-
Notifications
You must be signed in to change notification settings - Fork 4
/
.gitlab-ci.yml
189 lines (169 loc) · 5.59 KB
/
.gitlab-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
variables:
RUST_BACKTRACE: full
stages:
- check
- test
- signstaros
- publish
- report
- pages
# default setup running on default branch and in MRs
.all-default:
before_script:
- pacman-key --init
- pacman -Sy --needed --noconfirm archlinux-keyring
- source .env && pacman -Syu --needed --noconfirm $PACMAN_PACKAGES
- just install-rust-dev-tools
rules:
- if: $CI_PIPELINE_SOURCE == "merge_request_event"
- if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
# default setup with Rust tools running on default branch and in MRs
.all-default-rust:
before_script:
- pacman-key --init
- pacman -Sy --needed --noconfirm archlinux-keyring
- source .env && pacman -Syu --needed --noconfirm $PACMAN_PACKAGES
- just install-rust-dev-tools
rules:
- if: $CI_PIPELINE_SOURCE == "merge_request_event"
- if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
# default setup running in MRs
.mr-default:
before_script:
- pacman-key --init
- pacman -Sy --needed --noconfirm archlinux-keyring
- source .env && pacman -Syu --needed --noconfirm $PACMAN_PACKAGES
rules:
- if: $CI_PIPELINE_SOURCE == "merge_request_event"
check-commits:
extends: .mr-default
script:
# fetch the default branch as we need it for comparison
- git fetch origin $CI_DEFAULT_BRANCH
# setup a dummy user as `cog verify` needs that
- git config --local user.name "Foobar McFooface"
- git config --local user.email "[email protected]"
- just check-commits
stage: check
spelling:
extends: .all-default
script:
- just check-spelling
stage: check
formatting:
extends: .all-default-rust
script:
- just check-formatting
stage: check
lint:
extends: .all-default-rust
script:
- just lint
stage: check
unused-deps:
extends: .all-default-rust
script:
- just check-unused-deps
stage: check
dependencies:
extends: .all-default-rust
script:
- just check-dependencies
stage: check
licenses:
extends: .all-default-rust
script:
- just check-licenses
stage: check
links:
extends: .all-default-rust
script:
- just check-links
stage: check
test:
extends: .all-default-rust
script:
- just test
stage: test
integration-test:
extends: .all-default
script:
- useradd -m testuser
- chown -R testuser:testuser .
- WORKDIR="$(pwd)" runuser -w WORKDIR -l testuser -c 'env && cd "$WORKDIR" && just install-rust-dev-tools && just ignored=true test'
stage: test
tags:
- vm
test-readmes:
extends: .all-default
script:
- useradd -m testuser
- chown -R testuser:testuser .
- WORKDIR="$(pwd)" runuser -w WORKDIR -l testuser -c 'env && cd "$WORKDIR" && just install-rust-dev-tools && just test-readmes'
stage: test
tags:
- vm
build-image:
extends: .all-default
script:
- useradd -m testuser
- chown -R testuser:testuser .
# prepare an ephemeral OpenPGP signing key
- WORKDIR="$(pwd)" runuser -w WORKDIR -l testuser -c 'cd "$WORKDIR" && rsop generate-key test > test.tsk && rsop extract-cert > test.pgp < test.tsk && echo msg | rsop sign test.tsk > msg.sig && echo msg | rsop verify msg.sig test.pgp | cut -d " " -f2 > fingerprint.txt && gpg --import test.tsk'
# clone latest mkosi as we currently require some of its features and fixes
- WORKDIR="$(pwd)" runuser -w WORKDIR -l testuser -c 'cd "$WORKDIR" && git clone https://github.com/systemd/mkosi'
- WORKDIR="$(pwd)" runuser -w WORKDIR -l testuser -c 'cd "$WORKDIR" && PATH="$(pwd)/mkosi/bin:$PATH" mkosi --version && PATH="$(pwd)/mkosi/bin:$PATH" just build-image "$(cat fingerprint.txt)"'
stage: signstaros
tags:
- vm
build-test-image:
extends: .all-default
script:
- useradd -m testuser
- chown -R testuser:testuser .
# prepare an ephemeral OpenPGP signing key
- WORKDIR="$(pwd)" runuser -w WORKDIR -l testuser -c 'cd "$WORKDIR" && rsop generate-key test > test.tsk && rsop extract-cert > test.pgp < test.tsk && echo msg | rsop sign test.tsk > msg.sig && echo msg | rsop verify msg.sig test.pgp | cut -d " " -f2 > fingerprint.txt && gpg --import test.tsk'
# install required Rust toolchain
- WORKDIR="$(pwd)" runuser -w WORKDIR -l testuser -c 'cd "$WORKDIR" && just install-rust-dev-tools'
# clone latest mkosi as we currently require some of its features and fixes
- WORKDIR="$(pwd)" runuser -w WORKDIR -l testuser -c 'cd "$WORKDIR" && git clone https://github.com/systemd/mkosi'
- WORKDIR="$(pwd)" runuser -w WORKDIR -l testuser -c 'cd "$WORKDIR" && PATH="$(pwd)/mkosi/bin:$PATH" mkosi --version && PATH="$(pwd)/mkosi/bin:$PATH" just build-test-image "$(cat fingerprint.txt)"'
stage: signstaros
tags:
- vm
crates_publish:
before_script:
- pacman-key --init
- pacman -Sy --needed --noconfirm archlinux-keyring
- source .env && pacman -Syu --needed --noconfirm $PACMAN_PACKAGES
- just install-rust-dev-tools
dependencies: []
rules:
- if: '$CARGO_REGISTRY_TOKEN && $CI_COMMIT_TAG && $CI_PROJECT_PATH == "archlinux/signstar"'
script:
- just ci-publish
stage: publish
tags:
- secure
issue-bot:
stage: report
image: registry.gitlab.com/gitlab-org/distribution/issue-bot:latest
script: /issue-bot
rules:
- if: $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH
when: on_failure
pages:
before_script:
- pacman-key --init
- pacman -Sy --needed --noconfirm archlinux-keyring
- source .env && pacman -Syu --needed --noconfirm $PACMAN_PACKAGES
- just install-rust-dev-tools
stage: pages
script:
- just build-book
artifacts:
paths:
- output/docs
publish: output/docs
rules:
- if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH