- scm:
name: tf-a-ci-scripts
scm:
- git:
url: https://git.trustedfirmware.org/ci/tf-a-ci-scripts.git
refspec: +refs/heads/master:refs/remotes/origin/master
name: origin
branches:
- refs/heads/master
basedir: tf-a-ci-scripts
skip-tag: true
shallow-clone: true
wipe-workspace: false
- scm:
name: trusted-firmware-a
scm:
- git:
url: https://review.trustedfirmware.org/${TF_GERRIT_PROJECT}
refspec: ${TF_GERRIT_REFSPEC}
name: origin
branches:
- ${TF_GERRIT_BRANCH}
basedir: trusted-firmware-a
skip-tag: true
shallow-clone: false
wipe-workspace: false
- job:
name: tf-coverity
node: docker-amd64-tf-a-bionic
project-type: freestyle
concurrent: true
disabled: false
defaults: global
description: |
Run the Coverity tool on Trusted Firmware and submit the resulting
tarball to Coverity Scan Online.
This job runs every weekday and by default uses the integration branch on trustedfirmware.org.
properties:
- build-discarder:
days-to-keep: 14
- authorization:
!include: authorization.yaml.inc
parameters:
- string:
name: TF_GERRIT_PROJECT
default: 'TF-A/trusted-firmware-a'
- string:
name: TF_GERRIT_BRANCH
default: 'refs/heads/integration'
- string:
name: TF_GERRIT_REFSPEC
default: '+refs/heads/integration:refs/remotes/origin/integration'
- string:
name: COVERITY_VERSION
default: '2020.09'
- bool:
name: UPLOAD_TO_COVERITY_SCAN_ONLINE
default: false
scm:
- tf-a-ci-scripts
- trusted-firmware-a
wrappers:
- timestamps
- credentials-binding:
- text:
credential-id: TF-COVERITY-SCAN-TOKEN
variable: TF_COVERITY_SCAN_TOKEN
builders:
- shell: |
#!/bin/bash
set -e
# Install crypto library
CRYPTOCELL_LIB_PATH=/arm/projectscratch/ssg/trusted-fw
mkdir -p ${CRYPTOCELL_LIB_PATH}
cd ${CRYPTOCELL_LIB_PATH}
curl --connect-timeout 5 --retry 5 --retry-delay 1 \
-sLSO -C - https://downloads.trustedfirmware.org/tf-a/dummy-crypto-lib.tar
tar xf dummy-crypto-lib.tar
# Fetch coverity tool and untar it
cd ${WORKSPACE}
wget https://scan.coverity.com/download/linux64 \
--quiet \
--post-data "token=${TF_COVERITY_SCAN_TOKEN}&project=ARM-software%2Farm-trusted-firmware" \
-O coverity_tool.tgz
tar -xzf coverity_tool.tgz
mv cov-analysis-linux64-${COVERITY_VERSION} coverity
export PATH=${WORKSPACE}/coverity/bin:${PATH}
# Run coverity
cd ${WORKSPACE}/trusted-firmware-a
${WORKSPACE}/tf-a-ci-scripts/script/tf-coverity/run_coverity_on_tf.py --tf $(pwd)
- conditional-step:
condition-kind: boolean-expression
condition-expression: "${UPLOAD_TO_COVERITY_SCAN_ONLINE}"
on-evaluation-failure: dont-run
steps:
- shell: |
#!/bin/bash
echo "Uploading tarball to Coverity Scan Online..."
GIT_COMMIT=$(git rev-parse HEAD)
curl \
--form token=${{TF_COVERITY_SCAN_TOKEN}} \
--form email=sandrine.bailleux@arm.com \
--form file=@"arm-tf-coverity-results.tgz" \
--form version="Commit ${{GIT_COMMIT}}" \
--form description="Build ${{BUILD_DISPLAY_NAME}}" \
https://scan.coverity.com/builds?project=ARM-software%2Farm-trusted-firmware
publishers:
- archive:
artifacts: 'trusted-firmware-a/arm-tf-coverity-results.tgz, trusted-firmware-a/tf_coverage.log'
- groovy-postbuild:
script:
!include-raw:
- tf-coverity/postbuild.groovy