[asterisk-dev] The CI/CD pipeline on Jenkins

Philip Prindeville philipp_subx at redfish-solutions.com
Sat May 14 23:25:48 CDT 2022 

Hi,

> On May 14, 2022, at 1:54 PM, Joshua C. Colp <jcolp at sangoma.com> wrote:
> 
>> On Sat, May 14, 2022 at 2:04 PM Philip Prindeville <philipp_subx at redfish-solutions.com> wrote:
>> Hi,
>> 
>> I was trying to figure out why builds on my laptop on Ubuntu 20.04 LTS and Openssl 1.1.1f and 3.0 both succeed, but CI/CD is failing.
>> 
>> OpenSSL 1.0.2k-fips  26 Jan 2017
>> 
>> NAME="CentOS Linux"
>> VERSION="7 (Core)"
>> ID="centos"
>> ID_LIKE="rhel fedora"
>> VERSION_ID="7"
>> PRETTY_NAME="CentOS Linux 7 (Core)"
>> ANSI_COLOR="0;31"
>> CPE_NAME="cpe:/o:centos:centos:7"
>> HOME_URL="https://www.centos.org/"
>> BUG_REPORT_URL="https://bugs.centos.org/"
>> CENTOS_MANTISBT_PROJECT="CentOS-7"
>> CENTOS_MANTISBT_PROJECT_VERSION="7"
>> REDHAT_SUPPORT_PRODUCT="centos"
>> REDHAT_SUPPORT_PRODUCT_VERSION="7"
>> 
>> Why are we building against an EOL version of CentOS and an equally old version of Openssl 1.0.x?
> 
> CentOS 7 is still widely used and is something we're supporting. It's the oldest distro I think really that we're still supporting, which is why CI/CD uses it.


Then maybe bracket things, with a 2nd build environment that's relatively modern and with current releases of runtimes and toolchains?

Can we deprecate res_crypto.so on Openssl 1.0.x and say it's no longer supported?


>> Can we update the CI/CD recipe to something more current?  Like CentOS 8.5?
> 
> Update? No. Add in addition? Possibly, but I don't want to sink time into it at this point because we're planning to move away from our current environment and usage (not for a few months, email and wiki page coming in the future).


Then... my reviews are parked until they can get a successful build?

Or do we just test the reviews outside of CI/CD?

I've added a workaround for the bug in Openssl 1.0.2f, and confirmed that it was fixed for the 1.1.0 release.

At the very least builds against Openssl 1.1.x or 3.0 (maybe with a tag or attribute in the Gerrit review so that not every review consumes the resources unnecessarily) would give coverage...

THanks,

-Philip

More information about the asterisk-dev mailing list