stages: - build - build docker image - test - upload artifacts variables: GIT_SUBMODULE_STRATEGY: recursive FF_USE_FASTZIP: 1 CACHE_COMPRESSION_LEVEL: fastest # Docker in Docker DOCKER_HOST: tcp://docker:2375/ DOCKER_TLS_CERTDIR: "" DOCKER_DRIVER: overlay2 # --------------------------------------------------------------------- # # Cargo: Compiling for different architectures # # --------------------------------------------------------------------- # .build-cargo-shared-settings: stage: "build" needs: [] rules: - if: '$CI_COMMIT_BRANCH == "master"' - if: '$CI_COMMIT_BRANCH == "next"' - if: "$CI_COMMIT_TAG" - if: '($CI_MERGE_REQUEST_APPROVED == "true") || $BUILD_EVERYTHING' # Once MR is approved, test all builds. Or if BUILD_EVERYTHING is set. interruptible: true image: "registry.gitlab.com/jfowl/conduit-containers/rust-with-tools@sha256:69ab327974aef4cc0daf4273579253bf7ae5e379a6c52729b83137e4caa9d093" tags: ["docker"] services: ["docker:dind"] variables: SHARED_PATH: $CI_PROJECT_DIR/shared CARGO_PROFILE_RELEASE_LTO: "true" CARGO_PROFILE_RELEASE_CODEGEN_UNITS: "1" CARGO_INCREMENTAL: "false" # https://matklad.github.io/2021/09/04/fast-rust-builds.html#ci-workflow before_script: - 'echo "Building for target $TARGET"' - "rustup show && rustc --version && cargo --version" # Print version info for debugging # fix cargo and rustup mounts from this container (https://gitlab.com/gitlab-org/gitlab-foss/-/issues/41227) - "mkdir -p $SHARED_PATH/cargo" - "cp -r $CARGO_HOME/bin $SHARED_PATH/cargo" - "cp -r $RUSTUP_HOME $SHARED_PATH" - "export CARGO_HOME=$SHARED_PATH/cargo RUSTUP_HOME=$SHARED_PATH/rustup" # If provided, bring in caching through sccache, which uses an external S3 endpoint to store compilation results. - if [ -n "${SCCACHE_ENDPOINT}" ]; then export RUSTC_WRAPPER=/sccache; fi script: # cross-compile conduit for target - 'time cross build --target="$TARGET" --locked --release' - 'mv "target/$TARGET/release/conduit" "conduit-$TARGET"' # print information about linking for debugging - "file conduit-$TARGET" # print file information - 'readelf --dynamic conduit-$TARGET | sed -e "/NEEDED/q1"' # ensure statically linked cache: # https://doc.rust-lang.org/cargo/guide/cargo-home.html#caching-the-cargo-home-in-ci key: "cargo-cache-$TARGET" paths: - $SHARED_PATH/cargo/registry/index - $SHARED_PATH/cargo/registry/cache - $SHARED_PATH/cargo/git/db artifacts: expire_in: never build:release:cargo:x86_64-unknown-linux-musl-with-debug: extends: .build-cargo-shared-settings variables: CARGO_PROFILE_RELEASE_DEBUG: 2 # Enable debug info for flamegraph profiling TARGET: "x86_64-unknown-linux-musl" after_script: - "mv ./conduit-x86_64-unknown-linux-musl ./conduit-x86_64-unknown-linux-musl-with-debug" artifacts: name: "conduit-x86_64-unknown-linux-musl-with-debug" paths: - "conduit-x86_64-unknown-linux-musl-with-debug" expose_as: "Conduit for x86_64-unknown-linux-musl-with-debug" build:release:cargo:x86_64-unknown-linux-musl: extends: .build-cargo-shared-settings variables: TARGET: "x86_64-unknown-linux-musl" artifacts: name: "conduit-x86_64-unknown-linux-musl" paths: - "conduit-x86_64-unknown-linux-musl" expose_as: "Conduit for x86_64-unknown-linux-musl" build:release:cargo:arm-unknown-linux-musleabihf: extends: .build-cargo-shared-settings variables: TARGET: "arm-unknown-linux-musleabihf" artifacts: name: "conduit-arm-unknown-linux-musleabihf" paths: - "conduit-arm-unknown-linux-musleabihf" expose_as: "Conduit for arm-unknown-linux-musleabihf" build:release:cargo:armv7-unknown-linux-musleabihf: extends: .build-cargo-shared-settings variables: TARGET: "armv7-unknown-linux-musleabihf" artifacts: name: "conduit-armv7-unknown-linux-musleabihf" paths: - "conduit-armv7-unknown-linux-musleabihf" expose_as: "Conduit for armv7-unknown-linux-musleabihf" build:release:cargo:aarch64-unknown-linux-musl: extends: .build-cargo-shared-settings variables: TARGET: "aarch64-unknown-linux-musl" artifacts: name: "conduit-aarch64-unknown-linux-musl" paths: - "conduit-aarch64-unknown-linux-musl" expose_as: "Conduit for aarch64-unknown-linux-musl" .cargo-debug-shared-settings: extends: ".build-cargo-shared-settings" rules: - when: "always" cache: key: "build_cache--$TARGET--$CI_COMMIT_BRANCH--debug" script: # cross-compile conduit for target - 'time time cross build --target="$TARGET" --locked' - 'mv "target/$TARGET/debug/conduit" "conduit-debug-$TARGET"' # print information about linking for debugging - "file conduit-debug-$TARGET" # print file information - 'readelf --dynamic conduit-debug-$TARGET | sed -e "/NEEDED/q1"' # ensure statically linked artifacts: expire_in: 4 weeks build:debug:cargo:x86_64-unknown-linux-musl: extends: ".cargo-debug-shared-settings" variables: TARGET: "x86_64-unknown-linux-musl" artifacts: name: "conduit-debug-x86_64-unknown-linux-musl" paths: - "conduit-debug-x86_64-unknown-linux-musl" expose_as: "Conduit DEBUG for x86_64-unknown-linux-musl" # --------------------------------------------------------------------- # # Create and publish docker image # # --------------------------------------------------------------------- # .docker-shared-settings: stage: "build docker image" image: jdrouet/docker-with-buildx:stable tags: ["docker"] services: - docker:dind needs: - "build:release:cargo:x86_64-unknown-linux-musl" - "build:release:cargo:arm-unknown-linux-musleabihf" - "build:release:cargo:armv7-unknown-linux-musleabihf" - "build:release:cargo:aarch64-unknown-linux-musl" variables: PLATFORMS: "linux/arm/v6,linux/arm/v7,linux/arm64,linux/amd64" DOCKER_FILE: "docker/ci-binaries-packaging.Dockerfile" cache: paths: - docker_cache key: "$CI_JOB_NAME" before_script: - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY # Only log in to Dockerhub if the credentials are given: - if [ -n "${DOCKER_HUB}" ]; then docker login -u "$DOCKER_HUB_USER" -p "$DOCKER_HUB_PASSWORD" "$DOCKER_HUB"; fi script: # Prepare buildx to build multiarch stuff: - docker context create 'ci-context' - docker buildx create --name 'multiarch-builder' --use 'ci-context' # Copy binaries to their docker arch path - mkdir -p linux/ && mv ./conduit-x86_64-unknown-linux-musl linux/amd64 - mkdir -p linux/arm/ && mv ./conduit-arm-unknown-linux-musleabihf linux/arm/v6 - mkdir -p linux/arm/ && mv ./conduit-armv7-unknown-linux-musleabihf linux/arm/v7 - mv ./conduit-aarch64-unknown-linux-musl linux/arm64 - 'export CREATED=$(date -u +''%Y-%m-%dT%H:%M:%SZ'') && echo "Docker image creation date: $CREATED"' # Build and push image: - > docker buildx build --pull --push --cache-from=type=local,src=$CI_PROJECT_DIR/docker_cache --cache-to=type=local,dest=$CI_PROJECT_DIR/docker_cache --build-arg CREATED=$CREATED --build-arg VERSION=$(grep -m1 -o '[0-9].[0-9].[0-9]' Cargo.toml) --build-arg "GIT_REF=$CI_COMMIT_SHORT_SHA" --platform "$PLATFORMS" --tag "$TAG" --tag "$TAG-alpine" --tag "$TAG-commit-$CI_COMMIT_SHORT_SHA" --file "$DOCKER_FILE" . docker:next:gitlab: extends: .docker-shared-settings rules: - if: '$CI_COMMIT_BRANCH == "next"' variables: TAG: "$CI_REGISTRY_IMAGE/matrix-conduit:next" docker:next:dockerhub: extends: .docker-shared-settings rules: - if: '$CI_COMMIT_BRANCH == "next" && $DOCKER_HUB' variables: TAG: "$DOCKER_HUB_IMAGE/matrixconduit/matrix-conduit:next" docker:master:gitlab: extends: .docker-shared-settings rules: - if: '$CI_COMMIT_BRANCH == "master"' variables: TAG: "$CI_REGISTRY_IMAGE/matrix-conduit:latest" docker:master:dockerhub: extends: .docker-shared-settings rules: - if: '$CI_COMMIT_BRANCH == "master" && $DOCKER_HUB' variables: TAG: "$DOCKER_HUB_IMAGE/matrixconduit/matrix-conduit:latest" docker:tags:gitlab: extends: .docker-shared-settings rules: - if: "$CI_COMMIT_TAG" variables: TAG: "$CI_REGISTRY_IMAGE/matrix-conduit:$CI_COMMIT_TAG" docker:tags:dockerhub: extends: .docker-shared-settings rules: - if: "$CI_COMMIT_TAG && $DOCKER_HUB" variables: TAG: "$DOCKER_HUB_IMAGE/matrixconduit/matrix-conduit:$CI_COMMIT_TAG" # --------------------------------------------------------------------- # # Run tests # # --------------------------------------------------------------------- # .test-shared-settings: stage: "test" needs: [] image: "registry.gitlab.com/jfowl/conduit-containers/rust-with-tools:latest" tags: ["docker"] variables: CARGO_INCREMENTAL: "false" # https://matklad.github.io/2021/09/04/fast-rust-builds.html#ci-workflow interruptible: true test:cargo: extends: .test-shared-settings before_script: # If provided, bring in caching through sccache, which uses an external S3 endpoint to store compilation results: - if [ -n "${SCCACHE_ENDPOINT}" ]; then export RUSTC_WRAPPER=/usr/local/cargo/bin/sccache; fi script: - rustc --version && cargo --version # Print version info for debugging - "cargo test --color always --workspace --verbose --locked --no-fail-fast -- -Z unstable-options --format json | gitlab-report -p test > $CI_PROJECT_DIR/report.xml" artifacts: when: always reports: junit: report.xml test:clippy: extends: .test-shared-settings allow_failure: true before_script: - rustup component add clippy # If provided, bring in caching through sccache, which uses an external S3 endpoint to store compilation results: - if [ -n "${SCCACHE_ENDPOINT}" ]; then export RUSTC_WRAPPER=/usr/local/cargo/bin/sccache; fi script: - rustc --version && cargo --version # Print version info for debugging - "cargo clippy --color always --verbose --message-format=json | gitlab-report -p clippy > $CI_PROJECT_DIR/gl-code-quality-report.json" artifacts: when: always reports: codequality: gl-code-quality-report.json test:format: extends: .test-shared-settings before_script: - rustup component add rustfmt script: - cargo fmt --all -- --check test:audit: extends: .test-shared-settings allow_failure: true script: - cargo audit --color always || true - cargo audit --stale --json | gitlab-report -p audit > gl-sast-report.json artifacts: when: always reports: sast: gl-sast-report.json test:sytest: stage: "test" allow_failure: true needs: - "build:debug:cargo:x86_64-unknown-linux-musl" image: name: "valkum/sytest-conduit:latest" entrypoint: [""] tags: ["docker"] variables: PLUGINS: "https://github.com/valkum/sytest_conduit/archive/master.tar.gz" interruptible: true before_script: - "mkdir -p /app" - "cp ./conduit-debug-x86_64-unknown-linux-musl /app/conduit" - "chmod +x /app/conduit" - "rm -rf /src && ln -s $CI_PROJECT_DIR/ /src" - "mkdir -p /work/server-0/database/ && mkdir -p /work/server-1/database/ && mkdir -p /work/server-2/database/" - "cd /" script: - "SYTEST_EXIT_CODE=0" - "/bootstrap.sh conduit || SYTEST_EXIT_CODE=1" - 'perl /sytest/tap-to-junit-xml.pl --puretap --input /logs/results.tap --output $CI_PROJECT_DIR/sytest.xml "Sytest" && cp /logs/results.tap $CI_PROJECT_DIR/results.tap' - "exit $SYTEST_EXIT_CODE" artifacts: when: always paths: - "$CI_PROJECT_DIR/sytest.xml" - "$CI_PROJECT_DIR/results.tap" reports: junit: "$CI_PROJECT_DIR/sytest.xml" test:dockerlint: stage: "test" needs: [] image: "ghcr.io/hadolint/hadolint@sha256:6c4b7c23f96339489dd35f21a711996d7ce63047467a9a562287748a03ad5242" # 2.8.0-alpine interruptible: true script: - hadolint --version # First pass: Print for CI log: - > hadolint --no-fail --verbose ./Dockerfile ./docker/ci-binaries-packaging.Dockerfile # Then output the results into a json for GitLab to pretty-print this in the MR: - > hadolint --format gitlab_codeclimate --failure-threshold error ./Dockerfile ./docker/ci-binaries-packaging.Dockerfile > dockerlint.json artifacts: when: always reports: codequality: dockerlint.json paths: - dockerlint.json rules: - if: '$CI_COMMIT_REF_NAME != "master"' changes: - docker/*Dockerfile - Dockerfile - .gitlab-ci.yml - if: '$CI_COMMIT_REF_NAME == "master"' - if: '$CI_COMMIT_REF_NAME == "next"' # --------------------------------------------------------------------- # # Store binaries as package so they have download urls # # --------------------------------------------------------------------- # publish:package: stage: "upload artifacts" needs: - "build:release:cargo:x86_64-unknown-linux-musl" - "build:release:cargo:arm-unknown-linux-musleabihf" - "build:release:cargo:armv7-unknown-linux-musleabihf" - "build:release:cargo:aarch64-unknown-linux-musl" # - "build:cargo-deb:x86_64-unknown-linux-gnu" rules: - if: '$CI_COMMIT_BRANCH == "master"' - if: '$CI_COMMIT_BRANCH == "next"' - if: "$CI_COMMIT_TAG" image: curlimages/curl:latest tags: ["docker"] variables: GIT_STRATEGY: "none" # Don't need a clean copy of the code, we just operate on artifacts script: - 'BASE_URL="${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/conduit-${CI_COMMIT_REF_SLUG}/build-${CI_PIPELINE_ID}"' - 'curl --header "JOB-TOKEN: $CI_JOB_TOKEN" --upload-file conduit-x86_64-unknown-linux-musl "${BASE_URL}/conduit-x86_64-unknown-linux-musl"' - 'curl --header "JOB-TOKEN: $CI_JOB_TOKEN" --upload-file conduit-arm-unknown-linux-musleabihf "${BASE_URL}/conduit-arm-unknown-linux-musleabihf"' - 'curl --header "JOB-TOKEN: $CI_JOB_TOKEN" --upload-file conduit-armv7-unknown-linux-musleabihf "${BASE_URL}/conduit-armv7-unknown-linux-musleabihf"' - 'curl --header "JOB-TOKEN: $CI_JOB_TOKEN" --upload-file conduit-aarch64-unknown-linux-musl "${BASE_URL}/conduit-aarch64-unknown-linux-musl"' # Avoid duplicate pipelines # See: https://docs.gitlab.com/ee/ci/yaml/workflow.html#switch-between-branch-pipelines-and-merge-request-pipelines workflow: rules: - if: '$CI_PIPELINE_SOURCE == "merge_request_event"' - if: "$CI_COMMIT_BRANCH && $CI_OPEN_MERGE_REQUESTS" when: never - if: "$CI_COMMIT_BRANCH" - if: "$CI_COMMIT_TAG"