openconnect/.gitlab-ci.yml

variables:
  BUILD_IMAGES_PROJECT: openconnect/build-images
  CENTOS6_BUILD: openconnect-cli-centos6
  CENTOS7_BUILD: openconnect-cli-centos7
  CENTOS8_BUILD: openconnect-cli-centos8
  FEDORA_BUILD: openconnect-cli-fedora35
  MINGW32_BUILD: openconnect-cli-mingw32
  MINGW64_BUILD: openconnect-cli-mingw64
  UBUNTU_BUILD: openconnect-cli-ubuntu
  ANDROID_BUILD: openconnect-cli-android
  ANDROID_TOOLCHAINDIR: /opt/android-sdk-linux_x86/toolchains

image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD

CentOS7/GnuTLS:
  image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$CENTOS7_BUILD
  script:
  - ./autogen.sh
# For reasons that are not clear, OpenConnect fails to handshake a TLS connection to Python 3.6+Flask
# (verified in https://gitlab.com/openconnect/openconnect/-/jobs/1135245618#L520), so we disable the
# Flask-based authentication tests.
  - ./configure --with-java --enable-ppp-tests --disable-flask-tests CFLAGS=-g
  - make -j4
# For reasons that are unclear, but probably also unimportant, IPv6 is disabled by default on this CI
# image (verified in https://gitlab.com/openconnect/openconnect/-/jobs/1135199323#L335), and this will
# cause PPP tests using IPv6 to fail. So we must explicitly enable IPv6:
  - sysctl net.ipv6.conf.all.disable_ipv6=0
# we don't want pppd to invoke any actual connection scripts
  - mv /etc/ppp /etc/ppp.DISABLED
# auth-nonascii: UTF-8 support is not available in distro's ocserv package
# ppp-over-tls-sync: https://gitlab.com/openconnect/openconnect/-/issues/287#note_641198529)
  - make VERBOSE=1 XFAIL_TESTS="auth-nonascii ppp-over-tls-sync" -j4 check
  tags:
  - shared
  except:
  - tags
  - schedules
  artifacts:
    expire_in: 1 week
    when: on_failure
    paths:
      - tests/*.log

CentOS7/OpenSSL:
  image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$CENTOS7_BUILD
  script:
  - ./autogen.sh
# For reasons that are not clear, OpenConnect fails to handshake a TLS connection to Python 3.6+Flask
# (verified in https://gitlab.com/openconnect/openconnect/-/jobs/1135245618#L520), so we disable the
# Flask-based authentication tests.
  - ./configure --without-gnutls --with-openssl --with-java --without-openssl-version-check --enable-dtls-xfail --disable-dsa-tests --enable-ppp-tests --disable-flask-tests CFLAGS=-g
  - make -j4
# For reasons that are unclear, but probably also unimportant, IPv6 is disabled by default on this CI
# image (verified in https://gitlab.com/openconnect/openconnect/-/jobs/1135199323#L335), and this will
# cause PPP tests using IPv6 to fail. So we must explicitly enable IPv6:
  - sysctl net.ipv6.conf.all.disable_ipv6=0
# we don't want pppd to invoke any actual connection scripts
  - mv /etc/ppp /etc/ppp.DISABLED
# auth-nonascii: UTF-8 support is not available in distro's ocserv package
# dtls-psk: communication with ocserv fails for undetermined reasons marking as xfail until issue is identified
# ppp-over-tls-sync: https://gitlab.com/openconnect/openconnect/-/issues/287#note_641198529)
  - make VERBOSE=1 XFAIL_TESTS="auth-nonascii dtls-psk ppp-over-tls-sync" -j4 check
  tags:
  - shared
  except:
  - tags
  - schedules
  artifacts:
    expire_in: 1 week
    when: on_failure
    paths:
      - tests/*.log

CentOS8/GnuTLS:
  image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$CENTOS8_BUILD
  script:
  - ./autogen.sh
  - ./configure --with-java --without-gnutls-version-check --disable-dsa-tests --enable-ppp-tests CFLAGS=-g
  - make -j4
# For reasons that are unclear, but probably also unimportant, IPv6 is disabled by default on this CI
# image (verified in https://gitlab.com/openconnect/openconnect/-/jobs/1135199323#L335), and this will
# cause PPP tests using IPv6 to fail. So we must explicitly enable IPv6:
  - sysctl net.ipv6.conf.all.disable_ipv6=0
# we don't want pppd to invoke any actual connection scripts
  - mv /etc/ppp /etc/ppp.DISABLED
# auth-nonascii: UTF-8 support is not available in distro's ocserv package
# ppp-over-tls-sync: https://gitlab.com/openconnect/openconnect/-/issues/287#note_641198529)
  - make VERBOSE=1 XFAIL_TESTS="auth-nonascii ppp-over-tls-sync" -j4 check
  tags:
  - shared
  except:
  - tags
  - schedules
  artifacts:
    expire_in: 1 week
    when: on_failure
    paths:
      - tests/*.log

CentOS8/OpenSSL:
  image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$CENTOS8_BUILD
  script:
  - ./autogen.sh
  - ./configure --without-gnutls --with-openssl --with-java --without-openssl-version-check --disable-dsa-tests --enable-ppp-tests CFLAGS=-g
  - make -j4
# For reasons that are unclear, but probably also unimportant, IPv6 is disabled by default on this CI
# image (verified in https://gitlab.com/openconnect/openconnect/-/jobs/1135199323#L335), and this will
# cause PPP tests using IPv6 to fail. So we must explicitly enable IPv6:
  - sysctl net.ipv6.conf.all.disable_ipv6=0
# we don't want pppd to invoke any actual connection scripts
  - mv /etc/ppp /etc/ppp.DISABLED
# auth-nonascii: UTF-8 support is not available in distro's ocserv package
# ppp-over-tls-sync: https://gitlab.com/openconnect/openconnect/-/issues/287#note_641198529)
  - make VERBOSE=1 XFAIL_TESTS="auth-nonascii ppp-over-tls-sync" -j4 check
  tags:
  - shared
  except:
  - tags
  - schedules
  artifacts:
    expire_in: 1 week
    when: on_failure
    paths:
      - tests/*.log

Signoff:
  script:
  # Quoted to work around https://gitlab.com/gitlab-org/gitlab-foss/-/issues/20177
  - 'echo "Checking for new commits without Signed-off-by: tags as described in https://www.infradead.org/openconnect/contribute.html"'
  # Last bad commit
  - 'git log ceab1765db11c15a18a0c605812dbc11afd63e8b.. --grep "(^Signed-off-by)|(^Merge branch)|(^This reverts commit)" --extended-regexp --invert-grep --exit-code'
  - echo "None (good)"

Coverity:
  image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$CENTOS8_BUILD
  only:
  - schedules
  - coverity
  script:
  - curl -o /tmp/cov-analysis-linux64.tgz https://scan.coverity.com/download/linux64
    --form project=$COVERITY_SCAN_PROJECT_NAME --form token=$COVERITY_SCAN_TOKEN
  - tar xfz /tmp/cov-analysis-linux64.tgz
  - ./autogen.sh
  - ./configure --with-java --without-gnutls --with-openssl --disable-dsa-tests
  - cd java
  - ../cov-analysis-linux64-*/bin/cov-build --dir ../cov-int ant
  - cd ..
  - cov-analysis-linux64-*/bin/cov-build --dir cov-int make -j4
  - make clean
  - ./configure --with-java --disable-dsa-tests --without-gnutls-version-check
  - cov-analysis-linux64-*/bin/cov-build --dir cov-int make -j4
  - tar cfz cov-int.tar.gz cov-int
  - curl https://scan.coverity.com/builds?project=$COVERITY_SCAN_PROJECT_NAME
    --form token=$COVERITY_SCAN_TOKEN --form email=email=$GITLAB_USER_EMAIL
    --form file=@cov-int.tar.gz --form version="`git describe --tags`"
    --form description="`git describe --tags` / $CI_COMMIT_TITLE / $CI_COMMIT_REF_NAME:$CI_PIPELINE_ID "
  tags:
  - shared
  artifacts:
    expire_in: 1 week
    when: on_failure
    paths:
      - cov-int/*.txt

ubsan/GnuTLS/Fedora:
  image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD
  script:
  - ./autogen.sh
  - export UBCFLAGS="-Wall -Wextra -fsanitize=undefined -fsanitize=bool -fsanitize=alignment -fsanitize=null -fsanitize=bounds-strict -fsanitize=enum -fno-sanitize-recover -g -O2"
  - CFLAGS="$UBCFLAGS" ./configure --with-java --disable-dsa-tests --without-gnutls-version-check
  - make -j4
# obsolete-server-crypto: system-wide crypto policy prevents --allow-insecure-crypto from working, and the
#   library-reinitialization hack does not reliably work (https://gitlab.com/openconnect/openconnect/-/issues/243#note_576194663)
#   XFAIL until we get a solution for https://bugzilla.redhat.com/show_bug.cgi?id=1960763
  - make VERBOSE=1 XFAIL_TESTS="obsolete-server-crypto" -j4 check
  tags:
  - shared
  - linux
  except:
  - tags
  - schedules
  artifacts:
    expire_in: 1 week
    when: on_failure
    paths:
      - ./*.log
      - tests/*.log

ubsan/OpenSSL/Fedora:
  image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD
  script:
  - ./autogen.sh
  - export UBCFLAGS="-Wall -Wextra -fsanitize=undefined -fsanitize=bool -fsanitize=alignment -fsanitize=null -fsanitize=bounds-strict -fsanitize=enum -fno-sanitize-recover -g -O2"
  - CFLAGS="$UBCFLAGS" ./configure --without-gnutls --with-openssl --without-openssl-version-check --disable-dsa-tests
  - make -j4
# auth-swtpm: XFAIL until we understand the TPM error
  - make VERBOSE=1 XFAIL_TESTS="auth-swtpm" -j4 check
  tags:
  - shared
  - linux
  except:
  - tags
  - schedules
  artifacts:
    expire_in: 1 week
    when: on_failure
    paths:
      - ./*.log
      - tests/*.log

asan/GnuTLS/Fedora:
  image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD
  only:
  - asan
  script:
  - ./autogen.sh
  - CC=clang CFLAGS="-fsanitize=address -fno-optimize-sibling-calls -fno-omit-frame-pointer -g -O1"
    ./configure --with-java --disable-dsa-tests --without-gnutls-version-check --without-asan-broken-tests
  - make -j4
  - make VERBOSE=1 -j4 check
  tags:
  - shared
  - linux
  except:
  - tags
  - schedules
  artifacts:
    expire_in: 1 week
    when: on_failure
    paths:
      - ./*.log
      - tests/*.log

asan/OpenSSL/Fedora:
  image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD
  only:
  - asan
  script:
  - ./autogen.sh
  - CC=clang CFLAGS="-fsanitize=address -fno-optimize-sibling-calls -fno-omit-frame-pointer -g -O1"
    ./configure --without-gnutls --with-openssl --without-openssl-version-check --disable-dsa-tests --without-asan-broken-tests
  - make -j4
  - make VERBOSE=1 -j4 check
  tags:
  - shared
  - linux
  except:
  - tags
  - schedules
  artifacts:
    expire_in: 1 week
    when: on_failure
    paths:
      - ./*.log
      - tests/*.log

Fedora/GnuTLS:
  script:
  - ./autogen.sh
  - ./configure --with-java --disable-dsa-tests --without-gnutls-version-check --enable-ppp-tests CFLAGS=-g
  - make tmp-distdir
  - mkdir build
  - cd build
  - TMPDISTDIR=../openconnect-$(git describe --tags | sed s/^v//)
  - ${TMPDISTDIR}/configure --with-java --disable-dsa-tests --without-gnutls-version-check --enable-ppp-tests CFLAGS=-g
  - make -j4
# For reasons that are unclear, but probably also unimportant, IPv6 is disabled by default on this CI
# image (verified in https://gitlab.com/openconnect/openconnect/-/jobs/1135199323#L335), and this will
# cause PPP tests using IPv6 to fail. So we must explicitly enable IPv6:
  - sysctl net.ipv6.conf.all.disable_ipv6=0
# we don't want pppd to invoke any actual connection scripts
  - mv /etc/ppp /etc/ppp.DISABLED
# obsolete-server-crypto: system-wide crypto policy prevents --allow-insecure-crypto from working, and the
#   library-reinitialization hack does not reliably work (https://gitlab.com/openconnect/openconnect/-/issues/243#note_576194663)
#   XFAIL until we get a solution for https://bugzilla.redhat.com/show_bug.cgi?id=1960763
# ppp-over-tls-sync: https://gitlab.com/openconnect/openconnect/-/issues/287#note_641198529)
  - make VERBOSE=1 XFAIL_TESTS="obsolete-server-crypto ppp-over-tls-sync" -j4 check
  tags:
  - shared
  except:
  - tags
  - schedules
  artifacts:
    expire_in: 1 week
    when: on_failure
    paths:
      - build/tests/*.log

Fedora/GnuTLS/ibmtss:
  script:
  - ./autogen.sh
  - ./configure --with-java --disable-dsa-tests --without-gnutls-version-check --enable-ppp-tests CFLAGS=-g
  - make tmp-distdir
  - mkdir build
  - cd build
  - TMPDISTDIR=../openconnect-$(git describe --tags | sed s/^v//)
  - ${TMPDISTDIR}/configure --with-java --disable-dsa-tests --without-gnutls-version-check --enable-ppp-tests --with-gnutls-tss2=ibmtss CFLAGS=-g
  - make -j4
# For reasons that are unclear, but probably also unimportant, IPv6 is disabled by default on this CI
# image (verified in https://gitlab.com/openconnect/openconnect/-/jobs/1135199323#L335), and this will
# cause PPP tests using IPv6 to fail. So we must explicitly enable IPv6:
  - sysctl net.ipv6.conf.all.disable_ipv6=0
# we don't want pppd to invoke any actual connection scripts
  - mv /etc/ppp /etc/ppp.DISABLED
# obsolete-server-crypto: system-wide crypto policy prevents --allow-insecure-crypto from working, and the
#   library-reinitialization hack does not reliably work (https://gitlab.com/openconnect/openconnect/-/issues/243#note_576194663)
#   XFAIL until we get a solution for https://bugzilla.redhat.com/show_bug.cgi?id=1960763
# ppp-over-tls-sync: https://gitlab.com/openconnect/openconnect/-/issues/287#note_641198529)
  - make VERBOSE=1 XFAIL_TESTS="obsolete-server-crypto ppp-over-tls-sync" -j4 check
  tags:
  - shared
  except:
  - tags
  - schedules
  artifacts:
    expire_in: 1 week
    when: on_failure
    paths:
      - build/tests/*.log

Fedora/GnuTLS/clang:
  script:
  - ./autogen.sh
  - ./configure --with-java --disable-dsa-tests --without-gnutls-version-check CC=clang --enable-ppp-tests CFLAGS=-g
  - make tmp-distdir
  - mkdir build
  - cd build
  - TMPDISTDIR=../openconnect-$(git describe --tags | sed s/^v//)
  - ${TMPDISTDIR}/configure --with-java --disable-dsa-tests --without-gnutls-version-check CC=clang --enable-ppp-tests CFLAGS=-g
  - make -j4
# For reasons that are unclear, but probably also unimportant, IPv6 is disabled by default on this CI
# image (verified in https://gitlab.com/openconnect/openconnect/-/jobs/1135199323#L335), and this will
# cause PPP tests using IPv6 to fail. So we must explicitly enable IPv6:
  - sysctl net.ipv6.conf.all.disable_ipv6=0
# we don't want pppd to invoke any actual connection scripts
  - mv /etc/ppp /etc/ppp.DISABLED
# obsolete-server-crypto: system-wide crypto policy prevents --allow-insecure-crypto from working, and the
#   library-reinitialization hack does not reliably work (https://gitlab.com/openconnect/openconnect/-/issues/243#note_576194663)
#   XFAIL until we get a solution for https://bugzilla.redhat.com/show_bug.cgi?id=1960763
# ppp-over-tls-sync: https://gitlab.com/openconnect/openconnect/-/issues/287#note_641198529)
  - make VERBOSE=1 XFAIL_TESTS="obsolete-server-crypto ppp-over-tls-sync" -j4 check
  tags:
  - shared
  except:
  - tags
  - schedules
  artifacts:
    expire_in: 1 week
    when: on_failure
    paths:
      - build/tests/*.log

Fedora/OpenSSL:
  script:
# Re-enable DSA since we test it
  - update-crypto-policies --set LEGACY
  - ./autogen.sh
  - ./configure --without-gnutls --with-openssl --without-openssl-version-check --disable-dsa-tests --enable-ppp-tests CFLAGS=-g
  - make tmp-distdir
  - mkdir build
  - cd build
  - TMPDISTDIR=../openconnect-$(git describe --tags | sed s/^v//)
  - ${TMPDISTDIR}/configure --without-gnutls --with-openssl --without-openssl-version-check --disable-dsa-tests --enable-ppp-tests CFLAGS=-g
  - make -j4
# For reasons that are unclear, but probably also unimportant, IPv6 is disabled by default on this CI
# image (verified in https://gitlab.com/openconnect/openconnect/-/jobs/1135199323#L335), and this will
# cause PPP tests using IPv6 to fail. So we must explicitly enable IPv6:
  - sysctl net.ipv6.conf.all.disable_ipv6=0
# we don't want pppd to invoke any actual connection scripts
  - mv /etc/ppp /etc/ppp.DISABLED
# auth-nonascii: UTF-8 support is not available in distro's ocserv package
# auth-swtpm: XFAIL until we understand the TPM error
# ppp-over-tls-sync: https://gitlab.com/openconnect/openconnect/-/issues/287#note_641198529)
  - make VERBOSE=1 XFAIL_TESTS="auth-swtpm ppp-over-tls-sync" -j4 check
  tags:
  - shared
  except:
  - tags
  - schedules
  artifacts:
    expire_in: 1 week
    when: on_failure
    paths:
      - build/tests/*.log

Fedora/OpenSSL/clang:
  script:
# Re-enable DSA since we test it
  - update-crypto-policies --set LEGACY
  - ./autogen.sh
  - ./configure CC=clang --without-gnutls --with-openssl --without-openssl-version-check --disable-dsa-tests --enable-ppp-tests CFLAGS=-g
  - make tmp-distdir
  - mkdir build
  - cd build
  - TMPDISTDIR=../openconnect-$(git describe --tags | sed s/^v//)
  - ${TMPDISTDIR}/configure CC=clang --without-gnutls --with-openssl --without-openssl-version-check --disable-dsa-tests --enable-ppp-tests CFLAGS=-g
  - make -j4
# For reasons that are unclear, but probably also unimportant, IPv6 is disabled by default on this CI
# image (verified in https://gitlab.com/openconnect/openconnect/-/jobs/1135199323#L335), and this will
# cause PPP tests using IPv6 to fail. So we must explicitly enable IPv6:
  - sysctl net.ipv6.conf.all.disable_ipv6=0
# we don't want pppd to invoke any actual connection scripts
  - mv /etc/ppp /etc/ppp.DISABLED
# auth-swtpm: XFAIL until we understand the TPM error
# ppp-over-tls-sync: https://gitlab.com/openconnect/openconnect/-/issues/287#note_641198529)
  - make VERBOSE=1 XFAIL_TESTS="auth-swtpm ppp-over-tls-sync" -j4 check
  tags:
  - shared
  except:
  - tags
  - schedules
  artifacts:
    expire_in: 1 week
    when: on_failure
    paths:
      - build/tests/*.log

Ubuntu18.04/GnuTLS:
  image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$UBUNTU_BUILD
  script:
  - ./autogen.sh
  - ./configure --with-java --enable-ppp-tests CFLAGS=-g
  - make -j4
# For reasons that are unclear, but probably also unimportant, IPv6 is disabled by default on this CI
# image (verified in https://gitlab.com/openconnect/openconnect/-/jobs/1135199323#L335), and this will
# cause PPP tests using IPv6 to fail. So we must explicitly enable IPv6:
  - sysctl net.ipv6.conf.all.disable_ipv6=0
# we don't want pppd to invoke any actual connection scripts
  - mv /etc/ppp /etc/ppp.DISABLED
# auth-nonascii: UTF-8 support is not available in distro's ocserv package
# ppp-over-tls-sync: https://gitlab.com/openconnect/openconnect/-/issues/287#note_641198529)
  - make VERBOSE=1 XFAIL_TESTS="auth-nonascii ppp-over-tls-sync" -j4 check
  tags:
  - shared
  except:
  - tags
  - schedules
  artifacts:
    expire_in: 1 week
    paths:
      - tests/*.log

Ubuntu18.04/OpenSSL:
  image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$UBUNTU_BUILD
  script:
  - ./autogen.sh
  - ./configure --without-gnutls --with-openssl --with-java --without-openssl-version-check --disable-dsa-tests --enable-ppp-tests CFLAGS=-g
  - make -j4
# For reasons that are unclear, but probably also unimportant, IPv6 is disabled by default on this CI
# image (verified in https://gitlab.com/openconnect/openconnect/-/jobs/1135199323#L335), and this will
# cause PPP tests using IPv6 to fail. So we must explicitly enable IPv6:
  - sysctl net.ipv6.conf.all.disable_ipv6=0
# we don't want pppd to invoke any actual connection scripts
  - mv /etc/ppp /etc/ppp.DISABLED
# auth-nonascii: UTF-8 support is not available in distro's ocserv package
# obsolete-server-crypto: OpenSSL 1.1.0 disables 3DES and RC4 by default (https://www.openssl.org/blog/blog/2016/08/24/sweet32/)
# ppp-over-tls-sync: https://gitlab.com/openconnect/openconnect/-/issues/287#note_641198529)
  - make VERBOSE=1 XFAIL_TESTS="auth-nonascii obsolete-server-crypto ppp-over-tls-sync" -j4 check
  tags:
  - shared
  except:
  - tags
  - schedules
  artifacts:
    expire_in: 1 week
    when: on_failure
    paths:
      - tests/*.log

MinGW32/GnuTLS:
  image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$MINGW32_BUILD
  script:
  - mount -t binfmt_misc binfmt_misc /proc/sys/fs/binfmt_misc
  - echo ':DOSWin:M::MZ::/usr/bin/wine:' > /proc/sys/fs/binfmt_misc/register
  - ./autogen.sh
  - mingw32-configure --without-gnutls-version-check CFLAGS=-g
  - make -j4
# These tests seem to fail due to wine failing to start; setting as XFAIL
# since these never run before this patch set.
  - make VERBOSE=1 -j4 check XFAIL_TESTS="sigterm dtls-psk"
  tags:
  - shared
  except:
  - tags
  - schedules
  artifacts:
    expire_in: 1 week
    when: always
    paths:
      - tests/*.log
      - openconnect-installer.exe

MinGW32/OpenSSL:
  image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$MINGW32_BUILD
  script:
  - mount -t binfmt_misc binfmt_misc /proc/sys/fs/binfmt_misc
  - echo ':DOSWin:M::MZ::/usr/bin/wine:' > /proc/sys/fs/binfmt_misc/register
  - ./autogen.sh
  - mingw32-configure --without-gnutls --with-openssl --without-openssl-version-check CFLAGS=-g
  - make -j4
# These tests seem to fail due to wine failing to start; setting as XFAIL
# since these never run before this patch set.
  - make VERBOSE=1 -j4 check XFAIL_TESTS="sigterm dtls-psk"
  tags:
  - shared
  except:
  - tags
  - schedules
  artifacts:
    expire_in: 1 week
    when: always
    paths:
      - tests/*.log
      - openconnect-installer.exe

MinGW64/GnuTLS:
  image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$MINGW64_BUILD
  script:
  - dnf remove -y wine.i686
  - mount -t binfmt_misc binfmt_misc /proc/sys/fs/binfmt_misc
  - echo ':DOSWin:M::MZ::/usr/bin/wine:' > /proc/sys/fs/binfmt_misc/register
  - ./autogen.sh
  - mingw64-configure --without-gnutls-version-check CFLAGS=-g
  - make -j4
# These tests seem to fail due to wine failing to start; setting as XFAIL
# since these never run before this patch set.
  - make VERBOSE=1 -j4 check XFAIL_TESTS="sigterm dtls-psk"
  tags:
  - shared
  except:
  - tags
  - schedules
  artifacts:
    expire_in: 1 week
    when: always
    paths:
      - tests/*.log
      - openconnect-installer.exe

MinGW64/OpenSSL:
  image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$MINGW64_BUILD
  script:
  - dnf remove -y wine.i686
  - mount -t binfmt_misc binfmt_misc /proc/sys/fs/binfmt_misc
  - echo ':DOSWin:M::MZ::/usr/bin/wine:' > /proc/sys/fs/binfmt_misc/register
  - ./autogen.sh
  - mingw64-configure --without-gnutls --with-openssl --without-openssl-version-check CFLAGS=-g
  - make -j4
# These tests seem to fail due to wine failing to start; setting as XFAIL
# since these never run before this patch set.
  - make VERBOSE=1 -j4 check XFAIL_TESTS="sigterm dtls-psk"
  tags:
  - shared
  except:
  - tags
  - schedules
  artifacts:
    expire_in: 1 week
    when: always
    paths:
      - tests/*.log
      - openconnect-installer.exe

Android/x86_64:
  image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$ANDROID_BUILD
  script:
  tags:
  - shared
  script:
  - make -C android ARCH=x86_64 TOOLCHAIN=$ANDROID_TOOLCHAINDIR/'$(TRIPLET)-$(API_LEVEL)'
  artifacts:
    when: always
    paths:
      - android/*-linux-android*/out/*

Android/x86:
  image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$ANDROID_BUILD
  script:
  tags:
  - shared
  script:
  - make -C android ARCH=x86 TOOLCHAIN=$ANDROID_TOOLCHAINDIR/'$(TRIPLET)-$(API_LEVEL)'
  artifacts:
    when: always
    paths:
      - android/*-linux-android*/out/*

Android/arm:
  image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$ANDROID_BUILD
  script:
  tags:
  - shared
  script:
  - make -C android ARCH=arm TOOLCHAIN=$ANDROID_TOOLCHAINDIR/'$(TRIPLET)-$(API_LEVEL)'
  artifacts:
    when: always
    paths:
      - android/*-linux-android*/out/*

Android/arm64:
  image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$ANDROID_BUILD
  script:
  tags:
  - shared
  script:
  - make -C android ARCH=arm64 TOOLCHAIN=$ANDROID_TOOLCHAINDIR/'$(TRIPLET)-$(API_LEVEL)'
  artifacts:
    when: always
    paths:
      - android/*-linux-android*/out/*

static-analyzer/GnuTLS/Fedora:
  image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:buildenv-fedora33
  script:
  - ./autogen.sh
  - scan-build ./configure
  - scan-build --status-bugs -o scan-build-src make -j4
  tags:
  - shared
  - linux
  except:
  - tags
  - schedules
  artifacts:
    expire_in: 1 week
    when: always
    paths:
      - scan-build-src/*

static-analyzer/OpenSSL/Fedora:
  image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:buildenv-fedora33
  script:
  - ./autogen.sh
  - scan-build ./configure --without-gnutls --with-openssl --without-openssl-version-check
  - scan-build --status-bugs -o scan-build-src make -j4
  tags:
  - shared
  - linux
  except:
  - tags
  - schedules
  artifacts:
    expire_in: 1 week
    when: on_failure
    paths:
      - scan-build-src/*