Commit Graph

119 Commits

Author SHA1 Message Date
Hans-Christoph Steiner e7edd96a02
gitlab-ci: use Alpine 3.11 for lint_format_safety_bandit_checks
This should provide a current version of pip to make safety stop
complaining.

3.12/3.11 breaks bandit, probably because of Python 3.8
2020-10-01 13:21:47 +02:00
Hans-Christoph Steiner af4a2ab736 gitlab-ci: speed up test runs that do not need git history
GIT_DEPTH sets how many commits of history to clone in CI Jobs.
gitlab.com defaults to 50 with a max of 1000.  The metadata_v0 job is
the only job that needs history, and it needs more than 50.  So this
sets the default to 1, then metadata_v0 to 1000.

https://docs.gitlab.com/ee/ci/pipelines/settings.html#git-shallow-clone
2020-09-17 15:25:56 +02:00
Hans-Christoph Steiner 59018a887b gitlab-ci: ensure android-23 is present for `fdroid build` test
This test builds https://gitlab.com/fdroid/ci-test-app, which uses android-23
2020-09-17 15:25:56 +02:00
Marcus Hoffmann f6b7572b10 fix fedora test
minimum build tools version is determined by apksigner now.
2020-09-10 18:59:39 +02:00
Marcus Hoffmann 2367461465 tests: debian: apksigner is required for the tests to run now
We need to use a shell wrapper for apksigner though because docker and
binfmt don't play well together
2020-09-10 18:59:39 +02:00
Marcus Hoffmann d9a6bfb0a9 CI: install pyjks as dependency for tests 2020-08-24 21:11:55 +02:00
Hans-Christoph Steiner 62c8fd5999
add Liberapay: field with username as data
Liberapay was originally included using a numeric ID, since they had
not yet finalized the public URLs.  Now it is a username.  So this
logic prefers the username in Liberapay: field, and keeps the old
LiberapayID: to ease migration.  LiberapayID: will not override
Liberapay:.  Clients are expected to prefer Liberapay: over LiberapayID:
2020-06-16 15:35:28 +02:00
Hans-Christoph Steiner bde65aa54d gitlab-ci: switch metadata_v0 test to commit that supports only .yml
37f37ebd88
2020-06-10 10:44:27 +02:00
Hans-Christoph Steiner 37f37ebd88
use default accepted_formats since all the files are .yml anyway 2020-06-10 10:43:21 +02:00
Hans-Christoph Steiner cfa88a5335 gitlab-ci: fix binfmt support for focal to run apksigner
This manually mounts the binfmt_misc dir if its not present.
It seems the Ubuntu/focal release stopped auto-mounting binfmt_misc:
https://bugs.launchpad.net/binfmt-support/+bug/1878413
2020-05-14 11:55:09 +02:00
Hans-Christoph Steiner 0700242416 gitlab-ci: use latest pylint to avoid safety error about vuln 2020-05-11 17:45:33 +02:00
Hans-Christoph Steiner 052e22284b gitlab-ci: show clear error message when one step of job fails 2020-05-11 17:40:21 +02:00
Jochen Sprickerhof 86beac22e2 Use libarchive instead of the Python implementation 2020-04-15 18:27:13 +00:00
Marcus 9d24f2e4a7 add opencollective metadata and index field 2020-03-10 14:56:03 +00:00
Hans-Christoph Steiner ed46afe262
gitlab-ci: ensure git is installed for pip_install job 2020-02-20 16:40:31 +01:00
Hans-Christoph Steiner 3de2d0f56f add basic test suite for gradlew-fdroid
!707
fdroiddata#6216

The se.manyver app is licensed MPL, the files came from:
81d247a6cd
2020-02-13 22:32:51 +01:00
Hans-Christoph Steiner 0fa1f91a23
gitlab-ci: long timeout and many retries for pip installs 2020-01-31 15:38:05 +01:00
Hans-Christoph Steiner 3df276cc3c
fix all bandit B310 urllib_urlopen
"Audit url open for permitted schemes. Allowing use of ‘file:’’ or custom
schemes is often unexpected."

https://bandit.readthedocs.io/en/latest/blacklists/blacklist_calls.html#b310-urllib-urlopen
2020-01-31 15:37:30 +01:00
Hans-Christoph Steiner d8f3d94997
gitlab-ci: remove dscanner exclusions from bandit 2020-01-31 15:37:28 +01:00
Hans-Christoph Steiner cca78114cb
gitlab-ci: fedora no longer installs difftools by default 2019-11-05 15:30:34 +01:00
Hans-Christoph Steiner 8d3512763d
gitlab-ci: use a template for a complete apt CI setup
# Conflicts:
#	.gitlab-ci.yml
2019-09-23 11:50:51 +02:00
Hans-Christoph Steiner 0e40387805
gitlab-ci: switch debian/testing back to pure testing, no sid
The sid packages were needed as a temporary workaround while the new
androguard packages were settling into Debian.
2019-09-23 11:33:00 +02:00
Hans-Christoph Steiner 25548023e0
gitlab-ci: check gradle checksums against official list 2019-09-12 14:18:07 +02:00
Hans-Christoph Steiner a9b8687e94 gitlab-ci: the ubuntu_lts test also tests the PPA 2019-07-02 22:17:06 +02:00
Hans-Christoph Steiner e2351f6c53 gitlab-ci: move pip job to Xenial, Trusty is over 2019-07-02 22:17:06 +02:00
Michael Pöhn 716f84ec5e use actually working bandit version when running tests on alpine 2019-05-24 23:14:20 +02:00
Taco 457cf22361 Added newer ndks, gradles, latest sdk-license, and update java 1.8 version 2019-03-30 17:10:21 -04:00
Michael Pöhn 102340ec5a fix fedora ci tests: install @development-tools
Sometime pip dependencies required a C compiler because they need to
compile something during installation.
2019-03-18 16:01:34 +01:00
Hans-Christoph Steiner 7133cede89 gitlab-ci: add cache, extend timeouts/retries to stabilize Fedora job
This is happening too often:
The downloaded packages were saved in cache until the next successful transaction.
You can remove cached packages by executing 'dnf clean packages'.
Error: Error downloading packages:
  Curl error (28): Timeout was reached for https://mirrors.fedoraproject.org/metalink?repo=updates-released-f29&arch=x86_64 [Connection timed out after 30001 milliseconds]
ERROR: Job failed: exit code 1

https://gitlab.com/fdroid/fdroidserver/-/jobs/152719443

# Conflicts:
#	.gitlab-ci.yml
2019-01-29 13:40:55 +01:00
Hans-Christoph Steiner 3b84a82728 gitlab-ci: fix locale checks in pip_install job 2019-01-29 13:01:25 +01:00
Hans-Christoph Steiner 6925083e57 gitlab-ci: compile locales using gettext and babel 2019-01-28 14:42:29 +01:00
Hans-Christoph Steiner 9a524fa85d bump RELEASE_COMMIT_ID for fixing metadata_v0 test
fdroid/fdroidserver!564
2018-12-06 12:30:46 +01:00
Hans-Christoph Steiner e10c12ffc4 gitlab-ci: fix tests on Fedora
* install `which` and `find` commands used in ./tests/run-tests
* sdkmanager on Fedora needs JAVA_HOME to be set
2018-12-06 12:15:27 +01:00
Hans-Christoph Steiner d9e9cc20aa gitlab-ci: install python3-defusedxml in debian_testing and ubuntu_lts
fdroid/fdroidserver!578
2018-09-19 16:48:00 +02:00
Hans-Christoph Steiner 0cd1e0b172 gitlab-ci: include fdroid in bandit scans 2018-09-07 10:34:56 +02:00
Hans-Christoph Steiner 3ffe2860f3 gitlab-ci: add 'bandit' security scanner to all runs
bandit is used by Radically Open Security and is part of the GitLab Ultimate
Static Application Security Testing (SAST) suite.

https://docs.gitlab.com/ee/user/project/merge_requests/sast.html
2018-08-29 17:48:06 +02:00
Michael Pöhn 14730be812 bump RELEASE_COMMIT_ID for fixing metadata_v0 test 2018-08-02 18:18:07 +02:00
Hans-Christoph Steiner 60ee69b8bd gitlab-ci: pylint<2.0 workaround to avoid typed-ast's gcc requirement
To keep those tests light and small, no gcc please!
* https://gitlab.com/eighthave/fdroidserver/-/jobs/82274815
2018-07-18 17:11:21 +02:00
Hans-Christoph Steiner e3bd293f43 gitlab-ci: point to fixed NoSourceSince commit 2018-07-10 23:48:25 +02:00
Hans-Christoph Steiner 6ca09e1bb2 gitlab-ci: update metadata_v0 test for latest metadata fields
This is a lot easier than trying to do some elaborate multiline sed regexp!

https://gitlab.com/fdroid/fdroidserver/merge_requests/529#note_86955227
2018-07-10 17:26:07 +02:00
Hans-Christoph Steiner a87df29135 gitlab-ci: pep8 has been replaced by pycodestyle 2018-05-29 11:28:08 +02:00
Hans-Christoph Steiner 14127bf418 gitlab-ci: combine all lint/syntax/safety checks into a single job
This should make it easier to accept merge requests where there are only
cosmetic problems with them.  pep8/pylint/pyflakes runs can then be disabled
in the 'test' job by not installing the in the ci-images-server base image.
2018-05-25 12:12:40 +02:00
Hans-Christoph Steiner 74fb07b302 gitlab-ci: switch pyup_io_safety_check to Alpine to be lighter 2018-05-25 09:54:08 +02:00
Hans-Christoph Steiner 6570e85a2b gitlab-ci: new test case of pip installs on Ubuntu/trusty
Ubuntu/trusty is used as the base image for CI systems like Travis, as well
as Microsoft Subsystem for Linux.  SO we need to provide working options.
2018-05-14 15:25:33 +02:00
Hans-Christoph Steiner 54b21a6d22 move pylint run to standalone gitlab-ci job 2018-05-14 15:25:33 +02:00
Hans-Christoph Steiner 3c9cc59c38 gitlab-ci: include fdroiddata yml files in metadata_v0 test 2018-05-14 15:25:33 +02:00
Hans-Christoph Steiner 0bd276de1c gitlab-ci: add new security scanner pyup.io/safety
https://pyup.io/safety/
2018-05-14 15:25:33 +02:00
Hans-Christoph Steiner 21a18cf26b gitlab-ci: fix ubuntu_lts test now that its bionic rather than xenial
The new ubuntu:latest image is not set up for non-interactive, so this
gitlab-ci job now needs to do that.
2018-05-04 15:11:25 +02:00
Hans-Christoph Steiner 02107cc5bc gitlab-ci: make ubuntu_lts job test of fdroid/fdroidserver PPA
Now that androguard is working, there should be no need for a specific aapt
version.  The aapt included in Ubuntu LTS should always work fine when
androguard handles the bulk of the work.
2018-03-09 12:00:31 +01:00
Hans-Christoph Steiner 01a73071c7 gitlab-ci: set metadata_v0 test to use 1.0.2 as the baseline 2018-02-23 22:48:44 +01:00