1. Patchew
  2. Xen
  3. View series

[XEN PATCH v2] automation/eclair: add new analysis jobs with differing configurations

Nicola Vetrini posted 1 patch 5 days, 11 hours ago
Patches applied successfully (tree, apply log)
git fetch https://gitlab.com/xen-project/patchew/xen tags/patchew/1591f6a0c0f3524c4c613328293ed4e03cfc93ef.1761291003.git.nicola.vetrini@bugseng.com
automation/gitlab-ci/analyze.yaml | 38 +++++++++++++++++++++++++++++++
1 file changed, 38 insertions(+)
[XEN PATCH v2] automation/eclair: add new analysis jobs with differing configurations
Posted by Nicola Vetrini 5 days, 11 hours ago 
The following analysis jobs are performed:
- eclair-{x86_64,ARM64}: analyze Xen using the default configuration for
  that architecture; runs on runners tagged `eclair-analysis'.

- eclair-{x86-64,ARM64}-safety: analyze Xen using the configuration for
  safety, which is more restricted; runs on runners tagged
  `eclair-analysis-safety`.

- eclair-{x86_64,ARM64}-testing: analyze Xen using the default
  configuration for the purposes of testing new runner updates; runs on
  runners tagged `eclair-analysis-testing`.

Signed-off-by: Nicola Vetrini <nicola.vetrini@bugseng.com>
---
Changes in v2:
- rebased to current staging;
- fixed regex path issue.
---
 automation/gitlab-ci/analyze.yaml | 38 +++++++++++++++++++++++++++++++
 1 file changed, 38 insertions(+)

diff --git a/automation/gitlab-ci/analyze.yaml b/automation/gitlab-ci/analyze.yaml
index d50721006740..7bd644d75074 100644
--- a/automation/gitlab-ci/analyze.yaml
+++ b/automation/gitlab-ci/analyze.yaml
@@ -45,6 +45,21 @@ eclair-x86_64:
     LOGFILE: "eclair-x86_64.log"
     VARIANT: "X86_64"
     RULESET: "monitored"
+
+eclair-x86_64-testing:
+  extends: eclair-x86_64
+  tags:
+    - eclair-analysis-testing
+  rules:
+    - if: $CI_PROJECT_PATH =~ /^xen-project\/people\/bugseng.*$/
+      when: always
+    - !reference [.eclair-analysis:triggered, rules]
+
+eclair-x86_64-safety:
+  extends: eclair-x86_64
+  tags:
+    - eclair-analysis-safety
+  variables:
     EXTRA_XEN_CONFIG: |
       CONFIG_AMD=y
       CONFIG_INTEL=n
@@ -75,6 +90,10 @@ eclair-x86_64:
       CONFIG_DEBUG_LOCKS=n
       CONFIG_SCRUB_DEBUG=n
       CONFIG_XMEM_POOL_POISON=n
+  rules:
+    - if: $CI_PROJECT_PATH =~ /^xen-project\/hardware\/xen$/ && $CI_COMMIT_BRANCH =~ /^staging$/
+      when: always
+    - !reference [.eclair-analysis:triggered, rules]
 
 eclair-ARM64:
   extends: .eclair-analysis:triggered
@@ -82,6 +101,21 @@ eclair-ARM64:
     LOGFILE: "eclair-ARM64.log"
     VARIANT: "ARM64"
     RULESET: "monitored"
+
+eclair-ARM64-testing:
+  extends: eclair-ARM64
+  tags:
+    - eclair-analysis-testing
+  rules:
+    - if: $CI_PROJECT_PATH =~ /^xen-project\/people\/bugseng.*$/
+      when: always
+    - !reference [.eclair-analysis:triggered, rules]
+
+eclair-ARM64-safety:
+  extends: eclair-ARM64
+  tags:
+    - eclair-analysis-safety
+  variables:
     EXTRA_XEN_CONFIG: |
       CONFIG_NR_CPUS=16
       CONFIG_GICV2=n
@@ -120,6 +154,10 @@ eclair-ARM64:
       CONFIG_DEBUG_LOCKS=n
       CONFIG_SCRUB_DEBUG=n
       CONFIG_XMEM_POOL_POISON=n
+  rules:
+    - if: $CI_PROJECT_PATH =~ /^xen-project\/hardware\/xen$/ && $CI_COMMIT_BRANCH =~ /^staging$/
+      when: always
+    - !reference [.eclair-analysis, rules]
 
 .eclair-analysis:on-schedule:
   extends: .eclair-analysis
-- 
2.43.0
Re: [XEN PATCH v2] automation/eclair: add new analysis jobs with differing configurations
Posted by Stefano Stabellini 1 day, 19 hours ago 
On Fri, 24 Oct 2025, Nicola Vetrini wrote:
> The following analysis jobs are performed:
> - eclair-{x86_64,ARM64}: analyze Xen using the default configuration for
>   that architecture; runs on runners tagged `eclair-analysis'.
> 
> - eclair-{x86-64,ARM64}-safety: analyze Xen using the configuration for
>   safety, which is more restricted; runs on runners tagged
>   `eclair-analysis-safety`.
> 
> - eclair-{x86_64,ARM64}-testing: analyze Xen using the default
>   configuration for the purposes of testing new runner updates; runs on
>   runners tagged `eclair-analysis-testing`.
> 
> Signed-off-by: Nicola Vetrini <nicola.vetrini@bugseng.com>

Do you have a link to a successful pipeline?

Just making sure we are not breaking things.


> ---
> Changes in v2:
> - rebased to current staging;
> - fixed regex path issue.
> ---
>  automation/gitlab-ci/analyze.yaml | 38 +++++++++++++++++++++++++++++++
>  1 file changed, 38 insertions(+)
> 
> diff --git a/automation/gitlab-ci/analyze.yaml b/automation/gitlab-ci/analyze.yaml
> index d50721006740..7bd644d75074 100644
> --- a/automation/gitlab-ci/analyze.yaml
> +++ b/automation/gitlab-ci/analyze.yaml
> @@ -45,6 +45,21 @@ eclair-x86_64:
>      LOGFILE: "eclair-x86_64.log"
>      VARIANT: "X86_64"
>      RULESET: "monitored"
> +
> +eclair-x86_64-testing:
> +  extends: eclair-x86_64
> +  tags:
> +    - eclair-analysis-testing
> +  rules:
> +    - if: $CI_PROJECT_PATH =~ /^xen-project\/people\/bugseng.*$/
> +      when: always
> +    - !reference [.eclair-analysis:triggered, rules]

given that everyone can change this yaml file when pushing to their own
branch, I think we should remove this, or (probably better) use a
separate env variable to set the default

it is better not to use the path, I think


> +eclair-x86_64-safety:
> +  extends: eclair-x86_64
> +  tags:
> +    - eclair-analysis-safety
> +  variables:
>      EXTRA_XEN_CONFIG: |
>        CONFIG_AMD=y
>        CONFIG_INTEL=n
> @@ -75,6 +90,10 @@ eclair-x86_64:
>        CONFIG_DEBUG_LOCKS=n
>        CONFIG_SCRUB_DEBUG=n
>        CONFIG_XMEM_POOL_POISON=n
> +  rules:
> +    - if: $CI_PROJECT_PATH =~ /^xen-project\/hardware\/xen$/ && $CI_COMMIT_BRANCH =~ /^staging$/
> +      when: always
> +    - !reference [.eclair-analysis:triggered, rules]

same here


>  eclair-ARM64:
>    extends: .eclair-analysis:triggered
> @@ -82,6 +101,21 @@ eclair-ARM64:
>      LOGFILE: "eclair-ARM64.log"
>      VARIANT: "ARM64"
>      RULESET: "monitored"
> +
> +eclair-ARM64-testing:
> +  extends: eclair-ARM64
> +  tags:
> +    - eclair-analysis-testing
> +  rules:
> +    - if: $CI_PROJECT_PATH =~ /^xen-project\/people\/bugseng.*$/
> +      when: always
> +    - !reference [.eclair-analysis:triggered, rules]

and here


> +eclair-ARM64-safety:
> +  extends: eclair-ARM64
> +  tags:
> +    - eclair-analysis-safety
> +  variables:
>      EXTRA_XEN_CONFIG: |
>        CONFIG_NR_CPUS=16
>        CONFIG_GICV2=n
> @@ -120,6 +154,10 @@ eclair-ARM64:
>        CONFIG_DEBUG_LOCKS=n
>        CONFIG_SCRUB_DEBUG=n
>        CONFIG_XMEM_POOL_POISON=n
> +  rules:
> +    - if: $CI_PROJECT_PATH =~ /^xen-project\/hardware\/xen$/ && $CI_COMMIT_BRANCH =~ /^staging$/
> +      when: always
> +    - !reference [.eclair-analysis, rules]

and here
Re: [XEN PATCH v2] automation/eclair: add new analysis jobs with differing configurations
Posted by Nicola Vetrini 1 day, 18 hours ago 
On 2025-10-28 00:58, Stefano Stabellini wrote:
> On Fri, 24 Oct 2025, Nicola Vetrini wrote:
>> The following analysis jobs are performed:
>> - eclair-{x86_64,ARM64}: analyze Xen using the default configuration 
>> for
>>   that architecture; runs on runners tagged `eclair-analysis'.
>> 
>> - eclair-{x86-64,ARM64}-safety: analyze Xen using the configuration 
>> for
>>   safety, which is more restricted; runs on runners tagged
>>   `eclair-analysis-safety`.
>> 
>> - eclair-{x86_64,ARM64}-testing: analyze Xen using the default
>>   configuration for the purposes of testing new runner updates; runs 
>> on
>>   runners tagged `eclair-analysis-testing`.
>> 
>> Signed-off-by: Nicola Vetrini <nicola.vetrini@bugseng.com>
> 
> Do you have a link to a successful pipeline?
> 
> Just making sure we are not breaking things.
> 

No; not yet, at least [1]. Without the right tags the safety runner 
can't pick up jobs.

[1] 
https://gitlab.com/xen-project/people/bugseng/xen/-/pipelines/2117835680

> 
>> ---
>> Changes in v2:
>> - rebased to current staging;
>> - fixed regex path issue.
>> ---
>>  automation/gitlab-ci/analyze.yaml | 38 
>> +++++++++++++++++++++++++++++++
>>  1 file changed, 38 insertions(+)
>> 
>> diff --git a/automation/gitlab-ci/analyze.yaml 
>> b/automation/gitlab-ci/analyze.yaml
>> index d50721006740..7bd644d75074 100644
>> --- a/automation/gitlab-ci/analyze.yaml
>> +++ b/automation/gitlab-ci/analyze.yaml
>> @@ -45,6 +45,21 @@ eclair-x86_64:
>>      LOGFILE: "eclair-x86_64.log"
>>      VARIANT: "X86_64"
>>      RULESET: "monitored"
>> +
>> +eclair-x86_64-testing:
>> +  extends: eclair-x86_64
>> +  tags:
>> +    - eclair-analysis-testing
>> +  rules:
>> +    - if: $CI_PROJECT_PATH =~ /^xen-project\/people\/bugseng.*$/
>> +      when: always
>> +    - !reference [.eclair-analysis:triggered, rules]
> 
> given that everyone can change this yaml file when pushing to their own
> branch, I think we should remove this, or (probably better) use a
> separate env variable to set the default
> 
> it is better not to use the path, I think
> 

That is a fair concern. One option would be to just use a project runner 
assigned to the people/bugseng/xen subproject, but that might be a bit 
inconvenient if we want to swap runners around. Another option, as you 
said, is keeping the regex in a variable, but this wont't prevent rogue 
modifications of the YAML. I might have found something runner-side with 
[2], but I need to dig deeper on that one.

[2] pre_build_script at 
https://docs.gitlab.com/runner/configuration/advanced-configuration/#the-runners-section
> 
>> +eclair-x86_64-safety:
>> +  extends: eclair-x86_64
>> +  tags:
>> +    - eclair-analysis-safety
>> +  variables:
>>      EXTRA_XEN_CONFIG: |
>>        CONFIG_AMD=y
>>        CONFIG_INTEL=n
>> @@ -75,6 +90,10 @@ eclair-x86_64:
>>        CONFIG_DEBUG_LOCKS=n
>>        CONFIG_SCRUB_DEBUG=n
>>        CONFIG_XMEM_POOL_POISON=n
>> +  rules:
>> +    - if: $CI_PROJECT_PATH =~ /^xen-project\/hardware\/xen$/ && 
>> $CI_COMMIT_BRANCH =~ /^staging$/
>> +      when: always
>> +    - !reference [.eclair-analysis:triggered, rules]
> 
> same here
> 
> 
>>  eclair-ARM64:
>>    extends: .eclair-analysis:triggered
>> @@ -82,6 +101,21 @@ eclair-ARM64:
>>      LOGFILE: "eclair-ARM64.log"
>>      VARIANT: "ARM64"
>>      RULESET: "monitored"
>> +
>> +eclair-ARM64-testing:
>> +  extends: eclair-ARM64
>> +  tags:
>> +    - eclair-analysis-testing
>> +  rules:
>> +    - if: $CI_PROJECT_PATH =~ /^xen-project\/people\/bugseng.*$/
>> +      when: always
>> +    - !reference [.eclair-analysis:triggered, rules]
> 
> and here
> 
> 
>> +eclair-ARM64-safety:
>> +  extends: eclair-ARM64
>> +  tags:
>> +    - eclair-analysis-safety
>> +  variables:
>>      EXTRA_XEN_CONFIG: |
>>        CONFIG_NR_CPUS=16
>>        CONFIG_GICV2=n
>> @@ -120,6 +154,10 @@ eclair-ARM64:
>>        CONFIG_DEBUG_LOCKS=n
>>        CONFIG_SCRUB_DEBUG=n
>>        CONFIG_XMEM_POOL_POISON=n
>> +  rules:
>> +    - if: $CI_PROJECT_PATH =~ /^xen-project\/hardware\/xen$/ && 
>> $CI_COMMIT_BRANCH =~ /^staging$/
>> +      when: always
>> +    - !reference [.eclair-analysis, rules]
> 
> and here

-- 
Nicola Vetrini, B.Sc.
Software Engineer
BUGSENG (https://bugseng.com)
LinkedIn: https://www.linkedin.com/in/nicola-vetrini-a42471253
Re: [XEN PATCH v2] automation/eclair: add new analysis jobs with differing configurations
Posted by Stefano Stabellini 19 hours ago 
On Tue, 28 Oct 2025, Nicola Vetrini wrote:
> On 2025-10-28 00:58, Stefano Stabellini wrote:
> > On Fri, 24 Oct 2025, Nicola Vetrini wrote:
> > > The following analysis jobs are performed:
> > > - eclair-{x86_64,ARM64}: analyze Xen using the default configuration for
> > >   that architecture; runs on runners tagged `eclair-analysis'.
> > > 
> > > - eclair-{x86-64,ARM64}-safety: analyze Xen using the configuration for
> > >   safety, which is more restricted; runs on runners tagged
> > >   `eclair-analysis-safety`.
> > > 
> > > - eclair-{x86_64,ARM64}-testing: analyze Xen using the default
> > >   configuration for the purposes of testing new runner updates; runs on
> > >   runners tagged `eclair-analysis-testing`.
> > > 
> > > Signed-off-by: Nicola Vetrini <nicola.vetrini@bugseng.com>
> > 
> > Do you have a link to a successful pipeline?
> > 
> > Just making sure we are not breaking things.
> > 
> 
> No; not yet, at least [1]. Without the right tags the safety runner can't pick
> up jobs.
> 
> [1] https://gitlab.com/xen-project/people/bugseng/xen/-/pipelines/2117835680
> 
> > 
> > > ---
> > > Changes in v2:
> > > - rebased to current staging;
> > > - fixed regex path issue.
> > > ---
> > >  automation/gitlab-ci/analyze.yaml | 38 +++++++++++++++++++++++++++++++
> > >  1 file changed, 38 insertions(+)
> > > 
> > > diff --git a/automation/gitlab-ci/analyze.yaml
> > > b/automation/gitlab-ci/analyze.yaml
> > > index d50721006740..7bd644d75074 100644
> > > --- a/automation/gitlab-ci/analyze.yaml
> > > +++ b/automation/gitlab-ci/analyze.yaml
> > > @@ -45,6 +45,21 @@ eclair-x86_64:
> > >      LOGFILE: "eclair-x86_64.log"
> > >      VARIANT: "X86_64"
> > >      RULESET: "monitored"
> > > +
> > > +eclair-x86_64-testing:
> > > +  extends: eclair-x86_64
> > > +  tags:
> > > +    - eclair-analysis-testing
> > > +  rules:
> > > +    - if: $CI_PROJECT_PATH =~ /^xen-project\/people\/bugseng.*$/
> > > +      when: always
> > > +    - !reference [.eclair-analysis:triggered, rules]
> > 
> > given that everyone can change this yaml file when pushing to their own
> > branch, I think we should remove this, or (probably better) use a
> > separate env variable to set the default
> > 
> > it is better not to use the path, I think
> > 
> 
> That is a fair concern. One option would be to just use a project runner
> assigned to the people/bugseng/xen subproject, but that might be a bit
> inconvenient if we want to swap runners around.

I think it is OK to register a project runner to people/bugseng/xen. I
am happy with this solution as well.


> Another option, as you said,
> is keeping the regex in a variable, but this wont't prevent rogue
> modifications of the YAML.

I was thinking more of a simpler boolean variable like:

rules:
  - if: $ECLAIR_TESTING

Yes, it wouldn't prevent modifications of the YAML, but it is probably
not an issue? Also, it is not less secure than the path, because the
YAML can be changed by anyone. At least the variable is more flexible
and feels more natural.


> I might have found something runner-side with [2],
> but I need to dig deeper on that one.
> 
> [2] pre_build_script at
> https://docs.gitlab.com/runner/configuration/advanced-configuration/#the-runners-section
>
> > > +eclair-x86_64-safety:
> > > +  extends: eclair-x86_64
> > > +  tags:
> > > +    - eclair-analysis-safety
> > > +  variables:
> > >      EXTRA_XEN_CONFIG: |
> > >        CONFIG_AMD=y
> > >        CONFIG_INTEL=n
> > > @@ -75,6 +90,10 @@ eclair-x86_64:
> > >        CONFIG_DEBUG_LOCKS=n
> > >        CONFIG_SCRUB_DEBUG=n
> > >        CONFIG_XMEM_POOL_POISON=n
> > > +  rules:
> > > +    - if: $CI_PROJECT_PATH =~ /^xen-project\/hardware\/xen$/ &&
> > > $CI_COMMIT_BRANCH =~ /^staging$/
> > > +      when: always
> > > +    - !reference [.eclair-analysis:triggered, rules]
> > 
> > same here
> > 
> > 
> > >  eclair-ARM64:
> > >    extends: .eclair-analysis:triggered
> > > @@ -82,6 +101,21 @@ eclair-ARM64:
> > >      LOGFILE: "eclair-ARM64.log"
> > >      VARIANT: "ARM64"
> > >      RULESET: "monitored"
> > > +
> > > +eclair-ARM64-testing:
> > > +  extends: eclair-ARM64
> > > +  tags:
> > > +    - eclair-analysis-testing
> > > +  rules:
> > > +    - if: $CI_PROJECT_PATH =~ /^xen-project\/people\/bugseng.*$/
> > > +      when: always
> > > +    - !reference [.eclair-analysis:triggered, rules]
> > 
> > and here
> > 
> > 
> > > +eclair-ARM64-safety:
> > > +  extends: eclair-ARM64
> > > +  tags:
> > > +    - eclair-analysis-safety
> > > +  variables:
> > >      EXTRA_XEN_CONFIG: |
> > >        CONFIG_NR_CPUS=16
> > >        CONFIG_GICV2=n
> > > @@ -120,6 +154,10 @@ eclair-ARM64:
> > >        CONFIG_DEBUG_LOCKS=n
> > >        CONFIG_SCRUB_DEBUG=n
> > >        CONFIG_XMEM_POOL_POISON=n
> > > +  rules:
> > > +    - if: $CI_PROJECT_PATH =~ /^xen-project\/hardware\/xen$/ &&
> > > $CI_COMMIT_BRANCH =~ /^staging$/
> > > +      when: always
> > > +    - !reference [.eclair-analysis, rules]
> > 
> > and here
> 
> -- 
> Nicola Vetrini, B.Sc.
> Software Engineer
> BUGSENG (https://bugseng.com)
> LinkedIn: https://www.linkedin.com/in/nicola-vetrini-a42471253
>
Re: [XEN PATCH v2] automation/eclair: add new analysis jobs with differing configurations
Posted by Nicola Vetrini 13 hours ago 
On 2025-10-29 01:22, Stefano Stabellini wrote:
> On Tue, 28 Oct 2025, Nicola Vetrini wrote:
>> On 2025-10-28 00:58, Stefano Stabellini wrote:
>> > On Fri, 24 Oct 2025, Nicola Vetrini wrote:
>> > > The following analysis jobs are performed:
>> > > - eclair-{x86_64,ARM64}: analyze Xen using the default configuration for
>> > >   that architecture; runs on runners tagged `eclair-analysis'.
>> > >
>> > > - eclair-{x86-64,ARM64}-safety: analyze Xen using the configuration for
>> > >   safety, which is more restricted; runs on runners tagged
>> > >   `eclair-analysis-safety`.
>> > >
>> > > - eclair-{x86_64,ARM64}-testing: analyze Xen using the default
>> > >   configuration for the purposes of testing new runner updates; runs on
>> > >   runners tagged `eclair-analysis-testing`.
>> > >
>> > > Signed-off-by: Nicola Vetrini <nicola.vetrini@bugseng.com>
>> >
>> > Do you have a link to a successful pipeline?
>> >
>> > Just making sure we are not breaking things.
>> >
>> 
>> No; not yet, at least [1]. Without the right tags the safety runner 
>> can't pick
>> up jobs.
>> 
>> [1] 
>> https://gitlab.com/xen-project/people/bugseng/xen/-/pipelines/2117835680
>> 
>> >
>> > > ---
>> > > Changes in v2:
>> > > - rebased to current staging;
>> > > - fixed regex path issue.
>> > > ---
>> > >  automation/gitlab-ci/analyze.yaml | 38 +++++++++++++++++++++++++++++++
>> > >  1 file changed, 38 insertions(+)
>> > >
>> > > diff --git a/automation/gitlab-ci/analyze.yaml
>> > > b/automation/gitlab-ci/analyze.yaml
>> > > index d50721006740..7bd644d75074 100644
>> > > --- a/automation/gitlab-ci/analyze.yaml
>> > > +++ b/automation/gitlab-ci/analyze.yaml
>> > > @@ -45,6 +45,21 @@ eclair-x86_64:
>> > >      LOGFILE: "eclair-x86_64.log"
>> > >      VARIANT: "X86_64"
>> > >      RULESET: "monitored"
>> > > +
>> > > +eclair-x86_64-testing:
>> > > +  extends: eclair-x86_64
>> > > +  tags:
>> > > +    - eclair-analysis-testing
>> > > +  rules:
>> > > +    - if: $CI_PROJECT_PATH =~ /^xen-project\/people\/bugseng.*$/
>> > > +      when: always
>> > > +    - !reference [.eclair-analysis:triggered, rules]
>> >
>> > given that everyone can change this yaml file when pushing to their own
>> > branch, I think we should remove this, or (probably better) use a
>> > separate env variable to set the default
>> >
>> > it is better not to use the path, I think
>> >
>> 
>> That is a fair concern. One option would be to just use a project 
>> runner
>> assigned to the people/bugseng/xen subproject, but that might be a bit
>> inconvenient if we want to swap runners around.
> 
> I think it is OK to register a project runner to people/bugseng/xen. I
> am happy with this solution as well.
> 
> 
>> Another option, as you said,
>> is keeping the regex in a variable, but this wont't prevent rogue
>> modifications of the YAML.
> 
> I was thinking more of a simpler boolean variable like:
> 
> rules:
>   - if: $ECLAIR_TESTING
> 
> Yes, it wouldn't prevent modifications of the YAML, but it is probably
> not an issue? Also, it is not less secure than the path, because the
> YAML can be changed by anyone. At least the variable is more flexible
> and feels more natural.
> 

Ok, let's use the variable and then change if we see any problems. I'll 
send a v3. If you could add the tags to the runners in the meantime, I 
can validate the changes with a proper CI run.

> 
>> I might have found something runner-side with [2],
>> but I need to dig deeper on that one.
>> 
>> [2] pre_build_script at
>> https://docs.gitlab.com/runner/configuration/advanced-configuration/#the-runners-section
>> 
>> > > +eclair-x86_64-safety:
>> > > +  extends: eclair-x86_64
>> > > +  tags:
>> > > +    - eclair-analysis-safety
>> > > +  variables:
>> > >      EXTRA_XEN_CONFIG: |
>> > >        CONFIG_AMD=y
>> > >        CONFIG_INTEL=n
>> > > @@ -75,6 +90,10 @@ eclair-x86_64:
>> > >        CONFIG_DEBUG_LOCKS=n
>> > >        CONFIG_SCRUB_DEBUG=n
>> > >        CONFIG_XMEM_POOL_POISON=n
>> > > +  rules:
>> > > +    - if: $CI_PROJECT_PATH =~ /^xen-project\/hardware\/xen$/ &&
>> > > $CI_COMMIT_BRANCH =~ /^staging$/
>> > > +      when: always
>> > > +    - !reference [.eclair-analysis:triggered, rules]
>> >
>> > same here
>> >
>> >
>> > >  eclair-ARM64:
>> > >    extends: .eclair-analysis:triggered
>> > > @@ -82,6 +101,21 @@ eclair-ARM64:
>> > >      LOGFILE: "eclair-ARM64.log"
>> > >      VARIANT: "ARM64"
>> > >      RULESET: "monitored"
>> > > +
>> > > +eclair-ARM64-testing:
>> > > +  extends: eclair-ARM64
>> > > +  tags:
>> > > +    - eclair-analysis-testing
>> > > +  rules:
>> > > +    - if: $CI_PROJECT_PATH =~ /^xen-project\/people\/bugseng.*$/
>> > > +      when: always
>> > > +    - !reference [.eclair-analysis:triggered, rules]
>> >
>> > and here
>> >
>> >
>> > > +eclair-ARM64-safety:
>> > > +  extends: eclair-ARM64
>> > > +  tags:
>> > > +    - eclair-analysis-safety
>> > > +  variables:
>> > >      EXTRA_XEN_CONFIG: |
>> > >        CONFIG_NR_CPUS=16
>> > >        CONFIG_GICV2=n
>> > > @@ -120,6 +154,10 @@ eclair-ARM64:
>> > >        CONFIG_DEBUG_LOCKS=n
>> > >        CONFIG_SCRUB_DEBUG=n
>> > >        CONFIG_XMEM_POOL_POISON=n
>> > > +  rules:
>> > > +    - if: $CI_PROJECT_PATH =~ /^xen-project\/hardware\/xen$/ &&
>> > > $CI_COMMIT_BRANCH =~ /^staging$/
>> > > +      when: always
>> > > +    - !reference [.eclair-analysis, rules]
>> >
>> > and here
>> 
>> --
>> Nicola Vetrini, B.Sc.
>> Software Engineer
>> BUGSENG (https://bugseng.com)
>> LinkedIn: https://www.linkedin.com/in/nicola-vetrini-a42471253
>> 

-- 
Nicola Vetrini, B.Sc.
Software Engineer
BUGSENG (https://bugseng.com)
LinkedIn: https://www.linkedin.com/in/nicola-vetrini-a42471253
Re: [XEN PATCH v2] automation/eclair: add new analysis jobs with differing configurations
Posted by Stefano Stabellini 4 hours ago 
On Wed, 29 Oct 2025, Nicola Vetrini wrote:
> On 2025-10-29 01:22, Stefano Stabellini wrote:
> > On Tue, 28 Oct 2025, Nicola Vetrini wrote:
> > > On 2025-10-28 00:58, Stefano Stabellini wrote:
> > > > On Fri, 24 Oct 2025, Nicola Vetrini wrote:
> > > > > The following analysis jobs are performed:
> > > > > - eclair-{x86_64,ARM64}: analyze Xen using the default configuration
> > > for
> > > > >   that architecture; runs on runners tagged `eclair-analysis'.
> > > > >
> > > > > - eclair-{x86-64,ARM64}-safety: analyze Xen using the configuration
> > > for
> > > > >   safety, which is more restricted; runs on runners tagged
> > > > >   `eclair-analysis-safety`.
> > > > >
> > > > > - eclair-{x86_64,ARM64}-testing: analyze Xen using the default
> > > > >   configuration for the purposes of testing new runner updates; runs
> > > on
> > > > >   runners tagged `eclair-analysis-testing`.
> > > > >
> > > > > Signed-off-by: Nicola Vetrini <nicola.vetrini@bugseng.com>
> > > >
> > > > Do you have a link to a successful pipeline?
> > > >
> > > > Just making sure we are not breaking things.
> > > >
> > > 
> > > No; not yet, at least [1]. Without the right tags the safety runner can't
> > > pick
> > > up jobs.
> > > 
> > > [1]
> > > https://gitlab.com/xen-project/people/bugseng/xen/-/pipelines/2117835680
> > > 
> > > >
> > > > > ---
> > > > > Changes in v2:
> > > > > - rebased to current staging;
> > > > > - fixed regex path issue.
> > > > > ---
> > > > >  automation/gitlab-ci/analyze.yaml | 38
> > > +++++++++++++++++++++++++++++++
> > > > >  1 file changed, 38 insertions(+)
> > > > >
> > > > > diff --git a/automation/gitlab-ci/analyze.yaml
> > > > > b/automation/gitlab-ci/analyze.yaml
> > > > > index d50721006740..7bd644d75074 100644
> > > > > --- a/automation/gitlab-ci/analyze.yaml
> > > > > +++ b/automation/gitlab-ci/analyze.yaml
> > > > > @@ -45,6 +45,21 @@ eclair-x86_64:
> > > > >      LOGFILE: "eclair-x86_64.log"
> > > > >      VARIANT: "X86_64"
> > > > >      RULESET: "monitored"
> > > > > +
> > > > > +eclair-x86_64-testing:
> > > > > +  extends: eclair-x86_64
> > > > > +  tags:
> > > > > +    - eclair-analysis-testing
> > > > > +  rules:
> > > > > +    - if: $CI_PROJECT_PATH =~ /^xen-project\/people\/bugseng.*$/
> > > > > +      when: always
> > > > > +    - !reference [.eclair-analysis:triggered, rules]
> > > >
> > > > given that everyone can change this yaml file when pushing to their own
> > > > branch, I think we should remove this, or (probably better) use a
> > > > separate env variable to set the default
> > > >
> > > > it is better not to use the path, I think
> > > >
> > > 
> > > That is a fair concern. One option would be to just use a project runner
> > > assigned to the people/bugseng/xen subproject, but that might be a bit
> > > inconvenient if we want to swap runners around.
> > 
> > I think it is OK to register a project runner to people/bugseng/xen. I
> > am happy with this solution as well.
> > 
> > 
> > > Another option, as you said,
> > > is keeping the regex in a variable, but this wont't prevent rogue
> > > modifications of the YAML.
> > 
> > I was thinking more of a simpler boolean variable like:
> > 
> > rules:
> >   - if: $ECLAIR_TESTING
> > 
> > Yes, it wouldn't prevent modifications of the YAML, but it is probably
> > not an issue? Also, it is not less secure than the path, because the
> > YAML can be changed by anyone. At least the variable is more flexible
> > and feels more natural.
> > 
> 
> Ok, let's use the variable and then change if we see any problems. I'll send a
> v3. If you could add the tags to the runners in the meantime, I can validate
> the changes with a proper CI run.

I added the tag eclair-analysis-testing to the runner

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.