-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path.cirrus.yml
252 lines (218 loc) · 8 KB
/
.cirrus.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
##################################################################################
# Please note: #
# #
# After updating this file, please also update CI column of the support matrix #
# at https://github.com/zeek/zeek/wiki/Zeek-Operating-System-Support-Matrix #
##################################################################################
cpus: &CPUS 4
btest_jobs: &BTEST_JOBS 4
btest_retries: &BTEST_RETRIES 2
memory: &MEMORY 4GB
config: &CONFIG --build-type=release --enable-cpp-tests --disable-broker-tests --prefix=$CIRRUS_WORKING_DIR/install
static_config: &STATIC_CONFIG --build-type=release --enable-cpp-tests --disable-broker-tests --enable-static-broker --enable-static-binpac --prefix=$CIRRUS_WORKING_DIR/install
sanitizer_config: &SANITIZER_CONFIG --build-type=debug --enable-cpp-tests --disable-broker-tests --sanitizers=address,undefined --enable-fuzzers --enable-coverage
resources_template: &RESOURCES_TEMPLATE
cpu: *CPUS
memory: *MEMORY
macos_resources_template: &MACOS_RESOURCES_TEMPLATE
# https://medium.com/cirruslabs/new-macos-task-execution-architecture-for-cirrus-ci-604250627c94
# suggests we can go faster here:
env:
ZEEK_CI_CPUS: 12
ZEEK_CI_BTEST_JOBS: 12
# No permission to write to default location of /zeek
CIRRUS_WORKING_DIR: /tmp/zeek
ci_template: &CI_TEMPLATE
only_if: >
$CIRRUS_PR != '' ||
( $CIRRUS_REPO_NAME == 'zeek' &&
(
$CIRRUS_BRANCH == 'master' ||
$CIRRUS_BRANCH =~ 'release/.*'
)
)
# Default timeout is 60 minutes, Cirrus hard limit is 120 minutes for free
# tasks, so may as well ask for full time.
timeout_in: 120m
sync_submodules_script: git submodule update --recursive --init
get_external_pcaps_cache:
folder: testing/external/zeek-testing-traces
fingerprint_script: echo zeek-testing-traces
populate_script: ./ci/init-external-repos.sh
init_external_repos_script: ./ci/init-external-repos.sh
build_script: ./ci/build.sh
test_script: ./ci/test.sh
on_failure:
upload_btest_tmp_dir_artifacts:
path: "testing/**/tmp.tar.gz"
always:
upload_btest_xml_results_artifacts:
path: "testing/**/btest-results.xml"
type: text/xml
format: junit
upload_btest_html_results_artifacts:
path: "testing/**/btest-results.html"
type: text/html
env:
CIRRUS_WORKING_DIR: /zeek
ZEEK_CI_CPUS: *CPUS
ZEEK_CI_BTEST_JOBS: *BTEST_JOBS
ZEEK_CI_BTEST_RETRIES: *BTEST_RETRIES
ZEEK_CI_CONFIGURE_FLAGS: *CONFIG
# This is a single-purpose, read-only GitHub deploy key (SSH private key) for
# the zeek-testing-private repository.
ZEEK_TESTING_PRIVATE_SSH_KEY: ENCRYPTED[!dbdba93df9c166f926480cebff52dab303589257b3b3ee53aa392021aff2881ed9aafefef26aa9a1b71a49d663d1361c!]
# This is the key used to create HMAC auth keys for the benchmark script. This
# was generated by creating a new key using openssl, and then running sha256
# on it.
ZEEK_BENCHMARK_HMAC_KEY: ENCRYPTED[412224bbea9652030da976537f4d96c79ee79a0ba5a2f93b6c32953e1be0362defdf5fa07b3dc54ae61f9a52be30eac7]
# This is the https endpoint host and port used for benchmarking. It's kept
# encrypted as a security measure to avoid leaking the host's information.
ZEEK_BENCHMARK_HOST: ENCRYPTED[62ecdc93e839800d754d09d9a9070e9cb9b209e7d7dd2472ba38648f786ff272d0e0ea71233d0910025f2c6f3771259c]
ZEEK_BENCHMARK_PORT: ENCRYPTED[fb34ae2d51bac798fc01da052f3772154e17bbe2c1c5615509e82935248e748053fda399a0caf909632b6272cebff9f4]
# The repo token used for uploading data to Coveralls.io
ZEEK_COVERALLS_REPO_TOKEN: ENCRYPTED[7ffd1e041f848f02b62f5abc7fda8a5a8a1561fbb2b46d88cefb67c74408ddeef6ea6f3b279c7953ca14ae9b4d050e2d]
# Linux EOL timelines: https://linuxlifecycle.com/
# Fedora (~13 months): https://fedoraproject.org/wiki/Fedora_Release_Life_Cycle
fedora33_task:
container:
# Fedora 33 EOL: Around November 2022
dockerfile: ci/fedora-33/Dockerfile
<< : *RESOURCES_TEMPLATE
<< : *CI_TEMPLATE
fedora32_task:
container:
# Fedora 32 EOL: Around May 2021
dockerfile: ci/fedora-32/Dockerfile
<< : *RESOURCES_TEMPLATE
<< : *CI_TEMPLATE
centosstream8_task:
container:
# Stream 8 support should be 5 years, so until 2024. but I cannot find a concrete timeline --cpk
dockerfile: ci/centos-stream-8/Dockerfile
<< : *RESOURCES_TEMPLATE
<< : *CI_TEMPLATE
centos8_task:
container:
# CentOS 8 EOL: May 31, 2029
dockerfile: ci/centos-8/Dockerfile
<< : *RESOURCES_TEMPLATE
env:
ZEEK_CI_CREATE_ARTIFACT: 1
<< : *CI_TEMPLATE
upload_binary_artifacts:
path: build.tgz
benchmark_script: ./ci/benchmark.sh
centos7_task:
container:
# CentOS 7 EOL: June 30, 2024
dockerfile: ci/centos-7/Dockerfile
<< : *RESOURCES_TEMPLATE
<< : *CI_TEMPLATE
debian10_task:
container:
# Debian 10 EOL: June 2024
dockerfile: ci/debian-10/Dockerfile
<< : *RESOURCES_TEMPLATE
<< : *CI_TEMPLATE
debian10_static_task:
container:
# Just uses a recent/common distro to run a static compile test.
# Debian 10 EOL: June 2024
dockerfile: ci/debian-10/Dockerfile
<< : *RESOURCES_TEMPLATE
<< : *CI_TEMPLATE
env:
ZEEK_CI_CONFIGURE_FLAGS: *STATIC_CONFIG
debian9_task:
container:
# Debian 9 EOL: June 2022
dockerfile: ci/debian-9/Dockerfile
<< : *RESOURCES_TEMPLATE
<< : *CI_TEMPLATE
debian9_32bit_task:
container:
# Debian 9 EOL: June 2022
dockerfile: ci/debian-9-32bit/Dockerfile
<< : *RESOURCES_TEMPLATE
<< : *CI_TEMPLATE
opensuse_leap_15_2_task:
container:
# Opensuse Leap 15.2 EOL: Dec 2021
dockerfile: ci/opensuse-leap-15.2/Dockerfile
<< : *RESOURCES_TEMPLATE
<< : *CI_TEMPLATE
ubuntu20_task:
container:
# Ubuntu 20.04 EOL: April 2025
dockerfile: ci/ubuntu-20.04/Dockerfile
<< : *RESOURCES_TEMPLATE
<< : *CI_TEMPLATE
ubuntu18_task:
container:
# Ubuntu 18.04 EOL: April 2023
dockerfile: ci/ubuntu-18.04/Dockerfile
<< : *RESOURCES_TEMPLATE
<< : *CI_TEMPLATE
ubuntu16_task:
container:
# Ubuntu 16.04 EOL: April 2021
dockerfile: ci/ubuntu-16.04/Dockerfile
<< : *RESOURCES_TEMPLATE
<< : *CI_TEMPLATE
alpine_task:
container:
# Alpine releases typically happen every 6 months w/ support for 2 years.
# The Dockerfile simply tracks latest Alpine release and shouldn't
# generally need updating based on particular Alpine release timelines.
dockerfile: ci/alpine/Dockerfile
<< : *RESOURCES_TEMPLATE
<< : *CI_TEMPLATE
# Apple doesn't publish official long-term support timelines.
# We aim to support both the current and previous macOS release.
macos_big_sur_task:
macos_instance:
image: big-sur-base
prepare_script: ./ci/macos/prepare.sh
<< : *CI_TEMPLATE
<< : *MACOS_RESOURCES_TEMPLATE
macos_catalina_task:
macos_instance:
image: catalina-xcode-11.6
prepare_script: ./ci/macos/prepare.sh
<< : *CI_TEMPLATE
<< : *MACOS_RESOURCES_TEMPLATE
# FreeBSD EOL timelines: https://www.freebsd.org/security/security.html#sup
freebsd12_task:
freebsd_instance:
# FreeBSD 12 EOL: June 30, 2024
image_family: freebsd-12-2
cpu: 8
# Not allowed to request less than 8GB for an 8 CPU FreeBSD VM.
memory: 8GB
prepare_script: ./ci/freebsd/prepare.sh
<< : *CI_TEMPLATE
freebsd11_task:
freebsd_instance:
# FreeBSD 11 EOL: September 30, 2021
image_family: freebsd-11-4
cpu: 8
# Not allowed to request less than 8GB for an 8 CPU FreeBSD VM.
memory: 8GB
prepare_script: ./ci/freebsd/prepare.sh
<< : *CI_TEMPLATE
sanitizer_task:
container:
# Just uses a recent/common distro to run memory error/leak checks.
dockerfile: ci/ubuntu-18.04/Dockerfile
cpu: 4
# AddressSanitizer uses a lot more memory than a typical config.
memory: 12GB
<< : *CI_TEMPLATE
test_fuzzers_script: ./ci/test-fuzzers.sh
coverage_script: ./ci/upload-coverage.sh
env:
CXXFLAGS: -DZEEK_DICT_DEBUG
ZEEK_CI_CONFIGURE_FLAGS: *SANITIZER_CONFIG
ZEEK_TAILORED_UB_CHECKS: 1
UBSAN_OPTIONS: print_stacktrace=1