tf-m-eclair-delta.yaml

#-------------------------------------------------------------------------------
# Copyright (c) 2023, Arm Limited. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
#-------------------------------------------------------------------------------

- job:
    name: tf-m-eclair-delta
    node: docker-tf-m-eclair-3.13
    project-type: freestyle
    concurrent: true
    disabled: false
    defaults: global
    Description: |
      ECLAIR (MISRA) analysis for Trusted Firmware M patches
    properties:
        - build-discarder:
            days-to-keep: 90
            artifact-num-to-keep: 40
    parameters:
      - string:
          name: 'FILTER_GROUP'
          default: "misra"
          description: |
            Filter to a group of configurations as recognised by configs.py
      - string:
          name: 'CODE_REPO'
          default: 'https://git.trustedfirmware.org/TF-M/trusted-firmware-m'
      - string:
          name: 'CI_SCRIPTS_REPO'
          default: 'https://git.trustedfirmware.org/ci/tf-m-ci-scripts'
      - string:
          name: 'CI_SCRIPTS_BRANCH'
          default: 'master'
      - string:
          name: 'GERRIT_REFSPEC'
          default: 'refs/heads/main'
          description: |
            For use when triggering with specified tag or master 'refs/heads/main' or 'refs/tags/TF-Mv1.0'.
      - string:
          name: 'GERRIT_BRANCH'
          default: 'main'
          description: |
            TF-M branch.
      - string:
          name: GERRIT_PROJECT
          default: 'TF-M/trusted-firmware-m'
          description: |
            Git project to build (also set by Gerrit trigger)
      - string:
          name: 'GERRIT_HOST'
          default: 'review.trustedfirmware.org'
      - string:
          name: 'GERRIT_CHANGE_NUMBER'
          description: |
            No need to change.
      - string:
          name: 'GERRIT_PATCHSET_REVISION'
          description: |
            No need to change.
      - string:
          name: 'MBEDTLS_VERSION'
          default: ''
          description: |
            Specify which MBEDTLS version to use
            refs/heads/<branch_name> : Pick up latest HEAD on branch
            TAG_NAME                 : Pick up a tagged version
            full commit hash         : Pick up a specific commit
      - string:
          name: 'MBEDTLS_URL'
          default: 'https://git.trustedfirmware.org/mirror/mbed-tls.git'
      - string:
          name: 'QCBOR_URL'
          default: 'https://github.com/laurencelundblade/QCBOR.git'
      - string:
          name: 'QCBOR_VERSION'
          default: ''
          description: |
            Specify which QCBOR version to use
            refs/heads/<branch_name> : Pick up latest HEAD on branch
            TAG_NAME                 : Pick up a tagged version
            full commit hash         : Pick up a specific commit
      - string:
          name: 'T_COSE_URL'
          default: 'https://github.com/laurencelundblade/t_cose.git'
      - string:
          name: 'T_COSE_VERSION'
          default: ''
          description: |
            Specify which t_cose version to use
            refs/heads/<branch_name> : Pick up latest HEAD on branch
            TAG_NAME                 : Pick up a tagged version
            full commit hash         : Pick up a specific commit
      - string:
          name: 'MCUBOOT_REFSPEC'
          default: ''
          description: |
            Specify which MCUboot version to use
            refs/heads/<branch_name> : Pick up latest HEAD on branch
            TAG_NAME                 : Pick up a tagged version
            full commit hash         : Pick up a specific commit
      - string:
          name: 'MCUBOOT_URL'
          default: 'https://git.trustedfirmware.org/mirror/mcuboot.git'
      - string:
          name: 'TFM_TESTS_URL'
          default: 'https://git.trustedfirmware.org/TF-M/tf-m-tests.git'
      - string:
          name: 'TFM_TESTS_REFSPEC'
          default: ''
      - string:
          name: 'TFM_EXTRAS_URL'
          default: 'https://git.trustedfirmware.org/TF-M/tf-m-extras.git'
      - string:
          name: 'TFM_EXTRAS_REFSPEC'
          default: ''
          description: |
            Specify which tf-m-extras version to use
            refs/heads/<branch_name> : Pick up latest HEAD on branch
            TAG_NAME                 : Pick up a tagged version
            full commit hash         : Pick up a specific commit
      - string:
          name: 'PSA_ARCH_TESTS_URL'
          default: 'https://git.trustedfirmware.org/mirror/psa-arch-tests.git'
      - string:
          name: 'PSA_ARCH_TESTS_VERSION'
          default: ''
      - string:
          name: SHARE_FOLDER
          default: '/tmp'
          description: 'Folder for initial cloning of repositories'
      - string:
          name: 'BUILD_TARGET'
          default: ''
          description: |
            Override build target (for debugging)
      - string:
          name: 'BUILD_JOBS'
          default: '16'
          description: |
            --jobs to pass to make, etc.
    triggers:
    - gerrit:
        silent: true
        server-name: 'review.trustedfirmware.org'
        projects:
        - branches:
          - branch-compare-type: PLAIN
            branch-pattern: eclair
          project-compare-type: PLAIN
          project-pattern: 'TF-M/trusted-firmware-m'
        - branches:
          - branch-compare-type: PLAIN
            branch-pattern: master
          project-compare-type: PLAIN
          project-pattern: 'sandbox/pfalcon/trusted-firmware-m'
        trigger-on:
        - comment-added-event:
            approval-category: "Allow-CI"
            approval-value: 1
        - comment-added-event:
            approval-category: "Allow-CI"
            approval-value: 2
    wrappers:
        - timestamps
        - timeout:
            timeout: 2400
            fail: true
        - credentials-binding:
          - ssh-user-private-key:
              credential-id: TFA_CI_BOT_USER_SSH_KEY
              key-file-variable: CI_BOT_KEY
              username-variable: CI_BOT_USERNAME
              passphrase-variable: ''
    builders:
        - shell: |
            #!/bin/bash -ex
            git clone -b $CI_SCRIPTS_BRANCH $CI_SCRIPTS_REPO tf-m-ci-scripts
            git clone -b master https://git.trustedfirmware.org/ci/tf-ci-scripts.git tf-ci-scripts
            bash -x tf-m-ci-scripts/clone.sh

            ls -l
            if [ -n "${GERRIT_REFSPEC}" ]; then
            (
                cd $(basename ${GERRIT_PROJECT})
                git fetch https://${GERRIT_HOST}/${GERRIT_PROJECT} ${GERRIT_REFSPEC} && git checkout FETCH_HEAD
            )
            fi

            (cd trusted-firmware-m; git log --oneline -n5)

            export ECLAIR_CONFIG_DIR=$PWD/tf-m-ci-scripts/eclair
            . tf-ci-scripts/eclair/utils.sh
            . tf-m-ci-scripts/eclair/utils_tfm.sh

            export CROSS_COMPILE="arm-none-eabi-"
            export CC_ALIASES="${CROSS_COMPILE}gcc"
            export CXX_ALIASES="${CROSS_COMPILE}g++"
            export LD_ALIASES="${CROSS_COMPILE}ld"
            export AR_ALIASES="${CROSS_COMPILE}ar"
            export AS_ALIASES="${CROSS_COMPILE}as"
            export FILEMANIP_ALIASES="cp mv ${CROSS_COMPILE}objcopy"

            # Detach license for initial eclair_env invocation. We then extend it on
            # each config build iteration.
            detachLicense 600
            trap "returnLicense || true" EXIT

            # Toolchain path must be already set before calling eclair_env, can't set it inside it.
            # And to set toolchain path, we need a CONFIG_NAME
            CONFIG_NAME=$(python3 tf-m-ci-scripts/configs.py -g $FILTER_GROUP | head -1)
            eclair_tfm_set_toolchain_path

            export ECLAIR_ANALYSIS=ECLAIR
            eclair_prepare
            eclair_analyze tf-m-ci-scripts/run-eclair-builds.sh
            echo "eclair_analyze target revision finished"
            eclair_make_ecd
            eclair_make_reports

            echo "========= Building base revision ========="

            (
                cd $(basename ${GERRIT_PROJECT})
                git checkout HEAD^
                git log --oneline -n5
            )

            export ECLAIR_ANALYSIS=ECLAIR_BASE
            eclair_prepare
            eclair_analyze tf-m-ci-scripts/run-eclair-builds.sh
            echo "eclair_analyze base revision finished"
            eclair_make_ecd
            eclair_make_reports

            eclair_make_delta_report ECLAIR_BASE ECLAIR
            tf-ci-scripts/eclair/eclair_diff_report.py diff_output > misra_delta.txt

            returnLicense
            tf-ci-scripts/eclair/analyze_delta_index_html.sh
            tf-ci-scripts/eclair/post_gerrit_comment.sh

    publishers:
        - archive:
            artifacts: ECLAIR*/**, diff_output/**, misra_delta.txt, *issues_html/**, index.html
            excludes: 'ECLAIR*/out/.data/**'
            latest-only: false
            allow-empty: true