TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / ci / tf-m-job-configs.git / 735648011ba76e69cd66b0ca335435806e2860e9 / . / tf-m-coverity.yaml
blob: 9865872e032a8c483da08a2187d4b64f325ff33c [file] [log] [blame]
#-------------------------------------------------------------------------------
# Copyright (c) 2020-2023, Arm Limited. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
#-------------------------------------------------------------------------------
- scm:
name: tf-m-ci-scripts
scm:
- git:
url: ${CI_SCRIPTS_REPO}
branches:
- ${CI_SCRIPTS_BRANCH}
basedir: tf-m-ci-scripts
skip-tag: true
shallow-clone: true
wipe-workspace: false
- job:
name: tf-m-coverity
node: docker-amd64-tf-m-bionic
project-type: freestyle
concurrent: true
disabled: false
defaults: global
description: |
Run the Coverity tool on Trusted Firmware M and submit the resulting
tarball to <a href="https://scan.coverity.com/projects/trusted-firmware-m-35b064f0-65c2-4afb-9ba9-24aa432fb7fa">Coverity Scan Online</a>.
<br/>
This job runs <b>every weekday</b> and by default uses the <b>master</b> branch on trustedfirmware.org.
properties:
- build-discarder:
days-to-keep: 180
num-to-keep: 180
parameters:
- string:
name: CODE_REPO
default: 'https://git.trustedfirmware.org/TF-M/trusted-firmware-m'
- string:
name: GERRIT_REFSPEC
default: 'refs/heads/main'
- string:
name: CI_SCRIPTS_REPO
default: 'https://git.trustedfirmware.org/ci/tf-m-ci-scripts'
- string:
name: CI_SCRIPTS_BRANCH
default: 'master'
- string:
name: MBEDTLS_VERSION
default: ''
- string:
name: MBEDTLS_URL
default: 'https://git.trustedfirmware.org/mirror/mbed-tls.git'
- string:
name: MCUBOOT_REFSPEC
default: ''
- string:
name: MCUBOOT_URL
default: 'https://git.trustedfirmware.org/mirror/mcuboot.git'
- string:
name: TFM_TESTS_URL
default: 'https://git.trustedfirmware.org/TF-M/tf-m-tests.git'
- string:
name: TFM_TESTS_REFSPEC
default: ''
- string:
name: TFM_EXTRAS_URL
default: 'https://git.trustedfirmware.org/TF-M/tf-m-extras.git'
- string:
name: TFM_EXTRAS_REFSPEC
default: ''
- string:
name: PSA_ARCH_TESTS_URL
default: 'https://git.trustedfirmware.org/mirror/psa-arch-tests.git'
- string:
name: PSA_ARCH_TESTS_VERSION
default: ''
- string:
name: QCBOR_URL
default: 'https://github.com/laurencelundblade/QCBOR.git'
- string:
name: QCBOR_VERSION
default: ''
- string:
name: SHARE_FOLDER
default: '/srv/shared/${JOB_NAME}/${BUILD_NUMBER}'
- bool:
name: UPLOAD_TO_COVERITY_SCAN_ONLINE
default: true
scm:
- tf-m-ci-scripts
wrappers:
- timestamps
- credentials-binding:
- text:
credential-id: TF-M-COVERITY-SCAN-TOKEN
variable: TF_M_COVERITY_SCAN_TOKEN
builders:
- shell: |-
#!/bin/bash
set -e
cd ${WORKSPACE}
# Add compiler path to sys path
export PATH=$GCC_10_3_PATH:${PATH}
# Download TF-M dependencies to avoid git clone in each config
${WORKSPACE}/tf-m-ci-scripts/clone.sh
cnt=$(ls trusted-firmware-m/lib/ext/mbedcrypto/*.patch 2> /dev/null | wc -l)
if [ "$cnt" != "0" ] ; then
cd mbedtls
git apply ../trusted-firmware-m/lib/ext/mbedcrypto/*.patch
cd -
fi
# Fetch coverity tool and untar it
wget https://scan.coverity.com/download/linux64 \
--quiet \
--post-data "token=${TF_M_COVERITY_SCAN_TOKEN}&project=Trusted+Firmware-M" \
-O coverity_tool.tgz
tar -xzf coverity_tool.tgz
mv cov-analysis-linux64* coverity
export PATH=${WORKSPACE}/coverity/bin:${PATH}
# Run coverity
cd ${WORKSPACE}/trusted-firmware-m
${WORKSPACE}/tf-m-ci-scripts/run-coverity.py --tf $(pwd)
- conditional-step:
condition-kind: boolean-expression
condition-expression: "${UPLOAD_TO_COVERITY_SCAN_ONLINE}"
on-evaluation-failure: dont-run
steps:
- shell: |-
#!/bin/bash
echo "Uploading tarball to Coverity Scan Online..."
cd ${WORKSPACE}/trusted-firmware-m
GIT_COMMIT=$(git rev-parse HEAD)
curl \
--form token=${TF_M_COVERITY_SCAN_TOKEN} \
--form email=xinyu.zhang@arm.com \
--form file=@"arm-tf-coverity-results.tgz" \
--form version="Commit ${GIT_COMMIT}" \
--form description="Build ${BUILD_DISPLAY_NAME}" \
https://scan.coverity.com/builds?project=Trusted+Firmware-M
triggers:
- timed: H H(4-6) * * 1-5