mirror of
https://gitlab.com/apparmor/apparmor.git
synced 2025-03-04 00:14:44 +01:00
8655cf162a
It reports hundreds of issues, lots of them with critical severity. The GitLab UI allows dismissing them one-by-one very quickly, but I'm not a good person to do that. Let's try to have a better signal/noise ratio for this first iteration.
137 lines
3.3 KiB
YAML
137 lines
3.3 KiB
YAML
---
|
|
image: ubuntu:latest
|
|
|
|
# XXX - add a deploy stage to publish man pages, docs, and coverage
|
|
# reports
|
|
|
|
stages:
|
|
- build
|
|
- test
|
|
|
|
.ubuntu-before_script:
|
|
before_script:
|
|
- export DEBIAN_FRONTEND=noninteractive
|
|
- apt-get update -qq
|
|
- apt-get install --no-install-recommends -y gcc perl liblocale-gettext-perl linux-libc-dev lsb-release make
|
|
- lsb_release -a
|
|
- uname -a
|
|
|
|
.install-c-build-deps: &install-c-build-deps
|
|
- apt-get install --no-install-recommends -y build-essential apache2-dev autoconf automake bison dejagnu flex libpam-dev libtool pkg-config python3-all-dev python3-setuptools ruby-dev swig zlib1g-dev
|
|
|
|
build-all:
|
|
stage: build
|
|
extends:
|
|
- .ubuntu-before_script
|
|
artifacts:
|
|
name: ${CI_COMMIT_REF_NAME}-${CI_COMMIT_SHA}
|
|
expire_in: 30 days
|
|
untracked: true
|
|
paths:
|
|
- libraries/libapparmor/
|
|
- parser/
|
|
- binutils/
|
|
- utils/
|
|
- changehat/mod_apparmor/
|
|
- changehat/pam_apparmor/
|
|
- profiles/
|
|
script:
|
|
- *install-c-build-deps
|
|
- cd libraries/libapparmor && ./autogen.sh && ./configure --with-perl --with-python --prefix=/usr && make && cd ../.. || { cat config.log ; exit 1 ; }
|
|
- make -C parser
|
|
- make -C binutils
|
|
- make -C utils
|
|
- make -C changehat/mod_apparmor
|
|
- make -C changehat/pam_apparmor
|
|
- make -C profiles
|
|
|
|
test-libapparmor:
|
|
stage: test
|
|
needs: ["build-all"]
|
|
extends:
|
|
- .ubuntu-before_script
|
|
script:
|
|
- *install-c-build-deps
|
|
- make -C libraries/libapparmor check
|
|
|
|
test-parser:
|
|
stage: test
|
|
needs: ["build-all"]
|
|
extends:
|
|
- .ubuntu-before_script
|
|
script:
|
|
- *install-c-build-deps
|
|
- make -C parser check
|
|
|
|
test-binutils:
|
|
stage: test
|
|
needs: ["build-all"]
|
|
extends:
|
|
- .ubuntu-before_script
|
|
script:
|
|
- make -C binutils check
|
|
|
|
test-utils:
|
|
stage: test
|
|
needs: ["build-all"]
|
|
extends:
|
|
- .ubuntu-before_script
|
|
script:
|
|
- apt-get install --no-install-recommends -y libc6-dev libjs-jquery libjs-jquery-throttle-debounce libjs-jquery-isonscreen libjs-jquery-tablesorter pyflakes3 python3-coverage python3-notify2 python3-psutil
|
|
# See apparmor/apparmor#221
|
|
- make -C parser/tst gen_dbus
|
|
- make -C parser/tst gen_xtrans
|
|
- make -C utils check
|
|
- make -C utils/test coverage-regression
|
|
artifacts:
|
|
paths:
|
|
- utils/test/htmlcov/
|
|
when: always
|
|
|
|
test-mod-apparmor:
|
|
stage: test
|
|
needs: ["build-all"]
|
|
extends:
|
|
- .ubuntu-before_script
|
|
script:
|
|
- make -C changehat/mod_apparmor check
|
|
|
|
test-profiles:
|
|
stage: test
|
|
needs: ["build-all"]
|
|
extends:
|
|
- .ubuntu-before_script
|
|
script:
|
|
- make -C profiles check-parser
|
|
- make -C profiles check-abstractions.d
|
|
|
|
shellcheck:
|
|
stage: test
|
|
needs: []
|
|
extends:
|
|
- .ubuntu-before_script
|
|
script:
|
|
- apt-get install --no-install-recommends -y file shellcheck xmlstarlet
|
|
- shellcheck --version
|
|
- './tests/bin/shellcheck-tree --format=checkstyle
|
|
| xmlstarlet tr tests/checkstyle2junit.xslt
|
|
> shellcheck.xml'
|
|
artifacts:
|
|
when: always
|
|
reports:
|
|
junit: shellcheck.xml
|
|
|
|
# Disabled due to aa-logprof dependency on /sbin/apparmor_parser existing
|
|
# - make -C profiles check-profiles
|
|
|
|
# test-pam_apparmor:
|
|
# - stage: test
|
|
# - script:
|
|
# - cd changehat/pam_apparmor && make check
|
|
|
|
include:
|
|
- template: SAST.gitlab-ci.yml
|
|
- template: Secret-Detection.gitlab-ci.yml
|
|
|
|
variables:
|
|
SAST_EXCLUDED_ANALYZERS: "flawfinder,spotbugs"
|