9 changed files with 193 additions and 282 deletions
@ -0,0 +1,42 @@
@@ -0,0 +1,42 @@
|
||||
properties( |
||||
[ |
||||
disableConcurrentBuilds() |
||||
] |
||||
) |
||||
|
||||
node('linux && docker') { |
||||
try { |
||||
stage('Checkout') { |
||||
//branch name from Jenkins environment variables |
||||
echo "My branch is: ${env.BRANCH_NAME}" |
||||
|
||||
// this doesn't grab tags pointing to this branch |
||||
//checkout scm |
||||
// this hack does... https://issues.jenkins.io/browse/JENKINS-45164 |
||||
checkout([ |
||||
$class: 'GitSCM', |
||||
branches: [[name: 'refs/heads/'+env.BRANCH_NAME]], |
||||
extensions: [[$class: 'CloneOption', noTags: false, shallow: false, depth: 0, reference: '']], |
||||
userRemoteConfigs: scm.userRemoteConfigs, |
||||
]) |
||||
sh ''' |
||||
set -euxo pipefail |
||||
git checkout "$BRANCH_NAME" -- |
||||
git reset --hard "origin/$BRANCH_NAME" |
||||
''' |
||||
} |
||||
|
||||
stage('Build + Deploy') { |
||||
sh 'curl --compressed -sL https://code.moparisthebest.com/moparisthebest/self-ci/raw/branch/master/build-ci.sh | bash' |
||||
} |
||||
|
||||
currentBuild.result = 'SUCCESS' |
||||
} catch (Exception err) { |
||||
currentBuild.result = 'FAILURE' |
||||
} finally { |
||||
stage('Email') { |
||||
step([$class: 'Mailer', notifyEveryUnstableBuild: true, recipients: 'admin.jenkins@moparisthebest.com', sendToIndividuals: true]) |
||||
} |
||||
deleteDir() |
||||
} |
||||
} |
@ -0,0 +1,64 @@
@@ -0,0 +1,64 @@
|
||||
#!/bin/bash |
||||
set -exo pipefail |
||||
|
||||
echo "starting build for TARGET $TARGET" |
||||
|
||||
export CRATE_NAME=wireguard-proxy |
||||
export OPENSSL_STATIC=1 |
||||
export CARGO_FEATURES=async |
||||
|
||||
DISABLE_TESTS=${DISABLE_TESTS:-0} |
||||
|
||||
SUFFIX="" |
||||
|
||||
# wine blows up in testing with async build |
||||
echo "$TARGET" | grep -E '^x86_64-pc-windows-gnu$' >/dev/null && DISABLE_TESTS=1 && SUFFIX=".exe" |
||||
|
||||
# these only support openssl_vendored, not async |
||||
if echo "$TARGET" | grep -E '^(s390x|powerpc|mips)' >/dev/null |
||||
then |
||||
CARGO_FEATURES=openssl_vendored |
||||
fi |
||||
|
||||
# these don't support any TLS at all |
||||
if echo "$TARGET" | grep -E '(^riscv64gc|solaris$)' >/dev/null |
||||
then |
||||
CARGO_FEATURES=verbose |
||||
fi |
||||
|
||||
cross rustc --bin wireguard-proxy --target $TARGET --release --no-default-features --features $CARGO_FEATURES |
||||
cross rustc --bin udp-test --target $TARGET --release --no-default-features --features $CARGO_FEATURES |
||||
|
||||
# to check how they are built |
||||
file "target/$TARGET/release/wireguard-proxy$SUFFIX" "target/$TARGET/release/udp-test$SUFFIX" |
||||
|
||||
if [ $DISABLE_TESTS -ne 1 ] |
||||
then |
||||
|
||||
# first make sure udp-test succeeds running against itself |
||||
cross run --target $TARGET --release --no-default-features --features $CARGO_FEATURES --bin udp-test |
||||
|
||||
# now run udp-test through proxy/proxyd |
||||
cross run --target $TARGET --release --no-default-features --features $CARGO_FEATURES --bin udp-test -- -is |
||||
|
||||
if [ $CARGO_FEATURES != "verbose" ]; then |
||||
# run TLS tests then too |
||||
cross run --target $TARGET --release --no-default-features --features $CARGO_FEATURES --bin udp-test -- -is --tls-key ci/cert.key --tls-cert ci/cert.pem |
||||
|
||||
# now pubkey tests |
||||
|
||||
# one that should fail (wrong pinnedpubkey lowercase e at end instead of uppercase E) |
||||
cross run --target $TARGET --release --no-default-features --features $CARGO_FEATURES --bin udp-test -- -is --tls-key ci/cert.key --tls-cert ci/cert.pem --pinnedpubkey sha256//BEyQeSjwwUBLXXNuCILHRWyV1gLmY31CdMHNA4VH4de= && exit 1 || true |
||||
|
||||
# and one that should pass |
||||
cross run --target $TARGET --release --no-default-features --features $CARGO_FEATURES --bin udp-test -- -is --tls-key ci/cert.key --tls-cert ci/cert.pem --pinnedpubkey sha256//BEyQeSjwwUBLXXNuCILHRWyV1gLmY31CdMHNA4VH4dE= |
||||
fi |
||||
fi |
||||
|
||||
# if this commit has a tag, upload artifact to release |
||||
strip "target/$TARGET/release/wireguard-proxy$SUFFIX" || true # if strip fails, it's fine |
||||
mkdir -p release |
||||
mv "target/$TARGET/release/wireguard-proxy$SUFFIX" "release/wireguard-proxy-$TARGET$SUFFIX" |
||||
|
||||
echo 'build success!' |
||||
exit 0 |
@ -1,143 +0,0 @@
@@ -1,143 +0,0 @@
|
||||
# Based on the "trust" template v0.1.2 |
||||
# https://github.com/japaric/trust/tree/v0.1.2 |
||||
|
||||
dist: trusty |
||||
language: rust |
||||
services: docker |
||||
sudo: required |
||||
|
||||
# TODO Rust builds on stable by default, this can be |
||||
# overridden on a case by case basis down below. |
||||
|
||||
env: |
||||
global: |
||||
# TODO Update this to match the name of your project. |
||||
- CRATE_NAME=wireguard-proxy |
||||
- OPENSSL_STATIC=1 |
||||
- CARGO_FEATURES=async |
||||
|
||||
matrix: |
||||
# TODO These are all the build jobs. Adjust as necessary. Comment out what you |
||||
# don't need |
||||
include: |
||||
# Android |
||||
- env: TARGET=aarch64-linux-android |
||||
- env: TARGET=arm-linux-androideabi |
||||
- env: TARGET=armv7-linux-androideabi |
||||
- env: TARGET=i686-linux-android |
||||
- env: TARGET=x86_64-linux-android |
||||
|
||||
# iOS |
||||
- env: TARGET=aarch64-apple-ios DISABLE_TESTS=1 |
||||
os: osx |
||||
- env: TARGET=x86_64-apple-ios DISABLE_TESTS=1 |
||||
os: osx |
||||
|
||||
# Linux |
||||
- env: TARGET=aarch64-unknown-linux-gnu |
||||
- env: TARGET=aarch64-unknown-linux-musl |
||||
- env: TARGET=arm-unknown-linux-gnueabi |
||||
- env: TARGET=arm-unknown-linux-gnueabihf |
||||
- env: TARGET=arm-unknown-linux-musleabi |
||||
- env: TARGET=arm-unknown-linux-musleabihf |
||||
- env: TARGET=armv5te-unknown-linux-gnueabi |
||||
- env: TARGET=armv5te-unknown-linux-musleabi |
||||
- env: TARGET=armv7-unknown-linux-gnueabihf |
||||
- env: TARGET=armv7-unknown-linux-musleabihf |
||||
- env: TARGET=i586-unknown-linux-gnu |
||||
- env: TARGET=i586-unknown-linux-musl |
||||
- env: TARGET=i686-unknown-linux-gnu |
||||
- env: TARGET=i686-unknown-linux-musl |
||||
- env: TARGET=mips-unknown-linux-gnu CARGO_FEATURES=openssl_vendored |
||||
- env: TARGET=mips-unknown-linux-musl CARGO_FEATURES=openssl_vendored |
||||
- env: TARGET=mips64-unknown-linux-gnuabi64 CARGO_FEATURES=openssl_vendored |
||||
- env: TARGET=mips64el-unknown-linux-gnuabi64 CARGO_FEATURES=openssl_vendored |
||||
- env: TARGET=mipsel-unknown-linux-gnu CARGO_FEATURES=openssl_vendored |
||||
- env: TARGET=mipsel-unknown-linux-musl CARGO_FEATURES=openssl_vendored |
||||
- env: TARGET=powerpc-unknown-linux-gnu CARGO_FEATURES=openssl_vendored |
||||
- env: TARGET=powerpc64le-unknown-linux-gnu CARGO_FEATURES=openssl_vendored |
||||
# neither openssl nor rustls support poor riscv64gc... |
||||
- env: TARGET=riscv64gc-unknown-linux-gnu CARGO_FEATURES=verbose |
||||
- env: TARGET=s390x-unknown-linux-gnu DISABLE_TESTS=1 CARGO_FEATURES=openssl_vendored |
||||
- env: TARGET=x86_64-unknown-linux-gnu |
||||
- env: TARGET=x86_64-unknown-linux-musl |
||||
|
||||
# Solaris, neither openssl nor rustls support poor solaris... |
||||
- env: TARGET=sparcv9-sun-solaris DISABLE_TESTS=1 CARGO_FEATURES=verbose |
||||
- env: TARGET=x86_64-sun-solaris DISABLE_TESTS=1 CARGO_FEATURES=verbose |
||||
|
||||
# OSX |
||||
- env: TARGET=x86_64-apple-darwin |
||||
os: osx |
||||
|
||||
# *BSD |
||||
- env: TARGET=x86_64-unknown-netbsd DISABLE_TESTS=1 |
||||
|
||||
# Windows |
||||
# wine blows up in testing with async build |
||||
- env: TARGET=x86_64-pc-windows-gnu DISABLE_TESTS=1 |
||||
|
||||
# Bare metal |
||||
# These targets don't support std and as such are likely not suitable for |
||||
# most crates. |
||||
# - env: TARGET=thumbv6m-none-eabi |
||||
# - env: TARGET=thumbv7em-none-eabi |
||||
# - env: TARGET=thumbv7em-none-eabihf |
||||
# - env: TARGET=thumbv7m-none-eabi |
||||
|
||||
# Testing other channels |
||||
- env: TARGET=x86_64-unknown-linux-gnu |
||||
rust: nightly |
||||
- env: TARGET=x86_64-apple-darwin |
||||
os: osx |
||||
rust: nightly |
||||
|
||||
before_install: |
||||
- set -e |
||||
- rustup self update |
||||
|
||||
install: |
||||
- sh ci/install.sh |
||||
- source ~/.cargo/env || true |
||||
|
||||
script: |
||||
- bash ci/script.sh |
||||
|
||||
after_script: set +e |
||||
|
||||
before_deploy: |
||||
- sh ci/before_deploy.sh |
||||
|
||||
deploy: |
||||
# TODO update `api_key.secure` |
||||
# - Create a `public_repo` GitHub token. Go to: https://github.com/settings/tokens/new |
||||
# - Encrypt it: `travis encrypt 0123456789012345678901234567890123456789 |
||||
# - Paste the output down here |
||||
api_key: |
||||
secure: $GITHUB_OAUTH |
||||
file_glob: true |
||||
file: $CRATE_NAME-$TRAVIS_TAG-$TARGET* |
||||
on: |
||||
# TODO Here you can pick which targets will generate binary releases |
||||
# In this example, there are some targets that are tested using the stable |
||||
# and nightly channels. This condition makes sure there is only one release |
||||
# for such targets and that's generated using the stable channel |
||||
condition: $TRAVIS_RUST_VERSION = stable |
||||
tags: true |
||||
provider: releases |
||||
skip_cleanup: true |
||||
|
||||
cache: cargo |
||||
before_cache: |
||||
# Travis can't cache files that are not readable by "others" |
||||
- chmod -R a+r $HOME/.cargo |
||||
|
||||
branches: |
||||
only: |
||||
# release tags |
||||
- /^v\d+\.\d+\.\d+.*$/ |
||||
- master |
||||
- travis |
||||
- ci |
||||
- openssl |
||||
|
@ -0,0 +1,85 @@
@@ -0,0 +1,85 @@
|
||||
#!/bin/sh |
||||
#set -x |
||||
|
||||
# cert created with: |
||||
# cd ci && echo -e '\n\n\n\n\n\n\n' | openssl req -new -x509 -days 3650 -nodes -out cert.pem -keyout cert.key |
||||
|
||||
export PATH="$(pwd)/target/release:$PATH" |
||||
|
||||
run_tests() { |
||||
client_arg="$1" |
||||
shift |
||||
|
||||
# now run proxyd pointing to nc |
||||
wireguard-proxy -th 127.0.0.1:5555 -ut 127.0.0.1:51822 "$@" & |
||||
proxyd_pid=$! |
||||
# wait for ports to be set up, this is fragile... |
||||
sleep 5 |
||||
# proxy pointing to proxyd |
||||
wireguard-proxy -tt 127.0.0.1:5555 "$client_arg" & |
||||
proxy_pid=$! |
||||
# wait for ports to be set up, this is fragile... |
||||
sleep 1 |
||||
|
||||
# nc running through wireguard-proxy's above |
||||
nc -lup 51822 >/dev/null & |
||||
nc_listen_pid=$! |
||||
|
||||
wireguard-proxy -V |
||||
|
||||
dd if=/dev/zero bs=128M count=10 | nc -u 127.0.0.1 51820 & |
||||
nc_connect_pid=$! |
||||
|
||||
sleep 5 |
||||
|
||||
kill $nc_listen_pid $nc_connect_pid $proxyd_pid $proxy_pid |
||||
|
||||
} |
||||
|
||||
|
||||
# first no-network baseline |
||||
dd if=/dev/zero bs=128M count=10 | cat >/dev/null |
||||
|
||||
# now openbsd netcat for network baseline |
||||
nc -lup 51822 >/dev/null & |
||||
nc_listen_pid=$! |
||||
|
||||
dd if=/dev/zero bs=128M count=10 | nc -u 127.0.0.1 51822 & |
||||
nc_connect_pid=$! |
||||
|
||||
sleep 5 |
||||
|
||||
kill $nc_listen_pid $nc_connect_pid |
||||
|
||||
# first run without TLS |
||||
#cargo clean |
||||
cargo build --release --no-default-features 2>/dev/null || exit 1 |
||||
run_tests || exit 1 |
||||
|
||||
# third run with async+rustls |
||||
#cargo clean |
||||
cargo build --release --no-default-features --features async 2>/dev/null || exit 1 |
||||
# first plaintext tests |
||||
run_tests || exit 1 |
||||
# then TLS tests |
||||
run_tests --tls --tls-key ci/cert.key --tls-cert ci/cert.pem || exit 1 |
||||
|
||||
exit 0 |
||||
|
||||
# first run with non-vendored tls |
||||
#cargo clean |
||||
cargo build --release --no-default-features --features tls 2>/dev/null || exit 1 |
||||
# first plaintext tests |
||||
run_tests || exit 1 |
||||
# then TLS tests |
||||
run_tests --tls --tls-key ci/cert.key --tls-cert ci/cert.pem || exit 1 |
||||
|
||||
# second run with vendored tls |
||||
#cargo clean |
||||
cargo build --release --no-default-features --features openssl_vendored 2>/dev/null || exit 1 |
||||
# first plaintext tests |
||||
run_tests || exit 1 |
||||
# then TLS tests |
||||
run_tests --tls --tls-key ci/cert.key --tls-cert ci/cert.pem || exit 1 |
||||
|
||||
exit 0 |
@ -1,21 +0,0 @@
@@ -1,21 +0,0 @@
|
||||
# This script takes care of packaging the build artifacts that will go in the |
||||
# release zipfile |
||||
|
||||
$SRC_DIR = $PWD.Path |
||||
$STAGE = [System.Guid]::NewGuid().ToString() |
||||
|
||||
Set-Location $ENV:Temp |
||||
New-Item -Type Directory -Name $STAGE |
||||
Set-Location $STAGE |
||||
|
||||
$ZIP = "$SRC_DIR\$($Env:CRATE_NAME)-$($Env:APPVEYOR_REPO_TAG_NAME)-$($Env:TARGET).exe" |
||||
|
||||
# TODO Update this to package the right artifacts |
||||
Copy-Item "$SRC_DIR\target\$($Env:TARGET)\release\wireguard-proxy.exe" "$ZIP" |
||||
|
||||
Push-AppveyorArtifact "$ZIP" |
||||
|
||||
Remove-Item *.* -Force |
||||
Set-Location .. |
||||
Remove-Item $STAGE |
||||
Set-Location $SRC_DIR |
@ -1,29 +0,0 @@
@@ -1,29 +0,0 @@
|
||||
# This script takes care of building your crate and packaging it for release |
||||
|
||||
set -ex |
||||
|
||||
main() { |
||||
local src=$(pwd) |
||||
|
||||
test -f Cargo.lock || cargo generate-lockfile |
||||
|
||||
# TODO Update this to build the artifacts that matter to you |
||||
cross rustc --bin wireguard-proxy --target $TARGET --release --no-default-features --features $CARGO_FEATURES |
||||
|
||||
# to check how they are built |
||||
file target/$TARGET/release/wireguard-proxy* || echo 'file failed' |
||||
|
||||
# TODO Update this to package the right artifacts, this needs to handle .exe too... |
||||
case $TARGET in |
||||
x86_64-pc-windows-gnu) |
||||
strip target/$TARGET/release/wireguard-proxy.exe || echo 'strip failed, ignoring...' |
||||
cp target/$TARGET/release/wireguard-proxy.exe $src/$CRATE_NAME-$TRAVIS_TAG-$TARGET.exe |
||||
;; |
||||
*) |
||||
strip target/$TARGET/release/wireguard-proxy || echo 'strip failed, ignoring...' |
||||
cp target/$TARGET/release/wireguard-proxy $src/$CRATE_NAME-$TRAVIS_TAG-$TARGET |
||||
;; |
||||
esac |
||||
} |
||||
|
||||
main |
@ -1,47 +0,0 @@
@@ -1,47 +0,0 @@
|
||||
set -ex |
||||
|
||||
main() { |
||||
local target= |
||||
if [ $TRAVIS_OS_NAME = linux ]; then |
||||
target=x86_64-unknown-linux-musl |
||||
sort=sort |
||||
else |
||||
target=x86_64-apple-darwin |
||||
sort=gsort # for `sort --sort-version`, from brew's coreutils. |
||||
fi |
||||
|
||||
# Builds for iOS are done on OSX, but require the specific target to be |
||||
# installed. |
||||
case $TARGET in |
||||
aarch64-apple-ios) |
||||
rustup target install aarch64-apple-ios |
||||
;; |
||||
armv7-apple-ios) |
||||
rustup target install armv7-apple-ios |
||||
;; |
||||
armv7s-apple-ios) |
||||
rustup target install armv7s-apple-ios |
||||
;; |
||||
i386-apple-ios) |
||||
rustup target install i386-apple-ios |
||||
;; |
||||
x86_64-apple-ios) |
||||
rustup target install x86_64-apple-ios |
||||
;; |
||||
esac |
||||
|
||||
# This fetches latest stable release |
||||
local tag=$(git ls-remote --tags --refs --exit-code https://github.com/japaric/cross \ |
||||
| cut -d/ -f3 \ |
||||
| grep -E '^v[0.1.0-9.]+$' \ |
||||
| $sort --version-sort \ |
||||
| tail -n1) |
||||
curl -LSfs https://japaric.github.io/trust/install.sh | \ |
||||
sh -s -- \ |
||||
--force \ |
||||
--git japaric/cross \ |
||||
--tag $tag \ |
||||
--target $target |
||||
} |
||||
|
||||
main |
@ -1,40 +0,0 @@
@@ -1,40 +0,0 @@
|
||||
# This script takes care of testing your crate |
||||
|
||||
set -ex |
||||
|
||||
# TODO This is the "test phase", tweak it as you see fit |
||||
main() { |
||||
cross rustc --bin wireguard-proxy --target $TARGET --release --no-default-features --features $CARGO_FEATURES |
||||
cross rustc --bin udp-test --target $TARGET --release --no-default-features --features $CARGO_FEATURES |
||||
|
||||
# to check how they are built |
||||
file target/$TARGET/release/wireguard-proxy* target/$TARGET/release/udp-test* || echo 'file failed' |
||||
|
||||
if [ ! -z $DISABLE_TESTS ]; then |
||||
return |
||||
fi |
||||
|
||||
# first make sure udp-test succeeds running against itself |
||||
cross run --target $TARGET --release --no-default-features --features $CARGO_FEATURES --bin udp-test |
||||
|
||||
# now run udp-test through proxy/proxyd |
||||
cross run --target $TARGET --release --no-default-features --features $CARGO_FEATURES --bin udp-test -- -is |
||||
|
||||
if [ $CARGO_FEATURES != "verbose" ]; then |
||||
# run TLS tests then too |
||||
cross run --target $TARGET --release --no-default-features --features $CARGO_FEATURES --bin udp-test -- -is --tls-key ci/cert.key --tls-cert ci/cert.pem |
||||
|
||||
# now pubkey tests |
||||
|
||||
# one that should fail (wrong pinnedpubkey lowercase e at end instead of uppercase E) |
||||
cross run --target $TARGET --release --no-default-features --features $CARGO_FEATURES --bin udp-test -- -is --tls-key ci/cert.key --tls-cert ci/cert.pem --pinnedpubkey sha256//BEyQeSjwwUBLXXNuCILHRWyV1gLmY31CdMHNA4VH4de= && exit 1 || true |
||||
|
||||
# and one that should pass |
||||
cross run --target $TARGET --release --no-default-features --features $CARGO_FEATURES --bin udp-test -- -is --tls-key ci/cert.key --tls-cert ci/cert.pem --pinnedpubkey sha256//BEyQeSjwwUBLXXNuCILHRWyV1gLmY31CdMHNA4VH4dE= |
||||
fi |
||||
} |
||||
|
||||
# we don't run the "test phase" when doing deploys |
||||
if [ -z $TRAVIS_TAG ]; then |
||||
main |
||||
fi |
Loading…
Reference in new issue