From 2901ae761624dffefaf71dcd5d85bccad1123fe3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tom=C3=A1s=20Gonz=C3=A1lez?=
 <tomasagustin.gonzalezorlando@arm.com>
Date: Thu, 2 Nov 2023 12:01:06 +0000
Subject: [PATCH 1/2] Add dependency cross matching
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

 * Add a script to check for mismatches in dependencies in the
   repository.

Mismatches are two different versions of the same dependency.

Signed-off-by: Tomás González <tomasagustin.gonzalezorlando@arm.com>
---
 utils/dependency_cross_matcher.py | 78 +++++++++++++++++++++++++++++++
 1 file changed, 78 insertions(+)
 create mode 100644 utils/dependency_cross_matcher.py

diff --git a/utils/dependency_cross_matcher.py b/utils/dependency_cross_matcher.py
new file mode 100644
index 00000000..4b608831
--- /dev/null
+++ b/utils/dependency_cross_matcher.py
@@ -0,0 +1,78 @@
+import argparse
+import re
+import os
+import subprocess
+import sys
+
+
+def run_cargo_tree(path):
+    cmd = 'cargo tree --all-features '
+    cmd += '--features tss-esapi/generate-bindings,cryptoki/generate-bindings -d'
+    prev_dir = os.getcwd()
+    os.chdir(os.path.join(path))
+    return subprocess.check_output(cmd.split(' ')).decode()
+
+
+def run_deps_mismatcher(lines):
+    pat = re.compile('([a-zA-Z]\S+)\s(v\S+)')
+    deps = dict()
+    for line in lines.split('\n'):
+        m = pat.search(line)
+        if m is not None:
+            if m.group(1) in deps.keys():
+                if m.group(2) not in deps[m.group(1)]:
+                    deps[m.group(1)].append(m.group(2))
+            else:
+                deps[m.group(1)] = [m.group(2)]
+    return deps
+
+
+def get_deps_with_more_than_1v(deps_and_versions):
+    new_dict = dict()
+    for dep_name, versions in deps_and_versions.items():
+        if len(versions) > 1:
+            new_dict[dep_name] = versions
+    return new_dict
+
+
+def print_deps(deps_and_versions):
+    for dep_name, versions in deps_and_versions.items():
+        print(f"{dep_name:<25} {versions}")
+
+
+def main(argv=[], prog_name=''):
+    parser = argparse.ArgumentParser(prog='DependencyCrossmatcher',
+                                     description='Checks the version mismatches for dependencies '
+                                                 'in Cargo based repositories')
+    parser.add_argument('--deps_dir',
+                        required=True,
+                        help='Existing directory that contains the Cargo.toml for analyzing'
+                             'dependencies')
+    args = parser.parse_args()
+
+    mismatches = run_deps_mismatcher(run_cargo_tree(args.deps_dir))
+    print_deps(mismatches)
+
+    mismatches = get_deps_with_more_than_1v(mismatches)
+
+    print('---------------------mistmatches----------------------\n\n')
+    print_deps(mismatches)
+
+    exceptions = {
+        'base64': ['v0.13.1', 'v0.21.4'],
+        'bindgen': ['v0.57.0', 'v0.66.1'],
+        'bitflags': ['v1.3.2', 'v2.4.0'],
+        'cexpr': ['v0.4.0', 'v0.6.0'],
+        'nom': ['v5.1.3', 'v7.1.3'],
+        'shlex': ['v0.1.1', 'v1.2.0'],
+        'syn': ['v1.0.109', 'v2.0.38'],
+    }
+
+    if exceptions != mismatches:
+        return 1
+
+    return 0
+
+
+if __name__ == '__main__':
+    sys.exit(main(sys.argv[1:], sys.argv[0]))

From 5ee457b8e56586c763496ddb1a8e33ee4d654122 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tom=C3=A1s=20Gonz=C3=A1lez?=
 <tomasagustin.gonzalezorlando@arm.com>
Date: Fri, 3 Nov 2023 11:54:00 +0000
Subject: [PATCH 2/2] ci/nightly: Add a dependency mismatcher job
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Add a dependency mismatcher job that checks whether any dependencies
have more than one versions.

Signed-off-by: Tomás González <tomasagustin.gonzalezorlando@arm.com>
---
 .github/workflows/nightly.yml | 10 ++++++++++
 ci.sh                         | 13 +++++++++++++
 2 files changed, 23 insertions(+)

diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml
index 9ca595a0..efd24c55 100644
--- a/.github/workflows/nightly.yml
+++ b/.github/workflows/nightly.yml
@@ -55,3 +55,13 @@ jobs:
         run: docker run -v $(pwd):/tmp/parsec -w /tmp/parsec --security-opt seccomp=unconfined ghcr.io/parallaxsecond/parsec-service-test-all /tmp/parsec/ci.sh coverage
       - name: Collect coverage results
         run: bash <(curl -s https://codecov.io/bash)
+
+  mismatcher:
+    name: Check for mismatched dependencies (those that have more than one version)
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+        with:
+          ref: "${{ github.event.inputs.rev }}"
+      - name: Run the container to execute the dependency mismatcher script
+        run: docker run -v $(pwd):/tmp/parsec -w /tmp/parsec ghcr.io/parallaxsecond/parsec-service-test-all /tmp/parsec/ci.sh mismatcher
diff --git a/ci.sh b/ci.sh
index c325ec8f..88df702d 100755
--- a/ci.sh
+++ b/ci.sh
@@ -196,6 +196,9 @@ while [ "$#" -gt 0 ]; do
         coverage )
             PROVIDER_NAME=$1
         ;;
+        mismatcher )
+            PROVIDER_NAME=$1
+        ;;
         *)
             error_msg "Unknown argument: $1"
         ;;
@@ -210,6 +213,16 @@ fi
 
 trap cleanup EXIT
 
+if [ "$PROVIDER_NAME" = "mismatcher" ]; then
+    python3 $(pwd)/utils/dependency_cross_matcher.py --deps_dir $(pwd)
+    mismatcher_result=$?
+    if [ "$mismatcher_result" -ne 0 ]; then
+        error_msg "Found dependencies version mismatches"
+    fi
+
+    exit 0
+fi
+
 if [ "$PROVIDER_NAME" = "tpm" ] || [ "$PROVIDER_NAME" = "all" ] || [ "$PROVIDER_NAME" = "coverage" ]; then
 	# Copy the NVChip for previously stored state. This is needed for the key mappings test.
     cp /tmp/ondisk/NVChip .