-
Notifications
You must be signed in to change notification settings - Fork 87
/
Copy path.gitlab-ci.yml
145 lines (133 loc) · 4.4 KB
/
.gitlab-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
variables:
GIT_STRATEGY: fetch
GIT_SUBMODULE_STRATEGY: recursive
IMAGE_REDEMPTION_ANALYZE: redemption-analyze
TESTDIR: test_tmpdir
stages:
- build-docker-images
- build
build-analyze-image:
stage: build-docker-images
image: docker.io/docker:19.03
variables:
BUILD_ANALYZE_PATH: builder/analyze/
script:
# DOCKER_AUTH_CONFIG only works when pulling images from private repo for jobs...
- echo "${WAB_PROXIES_NEXUS_TOKEN}" | docker login -u "${WAB_PROXIES_NEXUS_USER}" "${NEXUS_WAB_PROXIES_URL}" --password-stdin
- docker build -t ${IMAGE_REDEMPTION_ANALYZE} -f ${BUILD_ANALYZE_PATH}/Dockerfile ${BUILD_ANALYZE_PATH}
- docker tag ${IMAGE_REDEMPTION_ANALYZE} ${NEXUS_WAB_PROXIES_URL}/${IMAGE_REDEMPTION_ANALYZE}
- docker push ${NEXUS_WAB_PROXIES_URL}/${IMAGE_REDEMPTION_ANALYZE}
when: manual
branch-pages:
stage: build
rules:
- if: $CI_COMMIT_BRANCH =~ /^maintenance_bastion_/
when: on_success
- if: $CI_COMMIT_BRANCH == "future"
when: on_success
- when: never
image: ${NEXUS_WAB_PROXIES_URL}/${IMAGE_REDEMPTION_ANALYZE}
variables:
GITLAB_REMOTE: ci
GIT_BRANCH: pages
script:
- mkdir "tmp"
- tools/conf_migration_tool/rdp_conf_migrate.py --dump=json > tmp/migrate.json
- cp projects/redemption_configs/autogen/doc/*.json docs/theme/*.png tmp
- cp projects/redemption_configs/pages/config.html tmp/index.html
- git config user.email "[email protected]"
- git config user.name "CI Pipeline"
- git remote remove "${GITLAB_REMOTE}" || true
- git remote add "${GITLAB_REMOTE}" "https://${PAGES_ACCESS_NAME}:${PAGES_ACCESS_TOKEN}@gitlab.corp.wallix.com/git/redemption.git"
- git fetch "${GITLAB_REMOTE}"
- git switch "${GIT_BRANCH}" || git checkout -b "${GIT_BRANCH}" "${GITLAB_REMOTE}/${GIT_BRANCH}"
- rm -rf "public/${CI_COMMIT_BRANCH}"
- mkdir -p "public"
- mv "tmp" "public/${CI_COMMIT_BRANCH}"
- git add "public/${CI_COMMIT_BRANCH}"
- if git commit -m "Update page from ${CI_COMMIT_BRANCH} ${CI_COMMIT_SHORT_SHA}"; then
- git push "${GITLAB_REMOTE}" "${GIT_BRANCH}"
- fi
.analyzer_and_build:
stage: build
needs: []
rules:
- if: $CI_COMMIT_TAG
when: never
- when: on_success
# variables:
# GIT_SUBMODULE_STRATEGY: recursive
image: ${NEXUS_WAB_PROXIES_URL}/${IMAGE_REDEMPTION_ANALYZE}
artifacts:
when: always
timeout: 1h
.big_memory:
variables:
JOB_REQUIRED_MEMORY: '8Gi'
check-autogen_static-analyzer_test-python_test-lua:
extends:
- .analyzer_and_build
script:
- ./tools/gitlab/gitlab-check-autogen.sh
- ./tools/c++-analyzer/redemption-analyzer.sh
- ./tools/cpp2ctypes/test.sh
- ./tools/python-analyzer/coverage.sh py_coverage.xml
- ./tools/python-analyzer/ruff.sh | tee ruff_report.txt || true
- ./tools/c++-analyzer/clang-tidy |& tee clang_tidy_report.txt
# ./tools/c++-analyzer/cppcheck-filtered 2>&1 1>/dev/null
artifacts:
paths:
- clang_tidy_report.txt
- ruff_report.txt
- py_coverage.xml
build-analyze-release-valgrind:
extends:
- .analyzer_and_build
- .big_memory
variables:
GIT_SUBMODULE_STRATEGY: recursive
JOB_REQUIRED_MEMORY: '8Gi'
script:
- TMPDIR_TEST="$TESTDIR" ./tools/gitlab/gitlab-analyze.sh gcc_release_valgrind |& tee report1.txt
artifacts:
paths:
- report1.txt
- valgrind_reports/
- "$TESTDIR"
build-analyze-san-coverage:
extends:
- .analyzer_and_build
- .big_memory
script:
- TMPDIR_TEST="$TESTDIR" ./tools/gitlab/gitlab-analyze.sh clang_san gcc_debug_coverage |& tee report2.txt
artifacts:
paths:
- report2.txt
- gcovr_report.xml
- "$TESTDIR"
sonarqube-check:
stage: build
needs:
- check-autogen_static-analyzer_test-python_test-lua
- build-analyze-release-valgrind
- build-analyze-san-coverage
rules:
- if: $CI_PIPELINE_SOURCE == "merge_request_event"
when: on_success
- if: $CI_COMMIT_BRANCH == "future"
when: on_success
- when: never
image:
name: sonarsource/sonar-scanner-cli:latest
entrypoint: [""]
variables:
GIT_SUBMODULE_STRATEGY: normal
SONAR_USER_HOME: "${CI_PROJECT_DIR}/.sonar" # Defines the location of the analysis task cache
GIT_DEPTH: "0" # Tells git to fetch all the branches of the project, required by the analysis task
cache:
key: "${CI_JOB_NAME}"
paths:
- .sonar/cache
script:
- sonar-scanner
allow_failure: true