Refactor nix configuration on ci and the aarch64 gcc dependency on x86_64 machines #285
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # SPDX-License-Identifier: Apache-2.0 | |
| name: CI | |
| on: | |
| push: | |
| branches: ["*"] | |
| pull_request: | |
| branches: ["main"] | |
| jobs: | |
| build_kat: | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| system: [ macos-latest, pqcp-arm64, ubuntu-latest ] | |
| exclude: | |
| - system: ${{ github.repository_owner != 'pq-code-package' && 'pqcp-arm64' }} | |
| name: build_kat (${{ matrix.system }}) | |
| runs-on: ${{ matrix.system }} | |
| defaults: | |
| run: | |
| shell: nix develop .#ci -c bash -e {0} | |
| env: | |
| CROSS_PREFIX: "${{ (matrix.system == 'ubuntu-latest' && 'aarch64-unknown-linux-gnu-') || ' ' }}" | |
| EXPECT_ARCH: "${{ (matrix.system == 'macos-latest' && 'arm64') || (matrix.system == 'pqcp-arm64' && 'aarch64') || (matrix.system == 'ubuntu-latest' && 'x86_64') }}" | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Setup nix | |
| uses: ./.github/actions/setup-nix | |
| with: | |
| devShell: ci | |
| script: | | |
| ARCH=$(uname -m) | |
| cat >> $GITHUB_STEP_SUMMARY <<-EOF | |
| ## Setup | |
| Architecture: $ARCH | |
| - $(uname -a) | |
| - $(nix --version) | |
| - $(astyle --version) | |
| - $(${CROSS_PREFIX}gcc --version | grep -m1 "") | |
| - $(bash --version | grep -m1 "") | |
| EOF | |
| if [[ "$ARCH" != $EXPECT_ARCH ]]; then | |
| echo ":x: Expecting to run on $EXPECT_ARCH, but instead running on $ARCH" >> $GITHUB_STEP_SUMMARY | |
| exit 1 | |
| fi | |
| - name: Run functional tests | |
| id: func_test | |
| run: | | |
| tests func --cross-prefix $CROSS_PREFIX -v | |
| - name: Run KAT tests | |
| id: kat_test | |
| if: | | |
| success() | |
| || steps.func_test.conclusion == 'failure' | |
| run: | | |
| tests kat --cross-prefix $CROSS_PREFIX -v | |
| - name: Run Nistkat tests | |
| id: nistkat_test | |
| if: | | |
| success() | |
| || steps.func_test.conclusion == 'failure' | |
| || steps.kat_test.conclusion == 'failure' | |
| run: | | |
| tests nistkat --cross-prefix $CROSS_PREFIX -v | |
| lint: | |
| strategy: | |
| matrix: | |
| system: [ubuntu-latest] | |
| runs-on: ${{ matrix.system }} | |
| defaults: | |
| run: | |
| shell: nix develop .#ci-linter -c bash -e {0} | |
| env: | |
| CROSS_PREFIX: "${{ (matrix.system == 'ubuntu-latest' && 'aarch64-unknown-linux-gnu-') || '' }}" | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Setup nix | |
| uses: ./.github/actions/setup-nix | |
| with: | |
| devShell: ci-linter | |
| script: | | |
| cat >> $GITHUB_STEP_SUMMARY << EOF | |
| ## Setup | |
| Architecture: $(uname -m) | |
| - $(uname -a) | |
| - $(nix --version) | |
| - $(astyle --version) | |
| - $(${CROSS_PREFIX}gcc --version | grep -m1 "") | |
| - $(bash --version | grep -m1 "") | |
| EOF | |
| - name: Lint | |
| run: | | |
| echo "## Lint & Checks" >> $GITHUB_STEP_SUMMARY | |
| lint | |
| cbmc: | |
| strategy: | |
| matrix: | |
| system: [macos-latest] | |
| runs-on: ${{ matrix.system }} | |
| defaults: | |
| run: | |
| shell: nix develop .#ci-cbmc -c bash -e {0} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Setup nix | |
| uses: ./.github/actions/setup-nix | |
| with: | |
| devShell: ci-cbmc | |
| script: | | |
| cat >> $GITHUB_STEP_SUMMARY << EOF | |
| ## Setup | |
| Architecture: $(uname -m) | |
| - $(nix --version) | |
| - $(cbmc --version) | |
| - litani Version $(litani --version) | |
| - Cadical Version $(cadical --version) | |
| - $(${{ matrix.cross_prefix }}gcc --version | grep -m1 "") | |
| - $(bash --version | grep -m1 "") | |
| EOF | |
| - name: Run CBMC proofs | |
| run: | | |
| cd cbmc/proofs; | |
| KYBER_K=2 ./run-cbmc-proofs.py --summarize; | |
| KYBER_K=3 ./run-cbmc-proofs.py --summarize; | |
| KYBER_K=4 ./run-cbmc-proofs.py --summarize; |