-
Notifications
You must be signed in to change notification settings - Fork 1
/
.gitlab-ci.yml
376 lines (348 loc) · 12.4 KB
/
.gitlab-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
# Only spawn workflows for MRs or branches without MRs
workflow:
auto_cancel:
on_job_failure: all
on_new_commit: interruptible
rules:
- if: $CI_COMMIT_REF_PROTECTED == "true"
auto_cancel:
on_job_failure: none
on_new_commit: none
when: always
- if: $CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_REF_PROTECTED != "true"
when: never
- when: always
stages:
- lint
- test
- package
- deploy
include:
# Scan for common secrets
- template: Security/Secret-Detection.gitlab-ci.yml
# Ensure pre-commit linters pass
- component: gitlab.com/blue42u/ci.pre-commit/lite@0.2
# Main image for building and testing
- component: &ci_predeps gitlab.com/blue42u/ci.predeps/buildah@1
inputs:
<<: &ci_predeps_shared
fallback_registry: registry.gitlab.com/hpctoolkit/hpcviewer/ci.predeps
name: main-jdk17-amd64
build_args: JDK_OS=17-focal
- component: *ci_predeps
inputs:
<<: *ci_predeps_shared
name: main-jdk17-arm64
platform: linux/arm64
job_tags: [saas-linux-medium-arm64]
build_args: JDK_OS=17-focal
# Secondary images for different versions of the JDK
- component: *ci_predeps
inputs:
<<: *ci_predeps_shared
name: main-jdk21-amd64
build_args: JDK_OS=21-jammy
- component: *ci_predeps
inputs:
<<: *ci_predeps_shared
name: main-jdk21-arm64
platform: linux/arm64
job_tags: [saas-linux-medium-arm64]
build_args: JDK_OS=21-jammy
# Pre-build lightweight images to emulate an X11 server for testing
- component: *ci_predeps
inputs:
<<: *ci_predeps_shared
name: xvfb-amd64
containerfile: .ci.predeps/Containerfile.xvfb
ignorefile: .ci.predeps/ignore.xvfb
- component: *ci_predeps
inputs:
<<: *ci_predeps_shared
name: xvfb-arm64
platform: linux/arm64
job_tags: [saas-linux-medium-arm64]
containerfile: .ci.predeps/Containerfile.xvfb
ignorefile: .ci.predeps/ignore.xvfb
default:
retry:
max: 2
when:
- unknown_failure
- api_failure
- runner_system_failure
.maven:
image: $PREDEPS_IMAGE_MAIN_JDK17_AMD64
needs: ['predeps: [main-jdk17-amd64]']
# Settings to cache Maven downloads
before_script:
- mkdir -p .m2-repository/ && rm -rf ~/.m2/repository
- ln -s "`realpath .m2-repository/`" ~/.m2/repository
cache:
key: maven
paths:
- .m2-repository
when: always
# Detect any secrets and report if there are problems
secret_detection:
stage: lint
interruptible: true
needs: []
tags: [saas-linux-small-amd64]
rules:
- when: always
# Lint the code with PMD and CMD
pmd:
extends: .maven
interruptible: true
stage: lint
image: $PREDEPS_IMAGE_MAIN_JDK17_AMD64
tags: [saas-linux-small-amd64]
needs: ['predeps: [main-jdk17-amd64]']
allow_failure:
exit_codes: 42
script:
- mvn package pmd:aggregate-pmd -Dformat=net.sourceforge.pmd.renderers.CodeClimateRenderer
- mvn package pmd:aggregate-cpd -Dformat=xml
# Convert from PMD's null-terminated list to a proper Code Climate report
- python3 scripts/pmd2cq.py target/pmd.json > cq.json
# Warn if CPD found any duplications, and refer to the HTML report if needed
- |
if grep -q '<duplication' target/cpd.xml; then
echo "CPD found a duplication, see the HTML report for details:"
echo " ${CI_JOB_URL}/artifacts/file/target/site/cpd.html"
exit 42
else
STATUS=$?
if [ "$STATUS" -ne 1 ]; then
exit $STATUS
fi
fi
artifacts:
when: always
reports:
codequality:
- cq.json
paths:
- target/site
# Run all the tests within the Viewer and make sure everything passes
test jdk17 amd64:
extends: .maven
interruptible: true
stage: test
image: $PREDEPS_IMAGE_MAIN_JDK17_AMD64
tags: [saas-linux-small-amd64]
parallel:
matrix:
- WM: [metacity]
needs:
- 'predeps: [main-jdk17-amd64]'
- 'predeps: [xvfb-amd64]'
# A running X server is required for tests to complete, we use Xvfb
services:
- name: $PREDEPS_IMAGE_XVFB_AMD64
alias: wm
variables:
DISPLAY: 'wm:99'
script:
# Run Maven to build and test everything, but delay the exit until the end
- mvn --fail-at-end clean verify -Pjacoco || FAIL=1
# Report the coverage % to the log
- ./scripts/extract-coverage.sh tests/edu.rice.cs.hpctest.report/target/site/jacoco-aggregate/jacoco.xml
# Convert the JaCoCo results into Cobertura for GitLab visualization
- >-
python3 scripts/cover2cover.py tests/edu.rice.cs.hpctest.report/target/site/jacoco-aggregate/jacoco.xml
$CI_PROJECT_DIR/edu.rice.cs.*/src
$CI_PROJECT_DIR/externals/*/src
> coverage.xml
# If Maven failed, we fail
- test -z "$FAIL"
coverage: '/COMPLEXITY coverage: .*%/'
artifacts:
when: always
paths:
- tests/edu.rice.cs.hpctest.report/target/site/jacoco-aggregate/
reports:
junit: tests/*/target/surefire-reports/TEST-*.xml
coverage_report:
coverage_format: cobertura
path: coverage.xml
test jdk21 amd64:
extends: test jdk17 amd64
image: $PREDEPS_IMAGE_MAIN_JDK21_AMD64
needs:
- 'predeps: [main-jdk21-amd64]'
- 'predeps: [xvfb-amd64]'
test jdk17 arm64:
extends: test jdk17 amd64
image: $PREDEPS_IMAGE_MAIN_JDK17_ARM64
needs:
- 'predeps: [main-jdk17-arm64]'
- 'predeps: [xvfb-arm64]'
services:
- name: $PREDEPS_IMAGE_XVFB_ARM64
alias: wm
tags: [saas-linux-medium-arm64]
test jdk21 arm64:
extends: test jdk17 arm64
image: $PREDEPS_IMAGE_MAIN_JDK21_ARM64
needs:
- 'predeps: [main-jdk21-arm64]'
- 'predeps: [xvfb-arm64]'
# Build the Viewer and package the results for usage by users
package:
extends: .maven
interruptible: true
stage: package
image: $PREDEPS_IMAGE_MAIN_JDK17_AMD64
tags: [saas-linux-small-amd64]
needs: ['predeps: [main-jdk17-amd64]']
variables:
GIT_STRATEGY: clone
GIT_DEPTH: 0
script:
- git describe --tags --debug --always --first-parent > ver.txt
- VERSION=$(cat ver.txt)
- rm ver.txt
- echo "Building version $VERSION"
# For tag pipelines the VERSION should always (always!) be the tag itself
- test -z "$CI_COMMIT_TAG" || test "$VERSION" = "$CI_COMMIT_TAG"
- ./build.sh --create --release "$VERSION"
artifacts:
expose_as: Packages
expire_in: 3 days
paths:
- hpcviewer-linux.gtk.x86_64.tgz
- hpcviewer-linux.gtk.aarch64.tgz
- hpcviewer-linux.gtk.ppc64le.tgz
- hpcviewer-macosx.cocoa.x86_64.zip
- hpcviewer-macosx.cocoa.aarch64.zip
- hpcviewer-win32.win32.x86_64.zip
- hpcdata.tgz
package dmg:
interruptible: true
stage: package
image: macos-14-xcode-15
tags: [saas-macos-medium-m1]
needs: [package]
script:
- macos/notarize.sh -i hpcviewer-macosx.cocoa.x86_64.zip
- macos/notarize.sh -i hpcviewer-macosx.cocoa.aarch64.zip
artifacts:
expose_as: MacOS Packages
expire_in: 3 days
paths:
- hpcviewer-macosx.cocoa.x86_64.dmg
- hpcviewer-macosx.cocoa.aarch64.dmg
# Upload the built artifacts to the package registry
upload:
stage: deploy
image: docker.io/alpine
dependencies: [package, package dmg]
rules:
- if: $CI_COMMIT_REF_PROTECTED == "true" && $CI_COMMIT_TAG
script:
- apk add curl jq
- >-
curl
--header "JOB-TOKEN: $CI_JOB_TOKEN" --upload-file hpcviewer-linux.gtk.x86_64.tgz --fail-with-body --retry 7
"${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/hpcviewer/${CI_COMMIT_TAG}/hpcviewer-linux.gtk.x86_64.tgz"
--next
--header "JOB-TOKEN: $CI_JOB_TOKEN" --upload-file hpcviewer-linux.gtk.aarch64.tgz --fail-with-body --retry 7
"${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/hpcviewer/${CI_COMMIT_TAG}/hpcviewer-linux.gtk.aarch64.tgz"
--next
--header "JOB-TOKEN: $CI_JOB_TOKEN" --upload-file hpcviewer-linux.gtk.ppc64le.tgz --fail-with-body --retry 7
"${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/hpcviewer/${CI_COMMIT_TAG}/hpcviewer-linux.gtk.ppc64le.tgz"
--next
--header "JOB-TOKEN: $CI_JOB_TOKEN" --upload-file hpcviewer-macosx.cocoa.x86_64.dmg --fail-with-body --retry 7
"${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/hpcviewer/${CI_COMMIT_TAG}/hpcviewer-macosx.cocoa.x86_64.dmg"
--next
--header "JOB-TOKEN: $CI_JOB_TOKEN" --upload-file hpcviewer-macosx.cocoa.x86_64.zip --fail-with-body --retry 7
"${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/hpcviewer/${CI_COMMIT_TAG}/hpcviewer-macosx.cocoa.x86_64.zip"
--next
--header "JOB-TOKEN: $CI_JOB_TOKEN" --upload-file hpcviewer-macosx.cocoa.aarch64.dmg --fail-with-body --retry 7
"${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/hpcviewer/${CI_COMMIT_TAG}/hpcviewer-macosx.cocoa.aarch64.dmg"
--next
--header "JOB-TOKEN: $CI_JOB_TOKEN" --upload-file hpcviewer-macosx.cocoa.aarch64.zip --fail-with-body --retry 7
"${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/hpcviewer/${CI_COMMIT_TAG}/hpcviewer-macosx.cocoa.aarch64.zip"
--next
--header "JOB-TOKEN: $CI_JOB_TOKEN" --upload-file hpcviewer-win32.win32.x86_64.zip --fail-with-body --retry 7
"${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/hpcviewer/${CI_COMMIT_TAG}/hpcviewer-win32.win32.x86_64.zip"
> reponse.log
after_script:
- jq -C . < reponse.log
# Make a release for the tag, and add links to all the assets
create release:
stage: deploy
image: registry.gitlab.com/gitlab-org/release-cli:latest
needs: [upload]
tags: [saas-linux-small-amd64]
rules:
- if: $CI_COMMIT_REF_PROTECTED == "true" && $CI_COMMIT_TAG
script:
- echo "Creating release for tag $CI_COMMIT_TAG"
release:
tag_name: $CI_COMMIT_TAG
name: Release $CI_COMMIT_TAG
description: Release $CI_COMMIT_TAG
assets:
links:
- name: for Windows x86_64
link_type: package
url: ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/hpcviewer/${CI_COMMIT_TAG}/hpcviewer-win32.win32.x86_64.zip
filepath: /hpcviewer-win32.win32.x86_64.zip
- name: for MacOS aarch64 (zip)
link_type: package
url: ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/hpcviewer/${CI_COMMIT_TAG}/hpcviewer-macosx.cocoa.aarch64.zip
filepath: /hpcviewer-macosx.cocoa.aarch64.zip
- name: for MacOS aarch64
link_type: package
url: ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/hpcviewer/${CI_COMMIT_TAG}/hpcviewer-macosx.cocoa.aarch64.dmg
filepath: /hpcviewer-macosx.cocoa.aarch64.dmg
- name: for MacOS x86_64 (zip)
link_type: package
url: ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/hpcviewer/${CI_COMMIT_TAG}/hpcviewer-macosx.cocoa.x86_64.zip
filepath: /hpcviewer-macosx.cocoa.x86_64.zip
- name: for MacOS x86_64
link_type: package
url: ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/hpcviewer/${CI_COMMIT_TAG}/hpcviewer-macosx.cocoa.x86_64.dmg
filepath: /hpcviewer-macosx.cocoa.x86_64.dmg
- name: for Linux ppc64le
link_type: package
url: ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/hpcviewer/${CI_COMMIT_TAG}/hpcviewer-linux.gtk.ppc64le.tgz
filepath: /hpcviewer-linux.gtk.ppc64le.tgz
- name: for Linux aarch64
link_type: package
url: ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/hpcviewer/${CI_COMMIT_TAG}/hpcviewer-linux.gtk.aarch64.tgz
filepath: /hpcviewer-linux.gtk.aarch64.tgz
- name: for Linux x86_64
link_type: package
url: ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/hpcviewer/${CI_COMMIT_TAG}/hpcviewer-linux.gtk.x86_64.tgz
filepath: /hpcviewer-linux.gtk.x86_64.tgz
# Render the documentation in HTML
documentation:
extends: .maven
stage: package
script:
- (cd doc/ && mvn site site:stage) || exit $?
- mkdir -p target/
- mv -T doc/target/staging/ target/staging/
artifacts:
expose_as: 'Rendered documentation'
paths:
- target/staging/
# Publish the rendered documentation to GitLab Pages for easy browsing from the web.
# FIXME: Currently this only happens for the default branch. Eventually we should extend this to
# include protected tags (releases) as well, once multiple deployments are easy.
# See https://gitlab.com/gitlab-org/gitlab/-/issues/422145 and https://gitlab.com/groups/gitlab-org/-/epics/10914.
pages:
stage: deploy
image: docker.io/alpine
needs: [documentation]
rules:
- if: $CI_COMMIT_REF_PROTECTED == "true" && $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
script:
- mv -T target/staging/ public/
- echo "Deploying documentation to ${CI_PAGES_URL}"
artifacts:
paths: [public/]