diff --git a/.github/actions/bench/action.yml b/.github/actions/bench/action.yml index 248e72b26..5c1b03bdf 100644 --- a/.github/actions/bench/action.yml +++ b/.github/actions/bench/action.yml @@ -32,24 +32,47 @@ inputs: gh_token: description: GitHub access token required: true + use-nix: + description: Whether to run in the default Nix environment + default: true + custom_shell: + description: The shell to use. Only relevant if use-nix is 'false' + default: 'bash' runs: using: composite steps: - - name: Run benchmark - shell: nix develop .#ci -c bash -e {0} - run: | - tests bench -c ${{ inputs.perf }} --cflags "${{ inputs.cflags }}" --arch-flags "${{ inputs.archflags }}" -v --output output.json ${{ inputs.bench_extra_args }} - - name: Dump benchmark - shell: bash - if: ${{ inputs.store_results != 'true' }} - run: | - cat output.json - - name: Store benchmark result - if: ${{ inputs.store_results == 'true' }} - uses: benchmark-action/github-action-benchmark@v1 - with: - name: ${{ inputs.name }} - tool: 'customSmallerIsBetter' - output-file-path: output.json - github-token: ${{ inputs.gh_token }} - auto-push: true + - name: Setup nix + if: ${{ inputs.use-nix }} + uses: ./.github/actions/setup-nix + with: + devShell: ci + script: | + ARCH=$(uname -m) + cat >> $GITHUB_STEP_SUMMARY <<-EOF + ## Setup + Architecture: $ARCH + - $(uname -a) + - $(nix --version) + - $(astyle --version) + - $(${{ matrix.target.cross_prefix }}gcc --version | grep -m1 "") + - $(bash --version | grep -m1 "") + + ## CPU Info + $(cat /proc/cpuinfo) + EOF + - name: Set shell + shell: bash + run: echo SHELL="${{ inputs.use-nix && 'nix develop .#ci -c bash -e {0}' || inputs.custom_shell }}" >> $GITHUB_ENV + - name: Run benchmark + shell: ${{ env.SHELL }} + run: | + tests bench -c ${{ inputs.perf }} --cflags "${{ inputs.cflags }}" --arch-flags "${{ inputs.archflags }}" -v --output output.json ${{ inputs.bench_extra_args }} + - name: Store benchmark result + if: ${{ inputs.store_results == 'true' }} + uses: benchmark-action/github-action-benchmark@v1 + with: + name: ${{ inputs.name }} + tool: 'customSmallerIsBetter' + output-file-path: output.json + github-token: ${{ inputs.gh_token }} + auto-push: true diff --git a/.github/workflows/cbmc_core_reusable.yml b/.github/actions/cbmc/action.yml similarity index 55% rename from .github/workflows/cbmc_core_reusable.yml rename to .github/actions/cbmc/action.yml index 4bbdf2504..4a4ba1393 100644 --- a/.github/workflows/cbmc_core_reusable.yml +++ b/.github/actions/cbmc/action.yml @@ -1,24 +1,24 @@ -name: cbmc-core-reusable -on: - workflow_call: - inputs: - runner: - type: string - description: Name of the runner to use - cross-prefix: - type: string - description: Cross-compilation binary prefix, if any - default: ' ' -jobs: - cbmc: - name: CBMC ${{ inputs.runner }} - runs-on: ${{ inputs.runner }} - defaults: - run: - shell: nix develop .#ci-cbmc -c bash -e {0} - steps: +# SPDX-License-Identifier: Apache-2.0 + +name: CBMC +description: Run CBMC proofs for MLKEM-C_AArch64 + +inputs: + use-nix: + description: Whether to run in the default Nix environment + default: true + custom_shell: + description: The shell to use. Only relevant if use-nix is 'false' + default: 'bash' + cross-prefix: + description: Binary prefix for cross compilation + default: '' +runs: + using: composite + steps: - uses: actions/checkout@v4 - name: Setup nix + if: ${{ inputs.use-nix }} uses: ./.github/actions/setup-nix with: devShell: ci-cbmc @@ -33,7 +33,11 @@ jobs: - $(${{ inputs.cross_prefix }}gcc --version | grep -m1 "") - $(bash --version | grep -m1 "") EOF + - name: Set shell + shell: bash + run: echo SHELL="${{ inputs.use-nix && 'nix develop .#ci-cbmc -c bash -e {0}' || inputs.custom_shell }}" >> $GITHUB_ENV - name: Run CBMC proofs + shell: ${{ env.SHELL }} run: | cd cbmc/proofs; KYBER_K=2 ./run-cbmc-proofs.py --summarize; diff --git a/.github/actions/functest/action.yml b/.github/actions/functest/action.yml index 7e8fb1da6..795fa0e20 100644 --- a/.github/actions/functest/action.yml +++ b/.github/actions/functest/action.yml @@ -4,6 +4,9 @@ name: Functional tests description: Run functional tests for MLKEM-C_AArch64 inputs: + use-nix: + description: Whether to run in the default Nix environment + default: true cflags: description: CFLAGS to pass to compilation default: '' @@ -13,9 +16,28 @@ inputs: runs: using: composite steps: + - name: Setup nix + uses: ./.github/actions/setup-nix + if: ${{ inputs.use-nix }} + with: + devShell: ci + script: | + ARCH=$(uname -m) + cat >> $GITHUB_STEP_SUMMARY <<-EOF + ## Setup + Architecture: $ARCH + - $(uname -a) + - $(nix --version) + - $(astyle --version) + - $(${{ inputs.cross-prefix }}gcc --version | grep -m1 "") + - $(bash --version | grep -m1 "") + EOF + - name: Set shell + shell: bash + run: echo SHELL="${{ inputs.use-nix && 'nix develop .#ci -c bash -e {0}' || inputs.custom_shell }}" >> $GITHUB_ENV - name: Run functional tests id: func_test - shell: nix develop .#ci -c bash -e {0} + shell: ${{ env.SHELL }} run: | tests func --cross-prefix=${{ inputs.cross-prefix }} --cflags ${{ inputs.cflags }} -v - name: Run KAT tests @@ -23,7 +45,7 @@ runs: success() || steps.func_test.conclusion == 'failure' id: kat_test - shell: nix develop .#ci -c bash -e {0} + shell: ${{ env.SHELL }} run: | tests kat --cross-prefix=${{ inputs.cross-prefix }} --cflags ${{ inputs.cflags }} -v - name: Run Nistkat tests @@ -32,6 +54,6 @@ runs: success() || steps.func_test.conclusion == 'failure' || steps.kat_test.conclusion == 'failure' - shell: nix develop .#ci -c bash -e {0} + shell: ${{ env.SHELL }} run: | tests nistkat --cross-prefix=${{ inputs.cross-prefix }} --cflags ${{ inputs.cflags }} -v diff --git a/.github/actions/lint/action.yml b/.github/actions/lint/action.yml new file mode 100644 index 000000000..b8404154b --- /dev/null +++ b/.github/actions/lint/action.yml @@ -0,0 +1,41 @@ +# SPDX-License-Identifier: Apache-2.0 + +name: Lint +description: Lint MLKEM-C_AArch64 + +inputs: + use-nix: + description: Whether to run in the default Nix environment + default: true + custom_shell: + description: The shell to use. Only relevant if use-nix is 'false' + default: 'bash' + cross-prefix: + description: Binary prefix for cross compilation + default: '' +runs: + using: composite + steps: + - name: Setup nix + if: ${{ inputs.use-nix }} + uses: ./.github/actions/setup-nix + with: + devShell: ci-linter + script: | + cat >> $GITHUB_STEP_SUMMARY << EOF + ## Setup + Architecture: $(uname -m) + - $(uname -a) + - $(nix --version) + - $(astyle --version) + - $(${{ matrix.target.cross-prefix }}gcc --version | grep -m1 "") + - $(bash --version | grep -m1 "") + EOF + - name: Set shell + shell: bash + run: echo SHELL="${{ inputs.use-nix && 'nix develop .#ci-linter -c bash -e {0}' || inputs.custom_shell }}" >> $GITHUB_ENV + - name: Run CBMC proofs + shell: ${{ env.SHELL }} + run: | + echo "## Lint & Checks" >> $GITHUB_STEP_SUMMARY + lint diff --git a/.github/workflows/bench.yml b/.github/workflows/bench.yml index e4545a49c..17ec4375f 100644 --- a/.github/workflows/bench.yml +++ b/.github/workflows/bench.yml @@ -32,15 +32,16 @@ jobs: archflags: "-mcpu=cortex-a55 -march=armv8.2-a" cflags: "-static -DFORCE_AARCH64" bench_extra_args: -w exec-on-a55 - uses: ./.github/workflows/bench_core_reusable.yml if: github.repository_owner == 'pq-code-package' && (github.event.label.name == 'benchmark' || github.ref == 'refs/heads/main') - with: - runner: self-hosted-${{ matrix.target.system }} - name: ${{ matrix.target.name }} - cflags: ${{ matrix.target.cflags }} - archflags: ${{ matrix.target.archflags }} - perf: ${{ matrix.target.bench_pmu }} - store_results: ${{ github.repository_owner == 'pq-code-package' && github.ref == 'refs/heads/main' }} - bench_extra_args: ${{ matrix.target.bench_extra_args }} - secrets: - inherit + runs-on: self-hosted-${{ matrix.target.system }} + steps: + - uses: actions/checkout@v4 + - uses: ./.github/actions/bench + with: + name: ${{ matrix.target.name }} + cflags: ${{ matrix.target.cflags }} + archflags: ${{ matrix.target.archflags }} + perf: ${{ matrix.target.bench_pmu }} + store_results: ${{ github.repository_owner == 'pq-code-package' && github.ref == 'refs/heads/main' }} + bench_extra_args: ${{ matrix.target.bench_extra_args }} + gh_token: ${{ secrets.AWS_GITHUB_TOKEN }} diff --git a/.github/workflows/bench_core_reusable.yml b/.github/workflows/bench_core_reusable.yml deleted file mode 100644 index 1b29f1d1c..000000000 --- a/.github/workflows/bench_core_reusable.yml +++ /dev/null @@ -1,69 +0,0 @@ -name: bench-core-reusable -on: - workflow_call: - inputs: - runner: - type: string - description: Name of the runner to use - name: - type: string - description: Name for the benchmarking run - required: true - perf: - description: Method of obtaining PMU metrics (NO, PERF, PMU, M1) - required: true - default: 'PERF' - type: string - cflags: - type: string - description: CFLAGS to pass to compilation - default: '' - archflags: - type: string - description: ARCHFLAGS to pass to compilation - default: '' - bench_extra_args: - type: string - description: Further arguments to be appended to command line for `bench` script - default: '' - store_results: - type: string - description: Whether to push results to GH pages - default: 'false' -jobs: - bench: - name: Bench ${{ inputs.name }} - runs-on: ${{ inputs.runner }} - defaults: - run: - shell: nix develop .#ci -c bash -e {0} - steps: - - uses: actions/checkout@v4 - - name: Setup nix - uses: ./.github/actions/setup-nix - with: - devShell: ci - script: | - ARCH=$(uname -m) - cat >> $GITHUB_STEP_SUMMARY <<-EOF - ## Setup - Architecture: $ARCH - - $(uname -a) - - $(nix --version) - - $(astyle --version) - - $(${{ matrix.target.cross_prefix }}gcc --version | grep -m1 "") - - $(bash --version | grep -m1 "") - - ## CPU Info - $(cat /proc/cpuinfo) - EOF - - name: Run benchmark - uses: ./.github/actions/bench - with: - name: ${{ inputs.name }} - cflags: ${{ inputs.cflags }} - archflags: ${{ inputs.archflags }} - perf: ${{ inputs.perf }} - store_results: ${{ inputs.store_results }} - bench_extra_args: ${{ inputs.bench_extra_args }} - gh_token: ${{ secrets.AWS_GITHUB_TOKEN }} diff --git a/.github/workflows/bench_ec2_all.yml b/.github/workflows/bench_ec2_all.yml index f4eb50611..910985bd8 100644 --- a/.github/workflows/bench_ec2_all.yml +++ b/.github/workflows/bench_ec2_all.yml @@ -1,3 +1,5 @@ +# SPDX-License-Identifier: Apache-2.0 + name: Bench EC2 on: workflow_dispatch: diff --git a/.github/workflows/bench_ec2_any.yml b/.github/workflows/bench_ec2_any.yml index 82fac8a49..2d9c8d89e 100644 --- a/.github/workflows/bench_ec2_any.yml +++ b/.github/workflows/bench_ec2_any.yml @@ -1,3 +1,5 @@ +# SPDX-License-Identifier: Apache-2.0 + name: bench-ec2-any on: workflow_dispatch: diff --git a/.github/workflows/bench_ec2_reusable.yml b/.github/workflows/bench_ec2_reusable.yml index 277bc1878..3eef059e3 100644 --- a/.github/workflows/bench_ec2_reusable.yml +++ b/.github/workflows/bench_ec2_reusable.yml @@ -1,3 +1,5 @@ +# SPDX-License-Identifier: Apache-2.0 + name: bench-ec2-reusable on: workflow_call: @@ -72,17 +74,20 @@ jobs: security-group-id: sg-0ab2e297196c8c381 bench: name: Bench ${{ inputs.name }} + runs-on: ${{ needs.start-ec2-runner.outputs.label }} needs: start-ec2-runner # required to start the main job when the runner is ready - uses: ./.github/workflows/bench_core_reusable.yml - with: - runner: ${{ needs.start-ec2-runner.outputs.label }} - name: ${{ inputs.name }} - cflags: ${{ inputs.cflags }} - archflags: ${{ inputs.archflags }} - perf: PERF - store_results: ${{ inputs.store_results }} - bench_extra_args: ${{ inputs.bench_extra_args }} - secrets: inherit + steps: + - uses: actions/checkout@v4 + - uses: ./.github/actions/bench + with: + use-nix: true + name: ${{ inputs.name }} + cflags: ${{ inputs.cflags }} + archflags: ${{ inputs.archflags }} + perf: PERF + store_results: ${{ inputs.store_results }} + bench_extra_args: ${{ inputs.bench_extra_args }} + gh_token: ${{ secrets.AWS_GITHUB_TOKEN }} stop-ec2-runner: name: Stop ${{ github.event.inputs.name }} (${{ github.event.inputs.ec2_instance_type }}) permissions: diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index fb40dd8db..4225de911 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -35,24 +35,34 @@ jobs: - runner: 'pqcp-arm64' name: 'ubuntu-latest (aarch64)' name: Functional tests (${{ matrix.target.name }}) - uses: ./.github/workflows/functest_core_reusable.yml - with: - runner: ${{ matrix.target.runner }} - cflags: ${{ matrix.target.cflags }} - cross-prefix: ${{ matrix.target.cross-prefix }} + runs-on: ${{ matrix.target.runner }} + steps: + - uses: actions/checkout@v4 + - uses: ./.github/actions/functest + with: + use-nix: true + cflags: ${{ matrix.target.cflags }} + cross-prefix: ${{ matrix.target.cross-prefix }} lint: strategy: matrix: system: [ubuntu-latest] - uses: ./.github/workflows/lint_core_reusable.yml - with: - runner: ${{ matrix.system }} - cross-prefix: "aarch64-unknown-linux-gnu-" + name: Linting + runs-on: ${{ matrix.system }} + steps: + - uses: actions/checkout@v4 + - uses: ./.github/actions/lint + with: + use-nix: true + cross-prefix: "aarch64-unknown-linux-gnu-" cbmc: strategy: matrix: system: [macos-latest] - uses: ./.github/workflows/cbmc_core_reusable.yml - with: - runner: ${{ matrix.system }} - cross-prefix: "aarch64-unknown-linux-gnu-" + name: CBMC + runs-on: ${{ matrix.system }} + steps: + - uses: actions/checkout@v4 + - uses: ./.github/actions/cbmc + with: + use-nix: true diff --git a/.github/workflows/ci_ec2_any.yml b/.github/workflows/ci_ec2_any.yml index 629367000..8db8ad305 100644 --- a/.github/workflows/ci_ec2_any.yml +++ b/.github/workflows/ci_ec2_any.yml @@ -1,3 +1,5 @@ +# SPDX-License-Identifier: Apache-2.0 + name: ci-ec2-any on: workflow_dispatch: diff --git a/.github/workflows/ci_ec2_reusable.yml b/.github/workflows/ci_ec2_reusable.yml index 927dfc945..14cfc10f5 100644 --- a/.github/workflows/ci_ec2_reusable.yml +++ b/.github/workflows/ci_ec2_reusable.yml @@ -1,3 +1,5 @@ +# SPDX-License-Identifier: Apache-2.0 + name: ci-ec2-reusable on: workflow_call: @@ -35,7 +37,6 @@ on: cbmc: type: boolean default: 'false' - env: AWS_ROLE: arn:aws:iam::559050233797:role/mlkem-c-aarch64-gh-action AWS_REGION: us-east-1 @@ -74,29 +75,38 @@ jobs: security-group-id: sg-0ab2e297196c8c381 functest: name: Functional tests ${{ inputs.name }} + needs: start-ec2-runner + runs-on: ${{ needs.start-ec2-runner.outputs.label }} if: ${{ inputs.functest == 'true' }} - needs: start-ec2-runner # required to start the main job when the runner is ready - uses: ./.github/workflows/functest_core_reusable.yml - with: - runner: ${{ needs.start-ec2-runner.outputs.label }} - cflags: ${{ inputs.cflags }} - cross-prefix: ${{ inputs.cross-prefix }} + steps: + - uses: actions/checkout@v4 + - uses: ./.github/actions/functest + with: + use-nix: true + cflags: ${{ matrix.target.cflags }} + cross-prefix: ${{ matrix.target.cross-prefix }} lint: - name: Lint ${{ inputs.name }} + name: Linting ${{ inputs.name }} + needs: start-ec2-runner + runs-on: ${{ needs.start-ec2-runner.outputs.label }} if: ${{ inputs.lint == 'true' }} - needs: start-ec2-runner # required to start the main job when the runner is ready - uses: ./.github/workflows/lint_core_reusable.yml - with: - runner: ${{ needs.start-ec2-runner.outputs.label }} - cross-prefix: ${{ inputs.cross-prefix }} + steps: + - uses: actions/checkout@v4 + - uses: ./.github/actions/lint + with: + use-nix: true + cross-prefix: ${{ inputs.cross-prefix }} cbmc: name: CBMC ${{ inputs.name }} + needs: start-ec2-runner + runs-on: ${{ needs.start-ec2-runner.outputs.label }} if: ${{ inputs.cbmc == 'true' }} - needs: start-ec2-runner # required to start the main job when the runner is ready - uses: ./.github/workflows/cbmc_core_reusable.yml - with: - runner: ${{ needs.start-ec2-runner.outputs.label }} - cross-prefix: ${{ inputs.cross-prefix }} + steps: + - uses: actions/checkout@v4 + - uses: ./.github/actions/cbmc + with: + use-nix: true + cross-prefix: ${{ inputs.cross-prefix }} stop-ec2-runner: name: Stop ${{ github.event.inputs.name }} (${{ github.event.inputs.ec2_instance_type }}) permissions: diff --git a/.github/workflows/functest_core_reusable.yml b/.github/workflows/functest_core_reusable.yml deleted file mode 100644 index 70514fa87..000000000 --- a/.github/workflows/functest_core_reusable.yml +++ /dev/null @@ -1,44 +0,0 @@ -name: functest-core-reusable -on: - workflow_call: - inputs: - runner: - type: string - description: Name of the runner to use - cflags: - type: string - description: CFLAGS to pass to compilation - default: '' - cross-prefix: - type: string - description: Cross-compilation binary prefix, if any - default: ' ' -jobs: - functest: - name: Bench ${{ inputs.runner }} - runs-on: ${{ inputs.runner }} - defaults: - run: - shell: nix develop .#ci -c bash -e {0} - steps: - - uses: actions/checkout@v4 - - name: Setup nix - uses: ./.github/actions/setup-nix - with: - devShell: ci - script: | - ARCH=$(uname -m) - cat >> $GITHUB_STEP_SUMMARY <<-EOF - ## Setup - Architecture: $ARCH - - $(uname -a) - - $(nix --version) - - $(astyle --version) - - $(${{ inputs.cross-prefix }}gcc --version | grep -m1 "") - - $(bash --version | grep -m1 "") - EOF - - name: Run functional tests - uses: ./.github/actions/functest - with: - cflags: ${{ inputs.cflags }} - cross-prefix: ${{ inputs.cross-prefix }} diff --git a/.github/workflows/lint_core_reusable.yml b/.github/workflows/lint_core_reusable.yml deleted file mode 100644 index 171d0871a..000000000 --- a/.github/workflows/lint_core_reusable.yml +++ /dev/null @@ -1,38 +0,0 @@ -name: lint-core-reusable -on: - workflow_call: - inputs: - runner: - type: string - description: Name of the runner to use - cross-prefix: - type: string - description: Cross-compilation binary prefix, if any - default: ' ' -jobs: - lint: - name: Lint ${{ inputs.runner }} - runs-on: ${{ inputs.runner }} - defaults: - run: - shell: nix develop .#ci-linter -c bash -e {0} - steps: - - uses: actions/checkout@v4 - - name: Setup nix - uses: ./.github/actions/setup-nix - with: - devShell: ci-linter - script: | - cat >> $GITHUB_STEP_SUMMARY << EOF - ## Setup - Architecture: $(uname -m) - - $(uname -a) - - $(nix --version) - - $(astyle --version) - - $(${{ matrix.target.cross-prefix }}gcc --version | grep -m1 "") - - $(bash --version | grep -m1 "") - EOF - - name: Lint - run: | - echo "## Lint & Checks" >> $GITHUB_STEP_SUMMARY - lint