Chore/add slsa framework #4297
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Run a small subset of tests to ensure quick feedback. | |
name: Fast AWS Tests on CPU | |
env: | |
CARGO_TERM_COLOR: always | |
ACTION_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} | |
RUSTFLAGS: "-C target-cpu=native" | |
RUST_BACKTRACE: "full" | |
RUST_MIN_STACK: "8388608" | |
SLACK_CHANNEL: ${{ secrets.SLACK_CHANNEL }} | |
SLACK_ICON: https://pbs.twimg.com/profile_images/1274014582265298945/OjBKP9kn_400x400.png | |
SLACK_USERNAME: ${{ secrets.BOT_USERNAME }} | |
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} | |
IS_PULL_REQUEST: ${{ github.event_name == 'pull_request' }} | |
on: | |
# Allows you to run this workflow manually from the Actions tab as an alternative. | |
workflow_dispatch: | |
pull_request: | |
jobs: | |
should-run: | |
runs-on: ubuntu-latest | |
permissions: | |
pull-requests: write | |
outputs: | |
csprng_test: ${{ env.IS_PULL_REQUEST == 'false' || steps.changed-files.outputs.csprng_any_changed }} | |
zk_pok_test: ${{ env.IS_PULL_REQUEST == 'false' || steps.changed-files.outputs.zk_pok_any_changed }} | |
core_crypto_test: ${{ env.IS_PULL_REQUEST == 'false' || | |
steps.changed-files.outputs.core_crypto_any_changed || | |
steps.changed-files.outputs.dependencies_any_changed }} | |
boolean_test: ${{ env.IS_PULL_REQUEST == 'false' || | |
steps.changed-files.outputs.boolean_any_changed || | |
steps.changed-files.outputs.dependencies_any_changed }} | |
shortint_test: ${{ env.IS_PULL_REQUEST == 'false' || | |
steps.changed-files.outputs.shortint_any_changed || | |
steps.changed-files.outputs.dependencies_any_changed }} | |
integer_test: ${{ env.IS_PULL_REQUEST == 'false' || | |
steps.changed-files.outputs.integer_any_changed || | |
steps.changed-files.outputs.dependencies_any_changed }} | |
wasm_test: ${{ env.IS_PULL_REQUEST == 'false' || | |
steps.changed-files.outputs.wasm_any_changed || | |
steps.changed-files.outputs.dependencies_any_changed }} | |
high_level_api_test: ${{ env.IS_PULL_REQUEST == 'false' || | |
steps.changed-files.outputs.high_level_api_any_changed || | |
steps.changed-files.outputs.dependencies_any_changed }} | |
user_docs_test: ${{ env.IS_PULL_REQUEST == 'false' || | |
steps.changed-files.outputs.user_docs_any_changed || | |
steps.changed-files.outputs.dependencies_any_changed }} | |
any_file_changed: ${{ env.IS_PULL_REQUEST == 'false' || steps.aggregated-changes.outputs.any_changed }} | |
steps: | |
- name: Checkout tfhe-rs | |
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 | |
with: | |
fetch-depth: 0 | |
- name: Check for file changes | |
id: changed-files | |
uses: tj-actions/changed-files@40853de9f8ce2d6cfdc73c1b96f14e22ba44aec4 | |
with: | |
since_last_remote_commit: true | |
files_yaml: | | |
dependencies: | |
- tfhe/Cargo.toml | |
- concrete-csprng/** | |
- tfhe-zk-pok/** | |
csprng: | |
- concrete-csprng/** | |
zk_pok: | |
- tfhe-zk-pok/** | |
core_crypto: | |
- tfhe/src/core_crypto/** | |
boolean: | |
- tfhe/src/core_crypto/** | |
- tfhe/src/boolean/** | |
shortint: | |
- tfhe/src/core_crypto/** | |
- tfhe/src/shortint/** | |
integer: | |
- tfhe/src/core_crypto/** | |
- tfhe/src/shortint/** | |
- tfhe/src/integer/** | |
wasm: | |
- tfhe/src/** | |
- tfhe/js_on_wasm_tests/** | |
- tfhe/web_wasm_parallel_tests/** | |
- '!tfhe/src/c_api/**' | |
- '!tfhe/src/boolean/**' | |
high_level_api: | |
- tfhe/src/** | |
- '!tfhe/src/c_api/**' | |
- '!tfhe/src/boolean/**' | |
- '!tfhe/src/c_api/**' | |
- '!tfhe/src/js_on_wasm_api/**' | |
user_docs: | |
- tfhe/src/** | |
- '!tfhe/src/c_api/**' | |
- 'tfhe/docs/**.md' | |
- README.md | |
- name: Aggregate file changes | |
id: aggregated-changes | |
if: ( steps.changed-files.outputs.dependencies_any_changed == 'true' || | |
steps.changed-files.outputs.csprng_any_changed == 'true' || | |
steps.changed-files.outputs.zk_pok_any_changed == 'true' || | |
steps.changed-files.outputs.core_crypto_any_changed == 'true' || | |
steps.changed-files.outputs.boolean_any_changed == 'true' || | |
steps.changed-files.outputs.shortint_any_changed == 'true' || | |
steps.changed-files.outputs.integer_any_changed == 'true' || | |
steps.changed-files.outputs.wasm_any_changed == 'true' || | |
steps.changed-files.outputs.high_level_api_any_changed == 'true' || | |
steps.changed-files.outputs.user_docs_any_changed == 'true') | |
run: | | |
echo "any_changed=true" >> "$GITHUB_OUTPUT" | |
setup-instance: | |
name: Setup instance (fast-tests) | |
if: github.event_name != 'pull_request' || | |
needs.should-run.outputs.any_file_changed == 'true' | |
needs: should-run | |
runs-on: ubuntu-latest | |
outputs: | |
runner-name: ${{ steps.start-instance.outputs.label }} | |
steps: | |
- name: Start instance | |
id: start-instance | |
uses: zama-ai/slab-github-runner@447a2d0fd2d1a9d647aa0d0723a6e9255372f261 | |
with: | |
mode: start | |
github-token: ${{ secrets.SLAB_ACTION_TOKEN }} | |
slab-url: ${{ secrets.SLAB_BASE_URL }} | |
job-secret: ${{ secrets.JOB_SECRET }} | |
backend: aws | |
profile: cpu-big | |
fast-tests: | |
name: Fast CPU tests | |
if: github.event_name != 'pull_request' || | |
(github.event_name == 'pull_request' && needs.setup-instance.result != 'skipped') | |
needs: [ should-run, setup-instance ] | |
concurrency: | |
group: ${{ github.workflow }}_${{ github.ref }} | |
cancel-in-progress: true | |
runs-on: ${{ needs.setup-instance.outputs.runner-name }} | |
steps: | |
- name: Checkout tfhe-rs | |
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 | |
with: | |
persist-credentials: 'false' | |
- name: Set up home | |
run: | | |
echo "HOME=/home/ubuntu" >> "${GITHUB_ENV}" | |
- name: Install latest stable | |
uses: dtolnay/rust-toolchain@7b1c307e0dcbda6122208f10795a713336a9b35a | |
with: | |
toolchain: stable | |
- name: Run concrete-csprng tests | |
if: needs.should-run.outputs.csprng_test == 'true' | |
run: | | |
make test_concrete_csprng | |
- name: Run tfhe-zk-pok tests | |
if: needs.should-run.outputs.zk_pok_test == 'true' | |
run: | | |
make test_zk_pok | |
- name: Run core tests | |
if: needs.should-run.outputs.core_crypto_test == 'true' | |
run: | | |
AVX512_SUPPORT=ON make test_core_crypto | |
- name: Run boolean tests | |
if: needs.should-run.outputs.boolean_test == 'true' | |
run: | | |
make test_boolean | |
- name: Run user docs tests | |
if: needs.should-run.outputs.user_docs_test == 'true' | |
run: | | |
make test_user_doc | |
- name: Run js on wasm API tests | |
if: needs.should-run.outputs.wasm_test == 'true' | |
run: | | |
make test_nodejs_wasm_api_in_docker | |
- name: Gen Keys if required | |
if: needs.should-run.outputs.shortint_test == 'true' || | |
needs.should-run.outputs.integer_test == 'true' | |
run: | | |
make gen_key_cache | |
- name: Run shortint tests | |
if: needs.should-run.outputs.shortint_test == 'true' | |
run: | | |
BIG_TESTS_INSTANCE=TRUE FAST_TESTS=TRUE make test_shortint_ci | |
- name: Run integer tests | |
if: needs.should-run.outputs.integer_test == 'true' | |
run: | | |
BIG_TESTS_INSTANCE=TRUE FAST_TESTS=TRUE make test_integer_ci | |
- name: Run high-level API tests | |
if: needs.should-run.outputs.high_level_api_test == 'true' | |
run: | | |
make test_high_level_api | |
- name: Run safe deserialization tests | |
run: | | |
make test_safe_deserialization | |
- name: Slack Notification | |
if: ${{ always() }} | |
continue-on-error: true | |
uses: rtCamp/action-slack-notify@4e5fb42d249be6a45a298f3c9543b111b02f7907 | |
env: | |
SLACK_COLOR: ${{ job.status }} | |
SLACK_MESSAGE: "Fast AWS tests finished with status: ${{ job.status }}. (${{ env.ACTION_RUN_URL }})" | |
teardown-instance: | |
name: Teardown instance (fast-tests) | |
if: ${{ always() && needs.setup-instance.result != 'skipped' }} | |
needs: [ setup-instance, fast-tests ] | |
runs-on: ubuntu-latest | |
steps: | |
- name: Stop instance | |
id: stop-instance | |
uses: zama-ai/slab-github-runner@447a2d0fd2d1a9d647aa0d0723a6e9255372f261 | |
with: | |
mode: stop | |
github-token: ${{ secrets.SLAB_ACTION_TOKEN }} | |
slab-url: ${{ secrets.SLAB_BASE_URL }} | |
job-secret: ${{ secrets.JOB_SECRET }} | |
label: ${{ needs.setup-instance.outputs.runner-name }} | |
- name: Slack Notification | |
if: ${{ failure() }} | |
continue-on-error: true | |
uses: rtCamp/action-slack-notify@4e5fb42d249be6a45a298f3c9543b111b02f7907 | |
env: | |
SLACK_COLOR: ${{ job.status }} | |
SLACK_MESSAGE: "Instance teardown (fast-tests) finished with status: ${{ job.status }}. (${{ env.ACTION_RUN_URL }})" |