automation/gitlab-ci/analyze.yaml | 42 ++++++++++++++++++++++++++++++- 1 file changed, 41 insertions(+), 1 deletion(-)
The following analysis jobs are performed:
- eclair-{x86_64,ARM64}: analyze Xen using the default configuration for
that architecture; runs on runners tagged `eclair-analysis'.
- eclair-{x86-64,ARM64}-safety: analyze Xen using the configuration for
safety, which is more restricted; runs on runners tagged
`eclair-analysis-safety`.
- eclair-{x86_64,ARM64}-testing: analyze Xen using the default
configuration for the purposes of testing new runner updates; runs on
runners tagged `eclair-analysis-testing`.
Signed-off-by: Nicola Vetrini <nicola.vetrini@bugseng.com>
---
CI pipeline: https://gitlab.com/xen-project/people/bugseng/xen/-/pipelines/2130873833
Note: the eclair-ARM64 and eclair-x86_64 jobs are allowed to fail because the
configuration is not (yet) clean for all checked MISRA guidelines.
Changes in v3:
- Use a variable instead of testing the repository PATH to decide whether a job
should be run for *-testing and *-safety analyses;
- Allow eclair-{x86_64,ARM64} default configurations to fail, as the configuration
is not yet clean for MISRA.
Changes in v2:
- rebased to current staging;
- fixed regex path issue.
---
automation/gitlab-ci/analyze.yaml | 42 ++++++++++++++++++++++++++++++-
1 file changed, 41 insertions(+), 1 deletion(-)
diff --git a/automation/gitlab-ci/analyze.yaml b/automation/gitlab-ci/analyze.yaml
index d50721006740..fae55a23dbb5 100644
--- a/automation/gitlab-ci/analyze.yaml
+++ b/automation/gitlab-ci/analyze.yaml
@@ -45,6 +45,22 @@ eclair-x86_64:
LOGFILE: "eclair-x86_64.log"
VARIANT: "X86_64"
RULESET: "monitored"
+ allow_failure: true
+
+eclair-x86_64-testing:
+ extends: eclair-x86_64
+ tags:
+ - eclair-analysis-testing
+ rules:
+ - if: $ECLAIR_TESTING
+ when: always
+ - !reference [.eclair-analysis:triggered, rules]
+
+eclair-x86_64-safety:
+ extends: eclair-x86_64
+ tags:
+ - eclair-analysis-safety
+ variables:
EXTRA_XEN_CONFIG: |
CONFIG_AMD=y
CONFIG_INTEL=n
@@ -75,6 +91,10 @@ eclair-x86_64:
CONFIG_DEBUG_LOCKS=n
CONFIG_SCRUB_DEBUG=n
CONFIG_XMEM_POOL_POISON=n
+ rules:
+ - if: $ECLAIR_SAFETY && $CI_COMMIT_BRANCH =~ /^staging$/
+ when: always
+ - !reference [.eclair-analysis:triggered, rules]
eclair-ARM64:
extends: .eclair-analysis:triggered
@@ -82,6 +102,22 @@ eclair-ARM64:
LOGFILE: "eclair-ARM64.log"
VARIANT: "ARM64"
RULESET: "monitored"
+ allow_failure: true
+
+eclair-ARM64-testing:
+ extends: eclair-ARM64
+ tags:
+ - eclair-analysis-testing
+ rules:
+ - if: $ECLAIR_TESTING
+ when: always
+ - !reference [.eclair-analysis:triggered, rules]
+
+eclair-ARM64-safety:
+ extends: eclair-ARM64
+ tags:
+ - eclair-analysis-safety
+ variables:
EXTRA_XEN_CONFIG: |
CONFIG_NR_CPUS=16
CONFIG_GICV2=n
@@ -120,13 +156,17 @@ eclair-ARM64:
CONFIG_DEBUG_LOCKS=n
CONFIG_SCRUB_DEBUG=n
CONFIG_XMEM_POOL_POISON=n
+ rules:
+ - if: $ECLAIR_SAFETY && $CI_COMMIT_BRANCH =~ /^staging$/
+ when: always
+ - !reference [.eclair-analysis, rules]
.eclair-analysis:on-schedule:
extends: .eclair-analysis
rules:
- if: $CI_PIPELINE_SOURCE != "schedule"
when: never
- - !reference [.eclair-analysis, rules]
+ - !reference [.eclair-analysis:triggered, rules]
eclair-x86_64:on-schedule:
extends: .eclair-analysis:on-schedule
--
2.43.0On Fri, 31 Oct 2025, Nicola Vetrini wrote:
> The following analysis jobs are performed:
> - eclair-{x86_64,ARM64}: analyze Xen using the default configuration for
> that architecture; runs on runners tagged `eclair-analysis'.
>
> - eclair-{x86-64,ARM64}-safety: analyze Xen using the configuration for
> safety, which is more restricted; runs on runners tagged
> `eclair-analysis-safety`.
>
> - eclair-{x86_64,ARM64}-testing: analyze Xen using the default
> configuration for the purposes of testing new runner updates; runs on
> runners tagged `eclair-analysis-testing`.
>
> Signed-off-by: Nicola Vetrini <nicola.vetrini@bugseng.com>
> ---
> CI pipeline: https://gitlab.com/xen-project/people/bugseng/xen/-/pipelines/2130873833
>
> Note: the eclair-ARM64 and eclair-x86_64 jobs are allowed to fail because the
> configuration is not (yet) clean for all checked MISRA guidelines.
>
> Changes in v3:
> - Use a variable instead of testing the repository PATH to decide whether a job
> should be run for *-testing and *-safety analyses;
> - Allow eclair-{x86_64,ARM64} default configurations to fail, as the configuration
> is not yet clean for MISRA.
> Changes in v2:
> - rebased to current staging;
> - fixed regex path issue.
> ---
> automation/gitlab-ci/analyze.yaml | 42 ++++++++++++++++++++++++++++++-
> 1 file changed, 41 insertions(+), 1 deletion(-)
>
> diff --git a/automation/gitlab-ci/analyze.yaml b/automation/gitlab-ci/analyze.yaml
> index d50721006740..fae55a23dbb5 100644
> --- a/automation/gitlab-ci/analyze.yaml
> +++ b/automation/gitlab-ci/analyze.yaml
> @@ -45,6 +45,22 @@ eclair-x86_64:
> LOGFILE: "eclair-x86_64.log"
> VARIANT: "X86_64"
> RULESET: "monitored"
> + allow_failure: true
Wouldn't "allow_failure: true" also change the behavior for the existing
jobs? I would think we want to continue not allowing failures for those.
I would think that at least eclair-x86_64-safety should not allow
failures (like before this patch).
> +eclair-x86_64-testing:
> + extends: eclair-x86_64
> + tags:
> + - eclair-analysis-testing
> + rules:
> + - if: $ECLAIR_TESTING
> + when: always
> + - !reference [.eclair-analysis:triggered, rules]
I imagine that ECLAIR_TESTING will be typically off in
gitlab.com/xen-project/hardware/xen, right?
> +eclair-x86_64-safety:
> + extends: eclair-x86_64
> + tags:
> + - eclair-analysis-safety
> + variables:
> EXTRA_XEN_CONFIG: |
> CONFIG_AMD=y
> CONFIG_INTEL=n
> @@ -75,6 +91,10 @@ eclair-x86_64:
> CONFIG_DEBUG_LOCKS=n
> CONFIG_SCRUB_DEBUG=n
> CONFIG_XMEM_POOL_POISON=n
> + rules:
> + - if: $ECLAIR_SAFETY && $CI_COMMIT_BRANCH =~ /^staging$/
> + when: always
On the other hand, I expect that ECLAIR_SAFETY will be on in
gitlab.com/xen-project/hardware/xen, right?
I don't think we need the extra check on "staging" as the branch
on gitlab.com/xen-project/hardware/xen are very limited.
> + - !reference [.eclair-analysis:triggered, rules]
>
> eclair-ARM64:
> extends: .eclair-analysis:triggered
> @@ -82,6 +102,22 @@ eclair-ARM64:
> LOGFILE: "eclair-ARM64.log"
> VARIANT: "ARM64"
> RULESET: "monitored"
> + allow_failure: true
Same comment for ARM
> +eclair-ARM64-testing:
> + extends: eclair-ARM64
> + tags:
> + - eclair-analysis-testing
> + rules:
> + - if: $ECLAIR_TESTING
> + when: always
> + - !reference [.eclair-analysis:triggered, rules]
> +
> +eclair-ARM64-safety:
> + extends: eclair-ARM64
> + tags:
> + - eclair-analysis-safety
> + variables:
> EXTRA_XEN_CONFIG: |
> CONFIG_NR_CPUS=16
> CONFIG_GICV2=n
> @@ -120,13 +156,17 @@ eclair-ARM64:
> CONFIG_DEBUG_LOCKS=n
> CONFIG_SCRUB_DEBUG=n
> CONFIG_XMEM_POOL_POISON=n
> + rules:
> + - if: $ECLAIR_SAFETY && $CI_COMMIT_BRANCH =~ /^staging$/
> + when: always
> + - !reference [.eclair-analysis, rules]
>
> .eclair-analysis:on-schedule:
> extends: .eclair-analysis
> rules:
> - if: $CI_PIPELINE_SOURCE != "schedule"
> when: never
> - - !reference [.eclair-analysis, rules]
> + - !reference [.eclair-analysis:triggered, rules]
>
> eclair-x86_64:on-schedule:
> extends: .eclair-analysis:on-schedule
> --
> 2.43.0
>
On 2025-10-31 20:55, Stefano Stabellini wrote:
> On Fri, 31 Oct 2025, Nicola Vetrini wrote:
>> The following analysis jobs are performed:
>> - eclair-{x86_64,ARM64}: analyze Xen using the default configuration
>> for
>> that architecture; runs on runners tagged `eclair-analysis'.
>>
>> - eclair-{x86-64,ARM64}-safety: analyze Xen using the configuration
>> for
>> safety, which is more restricted; runs on runners tagged
>> `eclair-analysis-safety`.
>>
>> - eclair-{x86_64,ARM64}-testing: analyze Xen using the default
>> configuration for the purposes of testing new runner updates; runs
>> on
>> runners tagged `eclair-analysis-testing`.
>>
>> Signed-off-by: Nicola Vetrini <nicola.vetrini@bugseng.com>
>> ---
>> CI pipeline:
>> https://gitlab.com/xen-project/people/bugseng/xen/-/pipelines/2130873833
>>
>> Note: the eclair-ARM64 and eclair-x86_64 jobs are allowed to fail
>> because the
>> configuration is not (yet) clean for all checked MISRA guidelines.
>>
>> Changes in v3:
>> - Use a variable instead of testing the repository PATH to decide
>> whether a job
>> should be run for *-testing and *-safety analyses;
>> - Allow eclair-{x86_64,ARM64} default configurations to fail, as the
>> configuration
>> is not yet clean for MISRA.
>> Changes in v2:
>> - rebased to current staging;
>> - fixed regex path issue.
>> ---
>> automation/gitlab-ci/analyze.yaml | 42
>> ++++++++++++++++++++++++++++++-
>> 1 file changed, 41 insertions(+), 1 deletion(-)
>>
>> diff --git a/automation/gitlab-ci/analyze.yaml
>> b/automation/gitlab-ci/analyze.yaml
>> index d50721006740..fae55a23dbb5 100644
>> --- a/automation/gitlab-ci/analyze.yaml
>> +++ b/automation/gitlab-ci/analyze.yaml
>> @@ -45,6 +45,22 @@ eclair-x86_64:
>> LOGFILE: "eclair-x86_64.log"
>> VARIANT: "X86_64"
>> RULESET: "monitored"
>> + allow_failure: true
>
> Wouldn't "allow_failure: true" also change the behavior for the
> existing
> jobs? I would think we want to continue not allowing failures for
> those.
> I would think that at least eclair-x86_64-safety should not allow
> failures (like before this patch).
>
Well spotted, for some reason I thought that it would be overwritten by
the rules section in the extended job. I will put an explicit
allow_failure: false in *-safety job to preserve their behavior, then
when (if?) the eclair-{arm64,x86_64} jobs are also clean, we can remove
both settings
>
>> +eclair-x86_64-testing:
>> + extends: eclair-x86_64
>> + tags:
>> + - eclair-analysis-testing
>> + rules:
>> + - if: $ECLAIR_TESTING
>> + when: always
>> + - !reference [.eclair-analysis:triggered, rules]
>
> I imagine that ECLAIR_TESTING will be typically off in
> gitlab.com/xen-project/hardware/xen, right?
>
It's not about the repo, but the runner environment. The runner(s)
tagged with eclair-analysis-testing do have ECLAIR_TESTING set, while
the ones tagged with eclair-analysis-safety and/or eclair-analysis have
the ECLAIR_SAFETY variable defined.
>
>> +eclair-x86_64-safety:
>> + extends: eclair-x86_64
>> + tags:
>> + - eclair-analysis-safety
>> + variables:
>> EXTRA_XEN_CONFIG: |
>> CONFIG_AMD=y
>> CONFIG_INTEL=n
>> @@ -75,6 +91,10 @@ eclair-x86_64:
>> CONFIG_DEBUG_LOCKS=n
>> CONFIG_SCRUB_DEBUG=n
>> CONFIG_XMEM_POOL_POISON=n
>> + rules:
>> + - if: $ECLAIR_SAFETY && $CI_COMMIT_BRANCH =~ /^staging$/
>> + when: always
>
> On the other hand, I expect that ECLAIR_SAFETY will be on in
> gitlab.com/xen-project/hardware/xen, right?
>
> I don't think we need the extra check on "staging" as the branch
> on gitlab.com/xen-project/hardware/xen are very limited.
>
Ok, can edit that out
>
>> + - !reference [.eclair-analysis:triggered, rules]
>>
>> eclair-ARM64:
>> extends: .eclair-analysis:triggered
>> @@ -82,6 +102,22 @@ eclair-ARM64:
>> LOGFILE: "eclair-ARM64.log"
>> VARIANT: "ARM64"
>> RULESET: "monitored"
>> + allow_failure: true
>
> Same comment for ARM
>
>
>> +eclair-ARM64-testing:
>> + extends: eclair-ARM64
>> + tags:
>> + - eclair-analysis-testing
>> + rules:
>> + - if: $ECLAIR_TESTING
>> + when: always
>> + - !reference [.eclair-analysis:triggered, rules]
>> +
>> +eclair-ARM64-safety:
>> + extends: eclair-ARM64
>> + tags:
>> + - eclair-analysis-safety
>> + variables:
>> EXTRA_XEN_CONFIG: |
>> CONFIG_NR_CPUS=16
>> CONFIG_GICV2=n
>> @@ -120,13 +156,17 @@ eclair-ARM64:
>> CONFIG_DEBUG_LOCKS=n
>> CONFIG_SCRUB_DEBUG=n
>> CONFIG_XMEM_POOL_POISON=n
>> + rules:
>> + - if: $ECLAIR_SAFETY && $CI_COMMIT_BRANCH =~ /^staging$/
>> + when: always
>> + - !reference [.eclair-analysis, rules]
>>
>> .eclair-analysis:on-schedule:
>> extends: .eclair-analysis
>> rules:
>> - if: $CI_PIPELINE_SOURCE != "schedule"
>> when: never
>> - - !reference [.eclair-analysis, rules]
>> + - !reference [.eclair-analysis:triggered, rules]
>>
>> eclair-x86_64:on-schedule:
>> extends: .eclair-analysis:on-schedule
>> --
>> 2.43.0
>>
--
Nicola Vetrini, B.Sc.
Software Engineer
BUGSENG (https://bugseng.com)
LinkedIn: https://www.linkedin.com/in/nicola-vetrini-a42471253
© 2016 - 2025 Red Hat, Inc.