-
Notifications
You must be signed in to change notification settings - Fork 12
/
Copy path.gitlab-ci.yml
392 lines (364 loc) · 11.1 KB
/
.gitlab-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
# NOTE(lb): The master/stable branch distinction is documented in
# doc/hacking.rst under "CI and Git Branches".
stages:
- cleanup
- prepare
- lint
- build
- test
- test-sanitized
- dist
- integration
variables:
GIT_STRATEGY: fetch
GIT_SUBMODULE_STRATEGY: none
# Carbon (the test runner) has 32 cores, but jobs are often running in
# parallel so we set parallelism to 16 to reduce contention.
PARALLELISM: 16
CI_CACHE_TAG: $CI_COMMIT_REF_SLUG
CI_TAG: $CI_COMMIT_SHA
GIT_CLEAN_FLAGS: -ffdx -e .shake/
COMPOSE_HTTP_TIMEOUT: 600
default:
interruptible: true
# Jobs that extend this ruleset are typically integration tests that should
# only be run on "stable", MRs into "stable", or on schedules
.on-stable:
rules:
- if: '$CI_MERGE_REQUEST_TARGET_BRANCH_NAME == "stable" || $CI_COMMIT_BRANCH == "stable" || $SCHEDULE'
# Like on-stable, but only for scheduled actions.
.on-schedule:
rules:
- if: '$SCHEDULE'
# Most jobs that don't extend ".on-stable" should extend this. This ruleset
# prevents the creation of "detached" pipelines on merge requests (MRs) into
# branches other than "stable", while ensuring that _all_ jobs run on MRs into
# stable.
#
# See the following Gitlab documentation:
# https://docs.gitlab.com/ee/ci/yaml/README.html#exclude-jobs-with-rules-from-certain-pipelines
.default-rules:
rules:
- if: '$CI_MERGE_REQUEST_TARGET_BRANCH_NAME && $CI_MERGE_REQUEST_TARGET_BRANCH_NAME != "stable"'
when: never
- when: on_success
.build-docker:
extends: .default-rules
tags: [docker]
image: docker:stable
before_script:
- ./ci/docker_login.sh
.prepare:
extends: .build-docker
stage: prepare
dependencies: []
prepare:docker:
extends: .prepare
script:
- ./ci/docker_build.sh "mate-dev" "dev"
lint:
stage: lint
image: $REGISTRY_HOST/mate-dev:$CI_TAG
needs: ["prepare:docker"]
extends: .default-rules
dependencies: []
before_script:
- . ./ci/ssh.sh
- git submodule sync --recursive
- git submodule update --init --recursive llvm/PointerAnalysis
script:
- git fetch origin master
- ./shake.sh -j$PARALLELISM lint
artifacts:
paths:
- shake/dist-newstyle
build:docker:bdist:
stage: build
image: $REGISTRY_HOST/mate-dev:$CI_TAG
needs: ["prepare:docker", "lint"]
extends: .default-rules
before_script:
- . ./ci/ssh.sh
- git submodule sync --recursive
- git submodule update --init --recursive llvm/PointerAnalysis
- git submodule update --init --recursive submodules/manticore
script:
- |
if ./ci/on-stable.sh; then
./shake.sh --release-build -j$PARALLELISM bdist
else
./shake.sh -j$PARALLELISM bdist
fi
artifacts:
paths:
- shake/dist-newstyle
- .shake
- .out/bdist
.alt-build:
stage: build
image: $REGISTRY_HOST/mate-dev:$CI_TAG
needs: ["prepare:docker", "lint"]
extends: .on-stable
before_script:
- . ./ci/ssh.sh
- git submodule sync --recursive
- git submodule update --init --recursive llvm/PointerAnalysis
- git submodule update --init --recursive submodules/manticore
artifacts:
paths:
- .shake
- .out/bdist
build:docker:scan-build:
extends: .alt-build
script:
- >
./shake.sh -j$PARALLELISM --scan-build
.out/bdist/local/lib/{libSoufflePA,libPAPass,libMATE,LLVMNomina,LLVMHeadache}.so
build:docker:address-sanitizer-build:
extends: .alt-build
script:
- ./shake.sh -j$PARALLELISM --sanitize=address bdist
build:docker:undefined-behavior-sanitizer-build:
extends: .alt-build
script:
- ./shake.sh -j$PARALLELISM --sanitize=undefined bdist
.sanitize-docker:
stage: test-sanitized
image: $REGISTRY_HOST/mate-dev:$CI_TAG
extends: .on-stable
script:
- ./shake.sh -j$PARALLELISM --skip=build -k pytests -- -- -vv -x --show-capture=all
artifacts:
paths:
- shake/dist-newstyle
- .out/build/pytests.junit.xml
reports:
junit: .out/build/pytests.junit.xml
sanitize:docker:address-sanitizer-pytests:
needs: ["build:docker:address-sanitizer-build"]
extends: .sanitize-docker
before_script:
- export MATE_SANITIZERS=address
sanitize:docker:undefined-behavior-sanitizer-pytests:
needs: ["build:docker:undefined-behavior-sanitizer-build"]
extends: .sanitize-docker
before_script:
- export MATE_SANITIZERS=undefined
.compose-service:
image: $REGISTRY_HOST/docker-with-compose
extends: .default-rules
.test-docker:
stage: test
image: $REGISTRY_HOST/mate-dev:$CI_TAG
needs: ["build:docker:bdist"]
extends: .default-rules
test:docker:pytests:
extends: .test-docker
before_script:
- |
if ./ci/on-stable.sh; then
export MATE_INTEGRATION_TESTS=1
fi
script:
- ./shake.sh -j$PARALLELISM --skip=build -k pytests -- -- -n $PARALLELISM -x
artifacts:
paths:
- shake/dist-newstyle
- .out/build/pytests.junit.xml
reports:
junit: .out/build/pytests.junit.xml
test:docker:postgres:
stage: test
image: $REGISTRY_HOST/docker-with-compose
needs: ["build:docker:bdist"]
extends: .default-rules
before_script:
- ./ci/docker_login.sh
- |
if ./ci/on-stable.sh; then
export MATE_INTEGRATION_TESTS=1
fi
- docker-compose -p "MATE_test_${CI_COMMIT_SHORT_SHA}" up -d -V db storage mate-runtime-state
script:
- >
MATE_DOCKER_TAG=:$CI_TAG docker-compose -p "MATE_test_${CI_COMMIT_SHORT_SHA}"
-f docker-compose.yml
-f docker-compose.test.yml
run
-e MATE_INTEGRATION_TESTS
-v /builds:/builds
-w ${PWD}
test --skip=build -- -- -n $PARALLELISM -x
after_script:
- >
MATE_DOCKER_TAG=:$CI_TAG docker-compose
-p "MATE_test_${CI_COMMIT_SHORT_SHA}"
-f docker-compose.yml
-f docker-compose.test.yml
stop
- >
MATE_DOCKER_TAG=:$CI_TAG docker-compose
-p "MATE_test_${CI_COMMIT_SHORT_SHA}"
-f docker-compose.yml
-f docker-compose.test.yml
down --volumes --remove-orphans
# These tests invoke manticore and can take a while
test:docker:dwarfcore:
stage: test
image: $REGISTRY_HOST/docker-with-compose
needs: ["build:docker:bdist"]
extends: .default-rules
before_script:
- ./ci/docker_login.sh
- docker-compose -p "MATE_test_dwarfcore_${CI_COMMIT_SHORT_SHA}" up -d -V db storage
script:
- >
MATE_DOCKER_TAG=:$CI_TAG
docker-compose -p "MATE_test_dwarfcore_${CI_COMMIT_SHORT_SHA}"
-f docker-compose.yml
-f docker-compose.test.yml
run
-e MATE_INTEGRATION_TESTS
-v /builds:/builds
-w ${PWD}
dwarfcore-test --skip=build -- -- -n $PARALLELISM -x
after_script:
- >
MATE_DOCKER_TAG=:$CI_TAG docker-compose
-p "MATE_test_dwarfcore_${CI_COMMIT_SHORT_SHA}"
-f docker-compose.yml
-f docker-compose.test.yml
stop
- >
MATE_DOCKER_TAG=:$CI_TAG docker-compose
-p "MATE_test_dwarfcore_${CI_COMMIT_SHORT_SHA}"
-f docker-compose.yml
-f docker-compose.test.yml
down --volumes --remove-orphans
test:docker:mantiserve:
stage: test
image: $REGISTRY_HOST/docker-with-compose
needs: ["build:docker:bdist"]
extends: .default-rules
before_script:
- ./ci/docker_login.sh
- docker-compose -p "MATE_test_mantiserve_${CI_COMMIT_SHORT_SHA}" up -d -V db storage
script:
- >
MATE_DOCKER_TAG=:$CI_TAG
docker-compose -p "MATE_test_mantiserve_${CI_COMMIT_SHORT_SHA}"
-f docker-compose.yml
-f docker-compose.test.yml
run
-e MATE_INTEGRATION_TESTS
-v /builds:/builds
-w ${PWD}
mantiserve-test --skip=build -- -- -n $PARALLELISM -x
after_script:
- >
MATE_DOCKER_TAG=:$CI_TAG docker-compose
-p "MATE_test_mantiserve_${CI_COMMIT_SHORT_SHA}"
-f docker-compose.yml
-f docker-compose.test.yml
stop
- >
MATE_DOCKER_TAG=:$CI_TAG docker-compose
-p "MATE_test_mantiserve_${CI_COMMIT_SHORT_SHA}"
-f docker-compose.yml
-f docker-compose.test.yml
down --volumes --remove-orphans
dist:doc:
stage: dist
rules:
- if: "$SCHEDULE"
when: never
- if: '$CI_COMMIT_BRANCH == "stable" || $CI_COMMIT_BRANCH == "master"'
image: $REGISTRY_HOST/mate-dev:$CI_TAG
needs: ["build:docker:bdist"]
before_script:
- . ./ci/ssh.sh
script:
- |
if [ "${CI_COMMIT_BRANCH}" == "master" ]; then
ssh [email protected] "mkdir /srv/www/mate.galois.com/public_html/$CI_COMMIT_SHORT_SHA"
scp -r .out/bdist/local/doc/html/* [email protected]:/srv/www/mate.galois.com/public_html/$CI_COMMIT_SHORT_SHA/
fi
- ssh [email protected] "ln -sfn /srv/www/mate.galois.com/public_html/$CI_COMMIT_SHORT_SHA /srv/www/mate.galois.com/public_html/$CI_COMMIT_REF_SLUG"
dist:docker:image:
extends: .build-docker
stage: dist
needs: ["test:docker:dwarfcore", "test:docker:mantiserve", "test:docker:pytests", "build:docker:bdist"]
dependencies: ["build:docker:bdist"]
script:
- ./ci/docker_build.sh "mate-dist" "dist"
- ./ci/docker_build.sh "mate-notebook" "notebook"
- ./ci/docker_build.sh "mate-ui" "ui"
integration:challenges:
stage: integration
image: $REGISTRY_HOST/docker-with-compose
needs: ["dist:docker:image"]
before_script:
- . ./ci/ssh.sh
- apk add git
- git submodule update --init submodules/mate-tests
- git submodule update --init --recursive submodules/manticore
- docker-compose -p "MATE_challenge_${CI_COMMIT_SHORT_SHA}" up -d -V db storage mate-runtime-state
extends: .on-stable
script:
- >
MATE_DOCKER_TAG=:$CI_TAG docker-compose -p "MATE_challenge_${CI_COMMIT_SHORT_SHA}"
-f docker-compose.yml
-f docker-compose.test.yml
run
-e MATE_INTEGRATION_TESTS
-v /builds:/builds -w ${PWD}
poi-test
--skip=build
- >
MATE_DOCKER_TAG=:$CI_TAG docker-compose -p "MATE_challenge_${CI_COMMIT_SHORT_SHA}"
-f docker-compose.yml
-f docker-compose.test.yml
run
-e MATE_INTEGRATION_TESTS
-v /builds:/builds -w ${PWD}
challenge-test
--skip=build
after_script:
- >
MATE_DOCKER_TAG=:$CI_TAG docker-compose
-p "MATE_challenge_${CI_COMMIT_SHORT_SHA}"
-f docker-compose.yml
-f docker-compose.test.yml
stop
- >
MATE_DOCKER_TAG=:$CI_TAG docker-compose
-p "MATE_challenge_${CI_COMMIT_SHORT_SHA}"
-f docker-compose.yml
-f docker-compose.test.yml
down --volumes --remove-orphans
cleanup:docker-state:
stage: cleanup
image: $REGISTRY_HOST/docker-with-compose
when: manual
allow_failure: true
script:
- >
docker network prune --force
--filter label=com.galois.mate.ci-safe-to-remove
- >
docker volume prune --force
--filter label=com.galois.mate.bdist-volume
- >
docker volume prune --force
--filter label=com.galois.mate.scratch-volume
- >
docker ps
--filter "label=com.docker.compose.project" -q
| xargs -r docker inspect
--format='{{index .Config.Labels "com.docker.compose.project"}}'
| sort
| uniq
| xargs
-I{} -n1 docker-compose --project-name {} down --volumes --remove-orphans
- >
docker system prune --volumes --force