- job:
    name: tf-a-builder-tfa-next
    node: docker-amd64-tf-a-jammy
    project-type: freestyle
    concurrent: true
    disabled: false
    defaults: global
    description: |
      Trusted Firmware A (TF-A) builder for Next
    properties:
      - build-discarder:
          days-to-keep: 15
          artifact-num-to-keep: 40000
    parameters:
      - string:
          name: import_cc
      - string:
          name: TEST_CONFIG
          description: |
            Original test configuration.
      - string:
          name: TEST_DESC
          description: |
            Expanded and normalized test configuration, aka "test description"
      - string:
          name: TF_GERRIT_PROJECT
          default: TF-A/trusted-firmware-a
      - string:
          name: TF_GERRIT_BRANCH
          default: refs/heads/master
      - string:
          name: TF_GERRIT_REFSPEC
          default: +refs/heads/master:refs/remotes/origin/master
      - string:
          name: TFTF_GERRIT_PROJECT
          default: TF-A/tf-a-tests
      - string:
          name: TFTF_GERRIT_BRANCH
          default: refs/heads/master
      - string:
          name: TFTF_GERRIT_REFSPEC
          default: +refs/heads/master:refs/remotes/origin/master
      - string:
          name: CI_REFSPEC
          default: +refs/heads/master:refs/remotes/origin/master
      - string:
          name: JOBS_REFSPEC
          default: refs/heads/master
          description: |
            tf-a-job-configs refspec to use. The master branch is used by default.
      - string:
          name: DOCKER_REGISTRY
          default: ${PRIVATE_CONTAINER_REGISTRY}
          description: PRIVATE_CONTAINER_REGISTRY is a system-wide environment variable
      - string:
          name: JUNO_ROOTFS_URL
          default: http://releases.linaro.org/openembedded/aarch64/17.01/linaro-image-minimal-genericarmv8-20170127-888.rootfs.tar.gz
      - string:
          name: MBEDTLS_URL
          default: https://github.com/Mbed-TLS/mbedtls/archive/mbedtls-3.6.3.tar.gz
      - string:
          name: GERRIT_PATCHSET_NUMBER
          default: ""
      - string:
          name: GERRIT_CHANGE_NUMBER
          default: ""
      - string:
          name: GERRIT_HOST
          default: review.trustedfirmware.org
      - string:
          name: QA_SERVER_TEAM
          default: tf
      - string:
          name: QA_SERVER_PROJECT
          default: tf-a
      - string:
          name: QA_SERVER_VERSION
          default: ${BUILD_NUMBER}
      - string:
          name: QA_SERVER
          default: https://qa-reports.linaro.org
      - string:
          name: QA_TOOLS_REPO
          default: https://git.gitlab.arm.com/tooling/qa-tools.git
      - string:
          name: QA_TOOLS_BRANCH
          default: master
      - string:
          name: LAVA_RETRIES
          default: 2
          description: |
            Number of tries submitting job to LAVA in case it fails (stopgap measure against nondeterministic failures)
      - string:
          name: USE_TUXSUITE_FVP
          default: 1
          description: |
            Whether to submit FVP tests via TuxSuite (instead of LAVA)
      - string:
          name: CLONE_REPOS
          default: tf-a-ci-scripts,trusted-firmware-a
          description: |
            Optional arg to clone only specific projects from default list (tf-a-ci-scripts,trusted-firmware-a,tf-a-tests,spm,tf-m-tests,tf-m-extras)
      - string:
          name: SHARE_FOLDER
          default: /srv/shared/${JOB_NAME}/${BUILD_NUMBER}
          description: Folder containing shared repositories for downstream pipeline jobs
    wrappers:
      - timestamps
      - timeout:
          timeout: 120
          fail: true
      - credentials-binding:
          - text:
              credential-id: QA_REPORTS_TOKEN
              variable: QA_REPORTS_TOKEN
      - credentials-binding:
          - text:
              credential-id: LAVA_USER_TF
              variable: LAVA_USER
      - credentials-binding:
          - text:
              credential-id: LAVA_TOKEN_TF
              variable: LAVA_TOKEN
      - credentials-binding:
          - text:
              credential-id: TUXSUITE_TOKEN
              variable: TUXSUITE_TOKEN
      - credentials-binding:
          - text:
              credential-id: TUXPUT_ARCHIVE_TOKEN
              variable: TUXPUT_ARCHIVE_TOKEN
      - credentials-binding:
          - text:
              credential-id: ARMCLANG_UBL_CODE
              variable: ARMCLANG_UBL_CODE
    builders:
      - shell: |
          aarch64-none-elf-gcc -v || true
      - shell: !include-raw: scripts/clone.sh
      - shell: !include-raw: tf-a-builder/builders.sh
      - inject:
          properties-file: artefacts/env
      - shell: |
          ln -s "artefacts/${BIN_MODE:-release}" "artefacts-lava"
          echo ${BIN_MODE:-release} >lava-binmode.txt
      - conditional-step:
          condition-kind: file-exists
          on-evaluation-failure: dont-run
          condition-filename: artefacts-lava/job.yaml
          condition-basedir: workspace
          steps:
            - shell: |
                #!/bin/bash
                set -e
                DEVICE_TYPE=fvp
                CUSTOM_YAML_URL=${BUILD_URL}/artifact/artefacts-lava/job.yaml
                DEVICE_TYPE=$(awk -F': ' '/device_type/ {print $2}' ${WORKSPACE}/artefacts-lava/job.yaml)
                # The job.yaml file specifies the download URL of the binaries for FVP tests.
                # Transform this "download" URL to a "publish" URL for uploading files to the S3 bucket.
                URL_FIP=$(grep -A1 'fip:' ${WORKSPACE}/artefacts-lava/job.yaml | grep 'url:' | sed -E 's+\s*url:\s*++' | sed -E 's+downloads.trustedfirmware.org+publish.trustedfirmware.org/upload+' | sed -E 's+/fip.bin++')
                URL_BL1=$(grep -A1 'bl1:' ${WORKSPACE}/artefacts-lava/job.yaml | grep 'url:' | sed -E 's+\s*url:\s*++' | sed -E 's+downloads.trustedfirmware.org+publish.trustedfirmware.org/upload+' | sed -E 's+/bl1.bin++')
                cat << EOF > ${WORKSPACE}/lava.param
                DEVICE_TYPE=${DEVICE_TYPE}
                URL_FIP=${URL_FIP}
                URL_BL1=${URL_BL1}
                LAVA_SERVER=tf.validation.linaro.org
                EOF
    publishers:
      - archive:
          artifacts: artefacts/**, lava-binmode.txt
          latest-only: false
          allow-empty: true
      - conditional-publisher:
          - condition-kind: file-exists
            on-evaluation-failure: dont-run
            condition-filename: artefacts-lava/job.yaml
            condition-basedir: workspace
            action:
              - postbuildscript:
                  mark-unstable-if-failed: true
                  builders:
                    - role: SLAVE
                      build-on:
                        - SUCCESS
                      build-steps:
                        - inject:
                            properties-file: ${WORKSPACE}/lava.param
                        - shell: |
                            #!/bin/bash -x

                            tf-a-job-configs/tf-a-builder/upload-tfa-next-artifacts.sh
                            tf-a-job-configs/tf-a-builder/submit-test-job.sh
                            status=$?
                            tf-a-job-configs/tf-a-builder/lava-log-process.sh
                            if [ $status -ne 0 ]; then
                                echo "LAVA JOB RESULT: 1"
                                exit 1
                            else
                                echo "LAVA JOB RESULT: 0"
                            fi
              - postbuildscript:
                  builders:
                    - role: SLAVE
                      build-on:
                        - SUCCESS
                      build-steps:
                        - shell: |
                            #!/bin/bash -e
                            echo "=== Starting expect-post tests ==="
                            ./tf-a-ci-scripts/script/expect-post-runner.sh
      - conditional-publisher:
          - condition-kind: file-exists
            on-evaluation-failure: dont-run
            condition-filename: lava-raw-debug.log
            condition-basedir: workspace
            action:
              - archive:
                  artifacts: lava-raw-debug.log
                  latest-only: false
                  allow-empty: true
      - archive:
          artifacts: lava.log, lava-*.log, tux.id, feedback.log, config_file.json, covtrace-*.log, trace_report/**
          latest-only: false
          allow-empty: true
      - groovy-postbuild:
          script: !include-raw:
            - tf-a-builder/postbuild.groovy