Merge pull request #9 from IRNAS/feature/irnas-zephyr-template-migration

Feature/irnas zephyr template migration

CHANGELOG.md

@@ -6,6 +6,15 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
 
 ## [Unreleased]
 
+### Added
+
+-   `twister-rpi.yaml` which is used to run Twister tests on a device connected to a Raspberry Pi.
+-   Docs related to `twister-rpi.yaml` and self-hosted workflows.
+
+### Changed
+
+-   Migrate `build.yaml`, `twister.yaml` and `codechecker.yaml` to `self-hosted` runners.
+
 ## [0.5.0] - 2023-10-02
 
 ### Changed

workflow-templates/rpi-twister-hil/.github/twister-rpi.yaml

@@ -0,0 +1,149 @@
+name: Run Twister Tests on RPi
+
+on:
+  pull_request:
+    types: [opened, reopened, synchronize]
+  push:
+   branches:
+     - "main"
+
+  workflow_dispatch:
+
+env:
+  GIT_CREDENTIALS: ${{ secrets.GIT_CREDENTIALS }}
+  RPI_IP: ${{ secrets.RPI_IP }}
+
+jobs:
+  twister-build:
+    name: "Run Unit Tests"
+    runs-on: self-hosted
+    defaults:
+      run:
+        shell: bash
+        # Set work dir to "project" for all 'run' calls. Beware, everything else
+        # (actions, 'with' params, etc.) still needs to reference full path.
+        working-directory: project
+
+    steps:
+      - name: Checkout last PR commit
+        uses: actions/checkout@v3
+        with:
+          ref: ${{ github.event.pull_request.head.sha }}
+          path: project
+
+      # This is needed due to the later east update (west update) command that
+      # could be cloning from the private repos. The provided token in
+      # GIT_CREDENTIALS needs to be a fine-grained token, with access to all
+      # repositories, with "Read-only" access level to the Content repository
+      # permissions.
+      - name: Set Git credentials
+        run: |
+          git config --global credential.helper '!f() { printf "%s\n" "username=runner" "password=$GIT_CREDENTIALS"; };f'
+
+      - name: Install and cache apt packages
+        if: contains(runner.name, 'Github Action')
+        uses: awalsh128/cache-apt-pkgs-action@latest
+        with:
+          packages: gcc-multilib lcov
+          # Update this manually when changing the packages above, increment
+          # only minor version to keep APT caches separate.
+          version: 2.0
+
+      - name: Retrieve cache
+        if: contains(runner.name, 'Github Action')
+        uses: actions/cache@v3
+        env:
+          cache-name: cache-modules
+        with:
+          path: |
+            bootloader
+            modules
+            nrf
+            nrfxlib
+            test
+            tools
+            zephyr
+            ~/.local/share/east/downloads/
+            ~/.local/share/east/tooling/nrfutil
+          # Note above two lines, if we are caching entire ~/.local/share/east
+          # folder then cache action fails during download/extract step
+          key:
+            ${{ runner.os }}-build-${{ env.cache-name }}-${{
+            hashFiles('project/west.yml') }}
+          restore-keys: ${{ runner.os }}-build-${{ env.cache-name }}-
+
+      - name: Set up Python
+        uses: actions/setup-python@v4
+        with:
+          python-version: "3.8"
+          cache: "pip"
+          cache-dependency-path: project/scripts/requirements.txt
+
+      - name: Install Python dependencies
+        run: pip install -r scripts/requirements.txt
+
+      - name: Install dependencies
+        run: make install-dep
+
+      - name: Setup project
+        run: make project-setup
+
+      - name: Request resource
+        # The request_resource script takes the following arguments: timeout, retry_interval, url
+        run: scripts/rpi-jlink-server/request_resource.sh 600 10 http://$RPI_IP:7779/request-resource/${{ runner.name }}
+
+      - name: Run tests
+        run: make test-remote
+
+      - name: Create test report
+        if: always()
+        run: make test-report-ci
+
+      - name: Upload Unit Test Results
+        if: always()
+        uses: actions/upload-artifact@v3
+        with:
+          name: test-report
+          path: |
+            project/twister-out/twister-report.html
+            project/twister-out/twister.xml
+            project/twister-out/twister.log
+
+      - name: Release resource
+        # Always release the resource so other clients can claim it
+        if: always()
+        run: scripts/rpi-jlink-server/request_resource.sh 60 5 http://$RPI_IP:7779/release-resource/${{ runner.name }}
+
+      - name: Post-build clean
+        # Only for self hosted runners
+        # Makes sure east init does not fail in the project setup
+        if: ${{ always() && !contains(runner.name, 'Github Action') }}
+        run: rm -rf ${{ github.workspace }}/.west
+
+  twister-test-results:
+    name: "Publish Unit Tests Results"
+    needs: twister-build
+    if: always()
+    # These permissions must be set for the EnricoMi/publish-unit-test-result-action
+    # See https://github.com/EnricoMi/publish-unit-test-result-action#permissions
+    permissions:
+      contents: read
+      issues: read
+      checks: write
+    # WARNING: This must be run on Github Hosted Action Runners, as they allow the usage of Docker
+    # An alternative would be to create a custom Docker image with Docker-in-Docker enabled
+    runs-on: ubuntu-22.04
+
+    steps:
+      - name: Download Artefacts
+        uses: actions/download-artifact@v3
+        with:
+          name: test-report
+          path: test-report
+
+      - name: Publish Unit Test Results
+        uses: EnricoMi/[email protected]
+        with:
+          check_name: Unit Test Results
+          files: test-report/twister.xml
+          comment_mode: off

workflow-templates/rpi-twister-hil/README.md

@@ -0,0 +1,31 @@
+# Twister RPi workflow
+
+The `twister-rpi.yaml` workflow performs the same project setup as `build.yaml` does before it
+starts executing the following `make` commands:
+
+```bash
+make install-dep
+make project-setup
+make test-remote
+make test-report-ci     # Runs always, even if "make test-remote" failed
+```
+
+Expected behaviour of the `make` commands (those that weren't already described
+above):
+
+- `make test-remote` - Runs tests on board connected to a remote J-Link via Raspberry Pi.
+- `make test-report-ci` - Creates test report. Runs always, even if `make test`
+  failed.
+- `make coverage-report-ci` - Creates coverage report.
+
+### Artefacts and reports
+
+Workflow will then:
+
+- Publish test report
+
+To see the test report you can click `Details` (next to any Twister check in the
+PR) -> `Summary`.
+
+Artefact `test-report` will also contain `test-report.html` which can be viewed
+in browser.

workflow-templates/zephyr/.github/workflows/build.yaml

@@ -11,13 +11,14 @@ on:
   push:
     branches:
       - "main"
+  workflow_dispatch:
 
 env:
   GIT_CREDENTIALS: ${{ secrets.GIT_CREDENTIALS }}
 
 jobs:
   build:
-    runs-on: ubuntu-20.04
+    runs-on: self-hosted
     defaults:
       run:
         shell: bash
@@ -57,6 +58,7 @@ jobs:
           git config --global credential.helper '!f() { printf "%s\n" "username=runner" "password=$GIT_CREDENTIALS"; };f'
 
       - name: Install and cache apt packages
+        if: contains(runner.name, 'Github Action')
         uses: awalsh128/cache-apt-pkgs-action@latest
         with:
           packages: gcc-multilib
@@ -65,6 +67,7 @@ jobs:
           version: 1.0
 
       - name: Retrieve cache
+        if: contains(runner.name, 'Github Action')
         uses: actions/cache@v3
         env:
           cache-name: cache-modules
@@ -125,3 +128,9 @@ jobs:
         with:
           name: artefacts
           path: project/artefacts/*
+
+      - name: Post-build clean
+        # Only for self hosted runners
+        # Makes sure east init does not fail in the project setup
+        if: ${{ always() && !contains(runner.name, 'Github Action') }}
+        run: rm -rf ${{ github.workspace }}/.west

workflow-templates/zephyr/.github/workflows/codechecker.yaml

@@ -24,7 +24,7 @@ env:
 
 jobs:
   codechecker:
-    runs-on: ubuntu-20.04
+    runs-on: self-hosted
     defaults:
       run:
         shell: bash
@@ -57,20 +57,22 @@ jobs:
       # This is needed due to the later east update (west update) command that
       # could be cloning from the private repos. The provided token in
       # GIT_CREDENTIALS needs to be a fine-grained token, with access to all
-      # repositores, with "Read-only" access level to the Content repository
+      # repositories, with "Read-only" access level to the Content repository
       # permissions.
       - name: Set Git credentials
         run: |
           git config --global credential.helper '!f() { printf "%s\n" "username=runner" "password=$GIT_CREDENTIALS"; };f'
 
       - name: Add LLVM repositories
+        if: contains(runner.name, 'Github Action')
         run: |
           # If updating llvm version do not forget to update distro name
           wget -qO- https://apt.llvm.org/llvm-snapshot.gpg.key | sudo tee /etc/apt/trusted.gpg.d/apt.llvm.org.asc
           sudo add-apt-repository "deb http://apt.llvm.org/focal/ llvm-toolchain-focal-16 main"
           sudo apt-get update
 
       - name: Install and cache apt packages
+        if: contains(runner.name, 'Github Action')
         uses: awalsh128/cache-apt-pkgs-action@latest
         with:
           packages: clang-16 clang-tidy-16 cppcheck gcc-multilib
@@ -79,6 +81,7 @@ jobs:
           version: 3.0
 
       - name: Retrieve cache
+        if: contains(runner.name, 'Github Action')
         uses: actions/cache@v3
         env:
           cache-name: cache-modules
@@ -146,3 +149,9 @@ jobs:
         with:
           name: codechecker-diffs
           path: project/codechecker-diffs/*
+
+      - name: Post-build clean
+        # Only for self hosted runners
+        # Makes sure east init does not fail in the project setup
+        if: ${{ always() && !contains(runner.name, 'Github Action') }}
+        run: rm -rf ${{ github.workspace }}/.west

workflow-templates/zephyr/.github/workflows/publish-release.yaml

@@ -10,7 +10,6 @@ on:
 jobs:
   publish-new-release:
     runs-on: ubuntu-20.04
-    # runs-on: self-hosted
 
     steps:
       - name: Start

workflow-templates/zephyr/.github/workflows/twister.yaml

@@ -4,16 +4,15 @@ on:
   pull_request:
     types: [opened, reopened, synchronize]
 
+  workflow_dispatch:
+
 env:
   GIT_CREDENTIALS: ${{ secrets.GIT_CREDENTIALS }}
 
 jobs:
   twister-build:
     name: "Run Unit Tests"
-    # This version is a must, twister otherwise fails (some Python library
-    # depends on a specific version of libffi that is not present in the
-    # toolchain provided by nordic's toolchain manager).
-    runs-on: ubuntu-20.04
+    runs-on: self-hosted
     defaults:
       run:
         shell: bash
@@ -38,6 +37,7 @@ jobs:
           git config --global credential.helper '!f() { printf "%s\n" "username=runner" "password=$GIT_CREDENTIALS"; };f'
 
       - name: Install and cache apt packages
+        if: contains(runner.name, 'Github Action')
         uses: awalsh128/cache-apt-pkgs-action@latest
         with:
           packages: gcc-multilib lcov
@@ -46,6 +46,7 @@ jobs:
           version: 2.0
 
       - name: Retrieve cache
+        if: contains(runner.name, 'Github Action')
         uses: actions/cache@v3
         env:
           cache-name: cache-modules
@@ -115,11 +116,24 @@ jobs:
           path: |
             project/twister-out/coverage.info
 
+      - name: Post-build clean
+        # Only for self hosted runners
+        # Makes sure east init does not fail in the project setup
+        if: ${{ always() && !contains(runner.name, 'Github Action') }}
+        run: rm -rf ${{ github.workspace }}/.west
+
   twister-test-results:
     name: "Publish Unit Tests Results"
+    # WARNING: This step is incompatible with self-hosted runners as it uses the 'publish-unit-test-result' action.
+    # This would require us to run docker-in-docker in the self-hosted runner.
+
+    runs-on: ubuntu-22.04
+    permissions:
+      contents: read
+      issues: read
+      checks: write
     needs: twister-build
     if: always()
-    runs-on: ubuntu-20.04
 
     steps:
       - name: Download Artefacts
@@ -137,8 +151,14 @@ jobs:
 
   coverage-report:
     name: "Publish Coverage Report"
+    # NOTE: This action is not compatible with "workflow_dispatch" event, so
+    # it's not possible to run it manually.
+    runs-on: self-hosted
+    permissions:
+      issues: write
+      pull-requests: write
     needs: twister-build
-    runs-on: ubuntu-20.04
+    if: ${{ github.event_name == 'push' || github.event_name == 'pull_request' }}
 
     steps:
       - name: Download Artefacts
@@ -150,4 +170,4 @@ jobs:
       - name: Publish Coverage Report
         uses: romeovs/lcov-reporter-action@4cf015aa4afa87b78238301f1e3dc140ea0e1ec6
         with:
-          lcov-file: ./coverage-report/coverage.info
+          lcov-file: ./coverage-report/coverage.info