ci: reuse build step more

Refactor workflows using build. This is to reduce workflow times. Signed-off-by: Maximilian Deubel <[email protected]>
hello-nrfcloud · Nov 4, 2024 · f240916 · f240916
1 parent 5b6ff14
commit f240916
Show file tree

Hide file tree

Showing 5 changed files with 89 additions and 66 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -131,6 +131,13 @@ jobs:
           cp app/zephyr/zephyr.elf hello.nrfcloud.com-${{ env.VERSION }}-thingy91x-nrf91.elf
           cp dfu_application.zip hello.nrfcloud.com-${{ env.VERSION }}-thingy91x-nrf91-dfu.zip
 
+      - name: Create partition manager report for nRF91 firmware
+        working-directory: thingy91x-oob/app/build
+        run: |
+          ninja partition_manager_report
+          ninja partition_manager_report > pmr-nrf91-default-${{ env.VERSION }}.txt
+          sed -i '1d' pmr-nrf91-default-${{ env.VERSION }}.txt
+
       - name: Upload artifact
         uses: actions/upload-artifact@v4
         id: artifact-upload-oob
@@ -140,6 +147,7 @@ jobs:
           path: |
             thingy91x-oob/app/build/hello.nrfcloud.com-*.*
             thingy91x-oob/app/build/nrf91-bl-*.hex
+            thingy91x-oob/app/build/pmr-nrf91-*.txt
 
       # Out-of-box debug firmware build
 
@@ -172,6 +180,14 @@ jobs:
           cp app/zephyr/zephyr.elf hello.nrfcloud.com-${{ env.VERSION }}+debug-thingy91x-nrf91.elf
           cp dfu_application.zip hello.nrfcloud.com-${{ env.VERSION }}+debug-thingy91x-nrf91-dfu.zip
 
+      - name: Create partition manager report for nRF91 debug firmware
+        if: ${{ inputs.build_debug }}
+        working-directory: thingy91x-oob/app/build
+        run: |
+          ninja partition_manager_report
+          ninja partition_manager_report > pmr-nrf91-debug-${{ env.VERSION }}.txt
+          sed -i '1d' pmr-nrf91-debug-${{ env.VERSION }}.txt
+
       - name: Upload artifact
         if: ${{ inputs.build_debug }}
         uses: actions/upload-artifact@v4
@@ -181,6 +197,7 @@ jobs:
           if-no-files-found: error
           path: |
             thingy91x-oob/app/build/hello.nrfcloud.com-*.*
+            thingy91x-oob/app/build/pmr-nrf91-*.txt
 
       # Connectivity Bridge firmware build
 
@@ -189,6 +206,13 @@ jobs:
         run: |
           west build -b thingy91x/nrf5340/cpuapp -p --sysbuild -- -Dmcuboot_CONFIG_FW_INFO_FIRMWARE_VERSION=3 -DCONFIG_BUILD_S1_VARIANT=y
 
+      - name: Create partition manager report for nRF53 firmware
+        working-directory: nrf/applications/connectivity_bridge/build
+        run: |
+          ninja partition_manager_report
+          ninja partition_manager_report > pmr-nrf53-default-${{ env.VERSION }}.txt
+          sed -i '1d' pmr-nrf53-default-${{ env.VERSION }}.txt
+
       - name: Create nrf53 merged_domains HEX file
         run: |
           # check that bootloader hex files are present
@@ -224,6 +248,7 @@ jobs:
           path: |
             nrf/applications/connectivity_bridge/build/connectivity-bridge-*.*
             nrf/applications/connectivity_bridge/build/nrf53-bl-*.hex
+            nrf/applications/connectivity_bridge/build/pmr-nrf53-*.txt
 
       # Bootloader update build
 
@@ -238,8 +263,6 @@ jobs:
           west build -b thingy91x/nrf5340/cpuapp -p --sysbuild -d ../nrf/applications/connectivity_bridge/build-bl-update ../nrf/applications/connectivity_bridge -- -Dmcuboot_CONFIG_FW_INFO_FIRMWARE_VERSION=4 -DCONFIG_BUILD_S1_VARIANT=y
           cp ../nrf/applications/connectivity_bridge/build-bl-update/dfu_mcuboot.zip \
             connectivity-bridge-${{ env.VERSION }}-thingy91x-nrf53-bootloader.zip
-          cp ../nrf/applications/connectivity_bridge/build-bl-update/dfu_application.zip \
-            connectivity-bridge-${{ env.VERSION }}-thingy91x-nrf53-verbose.zip
 
       - name: Upload artifact
         if: ${{ inputs.build_bl_update }}

diff --git a/.github/workflows/dfu_check.yml b/.github/workflows/dfu_check.yml
@@ -2,22 +2,19 @@ name: DFU image compatibility check
 
 on:
   workflow_call:
+    inputs:
+      artifact_run_id:
+        type: string
+        required: true
   workflow_dispatch:
-  push:
-    branches:
-      - main
-  pull_request:
-    paths:
-      - '**/*.c'
-      - '**/*.h'
-      - west.yml
-      - '**/CMakelists.txt'
-      - '**/Kconfig*'
-      - '**/prj.conf'
+    inputs:
+      artifact_run_id:
+        type: string
+        required: true
 
 jobs:
-  build:
-    name: Build and analyze
+  analyze:
+    name: Static analysis
     runs-on: ubuntu-latest
     container: ghcr.io/zephyrproject-rtos/ci:v0.26.14
     env:
@@ -36,7 +33,25 @@ jobs:
           west config manifest.group-filter +bsec
           west config build.sysbuild True
           west update -o=--depth=1 -n
-          west blobs fetch hal_nordic
+
+      - name: Download artifacts
+        uses: actions/download-artifact@v4
+        with:
+          pattern: firmware-*
+          merge-multiple: true
+          path: thingy91x-oob/artifacts
+          run-id: ${{ inputs.artifact_run_id }}
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Unzip update ZIPs
+        working-directory: thingy91x-oob/artifacts
+        run: |
+          unzip -o -d nrf91-app-debug hello.nrfcloud.com-*+debug-thingy91x-nrf91-dfu.zip
+          rm hello.nrfcloud.com-*+debug-thingy91x-nrf91-dfu.zip
+          unzip -o -d nrf91-app hello.nrfcloud.com-*-thingy91x-nrf91-dfu.zip
+          unzip -o -d nrf91-bootloader hello.nrfcloud.com-*-thingy91x-nrf91-bootloader.zip
+          unzip -o -d nrf53-app connectivity-bridge-*-thingy91x-nrf53-dfu.zip
+          unzip -o -d nrf53-bootloader connectivity-bridge-*-thingy91x-nrf53-bootloader.zip
 
       - name: Install dependencies
         run: |
@@ -55,69 +70,52 @@ jobs:
           python3 ${CI_NRF_DIR}/scripts/bootloader/keygen.py --public --in ${CI_NRF_DIR}/boards/nordic/thingy91x/nsib_signing_key.pem --out verifying_key_nrf91.pem
           python3 ${CI_NRF_DIR}/scripts/bootloader/keygen.py --public --in ${CI_NRF_DIR}/boards/nordic/thingy91x/nsib_signing_key_nrf5340.pem --out verifying_key_nrf53.pem
 
-      - name: Build OOB FW
-        working-directory: thingy91x-oob
-        run: |
-          west twister -T . -v -p thingy91x/nrf9151/ns --inline-logs --test app.build --test app.build.bootloader_update
-
       - name: 'nrf91: check partition layout'
-        working-directory: thingy91x-oob/twister-out/thingy91x_nrf9151_ns/app/app.build/
+        working-directory: thingy91x-oob/artifacts
         run: |
-          ninja partition_manager_report # need to run this twice
-          ninja partition_manager_report > partition_manager_report.txt
-          sed -i '1d' partition_manager_report.txt
-          diff --ignore-all-space --ignore-blank-lines partition_manager_report.txt ${CI_PROJECT_DIR}/scripts/pmr_nrf91.txt
+          diff --ignore-all-space --ignore-blank-lines pmr-nrf91-default-*.txt ${CI_PROJECT_DIR}/scripts/pmr_nrf91.txt
 
       - name: 'nrf91: check app image signature'
         working-directory: thingy91x-oob
         run: |
-          python3 ${CI_MCUBOOT_DIR}/scripts/imgtool.py verify -k ${CI_MCUBOOT_DIR}/root-ec-p256.pem twister-out/thingy91x_nrf9151_ns/app/app.build/app/zephyr/zephyr.signed.bin
+          python3 ${CI_MCUBOOT_DIR}/scripts/imgtool.py verify -k ${CI_MCUBOOT_DIR}/root-ec-p256.pem artifacts/hello.nrfcloud.com-*-thingy91x-nrf91-update-signed.bin
 
       - name: 'nrf91: check bootloader image signature'
         working-directory: thingy91x-oob
         run: |
-          python3 scripts/nsib_signature_check.py -i twister-out/thingy91x_nrf9151_ns/app/app.build/signed_by_mcuboot_and_b0_mcuboot.hex -p verifying_key_nrf91.pem -a 0x00008200 -v 2
-          python3 scripts/nsib_signature_check.py -i twister-out/thingy91x_nrf9151_ns/app/app.build.bootloader_update/signed_by_mcuboot_and_b0_mcuboot.hex -p verifying_key_nrf91.pem -a 0x00008200 -v 3
-          python3 scripts/nsib_signature_check.py -i twister-out/thingy91x_nrf9151_ns/app/app.build.bootloader_update/signed_by_mcuboot_and_b0_s1_image.hex -p verifying_key_nrf91.pem -a 0x0001c200 -v 3
+          # python3 scripts/nsib_signature_check.py -i twister-out/thingy91x_nrf9151_ns/app/app.build/signed_by_mcuboot_and_b0_mcuboot.hex -p verifying_key_nrf91.pem -a 0x00008200 -v 2
+          python3 scripts/nsib_signature_check.py -i artifacts/nrf91-bootloader/signed_by_mcuboot_and_b0_mcuboot.bin -p verifying_key_nrf91.pem -a 0x00008200 -v 3
+          python3 scripts/nsib_signature_check.py -i artifacts/nrf91-bootloader/signed_by_mcuboot_and_b0_s1_image.bin -p verifying_key_nrf91.pem -a 0x0001c200 -v 3
 
       - name: 'nrf91: check manifest slot indices'
-        working-directory: thingy91x-oob
-        run: |
-          grep '"slot_index_primary": "1"' twister-out/thingy91x_nrf9151_ns/app/app.build/dfu_application.zip_manifest.json
-          grep '"slot_index_secondary": "2"' twister-out/thingy91x_nrf9151_ns/app/app.build/dfu_application.zip_manifest.json
-
-      - name: Build Connectivity Bridge
-        working-directory: nrf/applications/connectivity_bridge
+        working-directory: thingy91x-oob/artifacts
         run: |
-          west build -b thingy91x/nrf5340/cpuapp -p --sysbuild -- -Dmcuboot_CONFIG_FW_INFO_FIRMWARE_VERSION=3 -DCONFIG_BUILD_S1_VARIANT=y
-          west build -b thingy91x/nrf5340/cpuapp -p --sysbuild -d build-bl-update -- -Dmcuboot_CONFIG_FW_INFO_FIRMWARE_VERSION=4 -DCONFIG_BUILD_S1_VARIANT=y
+          grep '"slot_index_primary": "1"' nrf91-app/manifest.json
+          grep '"slot_index_secondary": "2"' nrf91-app/manifest.json
 
       - name: 'nrf53: check partition layout'
-        working-directory: nrf/applications/connectivity_bridge/build/
+        working-directory: thingy91x-oob/artifacts
         run: |
-          ninja partition_manager_report # need to run this twice
-          ninja partition_manager_report > partition_manager_report.txt
-          sed -i '1d' partition_manager_report.txt
-          diff partition_manager_report.txt ${CI_PROJECT_DIR}/scripts/pmr_nrf53.txt
+          diff --ignore-all-space --ignore-blank-lines pmr-nrf53-default-*.txt ${CI_PROJECT_DIR}/scripts/pmr_nrf53.txt
 
       - name: 'nrf53: check app image signature'
-        working-directory: thingy91x-oob
+        working-directory: thingy91x-oob/artifacts
         run: |
-          python3 ${CI_MCUBOOT_DIR}/scripts/imgtool.py verify -k ${CI_MCUBOOT_DIR}/root-ec-p256.pem ../nrf/applications/connectivity_bridge/build/connectivity_bridge/zephyr/zephyr.signed.bin
+          python3 ${CI_MCUBOOT_DIR}/scripts/imgtool.py verify -k ${CI_MCUBOOT_DIR}/root-ec-p256.pem nrf53-app/connectivity_bridge.signed.bin
 
       - name: 'nrf53: check bootloader image signature'
         working-directory: thingy91x-oob
         run: |
-          python3 scripts/nsib_signature_check.py -i ../nrf/applications/connectivity_bridge/build/signed_by_mcuboot_and_b0_mcuboot.hex -p verifying_key_nrf53.pem -a 0x00008200 -v 3
-          python3 scripts/nsib_signature_check.py -i ../nrf/applications/connectivity_bridge/build-bl-update/signed_by_mcuboot_and_b0_mcuboot.hex -p verifying_key_nrf53.pem -a 0x00008200 -v 4
-          python3 scripts/nsib_signature_check.py -i ../nrf/applications/connectivity_bridge/build-bl-update/signed_by_mcuboot_and_b0_s1_image.hex -p verifying_key_nrf53.pem -a 0x0001c200 -v 4
+          # python3 scripts/nsib_signature_check.py -i ../nrf/applications/connectivity_bridge/build/signed_by_mcuboot_and_b0_mcuboot.hex -p verifying_key_nrf53.pem -a 0x00008200 -v 3
+          python3 scripts/nsib_signature_check.py -i artifacts/nrf53-bootloader/signed_by_mcuboot_and_b0_mcuboot.bin -p verifying_key_nrf53.pem -a 0x00008200 -v 4
+          python3 scripts/nsib_signature_check.py -i artifacts/nrf53-bootloader/signed_by_mcuboot_and_b0_s1_image.bin -p verifying_key_nrf53.pem -a 0x0001c200 -v 4
 
       - name: 'nrf53: check manifest slot indices'
-        working-directory: thingy91x-oob
+        working-directory: thingy91x-oob/artifacts
         run: |
-          grep '"slot_index_primary": "1"' ../nrf/applications/connectivity_bridge/build/dfu_application.zip_manifest.json
-          grep '"slot_index_secondary": "2"' ../nrf/applications/connectivity_bridge/build/dfu_application.zip_manifest.json
+          grep '"slot_index_primary": "1"' nrf53-app/manifest.json
+          grep '"slot_index_secondary": "2"' nrf53-app/manifest.json
           # check that there is also a second image for the network core
-          grep '"image_index": "1"' ../nrf/applications/connectivity_bridge/build/dfu_application.zip_manifest.json
-          grep '"slot_index_primary": "3"' ../nrf/applications/connectivity_bridge/build/dfu_application.zip_manifest.json
-          grep '"slot_index_secondary": "4"' ../nrf/applications/connectivity_bridge/build/dfu_application.zip_manifest.json
+          grep '"image_index": "1"' nrf53-app/manifest.json
+          grep '"slot_index_primary": "3"' nrf53-app/manifest.json
+          grep '"slot_index_secondary": "4"' nrf53-app/manifest.json
diff --git a/.github/workflows/on_target.yml b/.github/workflows/on_target.yml
@@ -62,7 +62,7 @@ on:
 
 jobs:
   target_test:
-    name: Target Test
+    name: Test on target
     runs-on: self-hosted
     environment: production
     container:
@@ -160,19 +160,13 @@ jobs:
           UART_ID: ${{ secrets.UART_DUT_2 }}
           NRF53_NET_HEX_FILE: artifacts/connectivity-bridge-${{ inputs.artifact_fw_version }}-thingy91x-nrf53-net.hex
           NRF53_APP_HEX_FILE: artifacts/connectivity-bridge-${{ inputs.artifact_fw_version }}-thingy91x-nrf53-app.hex
-          NRF53_APP_UPDATE_ZIP: artifacts/connectivity-bridge-${{ inputs.artifact_fw_version }}-thingy91x-nrf53-verbose.zip
+          NRF53_APP_UPDATE_ZIP: artifacts/connectivity-bridge-${{ inputs.artifact_fw_version }}-thingy91x-nrf53-dfu.zip
           NRF53_BL_UPDATE_ZIP: artifacts/connectivity-bridge-${{ inputs.artifact_fw_version }}-thingy91x-nrf53-bootloader.zip
           NRF91_HEX_FILE: artifacts/nrf91-bl-v2.hex
           NRF91_APP_UPDATE_ZIP: artifacts/hello.nrfcloud.com-${{ inputs.artifact_fw_version }}-thingy91x-nrf91-dfu.zip
           NRF91_BL_UPDATE_ZIP: artifacts/hello.nrfcloud.com-${{ inputs.artifact_fw_version }}-thingy91x-nrf91-bootloader.zip
           LOG_FILENAME: oob_dfu_test_log
 
-      # - name: Check nRF53 connectivity bridge version
-      #   if: ${{ inputs.run_dfu_tests }}
-      #   working-directory: thingy91x-oob
-      #   run: |
-      #     python3 ./tests/on_target/utils/thingy91x_dfu.py --check-nrf53-version --serial THINGY91X_${{ secrets.UART_DUT_2 }} 2>&1 >/dev/null | grep "S1: 1"
-
       - name: Run Connectivity Bridge Test
         if: ${{ inputs.run_connectivity_bridge_tests }}
         working-directory: thingy91x-oob/tests/on_target

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -1,4 +1,4 @@
-name: Build and Test on Target
+name: Build and Test
 
 on:
   workflow_dispatch:
@@ -30,7 +30,13 @@ jobs:
     secrets: inherit
     with:
       build_bl_update: true
-  test:
+  dfu_check:
+    uses: ./.github/workflows/dfu_check.yml
+    needs: build
+    secrets: inherit
+    with:
+      artifact_run_id: ${{ needs.build.outputs.run_id }}
+  target_test:
     uses: ./.github/workflows/on_target.yml
     needs: build
     secrets: inherit

diff --git a/scripts/pmr_nrf91.txt b/scripts/pmr_nrf91.txt
@@ -25,7 +25,9 @@
 +---0x30200: mcuboot_primary_app (0xcfe00 - 831kB)-+
 | 0x30200: tfm (0x7e00 - 31kB)                     |
 +---0x38000: tfm_nonsecure (0xc8000 - 800kB)-------+
-| 0x38000: app (0xc8000 - 800kB)                   |
+| 0x38000: app (0xb8000 - 736kB)                   |
++---0xf0000: nonsecure_storage (0x10000 - 64kB)----+
+| 0xf0000: memfault_storage (0x10000 - 64kB)       |
 +--------------------------------------------------+
 
   otp (0x2f4 - 756B):