| image: ${MIRROR_GHCR}/siemens/kas/kas:4.3.2 |
| |
| variables: |
| # These are needed as the k8s executor doesn't respect the container |
| # entrypoint by default |
| FF_KUBERNETES_HONOR_ENTRYPOINT: 1 |
| FF_USE_LEGACY_KUBERNETES_EXECUTION_STRATEGY: 0 |
| # The default value for KUBERNETES_CPU_REQUEST |
| CPU_REQUEST: "" |
| # The default machine tag for the build jobs |
| DEFAULT_TAG: "" |
| # The machine tag for the ACS test jobs |
| ACS_TAG: "" |
| # The directory to use as the persistent cache (the root for DL_DIR, SSTATE_DIR, etc) |
| CACHE_DIR: $CI_BUILDS_DIR/persist |
| # The container mirror to use |
| MIRROR_GHCR: ghcr.io |
| # Whether to run the SystemReady ACS tests |
| ACS_TEST: 0 |
| # The list of extra Kas fragments to be used when building |
| EXTRA_KAS_FILES: "" |
| # The NVD API key to use when fetching CVEs |
| NVDCVE_API_KEY: "" |
| |
| stages: |
| - prep |
| - build |
| |
| # Common job fragment to get a worker ready |
| .setup: |
| tags: |
| - $DEFAULT_TAG |
| stage: build |
| interruptible: true |
| variables: |
| KAS_WORK_DIR: $CI_PROJECT_DIR/work |
| KAS_REPO_REF_DIR: $CACHE_DIR/repos |
| SSTATE_DIR: $CACHE_DIR/sstate |
| DL_DIR: $CACHE_DIR/downloads |
| BB_LOGCONFIG: $CI_PROJECT_DIR/ci/logging.yml |
| TOOLCHAIN_DIR: $CACHE_DIR/toolchains |
| IMAGE_DIR: $CI_PROJECT_DIR/work/build/tmp/deploy/images |
| TOOLCHAIN_LINK_DIR: $CI_PROJECT_DIR/work/build/toolchains |
| before_script: |
| - echo KAS_WORK_DIR = $KAS_WORK_DIR |
| - echo SSTATE_DIR = $SSTATE_DIR |
| - echo DL_DIR = $DL_DIR |
| - rm -rf $KAS_WORK_DIR |
| - mkdir --verbose --parents $KAS_WORK_DIR $KAS_REPO_REF_DIR $SSTATE_DIR $DL_DIR $TOOLCHAIN_DIR $TOOLCHAIN_LINK_DIR |
| # Must do this here, as it's the only way to make sure the toolchain is installed on the same builder |
| - ./ci/get-binary-toolchains $DL_DIR $TOOLCHAIN_DIR $TOOLCHAIN_LINK_DIR |
| |
| # Generalised fragment to do a Kas build |
| .build: |
| extends: .setup |
| variables: |
| KUBERNETES_CPU_REQUEST: $CPU_REQUEST |
| rules: |
| # Don't run MR pipelines |
| - if: $CI_PIPELINE_SOURCE == "merge_request_event" |
| when: never |
| # Don't run pipelines for tags |
| - if: $CI_COMMIT_TAG |
| when: never |
| # Don't run if BUILD_ENABLE_REGEX is set, but the job doesn't match the regex |
| - if: '$BUILD_ENABLE_REGEX != null && $CI_JOB_NAME !~ $BUILD_ENABLE_REGEX' |
| when: never |
| # Allow the dev kernels to fail and not fail the overall build |
| - if: '$KERNEL == "linux-yocto-dev"' |
| allow_failure: true |
| # Catch all for everything else |
| - if: '$KERNEL != "linux-yocto-dev"' |
| script: |
| - KASFILES=$(./ci/jobs-to-kas "$CI_JOB_NAME" $EXTRA_KAS_FILES):lockfile.yml |
| - kas dump --update --force-checkout --resolve-refs --resolve-env $KASFILES |
| - kas build $KASFILES |
| - ./ci/check-warnings $KAS_WORK_DIR/build/warnings.log |
| artifacts: |
| name: "logs" |
| when: always |
| paths: |
| - $CI_PROJECT_DIR/work/build/tmp*/work*/**/temp/log.do_*.* |
| - $CI_PROJECT_DIR/work/build/tmp*/work*/**/testimage/* |
| |
| # |
| # Prep stage, update repositories once. |
| # Set the CI variable CI_CLEAN_REPOS=1 to refetch the respositories from scratch |
| # |
| update-repos: |
| extends: .setup |
| stage: prep |
| allow_failure: |
| exit_codes: 128 |
| script: |
| - | |
| flock --verbose --timeout 60 $KAS_REPO_REF_DIR ./ci/update-repos |
| # Only generate if doesn't already exist, to allow feature branches to drop one in. |
| if test -f lockfile.yml; then |
| echo Using existing lockfile.yml |
| else |
| # Be sure that this is the complete list of layers being fetched |
| kas dump --lock --update ci/qemuarm64.yml:ci/meta-openembedded.yml:ci/clang.yml:ci/meta-virtualization.yml | tee lockfile.yml |
| fi |
| artifacts: |
| name: "lockfile" |
| paths: |
| - lockfile.yml |
| |
| # |
| # Build stage, the actual build jobs |
| # |
| # Available options for building are |
| # DISTRO: [poky, poky-tiny] |
| # KERNEL: [linux-yocto, linux-yocto-dev, linux-yocto-rt] |
| # TOOLCHAINS: [gcc, clang, external-gccarm] |
| # TCLIBC: [glibc, musl] |
| # FIRMWARE: [u-boot, edk2] |
| # TS: [none, trusted-services] |
| # VIRT: [none, xen] |
| # TESTING: testimage |
| |
| corstone1000-fvp: |
| extends: .build |
| parallel: |
| matrix: |
| - FIRMWARE: corstone1000-firmware-only |
| TESTING: [testimage, tftf] |
| - FIRMWARE: none |
| TESTING: testimage |
| |
| corstone1000-mps3: |
| extends: .build |
| parallel: |
| matrix: |
| - FIRMWARE: corstone1000-firmware-only |
| TESTING: [none, tftf] |
| - FIRMWARE: none |
| |
| fvp-base: |
| extends: .build |
| parallel: |
| matrix: |
| - TESTING: testimage |
| - FIRMWARE: edk2 |
| - SYSTEMREADY_FIRMWARE: arm-systemready-firmware |
| |
| arm-systemready-ir-acs: |
| extends: .build |
| timeout: 12h |
| parallel: |
| matrix: |
| # arm-systemready-ir-acs must be specified after fvp-base for ordering |
| # purposes for the jobs-to-kas output. It is not enough to just have it |
| # in the job name because fvp-base.yml overwrites the target. |
| - PLATFORM: fvp-base |
| ARM_SYSTEMREADY_IR_ACS: arm-systemready-ir-acs |
| tags: |
| - ${ACS_TAG} |
| |
| fvps: |
| extends: .build |
| |
| generic-arm64: |
| extends: .build |
| |
| juno: |
| extends: .build |
| parallel: |
| matrix: |
| - TOOLCHAINS: [gcc, clang] |
| FIRMWARE: [u-boot, edk2] |
| |
| musca-b1: |
| extends: .build |
| |
| musca-s1: |
| extends: .build |
| |
| n1sdp: |
| extends: .build |
| parallel: |
| matrix: |
| - TESTING: [none, n1sdp-ts, n1sdp-optee, tftf] |
| |
| qemu-generic-arm64: |
| extends: .build |
| parallel: |
| matrix: |
| - KERNEL: [linux-yocto, linux-yocto-rt] |
| TOOLCHAINS: [gcc, clang] |
| TESTING: testimage |
| - KERNEL: linux-yocto-dev |
| TESTING: testimage |
| |
| qemuarm64-secureboot: |
| extends: .build |
| parallel: |
| matrix: |
| - KERNEL: [linux-yocto, linux-yocto-rt] |
| TOOLCHAINS: [gcc, clang] |
| TCLIBC: [glibc, musl] |
| TS: [none, qemuarm64-secureboot-ts] |
| TESTING: testimage |
| - KERNEL: linux-yocto-dev |
| TESTING: testimage |
| |
| qemuarm64: |
| extends: .build |
| parallel: |
| matrix: |
| - DISTRO: poky |
| KERNEL: [linux-yocto, linux-yocto-rt] |
| TOOLCHAINS: [gcc, clang] |
| FIRMWARE: [u-boot, edk2] |
| TESTING: testimage |
| - DISTRO: poky-tiny |
| TESTING: testimage |
| - VIRT: xen |
| - KERNEL: linux-yocto-dev |
| TESTING: testimage |
| |
| qemuarm-secureboot: |
| extends: .build |
| parallel: |
| matrix: |
| - KERNEL: [linux-yocto, linux-yocto-rt] |
| TOOLCHAINS: [gcc, clang] |
| TCLIBC: [glibc, musl] |
| TESTING: testimage |
| - TOOLCHAINS: external-gccarm |
| TESTING: testimage |
| - KERNEL: linux-yocto-dev |
| TESTING: testimage |
| |
| qemuarm: |
| extends: .build |
| parallel: |
| matrix: |
| - DISTRO: poky |
| KERNEL: [linux-yocto, linux-yocto-rt] |
| TOOLCHAINS: [gcc, clang] |
| FIRMWARE: [u-boot, edk2] |
| TESTING: testimage |
| - DISTRO: poky-tiny |
| TESTING: testimage |
| - VIRT: xen |
| - KERNEL: linux-yocto-dev |
| TESTING: testimage |
| |
| qemuarmv5: |
| extends: .build |
| parallel: |
| matrix: |
| - DISTRO: poky |
| KERNEL: [linux-yocto, linux-yocto-dev, linux-yocto-rt] |
| TESTING: testimage |
| - DISTRO: poky-tiny |
| TESTING: testimage |
| |
| sgi575: |
| extends: .build |
| |
| toolchains: |
| extends: .build |
| |
| selftest: |
| extends: .setup |
| script: |
| - KASFILES=./ci/qemuarm64.yml:./ci/selftest.yml:lockfile.yml |
| - kas shell --update --force-checkout $KASFILES -c 'oe-selftest --num-processes 2 --select-tag meta-arm --run-all-tests' |
| |
| # Validate layers are Yocto Project Compatible |
| check-layers: |
| extends: .setup |
| script: |
| - kas shell --update --force-checkout ci/base.yml:ci/meta-openembedded.yml:lockfile.yml --command \ |
| "yocto-check-layer-wrapper $CI_PROJECT_DIR/$LAYER --dependency $CI_PROJECT_DIR/meta-* $KAS_WORK_DIR/meta-openembedded/meta-oe --no-auto-dependency" |
| parallel: |
| matrix: |
| - LAYER: [meta-arm, meta-arm-bsp, meta-arm-toolchain] |
| |
| pending-updates: |
| extends: .setup |
| artifacts: |
| paths: |
| - update-report |
| script: |
| - rm -fr update-report |
| # This configuration has all of the layers we need enabled |
| - kas shell --update --force-checkout ci/qemuarm64.yml:ci/meta-openembedded.yml:ci/meta-secure-core.yml:lockfile.yml --command \ |
| "$CI_PROJECT_DIR/scripts/machine-summary.py -t report -o $CI_PROJECT_DIR/update-report $($CI_PROJECT_DIR/ci/listmachines.py meta-arm meta-arm-bsp)" |
| # Do this on x86 whilst the compilers are x86-only |
| tags: |
| - x86_64 |
| |
| # What percentage of machines in the layer do we build |
| machine-coverage: |
| extends: .setup |
| script: |
| - ./ci/check-machine-coverage |
| coverage: '/Coverage: \d+/' |
| |
| metrics: |
| extends: .setup |
| artifacts: |
| reports: |
| metrics: metrics.txt |
| script: |
| - kas shell --update --force-checkout ci/base.yml --command \ |
| "$CI_PROJECT_DIR/ci/patchreview $CI_PROJECT_DIR/meta-* --verbose --metrics $CI_PROJECT_DIR/metrics.txt" |
| |
| documentation: |
| extends: .setup |
| script: |
| - | |
| # This can be removed when the kas container has python3-venv installed |
| sudo apt-get update && sudo apt-get install --yes python3-venv |
| |
| python3 -m venv venv |
| . ./venv/bin/activate |
| |
| pip3 install -r meta-arm-bsp/documentation/requirements.txt |
| |
| for CONF in meta-*/documentation/*/conf.py ; do |
| echo Building $CONF... |
| SOURCE_DIR=$(dirname $CONF) |
| MACHINE=$(basename $SOURCE_DIR) |
| sphinx-build -vW $SOURCE_DIR build-docs/$MACHINE |
| done |
| test -d build-docs/ |
| artifacts: |
| paths: |
| - build-docs/ |