From a9ca599bc30ac43bf4e7e9e7ed62f10023368ad0 Mon Sep 17 00:00:00 2001 From: Brad Stein Date: Mon, 18 May 2026 11:02:18 -0300 Subject: [PATCH] ci(lesavka): run safe gate in one exec --- Jenkinsfile | 109 ++++++++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 98 insertions(+), 11 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index f75daa1..4486300 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -76,6 +76,9 @@ spec: } stage('Bootstrap CI Toolchain') { + when { + expression { return params.LESAVKA_CI_PROFILE != 'safe' } + } steps { container('rust-ci') { sh ''' @@ -113,6 +116,90 @@ spec: } } + stage('Safe Gate (Single Exec)') { + when { + expression { return params.LESAVKA_CI_PROFILE == 'safe' } + } + steps { + container('rust-ci') { + sh ''' + set -eu + + apt-get update + DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \ + python3 \ + build-essential \ + curl \ + file \ + git \ + clang \ + llvm \ + pkg-config \ + libssl-dev \ + ca-certificates \ + libgstreamer1.0-dev \ + libgstreamer-plugins-base1.0-dev \ + gstreamer1.0-tools \ + gstreamer1.0-plugins-base \ + gstreamer1.0-plugins-good \ + gstreamer1.0-plugins-bad \ + gstreamer1.0-plugins-ugly \ + gstreamer1.0-libav \ + protobuf-compiler \ + libpango1.0-dev \ + libcairo2-dev \ + libgdk-pixbuf-2.0-dev \ + libgtk-4-dev + rm -rf /var/lib/apt/lists/* + rustup component add rustfmt llvm-tools-preview clippy + git config --global --add safe.directory "$WORKSPACE" + + overall_rc=0 + run_gate() { + name="$1" + shift + printf '\\n== %s ==\\n' "$name" + if "$@"; then + return 0 + else + rc=$? + printf 'gate failed: %s (rc=%s)\\n' "$name" "$rc" >&2 + overall_rc=1 + fi + } + + export QUALITY_GATE_PUSHGATEWAY_URL="${QUALITY_GATE_PUSHGATEWAY_URL}" + run_gate "style/docs/loc/naming" scripts/ci/hygiene_gate.sh + run_gate "tests" scripts/ci/test_gate.sh + + if ! cargo llvm-cov --version >/dev/null 2>&1; then + if ! cargo install --locked cargo-llvm-cov; then + overall_rc=1 + fi + fi + run_gate "coverage" scripts/ci/quality_gate.sh + run_gate "performance" scripts/ci/performance_gate.sh + run_gate "media reliability" scripts/ci/media_reliability_gate.sh + + if [ "${RUN_DISRUPTIVE_INPUT_TESTS}" = "true" ]; then + run_gate "input transport" env LESAVKA_ALLOW_DISRUPTIVE_INPUT_TESTS=1 scripts/ci/input_transport_gate.sh + fi + + if [ "${RUN_LAB_HARDWARE_GATES}" = "true" ] || [ "${LESAVKA_CI_PROFILE}" = "lab" ]; then + run_gate "bare-metal lab" env LESAVKA_ALLOW_LAB_HARDWARE_TESTS=1 scripts/ci/baremetal_lab_gate.sh + fi + + run_gate "gate glue" scripts/ci/gate_glue_gate.sh + run_gate "sonarqube" scripts/ci/sonarqube_gate.sh + run_gate "build dist" scripts/ci/build-dist.sh + run_gate "supply chain" scripts/ci/supply_chain_gate.sh + + exit "$overall_rc" + ''' + } + } + } + stage('Daily Master Gate') { when { expression { return params.LESAVKA_CI_PROFILE == 'daily' } @@ -128,7 +215,7 @@ spec: stage('Style Docs LOC Naming') { when { - expression { return params.LESAVKA_CI_PROFILE != 'daily' } + expression { return params.LESAVKA_CI_PROFILE != 'daily' && params.LESAVKA_CI_PROFILE != 'safe' } } steps { container('rust-ci') { @@ -141,7 +228,7 @@ spec: stage('Tests') { when { - expression { return params.LESAVKA_CI_PROFILE != 'daily' } + expression { return params.LESAVKA_CI_PROFILE != 'daily' && params.LESAVKA_CI_PROFILE != 'safe' } } steps { container('rust-ci') { @@ -154,7 +241,7 @@ spec: stage('Coverage') { when { - expression { return params.LESAVKA_CI_PROFILE != 'daily' } + expression { return params.LESAVKA_CI_PROFILE != 'daily' && params.LESAVKA_CI_PROFILE != 'safe' } } steps { container('rust-ci') { @@ -173,7 +260,7 @@ spec: stage('Performance') { when { - expression { return params.LESAVKA_CI_PROFILE != 'daily' } + expression { return params.LESAVKA_CI_PROFILE != 'daily' && params.LESAVKA_CI_PROFILE != 'safe' } } steps { container('rust-ci') { @@ -186,7 +273,7 @@ spec: stage('Media Reliability') { when { - expression { return params.LESAVKA_CI_PROFILE != 'daily' } + expression { return params.LESAVKA_CI_PROFILE != 'daily' && params.LESAVKA_CI_PROFILE != 'safe' } } steps { container('rust-ci') { @@ -199,7 +286,7 @@ spec: stage('Input Transport (Isolated Opt-In)') { when { - expression { return params.RUN_DISRUPTIVE_INPUT_TESTS } + expression { return params.RUN_DISRUPTIVE_INPUT_TESTS && params.LESAVKA_CI_PROFILE != 'safe' } } steps { container('rust-ci') { @@ -212,7 +299,7 @@ spec: stage('Bare-Metal Lab Gates (Opt-In)') { when { - expression { return params.RUN_LAB_HARDWARE_GATES || params.LESAVKA_CI_PROFILE == 'lab' } + expression { return (params.RUN_LAB_HARDWARE_GATES || params.LESAVKA_CI_PROFILE == 'lab') && params.LESAVKA_CI_PROFILE != 'safe' } } steps { container('rust-ci') { @@ -225,7 +312,7 @@ spec: stage('Gate Glue') { when { - expression { return params.LESAVKA_CI_PROFILE != 'daily' } + expression { return params.LESAVKA_CI_PROFILE != 'daily' && params.LESAVKA_CI_PROFILE != 'safe' } } steps { container('rust-ci') { @@ -238,7 +325,7 @@ spec: stage('SonarQube') { when { - expression { return params.LESAVKA_CI_PROFILE != 'daily' } + expression { return params.LESAVKA_CI_PROFILE != 'daily' && params.LESAVKA_CI_PROFILE != 'safe' } } steps { container('rust-ci') { @@ -251,7 +338,7 @@ spec: stage('Build Dist') { when { - expression { return params.LESAVKA_CI_PROFILE != 'daily' } + expression { return params.LESAVKA_CI_PROFILE != 'daily' && params.LESAVKA_CI_PROFILE != 'safe' } } steps { container('rust-ci') { @@ -264,7 +351,7 @@ spec: stage('Supply Chain Artifact Security') { when { - expression { return params.LESAVKA_CI_PROFILE != 'daily' } + expression { return params.LESAVKA_CI_PROFILE != 'daily' && params.LESAVKA_CI_PROFILE != 'safe' } } steps { container('rust-ci') {