Merge pull request #262 from Nadrieril/groundwork #1040
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| on: | |
| # Run the checks on any push to any branch of the repo that doesn't start with `_`. | |
| push: | |
| branches-ignore: [ '_**' ] | |
| # Run the check for any pull request. The check is run on a merge between the | |
| # PR commit and the `main` branch at the time of running the check. | |
| pull_request: | |
| # Runs the check when a PR is added to the merge queue. | |
| merge_group: | |
| # Makes it possible to run the forkflow by hand from GItHub's interface. | |
| workflow_dispatch: | |
| # Minimum permissions required by skip-duplicate-actions | |
| permissions: | |
| actions: write | |
| contents: read | |
| jobs: | |
| # Avoid `push` and `pull_request` running the same job twice | |
| check_if_skip_duplicate_job: | |
| runs-on: [self-hosted, linux, nix] | |
| steps: | |
| - id: skip_check | |
| uses: fkirc/skip-duplicate-actions@v5 | |
| with: | |
| concurrent_skipping: 'same_content_newer' | |
| skip_after_successful_duplicate: 'true' | |
| cancel_others: 'true' | |
| outputs: | |
| should_skip: ${{ steps.skip_check.outputs.should_skip }} | |
| nix: | |
| needs: check_if_skip_duplicate_job | |
| if: needs.check_if_skip_duplicate_job.outputs.should_skip != 'true' | |
| #runs-on: ubuntu-latest | |
| runs-on: [self-hosted, linux, nix] | |
| steps: | |
| #- uses: cachix/install-nix-action@v22 | |
| - uses: actions/checkout@v4 | |
| - run: nix build -L .#charon | |
| - run: nix build -L .#charon-ml | |
| - run: nix flake check -L | |
| check-version-number: | |
| runs-on: [self-hosted, linux, nix] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 # deep clone in order to get access to other commits | |
| - run: nix develop --command ./scripts/ci-check-version-number.sh | |
| aeneas: | |
| needs: [check_if_skip_duplicate_job, nix] | |
| if: needs.check_if_skip_duplicate_job.outputs.should_skip != 'true' | |
| runs-on: [self-hosted, linux, nix] | |
| steps: | |
| - run: nix build -L github:aeneasverif/aeneas --override-input charon github:aeneasverif/charon/${{ github.sha }} | |
| eurydice: | |
| needs: [check_if_skip_duplicate_job, nix] | |
| if: needs.check_if_skip_duplicate_job.outputs.should_skip != 'true' | |
| runs-on: [self-hosted, linux, nix] | |
| steps: | |
| - run: nix build -L github:aeneasverif/eurydice --override-input charon github:aeneasverif/charon/${{ github.sha }} | |
| kyber: | |
| needs: [check_if_skip_duplicate_job, eurydice] | |
| if: needs.check_if_skip_duplicate_job.outputs.should_skip != 'true' | |
| runs-on: [self-hosted, linux, nix] | |
| steps: | |
| - name: checkout libcrux | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: cryspen/libcrux | |
| ref: dev | |
| # Kyber expects Eurydice's sources in `$EURYDICE_HOME`, | |
| # not the install directory. | |
| - name: checkout eurydice | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: aeneasverif/eurydice | |
| path: eurydice | |
| - name: setup | |
| run: | | |
| nix build ./eurydice -o eurydice/result --override-input charon github:aeneasverif/charon/${{ github.sha }} | |
| ln -s $(pwd)/eurydice/result/bin/eurydice $(pwd)/eurydice/eurydice | |
| nix build github:hacl-star/hacl-nix#fstar -o fstar | |
| nix build github:hacl-star/hacl-nix#karamel.home -o karamel | |
| echo EURYDICE_HOME=$(pwd)/eurydice >> $GITHUB_ENV | |
| echo FSTAR_HOME=$(pwd)/fstar >> $GITHUB_ENV | |
| echo KRML_HOME=$(pwd)/karamel >> $GITHUB_ENV | |
| - name: build kyber | |
| run: | | |
| nix develop 'github:aeneasverif/charon/${{ github.sha }}#kyber-ci' --command build-kyber |