Newer
Older
################################################################################
### STAGES
################################################################################
### DEFAULT JOB PARAMETERS
default:
interruptible: true
################################################################################
################################################################################
### ONLY/EXCEPT TEMPLATES
.build_template: &manual_when_not_special_pipeline
except:
refs:
- schedules
variables:
- $RELEASE == "yes"
when: manual
.build_template: &when_release
only:
variables:
- $RELEASE == "yes"
.build_template: &when_schedules
only:
refs:
- schedules
.build_template: &when_publish
only:
variables:
- $PUBLISH == "yes"
################################################################################
### IVETTE SETUP TEMPLATE
.build_template: &ivette_setup
image: "ocaml/opam:ubuntu-lts-ocaml-$OCAML"
before_script:
- sudo apt update
- sudo apt install -y xvfb curl unzip libnss3 libasound2-plugins
- sudo curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.7/install.sh | bash
- export NVM_DIR="$HOME/.nvm"
- nvm install $NODE
- nvm use node $NODE
- corepack enable
# Opam
- opam switch create --empty .
- eval $(opam env --switch=. --set-switch)
- opam pin . -n -k path
- opam depext frama-c
- opam install headache
- opam install --jobs 2 --deps-only .
- dune build -j2 @install
################################################################################
check-makefile:
stage: prepare
script:
- ./nix/shell-checkers.sh "make --warn-undefined-variables help > /dev/null 2> errors && [[ "$(cat errors)" == "" ]]"
check-no-old-frama-c:
script:
- (! git merge-base --is-ancestor a1e186c68a6418a53b3dc06237f49e8dcbf75f4a HEAD)
- git merge-base --is-ancestor a35d2118fe6999dddce9e1847eff626fae9cc37c HEAD
stage: prepare
interruptible: false
script:
- echo "This pipeline won't be interrupted"
unstoppable-pipeline:
<<: *do_not_stop_pipeline_template
only:
variables:
- $DEFAULT == $CI_COMMIT_BRANCH
do-not-stop-pipeline:
<<: *do_not_stop_pipeline_template
when: manual
except:
variables:
- $DEFAULT == $CI_COMMIT_BRANCH
check-publish:
stage: prepare
script: >
[[ "$RELEASE" == "no" ]] &&
[[ "$DEFAULT" == "$CI_COMMIT_BRANCH" ]] &&
[[ "$DEFAULT" == "master" ]]
check-release:
stage: prepare
# Observed: when several shell with same dependencies are started, deadlock may
# occur when building these dependencies. We build these dependencies
# before running the rest of the pipeline to avoid that.
prepare-shell-checkers:
stage: prepare
script:
- ./nix/shell-checkers.sh "true"
prepare-wp-cache:
stage: prepare
script:
- ./nix/wp-cache.nix.sh
artifacts:
paths:
- ./nix/wp-cache.nix
################################################################################
### BUILD
- ./nix/build-proxy.sh frama-c
artifacts:
when: on_failure
paths:
- commits.nix
- results.log
expire_in: 1 day
<<: *ivette_setup
- make -C ivette dist
################################################################################
### TESTS
.build_template: &coverage_artifacts
artifacts:
name: coverage-$CI_JOB_NAME
paths:
expire_in: 24h
.build_template: &coverage
variables:
- ./nix/build-proxy.sh e-acsl-tests
- ./nix/build-proxy.sh eva-$CONFIG-tests
# Do not add OUT here, the parallel rule in Eva domains overload variables
eva-default-tests:
variables:
CONFIG: "default"
"apron",
"bitwise",
"equality",
"gauges",
"multidim",
"octagon",
"symblocs"
]
eva-domains:
<<: *eva_template
<<: *eva_domains
- ./nix/build-proxy.sh kernel-tests
- ./nix/build-proxy.sh plugins-tests
- ./nix/build-proxy.sh wp-tests
<<: *ivette_setup
- cd ivette
- xvfb-run --auto-servernum -e /dev/stdout -s "-screen 0 1920x1080x24 -ac -nolisten tcp -nolisten unix" dune exec -- yarn playwright test --headed
artifacts:
paths:
- ivette/tests/test-results
- ivette/screenshots
when: always
expire_in: 1 day
tags:
- docker
- ./nix/external-plugin-ci.sh $PLUGIN
parallel:
matrix:
"acsl-importer",
"caveat-importer",
"context-from-precondition",
"frama-clang",
"genassigns",
"meta",
################################################################################
### DISTRIB
- ./nix/build-proxy.sh api-doc
api-json-doc:
stage: distrib
variables:
OUT: "api"
script:
- ./nix/build-proxy.sh api-json-doc
artifacts:
paths:
- api/frama-c-api-json.tar.gz
expire_in: 7 days
build-distrib-tarball:
stage: distrib
variables:
OPEN_SOURCE: "yes"
CI_LINK: "yes"
HDRCK: "frama-c-hdrck"
- ./nix/shell-checkers.sh "./dev/make-distrib.sh"
artifacts:
paths:
- ./*.tar.gz
expire_in: 1 week
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
# Build ivette apps
build-ivette-linux-packages:
stage: distrib
<<: *ivette_setup
script:
- make -C ivette dist-linux
- mv ivette/dist/Ivette-arm64.AppImage ./frama-c-ivette-linux-ARM64.AppImage
- mv ivette/dist/Ivette-x86_64.AppImage ./frama-c-ivette-linux-x86-64.AppImage
artifacts:
paths:
- ./*.AppImage
tags:
- docker
<<: *when_release
build-ivette-macos-packages:
stage: distrib
script:
# TS
- export NVM_DIR="$HOME/.nvm"
- . "$NVM_DIR/nvm.sh"
- nvm install $NODE
- nvm use $NODE
# Opam
- opam switch create --empty .
- eval $(opam env --switch=. --set-switch)
- opam pin . -n -k path
- opam install headache
- opam install --jobs 2 --deps-only .
# Build Frama-C API
- dune build -j2 @install
- make -C ivette api
# Build Ivette
- make -C ivette dist-macOS
- mv ivette/dist/Ivette-universal.dmg ./frama-c-ivette-macos-universal.dmg
artifacts:
paths:
- ./*.dmg
tags:
- macos-arm
<<: *when_release
# Coverage
coverage:
stage: distrib
variables:
BISECT_DIR: "_bisect"
script:
- ./nix/shell-checkers.sh "./nix/coverage.sh"
coverage: '/Coverage: \d+\.\d+\%/'
artifacts:
reports:
coverage_report:
coverage_format: cobertura
path: report.xml
- ./nix/shell-checkers.sh "make -f share/Makefile.headers check-headers"
# Lint files
lint:
stage: distrib
script:
- ./nix/shell-checkers.sh "make -f share/Makefile.linting check-lint LINTCK_EXTRA=-s"
.build_template: &manuals_build_template
variables:
OUT: "manuals"
- ./nix/build-proxy.sh manuals
.build_template: &manuals_artifacts_template
expire_in: 7 days # Note: the LAST artifact of the ref is always kept
<<: *manuals_build_template
manuals-artifacts:
<<: *manuals_build_template
<<: *manuals_artifacts_template
<<: *manual_when_not_special_pipeline
<<: *manuals_build_template
<<: *manuals_artifacts_template
<<: *when_publish
<<: *manuals_build_template
<<: *manuals_artifacts_template
<<: *when_release
release-content:
stage: distrib
script:
- ./nix/shell-checkers.sh "./dev/build-release.sh"
needs:
- api-doc
- build-distrib-tarball
- build-ivette-linux-packages
- build-ivette-macos-packages
- manuals-for-release
artifacts:
paths:
- website
- wiki
- opam-repository
################################################################################
### COMPATIBILITY
# Internalized plugins tests
.build_template: &internal_template
stage: compatibility
script:
- ./nix/internal-tests.sh
internal:
<<: *internal_template
when: manual
# The Opam target may affect this job
timeout: 2h
# Linux ARM & MacOS
.build_template: &additional_arch_template
stage: compatibility
script:
- opam switch create --empty .
- eval $(opam env --switch=. --set-switch)
# Note: we use this to get an exact version corresponding to a minor version
- opam pin add ocaml $(grep $OCAML nix/ocaml-versions.txt) -n
- opam install . --deps-only --with-test -y
- dune build --display short --error-reporting=twice @install
- dune exec -- frama-c-ptests tests src/plugins/*/tests
- dune build --display short @ptests_config
timeout: 2h
tags:
- ${ARCH}
<<: *additional_arch_template
<<: *manual_when_not_special_pipeline
parallel:
matrix:
- ARCH: [linux-arm, macos-x86, macos-arm]
<<: *additional_arch_template
<<: *when_publish
parallel:
matrix:
- ARCH: [linux-arm, macos-x86, macos-arm]
<<: *additional_arch_template
<<: *when_release
parallel:
matrix:
- ARCH: [linux-arm, macos-x86, macos-arm]
.build_template: &ocaml_always_additional_versions_template
parallel:
matrix:
# Uncomment this block when there are intermediate versions to check manully
.build_template: &ocaml_manual_additional_versions_template
parallel:
matrix:
- ./nix/build-proxy.sh default-config-tests
ocaml-versions:
<<: *ocaml_versions_template
# in schedules, each OCAML is tested in its own complete pipeline
except:
- schedules
# Uncomment this section when there are additional versions of OCaml to test
ocaml-versions-more:
<<: *ocaml_versions_template
<<: *ocaml_manual_additional_versions_template
ocaml-versions-nightly:
<<: *ocaml_versions_template
# in publish schedule, we still check additional versions of OCaml
image: 'ocaml/opam:ubuntu-20.04-ocaml-$OCAML'
- opam depext frama-c --with-test
- opam install --jobs 2 frama-c --with-test --with-doc
<<: *manual_when_not_special_pipeline
opam-pin-release:
<<: *opam_pin_template
.build_template: &opam_pin_minimal_template
stage: compatibility
image: 'ocaml/opam:ubuntu-20.04-ocaml-$OCAML'
variables:
OPAMDOWNLOADJOBS: "1"
OPAMERRLOGLEN: "0"
OPAMSOLVERTIMEOUT: "500"
OPAMPRECISETRACKING: "1"
script:
- sudo ln -f /usr/bin/opam-2.1 /usr/bin/opam
- opam --version
- opam init --reinit -ni
- sudo apt update
- export OPAMCRITERIA="-removed,-count[avoid-version,changed],-count[version-lag,request],-count[version-lag,changed],-count[missing-depexts,changed],-changed"
- export OPAMFIXUPCRITERIA="-removed,-count[avoid-version,changed],-count[version-lag,request],-count[version-lag,changed],-count[missing-depexts,changed],-changed"
- export OPAMUPGRADECRITERIA="-removed,-count[avoid-version,changed],-count[version-lag,request],-count[version-lag,changed],-count[missing-depexts,changed],-changed"
- opam pin . -n -k path
- opam update --depexts
- export OPAMCRITERIA="+removed,+count[version-lag,solution]"
- export OPAMFIXUPCRITERIA="+removed,+count[version-lag,solution]"
- export OPAMUPGRADECRITERIA="+removed,+count[version-lag,solution]"
- export OPAMEXTERNALSOLVER="builtin-0install"
- opam update --depexts
timeout: 2h
tags:
- docker
opam-pin-minimal:
<<: *opam_pin_minimal_template
<<: *manual_when_not_special_pipeline
opam-pin-minimal-nightly:
<<: *when_schedules
opam-pin-minimal-release:
<<: *opam_pin_minimal_template
<<: *when_release
.build_template: &src_distrib_tests_template
variables:
DIR: "extracted"
- mkdir $DIR && tar -xzf frama-c.tar.gz --strip-components 1 -C ./extracted
- ./nix/build-proxy.sh src-distrib-tests
# The Opam target may affect this job
timeout: 2h
src-distrib-tests:
<<: *src_distrib_tests_template
<<: *manual_when_not_special_pipeline
src-distrib-tests-release:
<<: *src_distrib_tests_template
################################################################################
### RELEASE
.build_template: &prepare_ssh_template
before_script:
script:
- (! git merge-base --is-ancestor a1e186c68a6418a53b3dc06237f49e8dcbf75f4a origin/$CI_COMMIT_BRANCH)
- BRANCH="$CI_COMMIT_BRANCH" nix-shell -p coreutils openssh --run './nix/frama-c-public/publish-branch.sh'
# Note: BRANCH must be defined here, since we cannot *evaluate* a variable in 'variables'
release-create:
stage: release
- nix-shell -p git git-lfs coreutils openssh curl --run './nix/frama-c-public/publish-release.sh'
needs:
- release-branch
- release-content
when: manual
interruptible: false
- nix-shell -p git git-lfs coreutils openssh --run './nix/frama-c-public/publish-opam.sh'
interruptible: false
release-website:
stage: release
- nix-shell -p git git-lfs coreutils openssh --run './nix/frama-c-public/publish-website.sh'
interruptible: false
release-wiki:
stage: release
- nix-shell -p git git-lfs coreutils openssh --run './nix/frama-c-public/publish-wiki.sh'
################################################################################
# publish stage is used to push the current master branch of Frama-C and
# associated plugins from the internal frama-c group to the public pub group.
#
# For that, it uses the 'frama-c to frama-c-public' publish key. Thus, to publish
# a new plugin (while keeping its main repository internal), you can add a new
# target to this stage, adapting the script for MetAcsl or Frama-Clang to your
# own plugin.
#
# You must also activate the publish key on both frama-c/my_plugin
# and pub/my_plugin repositories (the former should be read-only, the latter
# must provide write access to the publish key).
# Do not forget to trigger the target only on schedules, so that all public
# repositories stay synchronized.
variables:
BRANCH: "master"
REPOSITORY: "frama-c"
- (! git merge-base --is-ancestor a1e186c68a6418a53b3dc06237f49e8dcbf75f4a origin/master)
- nix-shell -p coreutils openssh --run './nix/frama-c-public/publish-branch.sh'
variables:
BRANCH: "master"
REPOSITORY: "frama-clang"
- nix-shell -p coreutils openssh --run './nix/frama-c-public/publish-branch.sh'
variables:
BRANCH: "master"
REPOSITORY: "meta"
- nix-shell -p coreutils openssh --run './nix/frama-c-public/publish-branch.sh'