From ee1925ee1b6ed69155b580ef22eb76513b116ebe Mon Sep 17 00:00:00 2001
From: Benjamin Doron <benjamin.doron@9elements.com>
Date: Thu, 4 Jul 2024 13:19:19 -0400
Subject: [PATCH] ci: Build ROM release from versioned git ref

Signed-off-by: Benjamin Doron <benjamin.doron@9elements.com>
---
 .github/workflows/fpga.yml                    |  25 ++++
 .github/workflows/fw-test-emu.yml             |  21 +++
 .../workflows/versioned-full-build-test.yml   | 122 ++++++++++++++++++
 ci-tools/release/build_release.sh             |  60 +++++++--
 4 files changed, 216 insertions(+), 12 deletions(-)
 create mode 100644 .github/workflows/versioned-full-build-test.yml

diff --git a/.github/workflows/fpga.yml b/.github/workflows/fpga.yml
index db2604eb77..3eb57ac05a 100644
--- a/.github/workflows/fpga.yml
+++ b/.github/workflows/fpga.yml
@@ -22,6 +22,9 @@ on:
       hw-version:
         default: "latest"
         type: string
+      rom-ref:
+        default: "main"
+        type: string
       workflow_call:
         description: 'Set true for workflow_call'
         default: true
@@ -106,6 +109,17 @@ jobs:
       CACHE_BUSTER: 9ff0db888988
 
     steps:
+      - name: Checkout versioned ROM (${{ inputs.rom-ref }})
+        uses: actions/checkout@v3
+        with:
+          submodules: 'true'
+          ref: ${{ inputs.rom-ref }}
+
+      - name: Build ROM
+        run: |
+          mkdir /tmp/caliptra-rom-firmware
+          cargo run -p caliptra-builder -- --all_elfs /tmp/caliptra-rom-firmware
+
       - name: Checkout repo
         uses: actions/checkout@v3
         with:
@@ -197,6 +211,10 @@ jobs:
           fi
           cargo run --release -p caliptra-builder --features=${FEATURES} -- --all_elfs /tmp/caliptra-test-firmware
 
+      - name: Merge ROM and firmware
+        run: |
+          mv /tmp/caliptra-rom-firmware/caliptra-rom*.elf /tmp/caliptra-test-firmware/
+
       - name: 'Upload test firmware artifact'
         uses: actions/upload-artifact@v4
         with:
@@ -347,6 +365,13 @@ jobs:
       - name: Checkout repo
         uses: actions/checkout@v3
 
+      - name: Checkout versioned ROM (${{ inputs.rom-ref }})
+        uses: actions/checkout@v3
+        with:
+          ref: ${{ inputs.rom-ref }}
+          sparse-checkout: |
+            rom
+
       - name: Pull dpe submodule
         run: |
           git submodule update --init dpe
diff --git a/.github/workflows/fw-test-emu.yml b/.github/workflows/fw-test-emu.yml
index b600ba6231..73832edcad 100644
--- a/.github/workflows/fw-test-emu.yml
+++ b/.github/workflows/fw-test-emu.yml
@@ -10,6 +10,9 @@ on:
       extra-features:
         default:
         type: string
+      rom-ref:
+        default: "main"
+        type: string
       rom-logging:
         default: true
         type: boolean
@@ -42,6 +45,20 @@ jobs:
           path: ~/.cargo/bin/cargo-nextest
           key: ${{ steps.nextest_bin_restore.outputs.cache-primary-key }}
 
+      - name: Checkout versioned ROM (${{ inputs.rom-ref }})
+        uses: actions/checkout@v3
+        with:
+          ref: ${{ inputs.rom-ref }}
+
+      - name: Pull dpe submodule
+        run: |
+          git submodule update --init dpe
+
+      - name: Build ROM
+        run: |
+          mkdir /tmp/caliptra-rom-firmware
+          cargo run -p caliptra-builder -- --all_elfs /tmp/caliptra-rom-firmware
+
       - name: Checkout repo
         uses: actions/checkout@v3
 
@@ -54,6 +71,10 @@ jobs:
           mkdir /tmp/caliptra-test-firmware
           cargo run -p caliptra-builder -- --all_elfs /tmp/caliptra-test-firmware
 
+      - name: Merge ROM and firmware
+        run: |
+          mv /tmp/caliptra-rom-firmware/caliptra-rom*.elf /tmp/caliptra-test-firmware/
+
       - name: Run tests
         run: |
           export CALIPTRA_PREBUILT_FW_DIR=/tmp/caliptra-test-firmware
diff --git a/.github/workflows/versioned-full-build-test.yml b/.github/workflows/versioned-full-build-test.yml
new file mode 100644
index 0000000000..4142cb6184
--- /dev/null
+++ b/.github/workflows/versioned-full-build-test.yml
@@ -0,0 +1,122 @@
+name: Versioned Build Test
+
+on:
+  workflow_dispatch:
+    inputs:
+      hw-version:
+        default: "latest"
+        type: string
+      rom-ref:
+        default: "main"
+        type: string
+      firmware-version:
+        default: "main"
+        type: string
+
+jobs:
+  fpga-full-suite-etrng-log:
+    name: FPGA Suite (etrng, log)
+    uses: ./.github/workflows/fpga.yml
+    with:
+      artifact-suffix: -fpga-realtime-${{ inputs.hw-version }}-etrng-log
+      extra-features: slow_tests
+      hw-version: "${{ inputs.hw-version }}"
+      rom-ref: "${{ inputs.rom-ref }}"
+      rom-logging: true
+      fpga-itrng: false
+
+  fpga-full-suite-etrng-nolog:
+    name: FPGA Suite (etrng, nolog)
+    uses: ./.github/workflows/fpga.yml
+    with:
+      artifact-suffix: -fpga-realtime-${{ inputs.hw-version }}-etrng-nolog
+      extra-features: slow_tests
+      hw-version: "${{ inputs.hw-version }}"
+      rom-ref: "${{ inputs.rom-ref }}"
+      rom-logging: false
+      fpga-itrng: false
+
+  fpga-full-suite-itrng-log:
+    name: FPGA Suite (itrng, log)
+    uses: ./.github/workflows/fpga.yml
+    with:
+      artifact-suffix: -fpga-realtime-${{ inputs.hw-version }}-itrng-log
+      extra-features: slow_tests,itrng
+      hw-version: "${{ inputs.hw-version }}"
+      rom-ref: "${{ inputs.rom-ref }}"
+      rom-logging: true
+      fpga-itrng: true
+
+  fpga-full-suite-itrng-nolog:
+    name: FPGA Suite (itrng, nolog)
+    uses: ./.github/workflows/fpga.yml
+    with:
+      artifact-suffix: -fpga-realtime-${{ inputs.hw-version }}-itrng-nolog
+      extra-features: slow_tests,itrng
+      hw-version: "${{ inputs.hw-version }}"
+      rom-ref: "${{ inputs.rom-ref }}"
+      rom-logging: false
+      fpga-itrng: true
+
+  sw-emulator-full-suite-etrng-log:
+    name: sw-emulator Suite (etrng, log)
+    uses: ./.github/workflows/fw-test-emu.yml
+    with:
+      artifact-suffix: -sw-emulator-hw-${{ inputs.hw-version }}-etrng-log
+      extra-features: slow_tests
+      rom-ref: "${{ inputs.rom-ref }}"
+      rom-logging: true
+
+  sw-emulator-full-suite-etrng-nolog:
+    name: sw-emulator Suite (etrng, nolog)
+    uses: ./.github/workflows/fw-test-emu.yml
+    with:
+      artifact-suffix: -sw-emulator-hw-${{ inputs.hw-version }}-etrng-nolog
+      extra-features: slow_tests
+      rom-ref: "${{ inputs.rom-ref }}"
+      rom-logging: false
+
+  sw-emulator-full-suite-itrng-log:
+    name: sw-emulator Suite (itrng, log)
+    uses: ./.github/workflows/fw-test-emu.yml
+    with:
+      artifact-suffix: -sw-emulator-hw-${{ inputs.hw-version }}-itrng-log
+      extra-features: slow_tests,itrng
+      rom-ref: "${{ inputs.rom-ref }}"
+      rom-logging: true
+
+  sw-emulator-full-suite-itrng-nolog:
+    name: sw-emulator Suite (itrng, nolog)
+    uses: ./.github/workflows/fw-test-emu.yml
+    with:
+      artifact-suffix: -sw-emulator-hw-${{ inputs.hw-version }}-itrng-nolog
+      extra-features: slow_tests,itrng
+      rom-ref: "${{ inputs.rom-ref }}"
+      rom-logging: false
+
+  build-release:
+    name: Build Test Release
+    needs:
+      - fpga-full-suite-etrng-log
+      - fpga-full-suite-etrng-nolog
+      - fpga-full-suite-itrng-log
+      - fpga-full-suite-itrng-nolog
+      - sw-emulator-full-suite-etrng-log
+      - sw-emulator-full-suite-etrng-nolog
+      - sw-emulator-full-suite-itrng-log
+      - sw-emulator-full-suite-itrng-nolog
+
+    runs-on: ubuntu-22.04
+
+    permissions:
+      contents: write
+
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+          submodules: 'true'
+
+      - name: Generate release zip
+        run: |
+          ./ci-tools/release/build_release.sh "_versioned_build_test_" ${{ inputs.rom-ref }} ${{ inputs.firmware-version }}
diff --git a/ci-tools/release/build_release.sh b/ci-tools/release/build_release.sh
index e44850e9de..0eb5b19f27 100755
--- a/ci-tools/release/build_release.sh
+++ b/ci-tools/release/build_release.sh
@@ -3,10 +3,10 @@
 
 set -euo pipefail
 
-# Check arg count
-if [ $# -ne 1 ]
+# Check arg count; TODO(benjamindoron): RTL and FPGA too, using hw_version?
+if [ $# -ne 1 -a $# -ne 3 ]
   then
-    echo "Usage: $(basename $0) <release_name>"
+    echo "Usage: $(basename $0) <release_name> [<rom_ref> <firmware_version>]"
 	exit -1
 fi
 
@@ -16,25 +16,54 @@ release_scripts_path=$(dirname "$0")
 rm -rf release
 mkdir -p $WORKSPACE_DIR
 
-# Generate ROM and Image Bundle Binary
-cargo run --manifest-path=builder/Cargo.toml --bin image -- --rom-no-log $WORKSPACE_DIR/caliptra-rom.bin --fw $WORKSPACE_DIR/image-bundle.bin
+# Regardless of arguments, determine commits
+if [ $# -eq 3 ]
+  then
+    rom_ref=$2
+    firmware_version=$3
+  else
+    rom_ref=$(git rev-parse --short HEAD)
+    firmware_version=$(git rev-parse --short HEAD)
+fi
+
+if [ $rom_ref != $firmware_version ]
+  then
+    # Save state
+    git stash
+    previous_head=$(git rev-parse --short HEAD)
+
+    git checkout $rom_ref
+fi
+
+# Generate ROM Binary
+cargo run --manifest-path=builder/Cargo.toml --bin image -- --rom-no-log $WORKSPACE_DIR/caliptra-rom.bin
 # Copy ROM ELF
 cp -a target/riscv32imc-unknown-none-elf/firmware/caliptra-rom $WORKSPACE_DIR/caliptra-rom.elf
-# Copy FMC ELF
-cp -a target/riscv32imc-unknown-none-elf/firmware/caliptra-fmc $WORKSPACE_DIR/caliptra-fmc.elf
-# Copy Runtime FW ELF
-cp -a target/riscv32imc-unknown-none-elf/firmware/caliptra-runtime $WORKSPACE_DIR/caliptra-runtime.elf
 
 # Generate rom-with-log
 cargo run --manifest-path=builder/Cargo.toml --bin image -- --rom-with-log $WORKSPACE_DIR/caliptra-rom-with-log.bin
-
 # Copy ROM-with-log ELF
 cp -a target/riscv32imc-unknown-none-elf/firmware/caliptra-rom $WORKSPACE_DIR/caliptra-rom-with-log.elf
 
-# Generate fake ROM and Image Bundle Binary
-cargo run --manifest-path=builder/Cargo.toml --bin image -- --fake-rom $WORKSPACE_DIR/fake-caliptra-rom.bin --fake-fw $WORKSPACE_DIR/fake-image-bundle.bin
+# Generate fake ROM Binary
+cargo run --manifest-path=builder/Cargo.toml --bin image -- --fake-rom $WORKSPACE_DIR/fake-caliptra-rom.bin
 # Copy fake ROM ELF
 cp -a target/riscv32imc-unknown-none-elf/firmware/caliptra-rom $WORKSPACE_DIR/fake-caliptra-rom.elf
+
+if [ $rom_ref != $firmware_version ]
+  then
+    git checkout $firmware_version
+fi
+
+# Generate Image Bundle Binary
+cargo run --manifest-path=builder/Cargo.toml --bin image -- --fw $WORKSPACE_DIR/image-bundle.bin
+# Copy FMC ELF
+cp -a target/riscv32imc-unknown-none-elf/firmware/caliptra-fmc $WORKSPACE_DIR/caliptra-fmc.elf
+# Copy Runtime FW ELF
+cp -a target/riscv32imc-unknown-none-elf/firmware/caliptra-runtime $WORKSPACE_DIR/caliptra-runtime.elf
+
+# Generate fake Image Bundle Binary
+cargo run --manifest-path=builder/Cargo.toml --bin image -- --fake-fw $WORKSPACE_DIR/fake-image-bundle.bin
 # Copy fake FMC ELF
 cp -a target/riscv32imc-unknown-none-elf/firmware/caliptra-fmc $WORKSPACE_DIR/fake-caliptra-fmc.elf
 # Copy fake Runtime FW ELF
@@ -84,6 +113,13 @@ echo -e "\tFPGA Model: fpga/" >> $WORKSPACE_DIR/release_notes.txt
 echo -e "\tRTL hash tool: rtl_hash.sh" >> $WORKSPACE_DIR/release_notes.txt
 echo -e "\tRTL hash file list: rtl_hash_file_list.txt" >> $WORKSPACE_DIR/release_notes.txt
 
+# Restore state
+if [ $rom_ref != $firmware_version ]
+  then
+    git checkout $previous_head
+    git stash pop
+fi
+
 # Generate Zip
 cd ./release/workspace
 zip -r ../release.zip ./*