You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
287 lines
7.1 KiB
287 lines
7.1 KiB
# Copyright (c) 2022 Proton Technologies AG |
|
# |
|
# This file is part of ProtonMail Bridge. |
|
# |
|
# ProtonMail Bridge is free software: you can redistribute it and/or modify |
|
# it under the terms of the GNU General Public License as published by |
|
# the Free Software Foundation, either version 3 of the License, or |
|
# (at your option) any later version. |
|
# |
|
# ProtonMail Bridge is distributed in the hope that it will be useful, |
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
# GNU General Public License for more details. |
|
# |
|
# You should have received a copy of the GNU General Public License |
|
# along with ProtonMail Bridge. If not, see <https://www.gnu.org/licenses/>. |
|
|
|
--- |
|
image: gitlab.protontech.ch:4567/go/bridge-internal:latest |
|
|
|
before_script: |
|
- eval $(ssh-agent -s) |
|
- echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add - > /dev/null |
|
|
|
- mkdir -p .cache/bin |
|
- export PATH=$(pwd)/.cache/bin:$PATH |
|
- export GOPATH="$CI_PROJECT_DIR/.cache" |
|
|
|
- make install-dev-dependencies |
|
|
|
cache: |
|
key: go-mod |
|
paths: |
|
- .cache |
|
policy: pull |
|
|
|
stages: |
|
- cache |
|
- test |
|
- build |
|
- check |
|
- mirror |
|
|
|
# Stage: CACHE |
|
|
|
# This will ensure latest dependency versions and updates the cache for |
|
# all other following jobs which only pull the cache. |
|
cache-push: |
|
stage: cache |
|
only: |
|
- branches |
|
script: |
|
- echo "" |
|
cache: |
|
key: go-mod |
|
paths: |
|
- .cache |
|
|
|
# Stage: TEST |
|
|
|
lint: |
|
stage: test |
|
only: |
|
- branches |
|
before_script: |
|
- mkdir -p .cache/bin |
|
- export PATH=$(pwd)/.cache/bin:$PATH |
|
- export GOPATH="$CI_PROJECT_DIR/.cache" |
|
script: |
|
- env GOMAXPROCS=$(( ${CI_TAG_CPU} / 2 )) make lint |
|
tags: |
|
- medium |
|
|
|
test-linux: |
|
stage: test |
|
only: |
|
- branches |
|
script: |
|
- apt-get -y install pass gnupg rng-tools |
|
# First have enough of entropy (cat /proc/sys/kernel/random/entropy_avail). |
|
- rngd -r /dev/urandom |
|
# Generate GPG key without password for the password manager. |
|
- gpg --batch --yes --passphrase '' --quick-generate-key 'tester@example.com' |
|
# Use the last created GPG ID for the password manager. |
|
- pass init `gpg --list-keys | grep "^ " | tail -1 | tr -d '[:space:]'` |
|
# Then finally run the tests |
|
- make test |
|
tags: |
|
- medium |
|
|
|
test-windows: |
|
extends: .build-windows-base |
|
stage: test |
|
only: |
|
- branches |
|
script: |
|
- make test |
|
|
|
test-integration: |
|
stage: test |
|
only: |
|
- branches |
|
script: |
|
- VERBOSITY=debug make -C test test |
|
tags: |
|
- large |
|
|
|
dependency-updates: |
|
stage: test |
|
script: |
|
- "echo 'NOTE: Do not run on go1.15 ( 'if...' can be removed once fully updated to go1.18)'" |
|
- if [ 18 -le $(go version | cut -d. -f2 | cut -d " " -f1) ]; then make updates; fi |
|
|
|
# Stage: BUILD |
|
|
|
build-qml: |
|
tags: |
|
- small |
|
only: |
|
- branches |
|
stage: build |
|
artifacts: |
|
name: "bridge-qml-$CI_COMMIT_SHORT_SHA" |
|
expire_in: 1 day |
|
paths: |
|
- bridge_qml.tgz |
|
script: |
|
- cd internal/frontend/qml |
|
- tar -cvzf ../../../bridge_qml.tgz ./* |
|
|
|
|
|
.build-base: |
|
stage: build |
|
only: |
|
- manual |
|
before_script: |
|
- mkdir -p .cache/bin |
|
- export PATH=$(pwd)/.cache/bin:$PATH |
|
- export GOPATH="$CI_PROJECT_DIR/.cache" |
|
script: |
|
- make build |
|
- git diff && git diff-index --quiet HEAD |
|
artifacts: |
|
# Note: The latest artifacts for refs are locked against deletion, and kept |
|
# regardless of the expiry time. Introduced in GitLab 13.0 behind a |
|
# disabled feature flag, and made the default behavior in GitLab 13.4. |
|
expire_in: 1 day |
|
when: always |
|
paths: |
|
- bridge_*.tgz |
|
tags: |
|
- large |
|
|
|
build-linux: |
|
extends: .build-base |
|
artifacts: |
|
name: "bridge-linux-$CI_COMMIT_SHORT_SHA" |
|
|
|
build-linux-qa: |
|
extends: build-linux |
|
only: |
|
- web |
|
- branches |
|
variables: |
|
BUILD_TAGS: "build_qa" |
|
artifacts: |
|
name: "bridge-linux-qa-$CI_COMMIT_SHORT_SHA" |
|
|
|
|
|
.build-darwin-base: |
|
extends: .build-base |
|
before_script: |
|
- export PATH=/usr/local/bin:$PATH |
|
- export PATH=/usr/local/opt/git/bin:$PATH |
|
- export PATH=/usr/local/opt/make/libexec/gnubin:$PATH |
|
- export PATH=/usr/local/opt/go@1.13/bin:$PATH |
|
- export PATH=/usr/local/opt/gnu-sed/libexec/gnubin:$PATH |
|
- export GOPATH=~/go |
|
- export PATH=$GOPATH/bin:$PATH |
|
- export CGO_CPPFLAGS='-Wno-error -Wno-nullability-completeness -Wno-expansion-to-defined -Wno-builtin-requires-header' |
|
script: |
|
- go version |
|
- make build |
|
- git diff && git diff-index --quiet HEAD |
|
cache: {} |
|
tags: |
|
- macOS |
|
|
|
build-darwin: |
|
extends: .build-darwin-base |
|
artifacts: |
|
name: "bridge-darwin-$CI_COMMIT_SHORT_SHA" |
|
|
|
build-darwin-qa: |
|
extends: .build-darwin-base |
|
only: |
|
- web |
|
- branches |
|
variables: |
|
BUILD_TAGS: "build_qa" |
|
artifacts: |
|
name: "bridge-darwin-qa-$CI_COMMIT_SHORT_SHA" |
|
|
|
|
|
.build-windows-base: |
|
extends: .build-base |
|
before_script: |
|
- export GOROOT=/c/Go |
|
- export PATH=$GOROOT/bin:$PATH |
|
- export GOARCH=amd64 |
|
- export GOPATH=~/go |
|
- export GO111MODULE=on |
|
- export PATH=$GOPATH/bin:$PATH |
|
- export MSYSTEM= |
|
- export PATH=$PATH:/c/grrrQt/5.13.2/mingw73_64/bin |
|
script: |
|
- make build |
|
- git diff && git diff-index --quiet HEAD |
|
tags: |
|
- windows-bridge |
|
|
|
build-windows: |
|
extends: .build-windows-base |
|
artifacts: |
|
name: "bridge-windows-$CI_COMMIT_SHORT_SHA" |
|
|
|
build-windows-qa: |
|
extends: .build-windows-base |
|
only: |
|
- web |
|
- branches |
|
variables: |
|
BUILD_TAGS: "build_qa" |
|
artifacts: |
|
name: "bridge-windows-qa-$CI_COMMIT_SHORT_SHA" |
|
|
|
# Stage: CHECK |
|
check-gobinsec: |
|
stage: check |
|
only: |
|
- branches |
|
cache: |
|
key: gobinsec-cache |
|
paths: |
|
- gobinsec-cache.yml |
|
policy: pull-push |
|
before_script: |
|
- mkdir build |
|
- tar -xzf bridge_linux_*.tgz -C build |
|
- "echo api-key: \"${GOBINSEC_NVD_API_KEY}\" >> utils/gobinsec_conf.yml" |
|
script: |
|
- "[ ! -f ./gobinsec-cache.yml ] && wget bridgeteam.protontech.ch/bridgeteam/gobinsec-cache.yml" |
|
- cat ./gobinsec-cache.yml |
|
- gobinsec -wait -cache -config utils/gobinsec_conf.yml build/proton-bridge |
|
|
|
|
|
|
|
# Stage: MIRROR |
|
|
|
mirror-repo: |
|
stage: mirror |
|
only: |
|
refs: |
|
- master |
|
script: |
|
- | |
|
cat <<EOF > ~/.ssh/config |
|
Host github.com |
|
Hostname ssh.github.com |
|
User git |
|
Port 443 |
|
ProxyCommand connect-proxy -H $http_proxy %h %p |
|
EOF |
|
- ssh-keyscan -t rsa ${CI_SERVER_HOST} > ~/.ssh/known_hosts |
|
- | |
|
cat <<EOF >> ~/.ssh/known_hosts |
|
# ssh.github.com:443 SSH-2.0-babeld-2e9d163d |
|
[ssh.github.com]:443 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ== |
|
EOF |
|
- echo "$mirror_key" | tr -d '\r' | ssh-add - > /dev/null |
|
- ssh-add -l |
|
- git clone "$CI_REPOSITORY_URL" --branch master _REPO_CLONE; |
|
- cd _REPO_CLONE |
|
- git remote add public $mirror_url |
|
- git push public master |
|
# Pushing the latest tag from master history |
|
- git push public "$(git describe --tags --abbrev=0 || echo master)"
|
|
|