| #------------------------------------------------------------------------------- |
| # Copyright (c) 2023, Arm Limited. All rights reserved. |
| # |
| # SPDX-License-Identifier: BSD-3-Clause |
| # |
| #------------------------------------------------------------------------------- |
| |
| - job: |
| name: tf-m-eclair-delta |
| node: docker-tf-m-eclair-3.13 |
| project-type: freestyle |
| concurrent: true |
| disabled: false |
| defaults: global |
| Description: | |
| ECLAIR (MISRA) analysis for Trusted Firmware M patches |
| properties: |
| - build-discarder: |
| days-to-keep: 90 |
| artifact-num-to-keep: 40 |
| parameters: |
| - string: |
| name: 'FILTER_GROUP' |
| default: "misra" |
| description: | |
| Filter to a group of configurations as recognised by configs.py |
| - string: |
| name: 'CODE_REPO' |
| default: 'https://git.trustedfirmware.org/TF-M/trusted-firmware-m' |
| - string: |
| name: 'CI_SCRIPTS_REPO' |
| default: 'https://git.trustedfirmware.org/ci/tf-m-ci-scripts' |
| - string: |
| name: 'CI_SCRIPTS_BRANCH' |
| default: 'master' |
| - string: |
| name: 'GERRIT_REFSPEC' |
| default: 'refs/heads/main' |
| description: | |
| For use when triggering with specified tag or master 'refs/heads/main' or 'refs/tags/TF-Mv1.0'. |
| - string: |
| name: 'GERRIT_BRANCH' |
| default: 'main' |
| description: | |
| TF-M branch. |
| - string: |
| name: GERRIT_PROJECT |
| default: 'TF-M/trusted-firmware-m' |
| description: | |
| Git project to build (also set by Gerrit trigger) |
| - string: |
| name: 'GERRIT_HOST' |
| default: 'review.trustedfirmware.org' |
| - string: |
| name: 'GERRIT_CHANGE_NUMBER' |
| description: | |
| No need to change. |
| - string: |
| name: 'GERRIT_PATCHSET_REVISION' |
| description: | |
| No need to change. |
| - string: |
| name: 'MBEDTLS_VERSION' |
| default: '' |
| description: | |
| Specify which MBEDTLS version to use |
| refs/heads/<branch_name> : Pick up latest HEAD on branch |
| TAG_NAME : Pick up a tagged version |
| full commit hash : Pick up a specific commit |
| - string: |
| name: 'MBEDTLS_URL' |
| default: 'https://git.trustedfirmware.org/mirror/mbed-tls.git' |
| - string: |
| name: 'QCBOR_URL' |
| default: 'https://github.com/laurencelundblade/QCBOR.git' |
| - string: |
| name: 'QCBOR_VERSION' |
| default: '' |
| description: | |
| Specify which QCBOR version to use |
| refs/heads/<branch_name> : Pick up latest HEAD on branch |
| TAG_NAME : Pick up a tagged version |
| full commit hash : Pick up a specific commit |
| - string: |
| name: 'T_COSE_URL' |
| default: 'https://github.com/laurencelundblade/t_cose.git' |
| - string: |
| name: 'T_COSE_VERSION' |
| default: '' |
| description: | |
| Specify which t_cose version to use |
| refs/heads/<branch_name> : Pick up latest HEAD on branch |
| TAG_NAME : Pick up a tagged version |
| full commit hash : Pick up a specific commit |
| - string: |
| name: 'MCUBOOT_REFSPEC' |
| default: '' |
| description: | |
| Specify which MCUboot version to use |
| refs/heads/<branch_name> : Pick up latest HEAD on branch |
| TAG_NAME : Pick up a tagged version |
| full commit hash : Pick up a specific commit |
| - string: |
| name: 'MCUBOOT_URL' |
| default: 'https://git.trustedfirmware.org/mirror/mcuboot.git' |
| - string: |
| name: 'TFM_TESTS_URL' |
| default: 'https://git.trustedfirmware.org/TF-M/tf-m-tests.git' |
| - string: |
| name: 'TFM_TESTS_REFSPEC' |
| default: '' |
| - string: |
| name: 'TFM_EXTRAS_URL' |
| default: 'https://git.trustedfirmware.org/TF-M/tf-m-extras.git' |
| - string: |
| name: 'TFM_EXTRAS_REFSPEC' |
| default: '' |
| description: | |
| Specify which tf-m-extras version to use |
| refs/heads/<branch_name> : Pick up latest HEAD on branch |
| TAG_NAME : Pick up a tagged version |
| full commit hash : Pick up a specific commit |
| - string: |
| name: 'PSA_ARCH_TESTS_URL' |
| default: 'https://git.trustedfirmware.org/mirror/psa-arch-tests.git' |
| - string: |
| name: 'PSA_ARCH_TESTS_VERSION' |
| default: '' |
| - string: |
| name: SHARE_FOLDER |
| default: '/tmp' |
| description: 'Folder for initial cloning of repositories' |
| - string: |
| name: 'BUILD_TARGET' |
| default: '' |
| description: | |
| Override build target (for debugging) |
| - string: |
| name: 'BUILD_JOBS' |
| default: '16' |
| description: | |
| --jobs to pass to make, etc. |
| triggers: |
| - gerrit: |
| silent: true |
| server-name: 'review.trustedfirmware.org' |
| projects: |
| - branches: |
| - branch-compare-type: PLAIN |
| branch-pattern: eclair |
| project-compare-type: PLAIN |
| project-pattern: 'TF-M/trusted-firmware-m' |
| - branches: |
| - branch-compare-type: PLAIN |
| branch-pattern: master |
| project-compare-type: PLAIN |
| project-pattern: 'sandbox/pfalcon/trusted-firmware-m' |
| trigger-on: |
| - comment-added-event: |
| approval-category: "Allow-CI" |
| approval-value: 1 |
| - comment-added-event: |
| approval-category: "Allow-CI" |
| approval-value: 2 |
| wrappers: |
| - timestamps |
| - timeout: |
| timeout: 2400 |
| fail: true |
| - credentials-binding: |
| - ssh-user-private-key: |
| credential-id: TFA_CI_BOT_USER_SSH_KEY |
| key-file-variable: CI_BOT_KEY |
| username-variable: CI_BOT_USERNAME |
| passphrase-variable: '' |
| builders: |
| - shell: | |
| #!/bin/bash -ex |
| git clone -b $CI_SCRIPTS_BRANCH $CI_SCRIPTS_REPO tf-m-ci-scripts |
| git clone -b master https://git.trustedfirmware.org/ci/tf-ci-scripts.git tf-ci-scripts |
| bash -x tf-m-ci-scripts/clone.sh |
| |
| ls -l |
| if [ -n "${GERRIT_REFSPEC}" ]; then |
| ( |
| cd $(basename ${GERRIT_PROJECT}) |
| git fetch https://${GERRIT_HOST}/${GERRIT_PROJECT} ${GERRIT_REFSPEC} && git checkout FETCH_HEAD |
| ) |
| fi |
| |
| (cd trusted-firmware-m; git log --oneline -n5) |
| |
| export ECLAIR_CONFIG_DIR=$PWD/tf-m-ci-scripts/eclair |
| . tf-ci-scripts/eclair/utils.sh |
| . tf-m-ci-scripts/eclair/utils_tfm.sh |
| |
| export CROSS_COMPILE="arm-none-eabi-" |
| export CC_ALIASES="${CROSS_COMPILE}gcc" |
| export CXX_ALIASES="${CROSS_COMPILE}g++" |
| export LD_ALIASES="${CROSS_COMPILE}ld" |
| export AR_ALIASES="${CROSS_COMPILE}ar" |
| export AS_ALIASES="${CROSS_COMPILE}as" |
| export FILEMANIP_ALIASES="cp mv ${CROSS_COMPILE}objcopy" |
| |
| # Detach license for initial eclair_env invocation. We then extend it on |
| # each config build iteration. |
| detachLicense 600 |
| trap "returnLicense || true" EXIT |
| |
| # Toolchain path must be already set before calling eclair_env, can't set it inside it. |
| # And to set toolchain path, we need a CONFIG_NAME |
| CONFIG_NAME=$(python3 tf-m-ci-scripts/configs.py -g $FILTER_GROUP | head -1) |
| eclair_tfm_set_toolchain_path |
| |
| export ECLAIR_ANALYSIS=ECLAIR |
| eclair_prepare |
| eclair_analyze tf-m-ci-scripts/run-eclair-builds.sh |
| echo "eclair_analyze target revision finished" |
| eclair_make_ecd |
| eclair_make_reports |
| |
| echo "========= Building base revision =========" |
| |
| ( |
| cd $(basename ${GERRIT_PROJECT}) |
| git checkout HEAD^ |
| git log --oneline -n5 |
| ) |
| |
| export ECLAIR_ANALYSIS=ECLAIR_BASE |
| eclair_prepare |
| eclair_analyze tf-m-ci-scripts/run-eclair-builds.sh |
| echo "eclair_analyze base revision finished" |
| eclair_make_ecd |
| eclair_make_reports |
| |
| eclair_make_delta_report ECLAIR_BASE ECLAIR |
| tf-ci-scripts/eclair/eclair_diff_report.py diff_output > misra_delta.txt |
| |
| returnLicense |
| tf-ci-scripts/eclair/analyze_delta_index_html.sh |
| tf-ci-scripts/eclair/post_gerrit_comment.sh |
| |
| publishers: |
| - archive: |
| artifacts: ECLAIR*/**, diff_output/**, misra_delta.txt, *issues_html/**, index.html |
| excludes: 'ECLAIR*/out/.data/**' |
| latest-only: false |
| allow-empty: true |