TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / ci / tf-m-job-configs.git / 6ca11246a6b4a2b4d477e809309df97c8dd294e0 / . / tf-m-coverity.yaml
blob: 99b393a7b080f232df76f72c626deca19aac3c57 [file] [log] [blame]
Xinyu Zhang59f7fee2021-05-21 14:04:11 +0800[diff] [blame]1#-------------------------------------------------------------------------------
Xinyu Zhang17763f42023-08-11 17:37:46 +0800[diff] [blame]2# Copyright (c) 2020-2023, Arm Limited. All rights reserved.
Xinyu Zhang59f7fee2021-05-21 14:04:11 +0800[diff] [blame]3#
4# SPDX-License-Identifier: BSD-3-Clause
5#
6#-------------------------------------------------------------------------------
7
Leonardo Sandoval472f5d82020-11-30 11:24:13 -0600[diff] [blame]8- scm:
9 name: tf-m-ci-scripts
10 scm:
11 - git:
12 url: https://git.trustedfirmware.org/ci/tf-m-ci-scripts.git
13 refspec: +refs/heads/master:refs/remotes/origin/master
14 name: origin
15 branches:
16 - refs/heads/master
17 basedir: tf-m-ci-scripts
18 skip-tag: true
19 shallow-clone: true
20 wipe-workspace: false
Leonardo Sandoval472f5d82020-11-30 11:24:13 -0600[diff] [blame]21- job:
22 name: tf-m-coverity
23 node: docker-amd64-tf-m-bionic
24 project-type: freestyle
25 concurrent: true
26 disabled: false
27 defaults: global
28 description: |
29 Run the Coverity tool on Trusted Firmware M and submit the resulting
30 tarball to <a href="https://scan.coverity.com/projects/trusted-firmware-m-35b064f0-65c2-4afb-9ba9-24aa432fb7fa">Coverity Scan Online</a>.
31 <br/>
32 This job runs <b>every weekday</b> and by default uses the <b>master</b> branch on trustedfirmware.org.
33 properties:
34 - build-discarder:
35 days-to-keep: 180
36 num-to-keep: 180
Leonardo Sandoval472f5d82020-11-30 11:24:13 -0600[diff] [blame]37 parameters:
38 - string:
Xinyu Zhang6ca11242023-08-11 17:50:47 +0800[diff] [blame^]39 name: CODE_REPO
40 default: 'https://git.trustedfirmware.org/TF-M/trusted-firmware-m'
Leonardo Sandoval472f5d82020-11-30 11:24:13 -0600[diff] [blame]41 - string:
Xinyu Zhang6ca11242023-08-11 17:50:47 +0800[diff] [blame^]42 name: GERRIT_REFSPEC
Leonardo Sandoval472f5d82020-11-30 11:24:13 -0600[diff] [blame]43 default: 'refs/heads/master'
44 - string:
Xinyu Zhang6ca11242023-08-11 17:50:47 +0800[diff] [blame^]45 name: CI_SCRIPTS_REPO
46 default: 'https://git.trustedfirmware.org/ci/tf-m-ci-scripts'
47 - string:
48 name: CI_SCRIPTS_BRANCH
49 default: 'master'
50 - string:
51 name: MBEDTLS_VERSION
52 default: ''
53 - string:
54 name: MBEDTLS_URL
55 default: 'https://git.trustedfirmware.org/mirror/mbed-tls.git'
56 - string:
57 name: MCUBOOT_REFSPEC
58 default: ''
59 - string:
60 name: MCUBOOT_URL
61 default: 'https://git.trustedfirmware.org/mirror/mcuboot.git'
62 - string:
63 name: TFM_TESTS_URL
64 default: 'https://git.trustedfirmware.org/TF-M/tf-m-tests.git'
65 - string:
66 name: TFM_TESTS_REFSPEC
67 default: ''
68 - string:
69 name: TFM_EXTRAS_URL
70 default: 'https://git.trustedfirmware.org/TF-M/tf-m-extras.git'
71 - string:
72 name: TFM_EXTRAS_REFSPEC
73 default: ''
74 - string:
75 name: PSA_ARCH_TESTS_URL
76 default: 'https://git.trustedfirmware.org/mirror/psa-arch-tests.git'
77 - string:
78 name: PSA_ARCH_TESTS_VERSION
79 default: ''
80 - string:
81 name: QCBOR_URL
82 default: 'https://github.com/laurencelundblade/QCBOR.git'
83 - string:
84 name: QCBOR_VERSION
85 default: ''
86 - string:
87 name: SHARE_FOLDER
88 default: '/srv/shared/${JOB_NAME}/${BUILD_NUMBER}'
Leonardo Sandoval472f5d82020-11-30 11:24:13 -0600[diff] [blame]89 - bool:
90 name: UPLOAD_TO_COVERITY_SCAN_ONLINE
Leonardo Sandovalb20632f2021-03-12 09:11:37 -0600[diff] [blame]91 default: true
Leonardo Sandoval472f5d82020-11-30 11:24:13 -0600[diff] [blame]92 scm:
93 - tf-m-ci-scripts
Leonardo Sandoval472f5d82020-11-30 11:24:13 -0600[diff] [blame]94 wrappers:
95 - timestamps
96 - credentials-binding:
97 - text:
98 credential-id: TF-M-COVERITY-SCAN-TOKEN
99 variable: TF_M_COVERITY_SCAN_TOKEN
100 builders:
101 - shell: |-
102 #!/bin/bash
103 set -e
104
Leonardo Sandoval472f5d82020-11-30 11:24:13 -0600[diff] [blame]105 cd ${WORKSPACE}
Xinyu Zhang6ca11242023-08-11 17:50:47 +0800[diff] [blame^]106
107 # Download TF-M dependencies to avoid git clone in each config
108 ${WORKSPACE}/tf-m-ci-scripts/clone.sh
109
110 cnt=$(ls trusted-firmware-m/lib/ext/mbedcrypto/*.patch 2> /dev/null | wc -l)
111 if [ "$cnt" != "0" ] ; then
112 cd mbedtls
113 git apply ../trusted-firmware-m/lib/ext/mbedcrypto/*.patch
114 cd -
115 fi
116
117 # Fetch coverity tool and untar it
Leonardo Sandoval472f5d82020-11-30 11:24:13 -0600[diff] [blame]118 wget https://scan.coverity.com/download/linux64 \
119 --quiet \
120 --post-data "token=${TF_M_COVERITY_SCAN_TOKEN}&project=Trusted+Firmware-M" \
121 -O coverity_tool.tgz
122 tar -xzf coverity_tool.tgz
Xinyu Zhang17763f42023-08-11 17:37:46 +0800[diff] [blame]123 mv cov-analysis-linux64* coverity
Leonardo Sandoval472f5d82020-11-30 11:24:13 -0600[diff] [blame]124 export PATH=${WORKSPACE}/coverity/bin:${PATH}
125
126 # Run coverity
127 cd ${WORKSPACE}/trusted-firmware-m
128 ${WORKSPACE}/tf-m-ci-scripts/run-coverity.py --tf $(pwd)
129
130 - conditional-step:
131 condition-kind: boolean-expression
132 condition-expression: "${UPLOAD_TO_COVERITY_SCAN_ONLINE}"
133 on-evaluation-failure: dont-run
134 steps:
135 - shell: |-
136 #!/bin/bash
137
138 echo "Uploading tarball to Coverity Scan Online..."
139 cd ${WORKSPACE}/trusted-firmware-m
140 GIT_COMMIT=$(git rev-parse HEAD)
141
142 curl \
143 --form token=${TF_M_COVERITY_SCAN_TOKEN} \
Xinyu Zhange2904d22023-08-11 17:36:38 +0800[diff] [blame]144 --form email=xinyu.zhang@arm.com \
Leonardo Sandoval472f5d82020-11-30 11:24:13 -0600[diff] [blame]145 --form file=@"arm-tf-coverity-results.tgz" \
146 --form version="Commit ${GIT_COMMIT}" \
147 --form description="Build ${BUILD_DISPLAY_NAME}" \
148 https://scan.coverity.com/builds?project=Trusted+Firmware-M
149 triggers:
150 - timed: H H(4-6) * * 1-5