distributed.camp
A Python port of the Invisible Internet Project (I2P)
1stages:
2 - test
3 - security
4 - build
5 - publish
6 - release
7
8# ---------------------------------------------------------------------------
9# Test
10# ---------------------------------------------------------------------------
11
12test:
13 stage: test
14 image: python:3.11-slim
15 tags: [linux]
16 before_script:
17 - pip config set global.extra-index-url https://pypi.org/simple
18
19 script:
20 - pip install .[dev]
21 - python -m pytest tests/ -q
22 rules:
23 - if: $CI_COMMIT_TAG
24
25# ---------------------------------------------------------------------------
26# Security
27# ---------------------------------------------------------------------------
28
29security:
30 stage: security
31 image: python:3.11-slim
32 tags: [linux]
33 before_script:
34 - pip config set global.extra-index-url https://pypi.org/simple
35
36 script:
37 - pip install .[security]
38 - bandit -c bandit.yaml -r src/ -f json -o bandit-results.json --exit-zero
39 - bandit -c bandit.yaml -r src/ -f screen || true
40 - pip install .
41 - pip-audit -f json -o pip-audit-results.json --desc || true
42 - python tools/security/check_results.py
43 --bandit bandit-results.json
44 --pip-audit pip-audit-results.json
45 artifacts:
46 when: always
47 paths:
48 - bandit-results.json
49 - pip-audit-results.json
50 expire_in: 30 days
51 rules:
52 - if: $CI_COMMIT_TAG
53
54# ---------------------------------------------------------------------------
55# Build — each OS in its own isolated container
56# ---------------------------------------------------------------------------
57
58build-sdist:
59 stage: build
60 image: python:3.11-slim
61 tags: [linux]
62 script:
63 - pip install build
64 - python -m build --outdir dist/
65 artifacts:
66 paths:
67 - dist/*.tar.gz
68 - dist/*.whl
69 expire_in: 90 days
70 rules:
71 - if: $CI_COMMIT_TAG
72
73build-deb:
74 stage: build
75 image: debian:bookworm-slim
76 tags: [linux]
77 script:
78 - apt-get update -qq
79 - apt-get install -y --no-install-recommends
80 python3 python3-pip python3-venv
81 ruby ruby-dev gcc make libffi-dev
82 - gem install fpm --no-document
83 - bash build/linux-deb/build.sh
84 artifacts:
85 paths:
86 - dist/*.deb
87 expire_in: 90 days
88 rules:
89 - if: $CI_COMMIT_TAG
90 before_script:
91 - mkdir -p dist
92 - ln -sf "$(pwd)/dist" /out
93
94build-rpm:
95 stage: build
96 image: fedora:41
97 tags: [linux]
98 script:
99 - dnf install -y --setopt=install_weak_deps=False
100 python3 python3-pip python3-devel
101 ruby ruby-devel rubygem-json gcc gcc-c++ make rpm-build
102 libffi-devel redhat-rpm-config
103 - gem install fpm --no-document
104 - bash build/linux-rpm/build.sh
105 artifacts:
106 paths:
107 - dist/*.rpm
108 expire_in: 90 days
109 rules:
110 - if: $CI_COMMIT_TAG
111 before_script:
112 - mkdir -p dist
113 - ln -sf "$(pwd)/dist" /out
114
115build-windows:
116 stage: build
117 image: python:3.12-slim
118 tags: [linux]
119 script:
120 - apt-get update -qq
121 - apt-get install -y --no-install-recommends nsis
122 - pip install pynsist
123 - bash build/windows/build.sh
124 artifacts:
125 paths:
126 - dist/*.exe
127 expire_in: 90 days
128 rules:
129 - if: $CI_COMMIT_TAG
130 before_script:
131 - mkdir -p dist
132 - ln -sf "$(pwd)/dist" /out
133
134# ---------------------------------------------------------------------------
135# Publish — upload all artifacts to GitLab Package Registry
136# ---------------------------------------------------------------------------
137
138publish:
139 stage: publish
140 image: python:3.11-slim
141 tags: [linux]
142 before_script:
143 - pip config set global.extra-index-url https://pypi.org/simple
144
145 script:
146 - pip install twine
147 - twine upload
148 --repository-url ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/pypi
149 -u gitlab-ci-token -p ${CI_JOB_TOKEN} dist/*.tar.gz dist/*.whl
150 dependencies:
151 - build-sdist
152 rules:
153 - if: $CI_COMMIT_TAG