| #------------------------------------------------------------------------------- |
| # Copyright (c) 2020-2022, Arm Limited. All rights reserved. |
| # |
| # SPDX-License-Identifier: BSD-3-Clause |
| # |
| #------------------------------------------------------------------------------- |
| |
| - scm: |
| name: tf-m-ci-scripts |
| scm: |
| - git: |
| url: https://git.trustedfirmware.org/ci/tf-m-ci-scripts.git |
| refspec: +refs/heads/master:refs/remotes/origin/master |
| name: origin |
| branches: |
| - refs/heads/master |
| basedir: tf-m-ci-scripts |
| skip-tag: true |
| shallow-clone: true |
| wipe-workspace: false |
| - scm: |
| name: trusted-firmware-m |
| scm: |
| - git: |
| url: https://review.trustedfirmware.org/${TF_GERRIT_PROJECT} |
| refspec: ${TF_GERRIT_REFSPEC} |
| name: origin |
| branches: |
| - ${TF_GERRIT_BRANCH} |
| basedir: trusted-firmware-m |
| skip-tag: true |
| shallow-clone: false |
| wipe-workspace: false |
| - job: |
| name: tf-m-coverity |
| node: docker-amd64-tf-m-bionic |
| project-type: freestyle |
| concurrent: true |
| disabled: false |
| defaults: global |
| description: | |
| Run the Coverity tool on Trusted Firmware M and submit the resulting |
| tarball to <a href="https://scan.coverity.com/projects/trusted-firmware-m-35b064f0-65c2-4afb-9ba9-24aa432fb7fa">Coverity Scan Online</a>. |
| <br/> |
| This job runs <b>every weekday</b> and by default uses the <b>master</b> branch on trustedfirmware.org. |
| properties: |
| - build-discarder: |
| days-to-keep: 180 |
| num-to-keep: 180 |
| parameters: |
| - string: |
| name: TF_GERRIT_PROJECT |
| default: 'TF-M/trusted-firmware-m' |
| - string: |
| name: TF_GERRIT_BRANCH |
| default: 'refs/heads/master' |
| - string: |
| name: TF_GERRIT_REFSPEC |
| default: '+refs/heads/master:refs/remotes/origin/master' |
| - string: |
| name: COVERITY_VERSION |
| default: '2020.09' |
| - bool: |
| name: UPLOAD_TO_COVERITY_SCAN_ONLINE |
| default: true |
| scm: |
| - tf-m-ci-scripts |
| - trusted-firmware-m |
| wrappers: |
| - timestamps |
| - credentials-binding: |
| - text: |
| credential-id: TF-M-COVERITY-SCAN-TOKEN |
| variable: TF_M_COVERITY_SCAN_TOKEN |
| builders: |
| - shell: |- |
| #!/bin/bash |
| set -e |
| |
| # Fetch coverity tool and untar it |
| cd ${WORKSPACE} |
| wget https://scan.coverity.com/download/linux64 \ |
| --quiet \ |
| --post-data "token=${TF_M_COVERITY_SCAN_TOKEN}&project=Trusted+Firmware-M" \ |
| -O coverity_tool.tgz |
| tar -xzf coverity_tool.tgz |
| mv cov-analysis-linux64-${COVERITY_VERSION} coverity |
| export PATH=${WORKSPACE}/coverity/bin:${PATH} |
| |
| # Run coverity |
| cd ${WORKSPACE}/trusted-firmware-m |
| ${WORKSPACE}/tf-m-ci-scripts/run-coverity.py --tf $(pwd) |
| |
| - conditional-step: |
| condition-kind: boolean-expression |
| condition-expression: "${UPLOAD_TO_COVERITY_SCAN_ONLINE}" |
| on-evaluation-failure: dont-run |
| steps: |
| - shell: |- |
| #!/bin/bash |
| |
| echo "Uploading tarball to Coverity Scan Online..." |
| cd ${WORKSPACE}/trusted-firmware-m |
| GIT_COMMIT=$(git rev-parse HEAD) |
| |
| curl \ |
| --form token=${TF_M_COVERITY_SCAN_TOKEN} \ |
| --form email=Karl.Zhang@arm.com \ |
| --form file=@"arm-tf-coverity-results.tgz" \ |
| --form version="Commit ${GIT_COMMIT}" \ |
| --form description="Build ${BUILD_DISPLAY_NAME}" \ |
| https://scan.coverity.com/builds?project=Trusted+Firmware-M |
| triggers: |
| - timed: H H(4-6) * * 1-5 |