TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / ci / tf-m-job-configs.git / ec4d500528e3b850bb6bd81d9184457ad32ba15c / . / tf-m-coverity.yaml
blob: 8384245493ec308543cb8c7de8c186f5385e99db [file] [log] [blame]
Leonardo Sandoval472f5d82020-11-30 11:24:13 -0600[diff] [blame]1- scm:
2 name: tf-m-ci-scripts
3 scm:
4 - git:
5 url: https://git.trustedfirmware.org/ci/tf-m-ci-scripts.git
6 refspec: +refs/heads/master:refs/remotes/origin/master
7 name: origin
8 branches:
9 - refs/heads/master
10 basedir: tf-m-ci-scripts
11 skip-tag: true
12 shallow-clone: true
13 wipe-workspace: false
14- scm:
15 name: trusted-firmware-m
16 scm:
17 - git:
18 url: https://review.trustedfirmware.org/${TF_GERRIT_PROJECT}
19 refspec: ${TF_GERRIT_REFSPEC}
20 name: origin
21 branches:
22 - ${TF_GERRIT_BRANCH}
23 basedir: trusted-firmware-m
24 skip-tag: true
25 shallow-clone: false
26 wipe-workspace: false
27- job:
28 name: tf-m-coverity
29 node: docker-amd64-tf-m-bionic
30 project-type: freestyle
31 concurrent: true
32 disabled: false
33 defaults: global
34 description: |
35 Run the Coverity tool on Trusted Firmware M and submit the resulting
36 tarball to <a href="https://scan.coverity.com/projects/trusted-firmware-m-35b064f0-65c2-4afb-9ba9-24aa432fb7fa">Coverity Scan Online</a>.
37 <br/>
38 This job runs <b>every weekday</b> and by default uses the <b>master</b> branch on trustedfirmware.org.
39 properties:
40 - build-discarder:
41 days-to-keep: 180
42 num-to-keep: 180
43 - authorization:
44 anonymous:
45 - job-discover
46 - job-read
47 - job-extended-read
48 - job-workspace
49 lsandov1:
50 - job-read
51 - job-extended-read
52 - job-build
53 - job-cancel
54 - run-update
55 parameters:
56 - string:
57 name: TF_GERRIT_PROJECT
58 default: 'TF-M/trusted-firmware-m'
59 - string:
60 name: TF_GERRIT_BRANCH
61 default: 'refs/heads/master'
62 - string:
63 name: TF_GERRIT_REFSPEC
64 default: '+refs/heads/master:refs/remotes/origin/master'
Leonardo Sandovalec4d5002021-02-03 16:14:45 -0600[diff] [blame^]65 - string:
66 name: COVERITY_VERSION
67 default: '2020.09'
Leonardo Sandoval472f5d82020-11-30 11:24:13 -0600[diff] [blame]68 - bool:
69 name: UPLOAD_TO_COVERITY_SCAN_ONLINE
Leonardo Sandovalec4d5002021-02-03 16:14:45 -0600[diff] [blame^]70 default: false
Leonardo Sandoval472f5d82020-11-30 11:24:13 -0600[diff] [blame]71 scm:
72 - tf-m-ci-scripts
73 - trusted-firmware-m
74 wrappers:
75 - timestamps
76 - credentials-binding:
77 - text:
78 credential-id: TF-M-COVERITY-SCAN-TOKEN
79 variable: TF_M_COVERITY_SCAN_TOKEN
80 builders:
81 - shell: |-
82 #!/bin/bash
83 set -e
84
85 # Fetch coverity tool and untar it
Leonardo Sandoval472f5d82020-11-30 11:24:13 -0600[diff] [blame]86 cd ${WORKSPACE}
87 wget https://scan.coverity.com/download/linux64 \
88 --quiet \
89 --post-data "token=${TF_M_COVERITY_SCAN_TOKEN}&project=Trusted+Firmware-M" \
90 -O coverity_tool.tgz
91 tar -xzf coverity_tool.tgz
92 mv cov-analysis-linux64-${COVERITY_VERSION} coverity
93 export PATH=${WORKSPACE}/coverity/bin:${PATH}
94
95 # Run coverity
96 cd ${WORKSPACE}/trusted-firmware-m
97 ${WORKSPACE}/tf-m-ci-scripts/run-coverity.py --tf $(pwd)
98
99 - conditional-step:
100 condition-kind: boolean-expression
101 condition-expression: "${UPLOAD_TO_COVERITY_SCAN_ONLINE}"
102 on-evaluation-failure: dont-run
103 steps:
104 - shell: |-
105 #!/bin/bash
106
107 echo "Uploading tarball to Coverity Scan Online..."
108 cd ${WORKSPACE}/trusted-firmware-m
109 GIT_COMMIT=$(git rev-parse HEAD)
110
111 curl \
112 --form token=${TF_M_COVERITY_SCAN_TOKEN} \
113 --form email=Karl.Zhang@arm.com \
114 --form file=@"arm-tf-coverity-results.tgz" \
115 --form version="Commit ${GIT_COMMIT}" \
116 --form description="Build ${BUILD_DISPLAY_NAME}" \
117 https://scan.coverity.com/builds?project=Trusted+Firmware-M
118 triggers:
119 - timed: H H(4-6) * * 1-5