Skip to content

Commit c6ffa92

Browse files
docs(03-build): add QNX SDP provisioning
1 parent c9a446a commit c6ffa92

4 files changed

Lines changed: 109 additions & 11 deletions

File tree

.github/workflows/pr.yml

Lines changed: 22 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -49,3 +49,25 @@ jobs:
4949
path: _build
5050
retention-days: 1
5151
if-no-files-found: error
52+
53+
# FIXME: remove this block
54+
- name: Create build metadata
55+
# FIXME: temp for development
56+
# "ref_name": "${{ github.ref_name }}",
57+
run: |
58+
cat > build-info.json <<'EOF'
59+
{
60+
"event_name": "${{ github.event_name }}",
61+
"pr_number": "${{ github.event.pull_request.number }}",
62+
"ref_name": "main",
63+
"head_sha": "${{ github.sha }}"
64+
}
65+
EOF
66+
67+
# FIXME: remove this block
68+
- name: Upload build metadata
69+
uses: actions/upload-artifact@v7.0.1
70+
with:
71+
name: build-metadata
72+
path: build-info.json
73+
retention-days: 1

docs/explanation/03-build-infrastructure.md

Lines changed: 65 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -208,6 +208,71 @@ Rust already shows the same separation more explicitly. [eclipse-score/toolchain
208208
- Shared toolchains need visible ownership and an upgrade cadence or repositories will drift again.
209209
- **Biggest gap**: no cross-repository process clearly defines who owns toolchain baselines and how changes propagate.
210210

211+
### 3.3.5 QNX SDP Provisioning
212+
213+
*How the QNX Software Development Platform is obtained and made available to Bazel C++ builds.*
214+
215+
The QNX SDP — the compiler, headers, and libraries required for QNX cross-compilation — is a commercial artifact distributed separately from the toolchain configuration. Its provisioning path is distinct from the Bazel toolchain registration in `bazel_cpp_toolchains` and determines how reliably builds can acquire the SDP in CI and in local developer environments.
216+
217+
License on CI: A separate [`setup-qnx-sdp`](https://github.com/eclipse-score/cicd-actions) composite action handles license activation only; it does not fetch or unpack the SDP
218+
219+
License locally: License credentials are injected through environment variables.
220+
221+
#### Today
222+
223+
The SDP is downloaded as a tar archive from QNX.com via a hardcoded dependency URL in Bazel. Forks may overwrite this dependency.
224+
225+
```{mermaid}
226+
flowchart LR
227+
qnxcom(["QNX.com"])
228+
sdp_tar["`QNX SDP
229+
〈artefact: tar〉`"]
230+
env_cfg(["Local Environment variables"])
231+
license(["License"])
232+
action_setup["`setup-qnx-sdp
233+
(license only)`"]
234+
bazel["Bazel build C++"]
235+
236+
qnxcom --> sdp_tar
237+
sdp_tar -->|"hardcoded dependency URL"| bazel
238+
action_setup --> license
239+
env_cfg --> license
240+
241+
license -->|"activates license only"| bazel
242+
```
243+
244+
The license and the SDP fetch are deliberately separate.
245+
246+
#### Soon (planned)
247+
248+
The target model does not rely on QMX.com, but rather uses the QNX CLI distributed with QNX Software Center to produce a local SDP. That SDP is then stored in bazel cache, on your local computer, in ci cache, on protected eclipse artefact storage, or on company-internal artefact storage — and Bazel receives a user-defined flag that tells it where to find the SDP. For local developer environments the intended invocation is:
249+
250+
```text
251+
bazel run //:local_qnx_sdp -- --path=/opt/qnx_sdp
252+
# or
253+
local_qnx_sdp.sh --path=/opt/qnx_sdp
254+
```
255+
256+
```{mermaid}
257+
flowchart TD
258+
qnx_sc(["QNX Software Center"])
259+
qnx_cli["`QNX CLI
260+
〈tool〉`"]
261+
sdp_dir["`QNX SDP
262+
〈artefact: directory tree〉`"]
263+
art_store[("Artefact storage
264+
eclipse · company-internal · local")]
265+
bazel["Bazel build C++"]
266+
267+
qnx_sc -.-> qnx_cli
268+
qnx_cli -.-> sdp_dir
269+
sdp_dir -.-> art_store
270+
art_store -.->|"user-defined flag"| bazel
271+
```
272+
273+
The central unsolved problem in this model is how we can provide this SDP as a true bazel dependency to qnx-related builds, as it has a **non-deterministic SDP output**. So building the SDP on the fly produces a different archive hash on every invocation. Bazel treats a changed hash as a changed dependency, which invalidates the **entire** C++ build cache and forces a full recompilation of all downstream targets on every run. Until the SDP can be built deterministically using it as a bazel dependency is not practical.
274+
275+
211276
## 3.4 Build Reproducibility & Evidence ⚪
212277

213278
*Ensuring builds are deterministic and produce trustworthy evidence from the same inputs.*

docs/explanation/04-testing-infrastructure.md

Lines changed: 12 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -69,12 +69,18 @@ The execution pipeline for ITF tests follows a layered model. Bazel invokes a py
6969
```{mermaid}
7070
graph TD
7171
bazel["bazel test //path:my_itf_test"]
72-
pytest["pytest runner\n(py_itf_test macro)"]
73-
plugin["ITF Plugin\n(Docker / QEMU / Hardware)"]
74-
target["Target environment\n(container / VM / device)"]
75-
caps["@requires_capabilities\nskip if not available"]
76-
results["JUnit XML\n($XML_OUTPUT_FILE)"]
77-
trace["@add_test_properties\ntraceability metadata"]
72+
pytest["`pytest runner
73+
(py_itf_test macro)`"]
74+
plugin["`ITF Plugin
75+
(Docker / QEMU / Hardware)`"]
76+
target["`Target environment
77+
(container / VM / device)`"]
78+
caps["`@requires_capabilities
79+
skip if not available`"]
80+
results["`JUnit XML
81+
($XML_OUTPUT_FILE)`"]
82+
trace["`@add_test_properties
83+
traceability metadata`"]
7884
7985
bazel --> pytest
8086
pytest --> plugin

docs/explanation/07-automation-integration.md

Lines changed: 10 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -24,21 +24,26 @@ graph TD
2424
schedule["Schedule / release trigger"]
2525
2626
subgraph shared["Shared workflow libraries"]
27-
cwf["`cicd-workflows\non-pr.yml · daily.yml`"]
28-
cac["`cicd-actions\n(composite actions)`"]
27+
cwf["`cicd-workflows
28+
on-pr.yml · daily.yml`"]
29+
cac["`cicd-actions
30+
(composite actions)`"]
2931
end
3032
3133
subgraph runners["Runners"]
32-
cloud["GitHub-hosted\n(cloud: x86, ARM, KVM)"]
33-
hw["Self-hosted\n(hardware: RPi, automotive SoC)"]
34+
cloud["`GitHub-hosted
35+
(cloud: x86, ARM, KVM)`"]
36+
hw["`Self-hosted
37+
(hardware: RPi, automotive SoC)`"]
3438
end
3539
3640
pr --> cwf
3741
schedule --> cwf
3842
cwf --> cac
3943
cac --> cloud
4044
cac --> hw
41-
cloud --> results["Status checks\nArtifacts / evidence"]
45+
cloud --> results["`Status checks
46+
Artifacts / evidence`"]
4247
hw --> results
4348
results -->|"required checks via otterdog"| pr
4449
```

0 commit comments

Comments
 (0)