17 files changed, 418 insertions, 0 deletions

diff --git a/contrib/ci/Containerfile b/contrib/ci/Containerfile
new file mode 100644
index 00000000..a1235706
--- /dev/null
+++ b/contrib/ci/Containerfile
@@ -0,0 +1,76 @@
+FROM docker.io/library/debian:bookworm
+
+ENV DEBIAN_FRONTEND=noninteractive
+
+RUN apt-get update -yqq && \
+    apt-get install -yqq \
+                   git \
+		   autoconf \
+		   libjansson-dev \
+		   libgcrypt-dev \
+		   libqrencode-dev \
+		   libpq-dev \
+		   pkg-config \
+                   libtool \
+                   recutils \
+		   make \
+                   python3-pip \
+		   python3-sphinx \
+		   python3-sphinx-rtd-theme \
+                   texinfo \
+		   autopoint \
+		   curl \
+                   libcurl4-gnutls-dev \
+                   libsodium-dev \
+		   libidn11-dev \
+		   zlib1g-dev \
+		   libunistring-dev
+
+# Debian packaging tools
+RUN apt-get install -yqq \
+                   po-debconf \
+                   build-essential \
+                   debhelper-compat \
+                   devscripts \
+		   git-buildpackage
+
+RUN pip3 install --break-system-packages requests click poetry uwsgi htmlark
+
+# Install docs generation utils
+RUN apt-get update -yqq && \
+    apt-get install -yqq \
+                   graphviz \
+		   doxygen \
+   && rm -rf /var/lib/apt/lists/*
+
+# Install Taler (and friends) packages
+RUN curl -sS https://deb.taler.net/apt-nightly/taler-bookworm-ci.sources \
+    | tee /etc/apt/sources.list.d/taler-bookworm-ci.sources
+
+RUN echo '\
+Package: * \n\
+Pin: origin "deb.taler.net" \n\
+Pin-Priority: 999' > /etc/apt/preferences.d/taler
+
+RUN cat /etc/apt/preferences.d/taler && \
+    apt-get update -y && \
+    apt-get install -y \
+                   libgnunet-dev \
+                   libgnunet \
+		   libtalerexchange-dev \
+		   libtalerexchange \
+		   taler-exchange \
+		   taler-exchange-database \
+		   taler-exchange-offline \
+		   taler-auditor \
+		   taler-wallet-cli \
+		   taler-harness \
+&& rm -rf /var/lib/apt/lists/*
+
+RUN apt-get update -yqq && \
+    apt-get install -yqq \
+                   jq
+
+WORKDIR /workdir
+
+CMD ["bash", "/workdir/ci/ci.sh"]
diff --git a/contrib/ci/ci.sh b/contrib/ci/ci.sh
new file mode 100755
index 00000000..0719015b
--- /dev/null
+++ b/contrib/ci/ci.sh
@@ -0,0 +1,34 @@
+#!/bin/bash
+set -exvuo pipefail
+
+# Requires podman
+# Fails if not found in PATH
+OCI_RUNTIME=$(which podman)
+REPO_NAME=$(basename "${PWD}")
+JOB_NAME="${1}"
+JOB_ARCH=$((grep CONTAINER_ARCH contrib/ci/jobs/${JOB_NAME}/config.ini | cut -d' ' -f 3) || echo "${2:-amd64}")
+JOB_CONTAINER=$((grep CONTAINER_NAME contrib/ci/jobs/${JOB_NAME}/config.ini | cut -d' ' -f 3) || echo "localhost/${REPO_NAME}:${JOB_ARCH}")
+CONTAINER_BUILD=$((grep CONTAINER_BUILD contrib/ci/jobs/${JOB_NAME}/config.ini | cut -d' ' -f 3) || echo "True")
+
+echo "Image name: ${JOB_CONTAINER}"
+
+if [ "${CONTAINER_BUILD}" = "True" ] ; then
+	"${OCI_RUNTIME}" build \
+		--arch "${JOB_ARCH}" \
+		-t "${JOB_CONTAINER}" \
+		-f contrib/ci/Containerfile .
+fi
+
+"${OCI_RUNTIME}" run \
+	--rm \
+	-ti \
+	--arch "${JOB_ARCH}" \
+	--env CI_COMMIT_REF="$(git rev-parse HEAD)" \
+	--volume "${PWD}":/workdir \
+	--workdir /workdir \
+	"${JOB_CONTAINER}" \
+	contrib/ci/jobs/"${JOB_NAME}"/job.sh
+
+top_dir=$(dirname "${BASH_SOURCE[0]}")
+
+#"${top_dir}"/build.sh
diff --git a/contrib/ci/jobs/0-codespell/config.ini b/contrib/ci/jobs/0-codespell/config.ini
new file mode 100644
index 00000000..bd7d7386
--- /dev/null
+++ b/contrib/ci/jobs/0-codespell/config.ini
@@ -0,0 +1,6 @@
+[build]
+HALT_ON_FAILURE = False
+WARN_ON_FAILURE = True
+CONTAINER_BUILD = False
+CONTAINER_NAME = nixery.dev/shell/codespell
+CONTAINER_ARCH = amd64
diff --git a/contrib/ci/jobs/0-codespell/dictionary.txt b/contrib/ci/jobs/0-codespell/dictionary.txt
new file mode 100644
index 00000000..e555e8da
--- /dev/null
+++ b/contrib/ci/jobs/0-codespell/dictionary.txt
@@ -0,0 +1,46 @@
+# List of "words" that codespell should ignore in our sources.
+#
+# Note: The word sensitivity depends on how the to-be-ignored word is
+#  spelled in codespell_lib/data/dictionary.txt.  F.e. if there is a word
+# 'foo' and you add 'Foo' _here_, codespell will continue to complain
+#  about 'Foo'.
+#
+BRE
+ND
+Nd
+TE
+TEH
+UPDATEing
+WAN
+aci
+acn
+ba
+bre
+cant
+complet
+doas
+ect
+ehr
+fo
+hel
+ifset
+ist
+keypair
+nd
+oce
+onl
+openin
+ot
+ser
+sie
+som
+sover
+te
+te
+teh
+tha
+ths
+updateing
+wan
+wih
+decose
diff --git a/contrib/ci/jobs/0-codespell/job.sh b/contrib/ci/jobs/0-codespell/job.sh
new file mode 100755
index 00000000..28f43239
--- /dev/null
+++ b/contrib/ci/jobs/0-codespell/job.sh
@@ -0,0 +1,102 @@
+#!/bin/bash
+set -exuo pipefail
+
+job_dir=$(dirname "${BASH_SOURCE[0]}")
+
+skip=$(cat <<EOF
+ABOUT-NLS
+*/afl-tests/*
+**/auditor/*.sql
+*/debian/tmp/**
+*.bbl
+*.bib
+*build-aux*
+*.bst
+*.cache/*
+*/cbdc-es.tex
+*/cbdc-it.tex
+ChangeLog
+*.cls
+configure*
+config.status
+config.guess
+depcomp
+*/contrib/*
+*/contrib/hellos/**
+*.dat
+*.deflate
+*.doc
+*/doc/*
+**/doc/flows/main.de.tex
+*/doc/texinfo.tex
+*.docx
+*.ecc
+*.eot
+*.epgz
+*.eps
+*.epub
+**/ExchangeSelection/example.ts
+*.fee
+*.fees
+*.file
+**/fonts/**
+*.gif
+*/.git/**
+*.gz
+*/i18n/strings.ts
+*.info
+*.jpeg
+*.jpg
+*.??.json
+*.json
+*.json-*
+*/keys/*
+*key
+*.latexmkrc
+*libtool*
+ltmain.sh
+*.log
+*/m4/*
+*.m4
+**/*.map
+*.min.js
+*.mp4
+*.odg
+*.ods
+*.odt
+*.pack.js
+*.pdf
+*.png
+*.PNG
+**/pnpm-lock.yaml
+*.po
+*.pptx
+*.priv
+**/rfc.bib
+*.rpath
+**/signing-key.asc
+*.sqlite
+*/src/anastasis-data.ts
+**/*.svg
+*.svg
+*.tag
+**/templating/mustach**
+*/templating/test?/**
+*/testcurl/test_tricky.c
+*.tgz
+*.ttf
+*.ttf
+**/valgrind.h
+*/vpn/tests/**
+*.wav
+*.woff
+*.woff2
+*.xcf
+*.xlsx
+*.zkey
+EOF
+);
+
+echo Current directory: `pwd`
+
+codespell -I "${job_dir}"/dictionary.txt -S ${skip//$'\n'/,}
diff --git a/contrib/ci/jobs/1-build/build.sh b/contrib/ci/jobs/1-build/build.sh
new file mode 100755
index 00000000..7d1b502a
--- /dev/null
+++ b/contrib/ci/jobs/1-build/build.sh
@@ -0,0 +1,10 @@
+#!/bin/bash
+set -exuo pipefail
+
+./bootstrap
+./configure CFLAGS="-ggdb -O0" \
+	    --prefix=/usr \
+	    --enable-logging=verbose \
+	    --disable-doc
+
+make
diff --git a/contrib/ci/jobs/1-build/job.sh b/contrib/ci/jobs/1-build/job.sh
new file mode 100755
index 00000000..c1fc4e32
--- /dev/null
+++ b/contrib/ci/jobs/1-build/job.sh
@@ -0,0 +1,9 @@
+#!/bin/bash
+set -exuo pipefail
+
+apt-get update -yq
+apt-get upgrade -yq
+
+job_dir=$(dirname "${BASH_SOURCE[0]}")
+
+"${job_dir}"/build.sh
diff --git a/contrib/ci/jobs/2-test/config.ini b/contrib/ci/jobs/2-test/config.ini
new file mode 100644
index 00000000..ae1f46cc
--- /dev/null
+++ b/contrib/ci/jobs/2-test/config.ini
@@ -0,0 +1,6 @@
+[build]
+HALT_ON_FAILURE = False
+WARN_ON_FAILURE = True
+CONTAINER_BUILD = True
+CONTAINER_NAME = localhost/merchant
+CONTAINER_ARCH = amd64
diff --git a/contrib/ci/jobs/2-test/job.sh b/contrib/ci/jobs/2-test/job.sh
new file mode 100755
index 00000000..bfb24e33
--- /dev/null
+++ b/contrib/ci/jobs/2-test/job.sh
@@ -0,0 +1,6 @@
+#!/bin/bash
+set -exuo pipefail
+
+job_dir=$(dirname "${BASH_SOURCE[0]}")
+
+"${job_dir}"/test.sh
diff --git a/contrib/ci/jobs/2-test/test.sh b/contrib/ci/jobs/2-test/test.sh
new file mode 100755
index 00000000..fd2e15cd
--- /dev/null
+++ b/contrib/ci/jobs/2-test/test.sh
@@ -0,0 +1,40 @@
+#!/bin/bash
+set -evu
+
+apt-get update
+apt-get upgrade -yqq
+
+./bootstrap
+./configure CFLAGS="-ggdb -O0" \
+	    --prefix=/usr \
+	    --enable-logging=verbose \
+	    --disable-doc
+make -j install
+
+sudo -u postgres /usr/lib/postgresql/15/bin/postgres -D /etc/postgresql/15/main -h localhost -p 5432 &
+sleep 10
+sudo -u postgres createuser -p 5432 root
+sudo -u postgres createdb -p 5432 -O root talercheck
+
+check_command()
+{
+	# Set LD_LIBRARY_PATH so tests can find the installed libs
+	LD_LIBRARY_PATH=/usr/lib/x86_64-linux-gnu/taler:/usr/lib:/usr/lib/taler PGPORT=5432 make check
+}
+
+print_logs()
+{
+	for i in src/*/test-suite.log
+	do
+		for FAILURE in $(grep '^FAIL:' ${i} | cut -d' ' -f2)
+		do
+			echo "Printing ${FAILURE}.log"
+			cat "$(dirname $i)/${FAILURE}.log"
+		done
+	done
+}
+
+if ! check_command ; then
+	print_logs
+	exit 1
+fi
diff --git a/contrib/ci/jobs/3-docs/config.ini b/contrib/ci/jobs/3-docs/config.ini
new file mode 100644
index 00000000..ae1f46cc
--- /dev/null
+++ b/contrib/ci/jobs/3-docs/config.ini
@@ -0,0 +1,6 @@
+[build]
+HALT_ON_FAILURE = False
+WARN_ON_FAILURE = True
+CONTAINER_BUILD = True
+CONTAINER_NAME = localhost/merchant
+CONTAINER_ARCH = amd64
diff --git a/contrib/ci/jobs/3-docs/docs.sh b/contrib/ci/jobs/3-docs/docs.sh
new file mode 100755
index 00000000..fe2b9687
--- /dev/null
+++ b/contrib/ci/jobs/3-docs/docs.sh
@@ -0,0 +1,11 @@
+#!/bin/bash
+set -exuo pipefail
+
+./bootstrap
+./configure --enable-only-doc
+
+pushd ./doc/doxygen/
+
+make full
+
+popd
diff --git a/contrib/ci/jobs/3-docs/job.sh b/contrib/ci/jobs/3-docs/job.sh
new file mode 100755
index 00000000..a72bca4b
--- /dev/null
+++ b/contrib/ci/jobs/3-docs/job.sh
@@ -0,0 +1,6 @@
+#!/bin/bash
+set -exuo pipefail
+
+job_dir=$(dirname "${BASH_SOURCE[0]}")
+
+"${job_dir}"/docs.sh
diff --git a/contrib/ci/jobs/4-deb-package/job.sh b/contrib/ci/jobs/4-deb-package/job.sh
new file mode 100755
index 00000000..a0801b41
--- /dev/null
+++ b/contrib/ci/jobs/4-deb-package/job.sh
@@ -0,0 +1,23 @@
+#!/bin/bash
+set -exuo pipefail
+# This file is in the public domain.
+# Helper script to build the latest DEB packages in the container.
+
+
+unset LD_LIBRARY_PATH
+
+# Install build-time dependencies.
+# Update apt cache first
+apt-get update
+apt-get upgrade -y
+mk-build-deps --install --tool='apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends --yes' debian/control
+
+export VERSION="$(./contrib/ci/jobs/4-deb-package/version.sh)"
+echo "Building package version ${VERSION}"
+EMAIL=none gbp dch --ignore-branch --debian-tag="%(version)s" --git-author --new-version="${VERSION}"
+./bootstrap
+dpkg-buildpackage -rfakeroot -b -uc -us
+
+ls -alh ../*.deb
+mkdir -p /artifacts/merchant/${CI_COMMIT_REF} # Variable comes from CI environment
+mv ../*.deb /artifacts/merchant/${CI_COMMIT_REF}/
diff --git a/contrib/ci/jobs/4-deb-package/version.sh b/contrib/ci/jobs/4-deb-package/version.sh
new file mode 100755
index 00000000..52031b23
--- /dev/null
+++ b/contrib/ci/jobs/4-deb-package/version.sh
@@ -0,0 +1,17 @@
+#!/bin/sh
+set -ex
+
+BRANCH=$(git name-rev --name-only HEAD)
+if [ -z "${BRANCH}" ]; then
+	exit 1
+else
+        # "Unshallow" our checkout, but only our current branch, and exclude the submodules.
+	git fetch --no-recurse-submodules --tags --depth=1000 origin "${BRANCH}"
+	RECENT_VERSION_TAG=$(git describe --tags --match 'v*.*.*' --exclude '*-dev*' --always --abbrev=0 HEAD || exit 1)
+	commits="$(git rev-list ${RECENT_VERSION_TAG}..HEAD --count)"
+	if [ "${commits}" = "0" ]; then
+		git describe --tag HEAD | sed -r 's/^v//' || exit 1
+	else
+		echo $(echo ${RECENT_VERSION_TAG} | sed -r 's/^v//')-${commits}-$(git rev-parse --short=8 HEAD)
+	fi
+fi
diff --git a/contrib/ci/jobs/5-deploy-package/config.ini b/contrib/ci/jobs/5-deploy-package/config.ini
new file mode 100644
index 00000000..08c106f9
--- /dev/null
+++ b/contrib/ci/jobs/5-deploy-package/config.ini
@@ -0,0 +1,6 @@
+[build]
+HALT_ON_FAILURE = True
+WARN_ON_FAILURE = True
+CONTAINER_BUILD = False
+CONTAINER_NAME = nixery.dev/shell/rsync
+CONTAINER_ARCH = amd64
diff --git a/contrib/ci/jobs/5-deploy-package/job.sh b/contrib/ci/jobs/5-deploy-package/job.sh
new file mode 100755
index 00000000..edd47554
--- /dev/null
+++ b/contrib/ci/jobs/5-deploy-package/job.sh
@@ -0,0 +1,14 @@
+#!/bin/bash
+set -exuo pipefail
+
+ARTIFACT_PATH="/artifacts/merchant/${CI_COMMIT_REF}/*.deb"
+
+RSYNC_HOST="taler.host.internal"
+RSYNC_PORT=424242
+RSYNC_PATH="incoming_packages/bookworm-taler-ci/"
+RSYNC_DEST="rsync://${RSYNC_HOST}/${RSYNC_PATH}"
+
+
+rsync -vP \
+      --port ${RSYNC_PORT} \
+      ${ARTIFACT_PATH} ${RSYNC_DEST}