Skip to content

Commit

Permalink
wip
Browse files Browse the repository at this point in the history
  • Loading branch information
hanno-becker committed Dec 21, 2024
1 parent 34bd86f commit 3be4f5c
Show file tree
Hide file tree
Showing 3 changed files with 185 additions and 46 deletions.
7 changes: 3 additions & 4 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -440,9 +440,8 @@ jobs:
fail-fast: false
matrix:
container:
- id: fedora:38
- id: fedora:39
- id: fedora:40
- id: debian:bookworm
- id: debian:bullseye
name: Compatibility tests (${{ matrix.container.id }})
runs-on: ubuntu-latest
container:
Expand Down Expand Up @@ -512,7 +511,7 @@ jobs:
permissions:
contents: 'read'
id-token: 'write'
uses: ./.github/workflows/ci_ec2_reusable.yml
uses: ./.github/workflows/ci_ec2_container.yml
if: github.repository_owner == 'pq-code-package' && !github.event.pull_request.head.repo.fork
with:
container: ${{ matrix.container.id }}
Expand Down
182 changes: 182 additions & 0 deletions .github/workflows/ci_ec2_container.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,182 @@
# SPDX-License-Identifier: Apache-2.0

name: ci-ec2-reusable
permissions:
contents: read
on:
workflow_call:
inputs:
name:
type: string
description: Alternative name of instance
default: Graviton2
ec2_instance_type:
type: string
description: Type if EC2 instance to benchmark on
default: t4g.small
ec2_ami:
type: string
description: Textual description of AMI
default: ubuntu-latest (aarch64)
ec2_ami_id:
type: string
description: AMI ID
default: ami-096ea6a12ea24a797
cflags:
type: string
description: Custom CFLAGS for compilation
default: ""
verbose:
description: Determine for the log verbosity
type: boolean
default: false
compile_mode:
type: string
description: either all, native, cross or none
default: all
opt:
type: string
description: either all, opt or no_opt
default: all
functest:
type: boolean
default: true
kattest:
type: boolean
default: true
nistkattest:
type: boolean
default: true
acvptest:
type: boolean
default: true
lint:
type: boolean
default: true
cbmc:
type: boolean
default: false
cbmc_mlkem_k:
type: string
default: 2
container:
type: string
default: ''
env:
AWS_ROLE: arn:aws:iam::559050233797:role/mlkem-c-aarch64-gh-action
AWS_REGION: us-east-1
AMI_UBUNTU_LATEST_X86_64: ami-0e86e20dae9224db8
AMI_UBUNTU_LATEST_AARCH64: ami-096ea6a12ea24a797
jobs:
start-ec2-runner:
name: Start instance (${{ inputs.ec2_instance_type }})
permissions:
contents: 'read'
id-token: 'write'
runs-on: ubuntu-latest
if: ${{ always() }} # The point is to make this step non-cancellable,
# avoiding race conditions where an instance is started,
# but isn't yet done registering as a runner and reporting back.
outputs:
label: ${{ steps.start-ec2-runner.outputs.label }}
ec2-instance-id: ${{ steps.start-ec2-runner.outputs.ec2-instance-id }}
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Determine AMI ID
id: det_ami_id
run: |
if [[ "${{ inputs.ec2_ami }}" == "ubuntu-latest (x86_64)" ]]; then
AMI_ID=${{ env.AMI_UBUNTU_LATEST_X86_64 }}
elif [[ "${{ inputs.ec2_ami }}" == "ubuntu-latest (aarch64)" ]]; then
AMI_ID=${{ env.AMI_UBUNTU_LATEST_AARCH64 }}
elif [[ "${{ inputs.ec2_ami }}" == "ubuntu-latest (custom AMI)" ]]; then
AMI_ID=${{ inputs.ec2_ami_id }}
fi
echo "Using AMI ID: $AMI_ID"
echo "AMI_ID=$AMI_ID" >> $GITHUB_OUTPUT
- name: Clear nix-installer action cache
uses: ./.github/actions/clear-cache
with:
key_prefix: determinatesystem-nix-installer-
repository: ${{ github.repository }}
gh_token: ${{ secrets.AWS_GITHUB_TOKEN }}
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
with:
role-to-assume: ${{ env.AWS_ROLE }}
aws-region: ${{ env.AWS_REGION }}
- name: Start EC2 runner
id: start-ec2-runner
uses: mkannwischer/ec2-github-runner@d15c8804522523d2bac7119a01ffff83b7795d87
with:
mode: start
github-token: ${{ secrets.AWS_GITHUB_TOKEN }}
ec2-image-id: ${{ steps.det_ami_id.outputs.AMI_ID }}
ec2-instance-type: ${{ inputs.ec2_instance_type }}
subnet-id: subnet-07b2729e5e065962f
security-group-id: sg-0ab2e297196c8c381
tests:
name: Run tests
needs: start-ec2-runner
if: ${{ inputs.container != '' }}
runs-on: ${{ needs.start-ec2-runner.outputs.label }}
container:
localhost:5000/${{ inputs.container }}
steps:
- name: Manual checkout
shell: bash
run: |
if which yum; then
yum install git -y
elif which apt; then
apt update
apt install git -y
fi
git init
git remote add origin $GITHUB_SERVER_URL/$GITHUB_REPOSITORY
git fetch origin --depth 1 $GITHUB_SHA
git checkout FETCH_HEAD
- uses: ./.github/actions/setup-os
with:
sudo: ""
- name: make quickcheck
run: |
OPT=0 make quickcheck >/dev/null
make clean >/dev/null
OPT=1 make quickcheck >/dev/null
- name: Functional Tests
uses: ./.github/actions/multi-functest
with:
nix-shell: ""
gh_token: ${{ secrets.AWS_GITHUB_TOKEN }}
cflags: ${{ inputs.cflags }}
compile_mode: ${{ inputs.compile_mode }}
opt: ${{ inputs.opt }}
func: ${{ inputs.functest }}
kat: ${{ inputs.kattest }}
nistkat: ${{ inputs.nistkattest }}
acvp: ${{ inputs.acvptest }}
stop-ec2-runner:
name: Stop instance (${{ inputs.ec2_instance_type }})
permissions:
contents: 'read'
id-token: 'write'
needs:
- start-ec2-runner
- tests
runs-on: ubuntu-latest
if: ${{ always() }} # required to stop the runner even if the error happened in the previous jobs
steps:
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
with:
role-to-assume: ${{ env.AWS_ROLE }}
aws-region: ${{ env.AWS_REGION }}
- name: Stop EC2 runner
uses: mkannwischer/ec2-github-runner@d15c8804522523d2bac7119a01ffff83b7795d87
with:
mode: stop
github-token: ${{ secrets.AWS_GITHUB_TOKEN }}
label: ${{ needs.start-ec2-runner.outputs.label }}
ec2-instance-id: ${{ needs.start-ec2-runner.outputs.ec2-instance-id }}
42 changes: 0 additions & 42 deletions .github/workflows/ci_ec2_reusable.yml
Original file line number Diff line number Diff line change
Expand Up @@ -115,48 +115,6 @@ jobs:
ec2-instance-type: ${{ inputs.ec2_instance_type }}
subnet-id: subnet-07b2729e5e065962f
security-group-id: sg-0ab2e297196c8c381
container_tests:
name: Run container tests
needs: start-ec2-runner
if: ${{ inputs.container != '' }}
runs-on: ${{ needs.start-ec2-runner.outputs.label }}
container:
localhost:5000/${{ inputs.container }}
steps:
- name: Manual checkout
shell: bash
run: |
if which yum; then
yum install git -y
elif which apt; then
apt update
apt install git -y
fi
git init
git remote add origin $GITHUB_SERVER_URL/$GITHUB_REPOSITORY
git fetch origin --depth 1 $GITHUB_SHA
git checkout FETCH_HEAD
- uses: ./.github/actions/setup-os
with:
sudo: ""
- name: make quickcheck
run: |
OPT=0 make quickcheck >/dev/null
make clean >/dev/null
OPT=1 make quickcheck >/dev/null
- name: Functional Tests
uses: ./.github/actions/multi-functest
with:
nix-shell: ""
gh_token: ${{ secrets.AWS_GITHUB_TOKEN }}
cflags: ${{ inputs.cflags }}
compile_mode: ${{ inputs.compile_mode }}
opt: ${{ inputs.opt }}
func: ${{ inputs.functest }}
kat: ${{ inputs.kattest }}
nistkat: ${{ inputs.nistkattest }}
acvp: ${{ inputs.acvptest }}
tests:
name: Run tests
needs: start-ec2-runner
Expand Down

0 comments on commit 3be4f5c

Please sign in to comment.