Abandon travis-ci for jenkins
moparisthebest/wireguard-proxy/pipeline/head This commit looks good Details

This commit is contained in:
Travis Burtrum 2020-11-21 22:06:59 -05:00
parent 2e0ccc1d0e
commit c8497a6188
9 changed files with 193 additions and 282 deletions

42
.ci/Jenkinsfile vendored Normal file
View File

@ -0,0 +1,42 @@
properties(
[
disableConcurrentBuilds()
]
)
node('linux && docker') {
try {
stage('Checkout') {
//branch name from Jenkins environment variables
echo "My branch is: ${env.BRANCH_NAME}"
// this doesn't grab tags pointing to this branch
//checkout scm
// this hack does... https://issues.jenkins.io/browse/JENKINS-45164
checkout([
$class: 'GitSCM',
branches: [[name: 'refs/heads/'+env.BRANCH_NAME]],
extensions: [[$class: 'CloneOption', noTags: false, shallow: false, depth: 0, reference: '']],
userRemoteConfigs: scm.userRemoteConfigs,
])
sh '''
set -euxo pipefail
git checkout "$BRANCH_NAME" --
git reset --hard "origin/$BRANCH_NAME"
'''
}
stage('Build + Deploy') {
sh 'curl --compressed -sL https://code.moparisthebest.com/moparisthebest/self-ci/raw/branch/master/build-ci.sh | bash'
}
currentBuild.result = 'SUCCESS'
} catch (Exception err) {
currentBuild.result = 'FAILURE'
} finally {
stage('Email') {
step([$class: 'Mailer', notifyEveryUnstableBuild: true, recipients: 'admin.jenkins@moparisthebest.com', sendToIndividuals: true])
}
deleteDir()
}
}

64
.ci/build.sh Executable file
View File

@ -0,0 +1,64 @@
#!/bin/bash
set -exo pipefail
echo "starting build for TARGET $TARGET"
export CRATE_NAME=wireguard-proxy
export OPENSSL_STATIC=1
export CARGO_FEATURES=async
DISABLE_TESTS=${DISABLE_TESTS:-0}
SUFFIX=""
# wine blows up in testing with async build
echo "$TARGET" | grep -E '^x86_64-pc-windows-gnu$' >/dev/null && DISABLE_TESTS=1 && SUFFIX=".exe"
# these only support openssl_vendored, not async
if echo "$TARGET" | grep -E '^(s390x|powerpc|mips)' >/dev/null
then
CARGO_FEATURES=openssl_vendored
fi
# these don't support any TLS at all
if echo "$TARGET" | grep -E '(^riscv64gc|solaris$)' >/dev/null
then
CARGO_FEATURES=verbose
fi
cross rustc --bin wireguard-proxy --target $TARGET --release --no-default-features --features $CARGO_FEATURES
cross rustc --bin udp-test --target $TARGET --release --no-default-features --features $CARGO_FEATURES
# to check how they are built
file "target/$TARGET/release/wireguard-proxy$SUFFIX" "target/$TARGET/release/udp-test$SUFFIX"
if [ $DISABLE_TESTS -ne 1 ]
then
# first make sure udp-test succeeds running against itself
cross run --target $TARGET --release --no-default-features --features $CARGO_FEATURES --bin udp-test
# now run udp-test through proxy/proxyd
cross run --target $TARGET --release --no-default-features --features $CARGO_FEATURES --bin udp-test -- -is
if [ $CARGO_FEATURES != "verbose" ]; then
# run TLS tests then too
cross run --target $TARGET --release --no-default-features --features $CARGO_FEATURES --bin udp-test -- -is --tls-key ci/cert.key --tls-cert ci/cert.pem
# now pubkey tests
# one that should fail (wrong pinnedpubkey lowercase e at end instead of uppercase E)
cross run --target $TARGET --release --no-default-features --features $CARGO_FEATURES --bin udp-test -- -is --tls-key ci/cert.key --tls-cert ci/cert.pem --pinnedpubkey sha256//BEyQeSjwwUBLXXNuCILHRWyV1gLmY31CdMHNA4VH4de= && exit 1 || true
# and one that should pass
cross run --target $TARGET --release --no-default-features --features $CARGO_FEATURES --bin udp-test -- -is --tls-key ci/cert.key --tls-cert ci/cert.pem --pinnedpubkey sha256//BEyQeSjwwUBLXXNuCILHRWyV1gLmY31CdMHNA4VH4dE=
fi
fi
# if this commit has a tag, upload artifact to release
strip "target/$TARGET/release/wireguard-proxy$SUFFIX" || true # if strip fails, it's fine
mkdir -p release
mv "target/$TARGET/release/wireguard-proxy$SUFFIX" "release/wireguard-proxy-$TARGET$SUFFIX"
echo 'build success!'
exit 0

View File

@ -1,143 +0,0 @@
# Based on the "trust" template v0.1.2
# https://github.com/japaric/trust/tree/v0.1.2
dist: trusty
language: rust
services: docker
sudo: required
# TODO Rust builds on stable by default, this can be
# overridden on a case by case basis down below.
env:
global:
# TODO Update this to match the name of your project.
- CRATE_NAME=wireguard-proxy
- OPENSSL_STATIC=1
- CARGO_FEATURES=async
matrix:
# TODO These are all the build jobs. Adjust as necessary. Comment out what you
# don't need
include:
# Android
- env: TARGET=aarch64-linux-android
- env: TARGET=arm-linux-androideabi
- env: TARGET=armv7-linux-androideabi
- env: TARGET=i686-linux-android
- env: TARGET=x86_64-linux-android
# iOS
- env: TARGET=aarch64-apple-ios DISABLE_TESTS=1
os: osx
- env: TARGET=x86_64-apple-ios DISABLE_TESTS=1
os: osx
# Linux
- env: TARGET=aarch64-unknown-linux-gnu
- env: TARGET=aarch64-unknown-linux-musl
- env: TARGET=arm-unknown-linux-gnueabi
- env: TARGET=arm-unknown-linux-gnueabihf
- env: TARGET=arm-unknown-linux-musleabi
- env: TARGET=arm-unknown-linux-musleabihf
- env: TARGET=armv5te-unknown-linux-gnueabi
- env: TARGET=armv5te-unknown-linux-musleabi
- env: TARGET=armv7-unknown-linux-gnueabihf
- env: TARGET=armv7-unknown-linux-musleabihf
- env: TARGET=i586-unknown-linux-gnu
- env: TARGET=i586-unknown-linux-musl
- env: TARGET=i686-unknown-linux-gnu
- env: TARGET=i686-unknown-linux-musl
- env: TARGET=mips-unknown-linux-gnu CARGO_FEATURES=openssl_vendored
- env: TARGET=mips-unknown-linux-musl CARGO_FEATURES=openssl_vendored
- env: TARGET=mips64-unknown-linux-gnuabi64 CARGO_FEATURES=openssl_vendored
- env: TARGET=mips64el-unknown-linux-gnuabi64 CARGO_FEATURES=openssl_vendored
- env: TARGET=mipsel-unknown-linux-gnu CARGO_FEATURES=openssl_vendored
- env: TARGET=mipsel-unknown-linux-musl CARGO_FEATURES=openssl_vendored
- env: TARGET=powerpc-unknown-linux-gnu CARGO_FEATURES=openssl_vendored
- env: TARGET=powerpc64le-unknown-linux-gnu CARGO_FEATURES=openssl_vendored
# neither openssl nor rustls support poor riscv64gc...
- env: TARGET=riscv64gc-unknown-linux-gnu CARGO_FEATURES=verbose
- env: TARGET=s390x-unknown-linux-gnu DISABLE_TESTS=1 CARGO_FEATURES=openssl_vendored
- env: TARGET=x86_64-unknown-linux-gnu
- env: TARGET=x86_64-unknown-linux-musl
# Solaris, neither openssl nor rustls support poor solaris...
- env: TARGET=sparcv9-sun-solaris DISABLE_TESTS=1 CARGO_FEATURES=verbose
- env: TARGET=x86_64-sun-solaris DISABLE_TESTS=1 CARGO_FEATURES=verbose
# OSX
- env: TARGET=x86_64-apple-darwin
os: osx
# *BSD
- env: TARGET=x86_64-unknown-netbsd DISABLE_TESTS=1
# Windows
# wine blows up in testing with async build
- env: TARGET=x86_64-pc-windows-gnu DISABLE_TESTS=1
# Bare metal
# These targets don't support std and as such are likely not suitable for
# most crates.
# - env: TARGET=thumbv6m-none-eabi
# - env: TARGET=thumbv7em-none-eabi
# - env: TARGET=thumbv7em-none-eabihf
# - env: TARGET=thumbv7m-none-eabi
# Testing other channels
- env: TARGET=x86_64-unknown-linux-gnu
rust: nightly
- env: TARGET=x86_64-apple-darwin
os: osx
rust: nightly
before_install:
- set -e
- rustup self update
install:
- sh ci/install.sh
- source ~/.cargo/env || true
script:
- bash ci/script.sh
after_script: set +e
before_deploy:
- sh ci/before_deploy.sh
deploy:
# TODO update `api_key.secure`
# - Create a `public_repo` GitHub token. Go to: https://github.com/settings/tokens/new
# - Encrypt it: `travis encrypt 0123456789012345678901234567890123456789
# - Paste the output down here
api_key:
secure: $GITHUB_OAUTH
file_glob: true
file: $CRATE_NAME-$TRAVIS_TAG-$TARGET*
on:
# TODO Here you can pick which targets will generate binary releases
# In this example, there are some targets that are tested using the stable
# and nightly channels. This condition makes sure there is only one release
# for such targets and that's generated using the stable channel
condition: $TRAVIS_RUST_VERSION = stable
tags: true
provider: releases
skip_cleanup: true
cache: cargo
before_cache:
# Travis can't cache files that are not readable by "others"
- chmod -R a+r $HOME/.cargo
branches:
only:
# release tags
- /^v\d+\.\d+\.\d+.*$/
- master
- travis
- ci
- openssl

View File

@ -1,6 +1,6 @@
# wireguard-proxy # wireguard-proxy
[![Travis-CI Build Status](https://api.travis-ci.org/moparisthebest/wireguard-proxy.svg?branch=master)](https://travis-ci.org/moparisthebest/wireguard-proxy) [![Build Status](https://ci.moparisthe.best/job/moparisthebest/job/wireguard-proxy/job/master/badge/icon%3Fstyle=plastic)](https://ci.moparisthe.best/job/moparisthebest/job/wireguard-proxy/job/master/)
[![Build status](https://ci.appveyor.com/api/projects/status/vl8c9xdhvgn997d2/branch/master?svg=true)](https://ci.appveyor.com/project/moparisthebest/wireguard-proxy) [![Build status](https://ci.appveyor.com/api/projects/status/vl8c9xdhvgn997d2/branch/master?svg=true)](https://ci.appveyor.com/project/moparisthebest/wireguard-proxy)
[![crates.io](https://img.shields.io/crates/v/wireguard-proxy.svg)](https://crates.io/crates/wireguard-proxy) [![crates.io](https://img.shields.io/crates/v/wireguard-proxy.svg)](https://crates.io/crates/wireguard-proxy)
@ -70,7 +70,7 @@ usage: wireguard-proxy [options...]
Binaries: Binaries:
- [releases](https://github.com/moparisthebest/wireguard-proxy/releases) has static builds for most platforms performed by travis-ci and appveyor courtesy of [trust](https://github.com/japaric/trust) - [releases](https://github.com/moparisthebest/wireguard-proxy/releases) has static builds for most platforms performed by [self-ci](https://github.com/moparisthebest/self-ci) and appveyor courtesy of [trust](https://github.com/japaric/trust)
- Arch Linux AUR [wireguard-proxy](https://aur.archlinux.org/packages/wireguard-proxy/) and [wireguard-proxy-git](https://aur.archlinux.org/packages/wireguard-proxy-git/) - Arch Linux AUR [wireguard-proxy](https://aur.archlinux.org/packages/wireguard-proxy/) and [wireguard-proxy-git](https://aur.archlinux.org/packages/wireguard-proxy-git/)
Building: Building:

85
benchmark.sh Executable file
View File

@ -0,0 +1,85 @@
#!/bin/sh
#set -x
# cert created with:
# cd ci && echo -e '\n\n\n\n\n\n\n' | openssl req -new -x509 -days 3650 -nodes -out cert.pem -keyout cert.key
export PATH="$(pwd)/target/release:$PATH"
run_tests() {
client_arg="$1"
shift
# now run proxyd pointing to nc
wireguard-proxy -th 127.0.0.1:5555 -ut 127.0.0.1:51822 "$@" &
proxyd_pid=$!
# wait for ports to be set up, this is fragile...
sleep 5
# proxy pointing to proxyd
wireguard-proxy -tt 127.0.0.1:5555 "$client_arg" &
proxy_pid=$!
# wait for ports to be set up, this is fragile...
sleep 1
# nc running through wireguard-proxy's above
nc -lup 51822 >/dev/null &
nc_listen_pid=$!
wireguard-proxy -V
dd if=/dev/zero bs=128M count=10 | nc -u 127.0.0.1 51820 &
nc_connect_pid=$!
sleep 5
kill $nc_listen_pid $nc_connect_pid $proxyd_pid $proxy_pid
}
# first no-network baseline
dd if=/dev/zero bs=128M count=10 | cat >/dev/null
# now openbsd netcat for network baseline
nc -lup 51822 >/dev/null &
nc_listen_pid=$!
dd if=/dev/zero bs=128M count=10 | nc -u 127.0.0.1 51822 &
nc_connect_pid=$!
sleep 5
kill $nc_listen_pid $nc_connect_pid
# first run without TLS
#cargo clean
cargo build --release --no-default-features 2>/dev/null || exit 1
run_tests || exit 1
# third run with async+rustls
#cargo clean
cargo build --release --no-default-features --features async 2>/dev/null || exit 1
# first plaintext tests
run_tests || exit 1
# then TLS tests
run_tests --tls --tls-key ci/cert.key --tls-cert ci/cert.pem || exit 1
exit 0
# first run with non-vendored tls
#cargo clean
cargo build --release --no-default-features --features tls 2>/dev/null || exit 1
# first plaintext tests
run_tests || exit 1
# then TLS tests
run_tests --tls --tls-key ci/cert.key --tls-cert ci/cert.pem || exit 1
# second run with vendored tls
#cargo clean
cargo build --release --no-default-features --features openssl_vendored 2>/dev/null || exit 1
# first plaintext tests
run_tests || exit 1
# then TLS tests
run_tests --tls --tls-key ci/cert.key --tls-cert ci/cert.pem || exit 1
exit 0

View File

@ -1,21 +0,0 @@
# This script takes care of packaging the build artifacts that will go in the
# release zipfile
$SRC_DIR = $PWD.Path
$STAGE = [System.Guid]::NewGuid().ToString()
Set-Location $ENV:Temp
New-Item -Type Directory -Name $STAGE
Set-Location $STAGE
$ZIP = "$SRC_DIR\$($Env:CRATE_NAME)-$($Env:APPVEYOR_REPO_TAG_NAME)-$($Env:TARGET).exe"
# TODO Update this to package the right artifacts
Copy-Item "$SRC_DIR\target\$($Env:TARGET)\release\wireguard-proxy.exe" "$ZIP"
Push-AppveyorArtifact "$ZIP"
Remove-Item *.* -Force
Set-Location ..
Remove-Item $STAGE
Set-Location $SRC_DIR

View File

@ -1,29 +0,0 @@
# This script takes care of building your crate and packaging it for release
set -ex
main() {
local src=$(pwd)
test -f Cargo.lock || cargo generate-lockfile
# TODO Update this to build the artifacts that matter to you
cross rustc --bin wireguard-proxy --target $TARGET --release --no-default-features --features $CARGO_FEATURES
# to check how they are built
file target/$TARGET/release/wireguard-proxy* || echo 'file failed'
# TODO Update this to package the right artifacts, this needs to handle .exe too...
case $TARGET in
x86_64-pc-windows-gnu)
strip target/$TARGET/release/wireguard-proxy.exe || echo 'strip failed, ignoring...'
cp target/$TARGET/release/wireguard-proxy.exe $src/$CRATE_NAME-$TRAVIS_TAG-$TARGET.exe
;;
*)
strip target/$TARGET/release/wireguard-proxy || echo 'strip failed, ignoring...'
cp target/$TARGET/release/wireguard-proxy $src/$CRATE_NAME-$TRAVIS_TAG-$TARGET
;;
esac
}
main

View File

@ -1,47 +0,0 @@
set -ex
main() {
local target=
if [ $TRAVIS_OS_NAME = linux ]; then
target=x86_64-unknown-linux-musl
sort=sort
else
target=x86_64-apple-darwin
sort=gsort # for `sort --sort-version`, from brew's coreutils.
fi
# Builds for iOS are done on OSX, but require the specific target to be
# installed.
case $TARGET in
aarch64-apple-ios)
rustup target install aarch64-apple-ios
;;
armv7-apple-ios)
rustup target install armv7-apple-ios
;;
armv7s-apple-ios)
rustup target install armv7s-apple-ios
;;
i386-apple-ios)
rustup target install i386-apple-ios
;;
x86_64-apple-ios)
rustup target install x86_64-apple-ios
;;
esac
# This fetches latest stable release
local tag=$(git ls-remote --tags --refs --exit-code https://github.com/japaric/cross \
| cut -d/ -f3 \
| grep -E '^v[0.1.0-9.]+$' \
| $sort --version-sort \
| tail -n1)
curl -LSfs https://japaric.github.io/trust/install.sh | \
sh -s -- \
--force \
--git japaric/cross \
--tag $tag \
--target $target
}
main

View File

@ -1,40 +0,0 @@
# This script takes care of testing your crate
set -ex
# TODO This is the "test phase", tweak it as you see fit
main() {
cross rustc --bin wireguard-proxy --target $TARGET --release --no-default-features --features $CARGO_FEATURES
cross rustc --bin udp-test --target $TARGET --release --no-default-features --features $CARGO_FEATURES
# to check how they are built
file target/$TARGET/release/wireguard-proxy* target/$TARGET/release/udp-test* || echo 'file failed'
if [ ! -z $DISABLE_TESTS ]; then
return
fi
# first make sure udp-test succeeds running against itself
cross run --target $TARGET --release --no-default-features --features $CARGO_FEATURES --bin udp-test
# now run udp-test through proxy/proxyd
cross run --target $TARGET --release --no-default-features --features $CARGO_FEATURES --bin udp-test -- -is
if [ $CARGO_FEATURES != "verbose" ]; then
# run TLS tests then too
cross run --target $TARGET --release --no-default-features --features $CARGO_FEATURES --bin udp-test -- -is --tls-key ci/cert.key --tls-cert ci/cert.pem
# now pubkey tests
# one that should fail (wrong pinnedpubkey lowercase e at end instead of uppercase E)
cross run --target $TARGET --release --no-default-features --features $CARGO_FEATURES --bin udp-test -- -is --tls-key ci/cert.key --tls-cert ci/cert.pem --pinnedpubkey sha256//BEyQeSjwwUBLXXNuCILHRWyV1gLmY31CdMHNA4VH4de= && exit 1 || true
# and one that should pass
cross run --target $TARGET --release --no-default-features --features $CARGO_FEATURES --bin udp-test -- -is --tls-key ci/cert.key --tls-cert ci/cert.pem --pinnedpubkey sha256//BEyQeSjwwUBLXXNuCILHRWyV1gLmY31CdMHNA4VH4dE=
fi
}
# we don't run the "test phase" when doing deploys
if [ -z $TRAVIS_TAG ]; then
main
fi