forked from sunnypilot/sunnypilot
-
Notifications
You must be signed in to change notification settings - Fork 1
/
.gitlab-ci.yml
258 lines (243 loc) · 8.64 KB
/
.gitlab-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
variables:
BUILD_DIR: "/data/openpilot"
OUTPUT_DIR: "${CI_PROJECT_DIR}/output"
CI_DIR: "${CI_PROJECT_DIR}/release/ci"
VERSION: 'echo $(date "+%Y.%m.%d")'
GIT_SUBMODULE_STRATEGY: recursive
GIT_DISCOVERY_ACROSS_FILESYSTEM: 1
DEV_C3_SOURCE_BRANCH: "master-dev-c3"
GIT_CONFIG_USER_EMAIL: "[email protected]"
GIT_CONFIG_USER_NAME: "Gitlab Pipeline"
PUBLIC_REPO_URL: "https://github.com/sunnyhaibin/sunnypilot"
stages:
- build
- sanity
- publish
- notify
default:
retry: 2
tags:
- sunnypilot
- x86
.default_before_script: &default_before_script
- 'export VERSION=$(eval $VERSION)${EXTRA_VERSION_IDENTIFIER}'
- 'mkdir -p "${BUILD_DIR}/"'
- 'git config --global user.email "${GIT_CONFIG_USER_EMAIL}"'
- 'git config --global user.name "${GIT_CONFIG_USER_NAME}"'
workflow: # If running on any branch other than main.
rules:
# We are an MR, but it's a draft, we won't proceed with anything.
- if: '$CI_MERGE_REQUEST_TITLE =~ /^wip:/i || $CI_MERGE_REQUEST_TITLE =~ /^draft:/i'
when: never
# We are a merge request
- if: $CI_MERGE_REQUEST_IID
variables:
EXTRA_VERSION_IDENTIFIER: "-${CI_PIPELINE_IID}"
NEW_BRANCH: ${CI_COMMIT_REF_NAME}-prebuilt
when: always
# Below are the rules when a commit is done (code has been added to the branch)
# Commit to master-dev-c3
- if: $CI_COMMIT_REF_NAME == $DEV_C3_SOURCE_BRANCH
variables:
EXTRA_VERSION_IDENTIFIER: "-${CI_PIPELINE_IID}"
NEW_BRANCH: "dev-c3"
when: always
#commit made to main (master)
- if: $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH
variables:
NEW_BRANCH: "staging-c3"
VERSION: 'cat common/version.h | grep COMMA_VERSION | sed -e "s/[^0-9|.]//g"'
EXTRA_VERSION_IDENTIFIER: "-staging"
when: always
# if tag
- if: $CI_COMMIT_TAG
variables:
NEW_BRANCH: "release-c3"
VERSION: 'cat common/version.h | grep COMMA_VERSION | sed -e "s/[^0-9|.]//g"'
EXTRA_VERSION_IDENTIFIER: "-release"
- when: always
build:
stage: build
cache:
key: "${CI_COMMIT_REF_SLUG}"
paths:
- "${CI_DIR}/scons_cache"
before_script:
- find $BUILD_DIR/ -mindepth 1 -delete
- *default_before_script
- "echo Starting build stage..."
- "echo BUILD_DIR: ${BUILD_DIR}"
- "echo CI_DIR: ${CI_DIR}"
- "echo VERSION: ${VERSION}"
- "echo CI_COMMIT_REF_NAME: ${CI_COMMIT_REF_NAME}"
- git config --global --add safe.directory ${CI_PROJECT_DIR}
script:
- export PYTHONPATH="$BUILD_DIR"
- "echo Building Panda..."
- scons -j$(nproc) cache_dir=${CI_DIR}/scons_cache ${CI_PROJECT_DIR}/panda
- mkdir -p ${BUILD_DIR}
- ls -la ${BUILD_DIR}
- "echo Building Rest..."
- ./release/release_files.py | sort | uniq | rsync -vrRl --files-from=- . $BUILD_DIR/
# - cp -pR --parents $(cat release/files_common release/files_tici | sort | uniq) $BUILD_DIR/ 2> >(grep -v 'warning:' >&2)
- cd $BUILD_DIR
- sed -i '/from .board.jungle import PandaJungle, PandaJungleDFU/s/^/#/' panda/__init__.py # comment panda jungle when prebuilt
- scons -j$(nproc) cache_dir=${CI_DIR}/scons_cache --minimal
- touch ${BUILD_DIR}/prebuilt
- sudo rm -rf ${OUTPUT_DIR}
- mkdir -p ${OUTPUT_DIR}
# We first include the paths we want to keep, even if we later will be excluding the other things on those paths
- rsync -avm
--include='**/panda/board/'
--include='**/panda/board/obj'
--include='**/panda/board/obj/panda.bin.signed'
--include='**/panda/board/obj/panda_h7.bin.signed'
--include='**/panda/board/obj/bootstub.panda.bin'
--include='**/panda/board/obj/bootstub.panda_h7.bin'
--exclude='.sconsign.dblite'
--exclude='*.a'
--exclude='*.A'
--exclude='*.o'
--exclude='*.O'
--exclude='*.os'
--exclude='*.OS'
--exclude='*.pyc'
--exclude='*.PYC'
--exclude='moc_*'
--exclude='MOC_*'
--exclude='*.cc'
--exclude='*.CC'
--exclude='Jenkinsfile'
--exclude='supercombo.onnx'
--exclude='**/panda/board/*'
--exclude='**/panda/board/obj/**'
--exclude='**/panda/certs/'
--exclude='**/panda/crypto/'
--exclude='**/release/'
--exclude='**/.github/'
--exclude='**/selfdrive/ui/replay/'
--exclude='**/__pycache__/'
--exclude='**/selfdrive/ui/*.h'
--exclude='**/selfdrive/ui/**/*.h'
--exclude='**/selfdrive/ui/qt/offroad/sunnypilot/'
--exclude='**/.git/'
--exclude='**/SConstruct'
--exclude='**/SConscript'
--delete-excluded
--chown=comma:comma
${BUILD_DIR}/ ${OUTPUT_DIR}/
after_script:
# cleanup build dir after doing work
- find $BUILD_DIR/ -mindepth 1 -delete
artifacts:
paths:
- ${OUTPUT_DIR}/
tags: [ 'sunnypilot', 'tici' ]
rules:
- if: $CI_MERGE_REQUEST_IID
when: manual
- if: $NEW_BRANCH
when: always
check no source code sent:
image: alpine
stage: sanity
variables:
FORBIDDEN_FILE_EXTENSIONS: "*.a,*.o,*.os,*.pyc,moc_*,*.cc,Jenkinsfile,supercombo.onnx,.sconsign.dblite"
FORBIDDEN_DIR_PATTERNS: "*panda/certs,*panda/crypto,*release,*.github,*selfdrive/ui/replay,*__pycache__"
REQUIRED_FILE_EXTENSIONS: "*.py,*.json"
REQUIRED_DIR_PATTERNS: "*selfdrive/ui,*openpilot"
before_script:
- apk update && apk upgrade
- apk add bash findutils
script:
- cd ${OUTPUT_DIR}
- echo "Checking that we have properly cleaned up"
- ${CI_DIR}/sanity_check.sh "$FORBIDDEN_FILE_EXTENSIONS" "$FORBIDDEN_DIR_PATTERNS" true
- echo "Checking that our sanity check works and also checking that some required files are indeed found"
- ${CI_DIR}/sanity_check.sh "$REQUIRED_FILE_EXTENSIONS" "$REQUIRED_DIR_PATTERNS" false
rules:
- if: $NEW_BRANCH
when: on_success
- when: never
.publish_base: &publish_base
image: alpine
variables:
GIT_SUBMODULE_STRATEGY: normal
stage: publish
needs:
- job: build
artifacts: true
- job: "check no source code sent"
artifacts: false
optional: false
before_script:
- 'apk update && apk upgrade'
- 'apk add git bash openssh'
- 'eval $(ssh-agent -s)'
- echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add -
- 'mkdir -p ~/.ssh/'
- 'chmod 700 ~/.ssh'
- export HOST=$(echo ${GIT_ORIGIN} | cut -d'@' -f2 | cut -d':' -f1)
- echo fetching ssh pub keys for ${HOST}
- 'ssh-keyscan -H ${HOST} >> ~/.ssh/known_hosts' # Adding gitlab to trusted
- 'chmod 644 ~/.ssh/known_hosts'
- *default_before_script
script:
- echo "${GIT_ORIGIN}"
- echo "Calling to publish [${CI_DIR}/publish.sh ${CI_PROJECT_DIR} ${OUTPUT_DIR} ${NEW_BRANCH} ${VERSION} ${GIT_ORIGIN}]"
- git config --global --add safe.directory ${OUTPUT_DIR}
- $CI_DIR/publish.sh "${CI_PROJECT_DIR}" "${OUTPUT_DIR}" "${NEW_BRANCH}" "${VERSION}" "${GIT_ORIGIN}" "${EXTRA_VERSION_IDENTIFIER}"
allow_failure: false
publish to private gitlab prebuilt:
extends: ".publish_base"
variables:
GIT_ORIGIN: [email protected]:sunnypilot/public/sunnypilot.git
rules:
- if: $NEW_BRANCH
when: on_success
- when: never
publish to public github prebuilt:
extends: ".publish_base"
variables:
GIT_ORIGIN: [email protected]:sunnyhaibin/sunnypilot.git
GIT_CONFIG_USER_EMAIL: "[email protected]"
GIT_CONFIG_USER_NAME: "Jason Wen"
rules:
- if: $NEW_BRANCH
when: manual
- when: never
.notify_discord: ¬ify_discord
image: alpine
stage: notify
needs: ["build"]
variables:
DISCORD_HOOK: "${DISCORD_MANUAL_BUILD_WEBHOOK_URL}" # Default hook if not overriden by children
before_script:
- 'apk add curl jq envsubst'
script:
- echo using [${TEMPLATE}]
- cat release/ci/${TEMPLATE} | envsubst | tee payload.json
- 'curl -X POST -H "Content-Type: application/json" -d "$(cat payload.json)" ${DISCORD_HOOK} | jq .'
rules:
- if: $NEW_BRANCH
when: on_success
- when: never
allow_failure: true
notify pending action:
extends: ".notify_discord"
variables:
TEMPLATE: "discord_template_notify_dev_private.json"
before_script:
- !reference [".notify_discord", "before_script"]
- export AVATAR_URL=$(curl -s -X GET "https://gitlab.com/api/v4/avatar?email=${GITLAB_USER_EMAIL}" | jq -r '.avatar_url')
notify new dev build:
extends: ".notify_discord"
stage: notify
needs: ["publish to public github prebuilt"] # This notify shall only happen after a publish to github public
variables:
TEMPLATE: "discord_template_notify_dev_public.json"
rules:
- if: $NEW_BRANCH == "dev-c3"
variables:
DISCORD_HOOK: "${DISCORD_NEW_BUILD_WEBHOOK_URL}" # Overriding hook because we know we are dev-c3
- !reference [".notify_discord", "rules"]