From 6ffebef9c4f9a663f9e3ac3da181e61fb18078fb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Tue, 29 Oct 2024 12:57:24 +0100
Subject: [PATCH] New all.sh wrapper with reduced scope (CI only)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
---
 tests/scripts/all.sh | 152 ++++++++++++++++++++++---------------------
 1 file changed, 79 insertions(+), 73 deletions(-)

diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 76738d9c0e..d09e2908e9 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -5,92 +5,98 @@
 # Copyright The Mbed TLS Contributors
 # SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
 
-# During the transition of CI associated with the repo split,
-# we want all.sh from the mbedtls repo to transparently run both
-# mbedtls and tf-psa-crypto components.
-# This is what this wrapper is about.
-# Once the transition is over, this wrapper can be removed,
-# and mbedtls-all.sh renamed again to all.sh.
-#
-# This wrapper is mostly for the CI's benefit. Developers probably want to
-# directly invoke one or two of the following commands:
+# This is a transitional wrapper that's only meant for the CI.
+# Developers should directly invoke on or two of:
 # - tests/scripts/mbedtls-all.sh ...
 # - (cd tf-psa-crypto && tests/scripts/all.sh ...)
+#
+# During the transition, it's illegal for a tf-psa-crypto component to have
+# the same name as an mbedtls components; since this wrapper handles both
+# sides at once, component names need to be globally unique. Once the
+# transition period is over, unicity on each side will be enough.
+#
+# For context, here are the steps of the transition:
+# 1. We have an all.sh in tf-psa-crypto but for now we don't invoke it directly
+# on the CI, only through this transitional wrapper in mbedtls. (tf-psa-crypto
+# doesn't have its own CI initially and runs Mbed TLS's instead.)
+# 2. We move all relevant components to tf-psa-crypto so that it gets the level of
+# coverage we want. We need to make sure the new names are unique.
+# 3. We change the CI job on tf-psa-crypto to stop checking out mbedtls and running
+# its all.sh - instead we do the normal thing of checking out tf-psa-crypto and
+# running its all.sh. (In two steps: (a) add the new job, (b) remove the old
+# one.)
+# 4. We remove the transitional wrapper in mbedtls and we're now free to rename
+# tf-psa-crypto components as we want. If we followed a consistent naming
+# pattern, this can be as simple as s/_tf_psa_crypto// in components-*.sh.
 
 # This script must be invoked from the project's root.
 
+# There are exactly 4 ways this is invoked in the CI:
+# 1. tests/scripts/all.sh --help
+# 2. tests/scripts/all.sh --list-all-components
+# 3. tests/scripts/all.sh --list-components
+# 4. tests/scripts/all.sh --seed 4 --keep-going single_component_name
+# This wrapper does not support other invocations.
+
 set -eu
 
+# Cases 1-3
+if [ "$#" -eq 1 ]; then
+    if [ "$1" = '--help' ]; then
+        # It doesn't matter which one we use, they're the same
+        tests/scripts/mbedtls-all.sh "$1"
+        exit 0
+    fi
+    if [ "$1" = '--list-all-components' -o "$1" = '--list-components' ]; then
+        # Invoke both
+        tests/scripts/mbedtls-all.sh "$1"
+        (cd tf-psa-crypto && tests/scripts/all.sh "$1")
+        exit 0
+    fi
+fi
+
+if [ "$#" -ne 4 -o "$1" != '--seed' -o "$3" != '--keep-going' ]; then
+    echo "This invocation is not supported by the transitional wrapper." >&2
+    echo "See the comments at the top of $0." >&2
+    exit 1
+fi
+
+# Case 4: invoke the right all.sh for this component
+comp_name=$4
+
 # Get the list of components available on each side.
-COMP_MBEDTLS=$(tests/scripts/mbedtls-all.sh --list-all-components | sort)
-COMP_CRYPTO=$(cd tf-psa-crypto && tests/scripts/all.sh --list-all-components | sort)
+COMP_MBEDTLS=$(tests/scripts/mbedtls-all.sh --list-all-components | tr '\n' ' ')
+COMP_CRYPTO=$(cd tf-psa-crypto && tests/scripts/all.sh --list-all-components | tr '\n' ' ')
 
-# Error out if any component is available on both sides
-COMMON=$(comm -12 <(echo "$COMP_MBEDTLS") <(echo "$COMP_CRYPTO") | tr '\n' ' ')
-if [ -n "$COMMON" ]; then
-    echo "The following components are duplicated: $COMMON" >&2
-    exit 2
-fi
-
-# all.sh complains when a component is requested explicitly but is not
-# available. However, here we actually run two instances of all.sh, so when
-# requesting one component epxlicitly, at least one instance is not going to
-# know about it. So, when invoking each side, remove the other side's
-# components from its command line. This is safe because we know from above
-# that no component is on both sides.
-
-# mbedtls args are global args without the crypto components
-COMP_CRYPTO=$(echo $COMP_CRYPTO | tr '\n' ' ')
-for arg in "$@"; do
-    case " $COMP_CRYPTO " in
-        *" $arg "*) ;;
-        *) mbedtls_args+=( $arg ) ;;
+# tell if $1 is in space-separated list $2
+is_in() {
+    needle=$1
+    haystack=$2
+    case " $haystack " in
+        *" $needle "*) echo 1;;
+        *) echo 0;;
     esac
-done
+}
 
-# crypto args are global args without the mbedtls components
-COMP_MBEDTLS=$(echo $COMP_MBEDTLS | tr '\n' ' ')
-for arg in "$@"; do
-    case " $COMP_MBEDTLS " in
-        *" $arg "*) ;;
-        *) crypto_args+=( $arg ) ;;
-    esac
-done
+is_crypto=$(is_in "$comp_name" "$COMP_CRYPTO")
+is_mbedtls=$(is_in "$comp_name" "$COMP_MBEDTLS")
 
-# Note: don't print debug info on what commands are being run, because we
-# don't want to pollute the output especially when --list-components is used.
-
-# call mbedtls's all.sh
-set +e
-tests/scripts/mbedtls-all.sh "${mbedtls_args[@]}"
-mbedtls_exit=$?
-set -e
-if [ $mbedtls_exit -ne 0 ]; then
-    echo "mbedtls-all.sh exited $mbedtls_exit" >&2
+# Component should be on exactly one side (see comment near the top).
+if [ "$is_crypto" -eq 1 -a "$is_mbedtls" -eq 1 ]; then
+    echo "Component '$comp_name' is both in crypto and Mbed TLS". >&2
+    echo "See the comments at the top of $0." >&2
+    exit 1
+fi
+if [ "$is_crypto" -eq 0 -a "$is_mbedtls" -eq 0 ]; then
+    echo "Component '$comp_name' is neither in crypto nor in Mbed TLS". >&2
+    echo "See the comments at the top of $0." >&2
+    exit 1
 fi
 
-# if it returned non-zero, should we keep going?
-if [ $mbedtls_exit -ne 0 ]; then
-     case " $@ " in
-         *" --keep-going "*) ;; # fall through and run tf-psa-crypto's all.sh
-         *) exit $mbedtls_exit;;
-     esac
-fi
-
-# call tf-psa-crypto's all.sh
-set +e
-(cd tf-psa-crypto && tests/scripts/all.sh "${crypto_args[@]}")
-crypto_exit=$?
-set -e
-if [ $crypto_exit -ne 0 ]; then
-    echo "tf-psa-crypto's all.sh exited $crypto_exit" >&2
-fi
-
-# return an appropriate exit code
-if [ $mbedtls_exit -ne 0 ]; then
-    echo "mbedtls-all.sh exited $mbedtls_exit" >&2
-    echo "Please scroll up for a summary of errors in mbedtls-all.sh" >&2
-    exit $mbedtls_exit
+# Invoke the real thing
+if [ "$is_crypto" -eq 1 ]; then
+    cd tf-psa-crypto
+    exec tests/scripts/all.sh "$@"
 else
-    exit $crypto_exit
+    exec tests/scripts/mbedtls-all.sh "$@"
 fi