.disabled_not_a_job_include: - template: Security/SAST.gitlab-ci.yml variables: CI_HAWK_ARTIFACT_NAME: "BizHawk_devbuild_${CI_COMMIT_SHORT_SHA}" CI_HAWK_ARTIFACT_NAME_TAR: "$CI_HAWK_ARTIFACT_NAME.tar" CI_HAWK_TMPARTIFACT_NAME: "BizHawk_tempbuild_${CI_COMMIT_REF_SLUG}_${CI_COMMIT_SHORT_SHA}" stages: - build - test - package .with_cachix_mono: before_script: - nix-env -iA nixpkgs.cachix - cachix use $CACHIX_CACHE_NAME image: nixos/nix:latest variables: CACHIX_CACHE_NAME: mono-for-bizhawk build_asms_debug: artifacts: expire_in: "30 minutes" name: "$CI_HAWK_TMPARTIFACT_NAME" paths: - output image: mcr.microsoft.com/dotnet/sdk:6.0 script: - Dist/BuildDebug.sh stage: build build_asms_release: artifacts: expire_in: "30 minutes" name: "$CI_HAWK_TMPARTIFACT_NAME" paths: - output image: mcr.microsoft.com/dotnet/sdk:6.0 script: - if [ "$CI_COMMIT_REF_SLUG" == "release" ]; then Dist/UpdateVersionInfoForRelease.sh; fi - Dist/BuildRelease.sh stage: build build_ext_tools: allow_failure: true image: mcr.microsoft.com/dotnet/sdk:6.0 needs: - build_asms_release rules: - if: '$CI_PIPELINE_SOURCE == "schedule"' when: always script: - for d in $CI_PROJECT_DIR/ExternalToolProjects/*; do if [ -d "$d" ]; then cd "$d" && ./build_release.sh; fi; done stage: test build_nix_master: allow_failure: true extends: .with_cachix_mono needs: [] rules: - if: '$CI_PIPELINE_SOURCE == "schedule"' when: always script: - nix-build --pure -A emuhawk --arg doCheck true stage: test build_nix_prev_release: allow_failure: true extends: .with_cachix_mono needs: [] rules: - if: '$CI_PIPELINE_SOURCE == "schedule"' when: always script: - nix-build --pure -A emuhawk-2_8 --arg doCheck true stage: test check_style: image: mcr.microsoft.com/dotnet/sdk:6.0 needs: - job: build_asms_release artifacts: false rules: - if: '$CI_PIPELINE_SOURCE == "schedule"' when: always allow_failure: true - if: $BIZHAWKBUILD_USE_ANALYZERS != null when: always allow_failure: false script: - cd src/BizHawk.Version - dotnet build -c Release # configuration doesn't really matter as the assembly is empty - ../../Dist/BuildRelease.sh -p:MachineRunAnalyzersDuringBuild=true stage: test .disabled_job_infersharp: artifacts: paths: - infer-out/* image: mcr.microsoft.com/infersharp:v1.0 needs: - job: build_asms_release rules: - if: '$CI_PIPELINE_SOURCE == "schedule"' when: always script: - mkdir "infer-in" - find output -name "BizHawk.*.dll" -exec cp "{}" "infer-in" \; - cp "output/EmuHawk.exe" "infer-in" - /app/run_infersharp.sh "infer-in" stage: test .package_linux_x64: artifacts: expire_in: "1 month" name: "$CI_HAWK_ARTIFACT_NAME" paths: - "$CI_HAWK_ARTIFACT_NAME_TAR" image: nixos/nix:latest needs: - build_asms_release - job: build_asms_debug artifacts: false script: - nix-shell -p stdenvNoCC --run 'Dist/Package.sh "linux-x64"' - cd packaged_output - tar -cf "../$CI_HAWK_ARTIFACT_NAME_TAR" * stage: package .package_windows_x64: artifacts: expire_in: "1 month" name: "$CI_HAWK_ARTIFACT_NAME" paths: - ./* image: nixos/nix:latest needs: - build_asms_release - job: build_asms_debug artifacts: false script: - nix-shell -p stdenvNoCC --run 'Dist/Package.sh "windows-x64"' # now we replace $CI_PROJECT_DIR with $CI_PROJECT_DIR/packaged_output, so that the archival step will put everything at the top level - mv packaged_output .. - cd .. - rm -fr $CI_PROJECT_DIR - mv packaged_output $CI_PROJECT_DIR stage: package package_devbuild_linux: extends: .package_linux_x64 rules: - if: $CI_COMMIT_REF_SLUG == "master" when: always package_devbuild_windows: extends: .package_windows_x64 rules: - if: $CI_COMMIT_REF_SLUG == "master" when: always package_release_linux: extends: .package_linux_x64 rules: - if: $CI_COMMIT_REF_SLUG == "release" when: always variables: CI_HAWK_ARTIFACT_NAME: "BizHawk-VERSIONHERE-linux-x64.tar" # .zip is added automatically CI_HAWK_ARTIFACT_NAME_TAR: "BizHawk-linux-x64-$CI_COMMIT_SHORT_SHA.tar" package_release_windows: extends: .package_windows_x64 rules: - if: $CI_COMMIT_REF_SLUG == "release" when: always variables: CI_HAWK_ARTIFACT_NAME: "BizHawk-VERSIONHERE-win-x64" run_tests: artifacts: paths: - test_output/*.coverage.xml reports: junit: - test_output/*.coverage.xml image: mcr.microsoft.com/dotnet/sdk:6.0 needs: - job: build_asms_release artifacts: false script: - Dist/BuildDebug.sh # populate output - Dist/BuildTestRelease.sh stage: test .disabled_job_sast: variables: SAST_EXCLUDED_ANALYZERS: bandit, brakeman, eslint, flawfinder, gosec, kubesec, nodejs-scan, phpcs-security-audit, pmd-apex, sobelow, spotbugs stage: test .disabled_not_a_job_cache: key: "$CI_COMMIT_REF_SLUG" paths: - $HOME/.nuget/packages # probably won't work; set NUGET_PACKAGES to `BizHawk_master/.nuget_packages` and cache that