From 9be374f1e4cc5ff0a937f589ad5305e27baa86f6 Mon Sep 17 00:00:00 2001
From: Justin Wood <woody@apple.com>
Date: Fri, 29 Jul 2022 14:46:28 -0700
Subject: [PATCH] Run crypto tests (only) under BoringSSL from unified build
 (#21168) (#21200)

Add a new default option enable_host_clang_boringssl_crypto_tests
to the unified build that runs the tests from src/crypto and
src/credentials only.

Also add an option enable_host_clang_boringssl_build that runs all of
the tests (and builds any tools), which is not enabled by default.

This gives some coverage to BoringSSL without costing a full build
(it would be even cheaper if we could swap out the CryptoPAL via
the command line..)

Co-authored-by: Michael Spang <spang@google.com>
---
 .github/workflows/build.yaml        | 12 ++++++++----
 BUILD.gn                            | 24 ++++++++++++++++++++++++
 config/boringssl/toolchain/BUILD.gn | 26 ++++++++++++++++++++++++++
 3 files changed, 58 insertions(+), 4 deletions(-)
 create mode 100644 config/boringssl/toolchain/BUILD.gn

diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
index 273b1fd3de5cd6..880ac523e9d296 100644
--- a/.github/workflows/build.yaml
+++ b/.github/workflows/build.yaml
@@ -384,10 +384,14 @@ jobs:
                           # (similar to what examples-linux-standalone.yaml
                           # does), so use target_os="all" to get those picked
                           # up as part of the "unified" build.  But then to
-                          # save CI resources we want to exclude the
-                          # "host clang" build, which uses the pigweed
-                          # clang.
-                          "default") GN_ARGS='target_os="all" is_asan=true enable_host_clang_build=false';;
+                          # save CI resources we want to exclude a few
+                          # redundant things:
+                          #
+                          # * the mbedtls build, since we don't really plan to
+                          #   use that on Darwin.
+                          # * the "host clang" build, which uses the pigweed
+                          #   clang.
+                          "default") GN_ARGS='target_os="all" is_asan=true enable_host_clang_build=false enable_host_clang_boringssl_crypto_tests=false';;
                           "python_lib") GN_ARGS='enable_rtti=true enable_pylib=true';;
                       esac
                       BUILD_TYPE=$BUILD_TYPE scripts/build/gn_gen.sh --args="$GN_ARGS" --export-compile-commands
diff --git a/BUILD.gn b/BUILD.gn
index c252ef6d45dbb1..8b27b9f4096588 100644
--- a/BUILD.gn
+++ b/BUILD.gn
@@ -250,6 +250,13 @@ if (current_toolchain != "${dir_pw_toolchain}/default:default") {
         enable_default_builds && host_os != "win" &&
         !(is_asan == true && host_os == "mac")
 
+    # Enable building chip with clang & boringssl
+    enable_host_clang_boringssl_build = false
+
+    # Enable limited testing with clang & boringssl
+    enable_host_clang_boringssl_crypto_tests =
+        enable_default_builds && host_os != "win"
+
     # Build the chip-cert tool.
     enable_standalone_chip_cert_build =
         enable_default_builds && host_os != "win" && chip_crypto == "openssl"
@@ -352,6 +359,23 @@ if (current_toolchain != "${dir_pw_toolchain}/default:default") {
     }
   }
 
+  if (enable_host_clang_boringssl_build) {
+    chip_build("host_clang_boringssl") {
+      toolchain = "${chip_root}/config/boringssl/toolchain:${host_os}_${host_cpu}_clang_boringssl"
+    }
+
+    builds += [ ":host_clang_boringssl" ]
+  }
+
+  if (enable_host_clang_boringssl_crypto_tests) {
+    chip_build("host_clang_boringssl_crypto_tests") {
+      test_group = "//src:crypto_tests"
+      toolchain = "${chip_root}/config/boringssl/toolchain:${host_os}_${host_cpu}_clang_boringssl"
+    }
+
+    builds += [ ":host_clang_boringssl_crypto_tests" ]
+  }
+
   if (enable_android_builds) {
     chip_build("android_arm") {
       toolchain = "${build_root}/toolchain/android:android_arm"
diff --git a/config/boringssl/toolchain/BUILD.gn b/config/boringssl/toolchain/BUILD.gn
new file mode 100644
index 00000000000000..e342311e27a4bd
--- /dev/null
+++ b/config/boringssl/toolchain/BUILD.gn
@@ -0,0 +1,26 @@
+# Copyright (c) 2020 Project CHIP Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import("//build_overrides/build.gni")
+
+import("${build_root}/toolchain/gcc_toolchain.gni")
+
+gcc_toolchain("${host_os}_${host_cpu}_clang_boringssl") {
+  toolchain_args = {
+    current_os = host_os
+    current_cpu = host_cpu
+    is_clang = true
+    chip_crypto = "boringssl"
+  }
+}