Re: [XEN PATCH v3] automation/eclair: add new analysis jobs with differing configurations

Fri, 31 Oct 2025 23:38:38 -0700 

On 2025-10-31 20:55, Stefano Stabellini wrote:

On Fri, 31 Oct 2025, Nicola Vetrini wrote:

The following analysis jobs are performed:
- eclair-{x86_64,ARM64}: analyze Xen using the default configuration for 
  that architecture; runs on runners tagged `eclair-analysis'.
- eclair-{x86-64,ARM64}-safety: analyze Xen using the configuration for 
  safety, which is more restricted; runs on runners tagged
  `eclair-analysis-safety`.

- eclair-{x86_64,ARM64}-testing: analyze Xen using the default
configuration for the purposes of testing new runner updates; runs on 
  runners tagged `eclair-analysis-testing`.

Signed-off-by: Nicola Vetrini <[email protected]>
---
CI pipeline: https://gitlab.com/xen-project/people/bugseng/xen/-/pipelines/2130873833
Note: the eclair-ARM64 and eclair-x86_64 jobs are allowed to fail because the 
configuration is not (yet) clean for all checked MISRA guidelines.

Changes in v3:
- Use a variable instead of testing the repository PATH to decide whether a job 
  should be run for *-testing and *-safety analyses;
- Allow eclair-{x86_64,ARM64} default configurations to fail, as the configuration 
  is not yet clean for MISRA.
Changes in v2:
- rebased to current staging;
- fixed regex path issue.
---
automation/gitlab-ci/analyze.yaml | 42 ++++++++++++++++++++++++++++++- 
 1 file changed, 41 insertions(+), 1 deletion(-)
diff --git a/automation/gitlab-ci/analyze.yaml b/automation/gitlab-ci/analyze.yaml 
index d50721006740..fae55a23dbb5 100644
--- a/automation/gitlab-ci/analyze.yaml
+++ b/automation/gitlab-ci/analyze.yaml
@@ -45,6 +45,22 @@ eclair-x86_64:
     LOGFILE: "eclair-x86_64.log"
     VARIANT: "X86_64"
     RULESET: "monitored"
+  allow_failure: true
Wouldn't "allow_failure: true" also change the behavior for the existing jobs? I would think we want to continue not allowing failures for those. 
I would think that at least eclair-x86_64-safety should not allow
failures (like before this patch).
Well spotted, for some reason I thought that it would be overwritten by the rules section in the extended job. I will put an explicit allow_failure: false in *-safety job to preserve their behavior, then when (if?) the eclair-{arm64,x86_64} jobs are also clean, we can remove both settings 




+eclair-x86_64-testing:
+  extends: eclair-x86_64
+  tags:
+    - eclair-analysis-testing
+  rules:
+    - if: $ECLAIR_TESTING
+      when: always
+    - !reference [.eclair-analysis:triggered, rules]


I imagine that ECLAIR_TESTING will be typically off in
gitlab.com/xen-project/hardware/xen, right?
It's not about the repo, but the runner environment. The runner(s) tagged with eclair-analysis-testing do have ECLAIR_TESTING set, while the ones tagged with eclair-analysis-safety and/or eclair-analysis have the ECLAIR_SAFETY variable defined. 




+eclair-x86_64-safety:
+  extends: eclair-x86_64
+  tags:
+    - eclair-analysis-safety
+  variables:
     EXTRA_XEN_CONFIG: |
       CONFIG_AMD=y
       CONFIG_INTEL=n
@@ -75,6 +91,10 @@ eclair-x86_64:
       CONFIG_DEBUG_LOCKS=n
       CONFIG_SCRUB_DEBUG=n
       CONFIG_XMEM_POOL_POISON=n
+  rules:
+    - if: $ECLAIR_SAFETY && $CI_COMMIT_BRANCH =~ /^staging$/
+      when: always


On the other hand, I expect that ECLAIR_SAFETY will be on in
gitlab.com/xen-project/hardware/xen, right?

I don't think we need the extra check on "staging" as the branch
on gitlab.com/xen-project/hardware/xen are very limited.



Ok, can edit that out




+    - !reference [.eclair-analysis:triggered, rules]

 eclair-ARM64:
   extends: .eclair-analysis:triggered
@@ -82,6 +102,22 @@ eclair-ARM64:
     LOGFILE: "eclair-ARM64.log"
     VARIANT: "ARM64"
     RULESET: "monitored"
+  allow_failure: true


Same comment for ARM



+eclair-ARM64-testing:
+  extends: eclair-ARM64
+  tags:
+    - eclair-analysis-testing
+  rules:
+    - if: $ECLAIR_TESTING
+      when: always
+    - !reference [.eclair-analysis:triggered, rules]
+
+eclair-ARM64-safety:
+  extends: eclair-ARM64
+  tags:
+    - eclair-analysis-safety
+  variables:
     EXTRA_XEN_CONFIG: |
       CONFIG_NR_CPUS=16
       CONFIG_GICV2=n
@@ -120,13 +156,17 @@ eclair-ARM64:
       CONFIG_DEBUG_LOCKS=n
       CONFIG_SCRUB_DEBUG=n
       CONFIG_XMEM_POOL_POISON=n
+  rules:
+    - if: $ECLAIR_SAFETY && $CI_COMMIT_BRANCH =~ /^staging$/
+      when: always
+    - !reference [.eclair-analysis, rules]

 .eclair-analysis:on-schedule:
   extends: .eclair-analysis
   rules:
     - if: $CI_PIPELINE_SOURCE != "schedule"
       when: never
-    - !reference [.eclair-analysis, rules]
+    - !reference [.eclair-analysis:triggered, rules]

 eclair-x86_64:on-schedule:
   extends: .eclair-analysis:on-schedule
--
2.43.0



--
Nicola Vetrini, B.Sc.
Software Engineer
BUGSENG (https://bugseng.com)
LinkedIn: https://www.linkedin.com/in/nicola-vetrini-a42471253

Reply via email to