Add nix instructions for developers (#58) #100
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# SPDX-License-Identifier: Apache-2.0 | |
name: CI | |
on: | |
push: | |
branches: ["*"] | |
pull_request: | |
branches: ["main"] | |
jobs: | |
build_kat: | |
strategy: | |
fail-fast: false | |
matrix: | |
include: | |
- system: macos-latest | |
skipped: false | |
expect_arch: arm64 | |
- system: pqcp-arm64 | |
skipped: false | |
expect_arch: aarch64 | |
- system: ubuntu-latest | |
cross_prefix: aarch64-none-linux-gnu- | |
skipped: true | |
expect_arch: x86_64 | |
name: build_kat (${{ matrix.system }}) | |
runs-on: ${{ matrix.system }} | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Setup nix | |
uses: ./.github/actions/setup-nix | |
with: | |
script: | | |
ARCH=$(uname -m) | |
cat >> $GITHUB_STEP_SUMMARY <<-EOF | |
## Setup | |
Architecture: $ARCH | |
- $(uname -a) | |
- $(nix --version) | |
- $(astyle --version) | |
- $(${{ matrix.cross_prefix }}gcc --version | grep -m1 "") | |
- $(bash --version | grep -m1 "") | |
EOF | |
if [[ "$ARCH" != ${{ matrix.expect_arch }} ]]; then | |
echo ":x: Expecting to run on ${{ matrix.expect_arch }}, but instead running on $ARCH" >> $GITHUB_STEP_SUMMARY | |
exit 1 | |
fi | |
- name: Build targets | |
shell: nix develop .#ci -c bash -e {0} | |
run: | | |
make CROSS_PREFIX=${{ matrix.cross_prefix }} mlkem | |
if [ ${{ matrix.skipped }} != true ]; then | |
./test/test_kyber512 | |
./test/test_kyber768 | |
./test/test_kyber1024 | |
fi | |
- name: Compare gen_KAT with known hash | |
shell: nix develop .#ci -c bash -e {0} | |
run: | | |
cat >> $GITHUB_STEP_SUMMARY <<-EOF | |
## KAT tests | |
EOF | |
make CROSS_PREFIX=${{ matrix.cross_prefix }} kat | |
if [ ${{ matrix.skipped }} != true ]; then | |
cat >> $GITHUB_STEP_SUMMARY <<-EOF | |
$(checksum ./test/gen_KAT512 ec4ac397e595ac7457cb7d8830921faf3290898a10d7dd3864aab89ea61fe9a3) | |
$(checksum ./test/gen_KAT768 9a0826ad3c5232dfd3b21bc4801408655c565a491b760f509b2ee2cd7180babe) | |
$(checksum ./test/gen_KAT1024 6dafb867599b750a6a831b03e494cf41dea748c78a0e275e7b268bbb893cf37d) | |
EOF | |
fi | |
- name: Compare gen_NISTKAT with known hash | |
shell: nix develop .#ci -c bash -e {0} | |
run: | | |
cat >> $GITHUB_STEP_SUMMARY <<-EOF | |
## NISTKAT tests | |
EOF | |
lint: | |
strategy: | |
matrix: | |
system: [ubuntu-latest] | |
runs-on: ${{ matrix.system }} | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Setup nix | |
uses: ./.github/actions/setup-nix | |
with: | |
script: | | |
cat >> $GITHUB_STEP_SUMMARY << EOF | |
## Setup | |
Architecture: $(uname -m) | |
- $(uname -a) | |
- $(nix --version) | |
- $(astyle --version) | |
- $(${{ matrix.cross_prefix }}gcc --version | grep -m1 "") | |
- $(bash --version | grep -m1 "") | |
EOF | |
- name: Lint | |
shell: nix develop .#ci -c bash -e {0} | |
run: | | |
echo "## Lint & Checks" >> $GITHUB_STEP_SUMMARY | |
lint | |
cbmc: | |
strategy: | |
matrix: | |
system: [macos-latest] | |
runs-on: ${{ matrix.system }} | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Setup nix | |
uses: ./.github/actions/setup-nix | |
with: | |
script: | | |
cat >> $GITHUB_STEP_SUMMARY << EOF | |
## Setup | |
Architecture: $(uname -m) | |
- $(nix --version) | |
- $(cbmc --version) | |
- litani Version $(litani --version) | |
- Cadical Version $(cadical --version) | |
- $(${{ matrix.cross_prefix }}gcc --version | grep -m1 "") | |
- $(bash --version | grep -m1 "") | |
EOF | |
- name: Run CBMC proofs | |
shell: nix develop .#ci -c bash -e {0} | |
run: | | |
cd cbmc/proofs; | |
KYBER_K=2 ./run-cbmc-proofs.py --summarize; | |
KYBER_K=3 ./run-cbmc-proofs.py --summarize; | |
KYBER_K=4 ./run-cbmc-proofs.py --summarize; |