80 lines
2.2 KiB
YAML
80 lines
2.2 KiB
YAML
include:
|
|
- template: Security/SAST.gitlab-ci.yml
|
|
|
|
variables:
|
|
CONTAINER_REGISTRY: $CI_REGISTRY/georg/mat2-ci-images
|
|
|
|
stages:
|
|
- linting
|
|
- test
|
|
|
|
.prepare_env: &prepare_env
|
|
before_script: # This is needed to not run the testsuite as root
|
|
- useradd --home-dir ${CI_PROJECT_DIR} mat2
|
|
- chown -R mat2 .
|
|
|
|
linting:bandit:
|
|
image: $CONTAINER_REGISTRY:linting
|
|
stage: linting
|
|
script: # TODO: remove B405 and B314
|
|
- bandit ./mat2 --format txt --skip B101
|
|
- bandit -r ./libmat2 --format txt --skip B101,B404,B603,B405,B314,B108,B311
|
|
|
|
linting:codespell:
|
|
image: $CONTAINER_REGISTRY:linting
|
|
stage: linting
|
|
script:
|
|
# Run codespell to check for spelling errors; ignore errors about binary
|
|
# files, use a config with ignored words and exclude the git directory,
|
|
# which might contain false positives
|
|
- codespell -q 2 -I utils/ci/codespell/ignored_words.txt -S .git
|
|
|
|
linting:pylint:
|
|
image: $CONTAINER_REGISTRY:linting
|
|
stage: linting
|
|
script:
|
|
- pylint --disable=no-else-return,no-else-raise,no-else-continue,unnecessary-comprehension,raise-missing-from,unsubscriptable-object,use-dict-literal,unspecified-encoding,consider-using-f-string,use-list-literal,too-many-statements --extension-pkg-whitelist=cairo,gi ./libmat2 ./mat2
|
|
|
|
linting:mypy:
|
|
image: $CONTAINER_REGISTRY:linting
|
|
stage: linting
|
|
script:
|
|
- mypy --ignore-missing-imports mat2 libmat2/*.py
|
|
|
|
tests:archlinux:
|
|
image: $CONTAINER_REGISTRY:archlinux
|
|
stage: test
|
|
script:
|
|
- python3 -m unittest discover -v
|
|
|
|
tests:debian:
|
|
image: $CONTAINER_REGISTRY:debian
|
|
stage: test
|
|
<<: *prepare_env
|
|
script:
|
|
- apt-get -qqy purge bubblewrap
|
|
- su - mat2 -c "python3-coverage run --branch -m unittest discover -s tests/"
|
|
- su - mat2 -c "python3-coverage report --fail-under=95 -m --include 'libmat2/*'"
|
|
|
|
tests:debian_with_bubblewrap:
|
|
image: $CONTAINER_REGISTRY:debian
|
|
stage: test
|
|
allow_failure: true
|
|
<<: *prepare_env
|
|
script:
|
|
- apt-get -qqy install bubblewrap
|
|
- python3 -m unittest discover -v
|
|
|
|
tests:fedora:
|
|
image: $CONTAINER_REGISTRY:fedora
|
|
stage: test
|
|
script:
|
|
- python3 -m unittest discover -v
|
|
|
|
tests:gentoo:
|
|
image: $CONTAINER_REGISTRY:gentoo
|
|
stage: test
|
|
<<: *prepare_env
|
|
script:
|
|
- su - mat2 -c "python3 -m unittest discover -v"
|