-
Notifications
You must be signed in to change notification settings - Fork 344
EDK II Continuous Integration
Michael Kubacki edited this page May 24, 2024
·
8 revisions
Summary of pre-commit and post-commit Continuous Integration services that improve the quality of commits made to EDK II repositories. The sections below list the Continuous Integration services that are active and plans for future enhancements and extensions to these services.
- Use a combination of GitHub, Azure Pipelines, Mergify, and edk2-pytool features.
- GitHub Pull Requests + Labels, Branch Protections, Notifications
- Mergify Pull Request Rules with auto commit if all checks pass
- 3 pre-commit jobs in Azure Pipelines (PatchCheck, Windows/VS, Linux/GCC). Goal is to complete all pre-commits check in under 10 minutes.
- 2 post-commit jobs in Azure Pipelines (Windows/VS, Linux/GCC). Post commit
status provided at top of
edk2/master
Readme.md. - EDK II Pytool Library
- EDK II Pytool Extensions
- TianoCore Bugzilla #2315
- Original RFC Proposals
- Enable the following pre-commit checks
- TianoCore EDK II Maintainers Team permissions reduced from 'Write" to "Triage"
- EDK II Maintainers must use GitHub pull request with 'push' label to request
a branch to be strict rebase merged into
edk2/master
. If all checks pass, then the patches in the pull request are automatically added toedk2/master
. If any check fails, then email notifications are sent and details of the failure are available through Azure Pipelines test results. - Personal builds available to all EDK II developers using a GitHub pull request without the 'push' label set. If all checks pass, then a notification email is sent and the pull request is closed. If any checks fails, then email notifications are sent and the details of the failure are available through Azure Pipelines test results.
- GitHub References
- GitHub Command line Utility (
gh
) to perform GitHub operations - Azure Pipelines References
- Mergify References
EDK II Continuous Integration Administration
- Verify no non-ASCII characters in modified files
- Verify no binary files in set of modified files
- Run ECC on modified files
- Verify modified modules/libs build
- Run available Host Based tests against modified modules/libs
- Build all modules/libs/platforms that consume modified content
- Build critical packages
- Build critical platforms
- Verify that Doxygen Documentation can be generated
- Build all packages
- Build all platforms
- Publish Doxygen Documentation to a web site
- Same as weekly builds
- Full regression testing
- Publishes binary files to release pages
- PatchCheck.py
- Verify no non-ASCII characters in modified source files
- Verify no binary files in set of modified files
- Verify Package Dependency rules in modified files
- Verify modified modules/libs build
- Run Host Based tests against modified modules/libs
- cppcheck
- ECC (EFI Code Checker)
- Difficult to address all warnings/issues/false positives reported
- May need to maintain an exception list
- Static Analysis against modified modules/libs
- CLANG static analysis
- Coverity: https://scan.coverity.com/
- Difficult to address all warnings/issues/false positives reported
- May need to maintain an exception list
- pyflakes (for python sources)
- pylama (for python sources)
- Generate Package Documentation (Doxygen based)
- Build all Packages/Platforms for all supported CPU architectures (IA32, X64, ARM, AARCH64, EBC), all supported tool chains (VS2015, VS2017, GCC5, XCODE5), and all supported build targets (DEBUG, RELEASE, NOOPT). Needs further discussion on required coverage.
- Boot platforms to UEFI Shell
- Run UEFI SCTs and collect results for platforms
- Linaro LAVA CI
- Boot platforms to OS(s)
- Integration/Regression tests that require full OS boots
- Build binary releases of components (e.g. UEFI Shell, OVMF)
- OVMF
- IA32 DXE boot tests
- X64 DXE boot tests
- ArmVirt QEMU boot tests
- S3 enabled tests
- SMM_REQUIRE enabled tests
- Boot using both KVM and QEMU environments
- HTTPS Boot Tests
- UEFI Secure Boot Sanity Testing
- Enroll UEFI Secure Boot Keys
- UEFI Secure Boot testing of "unsigned" images
- UEFI Secure Boot testing of "signed but not recognized" images
- UEFI Secure Boot testing of "signed and accepted" images
- UEFI Secure Boot testing of "signed but blacklisted" images
- Project that offers a python script that automates communicating with the UEFI shell over the emulated serial port. Used in downstream package builds, for packaging a pre-enrolled variable store template file.
- Background
- GitHub Continuous Integration services
- Jenkins Evaluation
- GitLab Evaluation
- Contacts
- Laszlo Ersek [email protected]
- Philippe Mathieu-Daudé [email protected]
- https://gitlab.com/philmd/edk2/pipelines
- Contacts
- Azure Pipeline Evaluation for CPU Archs, tool chain tags, and build targets
- Azure Pipelines Evaluation with HBFA integration
- Contacts
- Sean Brogan [email protected]
- https://github.com/spbrogan/edk2-staging/tree/edk2-stuart-ci-latest
- To work with this branch and run tests immediately, all you need to do is:
- Contacts
pip install --upgrade -r requirements.txt
stuart_setup -c .\CISettings.py
stuart_update -c .\CISettings.py
stuart_ci_build -c .\CISettings.py --Tool_Chain VS2017
- Branch is monitored for CI and PR gating in the following Azure build pipeline.
- Results show that this CI process is running build CI and DSC checking and automatically running a host-based unit test and all of the results are visible in a single view.
- Depends on pip installable tool from the following TianoCore repos
- Documentation for edk2-pytools
Home
Getting Started with EDK II
Build Instructions
EDK II Platforms
EDK II Documents
EDK II Release Planning
Reporting Issues
Reporting Security Issues
Community Information
Inclusive Language
Additional Projects & Tasks
Training
Community Support
Community Virtual Meetings
GHSA GitHub Security Advisories Proceess (Draft)