Newer
Older
################################################################################
### STAGES
################################################################################
### DEFAULT JOB PARAMETERS
default:
interruptible: true
################################################################################
################################################################################
check-no-old-frama-c:
script:
- (! git merge-base --is-ancestor a1e186c68a6418a53b3dc06237f49e8dcbf75f4a HEAD)
- git merge-base --is-ancestor a35d2118fe6999dddce9e1847eff626fae9cc37c HEAD
stage: prepare
interruptible: false
script:
- echo "This pipeline won't be interrupted"
unstoppable-pipeline:
<<: *do_not_stop_pipeline_template
only:
variables:
- $DEFAULT == $CI_COMMIT_BRANCH
do-not-stop-pipeline:
<<: *do_not_stop_pipeline_template
when: manual
except:
variables:
- $DEFAULT == $CI_COMMIT_BRANCH
check-publish:
stage: prepare
script: >
[[ "$RELEASE" == "no" ]] &&
[[ "$DEFAULT" == "$CI_COMMIT_BRANCH" ]] &&
[[ "$DEFAULT" == "master" ]]
only:
variables:
- $PUBLISH == "yes"
check-release:
stage: prepare
script: >
[[ "$PUBLISH" == "no" ]] &&
[[ "$DEFAULT" == "$CI_COMMIT_BRANCH" ]] &&
[[ "$DEFAULT" == "stable/$(cat VERSION_CODENAME | tr '[:upper:]' '[:lower:]')" ]] &&
[[ "$(git describe --tag)" == "$(cat VERSION | sed 's/~/-/')" ]] &&
[[ "$(cat VERSION)" == "$(cat opam | grep "^version" | sed 's/version: \"\(.*\)\"/\1/')" ]]
only:
variables:
- $RELEASE == "yes"
# Observed: when several shell with same dependencies are started, deadlock may
# occur when building these dependencies. We build these dependencies
# before running the rest of the pipeline to avoid that.
prepare-shell-checkers:
stage: prepare
script:
- ./nix/shell-checkers.sh "true"
################################################################################
### BUILD
- ./nix/build-proxy.sh frama-c
artifacts:
when: on_failure
paths:
- commits.nix
- results.log
expire_in: 1 day
ivette:
stage: build
image: node:lts-gallium
cache:
paths:
- ivette/node_modules/
script:
- node --version
- npm --version
- yarn --version
- make -C ivette
tags:
- docker
################################################################################
### TESTS
check-ts-api:
stage: tests
script:
- ./nix/build-proxy.sh ts-api
- ./nix/build-proxy.sh e-acsl-tests
- ./nix/build-proxy.sh eva-$CONFIG-tests
eva-default-tests:
variables:
CONFIG: "default"
<<: *eva_template
- CONFIG: [
"apron",
"bitwise",
"equality",
"gauges",
"multidim",
"octagon",
"symblocs"
]
eva-domains:
<<: *eva_template
<<: *eva_domains
only:
variables:
- $CI_COMMIT_BRANCH =~ /.*[-_\/.][Ee]va[-_\/.].*/
- $CI_COMMIT_BRANCH =~ /^[Ee]va[-_\/.].*/
- $CI_COMMIT_BRANCH =~ /.*[-_\/.][Ee]va$/
eva-domains-nightly:
<<: *eva_template
<<: *eva_domains
only:
refs:
- schedules
eva-domains-release:
<<: *eva_template
<<: *eva_domains
only:
variables:
- $RELEASE == "yes"
- ./nix/build-proxy.sh kernel-tests
- ./nix/build-proxy.sh plugins-tests
- ./nix/build-proxy.sh wp-tests
- ./nix/external-plugin-ci.sh $PLUGIN
parallel:
matrix:
- PLUGIN: [
"acsl-importer",
"caveat-importer",
"context-from-precondition",
"frama-clang",
"genassigns",
"linea-cabs",
"meta",
################################################################################
### DISTRIB
api-doc: # Note: the Nix store avoids rebuilding
- ./nix/build-proxy.sh api-doc
build-distrib-tarball:
stage: distrib
variables:
OPEN_SOURCE: "yes"
CI_LINK: "yes"
HDRCK: "frama-c-hdrck"
- ./nix/shell-checkers.sh "./dev/make-distrib.sh"
artifacts:
paths:
- ./*.tar.gz
expire_in: 1 week
header-check:
stage: distrib
variables:
FRAMAC_HDRCK: ""
script:
- ./nix/shell-checkers.sh "make -f share/Makefile.headers check-headers"
# Lint files
lint:
stage: distrib
variables:
LINT_MAKEFILE: "share/Makefile.linting"
script:
- ./nix/shell-checkers.sh "make -f share/Makefile.linting check-lint"
variables:
OUT: "manuals"
- ./nix/build-proxy.sh manuals
expire_in: 7 days # Note: the LAST artifact of the ref is always kept
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
manuals:
<<: *manuals_template
except:
variables:
- $RELEASE == "yes"
when: manual
manuals-for-release:
<<: *manuals_template
only:
variables:
- $RELEASE == "yes"
release-content:
stage: distrib
script:
- ./nix/shell-checkers.sh "./dev/build-release.sh"
needs:
- api-doc
- build-distrib-tarball
- manuals-for-release
artifacts:
paths:
- website
- wiki
- opam-repository
only:
variables:
- $RELEASE == "yes"
################################################################################
### COMPATIBILITY
# Internalized plugins tests
.build_template: &internal_template
stage: compatibility
script:
- ./nix/internal-tests.sh
internal:
<<: *internal_template
when: manual
# The Opam target may affect this job
timeout: 2h
.build_template: &ocaml_always_additional_versions_template
parallel:
matrix:
- OCAML: ["4.14"]
.build_template: &ocaml_manual_additional_versions_template
parallel:
matrix:
- OCAML: ["4.12", "4.13"]
when: manual
- ./nix/build-proxy.sh default-config-tests
ocaml-versions:
<<: *ocaml_versions_template
# in schedules, each OCAML is tested in its own complete pipeline
except:
- schedules
ocaml-versions-more:
<<: *ocaml_versions_template
<<: *ocaml_manual_additional_versions_template
ocaml-versions-nightly:
<<: *ocaml_versions_template
# we still check them for the publisher pipeline job
only:
variables:
- $PUBLISH == "yes"
image: 'ocaml/opam:ubuntu-20.04-ocaml-$OCAML'
- opam pin . -n
- opam depext frama-c --with-test
- opam install --jobs 2 frama-c --with-test
refs:
- schedules
variables:
- $RELEASE == "yes"
opam-pin-release:
<<: *opam_pin_template
only:
# TODO: Enable this rule later:
#
# opam-pin-minimal:
# variables:
# OPAMSOLVERTIMEOUT: "500"
# OPAMCRITERIA: "+count[version-lag,solution]"
# OPAMEXTERNALSOLVER: "builtin-0install"
# stage: prepare
# image: 'ocaml/opam:ubuntu-20.04-ocaml-$OCAML'
# script:
# - sudo ln -f /usr/bin/opam-2.1 /usr/bin/opam
# - opam --version
# - opam init --reinit -ni
# - opam pin . -n
# - opam depext frama-c --with-test
# - opam install --jobs 2 frama-c --with-test
# tags:
# - docker
.build_template: &src_distrib_tests_template
variables:
DIR: "extracted"
- mkdir $DIR && tar -xzf frama-c.tar.gz --strip-components 1 -C ./extracted
- ./nix/build-proxy.sh src-distrib-tests
src-distrib-tests:
<<: *src_distrib_tests_template
except:
refs:
- schedules
variables:
- $RELEASE == "yes"
<<: *src_distrib_tests_template
# The Opam target may affect this job
timeout: 2h
only:
src-distrib-tests-release:
<<: *src_distrib_tests_template
# The Opam target may affect this job
timeout: 2h
only:
variables:
- $RELEASE == "yes"
################################################################################
### RELEASE
.build_template: &prepare_ssh_template
before_script:
script:
- (! git merge-base --is-ancestor a1e186c68a6418a53b3dc06237f49e8dcbf75f4a origin/$CI_COMMIT_BRANCH)
- BRANCH="$CI_COMMIT_BRANCH" nix-shell -p coreutils openssh --run './nix/frama-c-public/publish-branch.sh'
# Note: BRANCH must be defined here, since we cannot *evaluate* a variable in 'variables'
only:
variables:
- $RELEASE == "yes"
when: manual
interruptible: false
release-create:
stage: release
- nix-shell -p git git-lfs coreutils openssh curl --run './nix/frama-c-public/publish-release.sh'
needs:
- release-branch
- release-content
only:
variables:
- $RELEASE == "yes"
when: manual
interruptible: false
- nix-shell -p git git-lfs coreutils openssh --run './nix/frama-c-public/publish-opam.sh'
only:
variables:
- $RELEASE == "yes"
interruptible: false
release-website:
stage: release
- nix-shell -p git git-lfs coreutils openssh --run './nix/frama-c-public/publish-website.sh'
only:
variables:
- $RELEASE == "yes"
interruptible: false
release-wiki:
stage: release
- nix-shell -p git git-lfs coreutils openssh --run './nix/frama-c-public/publish-wiki.sh'
only:
variables:
- $RELEASE == "yes"
interruptible: false
################################################################################
# publish stage is used to push the current master branch of Frama-C and
# associated plugins from the internal frama-c group to the public pub group.
#
# For that, it uses the 'frama-c to frama-c-public' publish key. Thus, to publish
# a new plugin (while keeping its main repository internal), you can add a new
# target to this stage, adapting the script for MetAcsl or Frama-Clang to your
# own plugin.
#
# You must also activate the publish key on both frama-c/my_plugin
# and pub/my_plugin repositories (the former should be read-only, the latter
# must provide write access to the publish key).
# Do not forget to trigger the target only on schedules, so that all public
# repositories stay synchronized.
variables:
BRANCH: "master"
REPOSITORY: "frama-c"
- (! git merge-base --is-ancestor a1e186c68a6418a53b3dc06237f49e8dcbf75f4a origin/master)
- nix-shell -p coreutils openssh --run './nix/frama-c-public/publish-branch.sh'
variables:
BRANCH: "master"
REPOSITORY: "frama-clang"
- nix-shell -p coreutils openssh --run './nix/frama-c-public/publish-branch.sh'
variables:
BRANCH: "master"
REPOSITORY: "meta"
- nix-shell -p coreutils openssh --run './nix/frama-c-public/publish-branch.sh'