Abandon travis-ci for jenkins

2020-11-23 22:34:05 -05:00 · 2020-11-23 22:34:05 -05:00 · c38dbae2f1
commit c38dbae2f1
parent c5e67c801d
6 changed files with 110 additions and 81 deletions
--- a/.ci/Jenkinsfile
+++ b/.ci/Jenkinsfile
@ -0,0 +1,43 @@
 properties(
    [
        disableConcurrentBuilds()
    ]
 )
 node('linux && docker') {
    try {
    stage('Checkout') {
        //branch name from Jenkins environment variables
        echo "My branch is: ${env.BRANCH_NAME}"
        // this doesn't grab tags pointing to this branch
        //checkout scm
        // this hack does... https://issues.jenkins.io/browse/JENKINS-45164
        checkout([
            $class: 'GitSCM',
            branches: [[name: 'refs/heads/'+env.BRANCH_NAME]],
            extensions: [[$class: 'CloneOption', noTags: false, shallow: false, depth: 0, reference: '']],
            userRemoteConfigs: scm.userRemoteConfigs,
        ])
        sh '''
        set -euxo pipefail
        git checkout "$BRANCH_NAME" --
        git reset --hard "origin/$BRANCH_NAME"
        '''
    }
    stage('Build + Deploy') {
        sh 'curl --compressed -sL https://code.moparisthebest.com/moparisthebest/self-ci/raw/branch/master/build-ci.sh | bash'
    }
        currentBuild.result = 'SUCCESS'
    } catch (Exception err) {
        currentBuild.result = 'FAILURE'
    } finally {
        stage('Email') {
            step([$class: 'Mailer', notifyEveryUnstableBuild: true, recipients: 'admin.jenkins@moparisthebest.com', sendToIndividuals: true])
        }
        sh './bin/build.sh docker-chown'
        deleteDir()
    }
 }
--- a/.ci/build.sh
+++ b/.ci/build.sh
@ -1,12 +1,6 @@
 #!/bin/sh
 ARCH="$1"
 set -exu
 # change to the directory this script is in
 cd "$(dirname "$0")"
 # dependencies to build+test pegh
 apk add build-base clang bash libsodium-dev libsodium-static openssl-dev openssl-libs-static
@ -31,11 +25,37 @@ ldd pegh.static.* || true
 export TEST_BINS="./pegh.static.openssl ./pegh.openssl ./pegh.static.libsodium-openssl ./pegh.libsodium-openssl ./pegh.static.libsodium ./pegh.libsodium"
 # as of 27-Nov-2020 aarch64 openssl has a bug which causes the tests to fail, should try to report upstream...
 [ "$ARCH" == "aarch64" ] && export TEST_BINS="./pegh.static.libsodium-openssl ./pegh.libsodium-openssl ./pegh.static.libsodium ./pegh.libsodium"
 # compile dynamically linked versions (with gcc) to openssl and libsodium, then test all 4 against each other
 ./test.sh
 echo "successfully built and tested static pegh against libsodium and openssl!"
 # tests have all passed, move binaries to release directory for later
 mkdir -p release
 mv pegh.static.libsodium "./release/pegh-linux-$ARCH-libsodium"
 # as of 27-Nov-2020 aarch64 openssl has a bug which causes the tests to fail, should try to report upstream...
 if [ "$ARCH" == "aarch64" ]
 then
    rm -f pegh.static.openssl pegh.static.libsodium-openssl
 else
    mv pegh.static.openssl "./release/pegh-linux-$ARCH-openssl"
    mv pegh.static.libsodium-openssl "./release/pegh-linux-$ARCH-libsodium-openssl"
 fi
 # for our native arch, just once, go ahead and archive the git repo too for later release
 if [ "$ARCH" == "amd64" ]
 then
    apk add git
    git archive HEAD -9 --format zip -o ./release/pegh-source.zip
    git archive HEAD -9 --format tar.gz -o ./release/pegh-source.tar.gz
 fi
 if [ "$ARCH" == "amd64" ] || [ "$ARCH" == "i386" ]
 then
@ -44,19 +64,27 @@ echo 'going to try to build windows here...'
 apk add mingw-w64-gcc curl wine
 STATIC_LIB_DIR="$(pwd)"
-LIBSODIUM_VERSION=1.0.18
+LIBSODIUM_VERSION='1.0.18'
 OPENSSL_VERSION='1.1.1h_3'
 OPENSSL_CURL_VERSION='7.73.0_3'
-curl -O https://download.libsodium.org/libsodium/releases/libsodium-${LIBSODIUM_VERSION}-stable-mingw.tar.gz -O https://curl.haxx.se/windows/dl-7.67.0_5/openssl-1.1.1d_5-win64-mingw.zip -O https://curl.haxx.se/windows/dl-7.67.0_5/openssl-1.1.1d_5-win32-mingw.zip
+if [ ! -d "${STATIC_LIB_DIR}/libsodium-win32" ]
 then
-echo "241d6c88c2d79e13dae9f4943804a5a855c7d2904b21f74ebd31b15d056e3a4f  libsodium-${LIBSODIUM_VERSION}-stable-mingw.tar.gz" > libs.sha256
+    # only need to grab/unpack these once
-echo '4f474918a1597d6d1d35e524cf79827623f8ce511259b0047ee95bc0fddbf29c  openssl-1.1.1d_5-win32-mingw.zip' >> libs.sha256
+    curl -L -O https://download.libsodium.org/libsodium/releases/libsodium-${LIBSODIUM_VERSION}-mingw.tar.gz -O https://curl.se/windows/dl-${OPENSSL_CURL_VERSION}/openssl-${OPENSSL_VERSION}-win64-mingw.zip -O https://curl.se/windows/dl-${OPENSSL_CURL_VERSION}/openssl-${OPENSSL_VERSION}-win32-mingw.zip
 echo '936260c5a865c8e3f6af35a5394dd1acc43063a40a206c717350f1a341d8d822  openssl-1.1.1d_5-win64-mingw.zip' >> libs.sha256
    echo "e499c65b1c511cbc6700e436deb3771c3baa737981114c9e9f85f2ec90176861  libsodium-${LIBSODIUM_VERSION}-mingw.tar.gz" > libs.sha256
    echo "fcaa181d848ac56150f00bc46d204d81fde4448a9afe9ef3ca04cc21d3132cb4  openssl-${OPENSSL_VERSION}-win32-mingw.zip" >> libs.sha256
    echo "913ddfa264ed9bae51f9deaa8ebce9d9450fa89fdf4c74ab41a6dfffb5880c67  openssl-${OPENSSL_VERSION}-win64-mingw.zip" >> libs.sha256
    # fail if any of these hashes have changed
    sha256sum -c libs.sha256
-tar xzvf libsodium-${LIBSODIUM_VERSION}-stable-mingw.tar.gz
+    tar xzvf libsodium-${LIBSODIUM_VERSION}-mingw.tar.gz
-unzip openssl-1.1.1d_5-win32-mingw.zip
+    unzip openssl-${OPENSSL_VERSION}-win32-mingw.zip
-unzip openssl-1.1.1d_5-win64-mingw.zip
+    unzip openssl-${OPENSSL_VERSION}-win64-mingw.zip
 fi
 if [ "$ARCH" == "i386" ]
 then
@ -64,10 +92,10 @@ then
 make CC=i686-w64-mingw32-cc PEGH_LIBSODIUM_WIN="${STATIC_LIB_DIR}/libsodium-win32" clean all
 mv pegh.exe pegh-windows-i386-libsodium.exe
-make CC=i686-w64-mingw32-cc PEGH_OPENSSL_WIN="${STATIC_LIB_DIR}/openssl-1.1.1d-win32-mingw" clean all
+make CC=i686-w64-mingw32-cc PEGH_OPENSSL_WIN="${STATIC_LIB_DIR}/openssl-${OPENSSL_VERSION}-win32-mingw" clean all
 mv pegh.exe pegh-windows-i386-openssl.exe
-make CC=i686-w64-mingw32-cc PEGH_OPENSSL_WIN="${STATIC_LIB_DIR}/openssl-1.1.1d-win32-mingw" PEGH_LIBSODIUM_WIN="${STATIC_LIB_DIR}/libsodium-win32" clean all
+make CC=i686-w64-mingw32-cc PEGH_OPENSSL_WIN="${STATIC_LIB_DIR}/openssl-${OPENSSL_VERSION}-win32-mingw" PEGH_LIBSODIUM_WIN="${STATIC_LIB_DIR}/libsodium-win32" clean all
 mv pegh.exe pegh-windows-i386-libsodium-openssl.exe
 fi
@ -82,10 +110,10 @@ export wine="wine64"
 make CC=x86_64-w64-mingw32-cc PEGH_LIBSODIUM_WIN="${STATIC_LIB_DIR}/libsodium-win64" clean all
 mv pegh.exe pegh-windows-amd64-libsodium.exe
-make CC=x86_64-w64-mingw32-cc PEGH_OPENSSL_WIN="${STATIC_LIB_DIR}/openssl-1.1.1d-win64-mingw" clean all
+make CC=x86_64-w64-mingw32-cc PEGH_OPENSSL_WIN="${STATIC_LIB_DIR}/openssl-${OPENSSL_VERSION}-win64-mingw" clean all
 mv pegh.exe pegh-windows-amd64-openssl.exe
-make CC=x86_64-w64-mingw32-cc PEGH_OPENSSL_WIN="${STATIC_LIB_DIR}/openssl-1.1.1d-win64-mingw" PEGH_LIBSODIUM_WIN="${STATIC_LIB_DIR}/libsodium-win64" clean all
+make CC=x86_64-w64-mingw32-cc PEGH_OPENSSL_WIN="${STATIC_LIB_DIR}/openssl-${OPENSSL_VERSION}-win64-mingw" PEGH_LIBSODIUM_WIN="${STATIC_LIB_DIR}/libsodium-win64" clean all
 mv pegh.exe pegh-windows-amd64-libsodium-openssl.exe
 fi
@ -95,9 +123,14 @@ strip *.exe
 ls -lah *.exe
 file *.exe
 # running the test script sometimes locks up wine, I think due to races on creating ~/.wine, so do that first...
 $wine ./pegh-windows-$ARCH-libsodium.exe -h
 # now test windows binaries against the static ones with wine
 # no binfmt here where executing .exe *just works*, so do it hacky way :'(
-export TEST_BINS="./pegh.static.openssl ./pegh.static.libsodium-openssl ./pegh.static.libsodium"
+export TEST_BINS="./release/pegh-linux-$ARCH-openssl ./release/pegh-linux-$ARCH-libsodium-openssl ./release/pegh-linux-$ARCH-libsodium"
 # we've really already tested all of the above against each other, let's just test windows against one
 export TEST_BINS="./release/pegh-linux-$ARCH-openssl"
 for exe in *.exe
 do
@ -114,4 +147,13 @@ done
 echo "windows binaries pass tests through wine!"
 killall pegh-windows-amd64-libsodium-openssl.exe pegh-windows-amd64-libsodium.exe pegh-windows-amd64-openssl.exe pegh-windows-i386-libsodium-openssl.exe pegh-windows-i386-libsodium.exe pegh-windows-i386-openssl.exe || true
 sleep 5
 killall -9 pegh-windows-amd64-libsodium-openssl.exe pegh-windows-amd64-libsodium.exe pegh-windows-amd64-openssl.exe pegh-windows-i386-libsodium-openssl.exe pegh-windows-i386-libsodium.exe pegh-windows-i386-openssl.exe || true
 sleep 5
 rm -rf ~/.wine /tmp/.wine*
 # for later release
 mv *.exe ./release/
 fi
--- a/.ci/docker_build.sh
+++ b/.ci/docker_build.sh
@ -1,35 +0,0 @@
 #!/bin/sh
 DOCKER_IMAGE="$1"
 shift
 ARCH="$1"
 BUILD_DIR=/tmp/static/
 rm -rf "$BUILD_DIR"
 mkdir -p "$BUILD_DIR"
 cp * .ci/build.sh "$BUILD_DIR"
 docker run --rm -v "$BUILD_DIR":/tmp "$DOCKER_IMAGE" /tmp/build.sh "$ARCH" || exit 1
 mv "$BUILD_DIR"pegh.static.openssl "./pegh-linux-$ARCH-openssl"
 mv "$BUILD_DIR"pegh.static.libsodium "./pegh-linux-$ARCH-libsodium"
 mv "$BUILD_DIR"pegh.static.libsodium-openssl "./pegh-linux-$ARCH-libsodium-openssl"
 mv "$BUILD_DIR"pegh-*.exe ./
 sha256sum pegh-* > pegh-$ARCH-sha256sum.txt
 if [ "$ARCH" == "amd64" ]
 then
 git archive HEAD -9 --format zip -o pegh-source.zip
 git archive HEAD -9 --format tar.gz -o pegh-source.tar.gz
 sha256sum pegh-source.*  > pegh-source-sha256sum.txt
 fi
 rm -rf "$BUILD_DIR" 2>/dev/null
 exit 0
--- a/.travis.yml
+++ b/.travis.yml
@ -1,22 +0,0 @@
 language: minimal
 services: docker
 matrix:
  include:
    - env: ARCH='amd64'   DOCKER_IMAGE='alpine'
    - env: ARCH='i386'    DOCKER_IMAGE='i386/alpine'
    - env: ARCH='aarch64' DOCKER_IMAGE='alpine'
      arch: arm64
 script:
  - ./.ci/docker_build.sh "$DOCKER_IMAGE" "$ARCH"
 deploy:
  api_key:
    secure: $GITHUB_OAUTH
  file_glob: true
  file: pegh-*
  on:
    tags: true
  provider: releases
  skip_cleanup: true
--- a/README.md
+++ b/README.md
@ -1,7 +1,7 @@
 pegh
 ----
-[![Travis-CI Build Status](https://api.travis-ci.com/moparisthebest/pegh.svg?branch=master)](https://travis-ci.com/moparisthebest/pegh)
+[![Build Status](https://ci.moparisthe.best/job/moparisthebest/job/pegh/job/master/badge/icon%3Fstyle=plastic)](https://ci.moparisthe.best/job/moparisthebest/job/pegh/job/master/)
 pegh is a file encryption tool using passwords with modern, standardized, and authenticated encryption. It is simple, secure, and returns proper exit codes so you can tell whether encryption or decryption failed or not.
@ -14,7 +14,7 @@ Releases
 [Releases](https://github.com/moparisthebest/pegh/releases) contain static binaries for:
-  * Linux amd64, i386, aarch64
+  * Linux amd64, i386, aarch64, armv7, ppc64le
  * Windows amd64, i386
  * more to come?
--- a/test.sh
+++ b/test.sh
@ -67,9 +67,10 @@ test () {
    echo 'encrypting then decrypting with the same key should succeed'
    "$bin" -e "$@" "$key" < "$dummy_file" | "$bin_decrypt" -d "$key" | cmp - "$dummy_file"
-    echo 'test with -s 32 requiring 2gb of ram should succeed'
+    # this test is so (rightly) slow it makes our CI builds take 6+ hours, disable for now
    #echo 'test with -s 32 requiring 2gb of ram should succeed'
    # can send -s 32 or -m 2048 to decrypt command with identical effect
-    "$bin" -e "$@" "$key" -s 32 < "$dummy_file" | "$bin_decrypt" -d "$key" -m 2048 | cmp - "$dummy_file"
+    #"$bin" -e "$@" "$key" -s 32 < "$dummy_file" | "$bin_decrypt" -d "$key" -m 2048 | cmp - "$dummy_file"
    echo 'encrypting/decrypting with key in file should work, even when key has leading 0s and a trailing newline'
    "$bin" -e "$@" -f "$leading_zero_key" < "$dummy_file" | "$bin_decrypt" -d -f "$leading_zero_key" | cmp - "$dummy_file"