/* This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ import merge from "./merge"; import * as queue from "./queue"; const LINUX_IMAGE = { name: "linux", path: "automation/taskcluster/docker" }; const LINUX_BUILDS_IMAGE = { name: "linux-builds", path: "automation/taskcluster/docker-builds" }; const LINUX_INTEROP_IMAGE = { name: "linux-interop", path: "automation/taskcluster/docker-interop" }; const CLANG_FORMAT_IMAGE = { name: "clang-format", path: "automation/taskcluster/docker-clang-format" }; const LINUX_GCC44_IMAGE = { name: "linux-gcc-4.4", path: "automation/taskcluster/docker-gcc-4.4" }; const FUZZ_IMAGE = { name: "fuzz", path: "automation/taskcluster/docker-fuzz" }; // Bug 1488148 - temporary image for fuzzing 32-bit builds. const FUZZ_IMAGE_32 = { name: "fuzz32", path: "automation/taskcluster/docker-fuzz32" }; const SAW_IMAGE = { name: "saw", path: "automation/taskcluster/docker-saw" }; const WINDOWS_CHECKOUT_CMD = "bash -c \"hg clone -r $NSS_HEAD_REVISION $NSS_HEAD_REPOSITORY nss || " + "(sleep 2; hg clone -r $NSS_HEAD_REVISION $NSS_HEAD_REPOSITORY nss) || " + "(sleep 5; hg clone -r $NSS_HEAD_REVISION $NSS_HEAD_REPOSITORY nss)\""; const MAC_CHECKOUT_CMD = ["bash", "-c", "hg clone -r $NSS_HEAD_REVISION $NSS_HEAD_REPOSITORY nss || " + "(sleep 2; hg clone -r $NSS_HEAD_REVISION $NSS_HEAD_REPOSITORY nss) || " + "(sleep 5; hg clone -r $NSS_HEAD_REVISION $NSS_HEAD_REPOSITORY nss)"]; /*****************************************************************************/ queue.filter(task => { if (task.group == "Builds") { // Remove extra builds on {A,UB}San and ARM. if (task.collection == "asan" || task.platform == "aarch64") { return false; } // Make modular builds only on Linux make. if (task.symbol == "modular" && task.collection != "make") { return false; } } if (task.tests == "bogo" || task.tests == "interop" || task.tests == "tlsfuzzer") { // No windows if (task.platform == "windows2012-64" || task.platform == "windows2012-32") { return false; } // No ARM; TODO: enable if (task.platform == "aarch64") { return false; } // No mac if (task.platform == "mac") { return false; } } if (task.tests == "fips" && (task.platform == "mac" || task.platform == "aarch64")) { return false; } // Only old make builds have -Ddisable_libpkix=0 and can run chain tests. if (task.tests == "chains" && task.collection != "make") { return false; } // Don't run all additional hardware tests on ARM. if (task.group == "Cipher" && task.platform == "aarch64" && task.env && (task.env.NSS_DISABLE_PCLMUL == "1" || task.env.NSS_DISABLE_SSE4_1 == "1" || task.env.NSS_DISABLE_AVX == "1" || task.env.NSS_DISABLE_AVX2 == "1")) { return false; } // Don't run ARM specific hardware tests on non-ARM. // TODO: our server that runs task cluster doesn't support Intel SHA extensions. if (task.group == "Cipher" && task.platform != "aarch64" && task.env && (task.env.NSS_DISABLE_HW_SHA1 == "1" || task.env.NSS_DISABLE_HW_SHA2 == "1")) { return false; } // Don't run DBM builds on aarch64. if (task.group == "DBM" && task.platform == "aarch64") { return false; } return true; }); queue.map(task => { if (task.collection == "asan") { // CRMF and FIPS tests still leak, unfortunately. if (task.tests == "crmf") { task.env.ASAN_OPTIONS = "detect_leaks=0"; } } if (task.tests == "ssl") { if (!task.env) { task.env = {}; } // Stress tests to not include other SSL tests if (task.symbol == "stress") { task.env.NSS_SSL_TESTS = "normal_normal"; } else { task.env.NSS_SSL_TESTS = "crl iopr policy normal_normal"; } // FIPS runs if (task.collection == "fips") { task.env.NSS_SSL_TESTS += " fips_fips fips_normal normal_fips"; } if (task.platform == "mac") { task.maxRunTime = 7200; } } // Windows is slow. if ((task.platform == "windows2012-32" || task.platform == "windows2012-64") && task.tests == "chains") { task.maxRunTime = 7200; } if (task.platform == "mac" && task.tests == "tools") { task.maxRunTime = 7200; } return task; }); /*****************************************************************************/ export default async function main() { await scheduleLinux("Linux 32 (opt)", { platform: "linux32", image: LINUX_IMAGE }, "-t ia32 --opt"); await scheduleLinux("Linux 32 (debug)", { platform: "linux32", collection: "debug", image: LINUX_IMAGE }, "-t ia32"); await scheduleLinux("Linux 64 (opt)", { platform: "linux64", image: LINUX_IMAGE }, "--opt"); await scheduleLinux("Linux 64 (debug)", { platform: "linux64", collection: "debug", image: LINUX_IMAGE }); await scheduleLinux("Linux 64 (debug, make)", { env: {USE_64: "1"}, platform: "linux64", image: LINUX_IMAGE, collection: "make", command: [ "/bin/bash", "-c", "bin/checkout.sh && nss/automation/taskcluster/scripts/build.sh" ], }); await scheduleLinux("Linux 64 (opt, make)", { env: {USE_64: "1", BUILD_OPT: "1"}, platform: "linux64", image: LINUX_IMAGE, collection: "make", command: [ "/bin/bash", "-c", "bin/checkout.sh && nss/automation/taskcluster/scripts/build.sh" ], }); await scheduleLinux("Linux 32 (debug, make)", { platform: "linux32", image: LINUX_IMAGE, collection: "make", command: [ "/bin/bash", "-c", "bin/checkout.sh && nss/automation/taskcluster/scripts/build.sh" ], }); await scheduleLinux("Linux 64 (ASan, debug)", { env: { UBSAN_OPTIONS: "print_stacktrace=1", NSS_DISABLE_ARENA_FREE_LIST: "1", NSS_DISABLE_UNLOAD: "1", CC: "clang", CCC: "clang++", }, platform: "linux64", collection: "asan", image: LINUX_IMAGE, features: ["allowPtrace"], }, "--ubsan --asan"); await scheduleLinux("Linux 64 (FIPS opt)", { platform: "linux64", collection: "fips", image: LINUX_IMAGE, }, "--enable-fips --opt"); await scheduleWindows("Windows 2012 64 (debug, make)", { platform: "windows2012-64", collection: "make", env: {USE_64: "1"} }, "build.sh"); await scheduleWindows("Windows 2012 32 (debug, make)", { platform: "windows2012-32", collection: "make" }, "build.sh"); await scheduleWindows("Windows 2012 64 (opt)", { platform: "windows2012-64", }, "build_gyp.sh --opt"); await scheduleWindows("Windows 2012 64 (debug)", { platform: "windows2012-64", collection: "debug" }, "build_gyp.sh"); await scheduleWindows("Windows 2012 32 (opt)", { platform: "windows2012-32", }, "build_gyp.sh --opt -t ia32"); await scheduleWindows("Windows 2012 32 (debug)", { platform: "windows2012-32", collection: "debug" }, "build_gyp.sh -t ia32"); await scheduleFuzzing(); await scheduleFuzzing32(); await scheduleTools(); let aarch64_base = { image: "franziskus/nss-aarch64-ci", provisioner: "localprovisioner", workerType: "nss-aarch64", platform: "aarch64", maxRunTime: 7200 }; await scheduleLinux("Linux AArch64 (debug)", merge(aarch64_base, { command: [ "/bin/bash", "-c", "bin/checkout.sh && nss/automation/taskcluster/scripts/build_gyp.sh" ], collection: "debug", }) ); await scheduleLinux("Linux AArch64 (opt)", merge(aarch64_base, { command: [ "/bin/bash", "-c", "bin/checkout.sh && nss/automation/taskcluster/scripts/build_gyp.sh --opt" ], collection: "opt", }) ); await scheduleLinux("Linux AArch64 (debug, make)", merge(aarch64_base, { env: {USE_64: "1"}, command: [ "/bin/bash", "-c", "bin/checkout.sh && nss/automation/taskcluster/scripts/build.sh" ], collection: "make", }) ); await scheduleMac("Mac (opt)", {collection: "opt"}, "--opt"); await scheduleMac("Mac (debug)", {collection: "debug"}); // Must be executed after all other tasks are scheduled queue.clearFilters(); await scheduleCodeReview(); } async function scheduleMac(name, base, args = "") { let mac_base = merge(base, { env: { PATH: "/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin", NSS_TASKCLUSTER_MAC: "1", DOMSUF: "localdomain", HOST: "localhost", }, provisioner: "localprovisioner", workerType: "nss-macos-10-12", platform: "mac" }); // Build base definition. let build_base_without_command_symbol = merge(mac_base, { provisioner: "localprovisioner", workerType: "nss-macos-10-12", platform: "mac", maxRunTime: 7200, artifacts: [{ expires: 24 * 7, type: "directory", path: "public" }], kind: "build", }); let gyp_cmd = "nss/automation/taskcluster/scripts/build_gyp.sh "; if (!("collection" in base) || (base.collection != "make" && base.collection != "asan" && base.collection != "fips" && base.collection != "fuzz")) { let nspr_gyp = gyp_cmd + "--nspr-only --nspr-test-build --nspr-test-run "; let nspr_build = merge(build_base_without_command_symbol, { command: [ MAC_CHECKOUT_CMD, ["bash", "-c", nspr_gyp + args] ], symbol: "NSPR" }); // The task that tests NSPR. let nspr_task_build = queue.scheduleTask(merge(nspr_build, {name})); } let build_base = merge(build_base_without_command_symbol, { command: [ MAC_CHECKOUT_CMD, ["bash", "-c", gyp_cmd + args] ], symbol: "B" }); // The task that builds NSPR+NSS. let task_build = queue.scheduleTask(merge(build_base, {name})); // The task that generates certificates. let task_cert = queue.scheduleTask(merge(build_base, { name: "Certificates", command: [ MAC_CHECKOUT_CMD, ["bash", "-c", "nss/automation/taskcluster/scripts/gen_certs.sh"] ], parent: task_build, symbol: "Certs" })); // Schedule tests. scheduleTests(task_build, task_cert, merge(mac_base, { command: [ MAC_CHECKOUT_CMD, ["bash", "-c", "nss/automation/taskcluster/scripts/run_tests.sh"] ] })); return queue.submit(); } /*****************************************************************************/ async function scheduleLinux(name, overrides, args = "") { let checkout_and_gyp = "bin/checkout.sh && nss/automation/taskcluster/scripts/build_gyp.sh "; let artifacts_and_kind = { artifacts: { public: { expires: 24 * 7, type: "directory", path: "/home/worker/artifacts" } }, kind: "build", }; if (!("collection" in overrides) || (overrides.collection != "make" && overrides.collection != "asan" && overrides.collection != "fips" && overrides.collection != "fuzz")) { let nspr_gyp = checkout_and_gyp + "--nspr-only --nspr-test-build --nspr-test-run "; let nspr_base = merge({ command: [ "/bin/bash", "-c", nspr_gyp + args ], }, overrides); let nspr_without_symbol = merge(nspr_base, artifacts_and_kind); let nspr_build = merge(nspr_without_symbol, { symbol: "NSPR", }); // The task that tests NSPR. let nspr_task_build = queue.scheduleTask(merge(nspr_build, {name})); } // Construct a base definition. This takes |overrides| second because // callers expect to be able to overwrite the |command| key. let base = merge({ command: [ "/bin/bash", "-c", checkout_and_gyp + args ], }, overrides); let base_without_symbol = merge(base, artifacts_and_kind); // The base for building. let build_base = merge(base_without_symbol, { symbol: "B", }); // The task that builds NSPR+NSS. let task_build = queue.scheduleTask(merge(build_base, {name})); // Make builds run FIPS tests, which need an extra FIPS build. if (base.collection == "make") { let extra_build = queue.scheduleTask(merge(build_base, { env: { NSS_FORCE_FIPS: "1" }, group: "FIPS", name: `${name} w/ NSS_FORCE_FIPS` })); // The task that generates certificates. let task_cert = queue.scheduleTask(merge(build_base, { name: "Certificates", command: [ "/bin/bash", "-c", "bin/checkout.sh && nss/automation/taskcluster/scripts/gen_certs.sh" ], parent: extra_build, symbol: "Certs-F", group: "FIPS", })); // Schedule FIPS tests. queue.scheduleTask(merge(base, { parent: task_cert, name: "FIPS", command: [ "/bin/bash", "-c", "bin/checkout.sh && nss/automation/taskcluster/scripts/run_tests.sh" ], cycle: "standard", kind: "test", name: "FIPS tests", symbol: "Tests-F", tests: "fips", group: "FIPS" })); } // The task that generates certificates. let cert_base = merge(build_base, { name: "Certificates", command: [ "/bin/bash", "-c", "bin/checkout.sh && nss/automation/taskcluster/scripts/gen_certs.sh" ], parent: task_build, symbol: "Certs" }); let task_cert = queue.scheduleTask(cert_base); // Schedule tests. scheduleTests(task_build, task_cert, merge(base, { command: [ "/bin/bash", "-c", "bin/checkout.sh && nss/automation/taskcluster/scripts/run_tests.sh" ] })); // Extra builds. let extra_base = merge(build_base, { group: "Builds", image: LINUX_BUILDS_IMAGE, }); queue.scheduleTask(merge(extra_base, { name: `${name} w/ clang-4`, env: { CC: "clang-4.0", CCC: "clang++-4.0", }, symbol: "clang-4" })); queue.scheduleTask(merge(extra_base, { name: `${name} w/ gcc-4.4`, image: LINUX_GCC44_IMAGE, env: { USE_64: "1", CC: "gcc-4.4", CCC: "g++-4.4", // gcc-4.6 introduced nullptr. NSS_DISABLE_GTESTS: "1", }, // Use the old Makefile-based build system, GYP doesn't have a proper GCC // version check for __int128 support. It's mainly meant to cover RHEL6. command: [ "/bin/bash", "-c", "bin/checkout.sh && nss/automation/taskcluster/scripts/build.sh", ], symbol: "gcc-4.4" })); queue.scheduleTask(merge(extra_base, { name: `${name} w/ gcc-4.8`, env: { CC: "gcc-4.8", CCC: "g++-4.8" }, symbol: "gcc-4.8" })); queue.scheduleTask(merge(extra_base, { name: `${name} w/ gcc-5`, env: { CC: "gcc-5", CCC: "g++-5" }, symbol: "gcc-5" })); queue.scheduleTask(merge(extra_base, { name: `${name} w/ gcc-6`, env: { CC: "gcc-6", CCC: "g++-6" }, symbol: "gcc-6" })); queue.scheduleTask(merge(extra_base, { name: `${name} w/ modular builds`, image: LINUX_IMAGE, env: {NSS_BUILD_MODULAR: "1"}, command: [ "/bin/bash", "-c", "bin/checkout.sh && nss/automation/taskcluster/scripts/build.sh", ], symbol: "modular" })); if (base.collection != "make") { let task_build_dbm = queue.scheduleTask(merge(extra_base, { name: `${name} w/ legacy-db`, command: [ "/bin/bash", "-c", checkout_and_gyp + "--enable-legacy-db" ], symbol: "B", group: "DBM", })); let task_cert_dbm = queue.scheduleTask(merge(cert_base, { parent: task_build_dbm, group: "DBM", symbol: "Certs" })); } return queue.submit(); } /*****************************************************************************/ function scheduleFuzzingRun(base, name, target, max_len, symbol = null, corpus = null) { const MAX_FUZZ_TIME = 300; queue.scheduleTask(merge(base, { name, command: [ "/bin/bash", "-c", "bin/checkout.sh && nss/automation/taskcluster/scripts/fuzz.sh " + `${target} nss/fuzz/corpus/${corpus || target} ` + `-max_total_time=${MAX_FUZZ_TIME} ` + `-max_len=${max_len}` ], symbol: symbol || name })); } async function scheduleFuzzing() { let base = { env: { ASAN_OPTIONS: "allocator_may_return_null=1:detect_stack_use_after_return=1", UBSAN_OPTIONS: "print_stacktrace=1", NSS_DISABLE_ARENA_FREE_LIST: "1", NSS_DISABLE_UNLOAD: "1", CC: "clang", CCC: "clang++" }, features: ["allowPtrace"], platform: "linux64", collection: "fuzz", image: FUZZ_IMAGE }; // Build base definition. let build_base = merge(base, { command: [ "/bin/bash", "-c", "bin/checkout.sh && " + "nss/automation/taskcluster/scripts/build_gyp.sh --fuzz" ], artifacts: { public: { expires: 24 * 7, type: "directory", path: "/home/worker/artifacts" } }, kind: "build", symbol: "B" }); // The task that builds NSPR+NSS. let task_build = queue.scheduleTask(merge(build_base, { name: "Linux x64 (debug, fuzz)" })); // The task that builds NSPR+NSS (TLS fuzzing mode). let task_build_tls = queue.scheduleTask(merge(build_base, { name: "Linux x64 (debug, TLS fuzz)", symbol: "B", group: "TLS", command: [ "/bin/bash", "-c", "bin/checkout.sh && " + "nss/automation/taskcluster/scripts/build_gyp.sh --fuzz=tls" ], })); // Schedule tests. queue.scheduleTask(merge(base, { parent: task_build_tls, name: "Gtests", command: [ "/bin/bash", "-c", "bin/checkout.sh && nss/automation/taskcluster/scripts/run_tests.sh" ], env: {GTESTFILTER: "*Fuzz*"}, tests: "ssl_gtests gtests", cycle: "standard", symbol: "Gtest", kind: "test" })); // Schedule fuzzing runs. let run_base = merge(base, {parent: task_build, kind: "test"}); scheduleFuzzingRun(run_base, "CertDN", "certDN", 4096); scheduleFuzzingRun(run_base, "QuickDER", "quickder", 10000); // Schedule MPI fuzzing runs. let mpi_base = merge(run_base, {group: "MPI"}); let mpi_names = ["add", "addmod", "div", "mod", "mulmod", "sqr", "sqrmod", "sub", "submod"]; for (let name of mpi_names) { scheduleFuzzingRun(mpi_base, `MPI (${name})`, `mpi-${name}`, 4096, name); } scheduleFuzzingRun(mpi_base, `MPI (invmod)`, `mpi-invmod`, 256, "invmod"); scheduleFuzzingRun(mpi_base, `MPI (expmod)`, `mpi-expmod`, 2048, "expmod"); // Schedule TLS fuzzing runs (non-fuzzing mode). let tls_base = merge(run_base, {group: "TLS"}); scheduleFuzzingRun(tls_base, "TLS Client", "tls-client", 20000, "client-nfm", "tls-client-no_fuzzer_mode"); scheduleFuzzingRun(tls_base, "TLS Server", "tls-server", 20000, "server-nfm", "tls-server-no_fuzzer_mode"); scheduleFuzzingRun(tls_base, "DTLS Client", "dtls-client", 20000, "dtls-client-nfm", "dtls-client-no_fuzzer_mode"); scheduleFuzzingRun(tls_base, "DTLS Server", "dtls-server", 20000, "dtls-server-nfm", "dtls-server-no_fuzzer_mode"); // Schedule TLS fuzzing runs (fuzzing mode). let tls_fm_base = merge(tls_base, {parent: task_build_tls}); scheduleFuzzingRun(tls_fm_base, "TLS Client", "tls-client", 20000, "client"); scheduleFuzzingRun(tls_fm_base, "TLS Server", "tls-server", 20000, "server"); scheduleFuzzingRun(tls_fm_base, "DTLS Client", "dtls-client", 20000, "dtls-client"); scheduleFuzzingRun(tls_fm_base, "DTLS Server", "dtls-server", 20000, "dtls-server"); return queue.submit(); } async function scheduleFuzzing32() { let base = { env: { ASAN_OPTIONS: "allocator_may_return_null=1:detect_stack_use_after_return=1", UBSAN_OPTIONS: "print_stacktrace=1", NSS_DISABLE_ARENA_FREE_LIST: "1", NSS_DISABLE_UNLOAD: "1", CC: "clang", CCC: "clang++" }, features: ["allowPtrace"], platform: "linux32", collection: "fuzz", image: FUZZ_IMAGE_32 }; // Build base definition. let build_base = merge(base, { command: [ "/bin/bash", "-c", "bin/checkout.sh && " + "nss/automation/taskcluster/scripts/build_gyp.sh --fuzz -t ia32" ], artifacts: { public: { expires: 24 * 7, type: "directory", path: "/home/worker/artifacts" } }, kind: "build", symbol: "B" }); // The task that builds NSPR+NSS. let task_build = queue.scheduleTask(merge(build_base, { name: "Linux 32 (debug, fuzz)" })); // The task that builds NSPR+NSS (TLS fuzzing mode). let task_build_tls = queue.scheduleTask(merge(build_base, { name: "Linux 32 (debug, TLS fuzz)", symbol: "B", group: "TLS", command: [ "/bin/bash", "-c", "bin/checkout.sh && " + "nss/automation/taskcluster/scripts/build_gyp.sh --fuzz=tls -t ia32" ], })); // Schedule tests. queue.scheduleTask(merge(base, { parent: task_build_tls, name: "Gtests", command: [ "/bin/bash", "-c", "bin/checkout.sh && nss/automation/taskcluster/scripts/run_tests.sh" ], env: {GTESTFILTER: "*Fuzz*"}, tests: "ssl_gtests gtests", cycle: "standard", symbol: "Gtest", kind: "test" })); // Schedule fuzzing runs. let run_base = merge(base, {parent: task_build, kind: "test"}); scheduleFuzzingRun(run_base, "CertDN", "certDN", 4096); scheduleFuzzingRun(run_base, "QuickDER", "quickder", 10000); // Schedule MPI fuzzing runs. let mpi_base = merge(run_base, {group: "MPI"}); let mpi_names = ["add", "addmod", "div", "expmod", "mod", "mulmod", "sqr", "sqrmod", "sub", "submod"]; for (let name of mpi_names) { scheduleFuzzingRun(mpi_base, `MPI (${name})`, `mpi-${name}`, 4096, name); } scheduleFuzzingRun(mpi_base, `MPI (invmod)`, `mpi-invmod`, 256, "invmod"); // Schedule TLS fuzzing runs (non-fuzzing mode). let tls_base = merge(run_base, {group: "TLS"}); scheduleFuzzingRun(tls_base, "TLS Client", "tls-client", 20000, "client-nfm", "tls-client-no_fuzzer_mode"); scheduleFuzzingRun(tls_base, "TLS Server", "tls-server", 20000, "server-nfm", "tls-server-no_fuzzer_mode"); scheduleFuzzingRun(tls_base, "DTLS Client", "dtls-client", 20000, "dtls-client-nfm", "dtls-client-no_fuzzer_mode"); scheduleFuzzingRun(tls_base, "DTLS Server", "dtls-server", 20000, "dtls-server-nfm", "dtls-server-no_fuzzer_mode"); // Schedule TLS fuzzing runs (fuzzing mode). let tls_fm_base = merge(tls_base, {parent: task_build_tls}); scheduleFuzzingRun(tls_fm_base, "TLS Client", "tls-client", 20000, "client"); scheduleFuzzingRun(tls_fm_base, "TLS Server", "tls-server", 20000, "server"); scheduleFuzzingRun(tls_fm_base, "DTLS Client", "dtls-client", 20000, "dtls-client"); scheduleFuzzingRun(tls_fm_base, "DTLS Server", "dtls-server", 20000, "dtls-server"); return queue.submit(); } /*****************************************************************************/ async function scheduleWindows(name, base, build_script) { base = merge(base, { workerType: "win2012r2", env: { PATH: "c:\\mozilla-build\\bin;c:\\mozilla-build\\python;" + "c:\\mozilla-build\\msys\\local\\bin;c:\\mozilla-build\\7zip;" + "c:\\mozilla-build\\info-zip;c:\\mozilla-build\\python\\Scripts;" + "c:\\mozilla-build\\yasm;c:\\mozilla-build\\msys\\bin;" + "c:\\Windows\\system32;c:\\mozilla-build\\upx391w;" + "c:\\mozilla-build\\moztools-x64\\bin;c:\\mozilla-build\\wget", DOMSUF: "localdomain", HOST: "localhost", }, features: ["taskclusterProxy"], scopes: ["project:releng:services/tooltool/api/download/internal"], }); let artifacts_and_kind = { artifacts: [{ expires: 24 * 7, type: "directory", path: "public\\build" }], kind: "build", }; let build_without_command_symbol = merge(base, artifacts_and_kind); // Build base definition. let build_base = merge(build_without_command_symbol, { command: [ WINDOWS_CHECKOUT_CMD, `bash -c 'nss/automation/taskcluster/windows/${build_script}'` ], symbol: "B" }); if (!("collection" in base) || (base.collection != "make" && base.collection != "asan" && base.collection != "fips" && base.collection != "fuzz")) { let nspr_gyp = `bash -c 'nss/automation/taskcluster/windows/${build_script} --nspr-only --nspr-test-build --nspr-test-run'`; let nspr_build = merge(build_without_command_symbol, { command: [ WINDOWS_CHECKOUT_CMD, nspr_gyp ], symbol: "NSPR" }); // The task that tests NSPR. let task_build = queue.scheduleTask(merge(nspr_build, {name})); } // Make builds run FIPS tests, which need an extra FIPS build. if (base.collection == "make") { let extra_build = queue.scheduleTask(merge(build_base, { env: { NSS_FORCE_FIPS: "1" }, group: "FIPS", name: `${name} w/ NSS_FORCE_FIPS` })); // The task that generates certificates. let task_cert = queue.scheduleTask(merge(build_base, { name: "Certificates", command: [ WINDOWS_CHECKOUT_CMD, "bash -c nss/automation/taskcluster/windows/gen_certs.sh" ], parent: extra_build, symbol: "Certs-F", group: "FIPS", })); // Schedule FIPS tests. queue.scheduleTask(merge(base, { parent: task_cert, name: "FIPS", command: [ WINDOWS_CHECKOUT_CMD, "bash -c nss/automation/taskcluster/windows/run_tests.sh" ], cycle: "standard", kind: "test", name: "FIPS tests", symbol: "Tests-F", tests: "fips", group: "FIPS" })); } // The task that builds NSPR+NSS. let task_build = queue.scheduleTask(merge(build_base, {name})); // The task that generates certificates. let task_cert = queue.scheduleTask(merge(build_base, { name: "Certificates", command: [ WINDOWS_CHECKOUT_CMD, "bash -c nss/automation/taskcluster/windows/gen_certs.sh" ], parent: task_build, symbol: "Certs" })); // Schedule tests. scheduleTests(task_build, task_cert, merge(base, { command: [ WINDOWS_CHECKOUT_CMD, "bash -c nss/automation/taskcluster/windows/run_tests.sh" ] })); return queue.submit(); } /*****************************************************************************/ function scheduleTests(task_build, task_cert, test_base) { test_base = merge(test_base, {kind: "test"}); let no_cert_base = merge(test_base, {parent: task_build}); let cert_base = merge(test_base, {parent: task_cert}); let cert_base_long = merge(cert_base, {maxRunTime: 7200}); // Schedule tests that do NOT need certificates. This is defined as // the test itself not needing certs AND not running under the upgradedb // cycle (which itself needs certs). If cycle is not defined, default is all. queue.scheduleTask(merge(no_cert_base, { name: "Gtests", symbol: "Gtest", tests: "ssl_gtests gtests", cycle: "standard" })); queue.scheduleTask(merge(no_cert_base, { name: "Bogo tests", symbol: "Bogo", tests: "bogo", cycle: "standard", image: LINUX_INTEROP_IMAGE, })); queue.scheduleTask(merge(no_cert_base, { name: "Interop tests", symbol: "Interop", tests: "interop", cycle: "standard", image: LINUX_INTEROP_IMAGE, })); queue.scheduleTask(merge(no_cert_base, { name: "tlsfuzzer tests", symbol: "tlsfuzzer", tests: "tlsfuzzer", cycle: "standard" })); queue.scheduleTask(merge(no_cert_base, { name: "MPI tests", symbol: "MPI", tests: "mpi", cycle: "standard" })); queue.scheduleTask(merge(cert_base, { name: "Chains tests", symbol: "Chains", tests: "chains" })); queue.scheduleTask(merge(cert_base_long, { name: "Cipher tests", symbol: "Default", tests: "cipher", group: "Cipher" })); queue.scheduleTask(merge(cert_base_long, { name: "Cipher tests", symbol: "NoAES", tests: "cipher", env: {NSS_DISABLE_HW_AES: "1"}, group: "Cipher" })); queue.scheduleTask(merge(cert_base_long, { name: "Cipher tests", symbol: "NoSHA", tests: "cipher", env: { NSS_DISABLE_HW_SHA1: "1", NSS_DISABLE_HW_SHA2: "1" }, group: "Cipher" })); queue.scheduleTask(merge(cert_base_long, { name: "Cipher tests", symbol: "NoPCLMUL", tests: "cipher", env: {NSS_DISABLE_PCLMUL: "1"}, group: "Cipher" })); queue.scheduleTask(merge(cert_base_long, { name: "Cipher tests", symbol: "NoAVX", tests: "cipher", env: {NSS_DISABLE_AVX: "1"}, group: "Cipher" })); queue.scheduleTask(merge(cert_base_long, { name: "Cipher tests", symbol: "NoAVX2", tests: "cipher", env: {NSS_DISABLE_AVX2: "1"}, group: "Cipher" })); queue.scheduleTask(merge(cert_base_long, { name: "Cipher tests", symbol: "NoSSSE3|NEON", tests: "cipher", env: { NSS_DISABLE_ARM_NEON: "1", NSS_DISABLE_SSSE3: "1" }, group: "Cipher" })); queue.scheduleTask(merge(cert_base_long, { name: "Cipher tests", symbol: "NoSSE4.1", tests: "cipher", env: {NSS_DISABLE_SSE4_1: "1"}, group: "Cipher" })); queue.scheduleTask(merge(cert_base, { name: "EC tests", symbol: "EC", tests: "ec" })); queue.scheduleTask(merge(cert_base, { name: "Lowhash tests", symbol: "Lowhash", tests: "lowhash" })); queue.scheduleTask(merge(cert_base, { name: "SDR tests", symbol: "SDR", tests: "sdr" })); queue.scheduleTask(merge(cert_base, { name: "Policy tests", symbol: "Policy", tests: "policy" })); // Schedule tests that need certificates. queue.scheduleTask(merge(cert_base, { name: "CRMF tests", symbol: "CRMF", tests: "crmf" })); queue.scheduleTask(merge(cert_base, { name: "DB tests", symbol: "DB", tests: "dbtests" })); queue.scheduleTask(merge(cert_base, { name: "Merge tests", symbol: "Merge", tests: "merge" })); queue.scheduleTask(merge(cert_base, { name: "S/MIME tests", symbol: "SMIME", tests: "smime" })); queue.scheduleTask(merge(cert_base, { name: "Tools tests", symbol: "Tools", tests: "tools" })); // SSL tests, need certificates too. let ssl_base = merge(cert_base, {tests: "ssl", group: "SSL"}); queue.scheduleTask(merge(ssl_base, { name: "SSL tests (standard)", symbol: "standard", cycle: "standard" })); queue.scheduleTask(merge(ssl_base, { name: "SSL tests (pkix)", symbol: "pkix", cycle: "pkix" })); queue.scheduleTask(merge(ssl_base, { name: "SSL tests (stress)", symbol: "stress", cycle: "sharedb", env: {NSS_SSL_RUN: "stress"} })); } /*****************************************************************************/ async function scheduleTools() { let base = { platform: "nss-tools", kind: "test" }; // ABI check task queue.scheduleTask(merge(base, { symbol: "abi", name: "abi", image: LINUX_BUILDS_IMAGE, command: [ "/bin/bash", "-c", "bin/checkout.sh && nss/automation/taskcluster/scripts/check_abi.sh" ], })); queue.scheduleTask(merge(base, { symbol: "clang-format", name: "clang-format", image: CLANG_FORMAT_IMAGE, command: [ "/bin/bash", "-c", "bin/checkout.sh && nss/automation/clang-format/run_clang_format.sh" ] })); queue.scheduleTask(merge(base, { symbol: "scan-build", name: "scan-build", image: FUZZ_IMAGE, env: { USE_64: "1", CC: "clang", CCC: "clang++", }, artifacts: { public: { expires: 24 * 7, type: "directory", path: "/home/worker/artifacts" } }, command: [ "/bin/bash", "-c", "bin/checkout.sh && nss/automation/taskcluster/scripts/run_scan_build.sh" ] })); queue.scheduleTask(merge(base, { symbol: "coverity", name: "coverity", image: FUZZ_IMAGE, tags: ['code-review'], env: { USE_64: "1", CC: "clang", CCC: "clang++", NSS_AUTOMATION: "1" }, features: ["taskclusterProxy"], scopes: ["secrets:get:project/relman/coverity-nss"], artifacts: { "public/code-review/coverity.json": { expires: 24 * 7, type: "file", path: "/home/worker/nss/coverity/coverity.json" } }, command: [ "/bin/bash", "-c", "bin/checkout.sh && nss/automation/taskcluster/scripts/run_coverity.sh" ] })); queue.scheduleTask(merge(base, { symbol: "hacl", name: "hacl", image: LINUX_BUILDS_IMAGE, command: [ "/bin/bash", "-c", "bin/checkout.sh && nss/automation/taskcluster/scripts/run_hacl.sh" ] })); let task_saw = queue.scheduleTask(merge(base, { symbol: "B", group: "SAW", name: "LLVM bitcode build (32 bit)", image: SAW_IMAGE, kind: "build", env: { AR: "llvm-ar-3.8", CC: "clang-3.8", CCC: "clang++-3.8" }, artifacts: { public: { expires: 24 * 7, type: "directory", path: "/home/worker/artifacts" } }, command: [ "/bin/bash", "-c", "bin/checkout.sh && nss/automation/taskcluster/scripts/build_gyp.sh --disable-tests --emit-llvm -t ia32" ] })); queue.scheduleTask(merge(base, { parent: task_saw, symbol: "bmul", group: "SAW", name: "bmul.saw", image: SAW_IMAGE, command: [ "/bin/bash", "-c", "bin/checkout.sh && nss/automation/taskcluster/scripts/run_saw.sh bmul" ] })); // TODO: The ChaCha20 saw verification is currently disabled because the new // HACL 32-bit code can't be verified by saw right now to the best of // my knowledge. // Bug 1604130 // queue.scheduleTask(merge(base, { // parent: task_saw, // symbol: "ChaCha20", // group: "SAW", // name: "chacha20.saw", // image: SAW_IMAGE, // command: [ // "/bin/bash", // "-c", // "bin/checkout.sh && nss/automation/taskcluster/scripts/run_saw.sh chacha20" // ] // })); queue.scheduleTask(merge(base, { parent: task_saw, symbol: "Poly1305", group: "SAW", name: "poly1305.saw", image: SAW_IMAGE, command: [ "/bin/bash", "-c", "bin/checkout.sh && nss/automation/taskcluster/scripts/run_saw.sh poly1305" ] })); queue.scheduleTask(merge(base, { symbol: "Coverage", name: "Coverage", image: FUZZ_IMAGE, type: "other", features: ["allowPtrace"], artifacts: { public: { expires: 24 * 7, type: "directory", path: "/home/worker/artifacts" } }, command: [ "/bin/bash", "-c", "bin/checkout.sh && nss/automation/taskcluster/scripts/gen_coverage_report.sh" ] })); return queue.submit(); } async function scheduleCodeReview() { let tasks = queue.taggedTasks("code-review"); if(! tasks) { console.debug("No code review tasks, skipping ending task"); return } // From https://hg.mozilla.org/mozilla-central/file/tip/taskcluster/ci/code-review/kind.yml queue.scheduleTask({ platform: "nss-tools", name: "code-review-issues", description: "List all issues found in static analysis and linting tasks", // No logic on that task image: LINUX_IMAGE, command: ["/bin/true"], // This task must run after all analyzer tasks are completed parents: tasks, // This option permits to run the task // regardless of the analyzers tasks exit status // as we are interested in the task failures requires: "all-resolved", // Publish code review trigger on pulse routes: ["project.relman.codereview.v1.try_ending"], kind: "code-review", symbol: "E" }); return queue.submit(); };