all.sh: wrapper for both mbedtls and tf-psa-crypto
In order to avoid changing the CI job's definition (which fewer team
members understand, compared to shell scripts), just have a wrapper so
that all.sh does both mbedtls and tf-psa-crypto under the hood for now.
When tf-psa-crypto has its own CI running its own all.sh (with enough
components migrated to get sufficient coverage) we can remove this hack.
Rejected strategy: modify all-core.sh so that when running in mbedtls,
it also sources components-*.sh from tf-psa-crypto, remembers which
components come from Mbed TLS and which come from crypto, and magically
adjust the environment for each component it runs. Rejected because it's
hard to be confident we're adjusting everything that needs adjusting in
the environment. Having separate processes seems much safer.
The downside is we get more complexity around error handling (check for
components requested but not available, --keep-going). When using
--keep-going with failing component(s) in mbedtls and some components in
tf-psa-crypto, the output is not satisfying for humans as we don't have
a nice summary of all errors at the end like we normally would.
IMO this is acceptable since:
- this wrapper is transitional and should be removed in a few months;
- it is mainly for the benefit of the CI; humans can always invoke the
underlying commands directly.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index a73c090..76738d9 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -1,16 +1,96 @@
 #! /usr/bin/env bash
 
-# all.sh
+# all.sh (transitional wrapper)
 #
 # Copyright The Mbed TLS Contributors
 # SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
 
-# This file is executable; it is the entry point for users and the CI.
-# See "Files structure" in all-core.sh for other files used.
+# During the transition of CI associated with the repo split,
+# we want all.sh from the mbedtls repo to transparently run both
+# mbedtls and tf-psa-crypto components.
+# This is what this wrapper is about.
+# Once the transition is over, this wrapper can be removed,
+# and mbedtls-all.sh renamed again to all.sh.
+#
+# This wrapper is mostly for the CI's benefit. Developers probably want to
+# directly invoke one or two of the following commands:
+# - tests/scripts/mbedtls-all.sh ...
+# - (cd tf-psa-crypto && tests/scripts/all.sh ...)
 
 # This script must be invoked from the project's root.
 
-# The path is going to change when this is moved to the framework
-source tests/scripts/all-core.sh
+set -eu
 
-main "$@"
+# Get the list of components available on each side.
+COMP_MBEDTLS=$(tests/scripts/mbedtls-all.sh --list-all-components | sort)
+COMP_CRYPTO=$(cd tf-psa-crypto && tests/scripts/all.sh --list-all-components | sort)
+
+# Error out if any component is available on both sides
+COMMON=$(comm -12 <(echo "$COMP_MBEDTLS") <(echo "$COMP_CRYPTO") | tr '\n' ' ')
+if [ -n "$COMMON" ]; then
+    echo "The following components are duplicated: $COMMON" >&2
+    exit 2
+fi
+
+# all.sh complains when a component is requested explicitly but is not
+# available. However, here we actually run two instances of all.sh, so when
+# requesting one component epxlicitly, at least one instance is not going to
+# know about it. So, when invoking each side, remove the other side's
+# components from its command line. This is safe because we know from above
+# that no component is on both sides.
+
+# mbedtls args are global args without the crypto components
+COMP_CRYPTO=$(echo $COMP_CRYPTO | tr '\n' ' ')
+for arg in "$@"; do
+    case " $COMP_CRYPTO " in
+        *" $arg "*) ;;
+        *) mbedtls_args+=( $arg ) ;;
+    esac
+done
+
+# crypto args are global args without the mbedtls components
+COMP_MBEDTLS=$(echo $COMP_MBEDTLS | tr '\n' ' ')
+for arg in "$@"; do
+    case " $COMP_MBEDTLS " in
+        *" $arg "*) ;;
+        *) crypto_args+=( $arg ) ;;
+    esac
+done
+
+# Note: don't print debug info on what commands are being run, because we
+# don't want to pollute the output especially when --list-components is used.
+
+# call mbedtls's all.sh
+set +e
+tests/scripts/mbedtls-all.sh "${mbedtls_args[@]}"
+mbedtls_exit=$?
+set -e
+if [ $mbedtls_exit -ne 0 ]; then
+    echo "mbedtls-all.sh exited $mbedtls_exit" >&2
+fi
+
+# if it returned non-zero, should we keep going?
+if [ $mbedtls_exit -ne 0 ]; then
+     case " $@ " in
+         *" --keep-going "*) ;; # fall through and run tf-psa-crypto's all.sh
+         *) exit $mbedtls_exit;;
+     esac
+fi
+
+# call tf-psa-crypto's all.sh
+set +e
+(cd tf-psa-crypto && tests/scripts/all.sh "${crypto_args[@]}")
+crypto_exit=$?
+set -e
+if [ $crypto_exit -ne 0 ]; then
+    echo "tf-psa-crypto's all.sh exited $crypto_exit" >&2
+fi
+
+# return an appropriate exit code
+if [ $mbedtls_exit -ne 0 ]; then
+    echo "mbedtls-all.sh exited $mbedtls_exit" >&2
+    echo "Please scroll up for a summary of errors in mbedtls-all.sh" >&2
+    exit $mbedtls_exit
+else
+    exit $crypto_exit
+fi
diff --git a/tests/scripts/mbedtls-all.sh b/tests/scripts/mbedtls-all.sh
new file mode 100755
index 0000000..cdf296d
--- /dev/null
+++ b/tests/scripts/mbedtls-all.sh
@@ -0,0 +1,16 @@
+#! /usr/bin/env bash
+
+# all.sh (mbedtls part)
+#
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+
+# This file is executable; it is the entry point for users and the CI.
+# See "Files structure" in all-core.sh for other files used.
+
+# This script must be invoked from the project's root.
+
+# The path is going to change when this is moved to the framework
+source tests/scripts/all-core.sh
+
+main "$@"