diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 2bbe3b5fd2fb8529afa47566272ea85c9c7379fd..a5202eb05ba486db3a7b899c6ae902d99fc761db 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -5,8 +5,8 @@ stages: - deploy variables: SHA_IMAGE_TAG: "$CI_REGISTRY_IMAGE/$CI_COMMIT_REF_SLUG:$CI_COMMIT_SHA" - CMAKE_OPTIONS: "-GNinja" - SAST_DISABLED: "true" + SHA_MANYLINUX_IMAGE_TAG: "$CI_REGISTRY_IMAGE/$CI_COMMIT_REF_SLUG:manylinux-$CI_COMMIT_SHA" + CMAKE_OPTIONS: "-GNinja -DCMAKE_BUILD_TYPE=Debug" cache: paths: - ccache @@ -33,6 +33,17 @@ devel-container-merge-request: - docker push $SHA_IMAGE_TAG only: - merge_requests +devel-container-manylinux-merge-request: + stage: prepare + image: docker:19.03 + tags: + - docker-runner + script: + - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY + - docker build -t $SHA_MANYLINUX_IMAGE_TAG -f docker/manylinux-2014.Dockerfile . + - docker push $SHA_MANYLINUX_IMAGE_TAG + only: + - merge_requests compile: stage: build image: "$SHA_IMAGE_TAG" @@ -74,6 +85,7 @@ compile-merge-request: - ccache --zero-stats || true - ccache --show-stats || true script: + - export CCACHE_DIR="$PWD/ccache" - mkdir -p build - cd build - cmake $CMAKE_OPTIONS .. @@ -83,6 +95,32 @@ compile-merge-request: - ccache --show-stats only: - merge_requests +compile-merge-request-manylinux: + stage: build + image: "$SHA_MANYLINUX_IMAGE_TAG" + tags: + - docker-runner + artifacts: + expire_in: 1 hr + paths: + - build-manylinux + before_script: + - export CCACHE_BASEDIR="$PWD" + - export CCACHE_DIR="$PWD/ccache-manylinux" + - export CCACHE_COMPILERCHECK=content + - ccache --zero-stats || true + - ccache --show-stats || true + script: + - export CCACHE_DIR="$PWD/ccache-manylinux" + - mkdir -p build-manylinux + - cd build-manylinux + - cmake $CMAKE_OPTIONS -DBOOST_INCLUDEDIR=/usr/include/boost169 -DBOOST_LIBRARYDIR=/usr/lib64/boost169 .. + - ninja + after_script: + - export CCACHE_DIR="$PWD/ccache-manylinux" + - ccache --show-stats + only: + - merge_requests unit-tests: stage: test image: "$SHA_IMAGE_TAG" @@ -93,6 +131,16 @@ unit-tests: - ctest -V only: - merge_requests +unit-tests-manylinux: + stage: test + image: "$SHA_MANYLINUX_IMAGE_TAG" + tags: + - docker-runner + script: + - cd build-manylinux + - ctest -V + only: + - merge_requests pages: stage: deploy image: "$SHA_IMAGE_TAG" @@ -105,17 +153,13 @@ pages: - public only: - master - include: - - template: Security/SAST.gitlab-ci.yml - -flawfinder-sast: +- template: Security/SAST.gitlab-ci.yml +sast: + variables: + SAST_EXCLUDED_PATHS: _skbuild, 3rdparty, binpackage, CMake, common, docker, docs, + examples, java, out, python, tests + SAST_EXCLUDED_ANALYZERS: bandit, brakeman, eslint, gosec, kubesec, nodejs-scan, + phpcs-security-audit, pmd-apex, security-code-scan, semgrep, sobelow, spotbugs + SAST_FLAWFINDER_LEVEL: '4' stage: test - rules: - - if: $CI_COMMIT_BRANCH - exists: - - '**/*.c' - - '**/*.cpp' - - '**/*.h' - script: - - flawfinder src diff --git a/docker/manylinux-2014.Dockerfile b/docker/manylinux-2014.Dockerfile index 028e67f70caf63886eafde9a19c5c67a0dacbe4e..191bed3eb655b87e2615768878d316a1606de6ff 100644 --- a/docker/manylinux-2014.Dockerfile +++ b/docker/manylinux-2014.Dockerfile @@ -3,13 +3,15 @@ FROM quay.io/pypa/manylinux2014_x86_64 RUN curl -sSL -o ninja.zip "https://github.com/ninja-build/ninja/releases/download/v1.10.2/ninja-linux.zip" RUN unzip ninja.zip && mv ninja /usr/local/bin/ && rm -vf ninja* && ln -s /usr/local/bin/ninja /usr/local/bin/ninja-build -RUN yum install -y vim less gdb java-1.8.0-openjdk-devel libxml2-devel zlib-devel boost169-devel openssl-devel libcurl-devel libuv-devel libuuid-devel +RUN yum install -y vim less gdb java-1.8.0-openjdk-devel libxml2-devel zlib-devel boost169-devel openssl-devel libcurl-devel libuv-devel libuuid-devel ccache -RUN /opt/python/cp36-cp36m/bin/python -m pip install scikit-build -RUN /opt/python/cp37-cp37m/bin/python -m pip install scikit-build -RUN /opt/python/cp38-cp38/bin/python -m pip install scikit-build -RUN /opt/python/cp39-cp39/bin/python -m pip install scikit-build -RUN /opt/python/cp310-cp310/bin/python -m pip install scikit-build +COPY python/requirements-dev-with-docs.txt /tmp/requirements-dev.txt + +RUN /opt/python/cp36-cp36m/bin/python -m pip install -r /tmp/requirements-dev.txt +RUN /opt/python/cp37-cp37m/bin/python -m pip install -r /tmp/requirements-dev.txt +RUN /opt/python/cp38-cp38/bin/python -m pip install -r /tmp/requirements-dev.txt +RUN /opt/python/cp39-cp39/bin/python -m pip install -r /tmp/requirements-dev.txt +RUN /opt/python/cp310-cp310/bin/python -m pip install -r /tmp/requirements-dev.txt COPY docker/build_scripts/centos7_build.sh /build_and_install_openvds.sh # cmake -DCMAKE_BUILD_TYPE=Debug -GNinja -DBOOST_INCLUDEDIR=/usr/include/boost169 -DBOOST_LIBRARYDIR=/usr/lib64/boost169 ..