New simpler pipeline
Adding basic script to generate combinations of builds in python.
Probably can use some existing script for this, but this was simpler to
get working with pipeline.
Pipeline to query the python script for build configuration names,
obtain parameters for them, then trigger downstream jobs for them. Does
not yet run any LAVA tests.
Also putting build commands into this repository instead of just being
in the job. This makes it far easier to reproduce what would be run in
Jenkins.
Change-Id: Ie1a7431eb38191e7fcd23edebd284537878e2dde
Signed-off-by: Dean Birch <dean.birch@arm.com>
diff --git a/build-docs.sh b/build-docs.sh
new file mode 100755
index 0000000..c8f62e3
--- /dev/null
+++ b/build-docs.sh
@@ -0,0 +1,19 @@
+#!/bin/bash
+#-------------------------------------------------------------------------------
+# Copyright (c) 2020, Arm Limited and Contributors. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+#-------------------------------------------------------------------------------
+
+#
+# Used for CI to build the docs.
+# Expected to have trusted-firmware-m cloned to same level as this git tree
+#
+
+set -ex
+mkdir trusted-firmware-m/build
+cd trusted-firmware-m/build
+cmake ../ -G"Unix Makefiles" -DTARGET_PLATFORM=AN521 -DCOMPILER=GNUARM
+cmake --build ./ -- install_doc
+cmake --build ./ -- install_userguide
diff --git a/jenkins/build-config.jpl b/jenkins/build-config.jpl
new file mode 100644
index 0000000..d258dbd
--- /dev/null
+++ b/jenkins/build-config.jpl
@@ -0,0 +1,54 @@
+#!/usr/bin/env groovy
+//-------------------------------------------------------------------------------
+// Copyright (c) 2020, Arm Limited and Contributors. All rights reserved.
+//
+// SPDX-License-Identifier: BSD-3-Clause
+//
+//-------------------------------------------------------------------------------
+
+node("docker-amd64-xenial") {
+ stage("Init") {
+ cleanWs()
+ dir("trusted-firmware-m") {
+ checkout(
+ poll: false,
+ scm: [
+ $class: 'GitSCM',
+ branches: [[name: '$GERRIT_BRANCH']],
+ extensions: [[$class: 'BuildChooserSetting', buildChooser: [$class: 'GerritTriggerBuildChooser']]],
+ userRemoteConfigs: [[
+ credentialsId: 'GIT_SSH_KEY',
+ refspec: '$GERRIT_REFSPEC', url: '$CODE_REPO'
+ ]]
+ ])
+ }
+ dir("tf-m-ci-scripts") {
+ git url: '$CI_SCRIPTS_REPO', branch: 'master', credentialsId: 'GIT_SSH_KEY'
+ }
+ dir("mbed-crypto") {
+ checkout(
+ changelog: false,
+ poll: false,
+ scm: [
+ $class: 'GitSCM',
+ branches: [[name: 'FETCH_HEAD']],
+ userRemoteConfigs: [[
+ refspec: 'refs/tags/$MBEDCRYPTO_VERSION',
+ url: 'https://github.com/ARMmbed/mbed-crypto.git'
+ ]]
+ ]
+ )
+ }
+ sh """
+wget -O cmsis.pack -q https://github.com/ARM-software/CMSIS_5/releases/download/${CMSIS_VERSION}/ARM.CMSIS.${CMSIS_VERSION}.pack
+unzip -o -d CMSIS_5 cmsis.pack
+"""
+ }
+ stage("Build") {
+ sh "tf-m-ci-scripts/run-build.sh"
+ }
+ stage("Post") {
+ archiveArtifacts 'trusted-firmware-m/build/install/**'
+ cleanWs()
+ }
+}
diff --git a/jenkins/build-docs.jpl b/jenkins/build-docs.jpl
new file mode 100644
index 0000000..8c967fd
--- /dev/null
+++ b/jenkins/build-docs.jpl
@@ -0,0 +1,54 @@
+#!/usr/bin/env groovy
+//-------------------------------------------------------------------------------
+// Copyright (c) 2020, Arm Limited and Contributors. All rights reserved.
+//
+// SPDX-License-Identifier: BSD-3-Clause
+//
+//-------------------------------------------------------------------------------
+
+node("docker-amd64-xenial") {
+ stage("Init") {
+ cleanWs()
+ dir("trusted-firmware-m") {
+ checkout(
+ poll: false,
+ scm: [
+ $class: 'GitSCM',
+ branches: [[name: '$GERRIT_BRANCH']],
+ extensions: [[$class: 'BuildChooserSetting', buildChooser: [$class: 'GerritTriggerBuildChooser']]],
+ userRemoteConfigs: [[
+ credentialsId: 'GIT_SSH_KEY',
+ refspec: '$GERRIT_REFSPEC', url: '$CODE_REPO'
+ ]]
+ ])
+ }
+ dir("tf-m-ci-scripts") {
+ git url: '$CI_SCRIPTS_REPO', branch: 'master', credentialsId: 'GIT_SSH_KEY'
+ }
+ dir("mbed-crypto") {
+ checkout(
+ changelog: false,
+ poll: false,
+ scm: [
+ $class: 'GitSCM',
+ branches: [[name: 'FETCH_HEAD']],
+ userRemoteConfigs: [[
+ refspec: 'refs/tags/$MBEDCRYPTO_VERSION',
+ url: 'https://github.com/ARMmbed/mbed-crypto.git'
+ ]]
+ ]
+ )
+ }
+ sh """
+wget -O cmsis.pack -q https://github.com/ARM-software/CMSIS_5/releases/download/${CMSIS_VERSION}/ARM.CMSIS.${CMSIS_VERSION}.pack
+unzip -o -d CMSIS_5 cmsis.pack
+"""
+ }
+ stage("Build") {
+ sh "tf-m-ci-scripts/build-docs.sh"
+ }
+ stage("Post") {
+ archiveArtifacts 'trusted-firmware-m/build/install/**'
+ cleanWs()
+ }
+}
diff --git a/jenkins/checkpatch.jpl b/jenkins/checkpatch.jpl
new file mode 100644
index 0000000..f43ef58
--- /dev/null
+++ b/jenkins/checkpatch.jpl
@@ -0,0 +1,80 @@
+#!/usr/bin/env groovy
+//-------------------------------------------------------------------------------
+// Copyright (c) 2020, Arm Limited and Contributors. All rights reserved.
+//
+// SPDX-License-Identifier: BSD-3-Clause
+//
+//-------------------------------------------------------------------------------
+
+def verifyStatus(value, stage_name) {
+ withCredentials([usernamePassword(credentialsId: 'VERIFY_STATUS', passwordVariable: 'VERIFY_PASSWORD', usernameVariable: 'VERIFY_USER')]) {
+ sh """
+if [ -z "\$GERRIT_HOST" ] ; then
+ echo Not running for a Gerrit change, skipping vote.
+ exit 0
+fi
+if [ ! -d venv ] ; then
+ virtualenv -p \$(which python3) venv
+fi
+. venv/bin/activate
+pip -q install requests
+./tf-m-ci-scripts/jenkins/verify.py --value ${value} --verify-name tf-m-${stage_name} --user \$VERIFY_USER
+"""
+ }
+}
+
+node("docker-amd64-xenial") {
+ stage("Init") {
+ cleanWs()
+ dir("trusted-firmware-m") {
+ checkout(
+ poll: false,
+ scm: [
+ $class: 'GitSCM',
+ branches: [[name: '$GERRIT_BRANCH']],
+ extensions: [[$class: 'BuildChooserSetting', buildChooser: [$class: 'GerritTriggerBuildChooser']]],
+ userRemoteConfigs: [[
+ credentialsId: 'GIT_SSH_KEY',
+ refspec: '$GERRIT_REFSPEC', url: '$CODE_REPO'
+ ]]
+ ])
+ }
+ dir("tf-m-ci-scripts") {
+ git url: '$CI_SCRIPTS_REPO', branch: 'master', credentialsId: 'GIT_SSH_KEY'
+ }
+ dir("mbed-crypto") {
+ checkout(
+ changelog: false,
+ poll: false,
+ scm: [
+ $class: 'GitSCM',
+ branches: [[name: 'FETCH_HEAD']],
+ userRemoteConfigs: [[
+ refspec: 'refs/tags/$MBEDCRYPTO_VERSION',
+ url: 'https://github.com/ARMmbed/mbed-crypto.git'
+ ]]
+ ]
+ )
+ }
+ sh """
+wget -O cmsis.pack -q https://github.com/ARM-software/CMSIS_5/releases/download/${CMSIS_VERSION}/ARM.CMSIS.${CMSIS_VERSION}.pack
+unzip -o -d CMSIS_5 cmsis.pack
+"""
+ }
+ stage("Check") {
+ def verify = 1
+ try {
+ sh """
+cd trusted-firmware-m
+../tf-m-ci-scripts/run-checkpatch.sh -u
+../tf-m-ci-scripts/run-checkpatch.sh -r -l 1
+"""
+ } catch (Exception e) {
+ manager.buildFailure()
+ verify = -1
+ } finally {
+ verifyStatus(verify, 'checkpatch')
+ cleanWs()
+ }
+ }
+}
diff --git a/jenkins/ci.jpl b/jenkins/ci.jpl
new file mode 100644
index 0000000..9f52c62
--- /dev/null
+++ b/jenkins/ci.jpl
@@ -0,0 +1,120 @@
+#!/usr/bin/env groovy
+//-------------------------------------------------------------------------------
+// Copyright (c) 2020, Arm Limited and Contributors. All rights reserved.
+//
+// SPDX-License-Identifier: BSD-3-Clause
+//
+//-------------------------------------------------------------------------------
+
+def listConfigs(ci_scripts_dir, config_list, filter_group) {
+ dir(ci_scripts_dir) {
+ echo "Obtaining list of configs."
+ echo "Running: ./configs.py -g ${filter_group}"
+ def build_config_list_raw = sh(script: """\
+./configs.py -g ${filter_group}
+""", returnStdout: true).trim()
+ def build_config_list = build_config_list_raw.tokenize('\n')
+ config_list.addAll(build_config_list)
+ }
+}
+
+def buildConfig(ci_scripts_dir, config, filter_group) {
+ def params = []
+ def build_config_params
+ dir(ci_scripts_dir) {
+ echo "Obtaining build configuration for config ${config}"
+ echo "Running: ./configs.py -g ${filter_group} ${config}"
+ build_config_params = sh(script: """\
+./configs.py -g ${filter_group} ${config}
+""", returnStdout: true).trim()
+ }
+ def lines = build_config_params.tokenize('\n')
+ for (String line : lines) {
+ def key, value
+ (key, value) = line.tokenize('=')
+ params += string(name: key, value: value)
+ }
+ params += string(name: 'GERRIT_BRANCH', value: env.GERRIT_BRANCH)
+ params += string(name: 'GERRIT_REFSPEC', value: env.GERRIT_REFSPEC)
+ params += string(name: 'CMSIS_VERSION', value: env.CMSIS_VERSION)
+ params += string(name: 'MBEDCRYPTO_VERSION', value: env.MBEDCRYPTO_VERSION)
+ params += string(name: 'CODE_REPO', value: env.CODE_REPO)
+ return {
+ def res = build(job: 'tf-m-build-config', parameters: params, propagate: false)
+ print("${res.number}: ${config} ${res.result} ${res.getAbsoluteUrl()}")
+ if (res.result == "FAILURE") {
+ error("Build failed at ${res.getAbsoluteUrl()}")
+ }
+ }
+}
+
+def buildDocs() {
+ def params = []
+ params += string(name: 'GERRIT_BRANCH', value: env.GERRIT_BRANCH)
+ params += string(name: 'GERRIT_REFSPEC', value: env.GERRIT_REFSPEC)
+ params += string(name: 'CMSIS_VERSION', value: env.CMSIS_VERSION)
+ params += string(name: 'MBEDCRYPTO_VERSION', value: env.MBEDCRYPTO_VERSION)
+ params += string(name: 'CODE_REPO', value: env.CODE_REPO)
+ return {
+ def res = build(job: 'tf-m-build-docs', parameters: params, propagate:false)
+ print("${res.number}: Docs ${res.result} ${res.getAbsoluteUrl()}")
+ if (res.result == "FAILURE") {
+ error("Build failed at ${res.getAbsoluteUrl()}")
+ }
+ }
+}
+
+def verifyStatus(value, stage_name) {
+ node("docker-amd64-xenial") {
+ cleanWs()
+ dir("tf-m-ci-scripts") {
+ git url: '$CI_SCRIPTS_REPO', branch: 'master', credentialsId: 'GIT_SSH_KEY'
+ }
+ withCredentials([usernamePassword(credentialsId: 'VERIFY_STATUS', passwordVariable: 'VERIFY_PASSWORD', usernameVariable: 'VERIFY_USER')]) {
+ sh("""
+ if [ -z "\$GERRIT_HOST" ] ; then
+ echo Not running for a Gerrit change, skipping vote.
+ exit 0
+ fi
+ if [ ! -d venv ] ; then
+ virtualenv -p \$(which python3) venv
+ fi
+ . venv/bin/activate
+ pip -q install requests
+ ./tf-m-ci-scripts/jenkins/verify.py --value ${value} --verify-name tf-m-${stage_name} --user \$VERIFY_USER
+ """)
+ }
+ }
+}
+
+def configs = []
+def builds = [:]
+
+node("master") {
+ stage("Init") {
+ cleanWs()
+ dir("tf-m-ci-scripts") {
+ git url: '$CI_SCRIPTS_REPO', branch: 'master', credentialsId: 'GIT_SSH_KEY'
+ }
+ }
+ stage("Configs") {
+ // Populate configs
+ listConfigs('tf-m-ci-scripts', configs, env.FILTER_GROUP)
+ for (config in configs) {
+ builds[config] = buildConfig("tf-m-ci-scripts", config, env.FILTER_GROUP)
+ }
+ builds["docs"] = buildDocs()
+ }
+}
+stage("Builds") {
+ def verify = 1
+ try {
+ parallel(builds)
+ } catch (Exception e) {
+ manager.buildFailure()
+ verify = -1
+ } finally {
+ verifyStatus(verify, 'build')
+ }
+}
+// TODO Test phase
diff --git a/jenkins/cppcheck.jpl b/jenkins/cppcheck.jpl
new file mode 100644
index 0000000..eacdc3a
--- /dev/null
+++ b/jenkins/cppcheck.jpl
@@ -0,0 +1,83 @@
+#!/usr/bin/env groovy
+//-------------------------------------------------------------------------------
+// Copyright (c) 2020, Arm Limited and Contributors. All rights reserved.
+//
+// SPDX-License-Identifier: BSD-3-Clause
+//
+//-------------------------------------------------------------------------------
+
+def verifyStatus(value, stage_name) {
+ withCredentials([usernamePassword(credentialsId: 'VERIFY_STATUS', passwordVariable: 'VERIFY_PASSWORD', usernameVariable: 'VERIFY_USER')]) {
+ sh """
+if [ -z "\$GERRIT_HOST" ] ; then
+ echo Not running for a Gerrit change, skipping vote.
+ exit 0
+fi
+if [ ! -d venv ] ; then
+ virtualenv -p \$(which python3) venv
+fi
+. venv/bin/activate
+pip -q install requests
+./tf-m-ci-scripts/jenkins/verify.py --value ${value} --verify-name tf-m-${stage_name} --user \$VERIFY_USER
+"""
+ }
+}
+
+node("docker-amd64-xenial") {
+ stage("Init") {
+ cleanWs()
+ dir("trusted-firmware-m") {
+ checkout(
+ poll: false,
+ scm: [
+ $class: 'GitSCM',
+ branches: [[name: '$GERRIT_BRANCH']],
+ extensions: [[$class: 'BuildChooserSetting', buildChooser: [$class: 'GerritTriggerBuildChooser']]],
+ userRemoteConfigs: [[
+ credentialsId: 'GIT_SSH_KEY',
+ refspec: '$GERRIT_REFSPEC', url: '$CODE_REPO'
+ ]]
+ ])
+ }
+ dir("tf-m-ci-scripts") {
+ git url: '$CI_SCRIPTS_REPO', branch: 'master', credentialsId: 'GIT_SSH_KEY'
+ }
+ dir("mbed-crypto") {
+ checkout(
+ changelog: false,
+ poll: false,
+ scm: [
+ $class: 'GitSCM',
+ branches: [[name: 'FETCH_HEAD']],
+ userRemoteConfigs: [[
+ refspec: 'refs/tags/$MBEDCRYPTO_VERSION',
+ url: 'https://github.com/ARMmbed/mbed-crypto.git'
+ ]]
+ ]
+ )
+ }
+ sh """
+wget -O cmsis.pack -q https://github.com/ARM-software/CMSIS_5/releases/download/${CMSIS_VERSION}/ARM.CMSIS.${CMSIS_VERSION}.pack
+unzip -o -d CMSIS_5 cmsis.pack
+"""
+ }
+ stage("Check") {
+ def verify = 1
+ try {
+ sh """
+cd trusted-firmware-m
+export GIT_REF_ARG=""
+if [ ! -z "\$GERRIT_PATCHSET_REVISION" ] ; then
+ export GIT_REF_ARG="HEAD"
+fi
+../tf-m-ci-scripts/run-cppcheck.sh -r \$GIT_REF_ARG
+"""
+ } catch (Exception e) {
+ manager.buildFailure()
+ verify = -1
+ } finally {
+ verifyStatus(verify, 'cppcheck')
+ cleanWs()
+ }
+ }
+}
diff --git a/jenkins/static.jpl b/jenkins/static.jpl
new file mode 100644
index 0000000..3f75476
--- /dev/null
+++ b/jenkins/static.jpl
@@ -0,0 +1,33 @@
+#!/usr/bin/env groovy
+//-------------------------------------------------------------------------------
+// Copyright (c) 2020, Arm Limited and Contributors. All rights reserved.
+//
+// SPDX-License-Identifier: BSD-3-Clause
+//
+//-------------------------------------------------------------------------------
+
+
+def trigger(job_name) {
+ return {
+ def params = []
+ params += string(name: 'GERRIT_HOST', value: env.GERRIT_HOST ?: '')
+ params += string(name: 'GERRIT_BRANCH', value: env.GERRIT_BRANCH ?: '')
+ params += string(name: 'GERRIT_REFSPEC', value: env.GERRIT_REFSPEC ?: '')
+ params += string(name: 'GERRIT_CHANGE_NUMBER', value: env.GERRIT_CHANGE_NUMBER ?: '')
+ params += string(name: 'GERRIT_PATCHSET_REVISION', value: env.GERRIT_PATCHSET_REVISION ?: '')
+ params += string(name: 'CMSIS_VERSION', value: env.CMSIS_VERSION)
+ params += string(name: 'MBEDCRYPTO_VERSION', value: env.MBEDCRYPTO_VERSION)
+ params += string(name: 'CODE_REPO', value: env.CODE_REPO)
+ build(job: job_name, parameters: params)
+ }
+}
+
+stage("Static Checks") {
+ def checks = [:]
+ checks["cppcheck"] = trigger("tf-m-cppcheck")
+ checks["checkpatch"] = trigger("tf-m-checkpatch")
+ parallel(checks)
+}
+stage("Trigger Build") {
+ parallel(["build":trigger("tf-m-build-and-test")])
+}
diff --git a/jenkins/verify.py b/jenkins/verify.py
new file mode 100755
index 0000000..11c8eed
--- /dev/null
+++ b/jenkins/verify.py
@@ -0,0 +1,140 @@
+#!/usr/bin/env python3
+"""
+Posts a verification to Gerrit verify-status plugin.
+"""
+
+__copyright__ = """
+/*
+ * Copyright (c) 2020, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ *
+ */
+ """
+
+import argparse
+import json
+import os
+import sys
+import requests
+
+
+def check_plugins(base_url, auth):
+ """
+ Checks if the verify-status plugin is installed
+ """
+ plugin_url = "{}/a/plugins/".format(base_url)
+ headers = {"Content-Type": "application/json; charset=UTF-8"}
+ try:
+ request = requests.get(plugin_url, auth=auth, headers=headers)
+ except requests.exceptions.RequestException as exception:
+ print("Error checking plugins: {}".format(str(exception)), file=sys.stderr)
+ sys.exit(1)
+ if request.status_code != 200:
+ print("Could not check if verify-status plugin is installed")
+ return
+ json_plugins = json.loads(request.text.replace(")]}'",""))
+ if "verify-status" not in json_plugins:
+ print("verify-status plugin not installed.")
+ sys.exit(0)
+
+
+def submit_verification(base_url, auth, changeset, patchset_revision, verify_details):
+ """
+ Handles the actual post request.
+ """
+ check_plugins(base_url, auth)
+ post_data = {
+ "verifications": {
+ verify_details["verify_name"]: {
+ "url": verify_details["job_url"],
+ "value": verify_details["value"],
+ "abstain": verify_details["abstain"],
+ "reporter": verify_details["reporter"],
+ "comment": verify_details["comment"],
+ "category": verify_details["category"],
+ "duration": verify_details["duration"],
+ }
+ }
+ }
+ submit_url = "{}/a/changes/{}/revisions/{}/verify-status~verifications".format(
+ base_url, changeset, patchset_revision
+ )
+ headers = {"Content-Type": "application/json; charset=UTF-8"}
+ post = None
+ try:
+ post = requests.post(
+ submit_url, data=json.dumps(post_data), auth=auth, headers=headers,
+ )
+ except requests.exceptions.RequestException as exception:
+ print("Error posting to verify-status:", file=sys.stderr)
+ print(str(exception), file=sys.stderr)
+ sys.exit(1)
+ if post.status_code == 204:
+ print("Gerrit verify-status posted successfully.")
+ else:
+ print(
+ "Error posting to verify-status: {}".format(post.status_code),
+ file=sys.stderr,
+ )
+ print(post.text, file=sys.stderr)
+ sys.exit(1)
+
+
+if __name__ == "__main__":
+ PARSER = argparse.ArgumentParser(
+ description="Submits a job verification to verify-status plugin of Gerrit"
+ )
+ PARSER.add_argument("--host", help="Gerrit Host", default=os.getenv("GERRIT_HOST"))
+ PARSER.add_argument("--job-url", help="Job URL.", default=os.getenv("BUILD_URL"))
+ PARSER.add_argument("--value", help="Verification value.")
+ PARSER.add_argument(
+ "--changeset",
+ help="Changeset in Gerrit to verify.",
+ default=os.getenv("GERRIT_CHANGE_NUMBER"),
+ )
+ PARSER.add_argument(
+ "--patchset-revision",
+ help="Commit SHA of revision in Gerrit to verify.",
+ default=os.getenv("GERRIT_PATCHSET_REVISION"),
+ )
+ PARSER.add_argument(
+ "--verify-name", help="Name to give the job verifcation message."
+ )
+ PARSER.add_argument(
+ "--user", help="Username to authenticate as.", default=os.getenv("VERIFY_USER")
+ )
+ PARSER.add_argument(
+ "--password",
+ help="Password or token to authenticate as. "
+ "Defaults to VERIFY_PASSWORD environment variable.",
+ default=os.getenv("VERIFY_PASSWORD"),
+ )
+ PARSER.add_argument(
+ "--abstain",
+ help="Whether this should affect the final voting value.",
+ action="store_true",
+ )
+ PARSER.add_argument("--reporter", help="Metadata for reporter.", default="")
+ PARSER.add_argument("--comment", help="Metadata for comment.", default="")
+ PARSER.add_argument("--category", help="Metadata for category.", default="")
+ PARSER.add_argument("--duration", help="Duration of the job.", default="")
+ PARSER.add_argument("--protocol", help="Protocol to use.", default="https")
+ PARSER.add_argument("--port", help="Port to use.", default=None)
+ ARGS = PARSER.parse_args()
+ submit_verification(
+ "{}://{}{}".format(ARGS.protocol, ARGS.host, ":{}".format(ARGS.port) if ARGS.port else ""),
+ (ARGS.user, ARGS.password),
+ ARGS.changeset,
+ ARGS.patchset_revision,
+ {
+ "verify_name": ARGS.verify_name,
+ "job_url": ARGS.job_url,
+ "value": int(ARGS.value),
+ "abstain": bool(ARGS.abstain),
+ "reporter": ARGS.reporter,
+ "comment": ARGS.comment,
+ "category": ARGS.category,
+ "duration": ARGS.duration,
+ },
+ )
diff --git a/run-build.sh b/run-build.sh
new file mode 100755
index 0000000..9c49bce
--- /dev/null
+++ b/run-build.sh
@@ -0,0 +1,31 @@
+#!/bin/bash
+#-------------------------------------------------------------------------------
+# Copyright (c) 2020, Arm Limited and Contributors. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+#-------------------------------------------------------------------------------
+
+#
+# Builds a single configuration on Trusted Firmware M.
+# Relies on environment variables pre-populated.
+# These variables can be obtained using configs.py.
+# Expected to have trusted-firmware-m cloned to same level as this git tree
+#
+
+set -ex
+mkdir trusted-firmware-m/build
+cd trusted-firmware-m/build
+cmake -G "Unix Makefiles" -DPROJ_CONFIG=`readlink -f ../configs/$PROJ_CONFIG.cmake` -DTARGET_PLATFORM=$TARGET_PLATFORM -DCOMPILER=$COMPILER -DCMAKE_BUILD_TYPE=$CMAKE_BUILD_TYPE -DBL2=$BL2 ..
+cmake --build ./ -- -j 2 install
+if [ "$TARGET_PLATFORM" == "MUSCA_A" ] ; then
+ export OFFSET1=0x200000
+ export OFFSET2=0x220000
+elif [ "$TARGET_PLATFORM" == "MUSCA_B1" ] ; then
+ export OFFSET1=0xA000000
+ export OFFSET2=0xA020000
+fi
+if [ ! -z "$OFFSET1" ] && [ ! -z "$OFFSET2" ] ; then
+ # Cleanup offset(s)?
+ srec_cat install/outputs/$TARGET_PLATFORM/mcuboot.bin -Binary -offset $OFFSET1 install/outputs/$TARGET_PLATFORM/tfm_sign.bin -Binary -offset $OFFSET2 -o install/outputs/$TARGET_PLATFORM/tfm.hex -Intel
+fi
diff --git a/run-checkpatch.sh b/run-checkpatch.sh
index 3ff328e..3191194 100755
--- a/run-checkpatch.sh
+++ b/run-checkpatch.sh
@@ -73,7 +73,8 @@
echo " -f, <output_filename>, Output filename"
echo " -u, Update checkpatch files using curl"
echo " -l <number>, Check only the last <number> commits (HEAD~<number>)."
- echo " -p <path>, Provide location of directory containing checkpath."
+ echo " -p <path>, Provide location of directory containing checkpatch."
+ echo " -r, Print raw output. Implies verbose."
echo -e "\nNOTE: make sure checkpatch is located in '$CHECKPATCH_PATH'"
}
@@ -171,8 +172,10 @@
CHECKPATCH_CMD="$CHECKPATCH_CMD -f "
if [ $VERBOSE -eq 1 ]; then
eval "$FIND_CMD" | xargs -n 1 -i -P 8 $CHECKPATCH_CMD {} |tee -a "$OUTPUT_FILE_PATH"
+ RETURN_CODE=${PIPESTATUS[1]}
else
eval "$FIND_CMD" | xargs -n 1 -i -P 8 $CHECKPATCH_CMD {} >> $OUTPUT_FILE_PATH
+ RETURN_CODE=${PIPESTATUS[1]}
fi
}
@@ -215,8 +218,10 @@
if [ $VERBOSE -eq 1 ]; then
$GIT_CMD | $CHECKPATCH_CMD | tee -a "$OUTPUT_FILE_PATH"
+ RETURN_CODE=${PIPESTATUS[1]}
else
$GIT_CMD | $CHECKPATCH_CMD >> $OUTPUT_FILE_PATH
+ RETURN_CODE=${PIPESTATUS[1]}
fi
popd > /dev/null
@@ -241,9 +246,12 @@
#!path CHECK_LAST_COMMITS;
CHECK_LAST_COMMITS=0
+# Whether to print the output to screen.
+RAW_OUTPUT=0
+
# Getting options and setting variables required to execute the script. This
# script starts executing from here.
-while getopts "uvhd:f:l:p:" opt
+while getopts "uvhd:f:l:p:r" opt
do
case $opt in
v) VERBOSE=1 ;;
@@ -253,6 +261,8 @@
u) UPDATE_CHECKPATCH_FILES=1 ;;
l) CHECK_LAST_COMMITS="$OPTARG" ;;
p) CHECKPATCH_PATH="$OPTARG" ;;
+ r) RAW_OUTPUT=1
+ VERBOSE=1 ;;
\?) usage ; exit 1 ;;
esac
done
@@ -260,7 +270,7 @@
# Update checkpatch files
if [ $UPDATE_CHECKPATCH_FILES -eq 1 ]; then
update_checkpatch
- echo "Checkpatch update was successfull."
+ echo "Checkpatch update was successful."
exit 0
fi
@@ -294,4 +304,9 @@
check_diff
fi
-echo "checkpatch report \"$OUTPUT_FILE_PATH\" is ready!"
+if [ "$RAW_OUTPUT" == "1" ] ; then
+ rm $OUTPUT_FILE_PATH
+ exit $RETURN_CODE
+else
+ echo "checkpatch report \"$OUTPUT_FILE_PATH\" is ready!"
+fi
diff --git a/run-cppcheck.sh b/run-cppcheck.sh
index 6c12942..681d9fe 100755
--- a/run-cppcheck.sh
+++ b/run-cppcheck.sh
@@ -13,7 +13,7 @@
##This bash script can be used to execute cppcheck for the tf-m project.
##It will use the CMake generated "compile_commands.json" file.
##CMake is executed to generate the build commands for the "default" build
-##configuration (i.e. no build config file is specifyed on the command-line).
+##configuration (i.e. no build config file is specified on the command-line).
##
##This file shall be executed from the root directory of the tf-m working copy.
##
@@ -32,26 +32,43 @@
## possible to define additional macros and include paths on the command
## line. This results in some incorrect error and warning messages.
##@todo The file cppcheck/arm-cortex-m.cfg needs to be revised. Some settings
-## might be invalid, and also a differnet file may be needed based on
-## used compiler switches (i.e. to match witdh specification and or default
+## might be invalid, and also a different file may be needed based on
+## used compiler switches (i.e. to match width specification and or default
## sign for some types).
##@todo Currently cppcheck is only executed for the default build configuration
## "ConfigDefault.cmake"for target AN521 of the "top level" project.
-## This might need to be revied/changed in the future.
+## This might need to be revised/changed in the future.
##
#Fail if any command exit with error.
set -e
+RAW_OUTPUT=0
+
+while getopts "hr" opt ; do
+ case "$opt" in
+ h)
+ echo "Usage: $(basename -- "$0") [-h] [-r] [git_hash]"
+ echo " -r, Raw output. (Default is to create xml reports)."
+ echo " -h, Script help"
+ exit 0
+ ;;
+ r)
+ RAW_OUTPUT=1
+ ;;
+ esac
+done
+
+shift $((OPTIND-1))
+
#The location from where the script executes
mypath=$(dirname $0)
#The cmake_exported project file in json format
-cmake_commmands=compile_commands.json
+cmake_commands=compile_commands.json
. "$mypath/util_cmake.sh"
-
#Library file for cppcheck
library_file="$(fix_win_path $(get_full_path $mypath))/cppcheck/arm-cortex-m.cfg"
suppress_file="$(fix_win_path $(get_full_path $mypath))/cppcheck/tfm-suppress-list.txt"
@@ -61,7 +78,7 @@
#Run cmake to get the compile_commands.json file
echo
-echo '******* Generating compile_commandas.json ***************'
+echo '******* Generating compile_commands.json ***************'
echo
generate_project $(fix_win_path $(get_full_path ./)) "./" "cppcheck" "-DCMAKE_EXPORT_COMPILE_COMMANDS=1 -DTARGET_PLATFORM=AN521 -DCOMPILER=GNUARM"
@@ -69,15 +86,15 @@
bdir=$(make_build_dir_name "./" "cppcheck")
pushd "$bdir" >/dev/null
-#The following snippet allows cppcheck to be run differentially againist a
+#The following snippet allows cppcheck to be run differentially against a
#commit hash passed as first argument $1. It does not
#affect the legacy functionality of the script, checking the whole codebase,
#when called without an argument
if [[ ! -z "$1" ]]
then
- echo "Enabled git-diff mode againist hash: $1"
+ echo "Enabled git-diff mode against hash: $1"
- # Do not execute unused functioncheck when running in diff-mode
+ # Do not execute unused function check when running in diff-mode
additional_checklist="style,performance,portability,information,missingInclude"
# Grep will set exit status to 1 if a commit does not contain c/cpp.. files
set +e
@@ -91,12 +108,12 @@
for fl in "${git_flist[@]}"; do
echo "Looking for reference of file: $fl"
- # dry run the command to see if there any ouput
- JSON_CMD=$(grep -B 3 "\"file\": \".*$fl\"" $cmake_commmands)
+ # dry run the command to see if there any output
+ JSON_CMD=$(grep -B 3 "\"file\": \".*$fl\"" $cmake_commands)
if [ -n "${JSON_CMD}" ]; then
command_matched=1
- grep -B 3 "\"file\": \".*$fl\"" $cmake_commmands >> $filtered_cmd_f
+ grep -B 3 "\"file\": \".*$fl\"" $cmake_commands >> $filtered_cmd_f
echo -e "}," >> $filtered_cmd_f
fi
done
@@ -107,26 +124,42 @@
sed -i '$ d' $filtered_cmd_f
echo -e "}\n]" >> $filtered_cmd_f
- cat $filtered_cmd_f > $cmake_commmands
+ cat $filtered_cmd_f > $cmake_commands
else
- # Always generate an empty file for other stages of ci expecting one
echo "CppCheck: Ignoring files not contained in the build config"
- echo "Files Ignored: $flist"
- cat <<-EOF > chk-config.xml
- <?xml version="1.0" encoding="UTF-8"?>
- <results version="2">
- <cppcheck version="$(cppcheck --version)"/>
- <errors>
- </errors>
- </results>
- EOF
- cp chk-config.xml chk-src.xml
+ if [ "$RAW_OUTPUT" == "0" ] ; then
+ # Always generate an empty file for other stages of ci expecting one
+ echo "Files Ignored: $flist"
+ cat > chk-config.xml << EOF
+<?xml version="1.0" encoding="UTF-8"?>
+<results version="2">
+ <cppcheck version="$(cppcheck --version)"/>
+ <errors>
+ </errors>
+</results>
+EOF
+ cp chk-config.xml chk-src.xml
+ fi
exit 0
fi
fi
+function cppcheck_failed {
+ echo "cppcheck failed."
+ echo "Check log for errors."
+ exit 1
+}
-#Build the external projects to get all headers installed to plases from where
+EXTRA_ARGS="--error-exitcode=1"
+if [ "$RAW_OUTPUT" != "1" ] ; then
+ # If not in raw output mode, use xml output.
+ EXTRA_ARGS="--xml"
+else
+ trap cppcheck_failed ERR
+fi
+CPPCHECK_ARGS="$EXTRA_ARGS --enable="$additional_checklist" --library="$library_file" --project=$cmake_commands --suppressions-list="$suppress_file" --inline-suppr"
+
+#Build the external projects to get all headers installed to places from where
#tf-m code uses them
echo
echo '******* Install external projects to their final place ***************'
@@ -138,14 +171,23 @@
echo '******* checking cppcheck configuration ***************'
echo
-cppcheck --xml --check-config --enable="$additional_checklist" --library="$library_file" --project=$cmake_commmands --suppressions-list="$suppress_file" --inline-suppr 2>chk-config.xml
+if [ "$RAW_OUTPUT" == "1" ] ; then
+ cppcheck $CPPCHECK_ARGS --check-config > /dev/null
+else
+ cppcheck $CPPCHECK_ARGS --check-config 2>chk-config.xml
+fi
echo
echo '******* analyzing files with cppcheck ***************'
echo
-cppcheck --xml --enable="$additional_checklist" --library="$library_file" --project=$cmake_commmands --suppressions-list="$suppress_file" --inline-suppr 2>chk-src.xml
+if [ "$RAW_OUTPUT" == "1" ] ; then
+ cppcheck $CPPCHECK_ARGS > /dev/null
+ echo '******* cppcheck complete ***************'
+else
+ cppcheck $CPPCHECK_ARGS 2>chk-src.xml
+ echo
+ echo '******* Please check chk-config.xml and chk-src.xml for the results. ***************'
+ echo
+fi
popd
-echo
-echo '******* Please check chk-config.xml and chk-src.xml for the results. ***************'
-echo