2022-05-05 19:13:23 +02:00
# Define slightly different stages.
# Additionally, lint the code before anything else to fail more quickly
stages :
- lint
2023-01-02 04:59:09 +01:00
- check
2022-05-05 19:13:23 +02:00
- build
- test
- release
- dockerify
default :
2023-01-02 04:59:09 +01:00
image : "registry.gitlab.com/fabinfra/rust-builder:latest"
2022-05-05 19:13:23 +02:00
tags :
- linux
- docker
2023-01-02 04:59:09 +01:00
- fabinfra
2020-09-16 12:41:05 +02:00
variables :
GIT_SUBMODULE_STRATEGY : recursive
2022-05-05 19:13:23 +02:00
CARGO_HOME : $CI_PROJECT_DIR/cargo
2020-09-16 12:41:05 +02:00
APT_CACHE_DIR : $CI_PROJECT_DIR/apt
2023-01-02 04:59:09 +01:00
FF_USE_FASTZIP : "true" # enable fastzip - a faster zip implementation that also supports level configuration.
ARTIFACT_COMPRESSION_LEVEL : fast # can also be set to fastest, fast, slow and slowest. If just enabling fastzip is not enough try setting this to fastest or fast.
CACHE_COMPRESSION_LEVEL : fastest # same as above, but for caches
TRANSFER_METER_FREQUENCY : 5s # will display transfer progress every 5 seconds for artifacts and remote caches.
2020-09-16 12:41:05 +02:00
2022-05-05 19:13:23 +02:00
# cache dependencies and build environment to speed up setup
cache :
key : "$CI_COMMIT_REF_SLUG"
paths :
- apt/
- cargo/
- target/
2020-09-16 12:41:05 +02:00
2022-05-05 19:25:06 +02:00
.lints :
2022-05-05 19:13:23 +02:00
stage : lint
2020-09-16 12:41:05 +02:00
allow_failure : true
2020-09-17 15:01:55 +02:00
only :
- merge_requests
2020-09-16 12:41:05 +02:00
2022-05-05 19:13:23 +02:00
# Use clippy lints
lint:clippy :
extends : .lints
script :
2022-05-05 21:17:52 +02:00
- cargo clippy -V
2022-05-05 22:07:21 +02:00
- echo -e "\e[0Ksection_start:`date +%s`:clippy_output\r\e[0Kcargo clippy output"
2022-05-05 21:17:52 +02:00
- cargo clippy -- --no-deps
2022-05-05 19:13:23 +02:00
- echo -e "\e[0Ksection_end:`date +%s`:clippy_output\r\e[0K"
# Use rustfmt to check formating
2020-09-16 12:41:05 +02:00
lint:fmt :
2022-05-05 19:13:23 +02:00
extends : .lints
2020-09-16 12:41:05 +02:00
script :
2022-05-05 21:17:52 +02:00
- cargo fmt --version
2022-05-05 19:13:23 +02:00
- echo -e "\e[0Ksection_start:`date +%s`:rustfmt_output\r\e[0KChanges suggested by rustfmt"
2022-05-05 21:17:52 +02:00
- cargo fmt --check -- -v
2022-05-05 19:13:23 +02:00
- echo -e "\e[0Ksection_end:`date +%s`:rustfmt_output\r\e[0K"
2022-05-05 19:37:35 +02:00
# Check if the code builds on rust stable
2023-01-02 04:59:09 +01:00
stable:check :
stage : check
2022-05-05 21:09:12 +02:00
only :
- main
- development
- merge_requests
2020-09-16 12:41:05 +02:00
script :
2022-05-05 21:17:52 +02:00
- rustc +stable --version && cargo --version
2022-05-05 22:07:21 +02:00
- echo -e "\e[0Ksection_start:`date +%s`:build_output\r\e[0KOutput of cargo check"
2022-05-05 21:17:52 +02:00
- cargo check --verbose
2022-05-05 19:13:23 +02:00
- echo -e "\e[0Ksection_end:`date +%s`:build_output\r\e[0K"
2022-05-05 21:06:13 +02:00
2023-01-02 04:59:09 +01:00
# Check if the code builds on rust stable on armv7
stable:check:armhf :
stage : check
only :
- main
- development
- merge_requests
before_script :
- mkdir -p $CARGO_HOME
- cp cargo-cross-config $CARGO_HOME/config.toml
script :
- rustc +stable --version && cargo --version
- echo -e "\e[0Ksection_start:`date +%s`:build_output\r\e[0KOutput of cargo check with target armv7-unknown-linux-gnueabihf"
- cargo check --verbose --target armv7-unknown-linux-gnueabihf
- echo -e "\e[0Ksection_end:`date +%s`:build_output\r\e[0K"
# Check if the code builds on rust stable on arm64
stable:check:arm64 :
stage : check
only :
- main
- development
- merge_requests
before_script :
- mkdir -p $CARGO_HOME
- cp cargo-cross-config $CARGO_HOME/config.toml
script :
- rustc +stable --version && cargo --version
- echo -e "\e[0Ksection_start:`date +%s`:build_output\r\e[0KOutput of cargo check with target aarch64-unknown-linux-gnu"
- cargo check --verbose --target aarch64-unknown-linux-gnu
- echo -e "\e[0Ksection_end:`date +%s`:build_output\r\e[0K"
# Check if the code builds on rust stable
stable:build:amd64 :
stage : build
only :
- main
- development
- merge_requests
script :
- rustc +stable --version && cargo --version
- echo -e "\e[0Ksection_start:`date +%s`:build_output\r\e[0KOutput of cargo build with target x86_64-unknown-linux-gnu"
- cargo build --release --target x86_64-unknown-linux-gnu
- echo -e "\e[0Ksection_end:`date +%s`:build_output\r\e[0K"
artifacts :
paths :
- target/x86_64-unknown-linux-gnu/release/bffhd
# Check if the code builds on rust stable on armv7
stable:build:armhf :
stage : build
only :
- main
- development
before_script :
- mkdir -p $CARGO_HOME
- cp cargo-cross-config $CARGO_HOME/config.toml
script :
- rustc +stable --version && cargo --version
- echo -e "\e[0Ksection_start:`date +%s`:build_output\r\e[0KOutput of cargo build with target armv7-unknown-linux-gnueabihf"
- cargo build --release --target armv7-unknown-linux-gnueabihf
- echo -e "\e[0Ksection_end:`date +%s`:build_output\r\e[0K"
artifacts :
paths :
- target/armv7-unknown-linux-gnueabihf/release/bffhd
# Check if the code builds on rust stable on arm64
stable:build:arm64 :
stage : build
only :
- main
- development
before_script :
- mkdir -p $CARGO_HOME
- cp cargo-cross-config $CARGO_HOME/config.toml
script :
- rustc +stable --version && cargo --version
- echo -e "\e[0Ksection_start:`date +%s`:build_output\r\e[0KOutput of cargo build with target aarch64-unknown-linux-gnu"
- cargo build --release --target aarch64-unknown-linux-gnu
- echo -e "\e[0Ksection_end:`date +%s`:build_output\r\e[0K"
artifacts :
paths :
- target/aarch64-unknown-linux-gnu/release/bffhd
2022-05-05 21:06:13 +02:00
stable:test :
stage : build
2023-01-02 04:59:09 +01:00
needs : [ "stable:check" ]
2022-05-05 21:06:13 +02:00
only :
- main
- development
- merge_requests
script :
2022-05-05 22:07:21 +02:00
- echo -e "\e[0Ksection_start:`date +%s`:build_output\r\e[0KOutput of cargo test --no-run"
2022-05-05 21:17:52 +02:00
- cargo test --verbose --no-run --workspace
2022-05-05 19:13:23 +02:00
.tests :
stage : test
2022-05-05 21:06:13 +02:00
needs : [ "stable:test" ]
2022-05-05 19:13:23 +02:00
script :
2023-01-02 04:59:09 +01:00
- cargo test --workspace $TEST_TARGET -- -Z unstable-options --format json --report-time | cargo2junit > report.xml
2022-05-05 19:13:23 +02:00
artifacts :
when : always
reports :
junit :
- report.xml
2022-05-05 19:40:54 +02:00
only :
- main
- development
- merge_requests
2022-05-05 19:13:23 +02:00
# Run unit tests
2022-05-05 19:40:54 +02:00
unit test 1:3 :
2022-05-05 19:13:23 +02:00
variables :
TEST_TARGET : "--lib"
extends : .tests
2022-05-05 19:40:54 +02:00
unit test 2:3 :
2022-05-05 19:13:23 +02:00
variables :
TEST_TARGET : "--bins"
extends : .tests
2022-05-05 19:40:54 +02:00
unit test 3:3 :
2022-05-05 19:13:23 +02:00
variables :
TEST_TARGET : "--examples"
extends : .tests
2023-01-02 04:59:09 +01:00
upload_binaries :
stage : release
image : curlimages/curl:latest
before_script : [ ]
cache : [ ]
dependencies :
- stable:build:amd64
- stable:build:armhf
- stable:build:arm64
script :
- 'curl --header "JOB-TOKEN: $CI_JOB_TOKEN" --upload-file target/aarch64-unknown-linux-gnu/release/bffhd "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/bffhd/${CI_COMMIT_TAG}/bffhd_${VERSION}_linux_arm64"'
- 'curl --header "JOB-TOKEN: $CI_JOB_TOKEN" --upload-file target/x86_64-unknown-linux-gnu/release/bffhd "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/bffhd/${CI_COMMIT_TAG}/bffhd_${VERSION}_linux_amd64"'
- 'curl --header "JOB-TOKEN: $CI_JOB_TOKEN" --upload-file target/armv7-unknown-linux-gnueabihf/release/bffhd "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/bffhd/${VERSION}/bffhd_${VERSION}_linux_arm"'
rules :
- if : $CI_COMMIT_TAG =~ "release/.*"
when : never
- if : $CI_COMMIT_BRANCH == "main"
2022-05-05 19:13:23 +02:00
release_prepare :
stage : release
rules :
- if : $CI_COMMIT_TAG =~ "release/.*"
when : never
- if : $CI_COMMIT_BRANCH == "main"
script :
- VERSION="cargo metadata --format-version 1 | jq -C '.packages | .[] | select(.name == "diflouroborane") | .version' -r"
- echo $VERSION > release.env
artifacts :
reports :
dotenv : release.env
release_job :
stage : release
needs :
- job : release_prepare
artifacts : true
image : registry.gitlab.com/gitlab-org/release-cli:latest
rules :
- if : $CI_COMMIT_TAG =~ "release/.*"
when : never
- if : $CI_COMMIT_BRANCH == "main"
script :
- echo "Creating GitLab release…"
release :
name : "BFFH $VERSION"
description : "GitLab CI auto-created release"
tag_name : "release/$VERSION"
2023-01-02 04:59:09 +01:00
assets :
links :
- name : 'bffhd AMD64'
url : "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/bffhd/${VERSION}/bffhd_${VERSION}_linux_amd64"
- name : 'bffhd ARMv7'
url : "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/bffhd/${VERSION}/bffhd_${VERSION}_linux_arm"
- name : 'bffhd ARM64'
url : "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/bffhd/${VERSION}/bffhd_${VERSION}_linux_arm64"
2020-10-06 14:43:40 +02:00
build:docker-releases :
2022-05-05 19:13:23 +02:00
stage : dockerify
2023-01-02 04:59:09 +01:00
image : jdrouet/docker-with-buildx:latest
dependencies :
- stable:build:amd64
- stable:build:armhf
- stable:build:arm64
tags :
- linux
- docker
- fabinfra
variables :
DOCKER_HOST : tcp://docker:2375/
DOCKER_DRIVER : overlay2
DOCKER_TLS_CERTDIR : ""
TRIVY_NO_PROGRESS : "true"
TRIVY_CACHE_DIR : ".trivycache/"
services :
- docker:dind
2020-10-06 15:28:10 +02:00
before_script :
2023-01-02 04:59:09 +01:00
- export TRIVY_VERSION=$(wget -qO - "https://api.github.com/repos/aquasecurity/trivy/releases/latest" | grep '"tag_name":' | sed -E 's/.*"v([^"]+)".*/\1/')
- echo $TRIVY_VERSION
- wget --no-verbose https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz -O - | tar -zxvf -
2020-10-06 14:43:40 +02:00
script :
2023-01-02 04:59:09 +01:00
- docker login $CI_REGISTRY -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD"
- docker run --rm --privileged multiarch/qemu-user-static --reset -p yes
- docker buildx create --name cibuilder --driver docker-container --use
- docker buildx ls
- docker buildx inspect --bootstrap
- docker buildx build --platform linux/arm/v7,linux/arm64,linux/amd64 -t $CI_REGISTRY_IMAGE:$CI_COMMIT_TAG .
- docker buildx build --load --platform linux/amd64 -t $CI_REGISTRY_IMAGE:$CI_COMMIT_TAG .
# Build report
- ./trivy image --exit-code 0 --format template --template "@contrib/gitlab.tpl" -o gl-container-scanning-report.json $CI_REGISTRY_IMAGE:$CI_COMMIT_TAG
# Print report
- ./trivy image --exit-code 0 --severity HIGH $CI_REGISTRY_IMAGE:$CI_COMMIT_TAG
# Fail on severe vulnerabilities
- ./trivy image --exit-code 1 --severity CRITICAL $CI_REGISTRY_IMAGE:$CI_COMMIT_TAG
- docker push $CI_REGISTRY_IMAGE:$CI_COMMIT_TAG
cache :
paths :
- .trivycache/
artifacts :
reports :
container_scanning : gl-container-scanning-report.json
2022-05-05 19:13:23 +02:00
rules :
- if : $CI_COMMIT_TAG =~ "release/.*"
2022-05-05 19:28:40 +02:00
when : never
2020-10-06 14:43:40 +02:00
build:docker-development :
2022-05-05 19:13:23 +02:00
stage : dockerify
2023-01-02 04:59:09 +01:00
image : jdrouet/docker-with-buildx:latest
dependencies :
- stable:build:amd64
- stable:build:armhf
- stable:build:arm64
tags :
- linux
- docker
- fabinfra
variables :
DOCKER_HOST : tcp://docker:2375/
DOCKER_DRIVER : overlay2
DOCKER_TLS_CERTDIR : ""
TRIVY_NO_PROGRESS : "true"
TRIVY_CACHE_DIR : ".trivycache/"
services :
- docker:dind
2020-10-06 15:28:10 +02:00
before_script :
2023-01-02 04:59:09 +01:00
- export TRIVY_VERSION=$(wget -qO - "https://api.github.com/repos/aquasecurity/trivy/releases/latest" | grep '"tag_name":' | sed -E 's/.*"v([^"]+)".*/\1/')
- echo $TRIVY_VERSION
- wget --no-verbose https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz -O - | tar -zxvf -
2020-10-06 14:43:40 +02:00
script :
2023-01-02 04:59:09 +01:00
- docker login $CI_REGISTRY -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD"
- docker run --rm --privileged multiarch/qemu-user-static --reset -p yes
- docker buildx create --name cibuilder --driver docker-container --use
- docker buildx ls
- docker buildx inspect --bootstrap
- docker buildx build --platform linux/arm/v7,linux/arm64,linux/amd64 -t $CI_REGISTRY_IMAGE:development .
- docker buildx build --load --platform linux/amd64 -t $CI_REGISTRY_IMAGE:development .
# Build report
- ./trivy image --exit-code 0 --format template --template "@contrib/gitlab.tpl" -o gl-container-scanning-report.json $CI_REGISTRY_IMAGE:development
# Print report
- ./trivy image --exit-code 0 --severity HIGH $CI_REGISTRY_IMAGE:development
# Fail on severe vulnerabilities
- ./trivy image --exit-code 1 --severity CRITICAL $CI_REGISTRY_IMAGE:development
- docker push $CI_REGISTRY_IMAGE:development
cache :
paths :
- .trivycache/
artifacts :
reports :
container_scanning : gl-container-scanning-report.json
2020-10-06 14:43:40 +02:00
only :
2022-05-05 19:40:54 +02:00
- development