Wednesday, November 7, 2018

Continuous Integration/Contious Delivery

As mentioned a few times in the changelog and quite a bit in the commits, we have been using a bunch of tools to improve our code quality. And fine tuning them to do more and give us better information. We also use static analysis tools but that step is often done manually.

GitHub has been making it fairly easy to integrate with tools, even custom ones. Their marketplace offers a number of tools to help for development. On top of that, some companies offer to use theirs for free on open source project, which is a great way to improve code quality.

Let's walk through our current CI/CD infrastructure.

We first used Coverity Scan to do static analysis. Even though there are false positives here and there, it's a useful tool. Every single item reported by Coverity explains the path taken that leads to issue. In some cases the complexity of the path is impressive, going through more than 100 conditions. Although it can be integrated with GitHub, it works independently in our case and submitting up to two times a day if there are changes since the last time a build was submitted.

Later on, we added Travis CI. It offers Ubuntu 14.04 and OSX and in both instances, we test using GCC and clang, as well as with gcrypt or openSSL.

We then added AppVeyor to build on Windows. We currently build on cygwin 32 and 64 bit as well as MSYS64 and it builds a package for Windows. With the exception of the package, it tries compiling with GCC and clang in all cases.

If you haven't started doing CI/CD and need to build for Windows, consider using Travis as well as it now supports it.

We then added buildbots. Our buildbots cover current stable versions of:
  • Alpine Linux
  • Kali Linux
  • Kali Linux armel
  • Kali Linux armhf
  • FreeBSD
  • CentOS
We also added a buildbot to test with Intel C++ Compiler.

They all run on the same system with the exception of armel, armhf and FreeBSD that are separate.

And very recently, we added another one to build packages for a number of Linux distributions. It also automatically builds release packages when a new release is tagged in GitHub and it builds git packages whenever code is committed in our repository.

We are now planning to have our own buildbot server to consolidate, simplify and make it easier to manage our buildbot infrastructure. We'll add more systems and possibly use qemu to emulate specific CPUs.