- job:
    name: tf-a-builder-tfa-next
    node: docker-amd64-tf-a-jammy
    project-type: freestyle
    concurrent: true
    disabled: false
    defaults: global
    description: |
      Trusted Firmware A (TF-A) builder for Next
    properties:
        - build-discarder:
            days-to-keep: 15
            artifact-num-to-keep: 40000
    parameters:
        - string:
            name: import_cc
        - string:
            name: TEST_CONFIG
            description: |
              Original test configuration.
        - string:
            name: TEST_DESC
            description: |
              Expanded and normalized test configuration, aka "test description"
        - string:
            name: TF_GERRIT_PROJECT
            default: 'TF-A/trusted-firmware-a'
        - string:
            name: TF_GERRIT_BRANCH
            default: 'refs/heads/master'
        - string:
            name: TF_GERRIT_REFSPEC
            default: '+refs/heads/master:refs/remotes/origin/master'
        - string:
            name: TFTF_GERRIT_PROJECT
            default: 'TF-A/tf-a-tests'
        - string:
            name: TFTF_GERRIT_BRANCH
            default: 'refs/heads/master'
        - string:
            name: TFTF_GERRIT_REFSPEC
            default: '+refs/heads/master:refs/remotes/origin/master'
        - string:
            name: CI_REFSPEC
            default: '+refs/heads/master:refs/remotes/origin/master'
        - string:
            name: JOBS_REFSPEC
            default: 'refs/heads/master'
            description: |
                tf-a-job-configs refspec to use. The master branch is used by default.
        - string:
            name: DOCKER_REGISTRY
            default: ${PRIVATE_CONTAINER_REGISTRY}
            description: PRIVATE_CONTAINER_REGISTRY is a system-wide environment variable
        - string:
            name: JUNO_ROOTFS_URL
            default: 'http://releases.linaro.org/openembedded/aarch64/17.01/linaro-image-minimal-genericarmv8-20170127-888.rootfs.tar.gz'
        - string:
            name: MBEDTLS_URL
            default: 'https://github.com/Mbed-TLS/mbedtls/archive/mbedtls-3.6.3.tar.gz'
        - string:
            name: GERRIT_PATCHSET_NUMBER
            default: ''
        - string:
            name: GERRIT_CHANGE_NUMBER
            default: ''
        - string:
            name: GERRIT_HOST
            default: 'review.trustedfirmware.org'
        - string:
            name: QA_SERVER_TEAM
            default: 'tf'
        - string:
            name: QA_SERVER_PROJECT
            default: 'tf-a'
        - string:
            name: QA_SERVER_VERSION
            default: ${BUILD_NUMBER}
        - string:
            name: QA_SERVER
            default: 'https://qa-reports.linaro.org'
        - string:
            name: QA_TOOLS_REPO
            default: 'https://git.gitlab.arm.com/tooling/qa-tools.git'
        - string:
            name: QA_TOOLS_BRANCH
            default: 'master'
        - string:
            name: LAVA_RETRIES
            default: 2
            description: |
              Number of tries submitting job to LAVA in case it fails (stopgap measure against nondeterministic failures)
        - string:
            name: USE_TUXSUITE_FVP
            default: 1
            description: |
              Whether to submit FVP tests via TuxSuite (instead of LAVA)
        - string:
            name: CLONE_REPOS
            default: "tf-a-ci-scripts,trusted-firmware-a"
            description: |
              Optional arg to clone only specific projects from default list (tf-a-ci-scripts,trusted-firmware-a,tf-a-tests,spm,tf-m-tests,tf-m-extras)
        - string:
            name: SHARE_FOLDER
            default: '/srv/shared/${JOB_NAME}/${BUILD_NUMBER}'
            description: 'Folder containing shared repositories for downstream pipeline jobs'
    wrappers:
        - timestamps
        - timeout:
            timeout: 120
            fail: true
        - credentials-binding:
            - text:
                credential-id: QA_REPORTS_TOKEN
                variable: QA_REPORTS_TOKEN
        - credentials-binding:
            - text:
                credential-id: LAVA_USER_TF
                variable: LAVA_USER
        - credentials-binding:
            - text:
                credential-id: LAVA_TOKEN_TF
                variable: LAVA_TOKEN
        - credentials-binding:
            - text:
                credential-id: TUXSUITE_TOKEN
                variable: TUXSUITE_TOKEN
        - credentials-binding:
            - text:
                credential-id: TUXPUT_ARCHIVE_TOKEN
                variable: TUXPUT_ARCHIVE_TOKEN
        - credentials-binding:
            - text:
                credential-id: ARMCLANG_UBL_CODE
                variable: ARMCLANG_UBL_CODE
    builders:
        - shell: |
            aarch64-none-elf-gcc -v || true
        - shell:
            !include-raw: scripts/clone.sh
        - shell:
            !include-raw: tf-a-builder/builders.sh
        - inject:
            properties-file: artefacts/env
        - shell: |
            ln -s "artefacts/${BIN_MODE:-release}" "artefacts-lava"
            echo ${BIN_MODE:-release} >lava-binmode.txt
        - conditional-step:
            condition-kind: file-exists
            on-evaluation-failure: dont-run
            condition-filename: artefacts-lava/job.yaml
            condition-basedir: workspace
            steps:
            - shell:  |
                #!/bin/bash
                set -e
                DEVICE_TYPE=fvp
                CUSTOM_YAML_URL=${BUILD_URL}/artifact/artefacts-lava/job.yaml
                DEVICE_TYPE=$(awk -F': ' '/device_type/ {print $2}' ${WORKSPACE}/artefacts-lava/job.yaml)
                # The job.yaml file specifies the download URL of the binaries for FVP tests.
                # Transform this "download" URL to a "publish" URL for uploading files to the S3 bucket.
                URL_FIP=$(grep -A1 'fip:' ${WORKSPACE}/artefacts-lava/job.yaml | grep 'url:' | sed -E 's+\s*url:\s*++' | sed -E 's+downloads.trustedfirmware.org+publish.trustedfirmware.org/upload+' | sed -E 's+/fip.bin++')
                URL_BL1=$(grep -A1 'bl1:' ${WORKSPACE}/artefacts-lava/job.yaml | grep 'url:' | sed -E 's+\s*url:\s*++' | sed -E 's+downloads.trustedfirmware.org+publish.trustedfirmware.org/upload+' | sed -E 's+/bl1.bin++')
                cat << EOF > ${WORKSPACE}/lava.param
                DEVICE_TYPE=${DEVICE_TYPE}
                URL_FIP=${URL_FIP}
                URL_BL1=${URL_BL1}
                LAVA_SERVER=tf.validation.linaro.org
                EOF
    publishers:
        - archive:
            artifacts: artefacts/**, lava-binmode.txt
            latest-only: false
            allow-empty: true
        - conditional-publisher:
          - condition-kind: file-exists
            on-evaluation-failure: dont-run
            condition-filename: artefacts-lava/job.yaml
            condition-basedir: workspace
            action:
                - postbuildscript:
                    mark-unstable-if-failed: true
                    builders:
                        - role: SLAVE
                          build-on:
                              - SUCCESS
                          build-steps:
                            - inject:
                                properties-file: ${WORKSPACE}/lava.param
                            - shell: |
                                #!/bin/bash -x

                                tf-a-job-configs/tf-a-builder/upload-tfa-next-artifacts.sh
                                tf-a-job-configs/tf-a-builder/submit-test-job.sh
                                status=$?
                                tf-a-job-configs/tf-a-builder/lava-log-process.sh
                                if [ $status -ne 0 ]; then
                                    echo "LAVA JOB RESULT: 1"
                                    exit 1
                                else
                                    echo "LAVA JOB RESULT: 0"
                                fi
                - postbuildscript:
                    builders:
                        - role: SLAVE
                          build-on:
                              - SUCCESS
                          build-steps:
                            - shell: |
                                #!/bin/bash -e
                                echo "=== Starting expect-post tests ==="
                                ./tf-a-ci-scripts/script/expect-post-runner.sh
        - conditional-publisher:
          - condition-kind: file-exists
            on-evaluation-failure: dont-run
            condition-filename: lava-raw-debug.log
            condition-basedir: workspace
            action:
                - archive:
                    artifacts: lava-raw-debug.log
                    latest-only: false
                    allow-empty: true
        - archive:
            artifacts: lava.log, lava-*.log, tux.id, feedback.log, config_file.json, covtrace-*.log, trace_report/**
            latest-only: false
            allow-empty: true
        - groovy-postbuild:
            script:
                !include-raw:
                  - tf-a-builder/postbuild.groovy
