diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index f0f9513..3c9e341 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,115 +1,167 @@ +--- +include: + - remote: 'https://git.scc.kit.edu/KIT-CERT/publish/-/raw/main/gitlab-ci/ssh-config.yml' + - remote: 'https://git.scc.kit.edu/KIT-CERT/publish/-/raw/main/gitlab-ci/build_image.yml' + - remote: 'https://git.scc.kit.edu/KIT-CERT/publish/-/raw/main/gitlab-ci/gbp-pkg.yml' + stages: - - build - - debian-package + - build_image + - build_pkg + +variables: + BUILD_CONTEXT: ci_container + BUILD_FILE: Dockerfile + IMAGE_NAME: pkg_build-exim-encrypt-dlfunc/bullseye + TARGET_REPOSITORY: "bullseye" + .image-buster: - image: '${CONTAINER_REGISTRY_NAME}/exim-encrypt-dlfunc-build-buster' + variables: + IMAGE_NAME: pkg_build-exim-encrypt-dlfunc/buster + BUILD_FILE: Dockerfile.buster + TARGET_REPOSITORY: "buster" -.image-bullseye: - image: '${CONTAINER_REGISTRY_NAME}/exim-encrypt-dlfunc-build-bullseye' +.image-jammy: + variables: + IMAGE_NAME: pkg_build-exim-encrypt-dlfunc/jammy + TARGET_REPOSITORY: "jammy" + BUILD_FILE: Dockerfile.jammy .image-focal: - image: '${CONTAINER_REGISTRY_NAME}/exim-encrypt-dlfunc-build-focal' + variables: + IMAGE_NAME: pkg_build-exim-encrypt-dlfunc/focal + TARGET_REPOSITORY: "focal" + BUILD_FILE: Dockerfile.focal -.code-coverage: - stage: build - script: - - "export PATH=/usr/local/sbin:/usr/local/bin:${PATH}" - - meson build -Db_coverage=true - - cd build - - ninja - - ninja test - - ninja coverage-xml - - grep -Eo 'line-rate="[^"]+"' meson-logs/coverage.xml | head -n 1 | - grep -Eo '[0-9.]+' | awk '{ printf "coverage\x3a %.2f%% of statements\n", $1 * 100 }' - - ninja coverage-html - - mv meson-logs/coveragereport ../coverage - artifacts: - paths: - - coverage/ - reports: - cobertura: build/meson-logs/coverage.xml +build_pkg_image_buster: + extends: + - .image-buster + - build_pkg_image -.build: - stage: build - script: - - which meson - - meson build - - cd build - - ninja - - ninja test - artifacts: - paths: - - build/src/libexim-encrypt-dlfunc.so - - build/src/libexim-encrypt-dlfunc-genkeys - - build/src/libexim-encrypt-dlfunc-decrypt-secretbox - - build/src/libexim-encrypt-dlfunc-decrypt-sealedbox +build_pkg_image_jammy: + extends: + - .image-jammy + - build_pkg_image -.debian-package: - stage: debian-package - script: - - mkdir ~/.gnupg; chown root:root ~/.gnupg; chmod 700 ~/.gnupg - - eval $(gpg-agent --batch --sh --disable-scdaemon) - - echo "pinentry-mode loopback" > ~/.gnupg/gpg.conf - - echo "allow-loopback-pinentry" > ~/.gnupg/gpg-agent.conf - - gpg-connect-agent /bye - - echo $DEBIAN_SIGNING_KEY_ASC | base64 -d | gpg --batch --import --always-trust --yes - - echo "1DC7C2770DC111723D505DD61614D5CDEE1555A7:6:" | gpg --import-ownertrust - - dpkg-buildpackage --sign-key=1DC7C2770DC111723D505DD61614D5CDEE1555A7 - - mv -t . ../*.deb ../*.dsc ../*.tar.gz ../*.changes ../*.buildinfo - artifacts: - paths: - - ./*.deb - - ./*.dsc - - ./*.tar.gz - - ./*.changes - - ./*.buildinfo +build_pkg_image_focal: + extends: + - .image-focal + - build_pkg_image -code-coverage: - extends: - - .image-bullseye - - .code-coverage - needs: [ ] +pkg_buster: + extends: + - .image-buster + - gbp_pkg -build:bullseye: - extends: - - .image-bullseye - - .build - - .code-coverage - needs: [ ] +pkg_focal: + extends: + - .image-focal + - gbp_pkg -build:focal: - extends: - - .image-focal - - .build - needs: [ ] +pkg_jammy: + extends: + - .image-jammy + - gbp_pkg -build:buster: - extends: - - .build - - .image-buster - needs: [ ] - -debian-package:bullseye: - extends: - - .image-bullseye - - .debian-package - dependencies: - - build:bullseye - needs: [ "build:bullseye" ] - -debian-package:focal: - extends: - - .image-focal - - .debian-package - dependencies: - - build:focal - needs: [ "build:focal" ] - -debian-package:buster: - extends: - - .image-buster - - .debian-package - dependencies: - - build:buster - needs: [ "build:buster" ] +#.code-coverage: +# stage: build +# script: +# - "export PATH=/usr/local/sbin:/usr/local/bin:${PATH}" +# - meson build -Db_coverage=true +# - cd build +# - ninja +# - ninja test +# - ninja coverage-xml +# - grep -Eo 'line-rate="[^"]+"' meson-logs/coverage.xml | head -n 1 | +# grep -Eo '[0-9.]+' | awk '{ printf "coverage\x3a %.2f%% of statements\n", $1 * 100 }' +# - ninja coverage-html +# - mv meson-logs/coveragereport ../coverage +# artifacts: +# paths: +# - coverage/ +# reports: +# cobertura: build/meson-logs/coverage.xml +# +#.build: +# stage: build +# script: +# - which meson +# - meson build +# - cd build +# - ninja +# - ninja test +# artifacts: +# paths: +# - build/src/libexim-encrypt-dlfunc.so +# - build/src/libexim-encrypt-dlfunc-genkeys +# - build/src/libexim-encrypt-dlfunc-decrypt-secretbox +# - build/src/libexim-encrypt-dlfunc-decrypt-sealedbox +# +#.debian-package: +# stage: debian-package +# script: +# - mkdir ~/.gnupg; chown root:root ~/.gnupg; chmod 700 ~/.gnupg +# - eval $(gpg-agent --batch --sh --disable-scdaemon) +# - echo "pinentry-mode loopback" > ~/.gnupg/gpg.conf +# - echo "allow-loopback-pinentry" > ~/.gnupg/gpg-agent.conf +# - gpg-connect-agent /bye +# - echo $DEBIAN_SIGNING_KEY_ASC | base64 -d | gpg --batch --import --always-trust --yes +# - echo "1DC7C2770DC111723D505DD61614D5CDEE1555A7:6:" | gpg --import-ownertrust +# - dpkg-buildpackage --sign-key=1DC7C2770DC111723D505DD61614D5CDEE1555A7 +# - mv -t . ../*.deb ../*.dsc ../*.tar.gz ../*.changes ../*.buildinfo +# artifacts: +# paths: +# - ./*.deb +# - ./*.dsc +# - ./*.tar.gz +# - ./*.changes +# - ./*.buildinfo +# +#code-coverage: +# extends: +# - .image-bullseye +# - .code-coverage +# needs: [ ] +# +#build:bullseye: +# extends: +# - .image-bullseye +# - .build +# - .code-coverage +# needs: [ ] +# +#build:focal: +# extends: +# - .image-focal +# - .build +# needs: [ ] +# +#build:buster: +# extends: +# - .build +# - .image-buster +# needs: [ ] +# +#debian-package:bullseye: +# extends: +# - .image-bullseye +# - .debian-package +# dependencies: +# - build:bullseye +# needs: [ "build:bullseye" ] +# +#debian-package:focal: +# extends: +# - .image-focal +# - .debian-package +# dependencies: +# - build:focal +# needs: [ "build:focal" ] +# +#debian-package:buster: +# extends: +# - .image-buster +# - .debian-package +# dependencies: +# - build:buster +# needs: [ "build:buster" ] diff --git a/ci_container/Dockerfile b/ci_container/Dockerfile index 7e1b297..64a841a 100644 --- a/ci_container/Dockerfile +++ b/ci_container/Dockerfile @@ -18,18 +18,17 @@ RUN apt-get update; \ openssl \ pkg-config \ python3-pip \ - libxml2-utils; \ - DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt-get install --no-install-recommends -y \ + libxml2-utils \ debhelper \ debsigs \ devscripts \ dh-make \ git-buildpackage \ gpgv1 \ - meson; \ - DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt-get install --no-install-recommends -y \ + meson \ less \ mc \ + rsync \ openssh-client \ vim; \ DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt-get clean; \ diff --git a/ci_container/Dockerfile.buster b/ci_container/Dockerfile.buster new file mode 100644 index 0000000..64a841a --- /dev/null +++ b/ci_container/Dockerfile.buster @@ -0,0 +1,40 @@ +FROM debian:latest + +LABEL org.opencontainers.image.created=${BUILDTIMESTAMP} \ + org.opencontainers.image.authors="Heiko Reese " \ + org.opencontainers.image.title="exim build container" \ + org.opencontainers.image.description="A buld environment for exim-encrypt-dlfunc" \ + org.opencontainers.image.source="https://git.scc.kit.edu/mail/exim-encrypt-dlfunc/" \ + org.opencontainers.image.licenses="Apache-2.0" + +RUN apt-get update; \ + DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt-get install --no-install-recommends -y \ + build-essential \ + exim4-daemon-heavy \ + exim4-dev \ + gcovr \ + git \ + libsodium-dev \ + openssl \ + pkg-config \ + python3-pip \ + libxml2-utils \ + debhelper \ + debsigs \ + devscripts \ + dh-make \ + git-buildpackage \ + gpgv1 \ + meson \ + less \ + mc \ + rsync \ + openssh-client \ + vim; \ + DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt-get clean; \ + rm -rf /var/lib/apt/lists/*; + +RUN pip3 install --upgrade meson ninja; \ + rm -rf ~/.cache/pip/*; + +WORKDIR /mnt/ diff --git a/ci_container/Dockerfile.focal b/ci_container/Dockerfile.focal new file mode 100644 index 0000000..43e76f9 --- /dev/null +++ b/ci_container/Dockerfile.focal @@ -0,0 +1,41 @@ +FROM docker.io/library/ubuntu:focal + +LABEL org.opencontainers.image.created=${BUILDTIMESTAMP} \ + org.opencontainers.image.authors="Heiko Reese " \ + org.opencontainers.image.title="exim build container" \ + org.opencontainers.image.description="A buld environment for exim-encrypt-dlfunc" \ + org.opencontainers.image.source="https://git.scc.kit.edu/mail/exim-encrypt-dlfunc/" \ + org.opencontainers.image.licenses="Apache-2.0" + + +RUN apt-get update; \ + DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt-get install --no-install-recommends -y \ + build-essential \ + exim4-daemon-heavy \ + exim4-dev \ + gcovr \ + git \ + libsodium-dev \ + openssl \ + pkg-config \ + python3-pip \ + libxml2-utils \ + debhelper \ + debsigs \ + devscripts \ + dh-make \ + git-buildpackage \ + gpgv1 \ + meson \ + less \ + mc \ + rsync \ + openssh-client \ + vim; \ + DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt-get clean; \ + rm -rf /var/lib/apt/lists/*; + +RUN pip3 install --upgrade meson ninja; \ + rm -rf ~/.cache/pip/*; + +WORKDIR /mnt/ diff --git a/ci_container/Dockerfile.jammy b/ci_container/Dockerfile.jammy new file mode 100644 index 0000000..bd6fcc5 --- /dev/null +++ b/ci_container/Dockerfile.jammy @@ -0,0 +1,41 @@ +FROM docker.io/library/ubuntu:jammy + +LABEL org.opencontainers.image.created=${BUILDTIMESTAMP} \ + org.opencontainers.image.authors="Heiko Reese " \ + org.opencontainers.image.title="exim build container" \ + org.opencontainers.image.description="A buld environment for exim-encrypt-dlfunc" \ + org.opencontainers.image.source="https://git.scc.kit.edu/mail/exim-encrypt-dlfunc/" \ + org.opencontainers.image.licenses="Apache-2.0" + + +RUN apt-get update; \ + DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt-get install --no-install-recommends -y \ + build-essential \ + exim4-daemon-heavy \ + exim4-dev \ + gcovr \ + git \ + libsodium-dev \ + openssl \ + pkg-config \ + python3-pip \ + libxml2-utils \ + debhelper \ + debsigs \ + devscripts \ + dh-make \ + git-buildpackage \ + gpgv1 \ + meson \ + less \ + mc \ + rsync \ + openssh-client \ + vim; \ + DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt-get clean; \ + rm -rf /var/lib/apt/lists/*; + +RUN pip3 install --upgrade meson ninja; \ + rm -rf ~/.cache/pip/*; + +WORKDIR /mnt/ diff --git a/debian/rules b/debian/rules index dcdbe7b..a1796b3 100755 --- a/debian/rules +++ b/debian/rules @@ -17,7 +17,6 @@ export DEB_BUILD_MAINT_OPTIONS = hardening=+all %: dh $@ - # dh_make generated override targets # This is example for Cmake (See https://bugs.debian.org/641051 ) #override_dh_auto_configure: