From 2e9b0ffacf01fd7f756a2c311ee264e02265901a Mon Sep 17 00:00:00 2001
From: Peter Nose <peter.nose@gmail.com>
Date: Wed, 30 Nov 2022 09:26:42 +0100
Subject: [PATCH] buildkite: Start intel sgx e2e test jobs sooner

---
 .buildkite/code.pipeline.yml | 104 +++++++++++++++++------------------
 .changelog/5078.trivial.md   |   0
 2 files changed, 52 insertions(+), 52 deletions(-)
 create mode 100644 .changelog/5078.trivial.md

diff --git a/.buildkite/code.pipeline.yml b/.buildkite/code.pipeline.yml
index 5e7c599d83d..bc006a72e66 100644
--- a/.buildkite/code.pipeline.yml
+++ b/.buildkite/code.pipeline.yml
@@ -192,127 +192,127 @@ steps:
     plugins:
       <<: *docker_plugin
 
-  ###############
-  # E2E test jobs
-  ###############
-  - label: E2E tests
+  ###########################
+  # E2E test jobs - intel-sgx
+  ###########################
+  - label: E2E tests - intel-sgx (basic)
     depends_on:
       - "build-go"
       - "build-rust-runtime-loader"
       - "build-rust-runtimes"
-    parallelism: 30
-    timeout_in_minutes: 15
+    branches: "!master !stable/*"
+    parallelism: 2
+    timeout_in_minutes: 20
     command:
       - .buildkite/scripts/download_e2e_test_artifacts.sh
-      - .buildkite/scripts/test_e2e.sh
+      # Needed as the trust-root test rebuilds the enclave with embedded trust root data.
+      - cargo install --locked --path tools
+      - export CFLAGS_x86_64_fortanix_unknown_sgx="-isystem/usr/include/x86_64-linux-gnu -mlvi-hardening -mllvm -x86-experimental-lvi-inline-asm-hardening"
+      - export CC_x86_64_fortanix_unknown_sgx=clang-11
+      # Only run runtime scenarios as others do not use SGX.
+      - .buildkite/scripts/test_e2e.sh --scenario e2e/runtime/runtime-encryption --scenario e2e/runtime/trust-root/.+ --scenario e2e/runtime/keymanager-key-generation
     artifact_paths:
       - coverage-merged-e2e-*.txt
       - /tmp/e2e/**/*.log
       - /tmp/e2e/**/genesis.json
       - /tmp/e2e/**/runtime_genesis.json
     env:
+      # Unsafe flags needed as the trust-root test rebuilds the enclave with embedded trust root data.
+      OASIS_UNSAFE_SKIP_AVR_VERIFY: "1"
+      OASIS_UNSAFE_ALLOW_DEBUG_ENCLAVES: "1"
       OASIS_E2E_COVERAGE: enable
-      # Since the trust-root scenarios are tested in SGX mode (for which they are actually relevant)
-      # no need to also test them in non-SGX mode in CI. Also exclude txsource-multi-short so that
-      # we ensure it runs only on non-SGX agents.
-      OASIS_EXCLUDE_E2E: e2e/runtime/trust-root/simple,e2e/runtime/trust-root/change,e2e/runtime/trust-root/change-fails,e2e/runtime/txsource-multi-short
       TEST_BASE_DIR: /tmp
+    agents:
+      queue: intel-sgx
     retry:
       <<: *retry_agent_failure
     plugins:
-      <<: *docker_plugin
+      <<: *docker_plugin_sgx
 
-  - label: E2E tests (txsource-multi-short)
+  - label: E2E tests - intel-sgx (full)
     depends_on:
       - "build-go"
       - "build-rust-runtime-loader"
       - "build-rust-runtimes"
-    timeout_in_minutes: 15
+    branches: master stable/*
+    parallelism: 20
+    timeout_in_minutes: 20
     command:
       - .buildkite/scripts/download_e2e_test_artifacts.sh
-      - .buildkite/scripts/test_e2e.sh --scenario e2e/runtime/txsource-multi-short
+      # Needed as the trust-root test rebuilds the enclave with embedded trust root data.
+      - cargo install --locked --path tools
+      # Only run runtime scenarios as others do not use SGX.
+      - .buildkite/scripts/test_e2e.sh --scenario e2e/runtime/.*
     artifact_paths:
       - coverage-merged-e2e-*.txt
       - /tmp/e2e/**/*.log
-      - /tmp/e2e/**/genesis.json
-      - /tmp/e2e/**/runtime_genesis.json
     env:
+      # Unsafe flags needed as the trust-root test rebuilds the enclave with embedded trust root data.
+      OASIS_UNSAFE_SKIP_AVR_VERIFY: "1"
+      OASIS_UNSAFE_ALLOW_DEBUG_ENCLAVES: "1"
       OASIS_E2E_COVERAGE: enable
+      OASIS_EXCLUDE_E2E: e2e/runtime/txsource-multi,e2e/runtime/txsource-multi-short
       TEST_BASE_DIR: /tmp
     agents:
-      buildkite_agent_class: ephemeral # XXX: Use a dedicated tag instead.
+      queue: intel-sgx
     retry:
       <<: *retry_agent_failure
     plugins:
-      <<: *docker_plugin
+      <<: *docker_plugin_sgx
 
-  ###########################
-  # E2E test jobs - intel-sgx
-  ###########################
-  - label: E2E tests - intel-sgx (basic)
+  ###############
+  # E2E test jobs
+  ###############
+  - label: E2E tests
     depends_on:
       - "build-go"
       - "build-rust-runtime-loader"
       - "build-rust-runtimes"
-    branches: "!master !stable/*"
-    parallelism: 2
-    timeout_in_minutes: 20
+    parallelism: 30
+    timeout_in_minutes: 15
     command:
       - .buildkite/scripts/download_e2e_test_artifacts.sh
-      # Needed as the trust-root test rebuilds the enclave with embedded trust root data.
-      - cargo install --locked --path tools
-      - export CFLAGS_x86_64_fortanix_unknown_sgx="-isystem/usr/include/x86_64-linux-gnu -mlvi-hardening -mllvm -x86-experimental-lvi-inline-asm-hardening"
-      - export CC_x86_64_fortanix_unknown_sgx=clang-11
-      # Only run runtime scenarios as others do not use SGX.
-      - .buildkite/scripts/test_e2e.sh --scenario e2e/runtime/runtime-encryption --scenario e2e/runtime/trust-root/.+ --scenario e2e/runtime/keymanager-key-generation
+      - .buildkite/scripts/test_e2e.sh
     artifact_paths:
       - coverage-merged-e2e-*.txt
       - /tmp/e2e/**/*.log
       - /tmp/e2e/**/genesis.json
       - /tmp/e2e/**/runtime_genesis.json
     env:
-      # Unsafe flags needed as the trust-root test rebuilds the enclave with embedded trust root data.
-      OASIS_UNSAFE_SKIP_AVR_VERIFY: "1"
-      OASIS_UNSAFE_ALLOW_DEBUG_ENCLAVES: "1"
       OASIS_E2E_COVERAGE: enable
+      # Since the trust-root scenarios are tested in SGX mode (for which they are actually relevant)
+      # no need to also test them in non-SGX mode in CI. Also exclude txsource-multi-short so that
+      # we ensure it runs only on non-SGX agents.
+      OASIS_EXCLUDE_E2E: e2e/runtime/trust-root/simple,e2e/runtime/trust-root/change,e2e/runtime/trust-root/change-fails,e2e/runtime/txsource-multi-short
       TEST_BASE_DIR: /tmp
-    agents:
-      queue: intel-sgx
     retry:
       <<: *retry_agent_failure
     plugins:
-      <<: *docker_plugin_sgx
+      <<: *docker_plugin
 
-  - label: E2E tests - intel-sgx (full)
+  - label: E2E tests (txsource-multi-short)
     depends_on:
       - "build-go"
       - "build-rust-runtime-loader"
       - "build-rust-runtimes"
-    branches: master stable/*
-    parallelism: 20
-    timeout_in_minutes: 20
+    timeout_in_minutes: 15
     command:
       - .buildkite/scripts/download_e2e_test_artifacts.sh
-      # Needed as the trust-root test rebuilds the enclave with embedded trust root data.
-      - cargo install --locked --path tools
-      # Only run runtime scenarios as others do not use SGX.
-      - .buildkite/scripts/test_e2e.sh --scenario e2e/runtime/.*
+      - .buildkite/scripts/test_e2e.sh --scenario e2e/runtime/txsource-multi-short
     artifact_paths:
       - coverage-merged-e2e-*.txt
       - /tmp/e2e/**/*.log
+      - /tmp/e2e/**/genesis.json
+      - /tmp/e2e/**/runtime_genesis.json
     env:
-      # Unsafe flags needed as the trust-root test rebuilds the enclave with embedded trust root data.
-      OASIS_UNSAFE_SKIP_AVR_VERIFY: "1"
-      OASIS_UNSAFE_ALLOW_DEBUG_ENCLAVES: "1"
       OASIS_E2E_COVERAGE: enable
-      OASIS_EXCLUDE_E2E: e2e/runtime/txsource-multi,e2e/runtime/txsource-multi-short
       TEST_BASE_DIR: /tmp
     agents:
-      queue: intel-sgx
+      buildkite_agent_class: ephemeral # XXX: Use a dedicated tag instead.
     retry:
       <<: *retry_agent_failure
     plugins:
-      <<: *docker_plugin_sgx
+      <<: *docker_plugin
 
   ################################################
   # E2E test - intel-sgx with IAS (only on master)
diff --git a/.changelog/5078.trivial.md b/.changelog/5078.trivial.md
new file mode 100644
index 00000000000..e69de29bb2d