-
Notifications
You must be signed in to change notification settings - Fork 12
134 lines (129 loc) · 4.23 KB
/
ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
# SPDX-License-Identifier: Apache-2.0
name: CI
on:
push:
branches: ["*"]
pull_request:
branches: ["main"]
jobs:
build_kat:
strategy:
fail-fast: false
matrix:
include:
- system: macos-latest
skipped: false
expect_arch: arm64
- system: pqcp-arm64
skipped: false
expect_arch: aarch64
- system: ubuntu-latest
cross_prefix: aarch64-none-linux-gnu-
skipped: true
expect_arch: x86_64
name: build_kat (${{ matrix.system }})
runs-on: ${{ matrix.system }}
steps:
- uses: actions/checkout@v4
- name: Setup nix
uses: ./.github/actions/setup-nix
with:
script: |
ARCH=$(uname -m)
cat >> $GITHUB_STEP_SUMMARY <<-EOF
## Setup
Architecture: $ARCH
- $(uname -a)
- $(nix --version)
- $(astyle --version)
- $(${{ matrix.cross_prefix }}gcc --version | grep -m1 "")
- $(bash --version | grep -m1 "")
EOF
if [[ "$ARCH" != ${{ matrix.expect_arch }} ]]; then
echo ":x: Expecting to run on ${{ matrix.expect_arch }}, but instead running on $ARCH" >> $GITHUB_STEP_SUMMARY
exit 1
fi
- name: Build targets
shell: nix develop .#ci -c bash -e {0}
run: |
make CROSS_PREFIX=${{ matrix.cross_prefix }} mlkem
if [ ${{ matrix.skipped }} != true ]; then
./test/test_kyber512
./test/test_kyber768
./test/test_kyber1024
fi
- name: Compare gen_KAT with known hash
shell: nix develop .#ci -c bash -e {0}
run: |
cat >> $GITHUB_STEP_SUMMARY <<-EOF
## KAT tests
EOF
make CROSS_PREFIX=${{ matrix.cross_prefix }} kat
if [ ${{ matrix.skipped }} != true ]; then
cat >> $GITHUB_STEP_SUMMARY <<-EOF
$(checksum ./test/gen_KAT512 ec4ac397e595ac7457cb7d8830921faf3290898a10d7dd3864aab89ea61fe9a3)
$(checksum ./test/gen_KAT768 9a0826ad3c5232dfd3b21bc4801408655c565a491b760f509b2ee2cd7180babe)
$(checksum ./test/gen_KAT1024 6dafb867599b750a6a831b03e494cf41dea748c78a0e275e7b268bbb893cf37d)
EOF
fi
- name: Compare gen_NISTKAT with known hash
shell: nix develop .#ci -c bash -e {0}
run: |
cat >> $GITHUB_STEP_SUMMARY <<-EOF
## NISTKAT tests
EOF
lint:
strategy:
matrix:
system: [pqcp-arm64]
runs-on: ${{ matrix.system }}
steps:
- uses: actions/checkout@v4
- name: Setup nix
uses: ./.github/actions/setup-nix
with:
script: |
cat >> $GITHUB_STEP_SUMMARY << EOF
## Setup
Architecture: $(uname -m)
- $(uname -a)
- $(nix --version)
- $(astyle --version)
- $(${{ matrix.cross_prefix }}gcc --version | grep -m1 "")
- $(bash --version | grep -m1 "")
EOF
- name: Lint
shell: nix develop .#ci -c bash -e {0}
run: |
echo "## Lint & Checks" >> $GITHUB_STEP_SUMMARY
lint
cbmc:
strategy:
matrix:
system: [macos-latest]
runs-on: ${{ matrix.system }}
steps:
- uses: actions/checkout@v4
- name: install native dependencies
run: brew install litani cbmc cbmc-viewer
- name: Setup nix
uses: ./.github/actions/setup-nix
with:
script: |
cat >> $GITHUB_STEP_SUMMARY << EOF
## Setup
Architecture: $(uname -m)
- $(nix --version)
- $(cbmc --version)
- litani Version $(litani --version)
- Cadical Version $(cadical --version)
- $(${{ matrix.cross_prefix }}gcc --version | grep -m1 "")
- $(bash --version | grep -m1 "")
EOF
- name: Run CBMC proofs
shell: nix develop .#ci -c bash -e {0}
run: |
cd cbmc/proofs;
KYBER_K=2 ./run-cbmc-proofs.py --summarize;
KYBER_K=3 ./run-cbmc-proofs.py --summarize;
KYBER_K=4 ./run-cbmc-proofs.py --summarize;