mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 00:14:44 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
apparmor/.gitlab-ci.yml

199 lines
6.5 KiB
YAML
Raw Normal View History

misc: add initial gitlab-ci.yml for running build/tests This commit adds an initial gitlab-ci.yml file to perform test builds and run tests on each commit. v2: add liblocale-gettext-perl dependency for parser simple test v3: - set noninteractive prompt to avoid debconf queries when installing packages - disable profiles test against aa-logprof; even if library and python path issues are resolved, aa-logprof early aborts due to being unable to find /sbin/apparmor_parser Signed-off-by: Steve Beattie <steve.beattie@canonical.com> Acked-by: Tyler Hicks <tyler.hicks@canonical.com> PR: https://gitlab.com/apparmor/apparmor/merge_requests/101
2018-04-18 22:04:23 -07:00
---
image: ubuntu:latest
# XXX - add a deploy stage to publish man pages, docs, and coverage
# reports
.gitlab-ci.yml: run pipeline in merge requests too Hopefully this will allow us to run pipelines in regular branches but also run it on merge requests on the parent project. This is needed for users that are not verified by Gitlab. https://docs.gitlab.com/ee/ci/pipelines/merge_request_pipelines.html#run-pipelines-in-the-parent-project
2024-10-02 17:31:25 -03:00
workflow:
rules:
- if: $CI_PIPELINE_SOURCE == 'merge_request_event'
- if: $CI_COMMIT_TAG
- if: $CI_COMMIT_BRANCH
misc: add initial gitlab-ci.yml for running build/tests This commit adds an initial gitlab-ci.yml file to perform test builds and run tests on each commit. v2: add liblocale-gettext-perl dependency for parser simple test v3: - set noninteractive prompt to avoid debconf queries when installing packages - disable profiles test against aa-logprof; even if library and python path issues are resolved, aa-logprof early aborts due to being unable to find /sbin/apparmor_parser Signed-off-by: Steve Beattie <steve.beattie@canonical.com> Acked-by: Tyler Hicks <tyler.hicks@canonical.com> PR: https://gitlab.com/apparmor/apparmor/merge_requests/101
2018-04-18 22:04:23 -07:00
stages:
- build
- test
tests: unify CI/CD preparation phase We now have GitLab CI/CD pipeline co-existing with spread, coupled with image-garden and the cloud-init profile defined for each distribution. To avoid duplicating list of required dependencies, re-use cloud-init profile as the reference list of dependencies (superset between build and test) to install. In addition to the dependency list, the build_all job now re-uses spread prepare section in similar fashion. If it builds in spread, it should build in CI as well. Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
2025-01-21 15:39:41 +01:00
.ubuntu-common:
CI: only run Debian'ish commands on jobs run on Debian'ish systems
2022-02-13 12:26:19 +00:00
before_script:
tests: unify CI/CD preparation phase We now have GitLab CI/CD pipeline co-existing with spread, coupled with image-garden and the cloud-init profile defined for each distribution. To avoid duplicating list of required dependencies, re-use cloud-init profile as the reference list of dependencies (superset between build and test) to install. In addition to the dependency list, the build_all job now re-uses spread prepare section in similar fashion. If it builds in spread, it should build in CI as well. Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
2025-01-21 15:39:41 +01:00
# Install build-dependencies by loading the package list from the ubuntu/debian cloud-init profile.
tests: put logs from apt-get in a collapsed section This is a small quality-of-life improvement when looking at CI/CD logs on GitLab. Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
2025-01-21 17:46:04 +01:00
- printf '\e[0K%s:%s:%s[collapsed=true]\r\e[0K%s\n' section_start "$(date +%s)" install_deps "Installing dependencies..."
CI: only run Debian'ish commands on jobs run on Debian'ish systems
2022-02-13 12:26:19 +00:00
- apt-get update -qq
tests: unify CI/CD preparation phase We now have GitLab CI/CD pipeline co-existing with spread, coupled with image-garden and the cloud-init profile defined for each distribution. To avoid duplicating list of required dependencies, re-use cloud-init profile as the reference list of dependencies (superset between build and test) to install. In addition to the dependency list, the build_all job now re-uses spread prepare section in similar fashion. If it builds in spread, it should build in CI as well. Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
2025-01-21 15:39:41 +01:00
- apt-get install --yes yq make lsb-release
- |
printf 'include .image-garden.mk\n$(info $(UBUNTU_CLOUD_INIT_USER_DATA_TEMPLATE))\n.PHONY: nothing\nnothing:\n' \
| make -f - nothing \
| yq '.packages | .[]' \
| xargs apt-get install --yes --no-install-recommends
tests: put logs from apt-get in a collapsed section This is a small quality-of-life improvement when looking at CI/CD logs on GitLab. Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
2025-01-21 17:46:04 +01:00
- printf '\e[0K%s:%s:%s\r\e[0K\n' section_end "$(date +%s)" install_deps
tests: unify CI/CD preparation phase We now have GitLab CI/CD pipeline co-existing with spread, coupled with image-garden and the cloud-init profile defined for each distribution. To avoid duplicating list of required dependencies, re-use cloud-init profile as the reference list of dependencies (superset between build and test) to install. In addition to the dependency list, the build_all job now re-uses spread prepare section in similar fashion. If it builds in spread, it should build in CI as well. Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
2025-01-21 15:39:41 +01:00
after_script:
# Inspect the kernel and lsb-release.
CI: only run Debian'ish commands on jobs run on Debian'ish systems
2022-02-13 12:26:19 +00:00
- lsb_release -a
- uname -a
misc: add initial gitlab-ci.yml for running build/tests This commit adds an initial gitlab-ci.yml file to perform test builds and run tests on each commit. v2: add liblocale-gettext-perl dependency for parser simple test v3: - set noninteractive prompt to avoid debconf queries when installing packages - disable profiles test against aa-logprof; even if library and python path issues are resolved, aa-logprof early aborts due to being unable to find /sbin/apparmor_parser Signed-off-by: Steve Beattie <steve.beattie@canonical.com> Acked-by: Tyler Hicks <tyler.hicks@canonical.com> PR: https://gitlab.com/apparmor/apparmor/merge_requests/101
2018-04-18 22:04:23 -07:00
build-all:
stage: build
CI: only run Debian'ish commands on jobs run on Debian'ish systems
2022-02-13 12:26:19 +00:00
extends:
tests: unify CI/CD preparation phase We now have GitLab CI/CD pipeline co-existing with spread, coupled with image-garden and the cloud-init profile defined for each distribution. To avoid duplicating list of required dependencies, re-use cloud-init profile as the reference list of dependencies (superset between build and test) to install. In addition to the dependency list, the build_all job now re-uses spread prepare section in similar fashion. If it builds in spread, it should build in CI as well. Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
2025-01-21 15:39:41 +01:00
- .ubuntu-common
script:
# Run the spread prepare section to build everything.
- yq -r '.prepare' <spread.yaml | SPREAD_PATH=. bash -xeu
misc: add initial gitlab-ci.yml for running build/tests This commit adds an initial gitlab-ci.yml file to perform test builds and run tests on each commit. v2: add liblocale-gettext-perl dependency for parser simple test v3: - set noninteractive prompt to avoid debconf queries when installing packages - disable profiles test against aa-logprof; even if library and python path issues are resolved, aa-logprof early aborts due to being unable to find /sbin/apparmor_parser Signed-off-by: Steve Beattie <steve.beattie@canonical.com> Acked-by: Tyler Hicks <tyler.hicks@canonical.com> PR: https://gitlab.com/apparmor/apparmor/merge_requests/101
2018-04-18 22:04:23 -07:00
artifacts:
name: ${CI_COMMIT_REF_NAME}-${CI_COMMIT_SHA}
expire_in: 30 days
untracked: true
paths:
CI: normalize indentation
2022-02-13 11:14:20 +00:00
- libraries/libapparmor/
- parser/
- binutils/
- utils/
- changehat/mod_apparmor/
- changehat/pam_apparmor/
- profiles/
misc: add initial gitlab-ci.yml for running build/tests This commit adds an initial gitlab-ci.yml file to perform test builds and run tests on each commit. v2: add liblocale-gettext-perl dependency for parser simple test v3: - set noninteractive prompt to avoid debconf queries when installing packages - disable profiles test against aa-logprof; even if library and python path issues are resolved, aa-logprof early aborts due to being unable to find /sbin/apparmor_parser Signed-off-by: Steve Beattie <steve.beattie@canonical.com> Acked-by: Tyler Hicks <tyler.hicks@canonical.com> PR: https://gitlab.com/apparmor/apparmor/merge_requests/101
2018-04-18 22:04:23 -07:00
CI: parallelize across multiple jobs, only install necessary dependencies
2022-02-13 09:02:58 +00:00
test-libapparmor:
misc: add initial gitlab-ci.yml for running build/tests This commit adds an initial gitlab-ci.yml file to perform test builds and run tests on each commit. v2: add liblocale-gettext-perl dependency for parser simple test v3: - set noninteractive prompt to avoid debconf queries when installing packages - disable profiles test against aa-logprof; even if library and python path issues are resolved, aa-logprof early aborts due to being unable to find /sbin/apparmor_parser Signed-off-by: Steve Beattie <steve.beattie@canonical.com> Acked-by: Tyler Hicks <tyler.hicks@canonical.com> PR: https://gitlab.com/apparmor/apparmor/merge_requests/101
2018-04-18 22:04:23 -07:00
stage: test
CI: add shellcheck job, with minimum severity set to error We have way too many warnings to enable lower severity levels, but let's at least we don't introduce new errors.
2022-02-13 07:49:52 +00:00
needs: ["build-all"]
CI: only run Debian'ish commands on jobs run on Debian'ish systems
2022-02-13 12:26:19 +00:00
extends:
tests: unify CI/CD preparation phase We now have GitLab CI/CD pipeline co-existing with spread, coupled with image-garden and the cloud-init profile defined for each distribution. To avoid duplicating list of required dependencies, re-use cloud-init profile as the reference list of dependencies (superset between build and test) to install. In addition to the dependency list, the build_all job now re-uses spread prepare section in similar fashion. If it builds in spread, it should build in CI as well. Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
2025-01-21 15:39:41 +01:00
- .ubuntu-common
misc: add initial gitlab-ci.yml for running build/tests This commit adds an initial gitlab-ci.yml file to perform test builds and run tests on each commit. v2: add liblocale-gettext-perl dependency for parser simple test v3: - set noninteractive prompt to avoid debconf queries when installing packages - disable profiles test against aa-logprof; even if library and python path issues are resolved, aa-logprof early aborts due to being unable to find /sbin/apparmor_parser Signed-off-by: Steve Beattie <steve.beattie@canonical.com> Acked-by: Tyler Hicks <tyler.hicks@canonical.com> PR: https://gitlab.com/apparmor/apparmor/merge_requests/101
2018-04-18 22:04:23 -07:00
script:
GitLab CI: touch built files in test stages before running tests The artifact restoration step does not preserve mtime, resulting in source files newer than built files, resulting in a needless rebuild of everything before actually running the tests. Signed-off-by: Ryan Lee <ryan.lee@canonical.com>
2024-10-18 11:46:46 -07:00
# This is to touch the built files in the test stage to avoid needless rebuilding
- make -C libraries/libapparmor --touch
CI: normalize indentation
2022-02-13 11:14:20 +00:00
- make -C libraries/libapparmor check
CI: parallelize across multiple jobs, only install necessary dependencies
2022-02-13 09:02:58 +00:00
test-parser:
stage: test
needs: ["build-all"]
CI: only run Debian'ish commands on jobs run on Debian'ish systems
2022-02-13 12:26:19 +00:00
extends:
tests: unify CI/CD preparation phase We now have GitLab CI/CD pipeline co-existing with spread, coupled with image-garden and the cloud-init profile defined for each distribution. To avoid duplicating list of required dependencies, re-use cloud-init profile as the reference list of dependencies (superset between build and test) to install. In addition to the dependency list, the build_all job now re-uses spread prepare section in similar fashion. If it builds in spread, it should build in CI as well. Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
2025-01-21 15:39:41 +01:00
- .ubuntu-common
CI: parallelize across multiple jobs, only install necessary dependencies
2022-02-13 09:02:58 +00:00
script:
GitLab CI: touch built files in test stages before running tests The artifact restoration step does not preserve mtime, resulting in source files newer than built files, resulting in a needless rebuild of everything before actually running the tests. Signed-off-by: Ryan Lee <ryan.lee@canonical.com>
2024-10-18 11:46:46 -07:00
# This is to touch the built files in the test stage to avoid needless rebuilding
- make -C parser --touch
Invoke tst_binaries target with parallelism in GitLab CI Signed-off-by: Ryan Lee <ryan.lee@canonical.com>
2024-10-18 11:34:36 -07:00
- make -C parser -j $(nproc) tst_binaries
CI: normalize indentation
2022-02-13 11:14:20 +00:00
- make -C parser check
CI: parallelize across multiple jobs, only install necessary dependencies
2022-02-13 09:02:58 +00:00
test-binutils:
stage: test
needs: ["build-all"]
CI: only run Debian'ish commands on jobs run on Debian'ish systems
2022-02-13 12:26:19 +00:00
extends:
tests: unify CI/CD preparation phase We now have GitLab CI/CD pipeline co-existing with spread, coupled with image-garden and the cloud-init profile defined for each distribution. To avoid duplicating list of required dependencies, re-use cloud-init profile as the reference list of dependencies (superset between build and test) to install. In addition to the dependency list, the build_all job now re-uses spread prepare section in similar fashion. If it builds in spread, it should build in CI as well. Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
2025-01-21 15:39:41 +01:00
- .ubuntu-common
CI: parallelize across multiple jobs, only install necessary dependencies
2022-02-13 09:02:58 +00:00
script:
CI: normalize indentation
2022-02-13 11:14:20 +00:00
- make -C binutils check
CI: parallelize across multiple jobs, only install necessary dependencies
2022-02-13 09:02:58 +00:00
test-utils:
stage: test
needs: ["build-all"]
CI: only run Debian'ish commands on jobs run on Debian'ish systems
2022-02-13 12:26:19 +00:00
extends:
tests: unify CI/CD preparation phase We now have GitLab CI/CD pipeline co-existing with spread, coupled with image-garden and the cloud-init profile defined for each distribution. To avoid duplicating list of required dependencies, re-use cloud-init profile as the reference list of dependencies (superset between build and test) to install. In addition to the dependency list, the build_all job now re-uses spread prepare section in similar fashion. If it builds in spread, it should build in CI as well. Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
2025-01-21 15:39:41 +01:00
- .ubuntu-common
CI: parallelize across multiple jobs, only install necessary dependencies
2022-02-13 09:02:58 +00:00
script:
GitLab CI: touch built files in test stages before running tests The artifact restoration step does not preserve mtime, resulting in source files newer than built files, resulting in a needless rebuild of everything before actually running the tests. Signed-off-by: Ryan Lee <ryan.lee@canonical.com>
2024-10-18 11:46:46 -07:00
# This is to touch the built files in the test stage to avoid needless rebuilding
- make -C utils --touch
tests: unify CI/CD preparation phase We now have GitLab CI/CD pipeline co-existing with spread, coupled with image-garden and the cloud-init profile defined for each distribution. To avoid duplicating list of required dependencies, re-use cloud-init profile as the reference list of dependencies (superset between build and test) to install. In addition to the dependency list, the build_all job now re-uses spread prepare section in similar fashion. If it builds in spread, it should build in CI as well. Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
2025-01-21 15:39:41 +01:00
# TODO: move those to cloud-init list?
tests: put logs from apt-get in a collapsed section This is a small quality-of-life improvement when looking at CI/CD logs on GitLab. Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
2025-01-21 17:46:04 +01:00
- printf '\e[0K%s:%s:%s[collapsed=true]\r\e[0K%s\n' section_start "$(date +%s)" install_extra_deps "Installing additional dependencies..."
aa-notify: Enhanced Graphical User Interfaces
2024-08-13 16:58:25 +00:00
- apt-get install --no-install-recommends -y libc6-dev libjs-jquery libjs-jquery-throttle-debounce libjs-jquery-isonscreen libjs-jquery-tablesorter flake8 python3-coverage python3-notify2 python3-psutil python3-setuptools python3-tk python3-ttkthemes python3-gi
tests: put logs from apt-get in a collapsed section This is a small quality-of-life improvement when looking at CI/CD logs on GitLab. Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
2025-01-21 17:46:04 +01:00
- printf '\e[0K%s:%s:%s\r\e[0K\n' section_end "$(date +%s)" install_extra_deps
aa-notify: Enhanced Graphical User Interfaces
2024-08-13 16:58:25 +00:00
CI: ensure test-utils runs all intended tests
2022-02-13 15:39:11 +00:00
# See apparmor/apparmor#221
- make -C parser/tst gen_dbus
- make -C parser/tst gen_xtrans
CI: normalize indentation
2022-02-13 11:14:20 +00:00
- make -C utils check
- make -C utils/test coverage-regression
Generate and keep html in utils coverage-regression We sometimes have random coverage changes that are not reproducible and therefore hard to debug. Generate html coverage as part of make coverage-regression, and keep the resulting utils/test/htmlcov/ as artifact to make debugging easier. coverage-html needs JS files from various libjs-* packages, install them in before_script
2021-07-13 12:21:52 +02:00
artifacts:
paths:
- utils/test/htmlcov/
CI: always collect test artifacts The default is to collect them on success, but that's not helpful to debug failure cases.
2021-08-15 16:28:35 +02:00
when: always
misc: add initial gitlab-ci.yml for running build/tests This commit adds an initial gitlab-ci.yml file to perform test builds and run tests on each commit. v2: add liblocale-gettext-perl dependency for parser simple test v3: - set noninteractive prompt to avoid debconf queries when installing packages - disable profiles test against aa-logprof; even if library and python path issues are resolved, aa-logprof early aborts due to being unable to find /sbin/apparmor_parser Signed-off-by: Steve Beattie <steve.beattie@canonical.com> Acked-by: Tyler Hicks <tyler.hicks@canonical.com> PR: https://gitlab.com/apparmor/apparmor/merge_requests/101
2018-04-18 22:04:23 -07:00
CI: parallelize across multiple jobs, only install necessary dependencies
2022-02-13 09:02:58 +00:00
test-mod-apparmor:
stage: test
needs: ["build-all"]
CI: only run Debian'ish commands on jobs run on Debian'ish systems
2022-02-13 12:26:19 +00:00
extends:
tests: unify CI/CD preparation phase We now have GitLab CI/CD pipeline co-existing with spread, coupled with image-garden and the cloud-init profile defined for each distribution. To avoid duplicating list of required dependencies, re-use cloud-init profile as the reference list of dependencies (superset between build and test) to install. In addition to the dependency list, the build_all job now re-uses spread prepare section in similar fashion. If it builds in spread, it should build in CI as well. Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
2025-01-21 15:39:41 +01:00
- .ubuntu-common
CI: parallelize across multiple jobs, only install necessary dependencies
2022-02-13 09:02:58 +00:00
script:
GitLab CI: touch built files in test stages before running tests The artifact restoration step does not preserve mtime, resulting in source files newer than built files, resulting in a needless rebuild of everything before actually running the tests. Signed-off-by: Ryan Lee <ryan.lee@canonical.com>
2024-10-18 11:46:46 -07:00
# This is to touch the built files in the test stage to avoid needless rebuilding
- make -C changehat/mod_apparmor --touch
CI: normalize indentation
2022-02-13 11:14:20 +00:00
- make -C changehat/mod_apparmor check
CI: parallelize across multiple jobs, only install necessary dependencies
2022-02-13 09:02:58 +00:00
test-profiles:
stage: test
needs: ["build-all"]
CI: only run Debian'ish commands on jobs run on Debian'ish systems
2022-02-13 12:26:19 +00:00
extends:
tests: unify CI/CD preparation phase We now have GitLab CI/CD pipeline co-existing with spread, coupled with image-garden and the cloud-init profile defined for each distribution. To avoid duplicating list of required dependencies, re-use cloud-init profile as the reference list of dependencies (superset between build and test) to install. In addition to the dependency list, the build_all job now re-uses spread prepare section in similar fashion. If it builds in spread, it should build in CI as well. Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
2025-01-21 15:39:41 +01:00
- .ubuntu-common
CI: parallelize across multiple jobs, only install necessary dependencies
2022-02-13 09:02:58 +00:00
script:
GitLab CI: touch built files in test stages before running tests The artifact restoration step does not preserve mtime, resulting in source files newer than built files, resulting in a needless rebuild of everything before actually running the tests. Signed-off-by: Ryan Lee <ryan.lee@canonical.com>
2024-10-18 11:46:46 -07:00
# This is to touch the built files in the test stage to avoid needless rebuilding
- make -C profiles --touch
CI: normalize indentation
2022-02-13 11:14:20 +00:00
- make -C profiles check-parser
- make -C profiles check-abstractions.d
profiles/Makefile: Clean up rules to better support extra profiles Rename the "check-extras" target to "check-local" as it is no longer limited to the extra profiles, and also fix a local include in the sbuild-shell profile so that it passes the newly-applied CI check.
2024-04-12 21:25:43 -04:00
- make -C profiles check-local
CI: parallelize across multiple jobs, only install necessary dependencies
2022-02-13 09:02:58 +00:00
Build regression tests in GitLab CI Signed-off-by: Ryan Lee <ryan.lee@canonical.com>
2024-11-07 11:47:55 -08:00
# Build the regression tests (don't run them because that needs kernel access)
test-build-regression:
stage: test
needs: ["build-all"]
extends:
tests: unify CI/CD preparation phase We now have GitLab CI/CD pipeline co-existing with spread, coupled with image-garden and the cloud-init profile defined for each distribution. To avoid duplicating list of required dependencies, re-use cloud-init profile as the reference list of dependencies (superset between build and test) to install. In addition to the dependency list, the build_all job now re-uses spread prepare section in similar fashion. If it builds in spread, it should build in CI as well. Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
2025-01-21 15:39:41 +01:00
- .ubuntu-common
Build regression tests in GitLab CI Signed-off-by: Ryan Lee <ryan.lee@canonical.com>
2024-11-07 11:47:55 -08:00
script:
tests: unify CI/CD preparation phase We now have GitLab CI/CD pipeline co-existing with spread, coupled with image-garden and the cloud-init profile defined for each distribution. To avoid duplicating list of required dependencies, re-use cloud-init profile as the reference list of dependencies (superset between build and test) to install. In addition to the dependency list, the build_all job now re-uses spread prepare section in similar fashion. If it builds in spread, it should build in CI as well. Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
2025-01-21 15:39:41 +01:00
# Additional dependencies required by regression tests
tests: put logs from apt-get in a collapsed section This is a small quality-of-life improvement when looking at CI/CD logs on GitLab. Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
2025-01-21 17:46:04 +01:00
- printf '\e[0K%s:%s:%s[collapsed=true]\r\e[0K%s\n' section_start "$(date +%s)" install_extra_deps "Installing additional dependencies..."
Add fuse_overlayfs to apt dependency list of Gitlab CI test-build-regression Signed-off-by: Ryan Lee <ryan.lee@canonical.com>
2025-01-23 17:35:09 -08:00
- apt-get install --no-install-recommends -y attr fuse-overlayfs libdbus-1-dev liburing-dev
tests: put logs from apt-get in a collapsed section This is a small quality-of-life improvement when looking at CI/CD logs on GitLab. Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
2025-01-21 17:46:04 +01:00
- printf '\e[0K%s:%s:%s\r\e[0K\n' section_end "$(date +%s)" install_extra_deps
Build regression tests in GitLab CI Signed-off-by: Ryan Lee <ryan.lee@canonical.com>
2024-11-07 11:47:55 -08:00
- make -C tests/regression/apparmor -j $(nproc)
tests: unify CI/CD preparation phase We now have GitLab CI/CD pipeline co-existing with spread, coupled with image-garden and the cloud-init profile defined for each distribution. To avoid duplicating list of required dependencies, re-use cloud-init profile as the reference list of dependencies (superset between build and test) to install. In addition to the dependency list, the build_all job now re-uses spread prepare section in similar fashion. If it builds in spread, it should build in CI as well. Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
2025-01-21 15:39:41 +01:00
CI: add shellcheck job, with minimum severity set to error We have way too many warnings to enable lower severity levels, but let's at least we don't introduce new errors.
2022-02-13 07:49:52 +00:00
shellcheck:
stage: test
needs: []
CI: only run Debian'ish commands on jobs run on Debian'ish systems
2022-02-13 12:26:19 +00:00
extends:
tests: unify CI/CD preparation phase We now have GitLab CI/CD pipeline co-existing with spread, coupled with image-garden and the cloud-init profile defined for each distribution. To avoid duplicating list of required dependencies, re-use cloud-init profile as the reference list of dependencies (superset between build and test) to install. In addition to the dependency list, the build_all job now re-uses spread prepare section in similar fashion. If it builds in spread, it should build in CI as well. Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
2025-01-21 15:39:41 +01:00
- .ubuntu-common
CI: add shellcheck job, with minimum severity set to error We have way too many warnings to enable lower severity levels, but let's at least we don't introduce new errors.
2022-02-13 07:49:52 +00:00
script:
tests: put logs from apt-get in a collapsed section This is a small quality-of-life improvement when looking at CI/CD logs on GitLab. Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
2025-01-21 17:46:04 +01:00
- printf '\e[0K%s:%s:%s[collapsed=true]\r\e[0K%s\n' section_start "$(date +%s)" install_extra_deps "Installing additional dependencies..."
gitlab-ci.yml: fix pipeline for ubuntu:latest (noble) Since we are using ubuntu:latest, and noble was released, some tests are failing. shellcheck needs python3 to run, which was possibly installed by default in previous ubuntu images and is no longer the case. Ignore dist-packages python files during our coverage tests. Fixes: https://gitlab.com/apparmor/apparmor/-/issues/388 Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com>
2024-04-30 16:46:32 -03:00
- apt-get install --no-install-recommends -y python3-minimal file shellcheck xmlstarlet
tests: put logs from apt-get in a collapsed section This is a small quality-of-life improvement when looking at CI/CD logs on GitLab. Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
2025-01-21 17:46:04 +01:00
- printf '\e[0K%s:%s:%s\r\e[0K\n' section_end "$(date +%s)" install_extra_deps
CI: add shellcheck job, with minimum severity set to error We have way too many warnings to enable lower severity levels, but let's at least we don't introduce new errors.
2022-02-13 07:49:52 +00:00
- shellcheck --version
CI: enable all shellcheck severity levels The few previous commits make this pass, let's profit.
2022-02-13 08:47:30 +00:00
- './tests/bin/shellcheck-tree --format=checkstyle
CI: add shellcheck job, with minimum severity set to error We have way too many warnings to enable lower severity levels, but let's at least we don't introduce new errors.
2022-02-13 07:49:52 +00:00
| xmlstarlet tr tests/checkstyle2junit.xslt
> shellcheck.xml'
artifacts:
when: always
reports:
junit: shellcheck.xml
misc: add initial gitlab-ci.yml for running build/tests This commit adds an initial gitlab-ci.yml file to perform test builds and run tests on each commit. v2: add liblocale-gettext-perl dependency for parser simple test v3: - set noninteractive prompt to avoid debconf queries when installing packages - disable profiles test against aa-logprof; even if library and python path issues are resolved, aa-logprof early aborts due to being unable to find /sbin/apparmor_parser Signed-off-by: Steve Beattie <steve.beattie@canonical.com> Acked-by: Tyler Hicks <tyler.hicks@canonical.com> PR: https://gitlab.com/apparmor/apparmor/merge_requests/101
2018-04-18 22:04:23 -07:00
# Disabled due to aa-logprof dependency on /sbin/apparmor_parser existing
CI: normalize indentation
2022-02-13 11:14:20 +00:00
# - make -C profiles check-profiles
misc: add initial gitlab-ci.yml for running build/tests This commit adds an initial gitlab-ci.yml file to perform test builds and run tests on each commit. v2: add liblocale-gettext-perl dependency for parser simple test v3: - set noninteractive prompt to avoid debconf queries when installing packages - disable profiles test against aa-logprof; even if library and python path issues are resolved, aa-logprof early aborts due to being unable to find /sbin/apparmor_parser Signed-off-by: Steve Beattie <steve.beattie@canonical.com> Acked-by: Tyler Hicks <tyler.hicks@canonical.com> PR: https://gitlab.com/apparmor/apparmor/merge_requests/101
2018-04-18 22:04:23 -07:00
# test-pam_apparmor:
# - stage: test
# - script:
# - cd changehat/pam_apparmor && make check
CI: enable SAST, Secret-Detection, and Dependency Scanning
2020-07-21 16:39:53 +00:00
include:
- template: SAST.gitlab-ci.yml
Revert "gitlab: testing: temporarily disable secret-detect" This reverts commit 8b4344c17bc180fda3b140167f861c4c4f5ed1e5.
2022-02-21 11:31:44 -08:00
- template: Secret-Detection.gitlab-ci.yml
CI: disable spotbugs SAST analyzer It requires building our Ant projects, which have not been touched in years.
2022-02-13 12:49:21 +00:00
variables:
CI: disable SemGrep SAST analyzer It runs the flawfinder checks, so let's disable this one for the same reason we disabled flawfinder.
2022-02-13 13:20:07 +00:00
SAST_EXCLUDED_ANALYZERS: "eslint,flawfinder,semgrep,spotbugs"
CI: don't run the Bandit SAST analyzer on our test suites Let's focus for now on code that runs on our users' systems.
2022-02-13 13:28:38 +00:00
SAST_BANDIT_EXCLUDED_PATHS: "*/tst/*, */test/*"
.gitlab-ci.yml: add support to run coverity Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com>
2023-03-27 10:05:40 -03:00
coverity:
stage: .post
extends:
tests: unify CI/CD preparation phase We now have GitLab CI/CD pipeline co-existing with spread, coupled with image-garden and the cloud-init profile defined for each distribution. To avoid duplicating list of required dependencies, re-use cloud-init profile as the reference list of dependencies (superset between build and test) to install. In addition to the dependency list, the build_all job now re-uses spread prepare section in similar fashion. If it builds in spread, it should build in CI as well. Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
2025-01-21 15:39:41 +01:00
- .ubuntu-common
.gitlab-ci.yml: add support to run coverity Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com>
2023-03-27 10:05:40 -03:00
script:
tests: put logs from apt-get in a collapsed section This is a small quality-of-life improvement when looking at CI/CD logs on GitLab. Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
2025-01-21 17:46:04 +01:00
- printf '\e[0K%s:%s:%s[collapsed=true]\r\e[0K%s\n' section_start "$(date +%s)" install_extra_deps "Installing additional dependencies..."
.gitlab-ci.yml: add support to run coverity Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com>
2023-03-27 10:05:40 -03:00
- apt-get install --no-install-recommends -y curl git texlive-latex-recommended
tests: put logs from apt-get in a collapsed section This is a small quality-of-life improvement when looking at CI/CD logs on GitLab. Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
2025-01-21 17:46:04 +01:00
- printf '\e[0K%s:%s:%s\r\e[0K\n' section_end "$(date +%s)" install_extra_deps
.gitlab-ci.yml: add support to run coverity Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com>
2023-03-27 10:05:40 -03:00
- curl -o /tmp/cov-analysis-linux64.tgz https://scan.coverity.com/download/linux64
--form project=$COVERITY_SCAN_PROJECT_NAME --form token=$COVERITY_SCAN_TOKEN
- tar xfz /tmp/cov-analysis-linux64.tgz
- COV_VERSION=$(ls -dt cov-analysis-linux64-* | head -1)
- PATH=$PATH:$(pwd)/$COV_VERSION/bin
- make coverity
tests: inline .send-to-coverity command There is no other use of this yaml fragment in the project so inline it for simplicity. Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
2025-01-20 14:06:49 +01:00
- curl https://scan.coverity.com/builds?project=$COVERITY_SCAN_PROJECT_NAME
--form token=$COVERITY_SCAN_TOKEN --form email=$GITLAB_USER_EMAIL
--form file=@$(ls apparmor-*-cov-int.tar.gz) --form version="$(git describe --tags)"
--form description="$(git describe --tags) / $CI_COMMIT_TITLE / $CI_COMMIT_REF_NAME:$CI_PIPELINE_ID"
.gitlab-ci.yml: add support to run coverity Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com>
2023-03-27 10:05:40 -03:00
artifacts:
paths:
- "apparmor-*.tar.gz"
tests: rewrite coverity job to avoid deprecated "only" feature The "only" feature has been deprecated for a while. The standard replacement is the rules:if feature. Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
2025-01-20 14:05:52 +01:00
rules:
- if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH && $CI_PROJECT_PATH == "apparmor/apparmor"
Reference in a new issue Copy permalink