pipewire/.gitlab-ci.yml

569 lines
16 KiB
YAML
Raw Normal View History

stages:
- container
- container_coverity
- build
- analysis
- pages
variables:
2020-03-09 07:33:35 +00:00
FDO_UPSTREAM_REPO: 'pipewire/pipewire'
# ci-templates as of Jan 27th 2022
.templates_sha: &templates_sha 0c312d9c7255f46e741d43bcd1930f09cd12efe7
include:
- project: 'freedesktop/ci-templates'
ref: *templates_sha
file: '/templates/fedora.yml'
- project: 'freedesktop/ci-templates'
ref: *templates_sha
file: '/templates/ubuntu.yml'
- project: 'freedesktop/ci-templates'
ref: *templates_sha
file: '/templates/alpine.yml'
.fedora:
variables:
# Update this tag when you want to trigger a rebuild
FDO_DISTRIBUTION_TAG: '2023-11-22.0'
FDO_DISTRIBUTION_VERSION: '39'
FDO_DISTRIBUTION_PACKAGES: >-
alsa-lib-devel
avahi-devel
bluez-libs-devel
clang
dbus-devel
doxygen
fdk-aac-free-devel
findutils
gcc
gcc-c++
git
glib-devel
graphviz
gstreamer1-devel
gstreamer1-plugins-base-devel
jack-audio-connection-kit-devel
libasan
libcanberra-devel
libffado-devel
libldac-devel
libmysofa-devel
libsndfile-devel
libubsan
libusb1-devel
lilv-devel
libv4l-devel
libva-devel
libX11-devel
ModemManager-devel
meson
openssl-devel
pulseaudio-libs-devel
python3-docutils
python3-pip
sbc-devel
2021-05-09 22:34:11 +00:00
ShellCheck
SDL2-devel
systemd-devel
vulkan-loader-devel
webrtc-audio-processing-devel
which
2021-07-07 02:55:03 +00:00
valgrind
2021-08-01 18:13:22 +00:00
ninja-build
pkgconf
2022-03-05 12:33:11 +00:00
pulseaudio-utils
openal-soft
2022-11-07 15:16:22 +00:00
readline-devel
pandoc
# Uncommenting the following two lines and disabling the meson entry above
# will re-enable use of Meson via pip but please consider using a newer distro
# image first or making the build system compatible instead! This is because
# using pip or another 3rd party repo defeats the point testing the particular
# distro for regressions.
# NOTE: If you do end up using pip3 for meson, be sure to also update the
# build_meson_prerelease and build_meson_exact_release build instructions
# to uninstall the pip3 version again and probably to not call dnf remove
# FDO_DISTRIBUTION_EXEC: >-
# pip3 install meson
.ubuntu:
variables:
# Update this tag when you want to trigger a rebuild
2024-01-12 09:40:06 +00:00
FDO_DISTRIBUTION_TAG: '2024-01-12.0'
FDO_DISTRIBUTION_VERSION: '22.04'
FDO_DISTRIBUTION_PACKAGES: >-
debhelper-compat
findutils
git
pipewire-pulse: add snap permissions support SNAP containers have two main "audio" security rules: * audio-playback: the applications inside the container can send audio samples into a sink * audio-record: the applications inside the container can get audio samples from a source Also, old SNAP containers had the "pulseaudio" rule, which just exposed the pulseaudio socket directly, without limits. This is similar to the current Flatpak audio permissions. In the pulseaudio days, a specific pulseaudio module was used that checked the permissions given to the application and allowed or forbade access to the pulseaudio operations. With the change to pipewire, this functionality must be implemented in pipewire-pulse to guarantee the sandbox security. This patch adds support for sandboxing permissions in the pulseaudio module, and implements support for the SNAP audio security model, thus forbiding a SNAP application to record audio unless it has permissions to do so. The current code for pipewire-pulseaudio checks the permissions of the snap and adds three properties to each new client: * pipewire.snap.id: contains the Snap ID of the client. * pipewire.snap.audio.playback: its value is 'true' if the client has permission to play audio, or 'false' if not. * pipewire.snap.audio.record: its value is 'true' if the client has permission to record audio, or 'false' if not. These properties must be processed by wireplumber to add or remove access permissions to the corresponding nodes. That code is available in a separate patch: https://gitlab.freedesktop.org/pipewire/wireplumber/-/merge_requests/567
2023-11-22 10:26:16 +00:00
libapparmor-dev
libasound2-dev
libavcodec-dev
libavfilter-dev
libavformat-dev
libdbus-1-dev
libbluetooth-dev
libglib2.0-dev
libgstreamer1.0-dev
libgstreamer-plugins-base1.0-dev
libsbc-dev
libsdl2-dev
pipewire-pulse: add snap permissions support SNAP containers have two main "audio" security rules: * audio-playback: the applications inside the container can send audio samples into a sink * audio-record: the applications inside the container can get audio samples from a source Also, old SNAP containers had the "pulseaudio" rule, which just exposed the pulseaudio socket directly, without limits. This is similar to the current Flatpak audio permissions. In the pulseaudio days, a specific pulseaudio module was used that checked the permissions given to the application and allowed or forbade access to the pulseaudio operations. With the change to pipewire, this functionality must be implemented in pipewire-pulse to guarantee the sandbox security. This patch adds support for sandboxing permissions in the pulseaudio module, and implements support for the SNAP audio security model, thus forbiding a SNAP application to record audio unless it has permissions to do so. The current code for pipewire-pulseaudio checks the permissions of the snap and adds three properties to each new client: * pipewire.snap.id: contains the Snap ID of the client. * pipewire.snap.audio.playback: its value is 'true' if the client has permission to play audio, or 'false' if not. * pipewire.snap.audio.record: its value is 'true' if the client has permission to record audio, or 'false' if not. These properties must be processed by wireplumber to add or remove access permissions to the corresponding nodes. That code is available in a separate patch: https://gitlab.freedesktop.org/pipewire/wireplumber/-/merge_requests/567
2023-11-22 10:26:16 +00:00
libsnapd-glib-dev
libudev-dev
libva-dev
libv4l-dev
libx11-dev
meson
ninja-build
pkg-config
python3-docutils
systemd
# Uncommenting the following three lines and disabling the meson entry above
# will re-enable use of Meson via pip but please consider using a newer distro
# image first or making the build system compatible instead! This is because
# using pip or another 3rd party repo defeats the point testing the particular
# distro for regressions.
# python3-pip
# FDO_DISTRIBUTION_EXEC: >-
# pip3 install meson
.alpine:
variables:
# Update this tag when you want to trigger a rebuild
FDO_DISTRIBUTION_TAG: '2023-04-17.0'
FDO_DISTRIBUTION_VERSION: '3.17'
FDO_DISTRIBUTION_PACKAGES: >-
alsa-lib-dev
avahi-dev
bash
bluez-dev
gcc
g++
dbus-dev
doxygen
eudev-dev
fdk-aac-dev
git
glib-dev
graphviz
gst-plugins-base-dev
gstreamer-dev
jack-dev
libfreeaptx-dev
libusb-dev
libx11-dev
meson
modemmanager-dev
ncurses-dev
pulseaudio-dev
readline-dev
sbc-dev
vulkan-loader-dev
xmltoman
.coverity:
variables:
FDO_REPO_SUFFIX: 'coverity'
FDO_BASE_IMAGE: registry.freedesktop.org/$FDO_UPSTREAM_REPO/fedora/$FDO_DISTRIBUTION_VERSION:$FDO_DISTRIBUTION_TAG
FDO_DISTRIBUTION_PACKAGES: >-
curl
FDO_DISTRIBUTION_EXEC: >-
mkdir -p /opt ;
cd /opt ;
curl -o /tmp/cov-analysis-linux64.tgz https://scan.coverity.com/download/cxx/linux64
--form project=$COVERITY_SCAN_PROJECT_NAME --form token=$COVERITY_SCAN_TOKEN ;
tar xf /tmp/cov-analysis-linux64.tgz ;
mv cov-analysis-linux64-* coverity ;
rm /tmp/cov-analysis-linux64.tgz
rules:
- if: $COVERITY != null
.not_coverity:
rules:
- if: $COVERITY == null
.build:
before_script:
# setup the environment
- export BUILD_ID="$CI_JOB_ID"
- export PREFIX="$PWD/prefix-$BUILD_ID"
- export BUILD_DIR="$PWD/build-$BUILD_ID"
- export XDG_RUNTIME_DIR="$(mktemp -p $PWD -d xdg-runtime-XXXXXX)"
- |
if [ -n "$FDO_CI_CONCURRENT" ]; then
2023-03-09 22:48:47 +00:00
COMPILE_ARGS="-j$FDO_CI_CONCURRENT"
export COMPILE_ARGS
fi
script:
- echo "Building with meson options $MESON_OPTIONS"
- meson setup "$BUILD_DIR" --prefix="$PREFIX" $MESON_OPTIONS
2023-03-09 22:48:47 +00:00
- meson compile -C "$BUILD_DIR" $COMPILE_ARGS
2023-03-09 22:41:09 +00:00
- meson test -C "$BUILD_DIR" --no-rebuild
- meson install -C "$BUILD_DIR" --no-rebuild
artifacts:
name: pipewire-$CI_COMMIT_SHA
when: always
paths:
- build-*/meson-logs
container_ubuntu:
extends:
- .ubuntu
- .fdo.container-build@ubuntu
stage: container
variables:
GIT_STRATEGY: none # no need to pull the whole tree for rebuilding the image
container_fedora:
extends:
- .fedora
- .fdo.container-build@fedora
stage: container
variables:
GIT_STRATEGY: none # no need to pull the whole tree for rebuilding the image
container_alpine:
extends:
- .alpine
- .fdo.container-build@alpine
stage: container
variables:
GIT_STRATEGY: none # no need to pull the whole tree for rebuilding the image
container_coverity:
extends:
- .fedora
- .coverity
- .fdo.container-build@fedora
stage: container_coverity
variables:
GIT_STRATEGY: none
build_on_ubuntu:
extends:
- .ubuntu
- .not_coverity
- .fdo.distribution-image@ubuntu
- .build
stage: build
variables:
pipewire-pulse: add snap permissions support SNAP containers have two main "audio" security rules: * audio-playback: the applications inside the container can send audio samples into a sink * audio-record: the applications inside the container can get audio samples from a source Also, old SNAP containers had the "pulseaudio" rule, which just exposed the pulseaudio socket directly, without limits. This is similar to the current Flatpak audio permissions. In the pulseaudio days, a specific pulseaudio module was used that checked the permissions given to the application and allowed or forbade access to the pulseaudio operations. With the change to pipewire, this functionality must be implemented in pipewire-pulse to guarantee the sandbox security. This patch adds support for sandboxing permissions in the pulseaudio module, and implements support for the SNAP audio security model, thus forbiding a SNAP application to record audio unless it has permissions to do so. The current code for pipewire-pulseaudio checks the permissions of the snap and adds three properties to each new client: * pipewire.snap.id: contains the Snap ID of the client. * pipewire.snap.audio.playback: its value is 'true' if the client has permission to play audio, or 'false' if not. * pipewire.snap.audio.record: its value is 'true' if the client has permission to record audio, or 'false' if not. These properties must be processed by wireplumber to add or remove access permissions to the corresponding nodes. That code is available in a separate patch: https://gitlab.freedesktop.org/pipewire/wireplumber/-/merge_requests/567
2023-11-22 10:26:16 +00:00
MESON_OPTIONS: "-Dsession-managers=[] -Dsnap=enabled"
.build_on_fedora:
extends:
- .fedora
- .not_coverity
- .fdo.distribution-image@fedora
- .build
stage: build
build_on_fedora:
extends:
- .build_on_fedora
variables:
MESON_OPTIONS: >-
-Ddocs=enabled
-Dman=enabled
-Ddoc-prefix-value=/usr
-Ddoc-sysconfdir-value=/etc
-Dinstalled_tests=enabled
-Dsystemd-system-service=enabled
-Dbluez5-backend-hsphfpd=enabled
-Daudiotestsrc=enabled
-Dtest=enabled
-Dvideotestsrc=enabled
-Dvolume=enabled
-Dvulkan=enabled
-Dsdl2=enabled
-Dsndfile=enabled
-Dsession-managers=[]
pipewire-pulse: add snap permissions support SNAP containers have two main "audio" security rules: * audio-playback: the applications inside the container can send audio samples into a sink * audio-record: the applications inside the container can get audio samples from a source Also, old SNAP containers had the "pulseaudio" rule, which just exposed the pulseaudio socket directly, without limits. This is similar to the current Flatpak audio permissions. In the pulseaudio days, a specific pulseaudio module was used that checked the permissions given to the application and allowed or forbade access to the pulseaudio operations. With the change to pipewire, this functionality must be implemented in pipewire-pulse to guarantee the sandbox security. This patch adds support for sandboxing permissions in the pulseaudio module, and implements support for the SNAP audio security model, thus forbiding a SNAP application to record audio unless it has permissions to do so. The current code for pipewire-pulseaudio checks the permissions of the snap and adds three properties to each new client: * pipewire.snap.id: contains the Snap ID of the client. * pipewire.snap.audio.playback: its value is 'true' if the client has permission to play audio, or 'false' if not. * pipewire.snap.audio.record: its value is 'true' if the client has permission to record audio, or 'false' if not. These properties must be processed by wireplumber to add or remove access permissions to the corresponding nodes. That code is available in a separate patch: https://gitlab.freedesktop.org/pipewire/wireplumber/-/merge_requests/567
2023-11-22 10:26:16 +00:00
-Dsnap=disabled
artifacts:
name: pipewire-$CI_COMMIT_SHA
when: always
paths:
- build-*/meson-logs
- prefix-*
build_on_fedora_html_docs:
extends:
- .build_on_fedora
variables:
MESON_OPTIONS: >-
-Ddocs=enabled
-Dman=enabled
-Ddoc-prefix-value=/usr
-Ddoc-sysconfdir-value=/etc
-Dinstalled_tests=enabled
-Dsystemd-system-service=enabled
-Dbluez5-backend-hsphfpd=enabled
-Daudiotestsrc=enabled
-Dtest=enabled
-Dvideotestsrc=enabled
-Dvolume=enabled
-Dvulkan=enabled
-Dsdl2=enabled
-Dsndfile=enabled
-Dsession-managers=[]
before_script:
- git fetch origin 1.0 master
- git branch -f 1.0 origin/1.0
- git branch -f master origin/master
- git clone -b 1.0 . branch-1.0
- git clone -b master . branch-master
- !reference [.build, before_script]
script:
- cd branch-1.0
- meson setup builddir $MESON_OPTIONS
- meson compile -C builddir doc/pipewire-docs
- cd ../branch-master
- meson setup builddir $MESON_OPTIONS
- meson compile -C builddir doc/pipewire-docs
artifacts:
name: pipewire-$CI_COMMIT_SHA
when: always
paths:
- branch-*/builddir/meson-logs
- branch-*/builddir/doc/html
rules:
- !reference [pages, rules]
build_on_alpine:
extends:
- .alpine
- .not_coverity
- .fdo.distribution-image@alpine
- .build
stage: build
variables:
pipewire-pulse: add snap permissions support SNAP containers have two main "audio" security rules: * audio-playback: the applications inside the container can send audio samples into a sink * audio-record: the applications inside the container can get audio samples from a source Also, old SNAP containers had the "pulseaudio" rule, which just exposed the pulseaudio socket directly, without limits. This is similar to the current Flatpak audio permissions. In the pulseaudio days, a specific pulseaudio module was used that checked the permissions given to the application and allowed or forbade access to the pulseaudio operations. With the change to pipewire, this functionality must be implemented in pipewire-pulse to guarantee the sandbox security. This patch adds support for sandboxing permissions in the pulseaudio module, and implements support for the SNAP audio security model, thus forbiding a SNAP application to record audio unless it has permissions to do so. The current code for pipewire-pulseaudio checks the permissions of the snap and adds three properties to each new client: * pipewire.snap.id: contains the Snap ID of the client. * pipewire.snap.audio.playback: its value is 'true' if the client has permission to play audio, or 'false' if not. * pipewire.snap.audio.record: its value is 'true' if the client has permission to record audio, or 'false' if not. These properties must be processed by wireplumber to add or remove access permissions to the corresponding nodes. That code is available in a separate patch: https://gitlab.freedesktop.org/pipewire/wireplumber/-/merge_requests/567
2023-11-22 10:26:16 +00:00
MESON_OPTIONS: "-Dsession-managers=[] -Dsnap=disabled"
# build with all auto() options enabled
build_all:
extends:
- .build_on_fedora
variables:
# Fedora doesn't have libfreeaptx, lc3plus, lc3, or roc
# libcamera has no stable API, so let's not chase that target
MESON_OPTIONS: >-
-Dauto_features=enabled
-Dbluez5-codec-aptx=disabled
-Dbluez5-codec-lc3plus=disabled
-Dbluez5-codec-lc3=disabled
-Droc=disabled
-Dlibcamera=disabled
-Dsession-managers=[]
-Dc_args=['-UFASTPATH']
-Dcpp_args=['-UFASTPATH']
pipewire-pulse: add snap permissions support SNAP containers have two main "audio" security rules: * audio-playback: the applications inside the container can send audio samples into a sink * audio-record: the applications inside the container can get audio samples from a source Also, old SNAP containers had the "pulseaudio" rule, which just exposed the pulseaudio socket directly, without limits. This is similar to the current Flatpak audio permissions. In the pulseaudio days, a specific pulseaudio module was used that checked the permissions given to the application and allowed or forbade access to the pulseaudio operations. With the change to pipewire, this functionality must be implemented in pipewire-pulse to guarantee the sandbox security. This patch adds support for sandboxing permissions in the pulseaudio module, and implements support for the SNAP audio security model, thus forbiding a SNAP application to record audio unless it has permissions to do so. The current code for pipewire-pulseaudio checks the permissions of the snap and adds three properties to each new client: * pipewire.snap.id: contains the Snap ID of the client. * pipewire.snap.audio.playback: its value is 'true' if the client has permission to play audio, or 'false' if not. * pipewire.snap.audio.record: its value is 'true' if the client has permission to record audio, or 'false' if not. These properties must be processed by wireplumber to add or remove access permissions to the corresponding nodes. That code is available in a separate patch: https://gitlab.freedesktop.org/pipewire/wireplumber/-/merge_requests/567
2023-11-22 10:26:16 +00:00
-Dsnap=disabled
parallel:
matrix:
- CC: [gcc, clang]
# build with all options on auto() or their default values
build_with_no_commandline_options:
extends:
- .build_on_fedora
variables:
pipewire-pulse: add snap permissions support SNAP containers have two main "audio" security rules: * audio-playback: the applications inside the container can send audio samples into a sink * audio-record: the applications inside the container can get audio samples from a source Also, old SNAP containers had the "pulseaudio" rule, which just exposed the pulseaudio socket directly, without limits. This is similar to the current Flatpak audio permissions. In the pulseaudio days, a specific pulseaudio module was used that checked the permissions given to the application and allowed or forbade access to the pulseaudio operations. With the change to pipewire, this functionality must be implemented in pipewire-pulse to guarantee the sandbox security. This patch adds support for sandboxing permissions in the pulseaudio module, and implements support for the SNAP audio security model, thus forbiding a SNAP application to record audio unless it has permissions to do so. The current code for pipewire-pulseaudio checks the permissions of the snap and adds three properties to each new client: * pipewire.snap.id: contains the Snap ID of the client. * pipewire.snap.audio.playback: its value is 'true' if the client has permission to play audio, or 'false' if not. * pipewire.snap.audio.record: its value is 'true' if the client has permission to record audio, or 'false' if not. These properties must be processed by wireplumber to add or remove access permissions to the corresponding nodes. That code is available in a separate patch: https://gitlab.freedesktop.org/pipewire/wireplumber/-/merge_requests/567
2023-11-22 10:26:16 +00:00
MESON_OPTIONS: "-Dsession-managers=[] -Dsnap=disabled"
parallel:
matrix:
- CC: [gcc, clang]
# build with a set of options enabled or disabled
build_with_custom_options:
extends:
- .build_on_fedora
parallel:
matrix:
- MESON_OPTION: [docs, installed_tests, systemd-system-service, bluez5-backend-hsphfpd,
audiotestsrc, test, videotestsrc, volume, vulkan, sdl2, sndfile]
MESON_OPTION_VALUE: [enabled, disabled]
script:
- echo "Building with -D$MESON_OPTION=$MESON_OPTION_VALUE"
- meson setup "$BUILD_DIR" --prefix="$PREFIX" "-D$MESON_OPTION=$MESON_OPTION_VALUE" -Dsession-managers=[]
2023-03-09 22:48:47 +00:00
- meson compile -C "$BUILD_DIR" $COMPILE_ARGS
2023-03-09 22:41:09 +00:00
- meson test -C "$BUILD_DIR" --no-rebuild
build_with_asan_ubsan:
extends:
- .build_on_fedora
script:
- echo "Building with ASan and UBSan"
- meson setup "$BUILD_DIR" --prefix="$PREFIX" -D debug=true -D optimization=g -D b_sanitize=address,undefined -D session-managers=[]
- meson compile -C "$BUILD_DIR" $COMPILE_ARGS
2023-10-15 16:43:06 +00:00
- env UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1:print_stacktrace=1 ASAN_OPTIONS=halt_on_error=1:abort_on_error=1:print_summary=1 meson test -C "$BUILD_DIR" --no-rebuild
# A release build with NDEBUG, all options on auto() but tests explicitly
# enabled. This should show issues with tests failing due to different
# optimization or relying on assert.
build_release:
extends:
- .build_on_fedora
variables:
pipewire-pulse: add snap permissions support SNAP containers have two main "audio" security rules: * audio-playback: the applications inside the container can send audio samples into a sink * audio-record: the applications inside the container can get audio samples from a source Also, old SNAP containers had the "pulseaudio" rule, which just exposed the pulseaudio socket directly, without limits. This is similar to the current Flatpak audio permissions. In the pulseaudio days, a specific pulseaudio module was used that checked the permissions given to the application and allowed or forbade access to the pulseaudio operations. With the change to pipewire, this functionality must be implemented in pipewire-pulse to guarantee the sandbox security. This patch adds support for sandboxing permissions in the pulseaudio module, and implements support for the SNAP audio security model, thus forbiding a SNAP application to record audio unless it has permissions to do so. The current code for pipewire-pulseaudio checks the permissions of the snap and adds three properties to each new client: * pipewire.snap.id: contains the Snap ID of the client. * pipewire.snap.audio.playback: its value is 'true' if the client has permission to play audio, or 'false' if not. * pipewire.snap.audio.record: its value is 'true' if the client has permission to record audio, or 'false' if not. These properties must be processed by wireplumber to add or remove access permissions to the corresponding nodes. That code is available in a separate patch: https://gitlab.freedesktop.org/pipewire/wireplumber/-/merge_requests/567
2023-11-22 10:26:16 +00:00
MESON_OPTIONS: "-Dtest=enabled -Dbuildtype=release -Db_ndebug=true -Dsession-managers=[] -Dsnap=disabled"
parallel:
matrix:
- CC: [gcc, clang]
build_session_managers:
extends:
- .build_on_fedora
script:
- echo "Building with meson options $MESON_OPTIONS"
- meson setup "$BUILD_DIR" --prefix="$PREFIX" $MESON_OPTIONS
2023-03-09 22:48:47 +00:00
- meson compile -C "$BUILD_DIR" $COMPILE_ARGS
- meson install -C "$BUILD_DIR" --no-rebuild
variables:
pipewire-pulse: add snap permissions support SNAP containers have two main "audio" security rules: * audio-playback: the applications inside the container can send audio samples into a sink * audio-record: the applications inside the container can get audio samples from a source Also, old SNAP containers had the "pulseaudio" rule, which just exposed the pulseaudio socket directly, without limits. This is similar to the current Flatpak audio permissions. In the pulseaudio days, a specific pulseaudio module was used that checked the permissions given to the application and allowed or forbade access to the pulseaudio operations. With the change to pipewire, this functionality must be implemented in pipewire-pulse to guarantee the sandbox security. This patch adds support for sandboxing permissions in the pulseaudio module, and implements support for the SNAP audio security model, thus forbiding a SNAP application to record audio unless it has permissions to do so. The current code for pipewire-pulseaudio checks the permissions of the snap and adds three properties to each new client: * pipewire.snap.id: contains the Snap ID of the client. * pipewire.snap.audio.playback: its value is 'true' if the client has permission to play audio, or 'false' if not. * pipewire.snap.audio.record: its value is 'true' if the client has permission to record audio, or 'false' if not. These properties must be processed by wireplumber to add or remove access permissions to the corresponding nodes. That code is available in a separate patch: https://gitlab.freedesktop.org/pipewire/wireplumber/-/merge_requests/567
2023-11-22 10:26:16 +00:00
MESON_OPTIONS: "-Dsession-managers=$SESSION_MANAGERS -Dsnap=disabled"
parallel:
matrix:
- SESSION_MANAGERS: ["[]", "wireplumber", "media-session", "media-session,wireplumber", "wireplumber,media-session" ]
allow_failure: true
build_meson_prerelease:
extends:
- .build_on_fedora
script:
- dnf remove --assumeyes meson
- pip3 install --upgrade --pre meson
- echo "Building with meson options $MESON_OPTIONS"
- meson setup "$BUILD_DIR" --prefix="$PREFIX" $MESON_OPTIONS
2023-03-09 22:48:47 +00:00
- meson compile -C "$BUILD_DIR" $COMPILE_ARGS
- meson install -C "$BUILD_DIR" --no-rebuild
variables:
pipewire-pulse: add snap permissions support SNAP containers have two main "audio" security rules: * audio-playback: the applications inside the container can send audio samples into a sink * audio-record: the applications inside the container can get audio samples from a source Also, old SNAP containers had the "pulseaudio" rule, which just exposed the pulseaudio socket directly, without limits. This is similar to the current Flatpak audio permissions. In the pulseaudio days, a specific pulseaudio module was used that checked the permissions given to the application and allowed or forbade access to the pulseaudio operations. With the change to pipewire, this functionality must be implemented in pipewire-pulse to guarantee the sandbox security. This patch adds support for sandboxing permissions in the pulseaudio module, and implements support for the SNAP audio security model, thus forbiding a SNAP application to record audio unless it has permissions to do so. The current code for pipewire-pulseaudio checks the permissions of the snap and adds three properties to each new client: * pipewire.snap.id: contains the Snap ID of the client. * pipewire.snap.audio.playback: its value is 'true' if the client has permission to play audio, or 'false' if not. * pipewire.snap.audio.record: its value is 'true' if the client has permission to record audio, or 'false' if not. These properties must be processed by wireplumber to add or remove access permissions to the corresponding nodes. That code is available in a separate patch: https://gitlab.freedesktop.org/pipewire/wireplumber/-/merge_requests/567
2023-11-22 10:26:16 +00:00
MESON_OPTIONS: "-Dsession-managers=wireplumber,media-session -Dsnap=disabled"
allow_failure: true
build_meson_exact_release:
extends:
- .build_on_fedora
script:
- meson_version=$(head -n 5 meson.build | grep 'meson_version' | sed -e 's/.*\([0-9]\+\.[0-9]\+\.[0-9]\+\).*/\1/')
- echo "Requiring meson version $meson_version"
- test -n "$meson_version" || (echo "Meson version parser failed" && exit 1)
- dnf remove --assumeyes meson
# - pip3 uninstall --yes meson
- pip3 install "meson==$meson_version"
- echo "Building with meson options $MESON_OPTIONS"
- meson setup "$BUILD_DIR" --prefix="$PREFIX" $MESON_OPTIONS
2023-03-09 22:48:47 +00:00
- meson compile -C "$BUILD_DIR" $COMPILE_ARGS
- meson install -C "$BUILD_DIR" --no-rebuild
variables:
pipewire-pulse: add snap permissions support SNAP containers have two main "audio" security rules: * audio-playback: the applications inside the container can send audio samples into a sink * audio-record: the applications inside the container can get audio samples from a source Also, old SNAP containers had the "pulseaudio" rule, which just exposed the pulseaudio socket directly, without limits. This is similar to the current Flatpak audio permissions. In the pulseaudio days, a specific pulseaudio module was used that checked the permissions given to the application and allowed or forbade access to the pulseaudio operations. With the change to pipewire, this functionality must be implemented in pipewire-pulse to guarantee the sandbox security. This patch adds support for sandboxing permissions in the pulseaudio module, and implements support for the SNAP audio security model, thus forbiding a SNAP application to record audio unless it has permissions to do so. The current code for pipewire-pulseaudio checks the permissions of the snap and adds three properties to each new client: * pipewire.snap.id: contains the Snap ID of the client. * pipewire.snap.audio.playback: its value is 'true' if the client has permission to play audio, or 'false' if not. * pipewire.snap.audio.record: its value is 'true' if the client has permission to record audio, or 'false' if not. These properties must be processed by wireplumber to add or remove access permissions to the corresponding nodes. That code is available in a separate patch: https://gitlab.freedesktop.org/pipewire/wireplumber/-/merge_requests/567
2023-11-22 10:26:16 +00:00
MESON_OPTIONS: "-Dsession-managers=[] -Dsnap=disabled"
2021-07-07 02:55:03 +00:00
valgrind:
extends:
- .build_on_fedora
script:
- echo "Building with meson options $MESON_OPTIONS"
- meson setup "$BUILD_DIR" --prefix="$PREFIX" $MESON_OPTIONS
2021-07-07 02:55:03 +00:00
- meson test -C "$BUILD_DIR" --setup=valgrind
variables:
MESON_OPTIONS: "-Dsession-managers=[]"
2021-07-07 02:55:03 +00:00
build_with_coverity:
extends:
- .fedora
- .coverity
- .fdo.suffixed-image@fedora
- .build
stage: analysis
script:
- export PATH=/opt/coverity/bin:$PATH
- meson setup "$BUILD_DIR" --prefix="$PREFIX"
-Ddocs=disabled
-Dbluez5-backend-hsphfpd=enabled
-Daudiotestsrc=enabled
-Dtest=enabled
-Dvideotestsrc=enabled
-Dvolume=enabled
-Dvulkan=enabled
-Dsdl2=enabled
-Dsndfile=enabled
-Dsession-managers=[]
- cov-configure --config coverity_conf.xml
--comptype gcc --compiler cc --template
--xml-option=append_arg@C:--ppp_translator
--xml-option=append_arg@C:"replace/_sd_deprecated_\s+=/ ="
--xml-option=append_arg@C:--ppp_translator
--xml-option=append_arg@C:"replace/GLIB_(DEPRECATED|AVAILABLE)_ENUMERATOR_IN_\d_\d\d(_FOR\(\w+\)|)\s+=/ ="
--xml-option=append_arg@C:--ppp_translator
--xml-option=append_arg@C:"replace/(__has_builtin|_GLIBCXX_HAS_BUILTIN)\(\w+\)/1"
2023-03-09 22:48:47 +00:00
- cov-build --dir cov-int --config coverity_conf.xml meson compile -C "$BUILD_DIR" $COMPILE_ARGS
- tar czf cov-int.tar.gz cov-int
- curl https://scan.coverity.com/builds?project=$COVERITY_SCAN_PROJECT_NAME
--form token=$COVERITY_SCAN_TOKEN --form email=$GITLAB_USER_EMAIL
--form file=@cov-int.tar.gz --form version="`git describe --tags`"
--form description="`git describe --tags` / $CI_COMMIT_TITLE / $CI_COMMIT_REF_NAME:$CI_PIPELINE_ID "
artifacts:
name: pipewire-coverity-$CI_COMMIT_SHA
when: always
paths:
- build-*/meson-logs
- cov-int/build-log.txt
2021-05-09 22:34:11 +00:00
shellcheck:
extends:
- .build_on_fedora
stage: analysis
variables:
MESON_OPTIONS: >-
-Dpipewire-v4l2=enabled
-Dpipewire-jack=enabled
2021-05-09 22:34:11 +00:00
script:
- echo "Configuring with meson options $MESON_OPTIONS"
- meson setup "$BUILD_DIR" --prefix="$PREFIX" $MESON_OPTIONS
- shellcheck $(git ls-files '*.sh')
- shellcheck $(grep -rl "#\!/.*bin/.*sh" "$BUILD_DIR")
2021-05-09 22:34:11 +00:00
spellcheck:
extends:
- .build_on_fedora
stage: analysis
script:
- git ls-files | grep -v .gitlab-ci.yml | xargs -d '\n' sed -i 's/Pipewire/PipeWire/g'
- git diff --exit-code || (echo "Please fix the above spelling mistakes" && exit 1)
doccheck:
extends:
- .build_on_fedora
stage: analysis
script:
# Check that each pipewire module has a \subpage entry
- git grep -h -o -e "\\\page page_module_\w\+" | cut -f2 -d ' ' > pipewire_module_pages
- cat pipewire_module_pages
- |
for page in $(cat pipewire_module_pages); do
git grep -q -e "\\\subpage $page" || (echo "\\page $page is missing \\subpage entry in doc/pipewire-modules.dox" && false)
done
check_missing_headers:
extends:
- .fedora
- .not_coverity
- .fdo.distribution-image@fedora
stage: analysis
dependencies:
- build_on_fedora
script:
- export PREFIX=`find -name prefix-*`
- ./.gitlab/ci/check_missing_headers.sh
pages:
extends:
- .not_coverity
stage: pages
dependencies:
- build_on_fedora_html_docs
script:
- mkdir public public/devel
- cp -R branch-1.0/builddir/doc/html/* public/
- cp -R branch-master/builddir/doc/html/* public/devel/
artifacts:
paths:
- public
rules:
- if: $CI_COMMIT_BRANCH == 'master'
- if: $CI_COMMIT_BRANCH == '1.0'