-
Notifications
You must be signed in to change notification settings - Fork 480
158 lines (149 loc) · 5.69 KB
/
basic.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
name: Basic checks
permissions:
contents: read
on: [workflow_call, workflow_dispatch]
jobs:
workflowcheck:
name: Check validity of GitHub workflows
runs-on: ubuntu-latest
container: openquantumsafe/ci-ubuntu-latest:latest
steps:
- name: Checkout code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4
- name: Ensure GitHub actions are valid
run: actionlint -shellcheck "" # run *without* shellcheck
stylecheck:
name: Check code formatting
needs: [workflowcheck]
runs-on: ubuntu-latest
container: openquantumsafe/ci-ubuntu-latest:latest
steps:
- name: Checkout code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4
- name: Ensure code conventions are upheld
run: python3 -m pytest --verbose tests/test_code_conventions.py
- name: Check that doxygen can parse the documentation
run: mkdir build && ./scripts/run_doxygen.sh $(which doxygen) ./docs/.Doxyfile ./build
- name: Validate CBOM
run: scripts/validate_cbom.sh
upstreamcheck:
name: Check upstream code is properly integrated
needs: [workflowcheck]
runs-on: ubuntu-latest
container: openquantumsafe/ci-ubuntu-latest:latest
steps:
- name: Checkout code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4
- name: Configure
run: |
git config --global user.name "ciuser" && \
git config --global user.email "[email protected]" && \
git config --global --add safe.directory "$PWD" && \
echo "LIBOQS_DIR=$PWD" >> "$GITHUB_ENV"
- name: Verify copy_from_upstream state after copy
working-directory: "scripts/copy_from_upstream"
run: |
python3 copy_from_upstream.py -d copy && \
git status --porcelain && \
test -z "$(git status --porcelain)"
- name: Verify copy_from_upstream state after libjade
working-directory: "scripts/copy_from_upstream"
run: |
python3 copy_from_upstream.py -d libjade && \
git status --porcelain && \
test -z "$(git status --porcelain)"
buildcheck:
name: Check that code passes a basic build
needs: [workflowcheck, stylecheck, upstreamcheck]
runs-on: ubuntu-latest
container: openquantumsafe/ci-ubuntu-latest:latest
env:
KEM_NAME: ml_kem_768
SIG_NAME: ml_dsa_65
steps:
- name: Create random build folder
run: tmp_build=$(mktemp -d) && echo "RANDOM_BUILD_DIR=$tmp_build" >> $GITHUB_ENV
- name: Checkout code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4
- name: Configure
run: |
cmake \
-B ${{ env.RANDOM_BUILD_DIR }} \
-GNinja \
-DOQS_STRICT_WARNINGS=ON \
-DOQS_MINIMAL_BUILD="KEM_$KEM_NAME;SIG_$SIG_NAME" \
--warn-uninitialized . > config.log 2>&1 && \
cat config.log && \
cmake -LA -N . && \
! (grep -i "uninitialized variable" config.log)
- name: Build code
run: ninja
working-directory: ${{ env.RANDOM_BUILD_DIR }}
- name: Build documentation
run: ninja gen_docs
working-directory: ${{ env.RANDOM_BUILD_DIR }}
cppcheck:
name: Check C++ linking with example program
runs-on: ubuntu-latest
container: openquantumsafe/ci-ubuntu-latest:latest
env:
SIG_NAME: dilithium_2
steps:
- name: Create random build folder
run: tmp_build=$(mktemp -d) && echo "RANDOM_BUILD_DIR=$tmp_build" >> $GITHUB_ENV
- name: Checkout code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4
- name: Configure
run: |
cmake \
-B ${{ env.RANDOM_BUILD_DIR }} \
-GNinja \
-DOQS_STRICT_WARNINGS=ON \
-DOQS_MINIMAL_BUILD="SIG_$SIG_NAME" \
--warn-uninitialized . > config.log 2>&1 && \
cat config.log && \
cmake -LA -N . && \
! (grep -i "uninitialized variable" config.log)
- name: Build liboqs
run: ninja
working-directory: ${{ env.RANDOM_BUILD_DIR }}
- name: Link with C++ program
run: |
g++ "$GITHUB_WORKSPACE"/cpp/sig_linking_test.cpp -g \
-I./include -L./lib -loqs -lcrypto -std=c++11 -o example_sig && \
./example_sig
working-directory: ${{ env.RANDOM_BUILD_DIR }}
fuzzbuildcheck:
name: Check that code passes a basic fuzzing build
needs: [workflowcheck, stylecheck, upstreamcheck]
runs-on: ubuntu-latest
container: openquantumsafe/ci-ubuntu-latest:latest
env:
SIG_NAME: dilithium_2
CC: clang
CXX: clang++
CFLAGS: -fsanitize=fuzzer-no-link,address
LDFLAGS: -fsanitize=address
steps:
- name: Create random build folder
run: tmp_build=$(mktemp -d) && echo "RANDOM_BUILD_DIR=$tmp_build" >> $GITHUB_ENV
- name: Checkout code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4
- name: Configure
run: |
cmake \
-B ${{ env.RANDOM_BUILD_DIR }} \
-GNinja \
-DOQS_STRICT_WARNINGS=ON \
-DOQS_BUILD_FUZZ_TESTS=ON \
-DOQS_MINIMAL_BUILD="SIG_$SIG_NAME" \
--warn-uninitialized . > config.log 2>&1 && \
cat config.log && \
cmake -LA -N . && \
! (grep -i "uninitialized variable" config.log)
- name: Build code
run: ninja fuzz_test_sig
working-directory: ${{ env.RANDOM_BUILD_DIR }}
- name: Short fuzz check (30s)
run: ./tests/fuzz_test_sig -max_total_time=30
working-directory: ${{ env.RANDOM_BUILD_DIR }}