diff options
Diffstat (limited to '.travis.yml')
-rw-r--r-- | .travis.yml | 261 |
1 files changed, 167 insertions, 94 deletions
diff --git a/.travis.yml b/.travis.yml index 16cb6f23f..6c5147603 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,146 +1,221 @@ language: python +dist: xenial cache: directories: - $HOME/.cache/pip before_script: - - 'if [ $TRAVIS_OS_NAME = osx ] ; then ulimit -n 1024 ; fi' + - 'if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then ulimit -n 1024 ; fi' + # On Travis, the fastest parallelization for integration tests has proved to be 4. + - 'if [[ "$TOXENV" == *"integration"* ]]; then export PYTEST_ADDOPTS="--numprocesses 4"; fi' + # Use Travis retry feature for farm tests since they are flaky + - 'if [[ "$TOXENV" == "travis-test-farm"* ]]; then export TRAVIS_RETRY=travis_retry; fi' - export TOX_TESTENV_PASSENV=TRAVIS +# Only build pushes to the master branch, PRs, and branches beginning with +# `test-`, `travis-test-`, or of the form `digit(s).digit(s).x`. This reduces +# the number of simultaneous Travis runs, which speeds turnaround time on +# review since there is a cap of on the number of simultaneous runs. +branches: + # When changing these branches, please ensure the documentation under + # "Running tests in CI" is still correct. + only: + # apache-parser-v2 is a temporary branch for doing work related to + # rewriting the parser in the Apache plugin. + - apache-parser-v2 + - master + - /^\d+\.\d+\.x$/ + - /^(travis-)?test-.*$/ + +# Jobs for the main test suite are always executed (including on PRs) except for pushes on master. +not-on-master: ¬-on-master + if: NOT (type = push AND branch = master) + +# Jobs for the extended test suite are executed for cron jobs and pushes to +# non-development branches. See the explanation for apache-parser-v2 above. +extended-test-suite: &extended-test-suite + if: type = cron OR (type = push AND branch NOT IN (apache-parser-v2, master)) + matrix: include: - # These environments are always executed + # Main test suite - python: "2.7" - env: BOULDER_INTEGRATION=v1 INTEGRATION_TEST=all TOXENV=py27_install - sudo: required - services: docker - - python: "2.7" - env: BOULDER_INTEGRATION=v2 INTEGRATION_TEST=all TOXENV=py27_install - sudo: required - services: docker + env: ACME_SERVER=pebble TOXENV=integration + <<: *not-on-master + + # This job is always executed, including on master - python: "2.7" env: TOXENV=py27-cover FYI="py27 tests + code coverage" - - sudo: required - env: TOXENV=nginx_compat - services: docker - before_install: - addons: - - python: "2.7" + + - python: "3.7" env: TOXENV=lint - - python: "3.4" - env: TOXENV=mypy + <<: *not-on-master - python: "3.5" env: TOXENV=mypy + <<: *not-on-master - python: "2.7" - env: TOXENV='py27-{acme,apache,certbot,dns,nginx,postfix}-oldest' - sudo: required - services: docker - - python: "3.4" - env: TOXENV=py34 - sudo: required - services: docker - - python: "3.7" - dist: xenial - env: TOXENV=py37 - sudo: required - services: docker + # Ubuntu Trusty or older must be used because the oldest version of + # cryptography we support cannot be compiled against the version of + # OpenSSL in Xenial or newer. + dist: trusty + env: TOXENV='py27-{acme,apache,certbot,dns,nginx}-oldest' + <<: *not-on-master + - python: "3.5" + env: TOXENV=py35 + <<: *not-on-master + - python: "3.8" + env: TOXENV=py38 + <<: *not-on-master - sudo: required env: TOXENV=apache_compat services: docker before_install: addons: + <<: *not-on-master - sudo: required - env: TOXENV=le_auto_trusty + env: TOXENV=le_auto_xenial services: docker - before_install: - addons: + <<: *not-on-master - python: "2.7" env: TOXENV=apacheconftest-with-pebble - sudo: required - services: docker + <<: *not-on-master - python: "2.7" env: TOXENV=nginxroundtrip + <<: *not-on-master - # These environments are executed on cron events only + # Extended test suite on cron jobs and pushes to tested branches other than master + - sudo: required + env: TOXENV=nginx_compat + services: docker + before_install: + addons: + <<: *extended-test-suite + - python: "2.7" + env: + - TOXENV=travis-test-farm-apache2 + - secure: "f+j/Lj9s1lcuKo5sEFrlRd1kIAMnIJI4z0MTI7QF8jl9Fkmbx7KECGzw31TNgzrOSzxSapHbcueFYvNCLKST+kE/8ogMZBbwqXfEDuKpyF6BY3uYoJn+wPVE5pIb8Hhe08xPte8TTDSMIyHI3EyTfcAKrIreauoArePvh/cRvSw=" + <<: *extended-test-suite + - python: "2.7" + env: + - TOXENV=travis-test-farm-leauto-upgrades + - secure: "f+j/Lj9s1lcuKo5sEFrlRd1kIAMnIJI4z0MTI7QF8jl9Fkmbx7KECGzw31TNgzrOSzxSapHbcueFYvNCLKST+kE/8ogMZBbwqXfEDuKpyF6BY3uYoJn+wPVE5pIb8Hhe08xPte8TTDSMIyHI3EyTfcAKrIreauoArePvh/cRvSw=" + git: + depth: false # This is needed to have the history to checkout old versions of certbot-auto. + <<: *extended-test-suite + - python: "2.7" + env: + - TOXENV=travis-test-farm-certonly-standalone + - secure: "f+j/Lj9s1lcuKo5sEFrlRd1kIAMnIJI4z0MTI7QF8jl9Fkmbx7KECGzw31TNgzrOSzxSapHbcueFYvNCLKST+kE/8ogMZBbwqXfEDuKpyF6BY3uYoJn+wPVE5pIb8Hhe08xPte8TTDSMIyHI3EyTfcAKrIreauoArePvh/cRvSw=" + <<: *extended-test-suite + - python: "2.7" + env: + - TOXENV=travis-test-farm-sdists + - secure: "f+j/Lj9s1lcuKo5sEFrlRd1kIAMnIJI4z0MTI7QF8jl9Fkmbx7KECGzw31TNgzrOSzxSapHbcueFYvNCLKST+kE/8ogMZBbwqXfEDuKpyF6BY3uYoJn+wPVE5pIb8Hhe08xPte8TTDSMIyHI3EyTfcAKrIreauoArePvh/cRvSw=" + <<: *extended-test-suite - python: "3.7" - dist: xenial env: TOXENV=py37 CERTBOT_NO_PIN=1 - if: type = cron + <<: *extended-test-suite - python: "2.7" - env: BOULDER_INTEGRATION=v1 INTEGRATION_TEST=certbot TOXENV=py27-certbot-oldest + env: ACME_SERVER=boulder-v1 TOXENV=integration sudo: required services: docker - if: type = cron + <<: *extended-test-suite - python: "2.7" - env: BOULDER_INTEGRATION=v2 INTEGRATION_TEST=certbot TOXENV=py27-certbot-oldest + env: ACME_SERVER=boulder-v2 TOXENV=integration sudo: required services: docker - if: type = cron + <<: *extended-test-suite - python: "2.7" - env: BOULDER_INTEGRATION=v1 INTEGRATION_TEST=nginx TOXENV=py27-nginx-oldest + env: ACME_SERVER=boulder-v1 TOXENV=integration-certbot-oldest + # Ubuntu Trusty or older must be used because the oldest version of + # cryptography we support cannot be compiled against the version of + # OpenSSL in Xenial or newer. + dist: trusty sudo: required services: docker - if: type = cron + <<: *extended-test-suite - python: "2.7" - env: BOULDER_INTEGRATION=v2 INTEGRATION_TEST=nginx TOXENV=py27-nginx-oldest + env: ACME_SERVER=boulder-v2 TOXENV=integration-certbot-oldest + # Ubuntu Trusty or older must be used because the oldest version of + # cryptography we support cannot be compiled against the version of + # OpenSSL in Xenial or newer. + dist: trusty sudo: required services: docker - if: type = cron - - python: "3.4" - env: TOXENV=py34 BOULDER_INTEGRATION=v1 + <<: *extended-test-suite + - python: "2.7" + env: ACME_SERVER=boulder-v1 TOXENV=integration-nginx-oldest + # Ubuntu Trusty or older must be used because the oldest version of + # cryptography we support cannot be compiled against the version of + # OpenSSL in Xenial or newer. + dist: trusty sudo: required services: docker - if: type = cron - - python: "3.4" - env: TOXENV=py34 BOULDER_INTEGRATION=v2 + <<: *extended-test-suite + - python: "2.7" + env: ACME_SERVER=boulder-v2 TOXENV=integration-nginx-oldest + # Ubuntu Trusty or older must be used because the oldest version of + # cryptography we support cannot be compiled against the version of + # OpenSSL in Xenial or newer. + dist: trusty sudo: required services: docker - if: type = cron + <<: *extended-test-suite + - python: "3.6" + env: TOXENV=py36 + <<: *extended-test-suite + - python: "3.7" + env: TOXENV=py37 + <<: *extended-test-suite - python: "3.5" - env: TOXENV=py35 BOULDER_INTEGRATION=v1 + env: ACME_SERVER=boulder-v1 TOXENV=integration sudo: required services: docker - if: type = cron + <<: *extended-test-suite - python: "3.5" - env: TOXENV=py35 BOULDER_INTEGRATION=v2 + env: ACME_SERVER=boulder-v2 TOXENV=integration sudo: required services: docker - if: type = cron + <<: *extended-test-suite - python: "3.6" - env: TOXENV=py36 BOULDER_INTEGRATION=v1 + env: ACME_SERVER=boulder-v1 TOXENV=integration sudo: required services: docker - if: type = cron + <<: *extended-test-suite - python: "3.6" - env: TOXENV=py36 BOULDER_INTEGRATION=v2 + env: ACME_SERVER=boulder-v2 TOXENV=integration sudo: required services: docker - if: type = cron + <<: *extended-test-suite - python: "3.7" - dist: xenial - env: TOXENV=py37 BOULDER_INTEGRATION=v1 + env: ACME_SERVER=boulder-v1 TOXENV=integration sudo: required services: docker - if: type = cron + <<: *extended-test-suite - python: "3.7" - dist: xenial - env: TOXENV=py37 BOULDER_INTEGRATION=v2 + env: ACME_SERVER=boulder-v2 TOXENV=integration sudo: required services: docker - if: type = cron - - sudo: required - env: TOXENV=le_auto_xenial - services: docker - if: type = cron + <<: *extended-test-suite + - python: "3.8" + env: ACME_SERVER=boulder-v1 TOXENV=integration + <<: *extended-test-suite + - python: "3.8" + env: ACME_SERVER=boulder-v2 TOXENV=integration + <<: *extended-test-suite - sudo: required env: TOXENV=le_auto_jessie services: docker - if: type = cron + <<: *extended-test-suite - sudo: required env: TOXENV=le_auto_centos6 services: docker - if: type = cron + <<: *extended-test-suite + - sudo: required + env: TOXENV=le_auto_oraclelinux6 + services: docker + <<: *extended-test-suite - sudo: required env: TOXENV=docker_dev services: docker @@ -148,7 +223,7 @@ matrix: apt: packages: # don't install nginx and apache - libaugeas0 - if: type = cron + <<: *extended-test-suite - language: generic env: TOXENV=py27 os: osx @@ -157,7 +232,7 @@ matrix: packages: - augeas - python2 - if: type = cron + <<: *extended-test-suite - language: generic env: TOXENV=py3 os: osx @@ -166,19 +241,7 @@ matrix: packages: - augeas - python3 - if: type = cron - - - -# Only build pushes to the master branch, PRs, and branches beginning with -# `test-` or of the form `digit(s).digit(s).x`. This reduces the number of -# simultaneous Travis runs, which speeds turnaround time on review since there -# is a cap of on the number of simultaneous runs. -branches: - only: - - master - - /^\d+\.\d+\.x$/ - - /^test-.*$/ + <<: *extended-test-suite # container-based infrastructure sudo: false @@ -187,7 +250,6 @@ addons: apt: packages: # Keep in sync with letsencrypt-auto-source/pieces/bootstrappers/deb_common.sh and Boulder. - python-dev - - python-virtualenv - gcc - libaugeas0 - libssl-dev @@ -197,19 +259,30 @@ addons: - nginx-light - openssl -install: "travis_retry $(command -v pip || command -v pip3) install codecov tox" -script: - - travis_retry tox - - '[ -z "${BOULDER_INTEGRATION+x}" ] || (travis_retry tests/boulder-fetch.sh && tests/tox-boulder-integration.sh)' +# tools/pip_install.py is used to pin packages to a known working version +# except in tests where the environment variable CERTBOT_NO_PIN is set. +# virtualenv is listed here explicitly to make sure it is upgraded when +# CERTBOT_NO_PIN is set to work around failures we've seen when using an older +# version of virtualenv. +install: 'tools/pip_install.py -U codecov tox virtualenv' +# Most of the time TRAVIS_RETRY is an empty string, and has no effect on the +# script command. It is set only to `travis_retry` during farm tests, in +# order to trigger the Travis retry feature, and compensate the inherent +# flakiness of these specific tests. +script: '$TRAVIS_RETRY tox' -after_success: '[ "$TOXENV" == "py27-cover" ] && codecov' +after_success: '[ "$TOXENV" == "py27-cover" ] && codecov -F linux' notifications: email: false irc: + if: NOT branch =~ ^(travis-)?test-.*$ channels: - - secure: "SGWZl3ownKx9xKVV2VnGt7DqkTmutJ89oJV9tjKhSs84kLijU6EYdPnllqISpfHMTxXflNZuxtGo0wTDYHXBuZL47w1O32W6nzuXdra5zC+i4sYQwYULUsyfOv9gJX8zWAULiK0Z3r0oho45U+FR5ZN6TPCidi8/eGU+EEPwaAw=" + # This is set to a secure variable to prevent forks from sending + # notifications. This value was created by installing + # https://github.com/travis-ci/travis.rb and running + # `travis encrypt "chat.freenode.net#certbot-devel"`. + - secure: "EWW66E2+KVPZyIPR8ViENZwfcup4Gx3/dlimmAZE0WuLwxDCshBBOd3O8Rf6pBokEoZlXM5eDT6XdyJj8n0DLslgjO62pExdunXpbcMwdY7l1ELxX2/UbnDTE6UnPYa09qVBHNG7156Z6yE0x2lH4M9Ykvp0G0cubjPQHylAwo0=" on_cancel: never on_success: never on_failure: always - use_notice: true |