From b49ea9657f75c94383785fd754348c74f2a94feb Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Sat, 21 Dec 2024 19:47:38 +0000 Subject: [PATCH] wip --- .github/workflows/ci.yml | 7 +- .github/workflows/ci_ec2_container.yml | 182 +++++++++++++++++++++++++ .github/workflows/ci_ec2_reusable.yml | 42 ------ 3 files changed, 187 insertions(+), 44 deletions(-) create mode 100644 .github/workflows/ci_ec2_container.yml diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 06b72aaa0..cb97c9346 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -443,10 +443,12 @@ jobs: - id: fedora:38 - id: fedora:39 - id: fedora:40 + - id: debian:bullseye + - id: debian:bookworm name: Compatibility tests (${{ matrix.container.id }}) runs-on: ubuntu-latest container: - ${{ inputs.container }} + ${{ matrix.container.id }} steps: - name: Manual checkout shell: bash @@ -458,6 +460,7 @@ jobs: apt install git -y fi + git config --global --add safe.directory $GITHUB_WORKSPACE git init git remote add origin $GITHUB_SERVER_URL/$GITHUB_REPOSITORY git fetch origin --depth 1 $GITHUB_SHA @@ -512,7 +515,7 @@ jobs: permissions: contents: 'read' id-token: 'write' - uses: ./.github/workflows/ci_ec2_reusable.yml + uses: ./.github/workflows/ci_ec2_container.yml if: github.repository_owner == 'pq-code-package' && !github.event.pull_request.head.repo.fork with: container: ${{ matrix.container.id }} diff --git a/.github/workflows/ci_ec2_container.yml b/.github/workflows/ci_ec2_container.yml new file mode 100644 index 000000000..b6dce2668 --- /dev/null +++ b/.github/workflows/ci_ec2_container.yml @@ -0,0 +1,182 @@ +# SPDX-License-Identifier: Apache-2.0 + +name: ci-ec2-reusable +permissions: + contents: read +on: + workflow_call: + inputs: + name: + type: string + description: Alternative name of instance + default: Graviton2 + ec2_instance_type: + type: string + description: Type if EC2 instance to benchmark on + default: t4g.small + ec2_ami: + type: string + description: Textual description of AMI + default: ubuntu-latest (aarch64) + ec2_ami_id: + type: string + description: AMI ID + default: ami-096ea6a12ea24a797 + cflags: + type: string + description: Custom CFLAGS for compilation + default: "" + verbose: + description: Determine for the log verbosity + type: boolean + default: false + compile_mode: + type: string + description: either all, native, cross or none + default: all + opt: + type: string + description: either all, opt or no_opt + default: all + functest: + type: boolean + default: true + kattest: + type: boolean + default: true + nistkattest: + type: boolean + default: true + acvptest: + type: boolean + default: true + lint: + type: boolean + default: true + cbmc: + type: boolean + default: false + cbmc_mlkem_k: + type: string + default: 2 + container: + type: string + default: '' +env: + AWS_ROLE: arn:aws:iam::559050233797:role/mlkem-c-aarch64-gh-action + AWS_REGION: us-east-1 + AMI_UBUNTU_LATEST_X86_64: ami-0e86e20dae9224db8 + AMI_UBUNTU_LATEST_AARCH64: ami-096ea6a12ea24a797 +jobs: + start-ec2-runner: + name: Start instance (${{ inputs.ec2_instance_type }}) + permissions: + contents: 'read' + id-token: 'write' + runs-on: ubuntu-latest + if: ${{ always() }} # The point is to make this step non-cancellable, + # avoiding race conditions where an instance is started, + # but isn't yet done registering as a runner and reporting back. + outputs: + label: ${{ steps.start-ec2-runner.outputs.label }} + ec2-instance-id: ${{ steps.start-ec2-runner.outputs.ec2-instance-id }} + steps: + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - name: Determine AMI ID + id: det_ami_id + run: | + if [[ "${{ inputs.ec2_ami }}" == "ubuntu-latest (x86_64)" ]]; then + AMI_ID=${{ env.AMI_UBUNTU_LATEST_X86_64 }} + elif [[ "${{ inputs.ec2_ami }}" == "ubuntu-latest (aarch64)" ]]; then + AMI_ID=${{ env.AMI_UBUNTU_LATEST_AARCH64 }} + elif [[ "${{ inputs.ec2_ami }}" == "ubuntu-latest (custom AMI)" ]]; then + AMI_ID=${{ inputs.ec2_ami_id }} + fi + echo "Using AMI ID: $AMI_ID" + echo "AMI_ID=$AMI_ID" >> $GITHUB_OUTPUT + - name: Clear nix-installer action cache + uses: ./.github/actions/clear-cache + with: + key_prefix: determinatesystem-nix-installer- + repository: ${{ github.repository }} + gh_token: ${{ secrets.AWS_GITHUB_TOKEN }} + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 + with: + role-to-assume: ${{ env.AWS_ROLE }} + aws-region: ${{ env.AWS_REGION }} + - name: Start EC2 runner + id: start-ec2-runner + uses: mkannwischer/ec2-github-runner@d15c8804522523d2bac7119a01ffff83b7795d87 + with: + mode: start + github-token: ${{ secrets.AWS_GITHUB_TOKEN }} + ec2-image-id: ${{ steps.det_ami_id.outputs.AMI_ID }} + ec2-instance-type: ${{ inputs.ec2_instance_type }} + subnet-id: subnet-07b2729e5e065962f + security-group-id: sg-0ab2e297196c8c381 + tests: + name: Run tests + needs: start-ec2-runner + if: ${{ inputs.container != '' }} + runs-on: ${{ needs.start-ec2-runner.outputs.label }} + container: + localhost:5000/${{ inputs.container }} + steps: + - name: Manual checkout + shell: bash + run: | + if which yum; then + yum install git -y + elif which apt; then + apt update + apt install git -y + fi + + git init + git remote add origin $GITHUB_SERVER_URL/$GITHUB_REPOSITORY + git fetch origin --depth 1 $GITHUB_SHA + git checkout FETCH_HEAD + - uses: ./.github/actions/setup-os + with: + sudo: "" + - name: make quickcheck + run: | + OPT=0 make quickcheck >/dev/null + make clean >/dev/null + OPT=1 make quickcheck >/dev/null + - name: Functional Tests + uses: ./.github/actions/multi-functest + with: + nix-shell: "" + gh_token: ${{ secrets.AWS_GITHUB_TOKEN }} + cflags: ${{ inputs.cflags }} + compile_mode: ${{ inputs.compile_mode }} + opt: ${{ inputs.opt }} + func: ${{ inputs.functest }} + kat: ${{ inputs.kattest }} + nistkat: ${{ inputs.nistkattest }} + acvp: ${{ inputs.acvptest }} + stop-ec2-runner: + name: Stop instance (${{ inputs.ec2_instance_type }}) + permissions: + contents: 'read' + id-token: 'write' + needs: + - start-ec2-runner + - tests + runs-on: ubuntu-latest + if: ${{ always() }} # required to stop the runner even if the error happened in the previous jobs + steps: + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 + with: + role-to-assume: ${{ env.AWS_ROLE }} + aws-region: ${{ env.AWS_REGION }} + - name: Stop EC2 runner + uses: mkannwischer/ec2-github-runner@d15c8804522523d2bac7119a01ffff83b7795d87 + with: + mode: stop + github-token: ${{ secrets.AWS_GITHUB_TOKEN }} + label: ${{ needs.start-ec2-runner.outputs.label }} + ec2-instance-id: ${{ needs.start-ec2-runner.outputs.ec2-instance-id }} diff --git a/.github/workflows/ci_ec2_reusable.yml b/.github/workflows/ci_ec2_reusable.yml index 0d6684938..317b1566d 100644 --- a/.github/workflows/ci_ec2_reusable.yml +++ b/.github/workflows/ci_ec2_reusable.yml @@ -115,48 +115,6 @@ jobs: ec2-instance-type: ${{ inputs.ec2_instance_type }} subnet-id: subnet-07b2729e5e065962f security-group-id: sg-0ab2e297196c8c381 - container_tests: - name: Run container tests - needs: start-ec2-runner - if: ${{ inputs.container != '' }} - runs-on: ${{ needs.start-ec2-runner.outputs.label }} - container: - localhost:5000/${{ inputs.container }} - steps: - - name: Manual checkout - shell: bash - run: | - if which yum; then - yum install git -y - elif which apt; then - apt update - apt install git -y - fi - - git init - git remote add origin $GITHUB_SERVER_URL/$GITHUB_REPOSITORY - git fetch origin --depth 1 $GITHUB_SHA - git checkout FETCH_HEAD - - uses: ./.github/actions/setup-os - with: - sudo: "" - - name: make quickcheck - run: | - OPT=0 make quickcheck >/dev/null - make clean >/dev/null - OPT=1 make quickcheck >/dev/null - - name: Functional Tests - uses: ./.github/actions/multi-functest - with: - nix-shell: "" - gh_token: ${{ secrets.AWS_GITHUB_TOKEN }} - cflags: ${{ inputs.cflags }} - compile_mode: ${{ inputs.compile_mode }} - opt: ${{ inputs.opt }} - func: ${{ inputs.functest }} - kat: ${{ inputs.kattest }} - nistkat: ${{ inputs.nistkattest }} - acvp: ${{ inputs.acvptest }} tests: name: Run tests needs: start-ec2-runner