diff --git a/.travis.yml b/.travis.yml index afd656edf..34cd9553b 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,321 +1 @@ -language: python -dist: xenial - -cache: - directories: - - $HOME/.cache/pip - -before_script: - # On Travis, the fastest parallelization for integration tests has proved to be 4. - - 'if [[ "$TOXENV" == *"integration"* ]]; then export PYTEST_ADDOPTS="--numprocesses 4"; fi' - # Use Travis retry feature for farm tests since they are flaky - - 'if [[ "$TOXENV" == "travis-test-farm"* ]]; then export TRAVIS_RETRY=travis_retry; fi' - - export TOX_TESTENV_PASSENV=TRAVIS - - 'if [[ "$SNAP" == true ]]; then snap/local/build_and_install.sh; fi' - -# Only build pushes to the master branch, PRs, and branches beginning with -# `test-`, `travis-test-`, or of the form `digit(s).digit(s).x` or -# `vdigit(s).digit(s).digit(s)`. As documented at -# https://docs.travis-ci.com/user/customizing-the-build/#safelisting-or-blocklisting-branches, -# this includes tags so pushing tags of the form `vdigit(s).digit(s).digit(s)` -# will also trigger tests. This reduces the number of simultaneous Travis runs, -# which speeds turnaround time on review since there is a cap of on the number -# of simultaneous runs. -branches: - # When changing these branches, please ensure the documentation under - # "Running tests in CI" is still correct. - only: - - master - - /^\d+\.\d+\.x$/ # this matches our point release branches - - /^v\d+\.\d+\.\d+$/ # this matches our release tags - - /^(travis-)?test-.*$/ - -# Jobs for the main test suite are always executed (including on PRs) except for pushes on master. -not-on-master: ¬-on-master - if: NOT (type = push AND branch = master) - -# Jobs for the extended test suite are executed for cron jobs and pushes to -# non-development branches. -extended-test-suite: &extended-test-suite - if: type = cron OR (type = push AND branch != master) - -matrix: - include: - # Main test suite - - stage: "Test" - python: "2.7" - env: ACME_SERVER=pebble TOXENV=integration - <<: *not-on-master - - # As documented at - # https://docs.travis-ci.com/user/build-stages/#how-to-define-build-stages, - # the previous stage will be automatically applied to all subsequent jobs - # until a new stage is defined. - - # This job is always executed, including on master - - python: "3.8" - env: TOXENV=py38-cover FYI="py38 tests + code coverage" - - - python: "3.7" - env: TOXENV=lint - <<: *not-on-master - - python: "3.5" - env: TOXENV=mypy - <<: *not-on-master - - python: "2.7" - # Ubuntu Trusty or older must be used because the oldest version of - # cryptography we support cannot be compiled against the version of - # OpenSSL in Xenial or newer. - dist: trusty - env: TOXENV='py27-{acme,apache,apache-v2,certbot,dns,nginx}-oldest' - <<: *not-on-master - - python: "2.7" - env: TOXENV=py27 - <<: *not-on-master - - python: "3.5" - env: TOXENV=py35 - <<: *not-on-master - - sudo: required - env: TOXENV=apache_compat - services: docker - addons: - <<: *not-on-master - - sudo: required - env: TOXENV=le_auto_xenial - services: docker - <<: *not-on-master - - python: "2.7" - env: TOXENV=apacheconftest-with-pebble - <<: *not-on-master - - python: "2.7" - env: TOXENV=nginxroundtrip - <<: *not-on-master - - # Extended test suite on cron jobs and pushes to tested branches other than master - - sudo: required - env: TOXENV=nginx_compat - services: docker - addons: - <<: *extended-test-suite - - python: "3.7" - env: - - TOXENV=travis-test-farm-apache2 - - secure: "f+j/Lj9s1lcuKo5sEFrlRd1kIAMnIJI4z0MTI7QF8jl9Fkmbx7KECGzw31TNgzrOSzxSapHbcueFYvNCLKST+kE/8ogMZBbwqXfEDuKpyF6BY3uYoJn+wPVE5pIb8Hhe08xPte8TTDSMIyHI3EyTfcAKrIreauoArePvh/cRvSw=" - <<: *extended-test-suite - - python: "3.7" - env: - - TOXENV=travis-test-farm-leauto-upgrades - - secure: "f+j/Lj9s1lcuKo5sEFrlRd1kIAMnIJI4z0MTI7QF8jl9Fkmbx7KECGzw31TNgzrOSzxSapHbcueFYvNCLKST+kE/8ogMZBbwqXfEDuKpyF6BY3uYoJn+wPVE5pIb8Hhe08xPte8TTDSMIyHI3EyTfcAKrIreauoArePvh/cRvSw=" - git: - depth: false # This is needed to have the history to checkout old versions of certbot-auto. - <<: *extended-test-suite - - python: "3.7" - env: - - TOXENV=travis-test-farm-certonly-standalone - - secure: "f+j/Lj9s1lcuKo5sEFrlRd1kIAMnIJI4z0MTI7QF8jl9Fkmbx7KECGzw31TNgzrOSzxSapHbcueFYvNCLKST+kE/8ogMZBbwqXfEDuKpyF6BY3uYoJn+wPVE5pIb8Hhe08xPte8TTDSMIyHI3EyTfcAKrIreauoArePvh/cRvSw=" - <<: *extended-test-suite - - python: "3.7" - env: - - TOXENV=travis-test-farm-sdists - - secure: "f+j/Lj9s1lcuKo5sEFrlRd1kIAMnIJI4z0MTI7QF8jl9Fkmbx7KECGzw31TNgzrOSzxSapHbcueFYvNCLKST+kE/8ogMZBbwqXfEDuKpyF6BY3uYoJn+wPVE5pIb8Hhe08xPte8TTDSMIyHI3EyTfcAKrIreauoArePvh/cRvSw=" - <<: *extended-test-suite - - python: "3.7" - env: TOXENV=py37 CERTBOT_NO_PIN=1 - <<: *extended-test-suite - - python: "2.7" - env: ACME_SERVER=boulder-v1 TOXENV=integration - sudo: required - services: docker - <<: *extended-test-suite - - python: "2.7" - env: ACME_SERVER=boulder-v2 TOXENV=integration - sudo: required - services: docker - <<: *extended-test-suite - - python: "2.7" - env: ACME_SERVER=boulder-v1 TOXENV=integration-certbot-oldest - # Ubuntu Trusty or older must be used because the oldest version of - # cryptography we support cannot be compiled against the version of - # OpenSSL in Xenial or newer. - dist: trusty - sudo: required - services: docker - <<: *extended-test-suite - - python: "2.7" - env: ACME_SERVER=boulder-v2 TOXENV=integration-certbot-oldest - # Ubuntu Trusty or older must be used because the oldest version of - # cryptography we support cannot be compiled against the version of - # OpenSSL in Xenial or newer. - dist: trusty - sudo: required - services: docker - <<: *extended-test-suite - - python: "2.7" - env: ACME_SERVER=boulder-v1 TOXENV=integration-nginx-oldest - # Ubuntu Trusty or older must be used because the oldest version of - # cryptography we support cannot be compiled against the version of - # OpenSSL in Xenial or newer. - dist: trusty - sudo: required - services: docker - <<: *extended-test-suite - - python: "2.7" - env: ACME_SERVER=boulder-v2 TOXENV=integration-nginx-oldest - # Ubuntu Trusty or older must be used because the oldest version of - # cryptography we support cannot be compiled against the version of - # OpenSSL in Xenial or newer. - dist: trusty - sudo: required - services: docker - <<: *extended-test-suite - - python: "3.6" - env: TOXENV=py36 - <<: *extended-test-suite - - python: "3.7" - env: TOXENV=py37 - <<: *extended-test-suite - - python: "3.5" - env: ACME_SERVER=boulder-v1 TOXENV=integration - sudo: required - services: docker - <<: *extended-test-suite - - python: "3.5" - env: ACME_SERVER=boulder-v2 TOXENV=integration - sudo: required - services: docker - <<: *extended-test-suite - - python: "3.6" - env: ACME_SERVER=boulder-v1 TOXENV=integration - sudo: required - services: docker - <<: *extended-test-suite - - python: "3.6" - env: ACME_SERVER=boulder-v2 TOXENV=integration - sudo: required - services: docker - <<: *extended-test-suite - - python: "3.7" - env: ACME_SERVER=boulder-v1 TOXENV=integration - sudo: required - services: docker - <<: *extended-test-suite - - python: "3.7" - env: ACME_SERVER=boulder-v2 TOXENV=integration - sudo: required - services: docker - <<: *extended-test-suite - - python: "3.8" - env: ACME_SERVER=boulder-v1 TOXENV=integration - <<: *extended-test-suite - - python: "3.8" - env: ACME_SERVER=boulder-v2 TOXENV=integration - <<: *extended-test-suite - - sudo: required - env: TOXENV=le_auto_jessie - services: docker - <<: *extended-test-suite - - sudo: required - env: TOXENV=le_auto_centos6 - services: docker - <<: *extended-test-suite - - sudo: required - env: TOXENV=le_auto_oraclelinux6 - services: docker - <<: *extended-test-suite - - sudo: required - env: TOXENV=docker_dev - services: docker - addons: - apt: - packages: # don't install nginx and apache - - libaugeas0 - <<: *extended-test-suite - - stage: "Snap" - sudo: required - env: SNAP=true TOXENV=integration-external,apacheconftest-external-with-pebble - addons: - apt: - packages: - - nginx-light - snaps: - - name: snapcraft - channel: stable - confinement: classic - - name: lxd - channel: stable - git: - # By default, Travis clones the repo to a depth of 50 commits which can - # break the ability to use `git describe` to set the version of the - # snap. This setting removes the --depth flag from git commands solving - # this problem. See - # https://docs.travis-ci.com/user/customizing-the-build#git-clone-depth - # for more info. - depth: false - deploy: - # This section relies on credentials stored in a SNAP_TOKEN environment - # variable in Travis. See - # https://docs.travis-ci.com/user/deployment/snaps/ for more info. - # This credential has a maximum lifetime of 1 year and the current - # credential will expire on 4/22/2021. The value of SNAP_TOKEN will - # need to be updated to use a new credential before then to prevent - # automated deploys from breaking. Remembering to do this is also - # tracked by https://github.com/certbot/certbot/issues/7931. - 'on': - # Deploy on release tags or nightly runs from any branch. We only try - # to deploy from the certbot/certbot repo to prevent errors if forks - # of this repo try to run tests. - all_branches: true - condition: -n $TRAVIS_TAG || $TRAVIS_EVENT_TYPE = cron - repo: certbot/certbot - provider: snap - snap: certbot_*.snap - channel: edge - # skip_cleanup is needed to prevent Travis from deleting the snaps we - # just built and tested. See - # https://docs.travis-ci.com/user/deployment#uploading-files-and-skip_cleanup. - skip_cleanup: true - <<: *extended-test-suite - -# container-based infrastructure -sudo: false - -addons: - apt: - packages: # Keep in sync with letsencrypt-auto-source/pieces/bootstrappers/deb_common.sh and Boulder. - - python-dev - - gcc - - libaugeas0 - - libssl-dev - - libffi-dev - - ca-certificates - # For certbot-nginx integration testing - - nginx-light - - openssl - -# tools/pip_install.py is used to pin packages to a known working version -# except in tests where the environment variable CERTBOT_NO_PIN is set. -# virtualenv is listed here explicitly to make sure it is upgraded when -# CERTBOT_NO_PIN is set to work around failures we've seen when using an older -# version of virtualenv. The option "-I" is set so when CERTBOT_NO_PIN is also -# set, pip updates dependencies it thinks are already satisfied to avoid some -# problems with its lack of real dependency resolution. -install: 'tools/pip_install.py -I tox virtualenv' -# Most of the time TRAVIS_RETRY is an empty string, and has no effect on the -# script command. It is set only to `travis_retry` during farm tests, in -# order to trigger the Travis retry feature, and compensate the inherent -# flakiness of these specific tests. -script: '$TRAVIS_RETRY tox' - -notifications: - email: false - irc: - if: NOT branch =~ ^(travis-)?test-.*$ - channels: - # This is set to a secure variable to prevent forks from sending - # notifications. This value was created by installing - # https://github.com/travis-ci/travis.rb and running - # `travis encrypt "chat.freenode.net#certbot-devel"`. - - secure: "EWW66E2+KVPZyIPR8ViENZwfcup4Gx3/dlimmAZE0WuLwxDCshBBOd3O8Rf6pBokEoZlXM5eDT6XdyJj8n0DLslgjO62pExdunXpbcMwdY7l1ELxX2/UbnDTE6UnPYa09qVBHNG7156Z6yE0x2lH4M9Ykvp0G0cubjPQHylAwo0=" - on_cancel: never - on_success: never - on_failure: always +script: None