-
Notifications
You must be signed in to change notification settings - Fork 12
/
Copy path.gitlab-ci.yml
72 lines (67 loc) · 3.5 KB
/
.gitlab-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
workflow:
rules:
# Prevent running duplicate pipelines of both branch and MR
- if: $CI_COMMIT_BRANCH && $CI_OPEN_MERGE_REQUESTS && $CI_PIPELINE_SOURCE == "push"
when: never
# Prevent running a pipeline if the commit message contains -wip
- if: $CI_COMMIT_MESSAGE =~ /-wip/
when: never
# In all other cases, run the pipeline
- when: always
stages:
- lint
- build
- test
rpmlint:
stage: lint
rules:
# Only run rpm linter if the spec file has been modified
- if: $CI_COMMIT_BRANCH || $CI_MERGE_REQUEST_IID
changes:
compare_to: 'refs/heads/RHEL9'
paths:
- 'packages/selinux-policy/selinux-policy.spec'
script:
# rpmlint does not understand that we pass pkgname, version, and release in via rpm args (--define) in the Makefile.
# We will not be fixing the specific rpmlint errors below, so we whitelist them.
# The purpose of this is to make sure to fail the GitLab pipeline if we introduce new errors to the spec file. Note that
# regex could be used more extensively in the whitelist, but we want to be as specific as possible in order to prevent
# accidently allowing more errors through.
- |
echo -ne "
addFilter(\"selinux-policy.spec: E: specfile-error warning: line 8: Possible unexpanded macro in: Name: %{pkgname}\")\n
addFilter(\"selinux-policy.spec: E: specfile-error warning: line 9: Possible unexpanded macro in: Version: %{version}\")\n
addFilter(\"selinux-policy.spec: E: specfile-error warning: line 10: Possible unexpanded macro in: Release: %{release}\")\n
addFilter(\"selinux-policy.spec: line 14: Too many levels of recursion in macro expansion. It is likely caused by recursive macro declaration.\")\n
addFilter(\"selinux-policy.spec: E: specfile-error error: query of specfile .+selinux-policy.spec failed, can't parse\")
" > rpmlint_whitelist.txt
# Run rpmlint against the spec file, make sure GitLab gets the correct return code here using the echo trick
- rpmlint -f rpmlint_whitelist.txt packages/selinux-policy/selinux-policy.spec && echo $?
selint:
stage: lint
script:
# selint will not be able to resolve interfaces and types unless policy is compiled using the 'policy' target
# found in the refpol/child Makefile (<repo_root>/packages/selinux-policy/selinux-policy/Makefile).
# This is primarily due to the way the corenetwork module is built. Unlike other modules, the corenetwork.if
# and corenetwork.te files are generated during the build and are not tracked by git.
- echo -e "\e[0Ksection_start:`date +%s`:pol_build[collapsed=true]\r\e[0KCompile policy for dev/testing purposes"
- make -C packages/selinux-policy/selinux-policy policy
- echo -e "\e[0Ksection_end:`date +%s`:pol_build\r\e[0K"
# Run selint against the source policy, make sure GitLab gets the correct return code here using the echo trick
- selint -sr --full-path --color=on --disable=W-005 --disable=C-001 --disable=C-005 --disable=C-006 --disable=C-008 packages/selinux-policy/ && echo $?
selinux_policy:
stage: build
interruptible: true
before_script:
# Since we are using a shell runner, ensure we are working from a clean state.
- make -C packages/selinux-policy/ bare
- rm -fr packages/selinux-policy/*.rpm
script:
- make -C packages/selinux-policy/
artifacts:
name: "selinux_rpms_${CI_COMMIT_SHORT_SHA}"
paths:
- packages/selinux-policy/*.rpm
mock_install:
stage: test
script: rpm -Uvh --test packages/selinux-policy/*.rpm