From f2409163f7cc06435e969c255f13192588e4f4e7 Mon Sep 17 00:00:00 2001 From: Maximilian Deubel Date: Mon, 4 Nov 2024 15:37:16 +0100 Subject: [PATCH] ci: reuse build step more Refactor workflows using build. This is to reduce workflow times. Signed-off-by: Maximilian Deubel --- .github/workflows/build.yml | 27 ++++++++- .github/workflows/dfu_check.yml | 104 ++++++++++++++++---------------- .github/workflows/on_target.yml | 10 +-- .github/workflows/test.yml | 10 ++- scripts/pmr_nrf91.txt | 4 +- 5 files changed, 89 insertions(+), 66 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 118d453a..745a6f1f 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -131,6 +131,13 @@ jobs: cp app/zephyr/zephyr.elf hello.nrfcloud.com-${{ env.VERSION }}-thingy91x-nrf91.elf cp dfu_application.zip hello.nrfcloud.com-${{ env.VERSION }}-thingy91x-nrf91-dfu.zip + - name: Create partition manager report for nRF91 firmware + working-directory: thingy91x-oob/app/build + run: | + ninja partition_manager_report + ninja partition_manager_report > pmr-nrf91-default-${{ env.VERSION }}.txt + sed -i '1d' pmr-nrf91-default-${{ env.VERSION }}.txt + - name: Upload artifact uses: actions/upload-artifact@v4 id: artifact-upload-oob @@ -140,6 +147,7 @@ jobs: path: | thingy91x-oob/app/build/hello.nrfcloud.com-*.* thingy91x-oob/app/build/nrf91-bl-*.hex + thingy91x-oob/app/build/pmr-nrf91-*.txt # Out-of-box debug firmware build @@ -172,6 +180,14 @@ jobs: cp app/zephyr/zephyr.elf hello.nrfcloud.com-${{ env.VERSION }}+debug-thingy91x-nrf91.elf cp dfu_application.zip hello.nrfcloud.com-${{ env.VERSION }}+debug-thingy91x-nrf91-dfu.zip + - name: Create partition manager report for nRF91 debug firmware + if: ${{ inputs.build_debug }} + working-directory: thingy91x-oob/app/build + run: | + ninja partition_manager_report + ninja partition_manager_report > pmr-nrf91-debug-${{ env.VERSION }}.txt + sed -i '1d' pmr-nrf91-debug-${{ env.VERSION }}.txt + - name: Upload artifact if: ${{ inputs.build_debug }} uses: actions/upload-artifact@v4 @@ -181,6 +197,7 @@ jobs: if-no-files-found: error path: | thingy91x-oob/app/build/hello.nrfcloud.com-*.* + thingy91x-oob/app/build/pmr-nrf91-*.txt # Connectivity Bridge firmware build @@ -189,6 +206,13 @@ jobs: run: | west build -b thingy91x/nrf5340/cpuapp -p --sysbuild -- -Dmcuboot_CONFIG_FW_INFO_FIRMWARE_VERSION=3 -DCONFIG_BUILD_S1_VARIANT=y + - name: Create partition manager report for nRF53 firmware + working-directory: nrf/applications/connectivity_bridge/build + run: | + ninja partition_manager_report + ninja partition_manager_report > pmr-nrf53-default-${{ env.VERSION }}.txt + sed -i '1d' pmr-nrf53-default-${{ env.VERSION }}.txt + - name: Create nrf53 merged_domains HEX file run: | # check that bootloader hex files are present @@ -224,6 +248,7 @@ jobs: path: | nrf/applications/connectivity_bridge/build/connectivity-bridge-*.* nrf/applications/connectivity_bridge/build/nrf53-bl-*.hex + nrf/applications/connectivity_bridge/build/pmr-nrf53-*.txt # Bootloader update build @@ -238,8 +263,6 @@ jobs: west build -b thingy91x/nrf5340/cpuapp -p --sysbuild -d ../nrf/applications/connectivity_bridge/build-bl-update ../nrf/applications/connectivity_bridge -- -Dmcuboot_CONFIG_FW_INFO_FIRMWARE_VERSION=4 -DCONFIG_BUILD_S1_VARIANT=y cp ../nrf/applications/connectivity_bridge/build-bl-update/dfu_mcuboot.zip \ connectivity-bridge-${{ env.VERSION }}-thingy91x-nrf53-bootloader.zip - cp ../nrf/applications/connectivity_bridge/build-bl-update/dfu_application.zip \ - connectivity-bridge-${{ env.VERSION }}-thingy91x-nrf53-verbose.zip - name: Upload artifact if: ${{ inputs.build_bl_update }} diff --git a/.github/workflows/dfu_check.yml b/.github/workflows/dfu_check.yml index d6971dea..5903c6b5 100644 --- a/.github/workflows/dfu_check.yml +++ b/.github/workflows/dfu_check.yml @@ -2,22 +2,19 @@ name: DFU image compatibility check on: workflow_call: + inputs: + artifact_run_id: + type: string + required: true workflow_dispatch: - push: - branches: - - main - pull_request: - paths: - - '**/*.c' - - '**/*.h' - - west.yml - - '**/CMakelists.txt' - - '**/Kconfig*' - - '**/prj.conf' + inputs: + artifact_run_id: + type: string + required: true jobs: - build: - name: Build and analyze + analyze: + name: Static analysis runs-on: ubuntu-latest container: ghcr.io/zephyrproject-rtos/ci:v0.26.14 env: @@ -36,7 +33,25 @@ jobs: west config manifest.group-filter +bsec west config build.sysbuild True west update -o=--depth=1 -n - west blobs fetch hal_nordic + + - name: Download artifacts + uses: actions/download-artifact@v4 + with: + pattern: firmware-* + merge-multiple: true + path: thingy91x-oob/artifacts + run-id: ${{ inputs.artifact_run_id }} + github-token: ${{ secrets.GITHUB_TOKEN }} + + - name: Unzip update ZIPs + working-directory: thingy91x-oob/artifacts + run: | + unzip -o -d nrf91-app-debug hello.nrfcloud.com-*+debug-thingy91x-nrf91-dfu.zip + rm hello.nrfcloud.com-*+debug-thingy91x-nrf91-dfu.zip + unzip -o -d nrf91-app hello.nrfcloud.com-*-thingy91x-nrf91-dfu.zip + unzip -o -d nrf91-bootloader hello.nrfcloud.com-*-thingy91x-nrf91-bootloader.zip + unzip -o -d nrf53-app connectivity-bridge-*-thingy91x-nrf53-dfu.zip + unzip -o -d nrf53-bootloader connectivity-bridge-*-thingy91x-nrf53-bootloader.zip - name: Install dependencies run: | @@ -55,69 +70,52 @@ jobs: python3 ${CI_NRF_DIR}/scripts/bootloader/keygen.py --public --in ${CI_NRF_DIR}/boards/nordic/thingy91x/nsib_signing_key.pem --out verifying_key_nrf91.pem python3 ${CI_NRF_DIR}/scripts/bootloader/keygen.py --public --in ${CI_NRF_DIR}/boards/nordic/thingy91x/nsib_signing_key_nrf5340.pem --out verifying_key_nrf53.pem - - name: Build OOB FW - working-directory: thingy91x-oob - run: | - west twister -T . -v -p thingy91x/nrf9151/ns --inline-logs --test app.build --test app.build.bootloader_update - - name: 'nrf91: check partition layout' - working-directory: thingy91x-oob/twister-out/thingy91x_nrf9151_ns/app/app.build/ + working-directory: thingy91x-oob/artifacts run: | - ninja partition_manager_report # need to run this twice - ninja partition_manager_report > partition_manager_report.txt - sed -i '1d' partition_manager_report.txt - diff --ignore-all-space --ignore-blank-lines partition_manager_report.txt ${CI_PROJECT_DIR}/scripts/pmr_nrf91.txt + diff --ignore-all-space --ignore-blank-lines pmr-nrf91-default-*.txt ${CI_PROJECT_DIR}/scripts/pmr_nrf91.txt - name: 'nrf91: check app image signature' working-directory: thingy91x-oob run: | - python3 ${CI_MCUBOOT_DIR}/scripts/imgtool.py verify -k ${CI_MCUBOOT_DIR}/root-ec-p256.pem twister-out/thingy91x_nrf9151_ns/app/app.build/app/zephyr/zephyr.signed.bin + python3 ${CI_MCUBOOT_DIR}/scripts/imgtool.py verify -k ${CI_MCUBOOT_DIR}/root-ec-p256.pem artifacts/hello.nrfcloud.com-*-thingy91x-nrf91-update-signed.bin - name: 'nrf91: check bootloader image signature' working-directory: thingy91x-oob run: | - python3 scripts/nsib_signature_check.py -i twister-out/thingy91x_nrf9151_ns/app/app.build/signed_by_mcuboot_and_b0_mcuboot.hex -p verifying_key_nrf91.pem -a 0x00008200 -v 2 - python3 scripts/nsib_signature_check.py -i twister-out/thingy91x_nrf9151_ns/app/app.build.bootloader_update/signed_by_mcuboot_and_b0_mcuboot.hex -p verifying_key_nrf91.pem -a 0x00008200 -v 3 - python3 scripts/nsib_signature_check.py -i twister-out/thingy91x_nrf9151_ns/app/app.build.bootloader_update/signed_by_mcuboot_and_b0_s1_image.hex -p verifying_key_nrf91.pem -a 0x0001c200 -v 3 + # python3 scripts/nsib_signature_check.py -i twister-out/thingy91x_nrf9151_ns/app/app.build/signed_by_mcuboot_and_b0_mcuboot.hex -p verifying_key_nrf91.pem -a 0x00008200 -v 2 + python3 scripts/nsib_signature_check.py -i artifacts/nrf91-bootloader/signed_by_mcuboot_and_b0_mcuboot.bin -p verifying_key_nrf91.pem -a 0x00008200 -v 3 + python3 scripts/nsib_signature_check.py -i artifacts/nrf91-bootloader/signed_by_mcuboot_and_b0_s1_image.bin -p verifying_key_nrf91.pem -a 0x0001c200 -v 3 - name: 'nrf91: check manifest slot indices' - working-directory: thingy91x-oob - run: | - grep '"slot_index_primary": "1"' twister-out/thingy91x_nrf9151_ns/app/app.build/dfu_application.zip_manifest.json - grep '"slot_index_secondary": "2"' twister-out/thingy91x_nrf9151_ns/app/app.build/dfu_application.zip_manifest.json - - - name: Build Connectivity Bridge - working-directory: nrf/applications/connectivity_bridge + working-directory: thingy91x-oob/artifacts run: | - west build -b thingy91x/nrf5340/cpuapp -p --sysbuild -- -Dmcuboot_CONFIG_FW_INFO_FIRMWARE_VERSION=3 -DCONFIG_BUILD_S1_VARIANT=y - west build -b thingy91x/nrf5340/cpuapp -p --sysbuild -d build-bl-update -- -Dmcuboot_CONFIG_FW_INFO_FIRMWARE_VERSION=4 -DCONFIG_BUILD_S1_VARIANT=y + grep '"slot_index_primary": "1"' nrf91-app/manifest.json + grep '"slot_index_secondary": "2"' nrf91-app/manifest.json - name: 'nrf53: check partition layout' - working-directory: nrf/applications/connectivity_bridge/build/ + working-directory: thingy91x-oob/artifacts run: | - ninja partition_manager_report # need to run this twice - ninja partition_manager_report > partition_manager_report.txt - sed -i '1d' partition_manager_report.txt - diff partition_manager_report.txt ${CI_PROJECT_DIR}/scripts/pmr_nrf53.txt + diff --ignore-all-space --ignore-blank-lines pmr-nrf53-default-*.txt ${CI_PROJECT_DIR}/scripts/pmr_nrf53.txt - name: 'nrf53: check app image signature' - working-directory: thingy91x-oob + working-directory: thingy91x-oob/artifacts run: | - python3 ${CI_MCUBOOT_DIR}/scripts/imgtool.py verify -k ${CI_MCUBOOT_DIR}/root-ec-p256.pem ../nrf/applications/connectivity_bridge/build/connectivity_bridge/zephyr/zephyr.signed.bin + python3 ${CI_MCUBOOT_DIR}/scripts/imgtool.py verify -k ${CI_MCUBOOT_DIR}/root-ec-p256.pem nrf53-app/connectivity_bridge.signed.bin - name: 'nrf53: check bootloader image signature' working-directory: thingy91x-oob run: | - python3 scripts/nsib_signature_check.py -i ../nrf/applications/connectivity_bridge/build/signed_by_mcuboot_and_b0_mcuboot.hex -p verifying_key_nrf53.pem -a 0x00008200 -v 3 - python3 scripts/nsib_signature_check.py -i ../nrf/applications/connectivity_bridge/build-bl-update/signed_by_mcuboot_and_b0_mcuboot.hex -p verifying_key_nrf53.pem -a 0x00008200 -v 4 - python3 scripts/nsib_signature_check.py -i ../nrf/applications/connectivity_bridge/build-bl-update/signed_by_mcuboot_and_b0_s1_image.hex -p verifying_key_nrf53.pem -a 0x0001c200 -v 4 + # python3 scripts/nsib_signature_check.py -i ../nrf/applications/connectivity_bridge/build/signed_by_mcuboot_and_b0_mcuboot.hex -p verifying_key_nrf53.pem -a 0x00008200 -v 3 + python3 scripts/nsib_signature_check.py -i artifacts/nrf53-bootloader/signed_by_mcuboot_and_b0_mcuboot.bin -p verifying_key_nrf53.pem -a 0x00008200 -v 4 + python3 scripts/nsib_signature_check.py -i artifacts/nrf53-bootloader/signed_by_mcuboot_and_b0_s1_image.bin -p verifying_key_nrf53.pem -a 0x0001c200 -v 4 - name: 'nrf53: check manifest slot indices' - working-directory: thingy91x-oob + working-directory: thingy91x-oob/artifacts run: | - grep '"slot_index_primary": "1"' ../nrf/applications/connectivity_bridge/build/dfu_application.zip_manifest.json - grep '"slot_index_secondary": "2"' ../nrf/applications/connectivity_bridge/build/dfu_application.zip_manifest.json + grep '"slot_index_primary": "1"' nrf53-app/manifest.json + grep '"slot_index_secondary": "2"' nrf53-app/manifest.json # check that there is also a second image for the network core - grep '"image_index": "1"' ../nrf/applications/connectivity_bridge/build/dfu_application.zip_manifest.json - grep '"slot_index_primary": "3"' ../nrf/applications/connectivity_bridge/build/dfu_application.zip_manifest.json - grep '"slot_index_secondary": "4"' ../nrf/applications/connectivity_bridge/build/dfu_application.zip_manifest.json + grep '"image_index": "1"' nrf53-app/manifest.json + grep '"slot_index_primary": "3"' nrf53-app/manifest.json + grep '"slot_index_secondary": "4"' nrf53-app/manifest.json diff --git a/.github/workflows/on_target.yml b/.github/workflows/on_target.yml index b86358ba..8d8a0c06 100644 --- a/.github/workflows/on_target.yml +++ b/.github/workflows/on_target.yml @@ -62,7 +62,7 @@ on: jobs: target_test: - name: Target Test + name: Test on target runs-on: self-hosted environment: production container: @@ -160,19 +160,13 @@ jobs: UART_ID: ${{ secrets.UART_DUT_2 }} NRF53_NET_HEX_FILE: artifacts/connectivity-bridge-${{ inputs.artifact_fw_version }}-thingy91x-nrf53-net.hex NRF53_APP_HEX_FILE: artifacts/connectivity-bridge-${{ inputs.artifact_fw_version }}-thingy91x-nrf53-app.hex - NRF53_APP_UPDATE_ZIP: artifacts/connectivity-bridge-${{ inputs.artifact_fw_version }}-thingy91x-nrf53-verbose.zip + NRF53_APP_UPDATE_ZIP: artifacts/connectivity-bridge-${{ inputs.artifact_fw_version }}-thingy91x-nrf53-dfu.zip NRF53_BL_UPDATE_ZIP: artifacts/connectivity-bridge-${{ inputs.artifact_fw_version }}-thingy91x-nrf53-bootloader.zip NRF91_HEX_FILE: artifacts/nrf91-bl-v2.hex NRF91_APP_UPDATE_ZIP: artifacts/hello.nrfcloud.com-${{ inputs.artifact_fw_version }}-thingy91x-nrf91-dfu.zip NRF91_BL_UPDATE_ZIP: artifacts/hello.nrfcloud.com-${{ inputs.artifact_fw_version }}-thingy91x-nrf91-bootloader.zip LOG_FILENAME: oob_dfu_test_log - # - name: Check nRF53 connectivity bridge version - # if: ${{ inputs.run_dfu_tests }} - # working-directory: thingy91x-oob - # run: | - # python3 ./tests/on_target/utils/thingy91x_dfu.py --check-nrf53-version --serial THINGY91X_${{ secrets.UART_DUT_2 }} 2>&1 >/dev/null | grep "S1: 1" - - name: Run Connectivity Bridge Test if: ${{ inputs.run_connectivity_bridge_tests }} working-directory: thingy91x-oob/tests/on_target diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index ba7e11a6..ba725d98 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -1,4 +1,4 @@ -name: Build and Test on Target +name: Build and Test on: workflow_dispatch: @@ -30,7 +30,13 @@ jobs: secrets: inherit with: build_bl_update: true - test: + dfu_check: + uses: ./.github/workflows/dfu_check.yml + needs: build + secrets: inherit + with: + artifact_run_id: ${{ needs.build.outputs.run_id }} + target_test: uses: ./.github/workflows/on_target.yml needs: build secrets: inherit diff --git a/scripts/pmr_nrf91.txt b/scripts/pmr_nrf91.txt index ab895006..77ab1150 100644 --- a/scripts/pmr_nrf91.txt +++ b/scripts/pmr_nrf91.txt @@ -25,7 +25,9 @@ +---0x30200: mcuboot_primary_app (0xcfe00 - 831kB)-+ | 0x30200: tfm (0x7e00 - 31kB) | +---0x38000: tfm_nonsecure (0xc8000 - 800kB)-------+ -| 0x38000: app (0xc8000 - 800kB) | +| 0x38000: app (0xb8000 - 736kB) | ++---0xf0000: nonsecure_storage (0x10000 - 64kB)----+ +| 0xf0000: memfault_storage (0x10000 - 64kB) | +--------------------------------------------------+ otp (0x2f4 - 756B):