ci: Build ROM release from versioned git ref

Signed-off-by: Benjamin Doron <benjamin.doron@9elements.com>
chipsalliance · Oct 17, 2024 · 456b551 · 456b551
1 parent eb80750
commit 456b551
Show file tree

Hide file tree

Showing 5 changed files with 266 additions and 17 deletions.
diff --git a/.github/workflows/fpga.yml b/.github/workflows/fpga.yml
@@ -22,6 +22,9 @@ on:
       hw-version:
         default: "latest"
         type: string
+      rom-ref:
+        default: "main"
+        type: string
       workflow_call:
         description: 'Set true for workflow_call'
         default: true
@@ -106,6 +109,24 @@ jobs:
       CACHE_BUSTER: 9ff0db888988
 
     steps:
+      - name: Checkout versioned ROM (${{ inputs.rom-ref }})
+        uses: actions/checkout@v3
+        with:
+          submodules: 'true'
+          ref: ${{ inputs.rom-ref }}
+
+      - name: Build ROM
+        run: |
+          # TODO: Confirm if this is the desired test behaviour
+          mkdir /tmp/caliptra-rom-firmware
+          cargo run -p caliptra-builder -- --all_elfs /tmp/caliptra-rom-firmware
+
+          if [ -z "${{ inputs.rom-logging }}" ] || [ "${{ inputs.rom-logging }}" == "false" ]; then
+            cargo run -p caliptra-builder -- --rom-no-log /tmp/caliptra-rom-firmware/caliptra-rom.bin
+          else
+            cargo run -p caliptra-builder -- --rom-with-log /tmp/caliptra-rom-firmware/caliptra-rom.bin
+          fi
+
       - name: Checkout repo
         uses: actions/checkout@v3
         with:
@@ -197,6 +218,10 @@ jobs:
           fi
           cargo run --release -p caliptra-builder --features=${FEATURES} -- --all_elfs /tmp/caliptra-test-firmware
 
+      - name: Merge ROM and firmware
+        run: |
+          mv /tmp/caliptra-rom-firmware/caliptra-rom*.elf /tmp/caliptra-test-firmware/
+
       - name: 'Upload test firmware artifact'
         uses: actions/upload-artifact@v4
         with:
@@ -418,7 +443,7 @@ jobs:
         run: |
           export RUST_TEST_THREADS=1
           TEST_BIN=/tmp/caliptra-test-binaries
-          VARS="CPTRA_UIO_NUM=4 CALIPTRA_PREBUILT_FW_DIR=/tmp/caliptra-test-firmware CALIPTRA_IMAGE_NO_GIT_REVISION=1"
+          VARS="CPTRA_UIO_NUM=4 CALIPTRA_PREBUILT_FW_DIR=/tmp/caliptra-test-firmware CALIPTRA_PREBUILT_ROM_BIN=/tmp/caliptra-rom-firmware/caliptra-rom.bin CALIPTRA_IMAGE_NO_GIT_REVISION=1"
 
           if [ "${{ inputs.rom-logging }}" == "true" ] || [ -z "${{ inputs.rom-logging }}" ]; then
             VARS+=" CPTRA_ROM_TYPE=ROM_WITH_UART"

diff --git a/.github/workflows/fw-test-emu.yml b/.github/workflows/fw-test-emu.yml
@@ -10,6 +10,9 @@ on:
       extra-features:
         default:
         type: string
+      rom-ref:
+        default: "main"
+        type: string
       rom-logging:
         default: true
         type: boolean
@@ -42,6 +45,27 @@ jobs:
           path: ~/.cargo/bin/cargo-nextest
           key: ${{ steps.nextest_bin_restore.outputs.cache-primary-key }}
 
+      - name: Checkout versioned ROM (${{ inputs.rom-ref }})
+        uses: actions/checkout@v3
+        with:
+          ref: ${{ inputs.rom-ref }}
+
+      - name: Pull dpe submodule
+        run: |
+          git submodule update --init dpe
+
+      - name: Build ROM
+        run: |
+          # TODO: Confirm if this is the desired test behaviour
+          mkdir /tmp/caliptra-rom-firmware
+          cargo run -p caliptra-builder -- --all_elfs /tmp/caliptra-rom-firmware
+
+          if [ -z "${{ inputs.rom-logging }}" ] || [ "${{ inputs.rom-logging }}" == "false" ]; then
+            cargo run -p caliptra-builder -- --rom-no-log /tmp/caliptra-rom-firmware/caliptra-rom.bin
+          else
+            cargo run -p caliptra-builder -- --rom-with-log /tmp/caliptra-rom-firmware/caliptra-rom.bin
+          fi
+
       - name: Checkout repo
         uses: actions/checkout@v3
 
@@ -54,9 +78,14 @@ jobs:
           mkdir /tmp/caliptra-test-firmware
           cargo run -p caliptra-builder -- --all_elfs /tmp/caliptra-test-firmware
 
+      - name: Merge ROM and firmware
+        run: |
+          mv /tmp/caliptra-rom-firmware/caliptra-rom*.elf /tmp/caliptra-test-firmware/
+
       - name: Run tests
         run: |
           export CALIPTRA_PREBUILT_FW_DIR=/tmp/caliptra-test-firmware
+          export CALIPTRA_PREBUILT_ROM_BIN=/tmp/caliptra-rom-firmware/caliptra-rom.bin
 
           if [ "${{ inputs.rom-logging }}" == "true" ] || [ -z "${{ inputs.rom-logging }}" ]; then
             export CPTRA_ROM_TYPE=ROM_WITH_UART

diff --git a/.github/workflows/versioned-full-build-test.yml b/.github/workflows/versioned-full-build-test.yml
@@ -0,0 +1,136 @@
+name: Versioned Build Test
+
+on:
+  workflow_dispatch:
+    inputs:
+      hw-version:
+        default: "latest"
+        type: string
+      rom-ref:
+        default: "main"
+        type: string
+      firmware-version:
+        default: "main"
+        type: string
+  pull_request:
+    inputs:
+      todo-remove-before-merging:
+        default: ""
+        type: string
+      hw-version:
+        default: "latest"
+        type: string
+      rom-ref:
+        default: "main"
+        type: string
+      firmware-version:
+        default: "main"
+        type: string
+
+jobs:
+  fpga-full-suite-etrng-log:
+    name: FPGA Suite (etrng, log)
+    uses: ./.github/workflows/fpga.yml
+    with:
+      artifact-suffix: -fpga-realtime-${{ inputs.hw-version }}-etrng-log
+      extra-features: slow_tests
+      hw-version: "${{ inputs.hw-version }}"
+      rom-ref: "${{ inputs.rom-ref }}"
+      rom-logging: true
+      fpga-itrng: false
+
+  fpga-full-suite-etrng-nolog:
+    name: FPGA Suite (etrng, nolog)
+    uses: ./.github/workflows/fpga.yml
+    with:
+      artifact-suffix: -fpga-realtime-${{ inputs.hw-version }}-etrng-nolog
+      extra-features: slow_tests
+      hw-version: "${{ inputs.hw-version }}"
+      rom-ref: "${{ inputs.rom-ref }}"
+      rom-logging: false
+      fpga-itrng: false
+
+  fpga-full-suite-itrng-log:
+    name: FPGA Suite (itrng, log)
+    uses: ./.github/workflows/fpga.yml
+    with:
+      artifact-suffix: -fpga-realtime-${{ inputs.hw-version }}-itrng-log
+      extra-features: slow_tests,itrng
+      hw-version: "${{ inputs.hw-version }}"
+      rom-ref: "${{ inputs.rom-ref }}"
+      rom-logging: true
+      fpga-itrng: true
+
+  fpga-full-suite-itrng-nolog:
+    name: FPGA Suite (itrng, nolog)
+    uses: ./.github/workflows/fpga.yml
+    with:
+      artifact-suffix: -fpga-realtime-${{ inputs.hw-version }}-itrng-nolog
+      extra-features: slow_tests,itrng
+      hw-version: "${{ inputs.hw-version }}"
+      rom-ref: "${{ inputs.rom-ref }}"
+      rom-logging: false
+      fpga-itrng: true
+
+  sw-emulator-full-suite-etrng-log:
+    name: sw-emulator Suite (etrng, log)
+    uses: ./.github/workflows/fw-test-emu.yml
+    with:
+      artifact-suffix: -sw-emulator-hw-${{ inputs.hw-version }}-etrng-log
+      extra-features: slow_tests
+      rom-ref: "${{ inputs.rom-ref }}"
+      rom-logging: true
+
+  sw-emulator-full-suite-etrng-nolog:
+    name: sw-emulator Suite (etrng, nolog)
+    uses: ./.github/workflows/fw-test-emu.yml
+    with:
+      artifact-suffix: -sw-emulator-hw-${{ inputs.hw-version }}-etrng-nolog
+      extra-features: slow_tests
+      rom-ref: "${{ inputs.rom-ref }}"
+      rom-logging: false
+
+  sw-emulator-full-suite-itrng-log:
+    name: sw-emulator Suite (itrng, log)
+    uses: ./.github/workflows/fw-test-emu.yml
+    with:
+      artifact-suffix: -sw-emulator-hw-${{ inputs.hw-version }}-itrng-log
+      extra-features: slow_tests,itrng
+      rom-ref: "${{ inputs.rom-ref }}"
+      rom-logging: true
+
+  sw-emulator-full-suite-itrng-nolog:
+    name: sw-emulator Suite (itrng, nolog)
+    uses: ./.github/workflows/fw-test-emu.yml
+    with:
+      artifact-suffix: -sw-emulator-hw-${{ inputs.hw-version }}-itrng-nolog
+      extra-features: slow_tests,itrng
+      rom-ref: "${{ inputs.rom-ref }}"
+      rom-logging: false
+
+  build-release:
+    name: Build Test Release
+    needs:
+      - fpga-full-suite-etrng-log
+      - fpga-full-suite-etrng-nolog
+      - fpga-full-suite-itrng-log
+      - fpga-full-suite-itrng-nolog
+      - sw-emulator-full-suite-etrng-log
+      - sw-emulator-full-suite-etrng-nolog
+      - sw-emulator-full-suite-itrng-log
+      - sw-emulator-full-suite-itrng-nolog
+
+    runs-on: ubuntu-22.04
+
+    permissions:
+      contents: write
+
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+          submodules: 'true'
+
+      - name: Generate release zip
+        run: |
+          ./ci-tools/release/build_release.sh "_versioned_build_test_" ${{ inputs.rom-ref }} ${{ inputs.firmware-version }}
diff --git a/builder/src/lib.rs b/builder/src/lib.rs
@@ -365,6 +365,22 @@ pub fn build_firmware_elf(id: &FwId<'static>) -> io::Result<Arc<Vec<u8>>> {
 /// Returns the most appropriate ROM for use when testing non-ROM code against
 /// a particular hardware version. DO NOT USE this for ROM-only tests.
 pub fn rom_for_fw_integration_tests() -> io::Result<Cow<'static, [u8]>> {
+    if let Some(rom_bin_var) = std::env::var_os("CALIPTRA_PREBUILT_ROM_BIN") {
+        let path = PathBuf::from(rom_bin_var);
+        // FIXME: Requires testing to confirm the long lifetime of this variable!
+        let rom_bin = std::fs::read(&path).map_err(|e| {
+            io::Error::new(
+                e.kind(),
+                format!(
+                    "CALIPTRA_PREBUILT_ROM_BIN environment variable is set, but while reading {}, encountered {}",
+                    path.display(),
+                    e
+                ),
+            )
+        })?;
+        return Ok(rom_bin.into());
+    }
+
     let rom_from_env = firmware::rom_from_env();
     if cfg!(feature = "hw-1.0") {
         if rom_from_env == &firmware::ROM {

diff --git a/ci-tools/release/build_release.sh b/ci-tools/release/build_release.sh
@@ -3,10 +3,10 @@
 
 set -euo pipefail
 
-# Check arg count
-if [ $# -ne 1 ]
+# Check arg count; TODO(benjamindoron): RTL and FPGA too, using hw_version?
+if [ $# -ne 1 -a $# -ne 3 ]
   then
-    echo "Usage: $(basename $0) <release_name>"
+    echo "Usage: $(basename $0) <release_name> [<rom_ref> <firmware_version>]"
 	exit -1
 fi
 
@@ -16,36 +16,71 @@ release_scripts_path=$(dirname "$0")
 rm -rf release
 mkdir -p $WORKSPACE_DIR
 
-# Generate ROM and Image Bundle Binary
-cargo run --manifest-path=builder/Cargo.toml --bin image -- --rom-no-log $WORKSPACE_DIR/caliptra-rom.bin --fw $WORKSPACE_DIR/image-bundle.bin
+# Regardless of arguments, determine commits
+if [ $# -eq 3 ]; then
+  rom_ref=$2
+  firmware_version=$3
+else
+  rom_ref=$(git rev-parse --short HEAD)
+  firmware_version=$(git rev-parse --short HEAD)
+fi
+
+if [ $rom_ref != $firmware_version ]; then
+  # Save state
+  git stash
+  previous_head=$(git rev-parse --short HEAD)
+
+  git restore Cargo.lock
+  git checkout $rom_ref
+fi
+
+# Generate ROM Binary
+cargo run --manifest-path=builder/Cargo.toml --bin image -- --rom-no-log $WORKSPACE_DIR/caliptra-rom.bin
 # Copy ROM ELF
 cp -a target/riscv32imc-unknown-none-elf/firmware/caliptra-rom $WORKSPACE_DIR/caliptra-rom.elf
-# Copy FMC ELF
-cp -a target/riscv32imc-unknown-none-elf/firmware/caliptra-fmc $WORKSPACE_DIR/caliptra-fmc.elf
-# Copy Runtime FW ELF
-cp -a target/riscv32imc-unknown-none-elf/firmware/caliptra-runtime $WORKSPACE_DIR/caliptra-runtime.elf
 
 # Generate rom-with-log
 cargo run --manifest-path=builder/Cargo.toml --bin image -- --rom-with-log $WORKSPACE_DIR/caliptra-rom-with-log.bin
-
 # Copy ROM-with-log ELF
 cp -a target/riscv32imc-unknown-none-elf/firmware/caliptra-rom $WORKSPACE_DIR/caliptra-rom-with-log.elf
 
-# Generate fake ROM and Image Bundle Binary
-cargo run --manifest-path=builder/Cargo.toml --bin image -- --fake-rom $WORKSPACE_DIR/fake-caliptra-rom.bin --fake-fw $WORKSPACE_DIR/fake-image-bundle.bin
+# Generate fake ROM Binary
+cargo run --manifest-path=builder/Cargo.toml --bin image -- --fake-rom $WORKSPACE_DIR/fake-caliptra-rom.bin
 # Copy fake ROM ELF
 cp -a target/riscv32imc-unknown-none-elf/firmware/caliptra-rom $WORKSPACE_DIR/fake-caliptra-rom.elf
+
+if [ $rom_ref != $firmware_version ]; then
+  git restore Cargo.lock
+  git checkout $firmware_version
+fi
+
+# Generate Image Bundle Binary
+cargo run --manifest-path=builder/Cargo.toml --bin image -- --fw $WORKSPACE_DIR/image-bundle.bin
+# Copy FMC ELF
+cp -a target/riscv32imc-unknown-none-elf/firmware/caliptra-fmc $WORKSPACE_DIR/caliptra-fmc.elf
+# Copy Runtime FW ELF
+cp -a target/riscv32imc-unknown-none-elf/firmware/caliptra-runtime $WORKSPACE_DIR/caliptra-runtime.elf
+
+# Generate fake Image Bundle Binary
+cargo run --manifest-path=builder/Cargo.toml --bin image -- --fake-fw $WORKSPACE_DIR/fake-image-bundle.bin
 # Copy fake FMC ELF
 cp -a target/riscv32imc-unknown-none-elf/firmware/caliptra-fmc $WORKSPACE_DIR/fake-caliptra-fmc.elf
 # Copy fake Runtime FW ELF
 cp -a target/riscv32imc-unknown-none-elf/firmware/caliptra-runtime $WORKSPACE_DIR/fake-caliptra-runtime.elf
 
-# Copy RTL
-cp -rf hw/latest/rtl $WORKSPACE_DIR/caliptra-rtl
+# Copy RTL and FPGA Model
+if [ -d hw ]; then
+  cp -rf hw/latest/rtl $WORKSPACE_DIR/caliptra-rtl
+  cp -rf hw/fpga $WORKSPACE_DIR/fpga
+elif [ -d hw-latest ]; then
+  cp -rf hw-latest/caliptra-rtl $WORKSPACE_DIR/caliptra-rtl
+  cp -rf hw-latest/fpga $WORKSPACE_DIR/fpga
+else
+  echo "Unable to find HW source code!"
+  exit -1
+fi
 # Copy libcaliptra
 cp -rf libcaliptra $WORKSPACE_DIR/libcaliptra
-# Copy FPGA Model
-cp -rf hw/fpga $WORKSPACE_DIR/fpga
 
 # Calculate RTL hash
 # Generate file list (excluding files integrators will modify)
@@ -84,6 +119,14 @@ echo -e "\tFPGA Model: fpga/" >> $WORKSPACE_DIR/release_notes.txt
 echo -e "\tRTL hash tool: rtl_hash.sh" >> $WORKSPACE_DIR/release_notes.txt
 echo -e "\tRTL hash file list: rtl_hash_file_list.txt" >> $WORKSPACE_DIR/release_notes.txt
 
+# Restore state
+if [ $rom_ref != $firmware_version ]; then
+  git restore Cargo.lock
+  git checkout $previous_head
+
+  git stash pop
+fi
+
 # Generate Zip
 cd ./release/workspace
 zip -r ../release.zip ./*