Split trusted-services.xml into qemuarm64-secureboot-ts.yml and
n1sdp-ts.yml as collection of Trusted Services which can be tested on
each platform has diverged.
Signed-off-by: Adam Johnston <adam.johnston@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>

Add tc1 ecosystem FVP and bits to enable in the tc1 machine config file
Also, do some hacks to speed things up.
Signed-off-by: Jon Mason <jon.mason@arm.com>

Signed-off-by: Jon Mason <jon.mason@arm.com>

The dev kernel can frequently fail, and is not anything that is used in
production.  Allow failure to prevent CI issues but still notify that
there are potential issues.
Signed-off-by: Jon Mason <jon.mason@arm.com>

If the repository reference directory gets corrupted it's not easy to
wipe it, so add a variable CI_CLEAN_REPOS that if set in the pipeline
will clean the clones and re-fetch them.

Also, stop the fetch from detaching during the garbage collection, just
in case it was a long-running GC that got killed that caused the
corruption in the first place.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>

The infrastructure for edk2 and fvp-base is already present, but not
being used.  Make the changes to get it compiling cleanly, and add it to
CI.

Note: testing is not passing because edk2 isn't booting an image
Signed-off-by: Jon Mason <jon.mason@arm.com>

With the removal of fvp-base-arm32, we no longer have test coverage for
the external Arm toolchain.  Add this to qemuarm-secureboot CI so that
there is coverage again.  Note: it must be a 32bit machine, since there
are currently no aarch64 host toolchains for aarch64
Signed-off-by: Jon Mason <jon.mason@arm.com>

fvp-base-arm32 isn't a real machine and supporting it has become hacky.
Drop support and remove from meta-arm-bsp
Signed-off-by: Jon Mason <jon.mason@arm.com>

Add the various kernels available in oe-core, as well as the poky-tiny
minimal distribution (which has a minimal kernel config).  This
necessitated combining some kernel bbappends to have patching coverage
for all the variants.
Signed-off-by: Jon Mason <jon.mason@arm.com>

Make things more obvious by adding yml files for the poky defaults
instead of disregarding them in the jobs-to-kas script
Signed-off-by: Jon Mason <jon.mason@arm.com>

Mirrors of meta-arm may focus their development on a small subset of
MACHINEs so provide the option to restrict the boards that are built on
CI using the variable BUILD_ENABLE_REGEX. If set, it conditionally
enables builds; if unset there is no change in behavior.

This variable could be overridden in a scheduled build, to e.g. build
all the MACHINEs weekly.
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>

Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>

Mirrors of meta-arm may have the persistent cache directory mounted in a
different place. To make it easier to configure, define this location
using a single $CACHE_DIR variable.
Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>

For some reason the kas 3.2.1 container fails:

No such file or directory: '/builds/engineering/yocto/meta-arm/ci/ci/base.yml'

Note the repeated /ci/, which is wrong.

Pin the kas container to 3.2 for now until this is resolved.
Signed-off-by: Ross Burton <ross.burton@arm.com>

Kas 3.2 ships python3-subunit, so we don't need to try to install that
anymore.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>

Kas 3.2 has a 'dump' plugin, so use that instead of cat in a shell.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>

This job doesn't use the standard helpers, so needs to pass these
explicitly otherwise it can pick up an old SHA.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>

Now that the FVP is available for both aarch64 and x86-64, don't set a
tag so this can run on both architectures.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>

The meta-gem5 layer is unmaintained and gem5 is incompatible with Python
3.11, so won't work with master without work that is still ongoing.
Signed-off-by: Ross Burton <ross.burton@arm.com>

The meta-atp layer is unmaintained and gem5 is incompatible with Python
3.11, so won't work with master without work that is still ongoing.
Signed-off-by: Ross Burton <ross.burton@arm.com>

Instead of using the side-effect of gem5-arm64 pulling in many layers,
do it explicitly.
Signed-off-by: Ross Burton <ross.burton@arm.com>

Signed-off-by: Ross Burton <ross.burton@arm.com>

DEFAULT_TAG and CPU_REQUEST are being used to help with internal Gitlab
pipeline setups know which type of machines to run on, but has no value
outside of Arm Corp.  Gitlab CI allows for variables to be overridden
by default.  So, we can give it a default value of NULL/empty and have
everything work internally and externally by default.
Signed-off-by: Jon Mason <jon.mason@arm.com>

The kas 3.1 container has telnet in. We can also remove python3-subunit
once kas 3.2 is released.
Signed-off-by: Ross Burton <ross.burton@arm.com>

Tag all jobs with the DEFAULT_TAG variable so each instance can control
what tags the jobs have, whilst still explicitly tagging the jobs which
need specific tags (such as x86_64 for jobs which need to run x86-only
binaries)
Signed-off-by: Ross Burton <ross.burton@arm.com>

The Kas container needs to use the entrypoint as that is where the user
changes from root to a normal user.

Also set the KUBERNETES_CPU_REQUEST to the variable CPU_REQUEST as this
needs to be tuned per-deployment.
Signed-off-by: Ross Burton <ross.burton@arm.com>

Signed-off-by: Adrián Herrera Arcila <adrian.herrera@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>

Add support for n1sdp to trusted-services bbappends and rework some
things to make it easier to add more in the future.
Signed-off-by: Jon Mason <jon.mason@arm.com>

This job builds all of the Sphinx documentation it can find with fatal
warnings enabled.
Signed-off-by: Ross Burton <ross.burton@arm.com>

The Total Compute 2020 BSP is obsolete and unsupported, so remove it
from meta-arm.  The Total Compute team would like TC1 to be available in
langdale, but removed in mickledore.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>

Trusted services is a feature, not a unique machine.  Modify the setup
to reflect this.
Signed-off-by: Jon Mason <jon.mason@arm.com>

This commit also enables clang CI pipelines for TS.
Signed-off-by: Anton Antonov <Anton.Antonov@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>

Remove microbit-v1, qemu-cortex-a53, qemu-cortex-m3, and qemu-cortex-r5
from CI (and the tree in general).  These machines are part of the
meta-zephyr CI now and keeping them here is redundant.  However, keeping
zephyr builds for machines that also have TF-M.
Signed-off-by: Jon Mason <jon.mason@arm.com>

qemuarm64-secureboot-ts pipeline is based on qemuarm64-secureboot machine
and additionaly includes:
- TS Crypto, Storage, ITS, Attestation and SMM-Gateway SPs into optee-os image
- TS demo/test tools
- TS psa-arch-tests

This commit also includes Trusted Services OEQA tests
Signed-off-by: Anton Antonov <Anton.Antonov@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>

meta-zephyr recently was fixed to allow for autotest.  Remove all the
zephyr testing hacks and use that.
Signed-off-by: Jon Mason <jon.mason@arm.com>

Signed-off-by: Jon Mason <jon.mason@arm.com>

When used in a non-interactive context, apt prints a warning:

WARNING: apt does not have a stable CLI interface. Use with caution in scripts.

Use apt-get directly to avoid putting warnings in the logs.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>

Signed-off-by: Jon Mason <jon.mason@arm.com>

Build all the things that qemuarm64-secureboot builds, removing those
that fail to compile.  Unfortunately, musl doesn't play nicely with
optee-test.
Signed-off-by: Jon Mason <jon.mason@arm.com>

TFTF is TF-A tests that runs at NS-EL2. This is primarily developed to
test the TF-A interfaces exposed to NS code.
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Signed-off-by: Jon Mason <jon.mason@arm.com>