language: python dist: xenial cache: directories: - $HOME/.cache/pip before_script: # On Travis, the fastest parallelization for integration tests has proved to be 4. - 'if [[ "$TOXENV" == *"integration"* ]]; then export PYTEST_ADDOPTS="--numprocesses 4"; fi' # Use Travis retry feature for farm tests since they are flaky - 'if [[ "$TOXENV" == "travis-test-farm"* ]]; then export TRAVIS_RETRY=travis_retry; fi' - export TOX_TESTENV_PASSENV=TRAVIS - 'if [[ "$SNAP" == true ]]; then snap/local/build_and_install.sh $TARGET_ARCH; fi' # Only build pushes to the master branch, PRs, and branches beginning with # `test-`, `travis-test-`, or of the form `digit(s).digit(s).x` or # `vdigit(s).digit(s).digit(s)`. As documented at # https://docs.travis-ci.com/user/customizing-the-build/#safelisting-or-blocklisting-branches, # this includes tags so pushing tags of the form `vdigit(s).digit(s).digit(s)` # will also trigger tests. This reduces the number of simultaneous Travis runs, # which speeds turnaround time on review since there is a cap of on the number # of simultaneous runs. branches: # When changing these branches, please ensure the documentation under # "Running tests in CI" is still correct. only: - master - /^\d+\.\d+\.x$/ # this matches our point release branches - /^v\d+\.\d+\.\d+$/ # this matches our release tags - /^(travis-)?test-.*$/ # Jobs for the main test suite are always executed (including on PRs) except for pushes on master. not-on-master: ¬-on-master if: NOT (type = push AND branch = master) # Jobs for the extended test suite are executed for cron jobs and pushes to # non-development branches. extended-test-suite: &extended-test-suite if: type = cron OR (type = push AND branch != master) # Common configuration for all snap tasks snap-config: &snap-config dist: bionic addons: apt: packages: - nginx-light git: # By default, Travis clones the repo to a depth of 50 commits which can # break the ability to use `git describe` to set the version of the # snap. This setting removes the --depth flag from git commands solving # this problem. See # https://docs.travis-ci.com/user/customizing-the-build#git-clone-depth # for more info. depth: false deploy: # This section relies on credentials stored in a SNAP_TOKEN environment # variable in Travis. See # https://docs.travis-ci.com/user/deployment/snaps/ for more info. # This credential has a maximum lifetime of 1 year and the current # credential will expire on 4/22/2021. The value of SNAP_TOKEN will # need to be updated to use a new credential before then to prevent # automated deploys from breaking. Remembering to do this is also # tracked by https://github.com/certbot/certbot/issues/7931. 'on': # Deploy on release tags or nightly runs from any branch. We only try # to deploy from the certbot/certbot repo to prevent errors if forks # of this repo try to run tests. all_branches: true condition: -n $TRAVIS_TAG || $TRAVIS_EVENT_TYPE = cron repo: certbot/certbot provider: snap snap: certbot_*.snap channel: edge # skip_cleanup is needed to prevent Travis from deleting the snaps we # just built and tested. See # https://docs.travis-ci.com/user/deployment#uploading-files-and-skip_cleanup. skip_cleanup: true matrix: include: # Main test suite - stage: "Test" python: "2.7" env: ACME_SERVER=pebble TOXENV=integration <<: *not-on-master # As documented at # https://docs.travis-ci.com/user/build-stages/#how-to-define-build-stages, # the previous stage will be automatically applied to all subsequent jobs # until a new stage is defined. # This job is always executed, including on master - python: "3.8" env: TOXENV=py38-cover FYI="py38 tests + code coverage" - python: "3.7" env: TOXENV=lint <<: *not-on-master - python: "3.5" env: TOXENV=mypy <<: *not-on-master - python: "2.7" # Ubuntu Trusty or older must be used because the oldest version of # cryptography we support cannot be compiled against the version of # OpenSSL in Xenial or newer. dist: trusty env: TOXENV='py27-{acme,apache,apache-v2,certbot,dns,nginx}-oldest' <<: *not-on-master - python: "2.7" env: TOXENV=py27 <<: *not-on-master - python: "3.5" env: TOXENV=py35 <<: *not-on-master - sudo: required env: TOXENV=apache_compat services: docker addons: <<: *not-on-master - sudo: required env: TOXENV=le_auto_xenial services: docker <<: *not-on-master - python: "2.7" env: TOXENV=apacheconftest-with-pebble <<: *not-on-master - python: "2.7" env: TOXENV=nginxroundtrip <<: *not-on-master # Extended test suite on cron jobs and pushes to tested branches other than master - sudo: required env: TOXENV=nginx_compat services: docker addons: <<: *extended-test-suite - python: "3.7" env: - TOXENV=travis-test-farm-apache2 - secure: "f+j/Lj9s1lcuKo5sEFrlRd1kIAMnIJI4z0MTI7QF8jl9Fkmbx7KECGzw31TNgzrOSzxSapHbcueFYvNCLKST+kE/8ogMZBbwqXfEDuKpyF6BY3uYoJn+wPVE5pIb8Hhe08xPte8TTDSMIyHI3EyTfcAKrIreauoArePvh/cRvSw=" <<: *extended-test-suite - python: "3.7" env: - TOXENV=travis-test-farm-leauto-upgrades - secure: "f+j/Lj9s1lcuKo5sEFrlRd1kIAMnIJI4z0MTI7QF8jl9Fkmbx7KECGzw31TNgzrOSzxSapHbcueFYvNCLKST+kE/8ogMZBbwqXfEDuKpyF6BY3uYoJn+wPVE5pIb8Hhe08xPte8TTDSMIyHI3EyTfcAKrIreauoArePvh/cRvSw=" git: depth: false # This is needed to have the history to checkout old versions of certbot-auto. <<: *extended-test-suite - python: "3.7" env: - TOXENV=travis-test-farm-certonly-standalone - secure: "f+j/Lj9s1lcuKo5sEFrlRd1kIAMnIJI4z0MTI7QF8jl9Fkmbx7KECGzw31TNgzrOSzxSapHbcueFYvNCLKST+kE/8ogMZBbwqXfEDuKpyF6BY3uYoJn+wPVE5pIb8Hhe08xPte8TTDSMIyHI3EyTfcAKrIreauoArePvh/cRvSw=" <<: *extended-test-suite - python: "3.7" env: - TOXENV=travis-test-farm-sdists - secure: "f+j/Lj9s1lcuKo5sEFrlRd1kIAMnIJI4z0MTI7QF8jl9Fkmbx7KECGzw31TNgzrOSzxSapHbcueFYvNCLKST+kE/8ogMZBbwqXfEDuKpyF6BY3uYoJn+wPVE5pIb8Hhe08xPte8TTDSMIyHI3EyTfcAKrIreauoArePvh/cRvSw=" <<: *extended-test-suite - python: "3.7" env: TOXENV=py37 CERTBOT_NO_PIN=1 <<: *extended-test-suite - python: "2.7" env: ACME_SERVER=boulder-v1 TOXENV=integration sudo: required services: docker <<: *extended-test-suite - python: "2.7" env: ACME_SERVER=boulder-v2 TOXENV=integration sudo: required services: docker <<: *extended-test-suite - python: "2.7" env: ACME_SERVER=boulder-v1 TOXENV=integration-certbot-oldest # Ubuntu Trusty or older must be used because the oldest version of # cryptography we support cannot be compiled against the version of # OpenSSL in Xenial or newer. dist: trusty sudo: required services: docker <<: *extended-test-suite - python: "2.7" env: ACME_SERVER=boulder-v2 TOXENV=integration-certbot-oldest # Ubuntu Trusty or older must be used because the oldest version of # cryptography we support cannot be compiled against the version of # OpenSSL in Xenial or newer. dist: trusty sudo: required services: docker <<: *extended-test-suite - python: "2.7" env: ACME_SERVER=boulder-v1 TOXENV=integration-nginx-oldest # Ubuntu Trusty or older must be used because the oldest version of # cryptography we support cannot be compiled against the version of # OpenSSL in Xenial or newer. dist: trusty sudo: required services: docker <<: *extended-test-suite - python: "2.7" env: ACME_SERVER=boulder-v2 TOXENV=integration-nginx-oldest # Ubuntu Trusty or older must be used because the oldest version of # cryptography we support cannot be compiled against the version of # OpenSSL in Xenial or newer. dist: trusty sudo: required services: docker <<: *extended-test-suite - python: "3.6" env: TOXENV=py36 <<: *extended-test-suite - python: "3.7" env: TOXENV=py37 <<: *extended-test-suite - python: "3.5" env: ACME_SERVER=boulder-v1 TOXENV=integration sudo: required services: docker <<: *extended-test-suite - python: "3.5" env: ACME_SERVER=boulder-v2 TOXENV=integration sudo: required services: docker <<: *extended-test-suite - python: "3.6" env: ACME_SERVER=boulder-v1 TOXENV=integration sudo: required services: docker <<: *extended-test-suite - python: "3.6" env: ACME_SERVER=boulder-v2 TOXENV=integration sudo: required services: docker <<: *extended-test-suite - python: "3.7" env: ACME_SERVER=boulder-v1 TOXENV=integration sudo: required services: docker <<: *extended-test-suite - python: "3.7" env: ACME_SERVER=boulder-v2 TOXENV=integration sudo: required services: docker <<: *extended-test-suite - python: "3.8" env: ACME_SERVER=boulder-v1 TOXENV=integration <<: *extended-test-suite - python: "3.8" env: ACME_SERVER=boulder-v2 TOXENV=integration <<: *extended-test-suite - sudo: required env: TOXENV=le_auto_jessie services: docker <<: *extended-test-suite - sudo: required env: TOXENV=le_auto_centos6 services: docker <<: *extended-test-suite - sudo: required env: TOXENV=le_auto_oraclelinux6 services: docker <<: *extended-test-suite - sudo: required env: TOXENV=docker_dev services: docker addons: apt: packages: # don't install nginx and apache - libaugeas0 <<: *extended-test-suite - stage: "Snap" env: SNAP=true TOXENV=integration-external,apacheconftest-external-with-pebble TARGET_ARCH=amd64 <<: *snap-config <<: *extended-test-suite - env: SNAP=true TARGET_ARCH=arm64 <<: *snap-config <<: *extended-test-suite - env: SNAP=true TARGET_ARCH=armhf <<: *snap-config <<: *extended-test-suite # container-based infrastructure sudo: false addons: apt: packages: # Keep in sync with letsencrypt-auto-source/pieces/bootstrappers/deb_common.sh and Boulder. - python-dev - gcc - libaugeas0 - libssl-dev - libffi-dev - ca-certificates # For certbot-nginx integration testing - nginx-light - openssl # tools/pip_install.py is used to pin packages to a known working version # except in tests where the environment variable CERTBOT_NO_PIN is set. # virtualenv is listed here explicitly to make sure it is upgraded when # CERTBOT_NO_PIN is set to work around failures we've seen when using an older # version of virtualenv. The option "-I" is set so when CERTBOT_NO_PIN is also # set, pip updates dependencies it thinks are already satisfied to avoid some # problems with its lack of real dependency resolution. install: 'tools/pip_install.py -I tox virtualenv' # Most of the time TRAVIS_RETRY is an empty string, and has no effect on the # script command. It is set only to `travis_retry` during farm tests, in # order to trigger the Travis retry feature, and compensate the inherent # flakiness of these specific tests. script: 'if [[ ! -z "$TOXENV" ]]; then $TRAVIS_RETRY tox; fi' notifications: email: false irc: if: NOT branch =~ ^(travis-)?test-.*$ channels: # This is set to a secure variable to prevent forks from sending # notifications. This value was created by installing # https://github.com/travis-ci/travis.rb and running # `travis encrypt "chat.freenode.net#certbot-devel"`. - secure: "EWW66E2+KVPZyIPR8ViENZwfcup4Gx3/dlimmAZE0WuLwxDCshBBOd3O8Rf6pBokEoZlXM5eDT6XdyJj8n0DLslgjO62pExdunXpbcMwdY7l1ELxX2/UbnDTE6UnPYa09qVBHNG7156Z6yE0x2lH4M9Ykvp0G0cubjPQHylAwo0=" on_success: never on_failure: always