Abandon travis-ci for jenkins

2 years ago · c8497a6188
9 changed files with 193 additions and 282 deletions
--- a/.ci/Jenkinsfile
+++ b/.ci/Jenkinsfile
@ -0,0 +1,42 @@
				@@ -0,0 +1,42 @@
+properties(
+    [
+        disableConcurrentBuilds()
+    ]
+)
+
+node('linux && docker') {
+    try {
+    stage('Checkout') {
+        //branch name from Jenkins environment variables
+        echo "My branch is: ${env.BRANCH_NAME}"
+
+        // this doesn't grab tags pointing to this branch
+        //checkout scm
+        // this hack does... https://issues.jenkins.io/browse/JENKINS-45164
+        checkout([
+            $class: 'GitSCM',
+            branches: [[name: 'refs/heads/'+env.BRANCH_NAME]],
+            extensions: [[$class: 'CloneOption', noTags: false, shallow: false, depth: 0, reference: '']],
+            userRemoteConfigs: scm.userRemoteConfigs,
+        ])
+        sh '''
+        set -euxo pipefail
+        git checkout "$BRANCH_NAME" --
+        git reset --hard "origin/$BRANCH_NAME"
+        '''
+    }
+
+    stage('Build + Deploy') {
+        sh 'curl --compressed -sL https://code.moparisthebest.com/moparisthebest/self-ci/raw/branch/master/build-ci.sh | bash'
+    }
+
+        currentBuild.result = 'SUCCESS'
+    } catch (Exception err) {
+        currentBuild.result = 'FAILURE'
+    } finally {
+        stage('Email') {
+            step([$class: 'Mailer', notifyEveryUnstableBuild: true, recipients: 'admin.jenkins@moparisthebest.com', sendToIndividuals: true])
+        }
+        deleteDir()
+    }
+}
--- a/.ci/build.sh
+++ b/.ci/build.sh
@ -0,0 +1,64 @@
				@@ -0,0 +1,64 @@
+#!/bin/bash
+set -exo pipefail
+
+echo "starting build for TARGET $TARGET"
+
+export CRATE_NAME=wireguard-proxy
+export OPENSSL_STATIC=1
+export CARGO_FEATURES=async
+
+DISABLE_TESTS=${DISABLE_TESTS:-0}
+
+SUFFIX=""
+
+# wine blows up in testing with async build
+echo "$TARGET" | grep -E '^x86_64-pc-windows-gnu$' >/dev/null && DISABLE_TESTS=1 && SUFFIX=".exe"
+
+# these only support openssl_vendored, not async
+if echo "$TARGET" | grep -E '^(s390x|powerpc|mips)' >/dev/null
+then
+    CARGO_FEATURES=openssl_vendored
+fi
+
+# these don't support any TLS at all
+if echo "$TARGET" | grep -E '(^riscv64gc|solaris$)' >/dev/null
+then
+    CARGO_FEATURES=verbose
+fi
+
+cross rustc --bin wireguard-proxy --target $TARGET --release --no-default-features --features $CARGO_FEATURES
+cross rustc --bin udp-test --target $TARGET --release --no-default-features --features $CARGO_FEATURES
+
+# to check how they are built
+file "target/$TARGET/release/wireguard-proxy$SUFFIX" "target/$TARGET/release/udp-test$SUFFIX"
+
+if [ $DISABLE_TESTS -ne 1 ]
+then
+
+    # first make sure udp-test succeeds running against itself
+    cross run --target $TARGET --release --no-default-features --features $CARGO_FEATURES --bin udp-test
+
+    # now run udp-test through proxy/proxyd
+    cross run --target $TARGET --release --no-default-features --features $CARGO_FEATURES --bin udp-test -- -is
+
+    if [ $CARGO_FEATURES != "verbose" ]; then
+        # run TLS tests then too
+        cross run --target $TARGET --release --no-default-features --features $CARGO_FEATURES --bin udp-test -- -is --tls-key ci/cert.key --tls-cert ci/cert.pem
+
+        # now pubkey tests
+
+        # one that should fail (wrong pinnedpubkey lowercase e at end instead of uppercase E)
+        cross run --target $TARGET --release --no-default-features --features $CARGO_FEATURES --bin udp-test -- -is --tls-key ci/cert.key --tls-cert ci/cert.pem --pinnedpubkey sha256//BEyQeSjwwUBLXXNuCILHRWyV1gLmY31CdMHNA4VH4de= && exit 1 || true
+
+        # and one that should pass
+        cross run --target $TARGET --release --no-default-features --features $CARGO_FEATURES --bin udp-test -- -is --tls-key ci/cert.key --tls-cert ci/cert.pem --pinnedpubkey sha256//BEyQeSjwwUBLXXNuCILHRWyV1gLmY31CdMHNA4VH4dE=
+    fi
+fi
+
+# if this commit has a tag, upload artifact to release
+strip "target/$TARGET/release/wireguard-proxy$SUFFIX" || true # if strip fails, it's fine
+mkdir -p release
+mv "target/$TARGET/release/wireguard-proxy$SUFFIX" "release/wireguard-proxy-$TARGET$SUFFIX"
+
+echo 'build success!'
+exit 0
--- a/.travis.yml
+++ b/.travis.yml
@ -1,143 +0,0 @@
				@@ -1,143 +0,0 @@
-# Based on the "trust" template v0.1.2
-# https://github.com/japaric/trust/tree/v0.1.2
-
-dist: trusty
-language: rust
-services: docker
-sudo: required
-
-# TODO Rust builds on stable by default, this can be
-# overridden on a case by case basis down below.
-
-env:
-  global:
-    # TODO Update this to match the name of your project.
-    - CRATE_NAME=wireguard-proxy
-    - OPENSSL_STATIC=1
-    - CARGO_FEATURES=async
-
-matrix:
-  # TODO These are all the build jobs. Adjust as necessary. Comment out what you
-  # don't need
-  include:
-    # Android
-    - env: TARGET=aarch64-linux-android
-    - env: TARGET=arm-linux-androideabi
-    - env: TARGET=armv7-linux-androideabi
-    - env: TARGET=i686-linux-android
-    - env: TARGET=x86_64-linux-android
-
-    # iOS
-    - env: TARGET=aarch64-apple-ios DISABLE_TESTS=1
-      os: osx
-    - env: TARGET=x86_64-apple-ios DISABLE_TESTS=1
-      os: osx
-
-    # Linux
-    - env: TARGET=aarch64-unknown-linux-gnu
-    - env: TARGET=aarch64-unknown-linux-musl
-    - env: TARGET=arm-unknown-linux-gnueabi
-    - env: TARGET=arm-unknown-linux-gnueabihf
-    - env: TARGET=arm-unknown-linux-musleabi
-    - env: TARGET=arm-unknown-linux-musleabihf
-    - env: TARGET=armv5te-unknown-linux-gnueabi
-    - env: TARGET=armv5te-unknown-linux-musleabi
-    - env: TARGET=armv7-unknown-linux-gnueabihf
-    - env: TARGET=armv7-unknown-linux-musleabihf
-    - env: TARGET=i586-unknown-linux-gnu
-    - env: TARGET=i586-unknown-linux-musl
-    - env: TARGET=i686-unknown-linux-gnu
-    - env: TARGET=i686-unknown-linux-musl
-    - env: TARGET=mips-unknown-linux-gnu CARGO_FEATURES=openssl_vendored
-    - env: TARGET=mips-unknown-linux-musl CARGO_FEATURES=openssl_vendored
-    - env: TARGET=mips64-unknown-linux-gnuabi64 CARGO_FEATURES=openssl_vendored
-    - env: TARGET=mips64el-unknown-linux-gnuabi64 CARGO_FEATURES=openssl_vendored
-    - env: TARGET=mipsel-unknown-linux-gnu CARGO_FEATURES=openssl_vendored
-    - env: TARGET=mipsel-unknown-linux-musl CARGO_FEATURES=openssl_vendored
-    - env: TARGET=powerpc-unknown-linux-gnu CARGO_FEATURES=openssl_vendored
-    - env: TARGET=powerpc64le-unknown-linux-gnu CARGO_FEATURES=openssl_vendored
-    # neither openssl nor rustls support poor riscv64gc...
-    - env: TARGET=riscv64gc-unknown-linux-gnu CARGO_FEATURES=verbose
-    - env: TARGET=s390x-unknown-linux-gnu DISABLE_TESTS=1 CARGO_FEATURES=openssl_vendored
-    - env: TARGET=x86_64-unknown-linux-gnu
-    - env: TARGET=x86_64-unknown-linux-musl
-    
-    # Solaris, neither openssl nor rustls support poor solaris...
-    - env: TARGET=sparcv9-sun-solaris DISABLE_TESTS=1 CARGO_FEATURES=verbose
-    - env: TARGET=x86_64-sun-solaris DISABLE_TESTS=1 CARGO_FEATURES=verbose
-
-    # OSX
-    - env: TARGET=x86_64-apple-darwin
-      os: osx
-
-    # *BSD
-    - env: TARGET=x86_64-unknown-netbsd DISABLE_TESTS=1
-
-    # Windows
-    # wine blows up in testing with async build
-    - env: TARGET=x86_64-pc-windows-gnu DISABLE_TESTS=1
-
-    # Bare metal
-    # These targets don't support std and as such are likely not suitable for
-    # most crates.
-    # - env: TARGET=thumbv6m-none-eabi
-    # - env: TARGET=thumbv7em-none-eabi
-    # - env: TARGET=thumbv7em-none-eabihf
-    # - env: TARGET=thumbv7m-none-eabi
-
-    # Testing other channels
-    - env: TARGET=x86_64-unknown-linux-gnu
-      rust: nightly
-    - env: TARGET=x86_64-apple-darwin
-      os: osx
-      rust: nightly
-
-before_install:
-  - set -e
-  - rustup self update
-
-install:
-  - sh ci/install.sh
-  - source ~/.cargo/env || true
-
-script:
-  - bash ci/script.sh
-
-after_script: set +e
-
-before_deploy:
-  - sh ci/before_deploy.sh
-
-deploy:
-  # TODO update `api_key.secure`
-  # - Create a `public_repo` GitHub token. Go to: https://github.com/settings/tokens/new
-  # - Encrypt it: `travis encrypt 0123456789012345678901234567890123456789
-  # - Paste the output down here
-  api_key:
-    secure: $GITHUB_OAUTH
-  file_glob: true
-  file: $CRATE_NAME-$TRAVIS_TAG-$TARGET*
-  on:
-    # TODO Here you can pick which targets will generate binary releases
-    # In this example, there are some targets that are tested using the stable
-    # and nightly channels. This condition makes sure there is only one release
-    # for such targets and that's generated using the stable channel
-    condition: $TRAVIS_RUST_VERSION = stable
-    tags: true
-  provider: releases
-  skip_cleanup: true
-
-cache: cargo
-before_cache:
-  # Travis can't cache files that are not readable by "others"
-  - chmod -R a+r $HOME/.cargo
-
-branches:
-  only:
-    # release tags
-    - /^v\d+\.\d+\.\d+.*$/
-    - master
-    - travis
-    - ci
-    - openssl
-
--- a/README.md
+++ b/README.md
@ -1,6 +1,6 @@
				@@ -1,6 +1,6 @@
 # wireguard-proxy

-[![Travis-CI Build Status](https://api.travis-ci.org/moparisthebest/wireguard-proxy.svg?branch=master)](https://travis-ci.org/moparisthebest/wireguard-proxy)
+[![Build Status](https://ci.moparisthe.best/job/moparisthebest/job/wireguard-proxy/job/master/badge/icon%3Fstyle=plastic)](https://ci.moparisthe.best/job/moparisthebest/job/wireguard-proxy/job/master/)
 [![Build status](https://ci.appveyor.com/api/projects/status/vl8c9xdhvgn997d2/branch/master?svg=true)](https://ci.appveyor.com/project/moparisthebest/wireguard-proxy)
 [![crates.io](https://img.shields.io/crates/v/wireguard-proxy.svg)](https://crates.io/crates/wireguard-proxy)

@ -70,7 +70,7 @@ usage: wireguard-proxy [options...]
				@@ -70,7 +70,7 @@ usage: wireguard-proxy [options...]

 Binaries:

- [releases](https://github.com/moparisthebest/wireguard-proxy/releases) has static builds for most platforms performed by travis-ci and appveyor courtesy of [trust](https://github.com/japaric/trust)
+- [releases](https://github.com/moparisthebest/wireguard-proxy/releases) has static builds for most platforms performed by [self-ci](https://github.com/moparisthebest/self-ci) and appveyor courtesy of [trust](https://github.com/japaric/trust)
 - Arch Linux AUR [wireguard-proxy](https://aur.archlinux.org/packages/wireguard-proxy/) and [wireguard-proxy-git](https://aur.archlinux.org/packages/wireguard-proxy-git/)

 Building:
--- a/benchmark.sh
+++ b/benchmark.sh
@ -0,0 +1,85 @@
				@@ -0,0 +1,85 @@
+#!/bin/sh
+#set -x
+
+# cert created with:
+# cd ci && echo -e '\n\n\n\n\n\n\n' | openssl req -new -x509 -days 3650 -nodes -out cert.pem -keyout cert.key
+
+export PATH="$(pwd)/target/release:$PATH"
+
+run_tests() {
+client_arg="$1"
+shift
+
+# now run proxyd pointing to nc
+wireguard-proxy -th 127.0.0.1:5555 -ut 127.0.0.1:51822 "$@" &
+proxyd_pid=$!
+# wait for ports to be set up, this is fragile...
+sleep 5
+# proxy pointing to proxyd
+wireguard-proxy -tt 127.0.0.1:5555 "$client_arg" &
+proxy_pid=$!
+# wait for ports to be set up, this is fragile...
+sleep 1
+
+# nc running through wireguard-proxy's above
+nc -lup 51822 >/dev/null &
+nc_listen_pid=$!
+
+wireguard-proxy -V
+
+dd if=/dev/zero bs=128M count=10 | nc -u 127.0.0.1 51820 &
+nc_connect_pid=$!
+
+sleep 5
+
+kill $nc_listen_pid $nc_connect_pid $proxyd_pid $proxy_pid
+
+}
+
+
+# first no-network baseline
+dd if=/dev/zero bs=128M count=10 | cat >/dev/null
+
+# now openbsd netcat for network baseline
+nc -lup 51822 >/dev/null &
+nc_listen_pid=$!
+
+dd if=/dev/zero bs=128M count=10 | nc -u 127.0.0.1 51822 &
+nc_connect_pid=$!
+
+sleep 5
+
+kill $nc_listen_pid $nc_connect_pid
+
+# first run without TLS
+#cargo clean
+cargo build --release --no-default-features 2>/dev/null || exit 1
+run_tests || exit 1
+
+# third run with async+rustls
+#cargo clean
+cargo build --release --no-default-features --features async 2>/dev/null || exit 1
+# first plaintext tests
+run_tests || exit 1
+# then TLS tests
+run_tests --tls --tls-key ci/cert.key --tls-cert ci/cert.pem || exit 1
+
+exit 0
+
+# first run with non-vendored tls
+#cargo clean
+cargo build --release --no-default-features --features tls 2>/dev/null || exit 1
+# first plaintext tests
+run_tests || exit 1
+# then TLS tests
+run_tests --tls --tls-key ci/cert.key --tls-cert ci/cert.pem || exit 1
+
+# second run with vendored tls
+#cargo clean
+cargo build --release --no-default-features --features openssl_vendored 2>/dev/null || exit 1
+# first plaintext tests
+run_tests || exit 1
+# then TLS tests
+run_tests --tls --tls-key ci/cert.key --tls-cert ci/cert.pem || exit 1
+
+exit 0
--- a/ci/before_deploy.ps1
+++ b/ci/before_deploy.ps1
@ -1,21 +0,0 @@
				@@ -1,21 +0,0 @@
-# This script takes care of packaging the build artifacts that will go in the
-# release zipfile
-
-$SRC_DIR = $PWD.Path
-$STAGE = [System.Guid]::NewGuid().ToString()
-
-Set-Location $ENV:Temp
-New-Item -Type Directory -Name $STAGE
-Set-Location $STAGE
-
-$ZIP = "$SRC_DIR\$($Env:CRATE_NAME)-$($Env:APPVEYOR_REPO_TAG_NAME)-$($Env:TARGET).exe"
-
-# TODO Update this to package the right artifacts
-Copy-Item "$SRC_DIR\target\$($Env:TARGET)\release\wireguard-proxy.exe" "$ZIP"
-
-Push-AppveyorArtifact "$ZIP"
-
-Remove-Item *.* -Force
-Set-Location ..
-Remove-Item $STAGE
-Set-Location $SRC_DIR
--- a/ci/before_deploy.sh
+++ b/ci/before_deploy.sh
@ -1,29 +0,0 @@
				@@ -1,29 +0,0 @@
-# This script takes care of building your crate and packaging it for release
-
-set -ex
-
-main() {
-    local src=$(pwd)
-
-    test -f Cargo.lock || cargo generate-lockfile
-
-    # TODO Update this to build the artifacts that matter to you
-    cross rustc --bin wireguard-proxy --target $TARGET --release --no-default-features --features $CARGO_FEATURES
-
-    # to check how they are built
-    file target/$TARGET/release/wireguard-proxy* || echo 'file failed'
-
-    # TODO Update this to package the right artifacts, this needs to handle .exe too...
-    case $TARGET in
-        x86_64-pc-windows-gnu)
-            strip target/$TARGET/release/wireguard-proxy.exe || echo 'strip failed, ignoring...'
-            cp target/$TARGET/release/wireguard-proxy.exe $src/$CRATE_NAME-$TRAVIS_TAG-$TARGET.exe
-            ;;
-        *)
-            strip target/$TARGET/release/wireguard-proxy || echo 'strip failed, ignoring...'
-            cp target/$TARGET/release/wireguard-proxy $src/$CRATE_NAME-$TRAVIS_TAG-$TARGET
-            ;;
-    esac
-}
-
-main
--- a/ci/install.sh
+++ b/ci/install.sh
@ -1,47 +0,0 @@
				@@ -1,47 +0,0 @@
-set -ex
-
-main() {
-    local target=
-    if [ $TRAVIS_OS_NAME = linux ]; then
-        target=x86_64-unknown-linux-musl
-        sort=sort
-    else
-        target=x86_64-apple-darwin
-        sort=gsort  # for `sort --sort-version`, from brew's coreutils.
-    fi
-
-    # Builds for iOS are done on OSX, but require the specific target to be
-    # installed.
-    case $TARGET in
-        aarch64-apple-ios)
-            rustup target install aarch64-apple-ios
-            ;;
-        armv7-apple-ios)
-            rustup target install armv7-apple-ios
-            ;;
-        armv7s-apple-ios)
-            rustup target install armv7s-apple-ios
-            ;;
-        i386-apple-ios)
-            rustup target install i386-apple-ios
-            ;;
-        x86_64-apple-ios)
-            rustup target install x86_64-apple-ios
-            ;;
-    esac
-
-    # This fetches latest stable release
-    local tag=$(git ls-remote --tags --refs --exit-code https://github.com/japaric/cross \
-                       | cut -d/ -f3 \
-                       | grep -E '^v[0.1.0-9.]+$' \
-                       | $sort --version-sort \
-                       | tail -n1)
-    curl -LSfs https://japaric.github.io/trust/install.sh | \
-        sh -s -- \
-           --force \
-           --git japaric/cross \
-           --tag $tag \
-           --target $target
-}
-
-main
--- a/ci/script.sh
+++ b/ci/script.sh
@ -1,40 +0,0 @@
				@@ -1,40 +0,0 @@
-# This script takes care of testing your crate
-
-set -ex
-
-# TODO This is the "test phase", tweak it as you see fit
-main() {
-    cross rustc --bin wireguard-proxy --target $TARGET --release --no-default-features --features $CARGO_FEATURES
-    cross rustc --bin udp-test --target $TARGET --release --no-default-features --features $CARGO_FEATURES
-
-    # to check how they are built
-    file target/$TARGET/release/wireguard-proxy* target/$TARGET/release/udp-test* || echo 'file failed'
-
-    if [ ! -z $DISABLE_TESTS ]; then
-        return
-    fi
-
-    # first make sure udp-test succeeds running against itself
-    cross run --target $TARGET --release --no-default-features --features $CARGO_FEATURES --bin udp-test
-
-    # now run udp-test through proxy/proxyd
-    cross run --target $TARGET --release --no-default-features --features $CARGO_FEATURES --bin udp-test -- -is
-
-    if [ $CARGO_FEATURES != "verbose" ]; then
-        # run TLS tests then too
-        cross run --target $TARGET --release --no-default-features --features $CARGO_FEATURES --bin udp-test -- -is --tls-key ci/cert.key --tls-cert ci/cert.pem
-
-        # now pubkey tests
-
-        # one that should fail (wrong pinnedpubkey lowercase e at end instead of uppercase E)
-        cross run --target $TARGET --release --no-default-features --features $CARGO_FEATURES --bin udp-test -- -is --tls-key ci/cert.key --tls-cert ci/cert.pem --pinnedpubkey sha256//BEyQeSjwwUBLXXNuCILHRWyV1gLmY31CdMHNA4VH4de= && exit 1 || true
-
-        # and one that should pass
-        cross run --target $TARGET --release --no-default-features --features $CARGO_FEATURES --bin udp-test -- -is --tls-key ci/cert.key --tls-cert ci/cert.pem --pinnedpubkey sha256//BEyQeSjwwUBLXXNuCILHRWyV1gLmY31CdMHNA4VH4dE=
-    fi
-}
-
-# we don't run the "test phase" when doing deploys
-if [ -z $TRAVIS_TAG ]; then
-    main
-fi