diff --git a/.github/actions/setup-ubuntu/action.yml b/.github/actions/setup-ubuntu/action.yml index a63025739..eb445ca69 100644 --- a/.github/actions/setup-ubuntu/action.yml +++ b/.github/actions/setup-ubuntu/action.yml @@ -8,6 +8,9 @@ inputs: description: Space-separated list of additional packages to install required: false default: '' + sudo: + required: false + default: 'sudo' runs: using: composite @@ -15,16 +18,16 @@ runs: - name: Update package repository shell: bash run: | - sudo apt-get update + ${{ inputs.sudo }} apt-get update - name: Install base packages shell: bash run: | - sudo apt-get install python3-venv python3-pip make -y + ${{ inputs.sudo }} apt-get install python3-venv python3-pip make -y - name: Install additional packages if: ${{ inputs.packages != ''}} shell: bash run: | - sudo apt-get install ${{ inputs.packages }} -y + ${{ inputs.sudo }} apt-get install ${{ inputs.packages }} -y - name: Setup Python venv shell: bash run: | diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index bfd6da728..fc979a8d8 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -381,48 +381,37 @@ jobs: # nistkat: true # kat: false # acvp: false - ec2_functests: + ec2_compatibilitytests: strategy: fail-fast: false matrix: - target: - - name: AMD EPYC 4th gen (t3a) - ec2_instance_type: t3a.small - ec2_ami: ubuntu-latest (custom AMI) - ec2_ami_id: ami-0d47e137a1108e078 # x86_64 ubuntu-latest, 32g - compile_mode: native - opt: all - - name: Intel Xeon 4th gen (t3) - ec2_instance_type: t3.small - ec2_ami: ubuntu-latest (custom AMI) - ec2_ami_id: ami-0d47e137a1108e078 # x86_64 ubuntu-latest, 32g - compile_mode: native - opt: all - - name: Graviton2 (c6g.medium) - ec2_instance_type: c6g.medium - ec2_ami: ubuntu-latest (custom AMI) - ec2_ami_id: ami-0f4b26c5372aa0525 # ami-08ddb0acd99dc3d33 # aarch64, ubuntu-latest, 64g - compile_mode: native - opt: all - - name: Graviton3 (c7g.medium) - ec2_instance_type: c7g.medium - ec2_ami: ubuntu-latest (custom AMI) - ec2_ami_id: ami-0f4b26c5372aa0525 # ami-08ddb0acd99dc3d33 # aarch64, ubuntu-latest, 64g - compile_mode: native - opt: all - name: Platform tests (${{ matrix.target.name }}) + container: + - id: ubuntu-22.04:gcc-12x + - id: ubuntu-22.04:gcc-11x + - id: ubuntu-20.04:gcc-8x + - id: ubuntu-20.04:gcc-7x + - id: ubuntu-20.04:clang-9x + - id: ubuntu-20.04:clang-8x + - id: ubuntu-20.04:clang-7x-bm-framework + - id: ubuntu-20.04:clang-7x + - id: ubuntu-20.04:clang-10x + - id: ubuntu-22.04:base + - id: ubuntu-20.04:base + - id: ubuntu-18.04:base + name: Compatibility tests (${{ matrix.container.id }}) permissions: contents: 'read' id-token: 'write' uses: ./.github/workflows/ci_ec2_reusable.yml if: github.repository_owner == 'pq-code-package' && !github.event.pull_request.head.repo.fork with: - name: ${{ matrix.target.name }} - ec2_instance_type: ${{ matrix.target.ec2_instance_type }} - ec2_ami: ${{ matrix.target.ec2_ami }} - ec2_ami_id: ${{ matrix.target.ec2_ami_id }} - compile_mode: ${{ matrix.target.compile_mode }} - opt: ${{ matrix.target.opt }} + container: ${{ matrix.container.id }} + name: ${{ matrix.container.id }} + ec2_instance_type: c7g.medium + ec2_ami: ubuntu-latest (custom AMI) + ec2_ami_id: ami-0f4b26c5372aa0525 + compile_mode: native + opt: all functest: true kattest: true nistkattest: true @@ -430,6 +419,55 @@ jobs: lint: false verbose: true secrets: inherit + # ec2_functests: + # strategy: + # fail-fast: false + # matrix: + # target: + # - name: AMD EPYC 4th gen (t3a) + # ec2_instance_type: t3a.small + # ec2_ami: ubuntu-latest (custom AMI) + # ec2_ami_id: ami-0d47e137a1108e078 # x86_64 ubuntu-latest, 32g + # compile_mode: native + # opt: all + # - name: Intel Xeon 4th gen (t3) + # ec2_instance_type: t3.small + # ec2_ami: ubuntu-latest (custom AMI) + # ec2_ami_id: ami-0d47e137a1108e078 # x86_64 ubuntu-latest, 32g + # compile_mode: native + # opt: all + # - name: Graviton2 (c6g.medium) + # ec2_instance_type: c6g.medium + # ec2_ami: ubuntu-latest (custom AMI) + # ec2_ami_id: ami-0f4b26c5372aa0525 # ami-08ddb0acd99dc3d33 # aarch64, ubuntu-latest, 64g + # compile_mode: native + # opt: all + # - name: Graviton3 (c7g.medium) + # ec2_instance_type: c7g.medium + # ec2_ami: ubuntu-latest (custom AMI) + # ec2_ami_id: ami-0f4b26c5372aa0525 # ami-08ddb0acd99dc3d33 # aarch64, ubuntu-latest, 64g + # compile_mode: native + # opt: all + # name: Platform tests (${{ matrix.target.name }}) + # permissions: + # contents: 'read' + # id-token: 'write' + # uses: ./.github/workflows/ci_ec2_reusable.yml + # if: github.repository_owner == 'pq-code-package' && !github.event.pull_request.head.repo.fork + # with: + # name: ${{ matrix.target.name }} + # ec2_instance_type: ${{ matrix.target.ec2_instance_type }} + # ec2_ami: ${{ matrix.target.ec2_ami }} + # ec2_ami_id: ${{ matrix.target.ec2_ami_id }} + # compile_mode: ${{ matrix.target.compile_mode }} + # opt: ${{ matrix.target.opt }} + # functest: true + # kattest: true + # nistkattest: true + # acvptest: true + # lint: false + # verbose: true + # secrets: inherit # cbmc_k2: # name: CBMC (ML-KEM-512) # needs: [quickcheck, quickcheck-windows, quickcheck-c90, quickcheck-lib, examples, lint, lint-markdown-link] diff --git a/.github/workflows/ci_ec2_reusable.yml b/.github/workflows/ci_ec2_reusable.yml index adb143c5b..171f437af 100644 --- a/.github/workflows/ci_ec2_reusable.yml +++ b/.github/workflows/ci_ec2_reusable.yml @@ -59,6 +59,9 @@ on: cbmc_mlkem_k: type: string default: 2 + container: + type: string + default: '' env: AWS_ROLE: arn:aws:iam::559050233797:role/mlkem-c-aarch64-gh-action AWS_REGION: us-east-1 @@ -112,58 +115,81 @@ jobs: ec2-instance-type: ${{ inputs.ec2_instance_type }} subnet-id: subnet-07b2729e5e065962f security-group-id: sg-0ab2e297196c8c381 - tests: - name: Run test + container_tests: + name: Run container tests needs: start-ec2-runner + if: ${{ inputs.container != '' }} runs-on: ${{ needs.start-ec2-runner.outputs.label }} container: - localhost:5000/ubuntu-20.04:clang-8x + localhost:5000/${{ inputs.container }} steps: - name: hello shell: bash run: | echo "Hello World" + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: ./.github/actions/setup-ubuntu + with: + sudo: "" + - name: make quickcheck + run: | + OPT=0 make quickcheck >/dev/null + make clean >/dev/null + OPT=1 make quickcheck >/dev/null + - name: Functional Tests + uses: ./.github/actions/multi-functest + with: + nix-shell: "" + gh_token: ${{ secrets.AWS_GITHUB_TOKEN }} + cflags: ${{ inputs.cflags }} + compile_mode: ${{ inputs.compile_mode }} + opt: ${{ inputs.opt }} + func: ${{ inputs.functest }} + kat: ${{ inputs.kattest }} + nistkat: ${{ inputs.nistkattest }} + acvp: ${{ inputs.acvptest }} - # tests: - # name: Run test - # needs: start-ec2-runner - # runs-on: ${{ needs.start-ec2-runner.outputs.label }} - # steps: - # - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - # - name: Linting - # if: ${{ inputs.lint }} - # uses: ./.github/actions/lint - # with: - # nix-shell: ci-linter - # gh_token: ${{ secrets.AWS_GITHUB_TOKEN }} - # nix-verbose: ${{ inputs.verbose }} - # - name: Preprocess - # id: preprocess - # shell: bash - # run: | - # echo "nix-shell=${{ inputs.cbmc && 'ci-cbmc' || 'ci' }}${{ (inputs.compile_mode == 'cross' || inputs.compile_mode == 'all') && '-cross' || '' }}" >> $GITHUB_OUTPUT - # - name: Functional Tests - # uses: ./.github/actions/multi-functest - # with: - # nix-shell: ${{ steps.preprocess.outputs.nix-shell }} - # nix-cache: ${{ inputs.cbmc || inputs.compile_mode == 'cross' || inputs.compile_mode == 'all' }} - # nix-verbose: ${{ inputs.verbose }} - # gh_token: ${{ secrets.AWS_GITHUB_TOKEN }} - # cflags: ${{ inputs.cflags }} - # compile_mode: ${{ inputs.compile_mode }} - # opt: ${{ inputs.opt }} - # func: ${{ inputs.functest }} - # kat: ${{ inputs.kattest }} - # nistkat: ${{ inputs.nistkattest }} - # acvp: ${{ inputs.acvptest }} - # - name: CBMC - # if: ${{ inputs.cbmc && (success() || failure()) }} - # uses: ./.github/actions/cbmc - # with: - # nix-shell: ${{ steps.preprocess.outputs.nix-shell }} - # nix-verbose: ${{ inputs.verbose }} - # mlkem_k: ${{ inputs.cbmc_mlkem_k }} - # gh_token: ${{ secrets.AWS_GITHUB_TOKEN }} + tests: + name: Run tests + needs: start-ec2-runner + if: ${{ inputs.container == '' }} + runs-on: ${{ needs.start-ec2-runner.outputs.label }} + steps: + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - name: Linting + if: ${{ inputs.lint }} + uses: ./.github/actions/lint + with: + nix-shell: ci-linter + gh_token: ${{ secrets.AWS_GITHUB_TOKEN }} + nix-verbose: ${{ inputs.verbose }} + - name: Preprocess + id: preprocess + shell: bash + run: | + echo "nix-shell=${{ inputs.cbmc && 'ci-cbmc' || 'ci' }}${{ (inputs.compile_mode == 'cross' || inputs.compile_mode == 'all') && '-cross' || '' }}" >> $GITHUB_OUTPUT + - name: Functional Tests + uses: ./.github/actions/multi-functest + with: + nix-shell: ${{ steps.preprocess.outputs.nix-shell }} + nix-cache: ${{ inputs.cbmc || inputs.compile_mode == 'cross' || inputs.compile_mode == 'all' }} + nix-verbose: ${{ inputs.verbose }} + gh_token: ${{ secrets.AWS_GITHUB_TOKEN }} + cflags: ${{ inputs.cflags }} + compile_mode: ${{ inputs.compile_mode }} + opt: ${{ inputs.opt }} + func: ${{ inputs.functest }} + kat: ${{ inputs.kattest }} + nistkat: ${{ inputs.nistkattest }} + acvp: ${{ inputs.acvptest }} + - name: CBMC + if: ${{ inputs.cbmc && (success() || failure()) }} + uses: ./.github/actions/cbmc + with: + nix-shell: ${{ steps.preprocess.outputs.nix-shell }} + nix-verbose: ${{ inputs.verbose }} + mlkem_k: ${{ inputs.cbmc_mlkem_k }} + gh_token: ${{ secrets.AWS_GITHUB_TOKEN }} stop-ec2-runner: name: Stop instance (${{ inputs.ec2_instance_type }}) permissions: @@ -172,6 +198,7 @@ jobs: needs: - start-ec2-runner - tests + - container_tests runs-on: ubuntu-latest if: ${{ always() }} # required to stop the runner even if the error happened in the previous jobs steps: