diff --git a/.github/actions/bench/action.yml b/.github/actions/bench/action.yml index 248e72b26..319983ac8 100644 --- a/.github/actions/bench/action.yml +++ b/.github/actions/bench/action.yml @@ -32,24 +32,42 @@ inputs: gh_token: description: GitHub access token required: true + use-nix: + default: true +env: + SHELL: ${{ inputs.use_nix && "nix develop .#ci -c bash -e {0}" || inputs.custom_shell }} runs: using: composite steps: - - name: Run benchmark - shell: nix develop .#ci -c bash -e {0} - run: | - tests bench -c ${{ inputs.perf }} --cflags "${{ inputs.cflags }}" --arch-flags "${{ inputs.archflags }}" -v --output output.json ${{ inputs.bench_extra_args }} - - name: Dump benchmark - shell: bash - if: ${{ inputs.store_results != 'true' }} - run: | - cat output.json - - name: Store benchmark result - if: ${{ inputs.store_results == 'true' }} - uses: benchmark-action/github-action-benchmark@v1 - with: - name: ${{ inputs.name }} - tool: 'customSmallerIsBetter' - output-file-path: output.json - github-token: ${{ inputs.gh_token }} - auto-push: true + - name: Setup nix + if: ${{ inputs.use_nix }} + uses: ./.github/actions/setup-nix + with: + devShell: ci + script: | + ARCH=$(uname -m) + cat >> $GITHUB_STEP_SUMMARY <<-EOF + ## Setup + Architecture: $ARCH + - $(uname -a) + - $(nix --version) + - $(astyle --version) + - $(${{ matrix.target.cross_prefix }}gcc --version | grep -m1 "") + - $(bash --version | grep -m1 "") + + ## CPU Info + $(cat /proc/cpuinfo) + EOF + - name: Run benchmark + shell: ${{ env.SHELL }} + run: | + tests bench -c ${{ inputs.perf }} --cflags "${{ inputs.cflags }}" --arch-flags "${{ inputs.archflags }}" -v --output output.json ${{ inputs.bench_extra_args }} + - name: Store benchmark result + if: ${{ inputs.store_results == 'true' }} + uses: benchmark-action/github-action-benchmark@v1 + with: + name: ${{ inputs.name }} + tool: 'customSmallerIsBetter' + output-file-path: output.json + github-token: ${{ inputs.gh_token }} + auto-push: true diff --git a/.github/workflows/cbmc_core_reusable.yml b/.github/actions/cbmc/action.yml similarity index 58% rename from .github/workflows/cbmc_core_reusable.yml rename to .github/actions/cbmc/action.yml index 4bbdf2504..17849b32f 100644 --- a/.github/workflows/cbmc_core_reusable.yml +++ b/.github/actions/cbmc/action.yml @@ -1,24 +1,26 @@ -name: cbmc-core-reusable -on: - workflow_call: - inputs: - runner: - type: string - description: Name of the runner to use - cross-prefix: - type: string - description: Cross-compilation binary prefix, if any - default: ' ' -jobs: - cbmc: - name: CBMC ${{ inputs.runner }} - runs-on: ${{ inputs.runner }} - defaults: - run: - shell: nix develop .#ci-cbmc -c bash -e {0} +# SPDX-License-Identifier: Apache-2.0 + +name: CBMC +description: Run CBMC proofs for MLKEM-C_AArch64 + +inputs: + use_nix: + description: Whether to run in the default Nix environment + default: true + custom_shell: + description: The shell to use. Only relevant if use_nix is 'false' + default: 'bash' + cross-prefix: + description: Binary prefix for cross compilation + default: '' +env: + SHELL: ${{ inputs.use_nix && "nix develop .#ci-cbmc -c bash -e {0}" || inputs.custom_shell }} +runs: + using: composite steps: - uses: actions/checkout@v4 - name: Setup nix + if: ${{ inputs.use_nix }} uses: ./.github/actions/setup-nix with: devShell: ci-cbmc @@ -34,6 +36,7 @@ jobs: - $(bash --version | grep -m1 "") EOF - name: Run CBMC proofs + shell: ${{ env.SHELL } run: | cd cbmc/proofs; KYBER_K=2 ./run-cbmc-proofs.py --summarize; diff --git a/.github/actions/cbmc/action.yml~ b/.github/actions/cbmc/action.yml~ new file mode 100644 index 000000000..7e8fb1da6 --- /dev/null +++ b/.github/actions/cbmc/action.yml~ @@ -0,0 +1,37 @@ +# SPDX-License-Identifier: Apache-2.0 + +name: Functional tests +description: Run functional tests for MLKEM-C_AArch64 + +inputs: + cflags: + description: CFLAGS to pass to compilation + default: '' + cross-prefix: + description: Binary prefix for cross compilation + default: '' +runs: + using: composite + steps: + - name: Run functional tests + id: func_test + shell: nix develop .#ci -c bash -e {0} + run: | + tests func --cross-prefix=${{ inputs.cross-prefix }} --cflags ${{ inputs.cflags }} -v + - name: Run KAT tests + if: | + success() + || steps.func_test.conclusion == 'failure' + id: kat_test + shell: nix develop .#ci -c bash -e {0} + run: | + tests kat --cross-prefix=${{ inputs.cross-prefix }} --cflags ${{ inputs.cflags }} -v + - name: Run Nistkat tests + id: nistkat_test + if: | + success() + || steps.func_test.conclusion == 'failure' + || steps.kat_test.conclusion == 'failure' + shell: nix develop .#ci -c bash -e {0} + run: | + tests nistkat --cross-prefix=${{ inputs.cross-prefix }} --cflags ${{ inputs.cflags }} -v diff --git a/.github/actions/functest/action.yml b/.github/actions/functest/action.yml index 7e8fb1da6..893e66817 100644 --- a/.github/actions/functest/action.yml +++ b/.github/actions/functest/action.yml @@ -4,18 +4,39 @@ name: Functional tests description: Run functional tests for MLKEM-C_AArch64 inputs: + use_nix: + description: Whether to run in the default Nix environment + default: true cflags: description: CFLAGS to pass to compilation default: '' cross-prefix: description: Binary prefix for cross compilation default: '' +env: + SHELL: ${{ inputs.use_nix && "nix develop .#ci -c bash -e {0}" || inputs.custom_shell }} runs: using: composite steps: + - name: Setup nix + uses: ./.github/actions/setup-nix + if: ${{ inputs.use_nix }} + with: + devShell: ci + script: | + ARCH=$(uname -m) + cat >> $GITHUB_STEP_SUMMARY <<-EOF + ## Setup + Architecture: $ARCH + - $(uname -a) + - $(nix --version) + - $(astyle --version) + - $(${{ inputs.cross-prefix }}gcc --version | grep -m1 "") + - $(bash --version | grep -m1 "") + EOF - name: Run functional tests id: func_test - shell: nix develop .#ci -c bash -e {0} + shell: ${{ env.SHELL } run: | tests func --cross-prefix=${{ inputs.cross-prefix }} --cflags ${{ inputs.cflags }} -v - name: Run KAT tests @@ -23,7 +44,7 @@ runs: success() || steps.func_test.conclusion == 'failure' id: kat_test - shell: nix develop .#ci -c bash -e {0} + shell: ${{ env.SHELL } run: | tests kat --cross-prefix=${{ inputs.cross-prefix }} --cflags ${{ inputs.cflags }} -v - name: Run Nistkat tests @@ -32,6 +53,6 @@ runs: success() || steps.func_test.conclusion == 'failure' || steps.kat_test.conclusion == 'failure' - shell: nix develop .#ci -c bash -e {0} + shell: ${{ env.SHELL } run: | tests nistkat --cross-prefix=${{ inputs.cross-prefix }} --cflags ${{ inputs.cflags }} -v diff --git a/.github/actions/lint/action.yml b/.github/actions/lint/action.yml new file mode 100644 index 000000000..a30abe6c9 --- /dev/null +++ b/.github/actions/lint/action.yml @@ -0,0 +1,40 @@ +# SPDX-License-Identifier: Apache-2.0 + +name: Lint +description: Lint MLKEM-C_AArch64 + +inputs: + use_nix: + description: Whether to run in the default Nix environment + default: true + custom_shell: + description: The shell to use. Only relevant if use_nix is 'false' + default: 'bash' + cross-prefix: + description: Binary prefix for cross compilation + default: '' +env: + SHELL: ${{ inputs.use_nix && "nix develop .#ci-linter -c bash -e {0}" || inputs.custom_shell }} +runs: + using: composite + steps: + - name: Setup nix + if: ${{ inputs.use_nix }} + uses: ./.github/actions/setup-nix + with: + devShell: ci-linter + script: | + cat >> $GITHUB_STEP_SUMMARY << EOF + ## Setup + Architecture: $(uname -m) + - $(uname -a) + - $(nix --version) + - $(astyle --version) + - $(${{ matrix.target.cross-prefix }}gcc --version | grep -m1 "") + - $(bash --version | grep -m1 "") + EOF + - name: Run CBMC proofs + shell: ${{ env.SHELL } + run: | + echo "## Lint & Checks" >> $GITHUB_STEP_SUMMARY + lint diff --git a/.github/actions/lint/action.yml~ b/.github/actions/lint/action.yml~ new file mode 100644 index 000000000..7e8fb1da6 --- /dev/null +++ b/.github/actions/lint/action.yml~ @@ -0,0 +1,37 @@ +# SPDX-License-Identifier: Apache-2.0 + +name: Functional tests +description: Run functional tests for MLKEM-C_AArch64 + +inputs: + cflags: + description: CFLAGS to pass to compilation + default: '' + cross-prefix: + description: Binary prefix for cross compilation + default: '' +runs: + using: composite + steps: + - name: Run functional tests + id: func_test + shell: nix develop .#ci -c bash -e {0} + run: | + tests func --cross-prefix=${{ inputs.cross-prefix }} --cflags ${{ inputs.cflags }} -v + - name: Run KAT tests + if: | + success() + || steps.func_test.conclusion == 'failure' + id: kat_test + shell: nix develop .#ci -c bash -e {0} + run: | + tests kat --cross-prefix=${{ inputs.cross-prefix }} --cflags ${{ inputs.cflags }} -v + - name: Run Nistkat tests + id: nistkat_test + if: | + success() + || steps.func_test.conclusion == 'failure' + || steps.kat_test.conclusion == 'failure' + shell: nix develop .#ci -c bash -e {0} + run: | + tests nistkat --cross-prefix=${{ inputs.cross-prefix }} --cflags ${{ inputs.cflags }} -v diff --git a/.github/workflows/bench.yml b/.github/workflows/bench.yml index e4545a49c..6bc8f0616 100644 --- a/.github/workflows/bench.yml +++ b/.github/workflows/bench.yml @@ -34,13 +34,15 @@ jobs: bench_extra_args: -w exec-on-a55 uses: ./.github/workflows/bench_core_reusable.yml if: github.repository_owner == 'pq-code-package' && (github.event.label.name == 'benchmark' || github.ref == 'refs/heads/main') - with: - runner: self-hosted-${{ matrix.target.system }} - name: ${{ matrix.target.name }} - cflags: ${{ matrix.target.cflags }} - archflags: ${{ matrix.target.archflags }} - perf: ${{ matrix.target.bench_pmu }} - store_results: ${{ github.repository_owner == 'pq-code-package' && github.ref == 'refs/heads/main' }} - bench_extra_args: ${{ matrix.target.bench_extra_args }} - secrets: - inherit + steps: + - uses: actions/checkout@v4 + - uses: ./.github/actions/bench + with: + runner: self-hosted-${{ matrix.target.system }} + name: ${{ matrix.target.name }} + cflags: ${{ matrix.target.cflags }} + archflags: ${{ matrix.target.archflags }} + perf: ${{ matrix.target.bench_pmu }} + store_results: ${{ github.repository_owner == 'pq-code-package' && github.ref == 'refs/heads/main' }} + bench_extra_args: ${{ matrix.target.bench_extra_args }} + gh_token: ${{ secrets.AWS_GITHUB_TOKEN }} diff --git a/.github/workflows/bench_core_reusable.yml b/.github/workflows/bench_core_reusable.yml deleted file mode 100644 index 1b29f1d1c..000000000 --- a/.github/workflows/bench_core_reusable.yml +++ /dev/null @@ -1,69 +0,0 @@ -name: bench-core-reusable -on: - workflow_call: - inputs: - runner: - type: string - description: Name of the runner to use - name: - type: string - description: Name for the benchmarking run - required: true - perf: - description: Method of obtaining PMU metrics (NO, PERF, PMU, M1) - required: true - default: 'PERF' - type: string - cflags: - type: string - description: CFLAGS to pass to compilation - default: '' - archflags: - type: string - description: ARCHFLAGS to pass to compilation - default: '' - bench_extra_args: - type: string - description: Further arguments to be appended to command line for `bench` script - default: '' - store_results: - type: string - description: Whether to push results to GH pages - default: 'false' -jobs: - bench: - name: Bench ${{ inputs.name }} - runs-on: ${{ inputs.runner }} - defaults: - run: - shell: nix develop .#ci -c bash -e {0} - steps: - - uses: actions/checkout@v4 - - name: Setup nix - uses: ./.github/actions/setup-nix - with: - devShell: ci - script: | - ARCH=$(uname -m) - cat >> $GITHUB_STEP_SUMMARY <<-EOF - ## Setup - Architecture: $ARCH - - $(uname -a) - - $(nix --version) - - $(astyle --version) - - $(${{ matrix.target.cross_prefix }}gcc --version | grep -m1 "") - - $(bash --version | grep -m1 "") - - ## CPU Info - $(cat /proc/cpuinfo) - EOF - - name: Run benchmark - uses: ./.github/actions/bench - with: - name: ${{ inputs.name }} - cflags: ${{ inputs.cflags }} - archflags: ${{ inputs.archflags }} - perf: ${{ inputs.perf }} - store_results: ${{ inputs.store_results }} - bench_extra_args: ${{ inputs.bench_extra_args }} - gh_token: ${{ secrets.AWS_GITHUB_TOKEN }} diff --git a/.github/workflows/bench_ec2_reusable.yml b/.github/workflows/bench_ec2_reusable.yml index 277bc1878..67251220e 100644 --- a/.github/workflows/bench_ec2_reusable.yml +++ b/.github/workflows/bench_ec2_reusable.yml @@ -73,16 +73,19 @@ jobs: bench: name: Bench ${{ inputs.name }} needs: start-ec2-runner # required to start the main job when the runner is ready - uses: ./.github/workflows/bench_core_reusable.yml - with: - runner: ${{ needs.start-ec2-runner.outputs.label }} - name: ${{ inputs.name }} - cflags: ${{ inputs.cflags }} - archflags: ${{ inputs.archflags }} - perf: PERF - store_results: ${{ inputs.store_results }} - bench_extra_args: ${{ inputs.bench_extra_args }} - secrets: inherit + steps: + - uses: actions/checkout@v4 + - uses: ./.github/actions/bench + with: + use-nix: true + runner: ${{ needs.start-ec2-runner.outputs.label }} + name: ${{ inputs.name }} + cflags: ${{ inputs.cflags }} + archflags: ${{ inputs.archflags }} + perf: PERF + store_results: ${{ inputs.store_results }} + bench_extra_args: ${{ inputs.bench_extra_args }} + gh_token: ${{ secrets.AWS_GITHUB_TOKEN }} stop-ec2-runner: name: Stop ${{ github.event.inputs.name }} (${{ github.event.inputs.ec2_instance_type }}) permissions: diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index fb40dd8db..31d2d88ab 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -35,24 +35,34 @@ jobs: - runner: 'pqcp-arm64' name: 'ubuntu-latest (aarch64)' name: Functional tests (${{ matrix.target.name }}) - uses: ./.github/workflows/functest_core_reusable.yml - with: - runner: ${{ matrix.target.runner }} - cflags: ${{ matrix.target.cflags }} - cross-prefix: ${{ matrix.target.cross-prefix }} + runs-on: ${{ matrix.target.runner }} + steps: + - uses: actions/checkout@v4 + - uses: ./.github/actions/functest + with: + use-nix: true + cflags: ${{ matrix.target.cflags }} + cross-prefix: ${{ matrix.target.cross-prefix }} lint: strategy: matrix: system: [ubuntu-latest] - uses: ./.github/workflows/lint_core_reusable.yml - with: - runner: ${{ matrix.system }} - cross-prefix: "aarch64-unknown-linux-gnu-" + name: Linting + runs-on: ${{ matrix.target.runner }} + steps: + - uses: actions/checkout@v4 + - uses: ./.github/actions/lint + with: + use-nix: true + cross-prefix: "aarch64-unknown-linux-gnu-" cbmc: strategy: matrix: system: [macos-latest] - uses: ./.github/workflows/cbmc_core_reusable.yml - with: - runner: ${{ matrix.system }} - cross-prefix: "aarch64-unknown-linux-gnu-" + name: CBMC + runs-on: ${{ matrix.target.runner }} + steps: + - uses: actions/checkout@v4 + - uses: ./.github/actions/cbmc + with: + use-nix: true diff --git a/.github/workflows/ci_ec2_reusable.yml b/.github/workflows/ci_ec2_reusable.yml index 927dfc945..b7c2a9e93 100644 --- a/.github/workflows/ci_ec2_reusable.yml +++ b/.github/workflows/ci_ec2_reusable.yml @@ -74,29 +74,37 @@ jobs: security-group-id: sg-0ab2e297196c8c381 functest: name: Functional tests ${{ inputs.name }} + runs-on: ${{ needs.start-ec2-runner.outputs.label }} if: ${{ inputs.functest == 'true' }} - needs: start-ec2-runner # required to start the main job when the runner is ready - uses: ./.github/workflows/functest_core_reusable.yml - with: - runner: ${{ needs.start-ec2-runner.outputs.label }} - cflags: ${{ inputs.cflags }} - cross-prefix: ${{ inputs.cross-prefix }} + steps: + - uses: actions/checkout@v4 + - uses: ./.github/actions/functest + with: + use-nix: true + cflags: ${{ matrix.target.cflags }} + cross-prefix: ${{ matrix.target.cross-prefix }} lint: - name: Lint ${{ inputs.name }} + name: Linting ${{ inputs.name }} + runs-on: ${{ needs.start-ec2-runner.outputs.label }} if: ${{ inputs.lint == 'true' }} - needs: start-ec2-runner # required to start the main job when the runner is ready - uses: ./.github/workflows/lint_core_reusable.yml - with: - runner: ${{ needs.start-ec2-runner.outputs.label }} - cross-prefix: ${{ inputs.cross-prefix }} + runs-on: ${{ matrix.target.runner }} + steps: + - uses: actions/checkout@v4 + - uses: ./.github/actions/lint + with: + use-nix: true + cross-prefix: ${{ inputs.cross-prefix }} cbmc: name: CBMC ${{ inputs.name }} + runs-on: ${{ needs.start-ec2-runner.outputs.label }} if: ${{ inputs.cbmc == 'true' }} - needs: start-ec2-runner # required to start the main job when the runner is ready - uses: ./.github/workflows/cbmc_core_reusable.yml - with: - runner: ${{ needs.start-ec2-runner.outputs.label }} - cross-prefix: ${{ inputs.cross-prefix }} + runs-on: ${{ matrix.target.runner }} + steps: + - uses: actions/checkout@v4 + - uses: ./.github/actions/cbmc + with: + use-nix: true + cross-prefix: ${{ inputs.cross-prefix }} stop-ec2-runner: name: Stop ${{ github.event.inputs.name }} (${{ github.event.inputs.ec2_instance_type }}) permissions: diff --git a/.github/workflows/functest_core_reusable.yml b/.github/workflows/functest_core_reusable.yml deleted file mode 100644 index 70514fa87..000000000 --- a/.github/workflows/functest_core_reusable.yml +++ /dev/null @@ -1,44 +0,0 @@ -name: functest-core-reusable -on: - workflow_call: - inputs: - runner: - type: string - description: Name of the runner to use - cflags: - type: string - description: CFLAGS to pass to compilation - default: '' - cross-prefix: - type: string - description: Cross-compilation binary prefix, if any - default: ' ' -jobs: - functest: - name: Bench ${{ inputs.runner }} - runs-on: ${{ inputs.runner }} - defaults: - run: - shell: nix develop .#ci -c bash -e {0} - steps: - - uses: actions/checkout@v4 - - name: Setup nix - uses: ./.github/actions/setup-nix - with: - devShell: ci - script: | - ARCH=$(uname -m) - cat >> $GITHUB_STEP_SUMMARY <<-EOF - ## Setup - Architecture: $ARCH - - $(uname -a) - - $(nix --version) - - $(astyle --version) - - $(${{ inputs.cross-prefix }}gcc --version | grep -m1 "") - - $(bash --version | grep -m1 "") - EOF - - name: Run functional tests - uses: ./.github/actions/functest - with: - cflags: ${{ inputs.cflags }} - cross-prefix: ${{ inputs.cross-prefix }} diff --git a/.github/workflows/lint_core_reusable.yml b/.github/workflows/lint_core_reusable.yml deleted file mode 100644 index 171d0871a..000000000 --- a/.github/workflows/lint_core_reusable.yml +++ /dev/null @@ -1,38 +0,0 @@ -name: lint-core-reusable -on: - workflow_call: - inputs: - runner: - type: string - description: Name of the runner to use - cross-prefix: - type: string - description: Cross-compilation binary prefix, if any - default: ' ' -jobs: - lint: - name: Lint ${{ inputs.runner }} - runs-on: ${{ inputs.runner }} - defaults: - run: - shell: nix develop .#ci-linter -c bash -e {0} - steps: - - uses: actions/checkout@v4 - - name: Setup nix - uses: ./.github/actions/setup-nix - with: - devShell: ci-linter - script: | - cat >> $GITHUB_STEP_SUMMARY << EOF - ## Setup - Architecture: $(uname -m) - - $(uname -a) - - $(nix --version) - - $(astyle --version) - - $(${{ matrix.target.cross-prefix }}gcc --version | grep -m1 "") - - $(bash --version | grep -m1 "") - EOF - - name: Lint - run: | - echo "## Lint & Checks" >> $GITHUB_STEP_SUMMARY - lint