diff --git a/.github/workflows/bench.yml b/.github/workflows/bench.yml index 7ea643324..258f3fc3c 100644 --- a/.github/workflows/bench.yml +++ b/.github/workflows/bench.yml @@ -32,7 +32,7 @@ jobs: archflags: "-mcpu=cortex-a55 -march=armv8.2-a" cflags: "-static -DFORCE_AARCH64" bench_extra_args: -w exec-on-a55 - uses: ./.github/workflows/bench_core_reusable.yml + uses: ./.github/workflows/reusable/bench_core_reusable.yml with: runner: self-hosted-${{ matrix.target.system }} name: ${{ matrix.target.name }} diff --git a/.github/workflows/bench_ec2_all.yml b/.github/workflows/bench_ec2_all.yml index f4eb50611..a81b067a2 100644 --- a/.github/workflows/bench_ec2_all.yml +++ b/.github/workflows/bench_ec2_all.yml @@ -12,7 +12,7 @@ jobs: permissions: contents: 'read' id-token: 'write' - uses: ./.github/workflows/bench_ec2_reusable.yml + uses: ./.github/workflows/reusable/bench_ec2_reusable.yml if: github.repository_owner == 'pq-code-package' && (github.event.label.name == 'benchmark' || github.ref == 'refs/heads/main') with: ec2_instance_type: t4g.small @@ -27,7 +27,7 @@ jobs: permissions: contents: 'read' id-token: 'write' - uses: ./.github/workflows/bench_ec2_reusable.yml + uses: ./.github/workflows/reusable/bench_ec2_reusable.yml if: github.repository_owner == 'pq-code-package' && (github.event.label.name == 'benchmark' || github.ref == 'refs/heads/main') with: ec2_instance_type: c7g.medium diff --git a/.github/workflows/bench_ec2_any.yml b/.github/workflows/bench_ec2_any.yml index 82fac8a49..b9d400571 100644 --- a/.github/workflows/bench_ec2_any.yml +++ b/.github/workflows/bench_ec2_any.yml @@ -29,7 +29,7 @@ on: jobs: bench-ec2-any: name: Ad-hoc benchmark on $${{ github.event.inputs.ec2_instance_type }} - uses: ./.github/workflows/bench_ec2_reusable.yml + uses: ./.github/workflows/reusable/bench_ec2_reusable.yml with: ec2_instance_type: ${{ github.event.inputs.ec2_instance_type }} ec2_ami_id: ${{ github.event.inputs.ec2_ami_id }} diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index fb40dd8db..3bc1557d3 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -35,7 +35,7 @@ jobs: - runner: 'pqcp-arm64' name: 'ubuntu-latest (aarch64)' name: Functional tests (${{ matrix.target.name }}) - uses: ./.github/workflows/functest_core_reusable.yml + uses: ./.github/workflows/reusable/functest_core_reusable.yml with: runner: ${{ matrix.target.runner }} cflags: ${{ matrix.target.cflags }} @@ -44,7 +44,7 @@ jobs: strategy: matrix: system: [ubuntu-latest] - uses: ./.github/workflows/lint_core_reusable.yml + uses: ./.github/workflows/reusable/lint_core_reusable.yml with: runner: ${{ matrix.system }} cross-prefix: "aarch64-unknown-linux-gnu-" @@ -52,7 +52,7 @@ jobs: strategy: matrix: system: [macos-latest] - uses: ./.github/workflows/cbmc_core_reusable.yml + uses: ./.github/workflows/reusable/cbmc_core_reusable.yml with: runner: ${{ matrix.system }} cross-prefix: "aarch64-unknown-linux-gnu-" diff --git a/.github/workflows/ci_ec2_any.yml b/.github/workflows/ci_ec2_any.yml index 18b89fe94..ec2b066e1 100644 --- a/.github/workflows/ci_ec2_any.yml +++ b/.github/workflows/ci_ec2_any.yml @@ -29,7 +29,7 @@ on: jobs: ci-ec2-any: name: Ad-hoc CI on $${{ github.event.inputs.ec2_instance_type }} - uses: ./.github/workflows/ci_ec2_reusable.yml + uses: ./.github/workflows/reusable/ci_ec2_reusable.yml with: ec2_instance_type: ${{ github.event.inputs.ec2_instance_type }} ec2_ami_id: ${{ github.event.inputs.ec2_ami_id }} diff --git a/.github/workflows/bench_core_reusable.yml b/.github/workflows/reusable/bench_core_reusable.yml similarity index 100% rename from .github/workflows/bench_core_reusable.yml rename to .github/workflows/reusable/bench_core_reusable.yml diff --git a/.github/workflows/reusable/bench_ec2_reusable.yml b/.github/workflows/reusable/bench_ec2_reusable.yml new file mode 100644 index 000000000..e8af4f5f2 --- /dev/null +++ b/.github/workflows/reusable/bench_ec2_reusable.yml @@ -0,0 +1,108 @@ +name: bench-ec2-reusable +on: + workflow_call: + inputs: + name: + type: string + description: Alternative name of instance + default: Graviton2 + ec2_instance_type: + type: string + description: Type if EC2 instance to benchmark on + default: t4g.small + ec2_ami_id: + type: string + description: AMI ID + default: ami-096ea6a12ea24a797 + cflags: + type: string + description: Custom CFLAGS for compilation + default: + archflags: + type: string + description: Custom ARCH flags for compilation + default: -mcpu=neoverse-n1 -march=armv8.2-a + store_results: + type: string + description: Indicates if results should be pushed to github pages + default: 'false' + always_terminate: + type: string + description: Indicates if instance should always be terminated, even on failure + default: 'true' + bench_extra_args: + type: string + description: Additional command line to be appended to `bench` script + default: '' +env: + AWS_ROLE: arn:aws:iam::559050233797:role/mlkem-c-aarch64-gh-action + AWS_REGION: us-east-1 +jobs: + start-ec2-runner: + name: Start ${{ github.event.inputs.name }} (${{ github.event.inputs.ec2_instance_type }}) + permissions: + contents: 'read' + id-token: 'write' + runs-on: ubuntu-latest + outputs: + label: ${{ steps.start-ec2-runner.outputs.label }} + ec2-instance-id: ${{ steps.start-ec2-runner.outputs.ec2-instance-id }} + steps: + - uses: actions/checkout@v4 + - name: Clear nix-installer action cache + uses: ./.github/actions/clear-cache + with: + key_prefix: determinatesystem-nix-installer- + repository: ${{ github.repository }} + gh_token: ${{ secrets.AWS_GITHUB_TOKEN }} + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: ${{ env.AWS_ROLE }} + aws-region: ${{ env.AWS_REGION }} + - name: Start EC2 runner + id: start-ec2-runner + uses: machulav/ec2-github-runner@v2 + with: + mode: start + github-token: ${{ secrets.AWS_GITHUB_TOKEN }} + ec2-image-id: ${{ inputs.ec2_ami_id }} + ec2-instance-type: ${{ inputs.ec2_instance_type }} + subnet-id: subnet-07b2729e5e065962f + security-group-id: sg-0ab2e297196c8c381 + bench: + name: Bench ${{ inputs.name }} + needs: start-ec2-runner # required to start the main job when the runner is ready + uses: ./.github/workflows/reusable/bench_core_reusable.yml + with: + runner: ${{ needs.start-ec2-runner.outputs.label }} + name: ${{ inputs.name }} + cflags: ${{ inputs.cflags }} + archflags: ${{ inputs.archflags }} + perf: PERF + store_results: ${{ inputs.store_results }} + bench_extra_args: ${{ inputs.bench_extra_args }} + secrets: inherit + stop-ec2-runner: + name: Stop ${{ github.event.inputs.name }} (${{ github.event.inputs.ec2_instance_type }}) + permissions: + contents: 'read' + id-token: 'write' + needs: + - start-ec2-runner + - bench # required to wait when the main job is done + runs-on: ubuntu-latest + if: ${{ (inputs.always_terminate == 'true' && always()) || success() }} # required to stop the runner even if the error happened in the previous jobs + steps: + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: ${{ env.AWS_ROLE }} + aws-region: ${{ env.AWS_REGION }} + - name: Stop EC2 runner + uses: machulav/ec2-github-runner@v2 + with: + mode: stop + github-token: ${{ secrets.AWS_GITHUB_TOKEN }} + label: ${{ needs.start-ec2-runner.outputs.label }} + ec2-instance-id: ${{ needs.start-ec2-runner.outputs.ec2-instance-id }} diff --git a/.github/workflows/cbmc_core_reusable.yml b/.github/workflows/reusable/cbmc_core_reusable.yml similarity index 100% rename from .github/workflows/cbmc_core_reusable.yml rename to .github/workflows/reusable/cbmc_core_reusable.yml diff --git a/.github/workflows/reusable/ci_ec2_reusable.yml b/.github/workflows/reusable/ci_ec2_reusable.yml new file mode 100644 index 000000000..a37929eca --- /dev/null +++ b/.github/workflows/reusable/ci_ec2_reusable.yml @@ -0,0 +1,122 @@ +name: ci-ec2-reusable +on: + workflow_call: + inputs: + name: + type: string + description: Alternative name of instance + default: Graviton2 + ec2_instance_type: + type: string + description: Type if EC2 instance to benchmark on + default: t4g.small + ec2_ami_id: + type: string + description: AMI ID + default: ami-096ea6a12ea24a797 + cflags: + type: string + description: Custom CFLAGS for compilation + default: + cross-prefix: + type: string + description: Cross-compilation binary prefix, if any + default: ' ' + always_terminate: + type: string + description: Indicates if instance should always be terminated, even on failure + default: 'true' + functest: + type: boolean + default: true + lint: + type: boolean + default: true + cbmc: + type: boolean + default: false + +env: + AWS_ROLE: arn:aws:iam::559050233797:role/mlkem-c-aarch64-gh-action + AWS_REGION: us-east-1 +jobs: + start-ec2-runner: + name: Start ${{ github.event.inputs.name }} (${{ github.event.inputs.ec2_instance_type }}) + permissions: + contents: 'read' + id-token: 'write' + runs-on: ubuntu-latest + outputs: + label: ${{ steps.start-ec2-runner.outputs.label }} + ec2-instance-id: ${{ steps.start-ec2-runner.outputs.ec2-instance-id }} + steps: + - uses: actions/checkout@v4 + - name: Clear nix-installer action cache + uses: ./.github/actions/clear-cache + with: + key_prefix: determinatesystem-nix-installer- + repository: ${{ github.repository }} + gh_token: ${{ secrets.AWS_GITHUB_TOKEN }} + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: ${{ env.AWS_ROLE }} + aws-region: ${{ env.AWS_REGION }} + - name: Start EC2 runner + id: start-ec2-runner + uses: machulav/ec2-github-runner@v2 + with: + mode: start + github-token: ${{ secrets.AWS_GITHUB_TOKEN }} + ec2-image-id: ${{ inputs.ec2_ami_id }} + ec2-instance-type: ${{ inputs.ec2_instance_type }} + subnet-id: subnet-07b2729e5e065962f + security-group-id: sg-0ab2e297196c8c381 + functest: + name: Functional tests ${{ inputs.name }} + if: ${{ inputs.functest }} + needs: start-ec2-runner # required to start the main job when the runner is ready + uses: ./.github/workflows/reusable/functest_core_reusable.yml + with: + runner: ${{ needs.start-ec2-runner.outputs.label }} + cflags: ${{ inputs.cflags }} + cross-prefix: ${{ inputs.cross-prefix }} + lint: + name: Lint ${{ inputs.name }} + if: ${{ inputs.lint }} + needs: start-ec2-runner # required to start the main job when the runner is ready + uses: ./.github/workflows/reusable/lint_core_reusable.yml + with: + runner: ${{ needs.start-ec2-runner.outputs.label }} + cross-prefix: ${{ inputs.cross-prefix }} + cbmc: + name: CBMC ${{ inputs.name }} + if: ${{ inputs.cbmc }} + needs: start-ec2-runner # required to start the main job when the runner is ready + uses: ./.github/workflows/reusable/cbmc_core_reusable.yml + with: + runner: ${{ needs.start-ec2-runner.outputs.label }} + cross-prefix: ${{ inputs.cross-prefix }} + stop-ec2-runner: + name: Stop ${{ github.event.inputs.name }} (${{ github.event.inputs.ec2_instance_type }}) + permissions: + contents: 'read' + id-token: 'write' + needs: + - start-ec2-runner + - bench # required to wait when the main job is done + runs-on: ubuntu-latest + if: ${{ (inputs.always_terminate == 'true' && always()) || success() }} # required to stop the runner even if the error happened in the previous jobs + steps: + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: ${{ env.AWS_ROLE }} + aws-region: ${{ env.AWS_REGION }} + - name: Stop EC2 runner + uses: machulav/ec2-github-runner@v2 + with: + mode: stop + github-token: ${{ secrets.AWS_GITHUB_TOKEN }} + label: ${{ needs.start-ec2-runner.outputs.label }} + ec2-instance-id: ${{ needs.start-ec2-runner.outputs.ec2-instance-id }} diff --git a/.github/workflows/functest_core_reusable.yml b/.github/workflows/reusable/functest_core_reusable.yml similarity index 100% rename from .github/workflows/functest_core_reusable.yml rename to .github/workflows/reusable/functest_core_reusable.yml diff --git a/.github/workflows/lint_core_reusable.yml b/.github/workflows/reusable/lint_core_reusable.yml similarity index 100% rename from .github/workflows/lint_core_reusable.yml rename to .github/workflows/reusable/lint_core_reusable.yml