tfa-next: add commit linting job
For now a copy of tf-a-commitlint.yaml but with added SSH auth to the
Jenkinsfile to be able to fetch the commit messages.
Revert to tf-a-commitlint once SSH auth is no longer required.
Signed-off-by: Zachary Leaf <zachary.leaf@arm.com>
Change-Id: I5768d86dfef3884c2903cd50247224d7a84beca0
diff --git a/tf-a-commitlint-tfa-next.yaml b/tf-a-commitlint-tfa-next.yaml
new file mode 100644
index 0000000..a94dd40
--- /dev/null
+++ b/tf-a-commitlint-tfa-next.yaml
@@ -0,0 +1,11 @@
+- job:
+ name: tf-a-commitlint-tfa-next
+ description: Lint commit messages
+
+ project-type: pipeline
+ sandbox: true
+ dsl: !include-raw: tf-a-static-tfa-next/Jenkinsfile
+
+ properties:
+ - build-discarder:
+ days-to-keep: 14
diff --git a/tf-a-main-tfa-next.yaml b/tf-a-main-tfa-next.yaml
index 028d7aa..24f1889 100644
--- a/tf-a-main-tfa-next.yaml
+++ b/tf-a-main-tfa-next.yaml
@@ -115,6 +115,16 @@
SHARE_FOLDER=${SHARE_FOLDER}
EOF
- multijob:
+ name: Lint commit messages
+ condition: COMPLETED
+ projects:
+ - name: tf-a-commitlint-tfa-next
+ kill-phase-on: NEVER
+ predefined-parameters: |
+ REFSPEC=${GERRIT_REFSPEC}
+ REFNAME=${GERRIT_PATCHSET_REVISION}
+ REFNAME_BASE=origin/${GERRIT_BRANCH}
+ - multijob:
name: Code formatting, static checks and lints
condition: COMPLETED
projects:
diff --git a/tf-a-static-tfa-next/Jenkinsfile b/tf-a-static-tfa-next/Jenkinsfile
new file mode 100644
index 0000000..faa0927
--- /dev/null
+++ b/tf-a-static-tfa-next/Jenkinsfile
@@ -0,0 +1,83 @@
+pipeline {
+ agent {
+ label 'docker-amd64-tf-a-jammy'
+ }
+
+ parameters {
+ string(
+ name: 'URL',
+ defaultValue: 'ssh://review.trustedfirmware.org:29418/TF-A/trusted-firmware-a',
+ description: 'Repository URL.')
+
+ string(
+ name: 'REFSPEC',
+ defaultValue: '+refs/heads/*:refs/remotes/origin/*',
+ description: 'Git refspec used when fetching.')
+
+ string(
+ name: 'REFNAME',
+ defaultValue: 'origin/master',
+ description: 'Git refname of the last commit to lint.')
+
+ string(
+ name: 'REFNAME_BASE',
+ defaultValue: 'origin/master',
+ description: 'Git refname of the parent of the first commit to lint.')
+
+ credentials(
+ name: 'SSH_KEY',
+ description: '',
+ credentialType: 'com.cloudbees.jenkins.plugins.sshcredentials.impl.BasicSSHUserPrivateKey',
+ defaultValue: 'TFA_CI_BOT_USER_SSH_KEY')
+ }
+
+ stages {
+ stage('Checkout') {
+ steps {
+ withCredentials([sshUserPrivateKey(
+ credentialsId: params.SSH_KEY,
+ usernameVariable: 'GERRIT_USER',
+ keyFileVariable: 'GERRIT_IDENTITY_FILE')])
+ {
+ sh 'mkdir -p ~/.ssh && chmod 0700 ~/.ssh'
+ sh 'touch ~/.ssh/config && chmod 0600 ~/.ssh/config'
+
+ sh """\
+ cat >> ~/.ssh/config <<EOF
+ Host review.trustedfirmware.org
+ User ${GERRIT_USER}
+ IdentityFile ${GERRIT_IDENTITY_FILE}
+ StrictHostKeyChecking no
+ PubkeyAcceptedKeyTypes +ssh-rsa
+ EOF
+ """.stripIndent()
+
+ checkout([$class: 'GitSCM',
+ branches: [[name: params.REFNAME]],
+ userRemoteConfigs: [[
+ url: params.URL,
+ refspec: params.REFSPEC]]])
+
+ script {
+ mergeBase = sh(
+ returnStdout: true,
+ script: "git merge-base ${params.REFNAME_BASE} HEAD").trim()
+ }
+ }
+ }
+ }
+
+ stage('Lint') {
+ steps {
+ script {
+ if (fileExists('.nvmrc')) {
+ sh "bash --norc -c 'nvm install'"
+ }
+ }
+
+ sh "bash --norc -c 'nvm exec npm ci'"
+ sh "bash --norc -c 'nvm exec npx commitlint --from=${mergeBase}'"
+ }
+ }
+ }
+}