd64 artifacts: true # Jobs for Clang builds on OpenBSD 6.6 (amd64) clang:openbsd6.6:amd64: variables: CC: clang USER: gitlab-runner <<: *openbsd_amd64 <<: *build_job system:clang:openbsd6.6:amd64: <<: *openbsd_amd64 <<: *system_test_job variables: USER: gitlab-runner needs: - job: clang:openbsd6.6:amd64 artifacts: true only: - schedules - web # Jobs with libtool disabled nolibtool:sid:amd64: variables: CC: gcc CFLAGS: "${CFLAGS_COMMON}" EXTRA_CONFIGURE: "--with-libidn2 --without-libtool --with-dlopen" <<: *debian_sid_amd64_image <<: *build_job system:nolibtool:sid:amd64: <<: *debian_sid_amd64_image <<: *system_test_job needs: - job: nolibtool:sid:amd64 artifacts: true unit:nolibtool:sid:amd64: <<: *debian_sid_amd64_image <<: *unit_test_job needs: - job: nolibtool:sid:amd64 artifacts: true # Jobs for Visual Studio 2017 builds on Windows (amd64) msvc:windows:amd64: <<: *windows_build_job <<: *default_triggering_rules variables: VSCONF: Release system:msvc:windows:amd64: <<: *windows_system_test_job variables: VSCONF: Release needs: - job: msvc:windows:amd64 artifacts: true msvc-debug:windows:amd64: <<: *windows_build_job variables: VSCONF: Debug only: - schedules - tags - web system:msvc-debug:windows:amd64: <<: *windows_system_test_job variables: VSCONF: Debug needs: - job: msvc-debug:windows:amd64 artifacts: true # Job producing a release tarball release: <<: *base_image stage: release script: # Determine BIND version - source version - export BIND_DIRECTORY="bind-${MAJORVER}.${MINORVER}.${PATCHVER}${RELEASETYPE}${RELEASEVER}" # Remove redundant files and system test utilities from Windows build artifacts - find Build/Release/ -name "*.pdb" -print -delete - find Build/Debug/ \( -name "*.bsc" -o -name "*.idb" \) -print -delete - find Build/ -regextype posix-extended -regex "Build/.*/($(find bin/tests/ -type f | sed -nE "s|^bin/tests(/system)?/win32/(.*)\.vcxproj$|\2|p" | paste -d"|" -s))\..*" -print -delete # Create Windows zips - openssl dgst -sha256 "${BIND_DIRECTORY}.tar.${TARBALL_EXTENSION}" | tee Build/Release/SHA256 Build/Debug/SHA256 - ( cd Build/Release; zip "../../BIND${BIND_DIRECTORY#bind-}.x64.zip" * ) - ( cd Build/Debug; zip "../../BIND${BIND_DIRECTORY#bind-}.debug.x64.zip" * ) # Prepare release tarball contents (tarballs + zips + documentation) - mkdir -p release/doc/arm - pushd release - mv "../${BIND_DIRECTORY}.tar.${TARBALL_EXTENSION}" ../BIND*.zip . - tar --extract --file="${BIND_DIRECTORY}.tar.${TARBALL_EXTENSION}" - mv "${BIND_DIRECTORY}"/{CHANGES*,COPYRIGHT,LICENSE,README,srcid} . - mv "${BIND_DIRECTORY}"/doc/arm/{Bv9ARM{*.html,.pdf},man.*,notes.{html,pdf,txt}} doc/arm/ - rm -rf "${BIND_DIRECTORY}" - cp doc/arm/notes.html "RELEASE-NOTES-${BIND_DIRECTORY}.html" - cp doc/arm/notes.pdf "RELEASE-NOTES-${BIND_DIRECTORY}.pdf" - cp doc/arm/notes.txt "RELEASE-NOTES-${BIND_DIRECTORY}.txt" - popd # Create release tarball - tar --create --file="${CI_COMMIT_TAG}.tar.gz" --gzip release/ needs: - job: tarball-create artifacts: true - job: msvc:windows:amd64 artifacts: true - job: msvc-debug:windows:amd64 artifacts: true only: - tags artifacts: paths: - "*.tar.gz" expire_in: "1 day" # Coverity Scan analysis upload .coverity_cache_prep: &coverity_cache_prep | test -f cov-analysis-linux64.md5 && test -f cov-analysis-linux64.tgz || ( curl --output cov-analysis-linux64.md5 https://scan.coverity.com/download/linux64 \ --form project=$COVERITY_SCAN_PROJECT_NAME \ --form token=$COVERITY_SCAN_TOKEN \ --form md5=1 curl --output cov-analysis-linux64.tgz https://scan.coverity.com/download/linux64 \ --form project=$COVERITY_SCAN_PROJECT_NAME \ --form token=$COVERITY_SCAN_TOKEN ) test "$(md5sum cov-analysis-linux64.tgz | awk '{ print $1 }')" = "$(cat cov-analysis-linux64.md5)" tar --extract --gzip --file=cov-analysis-linux64.tgz test -d cov-analysis-linux64-2019.03 .coverity_build: &coverity_build | cov-analysis-linux64-2019.03/bin/cov-build --dir cov-int sh -c 'make -j${BUILD_PARALLEL_JOBS:-1} -k all V=1' tar --create --gzip --file=cov-int.tar.gz cov-int/ curl -v https://scan.coverity.com/builds?project=$COVERITY_SCAN_PROJECT_NAME \ --form token=$COVERITY_SCAN_TOKEN \ --form email=bind-changes@isc.org \ --form file=@cov-int.tar.gz \ --form version="$(git rev-parse --short HEAD)" \ --form description="$(git rev-parse --short HEAD) / $CI_COMMIT_TITLE / $CI_COMMIT_REF_NAME:$CI_PIPELINE_ID" 2>&1 \ | tee curl-response.txt grep -q 'Build successfully submitted' curl-response.txt coverity: <<: *base_image stage: postcheck variables: CC: gcc CFLAGS: "${CFLAGS_COMMON} -Og" EXTRA_CONFIGURE: "--enable-dnstap --with-libidn2" script: - *coverity_cache_prep - *configure - *coverity_build needs: - job: autoreconf artifacts: true artifacts: paths: - curl-response.txt - cov-int.tar.gz expire_in: "1 week" when: on_failure only: variables: - $COVERITY_SCAN_PROJECT_NAME - $COVERITY_SCAN_TOKEN cache: key: cov-analysis-linux64-2019.03 paths: - cov-analysis-linux64.md5 - cov-analysis-linux64.tgz # Respdiff test respdiff: <<: *base_image stage: system variables: CC: gcc CFLAGS: "${CFLAGS_COMMON} -Og" BIND_BASELINE_VERSION: v9_11_3 script: - ./configure --without-make-clean - make -j${BUILD_PARALLEL_JOBS:-1} V=1 - *setup_interfaces - git clone --depth 1 https://gitlab-ci-token:${CI_JOB_TOKEN}@gitlab.isc.org/isc-private/bind-qa.git - git clone --branch "${BIND_BASELINE_VERSION}" --depth 1 https://gitlab.isc.org/isc-projects/bind9.git refbind - cd refbind/ - ./configure --without-make-clean - make -j${BUILD_PARALLEL_JOBS:-1} V=1 - cd ../bind-qa/bind9/respdiff - bash respdiff.sh -q "${PWD}/100k_mixed.txt" -c 3 -w "${PWD}/rspworkdir" "${CI_PROJECT_DIR}/refbind" "${CI_PROJECT_DIR}" needs: - job: tarball-create artifacts: true only: - tags artifacts: paths: - refbind untracked: true expire_in: "1 day" when: on_failure # ABI check abi-check: <<: *base_image stage: build needs: - job: autoreconf artifacts: true variables: CC: gcc CFLAGS: "${CFLAGS_COMMON} -Og" BIND_BASELINE_VERSION: v9_11_19 script: - *configure - make -j${BUILD_PARALLEL_JOBS:-1} V=1 - git clone --branch "${BIND_BASELINE_VERSION}" --depth 1 https://gitlab.isc.org/isc-projects/bind9.git refbind - cd refbind/ - *configure - make -j${BUILD_PARALLEL_JOBS:-1} V=1 - cd .. - util/api-checker.sh . refbind artifacts: paths: - "*-lib*.html" - "*-lib*.txt" - "abi-*.dump" expire_in: "1 week" only: - master@isc-projects/bind9 - /^v9_[1-9][0-9]$/@isc-projects/bind9