Add manually triggerable CI workflow

Signed-off-by: Hanno Becker <[email protected]>

.github/workflows/bench.yml

@@ -32,7 +32,7 @@ jobs:
           archflags: "-mcpu=cortex-a55 -march=armv8.2-a"
           cflags: "-static -DFORCE_AARCH64"
           bench_extra_args: -w exec-on-a55
-    uses: ./.github/workflows/bench_core_reusable.yml
+    uses: ./.github/workflows/reusable/bench_core_reusable.yml
     with:
       runner: self-hosted-${{ matrix.target.system }}
       name: ${{ matrix.target.name }}

.github/workflows/bench_ec2_all.yml

@@ -12,7 +12,7 @@ jobs:
     permissions:
       contents: 'read'
       id-token: 'write'
-    uses: ./.github/workflows/bench_ec2_reusable.yml
+    uses: ./.github/workflows/reusable/bench_ec2_reusable.yml
     if: github.repository_owner == 'pq-code-package' && (github.event.label.name == 'benchmark' || github.ref == 'refs/heads/main')
     with:
       ec2_instance_type: t4g.small
@@ -27,7 +27,7 @@ jobs:
     permissions:
       contents: 'read'
       id-token: 'write'
-    uses: ./.github/workflows/bench_ec2_reusable.yml
+    uses: ./.github/workflows/reusable/bench_ec2_reusable.yml
     if: github.repository_owner == 'pq-code-package' && (github.event.label.name == 'benchmark' || github.ref == 'refs/heads/main')
     with:
       ec2_instance_type: c7g.medium

.github/workflows/bench_ec2_any.yml

@@ -29,7 +29,7 @@ on:
 jobs:
   bench-ec2-any:
     name: Ad-hoc benchmark on $${{ github.event.inputs.ec2_instance_type }}
-    uses: ./.github/workflows/bench_ec2_reusable.yml
+    uses: ./.github/workflows/reusable/bench_ec2_reusable.yml
     with:
       ec2_instance_type: ${{ github.event.inputs.ec2_instance_type }}
       ec2_ami_id: ${{ github.event.inputs.ec2_ami_id }}

.github/workflows/ci.yml

@@ -35,7 +35,7 @@ jobs:
              - runner: 'pqcp-arm64'
                name: 'ubuntu-latest (aarch64)'
     name: Functional tests (${{ matrix.target.name }})
-    uses: ./.github/workflows/functest_core_reusable.yml
+    uses: ./.github/workflows/reusable/functest_core_reusable.yml
     with:
       runner: ${{ matrix.target.runner }}
       cflags: ${{ matrix.target.cflags }}
@@ -44,15 +44,15 @@ jobs:
     strategy:
       matrix:
         system: [ubuntu-latest]
-    uses: ./.github/workflows/lint_core_reusable.yml
+    uses: ./.github/workflows/reusable/lint_core_reusable.yml
     with:
       runner: ${{ matrix.system }}
       cross-prefix: "aarch64-unknown-linux-gnu-"
   cbmc:
     strategy:
       matrix:
         system: [macos-latest]
-    uses: ./.github/workflows/cbmc_core_reusable.yml
+    uses: ./.github/workflows/reusable/cbmc_core_reusable.yml
     with:
       runner: ${{ matrix.system }}
       cross-prefix: "aarch64-unknown-linux-gnu-"

.github/workflows/ci_ec2_any.yml

@@ -29,7 +29,7 @@ on:
 jobs:
   ci-ec2-any:
     name: Ad-hoc CI on $${{ github.event.inputs.ec2_instance_type }}
-    uses: ./.github/workflows/ci_ec2_reusable.yml
+    uses: ./.github/workflows/reusable/ci_ec2_reusable.yml
     with:
       ec2_instance_type: ${{ github.event.inputs.ec2_instance_type }}
       ec2_ami_id: ${{ github.event.inputs.ec2_ami_id }}

.github/workflows/reusable/bench_ec2_reusable.yml

@@ -0,0 +1,108 @@
+name: bench-ec2-reusable
+on:
+  workflow_call:
+    inputs:
+      name:
+        type: string
+        description: Alternative name of instance
+        default: Graviton2
+      ec2_instance_type:
+        type: string
+        description: Type if EC2 instance to benchmark on
+        default: t4g.small
+      ec2_ami_id:
+        type: string
+        description: AMI ID
+        default: ami-096ea6a12ea24a797
+      cflags:
+        type: string
+        description: Custom CFLAGS for compilation
+        default:
+      archflags:
+        type: string
+        description: Custom ARCH flags for compilation
+        default: -mcpu=neoverse-n1 -march=armv8.2-a
+      store_results:
+        type: string
+        description: Indicates if results should be pushed to github pages
+        default: 'false'
+      always_terminate:
+        type: string
+        description: Indicates if instance should always be terminated, even on failure
+        default: 'true'
+      bench_extra_args:
+        type: string
+        description: Additional command line to be appended to `bench` script
+        default: ''
+env:
+  AWS_ROLE: arn:aws:iam::559050233797:role/mlkem-c-aarch64-gh-action
+  AWS_REGION: us-east-1
+jobs:
+  start-ec2-runner:
+    name: Start ${{ github.event.inputs.name }} (${{ github.event.inputs.ec2_instance_type }})
+    permissions:
+      contents: 'read'
+      id-token: 'write'
+    runs-on: ubuntu-latest
+    outputs:
+      label: ${{ steps.start-ec2-runner.outputs.label }}
+      ec2-instance-id: ${{ steps.start-ec2-runner.outputs.ec2-instance-id }}
+    steps:
+      - uses: actions/checkout@v4
+      - name: Clear nix-installer action cache
+        uses: ./.github/actions/clear-cache
+        with:
+           key_prefix: determinatesystem-nix-installer-
+           repository: ${{ github.repository }}
+           gh_token: ${{ secrets.AWS_GITHUB_TOKEN }}
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: ${{ env.AWS_ROLE }}
+          aws-region: ${{ env.AWS_REGION }}
+      - name: Start EC2 runner
+        id: start-ec2-runner
+        uses: machulav/ec2-github-runner@v2
+        with:
+          mode: start
+          github-token: ${{ secrets.AWS_GITHUB_TOKEN }}
+          ec2-image-id: ${{ inputs.ec2_ami_id }}
+          ec2-instance-type: ${{ inputs.ec2_instance_type }}
+          subnet-id: subnet-07b2729e5e065962f
+          security-group-id: sg-0ab2e297196c8c381
+  bench:
+    name: Bench ${{ inputs.name }}
+    needs: start-ec2-runner # required to start the main job when the runner is ready
+    uses: ./.github/workflows/reusable/bench_core_reusable.yml
+    with:
+      runner: ${{ needs.start-ec2-runner.outputs.label }}
+      name: ${{ inputs.name }}
+      cflags: ${{ inputs.cflags }}
+      archflags: ${{ inputs.archflags }}
+      perf: PERF
+      store_results: ${{ inputs.store_results }}
+      bench_extra_args: ${{ inputs.bench_extra_args }}
+    secrets: inherit
+  stop-ec2-runner:
+    name: Stop ${{ github.event.inputs.name }} (${{ github.event.inputs.ec2_instance_type }})
+    permissions:
+      contents: 'read'
+      id-token: 'write'
+    needs:
+      - start-ec2-runner
+      - bench # required to wait when the main job is done
+    runs-on: ubuntu-latest
+    if: ${{ (inputs.always_terminate == 'true' && always()) || success() }} # required to stop the runner even if the error happened in the previous jobs
+    steps:
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: ${{ env.AWS_ROLE }}
+          aws-region: ${{ env.AWS_REGION }}
+      - name: Stop EC2 runner
+        uses: machulav/ec2-github-runner@v2
+        with:
+          mode: stop
+          github-token: ${{ secrets.AWS_GITHUB_TOKEN }}
+          label: ${{ needs.start-ec2-runner.outputs.label }}
+          ec2-instance-id: ${{ needs.start-ec2-runner.outputs.ec2-instance-id }}

.github/workflows/reusable/ci_ec2_reusable.yml

@@ -0,0 +1,122 @@
+name: ci-ec2-reusable
+on:
+  workflow_call:
+    inputs:
+      name:
+        type: string
+        description: Alternative name of instance
+        default: Graviton2
+      ec2_instance_type:
+        type: string
+        description: Type if EC2 instance to benchmark on
+        default: t4g.small
+      ec2_ami_id:
+        type: string
+        description: AMI ID
+        default: ami-096ea6a12ea24a797
+      cflags:
+        type: string
+        description: Custom CFLAGS for compilation
+        default:
+      cross-prefix:
+        type: string
+        description: Cross-compilation binary prefix, if any
+        default: ' '
+      always_terminate:
+        type: string
+        description: Indicates if instance should always be terminated, even on failure
+        default: 'true'
+      functest:
+        type: boolean
+        default: true
+      lint:
+        type: boolean
+        default: true
+      cbmc:
+        type: boolean
+        default: false
+
+env:
+  AWS_ROLE: arn:aws:iam::559050233797:role/mlkem-c-aarch64-gh-action
+  AWS_REGION: us-east-1
+jobs:
+  start-ec2-runner:
+    name: Start ${{ github.event.inputs.name }} (${{ github.event.inputs.ec2_instance_type }})
+    permissions:
+      contents: 'read'
+      id-token: 'write'
+    runs-on: ubuntu-latest
+    outputs:
+      label: ${{ steps.start-ec2-runner.outputs.label }}
+      ec2-instance-id: ${{ steps.start-ec2-runner.outputs.ec2-instance-id }}
+    steps:
+      - uses: actions/checkout@v4
+      - name: Clear nix-installer action cache
+        uses: ./.github/actions/clear-cache
+        with:
+           key_prefix: determinatesystem-nix-installer-
+           repository: ${{ github.repository }}
+           gh_token: ${{ secrets.AWS_GITHUB_TOKEN }}
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: ${{ env.AWS_ROLE }}
+          aws-region: ${{ env.AWS_REGION }}
+      - name: Start EC2 runner
+        id: start-ec2-runner
+        uses: machulav/ec2-github-runner@v2
+        with:
+          mode: start
+          github-token: ${{ secrets.AWS_GITHUB_TOKEN }}
+          ec2-image-id: ${{ inputs.ec2_ami_id }}
+          ec2-instance-type: ${{ inputs.ec2_instance_type }}
+          subnet-id: subnet-07b2729e5e065962f
+          security-group-id: sg-0ab2e297196c8c381
+  functest:
+    name: Functional tests ${{ inputs.name }}
+    if: ${{ inputs.functest }}
+    needs: start-ec2-runner # required to start the main job when the runner is ready
+    uses: ./.github/workflows/reusable/functest_core_reusable.yml
+    with:
+      runner: ${{ needs.start-ec2-runner.outputs.label }}
+      cflags: ${{ inputs.cflags }}
+      cross-prefix: ${{ inputs.cross-prefix }}
+  lint:
+    name: Lint ${{ inputs.name }}
+    if: ${{ inputs.lint }}
+    needs: start-ec2-runner # required to start the main job when the runner is ready
+    uses: ./.github/workflows/reusable/lint_core_reusable.yml
+    with:
+      runner: ${{ needs.start-ec2-runner.outputs.label }}
+      cross-prefix: ${{ inputs.cross-prefix }}
+  cbmc:
+    name: CBMC ${{ inputs.name }}
+    if: ${{ inputs.cbmc }}
+    needs: start-ec2-runner # required to start the main job when the runner is ready
+    uses: ./.github/workflows/reusable/cbmc_core_reusable.yml
+    with:
+      runner: ${{ needs.start-ec2-runner.outputs.label }}
+      cross-prefix: ${{ inputs.cross-prefix }}
+  stop-ec2-runner:
+    name: Stop ${{ github.event.inputs.name }} (${{ github.event.inputs.ec2_instance_type }})
+    permissions:
+      contents: 'read'
+      id-token: 'write'
+    needs:
+      - start-ec2-runner
+      - bench # required to wait when the main job is done
+    runs-on: ubuntu-latest
+    if: ${{ (inputs.always_terminate == 'true' && always()) || success() }} # required to stop the runner even if the error happened in the previous jobs
+    steps:
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: ${{ env.AWS_ROLE }}
+          aws-region: ${{ env.AWS_REGION }}
+      - name: Stop EC2 runner
+        uses: machulav/ec2-github-runner@v2
+        with:
+          mode: stop
+          github-token: ${{ secrets.AWS_GITHUB_TOKEN }}
+          label: ${{ needs.start-ec2-runner.outputs.label }}
+          ec2-instance-id: ${{ needs.start-ec2-runner.outputs.ec2-instance-id }}