diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 8504864eb..54ffbacf1 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -34,358 +34,354 @@ jobs: steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - uses: gaurav-nelson/github-action-markdown-link-check@d53a906aa6b22b8979d33bc86170567e619495ec # v1.0.15 - quickcheck: - strategy: - fail-fast: false - matrix: - external: - - ${{ github.repository_owner != 'pq-code-package' }} - target: - - runner: pqcp-arm64 - name: 'aarch64' - - runner: ubuntu-latest - name: 'x86_64' - exclude: - - {external: true, - target: { - runner: pqcp-arm64, - name: 'aarch64' - }} - name: Quickcheck (${{ matrix.target.name }}) - runs-on: ${{ matrix.target.runner }} - steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - name: make quickcheck - run: | - OPT=0 make quickcheck >/dev/null - make clean >/dev/null - OPT=1 make quickcheck >/dev/null - - uses: ./.github/actions/setup-ubuntu - - name: tests func - run: | - ./scripts/tests func - - name: check namespacing - run: | - ./scripts/ci/check-namespace - quickcheck-c90: - strategy: - fail-fast: false - matrix: - external: - - ${{ github.repository_owner != 'pq-code-package' }} - target: - - runner: pqcp-arm64 - name: 'aarch64' - - runner: ubuntu-latest - name: 'x86_64' - exclude: - - {external: true, - target: { - runner: pqcp-arm64, - name: 'aarch64' - }} - name: Quickcheck C90 (${{ matrix.target.name }}) - runs-on: ${{ matrix.target.runner }} - steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - name: make quickcheck - run: | - OPT=0 CPPFLAGS=-std=c90 make quickcheck >/dev/null - make clean >/dev/null - OPT=1 CPPFLAGS=-std=c90 make quickcheck >/dev/null - - uses: ./.github/actions/setup-ubuntu - - name: tests func - run: | - CPPFLAGS="-std=c90" ./scripts/tests func - - name: check namespacing - run: | - ./scripts/ci/check-namespace - quickcheck-windows: - name: Quickcheck windows-latest - runs-on: windows-latest - steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - uses: ilammy/msvc-dev-cmd@0b201ec74fa43914dc39ae48a89fd1d8cb592756 # v1.13.0 - - name: Build test - shell: powershell - run: | - # print compiler version - cl - nmake /f ./Makefile.Microsoft_nmake quickcheck - quickcheck-lib: - name: Quickcheck lib - strategy: - matrix: - system: [macos-latest, ubuntu-latest] - runs-on: ${{ matrix.system }} - steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - name: make lib - run: | - make lib - examples: - name: Examples - strategy: - matrix: - system: [macos-latest, ubuntu-latest] - runs-on: ${{ matrix.system }} - steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - name: mlkem_native_as_code_package - run: | - make run -C examples/mlkem_native_as_code_package - - name: bring_your_own_fips202 - run: | - make run -C examples/bring_your_own_fips202 - - name: custom_backend - run: | - make run -C examples/custom_backend - build_kat: - needs: [quickcheck, quickcheck-windows, quickcheck-c90, quickcheck-lib, examples, lint, lint-markdown-link] - strategy: - fail-fast: false - matrix: - external: - - ${{ github.repository_owner != 'pq-code-package' }} - target: - - runner: macos-latest - name: 'MacOS' - arch: mac - mode: native - - runner: pqcp-arm64 - name: 'ubuntu-latest (aarch64)' - arch: aarch64 - mode: native - - runner: pqcp-arm64 - name: 'ubuntu-latest (aarch64)' - arch: x86_64 - mode: cross-x86_64 - - runner: pqcp-arm64 - name: 'ubuntu-latest (aarch64)' - arch: riscv64 - mode: cross-riscv64 - - runner: pqcp-x64 - name: 'ubuntu-latest (x86_64)' - arch: x86_64 - mode: native - - runner: pqcp-x64 - name: 'ubuntu-latest (x86_64)' - arch: aarch64 - mode: cross-aarch64 - - runner: pqcp-x64 - name: 'ubuntu-latest (x86_64)' - arch: aarch64_be - mode: cross-aarch64_be - exclude: - - {external: true, - target: { - runner: pqcp-arm64, - name: 'ubuntu-latest (aarch64)', - arch: aarch64, - mode: native - }} - - {external: true, - target: { - runner: pqcp-arm64, - name: 'ubuntu-latest (aarch64)', - arch: x86_64, - mode: cross-x86_64 - }} - - {external: true, - target: { - runner: pqcp-arm64, - name: 'ubuntu-latest (aarch64)', - arch: riscv64, - mode: cross-riscv64 - }} - - {external: true, - target: { - runner: pqcp-x64, - name: 'ubuntu-latest (x86_64)', - arch: x86_64, - mode: native - }} - - {external: true, - target: { - runner: pqcp-x64, - name: 'ubuntu-latest (x86_64)', - arch: aarch64, - mode: cross-aarch64 - }} - - {external: true, - target: { - runner: pqcp-x64, - name: 'ubuntu-latest (x86_64)', - arch: aarch64_be, - mode: cross-aarch64_be - }} - name: Functional tests (${{ matrix.target.arch }}${{ matrix.target.mode != 'native' && ', cross' || ''}}) - runs-on: ${{ matrix.target.runner }} - steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - name: build + test - uses: ./.github/actions/multi-functest - with: - nix-shell: ${{ matrix.target.mode == 'native' && 'ci' || 'ci-cross' }} - nix-cache: ${{ matrix.target.mode == 'native' && 'false' || 'true' }} - gh_token: ${{ secrets.GITHUB_TOKEN }} - compile_mode: ${{ matrix.target.mode }} - # There is no native code on R-V or AArch64_be yet, so no point running opt tests - opt: ${{ (matrix.target.arch != 'riscv64' && matrix.target.arch != 'aarch64_be') && 'all' || 'no_opt' }} - - name: build + test (+debug+memsan+ubsan) - uses: ./.github/actions/multi-functest - if: ${{ matrix.target.mode == 'native' }} - with: - gh_token: ${{ secrets.GITHUB_TOKEN }} - compile_mode: native - cflags: "-DMLKEM_DEBUG -fsanitize=address -fsanitize=undefined -fno-sanitize-recover=all" - compiler_tests: - name: Compiler tests (${{ matrix.target.name }}) - needs: [quickcheck, quickcheck-windows, quickcheck-c90, quickcheck-lib, examples, lint, lint-markdown-link] - strategy: - fail-fast: false - matrix: - external: - - ${{ github.repository_owner != 'pq-code-package' }} - target: - - runner: pqcp-arm64 - name: 'aarch64' - - runner: ubuntu-latest - name: 'x86_64' - - runner: macos-latest - name: 'macos' - exclude: - - {external: true, - target: { - runner: pqcp-arm64, - name: 'aarch64' - }} - runs-on: ${{ matrix.target.runner }} - steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - name: native build+functest (gcc-4.8) - if: ${{ matrix.target.runner != 'macos-latest' }} - uses: ./.github/actions/multi-functest - with: - gh_token: ${{ secrets.GITHUB_TOKEN }} - compile_mode: native - func: true - nistkat: false - kat: false - acvp: false - nix-shell: "ci_gcc48" - - name: native build+functest (gcc-4.9) - if: ${{ matrix.target.runner != 'macos-latest' }} - uses: ./.github/actions/multi-functest - with: - gh_token: ${{ secrets.GITHUB_TOKEN }} - compile_mode: native - func: true - nistkat: false - kat: false - acvp: false - nix-shell: "ci_gcc49" - - name: native build+functest (gcc-7) - if: ${{ matrix.target.runner != 'macos-latest' }} - uses: ./.github/actions/multi-functest - with: - gh_token: ${{ secrets.GITHUB_TOKEN }} - compile_mode: native - func: true - nistkat: false - kat: false - acvp: false - nix-shell: "ci_gcc7" - - name: native build+functest (gcc-11) - uses: ./.github/actions/multi-functest - with: - gh_token: ${{ secrets.GITHUB_TOKEN }} - compile_mode: native - func: true - nistkat: false - kat: false - acvp: false - nix-shell: "ci_gcc11" - - name: native build+functest (gcc-14) - uses: ./.github/actions/multi-functest - with: - gh_token: ${{ secrets.GITHUB_TOKEN }} - compile_mode: native - func: true - nistkat: false - kat: false - acvp: false - nix-shell: "ci_gcc14" - - name: native build+functest (clang-18) - uses: ./.github/actions/multi-functest - with: - gh_token: ${{ secrets.GITHUB_TOKEN }} - compile_mode: native - func: true - nistkat: false - kat: false - acvp: false - nix-shell: "ci_clang18" - # The purpose of this job is to test non-default yet valid configurations - config_variations: - name: Non-standard configurations - needs: [quickcheck, quickcheck-windows, quickcheck-c90, quickcheck-lib, examples, lint, lint-markdown-link] - strategy: - fail-fast: false - matrix: - external: - - ${{ github.repository_owner != 'pq-code-package' }} - target: - - runner: pqcp-arm64 - name: 'ubuntu-latest (aarch64)' - - runner: pqcp-x64 - name: 'ubuntu-latest (x86_64)' - exclude: - - {external: true, - target: { - runner: pqcp-arm64, - name: 'ubuntu-latest (aarch64)', - }} - - {external: true, - target: { - runner: pqcp-x64, - name: 'ubuntu-latest (x86_64)', - }} - runs-on: ${{ matrix.target.runner }} - steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - name: "MLKEM_GEN_MATRIX_NBLOCKS=1" - uses: ./.github/actions/multi-functest - with: - gh_token: ${{ secrets.GITHUB_TOKEN }} - compile_mode: native - cflags: "-fsanitize=address -fsanitize=undefined -fno-sanitize-recover=all -DMLKEM_GEN_MATRIX_NBLOCKS=1" - func: true - nistkat: true - kat: false - acvp: false - - name: "MLKEM_GEN_MATRIX_NBLOCKS=2" - uses: ./.github/actions/multi-functest - with: - gh_token: ${{ secrets.GITHUB_TOKEN }} - compile_mode: native - cflags: "-fsanitize=address -fsanitize=undefined -fno-sanitize-recover=all -DMLKEM_GEN_MATRIX_NBLOCKS=2" - func: true - nistkat: true - kat: false - acvp: false - - name: "MLKEM_GEN_MATRIX_NBLOCKS=4" - uses: ./.github/actions/multi-functest - with: - gh_token: ${{ secrets.GITHUB_TOKEN }} - compile_mode: native - cflags: "-fsanitize=address -fsanitize=undefined -fno-sanitize-recover=all -DMLKEM_GEN_MATRIX_NBLOCKS=4" - func: true - nistkat: true - kat: false - acvp: false + # quickcheck: + # strategy: + # fail-fast: false + # matrix: + # external: + # - ${{ github.repository_owner != 'pq-code-package' }} + # target: + # - runner: pqcp-arm64 + # name: 'aarch64' + # - runner: ubuntu-latest + # name: 'x86_64' + # exclude: + # - {external: true, + # target: { + # runner: pqcp-arm64, + # name: 'aarch64' + # }} + # name: Quickcheck (${{ matrix.target.name }}) + # runs-on: ${{ matrix.target.runner }} + # steps: + # - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + # - name: make quickcheck + # run: | + # OPT=0 make quickcheck >/dev/null + # make clean >/dev/null + # OPT=1 make quickcheck >/dev/null + # - uses: ./.github/actions/setup-ubuntu + # - name: tests func + # run: | + # ./scripts/tests func + # - name: check namespacing + # run: | + # ./scripts/ci/check-namespace + # quickcheck-c90: + # strategy: + # fail-fast: false + # matrix: + # external: + # - ${{ github.repository_owner != 'pq-code-package' }} + # target: + # - runner: pqcp-arm64 + # name: 'aarch64' + # - runner: ubuntu-latest + # name: 'x86_64' + # exclude: + # - {external: true, + # target: { + # runner: pqcp-arm64, + # name: 'aarch64' + # }} + # name: Quickcheck C90 (${{ matrix.target.name }}) + # runs-on: ${{ matrix.target.runner }} + # steps: + # - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + # - name: make quickcheck + # run: | + # OPT=0 CPPFLAGS=-std=c90 make quickcheck >/dev/null + # make clean >/dev/null + # OPT=1 CPPFLAGS=-std=c90 make quickcheck >/dev/null + # - uses: ./.github/actions/setup-ubuntu + # - name: tests func + # run: | + # CPPFLAGS="-std=c90" ./scripts/tests func + # - name: check namespacing + # run: | + # ./scripts/ci/check-namespace + # quickcheck-windows: + # name: Quickcheck windows-latest + # runs-on: windows-latest + # steps: + # - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + # - uses: ilammy/msvc-dev-cmd@0b201ec74fa43914dc39ae48a89fd1d8cb592756 # v1.13.0 + # - name: Build test + # shell: powershell + # run: | + # # print compiler version + # cl + # nmake /f ./Makefile.Microsoft_nmake quickcheck + # quickcheck-lib: + # name: Quickcheck lib + # strategy: + # matrix: + # system: [macos-latest, ubuntu-latest] + # runs-on: ${{ matrix.system }} + # steps: + # - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + # - name: make lib + # run: | + # make lib + # examples: + # name: Examples + # strategy: + # matrix: + # system: [macos-latest, ubuntu-latest] + # runs-on: ${{ matrix.system }} + # steps: + # - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + # - name: mlkem_native_as_code_package + # run: | + # make run -C examples/mlkem_native_as_code_package + # - name: bring_your_own_fips202 + # run: | + # make run -C examples/bring_your_own_fips202 + # - name: custom_backend + # run: | + # make run -C examples/custom_backend + # build_kat: + # strategy: + # fail-fast: false + # matrix: + # external: + # - ${{ github.repository_owner != 'pq-code-package' }} + # target: + # - runner: macos-latest + # name: 'MacOS' + # arch: mac + # mode: native + # - runner: pqcp-arm64 + # name: 'ubuntu-latest (aarch64)' + # arch: aarch64 + # mode: native + # - runner: pqcp-arm64 + # name: 'ubuntu-latest (aarch64)' + # arch: x86_64 + # mode: cross-x86_64 + # - runner: pqcp-arm64 + # name: 'ubuntu-latest (aarch64)' + # arch: riscv64 + # mode: cross-riscv64 + # - runner: pqcp-x64 + # name: 'ubuntu-latest (x86_64)' + # arch: x86_64 + # mode: native + # - runner: pqcp-x64 + # name: 'ubuntu-latest (x86_64)' + # arch: aarch64 + # mode: cross-aarch64 + # - runner: pqcp-x64 + # name: 'ubuntu-latest (x86_64)' + # arch: aarch64_be + # mode: cross-aarch64_be + # exclude: + # - {external: true, + # target: { + # runner: pqcp-arm64, + # name: 'ubuntu-latest (aarch64)', + # arch: aarch64, + # mode: native + # }} + # - {external: true, + # target: { + # runner: pqcp-arm64, + # name: 'ubuntu-latest (aarch64)', + # arch: x86_64, + # mode: cross-x86_64 + # }} + # - {external: true, + # target: { + # runner: pqcp-arm64, + # name: 'ubuntu-latest (aarch64)', + # arch: riscv64, + # mode: cross-riscv64 + # }} + # - {external: true, + # target: { + # runner: pqcp-x64, + # name: 'ubuntu-latest (x86_64)', + # arch: x86_64, + # mode: native + # }} + # - {external: true, + # target: { + # runner: pqcp-x64, + # name: 'ubuntu-latest (x86_64)', + # arch: aarch64, + # mode: cross-aarch64 + # }} + # - {external: true, + # target: { + # runner: pqcp-x64, + # name: 'ubuntu-latest (x86_64)', + # arch: aarch64_be, + # mode: cross-aarch64_be + # }} + # name: Functional tests (${{ matrix.target.arch }}${{ matrix.target.mode != 'native' && ', cross' || ''}}) + # runs-on: ${{ matrix.target.runner }} + # steps: + # - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + # - name: build + test + # uses: ./.github/actions/multi-functest + # with: + # nix-shell: ${{ matrix.target.mode == 'native' && 'ci' || 'ci-cross' }} + # nix-cache: ${{ matrix.target.mode == 'native' && 'false' || 'true' }} + # gh_token: ${{ secrets.GITHUB_TOKEN }} + # compile_mode: ${{ matrix.target.mode }} + # # There is no native code on R-V or AArch64_be yet, so no point running opt tests + # opt: ${{ (matrix.target.arch != 'riscv64' && matrix.target.arch != 'aarch64_be') && 'all' || 'no_opt' }} + # - name: build + test (+debug+memsan+ubsan) + # uses: ./.github/actions/multi-functest + # if: ${{ matrix.target.mode == 'native' }} + # with: + # gh_token: ${{ secrets.GITHUB_TOKEN }} + # compile_mode: native + # cflags: "-DMLKEM_DEBUG -fsanitize=address -fsanitize=undefined -fno-sanitize-recover=all" + # compiler_tests: + # name: Compiler tests (${{ matrix.target.name }}) + # strategy: + # fail-fast: false + # matrix: + # external: + # - ${{ github.repository_owner != 'pq-code-package' }} + # target: + # - runner: pqcp-arm64 + # name: 'aarch64' + # - runner: ubuntu-latest + # name: 'x86_64' + # - runner: macos-latest + # name: 'macos' + # exclude: + # - {external: true, + # target: { + # runner: pqcp-arm64, + # name: 'aarch64' + # }} + # runs-on: ${{ matrix.target.runner }} + # steps: + # - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + # - name: native build+functest (gcc-4.8) + # if: ${{ matrix.target.runner != 'macos-latest' }} + # uses: ./.github/actions/multi-functest + # with: + # gh_token: ${{ secrets.GITHUB_TOKEN }} + # compile_mode: native + # func: true + # nistkat: false + # kat: false + # acvp: false + # nix-shell: "ci_gcc48" + # - name: native build+functest (gcc-4.9) + # if: ${{ matrix.target.runner != 'macos-latest' }} + # uses: ./.github/actions/multi-functest + # with: + # gh_token: ${{ secrets.GITHUB_TOKEN }} + # compile_mode: native + # func: true + # nistkat: false + # kat: false + # acvp: false + # nix-shell: "ci_gcc49" + # - name: native build+functest (gcc-7) + # if: ${{ matrix.target.runner != 'macos-latest' }} + # uses: ./.github/actions/multi-functest + # with: + # gh_token: ${{ secrets.GITHUB_TOKEN }} + # compile_mode: native + # func: true + # nistkat: false + # kat: false + # acvp: false + # nix-shell: "ci_gcc7" + # - name: native build+functest (gcc-11) + # uses: ./.github/actions/multi-functest + # with: + # gh_token: ${{ secrets.GITHUB_TOKEN }} + # compile_mode: native + # func: true + # nistkat: false + # kat: false + # acvp: false + # nix-shell: "ci_gcc11" + # - name: native build+functest (gcc-14) + # uses: ./.github/actions/multi-functest + # with: + # gh_token: ${{ secrets.GITHUB_TOKEN }} + # compile_mode: native + # func: true + # nistkat: false + # kat: false + # acvp: false + # nix-shell: "ci_gcc14" + # - name: native build+functest (clang-18) + # uses: ./.github/actions/multi-functest + # with: + # gh_token: ${{ secrets.GITHUB_TOKEN }} + # compile_mode: native + # func: true + # nistkat: false + # kat: false + # acvp: false + # nix-shell: "ci_clang18" + # # The purpose of this job is to test non-default yet valid configurations + # config_variations: + # name: Non-standard configurations + # strategy: + # fail-fast: false + # matrix: + # external: + # - ${{ github.repository_owner != 'pq-code-package' }} + # target: + # - runner: pqcp-arm64 + # name: 'ubuntu-latest (aarch64)' + # - runner: pqcp-x64 + # name: 'ubuntu-latest (x86_64)' + # exclude: + # - {external: true, + # target: { + # runner: pqcp-arm64, + # name: 'ubuntu-latest (aarch64)', + # }} + # - {external: true, + # target: { + # runner: pqcp-x64, + # name: 'ubuntu-latest (x86_64)', + # }} + # runs-on: ${{ matrix.target.runner }} + # steps: + # - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + # - name: "MLKEM_GEN_MATRIX_NBLOCKS=1" + # uses: ./.github/actions/multi-functest + # with: + # gh_token: ${{ secrets.GITHUB_TOKEN }} + # compile_mode: native + # cflags: "-fsanitize=address -fsanitize=undefined -fno-sanitize-recover=all -DMLKEM_GEN_MATRIX_NBLOCKS=1" + # func: true + # nistkat: true + # kat: false + # acvp: false + # - name: "MLKEM_GEN_MATRIX_NBLOCKS=2" + # uses: ./.github/actions/multi-functest + # with: + # gh_token: ${{ secrets.GITHUB_TOKEN }} + # compile_mode: native + # cflags: "-fsanitize=address -fsanitize=undefined -fno-sanitize-recover=all -DMLKEM_GEN_MATRIX_NBLOCKS=2" + # func: true + # nistkat: true + # kat: false + # acvp: false + # - name: "MLKEM_GEN_MATRIX_NBLOCKS=4" + # uses: ./.github/actions/multi-functest + # with: + # gh_token: ${{ secrets.GITHUB_TOKEN }} + # compile_mode: native + # cflags: "-fsanitize=address -fsanitize=undefined -fno-sanitize-recover=all -DMLKEM_GEN_MATRIX_NBLOCKS=4" + # func: true + # nistkat: true + # kat: false + # acvp: false ec2_functests: - needs: [quickcheck, quickcheck-windows, quickcheck-c90, quickcheck-lib, examples, lint, lint-markdown-link] strategy: fail-fast: false matrix: @@ -405,13 +401,13 @@ jobs: - name: Graviton2 (c6g.medium) ec2_instance_type: c6g.medium ec2_ami: ubuntu-latest (custom AMI) - ec2_ami_id: ami-08ddb0acd99dc3d33 # aarch64, ubuntu-latest, 64g + ec2_ami_id: ami-059aaf9b9977c1c21 # ami-08ddb0acd99dc3d33 # aarch64, ubuntu-latest, 64g compile_mode: native opt: all - name: Graviton3 (c7g.medium) ec2_instance_type: c7g.medium ec2_ami: ubuntu-latest (custom AMI) - ec2_ami_id: ami-08ddb0acd99dc3d33 # aarch64, ubuntu-latest, 64g + ec2_ami_id: ami-059aaf9b9977c1c21 # ami-08ddb0acd99dc3d33 # aarch64, ubuntu-latest, 64g compile_mode: native opt: all name: Platform tests (${{ matrix.target.name }}) @@ -434,75 +430,75 @@ jobs: lint: false verbose: true secrets: inherit - cbmc_k2: - name: CBMC (ML-KEM-512) - needs: [quickcheck, quickcheck-windows, quickcheck-c90, quickcheck-lib, examples, lint, lint-markdown-link] - permissions: - contents: 'read' - id-token: 'write' - uses: ./.github/workflows/ci_ec2_reusable.yml - if: github.repository_owner == 'pq-code-package' && !github.event.pull_request.head.repo.fork - with: - name: CBMC (MLKEM-512) - ec2_instance_type: c7g.2xlarge - ec2_ami: ubuntu-latest (custom AMI) - ec2_ami_id: ami-08ddb0acd99dc3d33 # aarch64, ubuntu-latest, 64g - compile_mode: native - opt: no_opt - lint: false - verbose: true - functest: true - kattest: false - nistkattest: false - acvptest: false - cbmc: true - cbmc_mlkem_k: 2 - secrets: inherit - cbmc_k3: - name: CBMC (ML-KEM-768) - needs: [quickcheck, quickcheck-windows, quickcheck-c90, quickcheck-lib, examples, lint, lint-markdown-link] - permissions: - contents: 'read' - id-token: 'write' - uses: ./.github/workflows/ci_ec2_reusable.yml - if: github.repository_owner == 'pq-code-package' && !github.event.pull_request.head.repo.fork - with: - name: CBMC (MLKEM-768) - ec2_instance_type: c7g.2xlarge - ec2_ami: ubuntu-latest (custom AMI) - ec2_ami_id: ami-08ddb0acd99dc3d33 # aarch64, ubuntu-latest, 64g - compile_mode: native - opt: no_opt - lint: false - verbose: true - functest: true - kattest: false - nistkattest: false - acvptest: false - cbmc: true - cbmc_mlkem_k: 3 - secrets: inherit - cbmc_k4: - name: CBMC (ML-KEM-1024) - needs: [quickcheck, quickcheck-windows, quickcheck-c90, quickcheck-lib, examples, lint, lint-markdown-link] - permissions: - contents: 'read' - id-token: 'write' - uses: ./.github/workflows/ci_ec2_reusable.yml - if: github.repository_owner == 'pq-code-package' && !github.event.pull_request.head.repo.fork - with: - name: CBMC (MLKEM-1024) - ec2_instance_type: c7g.2xlarge - ec2_ami: ubuntu-latest (custom AMI) - ec2_ami_id: ami-08ddb0acd99dc3d33 # aarch64, ubuntu-latest, 64g - compile_mode: native - opt: no_opt - lint: false - verbose: true - functest: true - kattest: false - nistkattest: false - acvptest: false - cbmc: true - cbmc_mlkem_k: 4 - secrets: inherit + # cbmc_k2: + # name: CBMC (ML-KEM-512) + # needs: [quickcheck, quickcheck-windows, quickcheck-c90, quickcheck-lib, examples, lint, lint-markdown-link] + # permissions: + # contents: 'read' + # id-token: 'write' + # uses: ./.github/workflows/ci_ec2_reusable.yml + # if: github.repository_owner == 'pq-code-package' && !github.event.pull_request.head.repo.fork + # with: + # name: CBMC (MLKEM-512) + # ec2_instance_type: c7g.2xlarge + # ec2_ami: ubuntu-latest (custom AMI) + # ec2_ami_id: ami-08ddb0acd99dc3d33 # aarch64, ubuntu-latest, 64g + # compile_mode: native + # opt: no_opt + # lint: false + # verbose: true + # functest: true + # kattest: false + # nistkattest: false + # acvptest: false + # cbmc: true + # cbmc_mlkem_k: 2 + # secrets: inherit + # cbmc_k3: + # name: CBMC (ML-KEM-768) + # needs: [quickcheck, quickcheck-windows, quickcheck-c90, quickcheck-lib, examples, lint, lint-markdown-link] + # permissions: + # contents: 'read' + # id-token: 'write' + # uses: ./.github/workflows/ci_ec2_reusable.yml + # if: github.repository_owner == 'pq-code-package' && !github.event.pull_request.head.repo.fork + # with: + # name: CBMC (MLKEM-768) + # ec2_instance_type: c7g.2xlarge + # ec2_ami: ubuntu-latest (custom AMI) + # ec2_ami_id: ami-08ddb0acd99dc3d33 # aarch64, ubuntu-latest, 64g + # compile_mode: native + # opt: no_opt + # lint: false + # verbose: true + # functest: true + # kattest: false + # nistkattest: false + # acvptest: false + # cbmc: true + # cbmc_mlkem_k: 3 + # secrets: inherit + # cbmc_k4: + # name: CBMC (ML-KEM-1024) + # needs: [quickcheck, quickcheck-windows, quickcheck-c90, quickcheck-lib, examples, lint, lint-markdown-link] + # permissions: + # contents: 'read' + # id-token: 'write' + # uses: ./.github/workflows/ci_ec2_reusable.yml + # if: github.repository_owner == 'pq-code-package' && !github.event.pull_request.head.repo.fork + # with: + # name: CBMC (MLKEM-1024) + # ec2_instance_type: c7g.2xlarge + # ec2_ami: ubuntu-latest (custom AMI) + # ec2_ami_id: ami-08ddb0acd99dc3d33 # aarch64, ubuntu-latest, 64g + # compile_mode: native + # opt: no_opt + # lint: false + # verbose: true + # functest: true + # kattest: false + # nistkattest: false + # acvptest: false + # cbmc: true + # cbmc_mlkem_k: 4 + # secrets: inherit diff --git a/.github/workflows/ci_ec2_reusable.yml b/.github/workflows/ci_ec2_reusable.yml index 75ab68a2b..f8e775321 100644 --- a/.github/workflows/ci_ec2_reusable.yml +++ b/.github/workflows/ci_ec2_reusable.yml @@ -112,46 +112,69 @@ jobs: ec2-instance-type: ${{ inputs.ec2_instance_type }} subnet-id: subnet-07b2729e5e065962f security-group-id: sg-0ab2e297196c8c381 - tests: - name: Run test + image_test: + name: docker test needs: start-ec2-runner runs-on: ${{ needs.start-ec2-runner.outputs.label }} steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - name: Linting - if: ${{ inputs.lint }} - uses: ./.github/actions/lint - with: - nix-shell: ci-linter - gh_token: ${{ secrets.AWS_GITHUB_TOKEN }} - nix-verbose: ${{ inputs.verbose }} - - name: Preprocess - id: preprocess + - name: get_docker_shell shell: bash run: | - echo "nix-shell=${{ inputs.cbmc && 'ci-cbmc' || 'ci' }}${{ (inputs.compile_mode == 'cross' || inputs.compile_mode == 'all') && '-cross' || '' }}" >> $GITHUB_OUTPUT - - name: Functional Tests - uses: ./.github/actions/multi-functest - with: - nix-shell: ${{ steps.preprocess.outputs.nix-shell }} - nix-cache: ${{ inputs.cbmc || inputs.compile_mode == 'cross' || inputs.compile_mode == 'all' }} - nix-verbose: ${{ inputs.verbose }} - gh_token: ${{ secrets.AWS_GITHUB_TOKEN }} - cflags: ${{ inputs.cflags }} - compile_mode: ${{ inputs.compile_mode }} - opt: ${{ inputs.opt }} - func: ${{ inputs.functest }} - kat: ${{ inputs.kattest }} - nistkat: ${{ inputs.nistkattest }} - acvp: ${{ inputs.acvptest }} - - name: CBMC - if: ${{ inputs.cbmc && (success() || failure()) }} - uses: ./.github/actions/cbmc - with: - nix-shell: ${{ steps.preprocess.outputs.nix-shell }} - nix-verbose: ${{ inputs.verbose }} - mlkem_k: ${{ inputs.cbmc_mlkem_k }} - gh_token: ${{ secrets.AWS_GITHUB_TOKEN }} + echo DOCKER_SHELL="docker run -v $(pwd):/work -w /work ubuntu-20.04:clang-9x bash -e {0}" >> $GITHUB_OUTPUT + - name: Say hello + shell: ${{ steps.get_docker_shell.outputs.DOCKER_SHELL }} + run: | + echo "Hello world" + image_test2: + name: docker test2 + needs: start-ec2-runner + runs-on: ${{ needs.start-ec2-runner.outputs.label }} + steps: + - name: Say hello2 + shell: bash + run: | + docker run -v `pwd`:`pwd` -w `pwd` ubuntu-20.04:clang-9x echo "Hello World" + echo $(pwd) + # tests: + # name: Run test + # needs: start-ec2-runner + # runs-on: ${{ needs.start-ec2-runner.outputs.label }} + # steps: + # - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + # - name: Linting + # if: ${{ inputs.lint }} + # uses: ./.github/actions/lint + # with: + # nix-shell: ci-linter + # gh_token: ${{ secrets.AWS_GITHUB_TOKEN }} + # nix-verbose: ${{ inputs.verbose }} + # - name: Preprocess + # id: preprocess + # shell: bash + # run: | + # echo "nix-shell=${{ inputs.cbmc && 'ci-cbmc' || 'ci' }}${{ (inputs.compile_mode == 'cross' || inputs.compile_mode == 'all') && '-cross' || '' }}" >> $GITHUB_OUTPUT + # - name: Functional Tests + # uses: ./.github/actions/multi-functest + # with: + # nix-shell: ${{ steps.preprocess.outputs.nix-shell }} + # nix-cache: ${{ inputs.cbmc || inputs.compile_mode == 'cross' || inputs.compile_mode == 'all' }} + # nix-verbose: ${{ inputs.verbose }} + # gh_token: ${{ secrets.AWS_GITHUB_TOKEN }} + # cflags: ${{ inputs.cflags }} + # compile_mode: ${{ inputs.compile_mode }} + # opt: ${{ inputs.opt }} + # func: ${{ inputs.functest }} + # kat: ${{ inputs.kattest }} + # nistkat: ${{ inputs.nistkattest }} + # acvp: ${{ inputs.acvptest }} + # - name: CBMC + # if: ${{ inputs.cbmc && (success() || failure()) }} + # uses: ./.github/actions/cbmc + # with: + # nix-shell: ${{ steps.preprocess.outputs.nix-shell }} + # nix-verbose: ${{ inputs.verbose }} + # mlkem_k: ${{ inputs.cbmc_mlkem_k }} + # gh_token: ${{ secrets.AWS_GITHUB_TOKEN }} stop-ec2-runner: name: Stop instance (${{ inputs.ec2_instance_type }}) permissions: @@ -159,7 +182,9 @@ jobs: id-token: 'write' needs: - start-ec2-runner - - tests + - image_test + - image_test2 + #- tests runs-on: ubuntu-latest if: ${{ always() }} # required to stop the runner even if the error happened in the previous jobs steps: