- 17 Mar, 2020 1 commit
-
-
mbedTLS has fixed their certificate.
Edward Thomson committed
-
- 13 Mar, 2020 4 commits
-
-
We currently hve some problems with our curl downloads when building Docker images. It's not quite obvious what the problem is and they seem to occur semi-randomly. To unblock our CI, let's add the "--insecure" flag to curl to ignore any certificate errors. This is intended as a temporary solution only.
Patrick Steinhardt committed -
Azure is phasing out old images on March 23rd 2020, but we're currently still using them. So let's upgrade images as following: - Ubuntu 16.04 -> ubuntu-18.04 - macOS 10.13 -> macOS-10.15 - Hosted Windows machines -> vs2017-win2016 Each of them is currently the latest version. As the new Microsoft Windows machine has upgraded to MSVS2017, we need to also adjust our CMake generators to "Visual Studio 15 2017". As this CMake generator doesn't accept the target platform name anymore, we instead need to set it up via either "-A Win32" or "-A x64". [1]: https://devblogs.microsoft.com/devops/removing-older-images-in-azure-pipelines-hosted-pools/
Patrick Steinhardt committed -
Our Docurium builds currently depend on Debian Jessie, which has CMake v3.0 available. As rugged has bumped its CMake requirements to need at least v3.5 now, the documentation build is thus failing. Fix this by converting our Docurium Docker image to be based on Ubuntu Bionic. We already do base all of our images on Ubuntu, so I don't see any sense in using Debian here. If this was only to speed up builds, we should just go all the way and use some minimal container like Alpine anyway. Also remove cache busters. As we're rebuilding the image every time, it's we really don't need them at all.
Patrick Steinhardt committed -
We currently pass the "--silent" flag to most invocations of curl, but in fact this does not only suppress the progress meter, but also any errors. So let's also pass "--show-error", too.
Patrick Steinhardt committed
-
- 02 Mar, 2020 1 commit
-
-
tls.mbed.org has neglected to send their full certificate chain. Add their intermediate cert manually.
Edward Thomson committed
-
- 01 Mar, 2020 1 commit
-
-
tls.mbed.org has neglected to send their full certificate chain. Add their intermediate cert manually.
Edward Thomson committed
-
- 19 Feb, 2020 1 commit
-
-
In commit 01a83406 (azure: docker: fix ARM builds by replacing gosu(1), 2020-02-18), we've switched our entrypoint from gosu(1) to use sudo(1) instead to fix our ARM builds. The switch introduced an incompatibility that now causes our Coverity builds to fail, as the "--preserve-env" switch will also keep HOME at its current value. As a result, Coverity now tries to set up its configuration directory in root's home directory, which it naturally can't write to. Fix the issue by adding the "--set-home" flag to sudo(1).
Patrick Steinhardt committed
-
- 18 Feb, 2020 4 commits
-
-
Our nightly builds are currently failing due to our ARM-based jobs. These jobs crash immediately when entering the Docker container with a exception thrown by Go's language runtime. As we're able to successfully builds the Docker images in previous steps, it's unlikely to be a bug in Docker itself. Instead, this exception is thrown by gosu(1), which is a Go-based utility to drop privileges and run by our entrypoint. Fix the issue by dropping gosu(1) in favor of sudo(1).
Patrick Steinhardt committed -
Our two Docker build instructions for Xenial and Bionic have diverged a bit. Let's re-synchronize them with each other to make them as similar as possible.
Patrick Steinhardt committed -
The build step for our Docker images currently succeeds even if building the Docker image fails due to missing && chains in the build script. Fix this by adding them in.
Patrick Steinhardt committed -
Since migrating to Docker containings for our build and test infrastructure, we do not use the "setup-linux.sh" script anymore. Remove it to avoid any confusion.
Patrick Steinhardt committed
-
- 07 Feb, 2020 7 commits
-
-
In order to properly tear down the test environment, we will kill git-daemon(1) if we've exercised it. As git-daemon(1) is spawned as a background process, it is still owned by the shell and thus killing it later on will print a termination message to the shell's stderr, causing Azure to report it as an error. Fix this by disowning the background process.
Patrick Steinhardt committed -
The Docker entrypoint currently creates the libgit2 user with "useradd --create-home". As we start the Docker container with two volumes pointing into "/home/libgit2/", the home directory will already exist. While useradd(1) copes with this just fine, it will print error messages to stderr which end up as failures in our Azure pipelines. Fix this by simply removing the "--create-home" parameter.
Patrick Steinhardt committed -
Without the "--silent" parameter, curl will print a progress meter to stderr. Azure has the nice feature of interpreting any output to stderr as errors with a big red warning towards the end of the build. Let's thus silence curl to not generate any misleading messages.
Patrick Steinhardt committed -
When building dependencies for our Docker images, we first download the sources to disk first, unpack them and finally remove the archive again. This can be sped up by piping the downloading archive into tar(1) directly to parallelize both tasks. Furthermore, let's silence curl(1) to not print to status information to stderr, which tends to be interpreted as errors by Azure Pipelines.
Patrick Steinhardt committed -
There's several issues with our Coverity builds, like e.g. missing wget in our containers. Simplify our Coverity pipeline and fix these issues.
Patrick Steinhardt committed -
Back in commit 5a6740e7 (azure: build Docker images as part of the pipeline, 2019-08-02), we have converted our pipelines to use self-built Docker images to ease making changes to our Dockerfiles. The commit didn't adjust our Coverity pipeline, though, so let's do this now.
Patrick Steinhardt committed -
In commit bbc0b20b (azure: fix Coverity's build due to wrong container name, 2019-08-02), Coverity builds were fixed to use the correct container names. Unfortunately, the "fix" completely broke our Coverity builds due to using wrong syntax for the Docker task. Let's fix this by using "imageName" instead of the Docker dict.
Patrick Steinhardt committed
-
- 04 Feb, 2020 2 commits
-
-
While we already do have logic to re-run flaky tests, the FAILED variable currently does not get reset to "0". As a result, successful reruns will still cause the test to be registered as failed. Fix this by resetting the variable accordingly.
Patrick Steinhardt committed -
The proxy tests regularly fail in our CI environment. Unfortunately, this is expected due to the network layer. Thus, let's re-try the proxy tests up to five times in case they fail.
Patrick Steinhardt committed
-
- 24 Jan, 2020 4 commits
-
-
Download poxygit, a debugging git server, and clone from it using NTLM, both IIS-style (with connection affinity) and Apache-style ("broken", requiring constant reauthentication).
Edward Thomson committed -
Edward Thomson committed
-
Edward Thomson committed
-
Attempt to obtain a Kerberos ticket from LIBGIT2.ORG and then clone the Negotiate-protected site at test.libgit2.org with that ticket.
Edward Thomson committed
-
- 24 Nov, 2019 6 commits
-
-
Our docker builds are getting expensive, let's cache some of this.
Edward Thomson committed -
The valgrind in the PPA is broken and ignores `--exit-errorcode`. Build and install our own.
Edward Thomson committed -
Edward Thomson committed
-
Use a multi-stage docker build so that we can cache early stages and not need to download the apt-provided dependencies during every build (when only later stages change).
Edward Thomson committed -
Deleting the apt cache can be helpful for reducing the size of a container, but since we don't push it anywhere, it only hinders our ability to debug problems while working on the container. Keep it.
Edward Thomson committed -
Edward Thomson committed
-
- 23 Nov, 2019 1 commit
-
-
The lsb-release command is missing on our images; just show the information from the file instead of relying on it.
Edward Thomson committed
-
- 22 Nov, 2019 1 commit
-
-
Provide a sane default for `CMAKE_GENERATOR` in the build script so that it can be invoked without having to set that in the environment.
Edward Thomson committed
-
- 13 Oct, 2019 1 commit
-
-
Etienne Samson committed
-
- 21 Sep, 2019 1 commit
-
-
Right now, all tests in libgit2's CI are being executed as root user. As libgit2 will usually not run as a root user in "normal" usecases and furthermore as there are tests that rely on the ability to _not_ be able to create certain paths, let's instead create an unprivileged user "libgit2" and use that across all docker images.
Patrick Steinhardt committed
-
- 13 Sep, 2019 5 commits
-
-
While we were still supporting Trusty, using Ninja as a build tool would have required us to first setup pip and then use it to install Ninja. As a result, the speedups from using Ninja were drowned out by the time required to install Ninja. But as we have deprecated Trusty now, both Xenial and Bionic have recent versions of Ninja in their repositories and thus we can now use Ninja.
Patrick Steinhardt committed -
The Valgrind version shipped with Xenial has some bugs that keep our tests from working due to bad interactions with openssl [1]. Fix this by using the "hola-launchpad/valgrind" PPA that provides a newer version for which the bug has been fixed. [1]: https://bugs.launchpad.net/ubuntu/+source/valgrind/+bug/1574437
Patrick Steinhardt committed -
Pass the flag "--no-install-recommends" to apt-get in order to trim down the number of packages installed, both reducing build time and image size. As this also causes some required packages to not be installed anymore, add these explicitly to the set of packages installed.
Patrick Steinhardt committed -
Reformat both Xenial and Bionic's Dockerfiles to use best practices. Most importantly, we now run `apt-get update` and `apt-get install` in one step followed up by removing the package lists to speed up installation and keep down the image size.
Patrick Steinhardt committed -
While Xenial provides libssh2 in its repositories, it only has version 1.5.0 available. This version will unfortunately not be able to connect to GitHub due to their removal of weak cryptographic standards [1]. To still enable our CI to execute tests against GitHub, we thus have to update the provided libssh2 version to a newer one. Manually install libssh2 1.8.2 on Xenial. There's no need to do the same for Bionic, as it already provides libssh2 1.8.0. [1]: https://github.blog/2018-02-01-crypto-removal-notice/
Patrick Steinhardt committed
-