[tracker-miners/wip/carlosg/ci-coverage-all-tests: 1/3] ci: Add distinct "seccomp" stage

[Carlos Garnacho <carlosg src gnome org>]

commit 8682ff63b3ad2ab266e3d6ed0e048a2060118a92
Author: Carlos Garnacho <carlosg gnome org>
Date:   Sat Sep 24 13:42:30 2022 +0200

    ci: Add distinct "seccomp" stage
    
    This stage runs the tests with seccomp enabled, thus still helping
    us catch disallowed syscalls that might sneak in dependencies as
    shipped by distros.

 .gitlab-ci.yml | 59 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 58 insertions(+), 1 deletion(-)
---
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 1e9e6ba0a..b0b988f19 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -21,6 +21,7 @@ stages:
   - code-review
   - build
   - test
+  - seccomp
   - analysis
 
 .check-template: &check
@@ -176,7 +177,7 @@ check-code-style:
     - echo "Building tracker.git commit $(git -C ./subprojects/tracker rev-parse HEAD)"
     - mkdir build
     - cd build
-    - meson .. --prefix=/usr -Dtracker_core=subproject -Db_lto=true -Db_coverage=true -Dseccomp=false 
-Dtests_tap_protocol=true -Dtracker:docs=false --auto-features=enabled
+    - meson .. --prefix=/usr -Dtracker_core=subproject -Db_lto=true -Dtests_tap_protocol=true 
-Dtracker:docs=false --auto-features=enabled
     - ninja
   artifacts:
     expire_in: 1 day
@@ -224,6 +225,7 @@ build-ubuntu-rolling@x86_64:
     - .gitlab-ci/checkout-tracker.sh
     - cd build
     - ninja clean
+    - meson configure -Db_coverage=true -Dseccomp=false
     - ninja
     - |
       # Remove the many "CI_" variables from the environment. Meson dumps the
@@ -294,6 +296,61 @@ test-ubuntu@x86_64:
     - build-ubuntu-rolling@x86_64
   <<: *test
 
+.seccomp_template: &seccomp
+  stage: seccomp
+
+  script:
+    - .gitlab-ci/checkout-tracker.sh
+    - cd build
+    - |
+      # Remove the many "CI_" variables from the environment. Meson dumps the
+      # whole environment for every failed test, and that gives a whole
+      # screenful of junk each time unless we strip these.
+      unset $(env|grep -o '^CI_[^=]*')
+      dbus-run-session -- env LANG=C.UTF-8 LC_ALL=C.UTF-8 meson test --suite tracker-miners 
--print-errorlogs ${MESON_TEST_EXTRA_ARGS}
+
+  artifacts:
+    expire_in: 1 day
+    when: always
+    paths:
+    - build/meson-logs/*.txt
+    reports:
+      junit: "build/meson-logs/testlog.junit.xml"
+
+seccomp-fedora@x86_64:
+  extends:
+    - .fdo.distribution-image@fedora
+    - .tracker-miners.fedora:36@x86_64
+  needs:
+    - build-fedora@x86_64
+  <<: *seccomp
+
+seccomp-fedora-rawhide@x86_64:
+  extends:
+    - .fdo.distribution-image@fedora
+    - .tracker-miners.fedora:rawhide@x86_64
+  needs:
+    - build-fedora-rawhide@x86_64
+  allow_failure: true
+  <<: *seccomp
+
+seccomp-fedora@aarch64:
+  extends:
+    - .fdo.distribution-image@fedora
+    - .tracker-miners.fedora:36@aarch64
+  needs:
+    - build-fedora@aarch64
+  allow_failure: true
+  <<: *seccomp
+
+seccomp-ubuntu@x86_64:
+  extends:
+    - .fdo.distribution-image@ubuntu
+    - .tracker-miners.ubuntu:rolling@x86_64
+  needs:
+    - build-ubuntu-rolling@x86_64
+  <<: *seccomp
+
 coverage:
   extends:
     - .fdo.distribution-image@fedora