forked from torproject/tor
-
Notifications
You must be signed in to change notification settings - Fork 0
/
.travis.yml
252 lines (235 loc) · 10.3 KB
/
.travis.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
language: c
cache:
ccache: true
## cargo: true
directories:
- $HOME/.cargo
## caching CARGO_TARGET_DIR actually slows down the build over time,
## because old build products are never deleted.
## where we point CARGO_TARGET_DIR in all our cargo invocations
#- $TRAVIS_BUILD_DIR/src/rust/target
compiler:
- gcc
- clang
os:
- linux
- osx
## The build matrix in the following stanza expands into builds for each
## OS and compiler.
env:
global:
## The Travis CI environment allows us two cores, so let's use both.
- MAKEFLAGS="-j 2"
## We turn on hardening by default
## Also known as --enable-fragile-hardening in 0.3.0.3-alpha and later
- HARDENING_OPTIONS="--enable-expensive-hardening"
## We turn off asciidoc by default, because it's slow
- ASCIIDOC_OPTIONS="--disable-asciidoc"
matrix:
## We want to use each build option at least once
##
## We don't list default variable values, because we set the defaults
## in global (or the default is unset)
-
## TOR_RUST_DEPENDENCIES is spelt RUST_DEPENDENCIES in 0.3.2
- RUST_OPTIONS="--enable-rust" TOR_RUST_DEPENDENCIES=true
matrix:
## include creates builds with gcc, linux, sudo: false
include:
## We include a single coverage build with the best options for coverage
- env: COVERAGE_OPTIONS="--enable-coverage" HARDENING_OPTIONS=""
## We only want to check these build option combinations once
## (they shouldn't vary by compiler or OS)
## We run rust and coverage with hardening off, which seems like enough
# - env: HARDENING_OPTIONS=""
## We check asciidoc with distcheck, to make sure we remove doc products
- env: DISTCHECK="yes" ASCIIDOC_OPTIONS=""
# We clone our stem repo and run `make test-stem`
- env: TEST_STEM="yes"
## Check rust online with distcheck, to make sure we remove rust products
- env: DISTCHECK="yes" RUST_OPTIONS="--enable-rust --enable-cargo-online-mode"
## Check disable module dirauth with and without rust
- env: MODULES_OPTIONS="--disable-module-dirauth" RUST_OPTIONS="--enable-rust" TOR_RUST_DEPENDENCIES=true
- env: MODULES_OPTIONS="--disable-module-dirauth"
## Check NSS
- env: NSS_OPTIONS="--enable-nss"
## Uncomment to allow the build to report success (with non-required
## sub-builds continuing to run) if all required sub-builds have
## succeeded. This is somewhat buggy currently: it can cause
## duplicate notifications and prematurely report success if a
## single sub-build has succeeded. See
## https://github.com/travis-ci/travis-ci/issues/1696
# fast_finish: true
## Careful! We use global envs, which makes it hard to exclude or
## allow failures by env:
## https://docs.travis-ci.com/user/customizing-the-build#matching-jobs-with-allow_failures
exclude:
## Clang doesn't work in containerized builds, see below.
- compiler: clang
sudo: false
## Non-containerized gcc are slow and redundant.
- compiler: gcc
sudo: required
## gcc on OSX is less useful, because the default compiler is clang.
- compiler: gcc
os: osx
## gcc on Linux with no env is redundant, because all the custom builds use
## gcc on Linux
- compiler: gcc
os: linux
env:
## offline rust builds for gcc on Linux are redundant, because we do an
## online rust build for gcc on Linux
- compiler: gcc
os: linux
## TOR_RUST_DEPENDENCIES is spelt RUST_DEPENDENCIES in 0.3.2
env: RUST_OPTIONS="--enable-rust" TOR_RUST_DEPENDENCIES=true HARDENING_OPTIONS=""
## We don't need sudo. (The "apt:" stanza after this allows us to not need
## sudo; otherwise, we would need it for getting dependencies.)
##
## But we use "sudo: required" to force non-containerized builds, working
## around a Travis CI environment issue: clang LeakAnalyzer fails
## because it requires ptrace and the containerized environment no
## longer allows ptrace.
## https://github.com/travis-ci/travis-ci/issues/9033
##
## In the matrix above, we exclude redundant combinations.
sudo:
- false
- required
## (Linux only) Use the latest Linux image (Ubuntu Trusty)
dist: trusty
## Download our dependencies
addons:
## (Linux only)
apt:
packages:
## Required dependencies
- libevent-dev
## Ubuntu comes with OpenSSL by default
#- libssl-dev
- zlib1g-dev
## Optional dependencies
- libcap-dev
- liblzma-dev
- libnss3-dev
- libscrypt-dev
- libseccomp-dev
## zstd doesn't exist in Ubuntu Trusty
#- libzstd
- shellcheck
## Conditional build dependencies
## Always installed, so we don't need sudo
- asciidoc
- docbook-xsl
- docbook-xml
- xmlto
## Utilities
## preventing or diagnosing hangs
- timelimit
## (OSX only)
homebrew:
packages:
## Required dependencies
- libevent
## The OSX version of OpenSSL is way too old
- openssl
## OSX comes with zlib by default
## to use a newer zlib, pass the keg path to configure (like OpenSSL)
#- zlib
## Optional dependencies
- libscrypt
- xz
- zstd
## Required build dependencies
## Tor needs pkg-config to find some dependencies at build time
- pkg-config
## Optional build dependencies
- ccache
- shellcheck
## Conditional build dependencies
## Always installed, because manual brew installs are hard to get right
- asciidoc
- xmlto
## Utilities
## preventing or diagnosing hangs
- timelimit
## (OSX only) Use the default OSX image
## See https://docs.travis-ci.com/user/reference/osx#os-x-version
## Default is Xcode 9.4 on macOS 10.13 as of August 2018
#osx_image: xcode9.4
before_install:
## Create empty rust directories for non-Rust builds, so caching succeeds
- if [[ "$RUST_OPTIONS" == "" ]]; then mkdir -p $HOME/.cargo $TRAVIS_BUILD_DIR/src/rust/target; fi
install:
## If we're on OSX, configure ccache (ccache is automatically installed and configured on Linux)
- if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then export PATH="/usr/local/opt/ccache/libexec:$PATH"; fi
## If we're on OSX, OpenSSL is keg-only, so tor 0.2.9 and later need to be configured --with-openssl-dir= to build
- if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then OPENSSL_OPTIONS=--with-openssl-dir=`brew --prefix openssl`; fi
## Install conditional features
## Install coveralls
- if [[ "$COVERAGE_OPTIONS" != "" ]]; then pip install --user cpp-coveralls; fi
## If we're on OSX, and using asciidoc, configure asciidoc
- if [[ "$ASCIIDOC_OPTIONS" == "" ]] && [[ "$TRAVIS_OS_NAME" == "osx" ]]; then export XML_CATALOG_FILES="/usr/local/etc/xml/catalog"; fi
## If we're using Rust, download rustup
- if [[ "$RUST_OPTIONS" != "" ]]; then curl -Ssf -o rustup.sh https://sh.rustup.rs; fi
## Install the nightly channels of rustc and cargo and setup our toolchain environment
- if [[ "$RUST_OPTIONS" != "" ]]; then sh rustup.sh -y --default-toolchain nightly; fi
- if [[ "$RUST_OPTIONS" != "" ]]; then source $HOME/.cargo/env; fi
## If we're testing rust builds in offline-mode, then set up our vendored dependencies
- if [[ "$TOR_RUST_DEPENDENCIES" == "true" ]]; then export TOR_RUST_DEPENDENCIES=$PWD/src/ext/rust/crates; fi
- if [[ "$TEST_STEM" != "" ]]; then git clone --depth 1 https://github.com/torproject/stem.git ; export STEM_SOURCE_DIR=`pwd`/stem; fi
##
## Finally, list installed package versions
- if [[ "$TRAVIS_OS_NAME" == "linux" ]]; then dpkg-query --show; fi
- if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then brew list --versions; fi
## Get some info about rustup, rustc and cargo
- if [[ "$RUST_OPTIONS" != "" ]]; then which rustup; fi
- if [[ "$RUST_OPTIONS" != "" ]]; then which rustc; fi
- if [[ "$RUST_OPTIONS" != "" ]]; then which cargo; fi
- if [[ "$RUST_OPTIONS" != "" ]]; then rustup --version; fi
- if [[ "$RUST_OPTIONS" != "" ]]; then rustc --version; fi
- if [[ "$RUST_OPTIONS" != "" ]]; then cargo --version; fi
## Get python version
- python --version
## run stem tests if they are enabled.
- if [[ "$TEST_STEM" != "" ]]; then pushd stem; python -c "from stem import stem; print(stem.__version__);"; git log -1; popd; fi
script:
- ./autogen.sh
- CONFIGURE_FLAGS="$ASCIIDOC_OPTIONS $COVERAGE_OPTIONS $HARDENING_OPTIONS $MODULES_OPTIONS $NSS_OPTIONS $OPENSSL_OPTIONS $RUST_OPTIONS --enable-fatal-warnings --disable-silent-rules"
- echo "Configure flags are $CONFIGURE_FLAGS"
- ./configure $CONFIGURE_FLAGS
## We run `make check` because that's what https://jenkins.torproject.org does.
- if [[ "$DISTCHECK" == "" && "$TEST_STEM" == "" ]]; then make check; fi
## Diagnostic for bug 29437: kill stem if it hangs for 15 minutes
- if [[ "$TEST_STEM" != "" ]]; then make src/app/tor; timelimit -p -t 540 -s USR1 -T 30 -S ABRT python3 "$STEM_SOURCE_DIR"/run_tests.py --tor src/app/tor --integ --log notice --target RUN_ALL; fi
- if [[ "$DISTCHECK" != "" && "$TEST_STEM" == "" ]]; then make distcheck DISTCHECK_CONFIGURE_FLAGS="$CONFIGURE_FLAGS"; fi
## If this build was one that produced coverage, upload it.
- if [[ "$COVERAGE_OPTIONS" != "" ]]; then coveralls -b . --exclude src/test --exclude src/trunnel --gcov-options '\-p' || echo "Coverage failed"; fi
after_failure:
## configure will leave a log file with more details of config failures.
## But the log is too long for travis' rendered view, so tail it.
- tail -1000 config.log || echo "tail failed"
## `make check` will leave a log file with more details of test failures.
- if [[ "$DISTCHECK" == "" ]]; then cat test-suite.log || echo "cat failed"; fi
## `make distcheck` puts it somewhere different.
- if [[ "$DISTCHECK" != "" ]]; then make show-distdir-testlog || echo "make failed"; fi
- if [[ "$DISTCHECK" != "" ]]; then make show-distdir-core || echo "make failed"; fi
before_cache:
## Delete all gcov files.
- if [[ "$COVERAGE_OPTIONS" != "" ]]; then make reset-gcov; fi
## Delete the cargo registry before caching .cargo, because it's cheaper to
## download the registry and throw it away, rather than caching it
- rm -rf $HOME/.cargo/registry
notifications:
irc:
channels:
- "irc.oftc.net#tor-ci"
template:
- "%{repository} %{branch} %{commit} - %{author}: %{commit_subject}"
- "Build #%{build_number} %{result}. Details: %{build_url}"
on_success: change
on_failure: change
email:
on_success: never
on_failure: change