Integrate ACVP python script #2475
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# SPDX-License-Identifier: Apache-2.0 | |
name: CI | |
permissions: | |
contents: read | |
on: | |
workflow_dispatch: | |
push: | |
branches: ["main"] | |
pull_request: | |
branches: ["main"] | |
types: [ "opened", "synchronize" ] | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: true | |
jobs: | |
quickcheck: | |
strategy: | |
fail-fast: false | |
matrix: | |
external: | |
- ${{ github.repository_owner != 'pq-code-package' }} | |
target: | |
- runner: pqcp-arm64 | |
name: 'aarch64' | |
- runner: ubuntu-latest | |
name: 'x86_64' | |
exclude: | |
- {external: true, | |
target: { | |
runner: pqcp-arm64, | |
name: 'aarch64' | |
}} | |
name: Quickcheck (${{ matrix.target.name }}) | |
runs-on: ${{ matrix.target.runner }} | |
steps: | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- name: make quickcheck | |
run: | | |
OPT=0 make quickcheck >/dev/null | |
make clean >/dev/null | |
OPT=1 make quickcheck >/dev/null | |
- uses: ./.github/actions/setup-ubuntu | |
- name: tests func | |
run: | | |
./scripts/tests func | |
- name: check namespacing | |
run: | | |
./scripts/ci/check-namespace | |
build_kat: | |
needs: quickcheck | |
strategy: | |
fail-fast: false | |
matrix: | |
external: | |
- ${{ github.repository_owner != 'pq-code-package' }} | |
target: | |
- runner: macos-latest | |
name: 'MacOS' | |
- runner: pqcp-arm64 | |
name: 'ubuntu-latest (aarch64)' | |
- runner: pqcp-x64 | |
name: 'ubuntu-latest (x86_64)' | |
exclude: | |
- {external: true, | |
target: { | |
runner: pqcp-arm64, | |
name: 'ubuntu-latest (aarch64)', | |
}} | |
- {external: true, | |
target: { | |
runner: pqcp-x64, | |
name: 'ubuntu-latest (x86_64)', | |
}} | |
name: Functional tests (${{ matrix.target.name }}) | |
runs-on: ${{ matrix.target.runner }} | |
steps: | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- name: native build | |
uses: ./.github/actions/multi-functest | |
with: | |
gh_token: ${{ secrets.GITHUB_TOKEN }} | |
compile_mode: native | |
func: true | |
nistkat: true | |
kat: true | |
- name: native tests (+debug+memsan+ubsan) | |
uses: ./.github/actions/multi-functest | |
with: | |
gh_token: ${{ secrets.GITHUB_TOKEN }} | |
compile_mode: native | |
cflags: "-DMLKEM_DEBUG -fsanitize=address -fsanitize=undefined -fno-sanitize-recover=all" | |
- name: cross tests (opt only) | |
uses: ./.github/actions/multi-functest | |
if: ${{ matrix.target.runner != 'macos-latest' && (success() || failure()) }} | |
with: | |
nix-shell: ci-cross | |
nix-cache: true | |
gh_token: ${{ secrets.GITHUB_TOKEN }} | |
compile_mode: cross | |
opt: opt | |
func: true | |
nistkat: true | |
kat: true | |
compiler_tests: | |
name: Compiler tests (${{ matrix.target.name }}) | |
strategy: | |
fail-fast: false | |
matrix: | |
external: | |
- ${{ github.repository_owner != 'pq-code-package' }} | |
target: | |
- runner: pqcp-arm64 | |
name: 'aarch64' | |
- runner: ubuntu-latest | |
name: 'x86_64' | |
exclude: | |
- {external: true, | |
target: { | |
runner: pqcp-arm64, | |
name: 'aarch64' | |
}} | |
runs-on: ${{ matrix.target.runner }} | |
steps: | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- name: native build+functest (gcc-4.8) | |
uses: ./.github/actions/multi-functest | |
with: | |
gh_token: ${{ secrets.GITHUB_TOKEN }} | |
compile_mode: native | |
func: true | |
nistkat: false | |
kat: false | |
nix-shell: "ci_gcc48" | |
- name: native build+functest (gcc-4.9) | |
uses: ./.github/actions/multi-functest | |
with: | |
gh_token: ${{ secrets.GITHUB_TOKEN }} | |
compile_mode: native | |
func: true | |
nistkat: false | |
kat: false | |
nix-shell: "ci_gcc49" | |
- name: native build+functest (gcc-7) | |
uses: ./.github/actions/multi-functest | |
with: | |
gh_token: ${{ secrets.GITHUB_TOKEN }} | |
compile_mode: native | |
func: true | |
nistkat: false | |
kat: false | |
nix-shell: "ci_gcc7" | |
- name: native build+functest (gcc-11) | |
uses: ./.github/actions/multi-functest | |
with: | |
gh_token: ${{ secrets.GITHUB_TOKEN }} | |
compile_mode: native | |
func: true | |
nistkat: false | |
kat: false | |
nix-shell: "ci_gcc11" | |
- name: native build+functest (clang-18) | |
uses: ./.github/actions/multi-functest | |
with: | |
gh_token: ${{ secrets.GITHUB_TOKEN }} | |
compile_mode: native | |
func: true | |
nistkat: false | |
kat: false | |
nix-shell: "ci_clang18" | |
lint: | |
strategy: | |
matrix: | |
system: [ubuntu-latest] | |
name: Linting | |
runs-on: ${{ matrix.system }} | |
steps: | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- uses: ./.github/actions/lint | |
with: | |
nix-shell: ci-linter | |
gh_token: ${{ secrets.GITHUB_TOKEN }} | |
cross-prefix: "aarch64-unknown-linux-gnu-" | |
ec2_functests: | |
needs: quickcheck | |
strategy: | |
fail-fast: false | |
matrix: | |
target: | |
- name: AMD EPYC 4th gen (t3a) | |
ec2_instance_type: t3a.small | |
ec2_ami: ubuntu-latest (custom AMI) | |
ec2_ami_id: ami-0d47e137a1108e078 # x86_64 ubuntu-latest, 32g | |
compile_mode: native | |
opt: all | |
- name: Intel Xeon 4th gen (t3) | |
ec2_instance_type: t3.small | |
ec2_ami: ubuntu-latest (custom AMI) | |
ec2_ami_id: ami-0d47e137a1108e078 # x86_64 ubuntu-latest, 32g | |
compile_mode: native | |
opt: all | |
- name: Graviton2 (c6g.medium) | |
ec2_instance_type: c6g.medium | |
ec2_ami: ubuntu-latest (custom AMI) | |
ec2_ami_id: ami-08ddb0acd99dc3d33 # aarch64, ubuntu-latest, 64g | |
compile_mode: native | |
opt: all | |
- name: Graviton3 (c7g.medium) | |
ec2_instance_type: c7g.medium | |
ec2_ami: ubuntu-latest (custom AMI) | |
ec2_ami_id: ami-08ddb0acd99dc3d33 # aarch64, ubuntu-latest, 64g | |
compile_mode: native | |
opt: all | |
name: Functional tests (${{ matrix.target.name }}) | |
permissions: | |
contents: 'read' | |
id-token: 'write' | |
uses: ./.github/workflows/ci_ec2_reusable.yml | |
if: github.repository_owner == 'pq-code-package' && !github.event.pull_request.head.repo.fork | |
with: | |
name: ${{ matrix.target.name }} | |
ec2_instance_type: ${{ matrix.target.ec2_instance_type }} | |
ec2_ami: ${{ matrix.target.ec2_ami }} | |
ec2_ami_id: ${{ matrix.target.ec2_ami_id }} | |
compile_mode: ${{ matrix.target.compile_mode }} | |
opt: ${{ matrix.target.opt }} | |
functest: true | |
kattest: true | |
nistkattest: true | |
lint: false | |
verbose: true | |
secrets: inherit | |
cbmc_k2: | |
needs: quickcheck | |
permissions: | |
contents: 'read' | |
id-token: 'write' | |
uses: ./.github/workflows/ci_ec2_reusable.yml | |
if: github.repository_owner == 'pq-code-package' && !github.event.pull_request.head.repo.fork | |
with: | |
name: CBMC (MLKEM-512) | |
ec2_instance_type: c7g.2xlarge | |
ec2_ami: ubuntu-latest (custom AMI) | |
ec2_ami_id: ami-08ddb0acd99dc3d33 # aarch64, ubuntu-latest, 64g | |
compile_mode: native | |
opt: no_opt | |
lint: false | |
verbose: true | |
functest: true | |
kattest: false | |
nistkattest: false | |
cbmc: true | |
cbmc_mlkem_k: 2 | |
secrets: inherit | |
cbmc_k3: | |
needs: quickcheck | |
permissions: | |
contents: 'read' | |
id-token: 'write' | |
uses: ./.github/workflows/ci_ec2_reusable.yml | |
if: github.repository_owner == 'pq-code-package' && !github.event.pull_request.head.repo.fork | |
with: | |
name: CBMC (MLKEM-768) | |
ec2_instance_type: c7g.2xlarge | |
ec2_ami: ubuntu-latest (custom AMI) | |
ec2_ami_id: ami-08ddb0acd99dc3d33 # aarch64, ubuntu-latest, 64g | |
compile_mode: native | |
opt: no_opt | |
lint: false | |
verbose: true | |
functest: true | |
kattest: false | |
nistkattest: false | |
cbmc: true | |
cbmc_mlkem_k: 3 | |
secrets: inherit | |
cbmc_k4: | |
needs: quickcheck | |
permissions: | |
contents: 'read' | |
id-token: 'write' | |
uses: ./.github/workflows/ci_ec2_reusable.yml | |
if: github.repository_owner == 'pq-code-package' && !github.event.pull_request.head.repo.fork | |
with: | |
name: CBMC (MLKEM-1024) | |
ec2_instance_type: c7g.2xlarge | |
ec2_ami: ubuntu-latest (custom AMI) | |
ec2_ami_id: ami-08ddb0acd99dc3d33 # aarch64, ubuntu-latest, 64g | |
compile_mode: native | |
opt: no_opt | |
lint: false | |
verbose: true | |
functest: true | |
kattest: false | |
nistkattest: false | |
cbmc: true | |
cbmc_mlkem_k: 4 | |
secrets: inherit |