sharpetronics/liboqs
1
0
Fork 0
mirror of https://github.com/open-quantum-safe/liboqs.git synced 2025-10-04 00:02:01 -04:00
Code Issues Projects Releases Wiki Activity
liboqs/.circleci/config.yml
Spencer Wilson c119f20f63
Move macOS CI tests to GitHub Actions; add M1 CI tests (#1709) 
* Move all CircleCI macOS jobs to GitHub

* Unify macOS and Linux workflows so that both pend minimal tests

* Fix a build warning on macOS
2024-02-27 10:35:53 -05:00

354 lines
14 KiB
YAML
Raw Blame History

version: 2.1
require_stylecheck: &require_stylecheck
requires:
- stylecheck
require_buildcheck: &require_buildcheck
requires:
- stylecheck
- buildcheck
require_testapproval: &require_testapproval
requires:
- stylecheck
- buildcheck
- testapproval
# CircleCI doesn't handle large file sets properly for local builds
# https://github.com/CircleCI-Public/circleci-cli/issues/281#issuecomment-472808051
localCheckout: &localCheckout
run: |-
PROJECT_PATH=$(cd ${CIRCLE_WORKING_DIRECTORY}; pwd)
mkdir -p ${PROJECT_PATH}
git config --global --add safe.directory /tmp/_circleci_local_build_repo
cd /tmp/_circleci_local_build_repo
git ls-files -z | xargs -0 -s 2090860 tar -c | tar -x -C ${PROJECT_PATH}
cp -a /tmp/_circleci_local_build_repo/.git ${PROJECT_PATH}
jobs:
stylecheck:
description: Validate formatting of code and documentation
docker:
- image: openquantumsafe/ci-ubuntu-focal-x86_64:latest
# Re-enable iff docker enforces rate limitations without auth:
# auth:
# username: $DOCKER_LOGIN
# password: $DOCKER_PASSWORD
steps:
- checkout # change this from "checkout" to "*localCheckout" when running CircleCI locally
- run:
name: Ensure code conventions are upheld
command: python3 -m pytest --verbose tests/test_code_conventions.py
- run:
name: Check that doxygen can parse the documentation
command: mkdir -p build/docs && ./scripts/run_doxygen.sh doxygen docs/.Doxyfile build/docs
buildcheck:
description: Test that we can build a single KEM/Signature pair as part of a minimal build.
parameters:
CONTAINER:
description: "The docker container to use."
type: string
CMAKE_ARGS:
description: "Arguments to pass to CMake."
type: string
default: ''
KEM_NAME:
description: "The KEM to build."
type: string
SIG_NAME:
description: "The signature scheme to build."
type: string
docker:
- image: << parameters.CONTAINER >>
steps:
- checkout # change this from "checkout" to "*localCheckout" when running CircleCI locally
- run:
name: Configure
command: |2
mkdir build && cd build && source ~/.bashrc && \
cmake .. --warn-uninitialized \
-GNinja << parameters.CMAKE_ARGS >> \
-DOQS_MINIMAL_BUILD="KEM_<< parameters.KEM_NAME >>;SIG_<< parameters.SIG_NAME >>" \
> config.log 2>&1 && \
cat config.log && \
cmake -LA .. && ! (grep "uninitialized variable" config.log)
- run:
name: Build
command: ninja
working_directory: build
linux_oqs:
description: A template for running liboqs tests on Linux Docker VMs
parameters:
CONTAINER:
description: "The docker container to use."
type: string
CMAKE_ARGS:
description: "Arguments to pass to CMake."
type: string
default: ''
PYTEST_ARGS:
description: "Arguments to pass to pytest."
type: string
# Not every executor handles --numprocesses=auto being passed to pytest well
# See https://github.com/open-quantum-safe/liboqs/issues/738#issuecomment-621394744
default: --numprocesses=auto
SKIP_ALGS:
description: "Algorithms not to test in test_constant_time."
type: string
default: ''
docker:
- image: << parameters.CONTAINER >>
# Re-enable iff docker enforces rate limitations without auth:
# auth:
# username: $DOCKER_LOGIN
# password: $DOCKER_PASSWORD
steps:
- checkout # change this from "checkout" to "*localCheckout" when running CircleCI locally
- run:
name: Configure
command: mkdir build && cd build && source ~/.bashrc && cmake -GNinja << parameters.CMAKE_ARGS >> .. && cmake -LA ..
- run:
name: Build
command: ninja
working_directory: build
- run:
name: Run tests
no_output_timeout: 1h
command: mkdir -p tmp && python3 -m pytest --verbose --ignore=tests/test_speed.py --ignore=tests/test_code_conventions.py --junitxml=build/test-results/pytest/test-results.xml << parameters.PYTEST_ARGS >>
environment:
SKIP_ALGS: << parameters.SKIP_ALGS >>
- store_test_results: # Note that this command will fail when running CircleCI locally, that is expected behaviour
path: build/test-results
- store_artifacts:
path: build/test-results
scan_build:
description: Executing scan-build test
parameters:
CONTAINER:
description: "The docker container to use."
type: string
docker:
- image: << parameters.CONTAINER >>
steps:
- checkout # change this from "checkout" to "*localCheckout" when running CircleCI locally
- run:
name: Configure
command: mkdir build && cd build && pwd && source ~/.bashrc && scan-build-15 cmake -GNinja ..
- run:
name: Build
command: scan-build-15 --status-bugs ninja
working_directory: build
arm_machine:
description: A template for running liboqs tests on ARM(presently only 64) machines
parameters:
CMAKE_ARGS:
description: "Arguments to pass to CMake."
type: string
default: ''
PYTEST_ARGS:
description: "Arguments to pass to pytest."
type: string
# Not every executor handles --numprocesses=auto being passed to pytest well
# See https://github.com/open-quantum-safe/liboqs/issues/738#issuecomment-621394744
default: --numprocesses=auto
machine:
image: ubuntu-2004:202101-01
resource_class: arm.medium
steps:
- checkout
# It seems the machine doesn't contain all preprequisites, and we don't have permission to add them explicitly,
# so we can only run in a prepared ARM64 CI image
- run:
name: Build and run tests in docker
no_output_timeout: 1h
command: |2
docker run -it -e CMAKE_ARGS="<< parameters.CMAKE_ARGS >>" \
-e PYTEST_ARGS="<< parameters.PYTEST_ARGS >>" \
-v `pwd`:/root/project \
openquantumsafe/ci-ubuntu-focal-arm64:latest bash \
-c 'cd /root/project && \
uname -a && \
mkdir build && cd build && source ~/.bashrc && \
cmake -GNinja -DOQS_STRICT_WARNINGS=ON $CMAKE_ARGS .. && cmake -LA .. && ninja && \
cd .. && mkdir -p tmp && \
python3 -m pytest --verbose \
--ignore=tests/test_code_conventions.py \
--junitxml=build/test-results/pytest/test-results.xml $PYTEST_ARGS'
- store_test_results: # Note that this command will fail when running CircleCI locally, that is expected behaviour
path: build/test-results
- store_artifacts:
path: build/test-results
trigger-downstream-ci:
docker:
- image: cimg/base:2020.01
# Re-enable iff docker enforces rate limitations without auth:
# auth:
# username: $DOCKER_LOGIN
# password: $DOCKER_PASSWORD
steps:
- run:
name: Trigger OQS-OpenSSL CI
command: |2
curl --silent \
--write-out "\n%{response_code}\n" \
--user ${BUILD_TRIGGER_TOKEN}: \
--request POST \
--header "Content-Type: application/json" \
--data '{ "branch": "OQS-OpenSSL_1_1_1-stable", "parameters": { "run_downstream_tests": true } }' \
https://circleci.com/api/v2/project/gh/open-quantum-safe/openssl/pipeline | tee curl_out \
&& grep -q "201" curl_out
- run:
name: Trigger OQS-BoringSSL CI
command: |2
curl --silent \
--write-out "\n%{response_code}\n" \
--user ${BUILD_TRIGGER_TOKEN}: \
--request POST \
--header "Content-Type: application/json" \
--data '{ "branch": "master", "parameters": { "run_downstream_tests": true } }' \
https://circleci.com/api/v2/project/gh/open-quantum-safe/boringssl/pipeline | tee curl_out \
&& grep -q "201" curl_out
- run:
name: Trigger OQS-OpenSSH CI
command: |2
curl --silent \
--write-out "\n%{response_code}\n" \
--user ${BUILD_TRIGGER_TOKEN}: \
--request POST \
--header "Content-Type: application/json" \
--data '{ "branch": "OQS-v8", "parameters": { "run_downstream_tests": true } }' \
https://circleci.com/api/v2/project/gh/open-quantum-safe/openssh/pipeline | tee curl_out \
&& grep -q "201" curl_out
- run:
name: Trigger oqs-provider CI
command: |2
curl --silent \
--write-out "\n%{response_code}\n" \
--user ${BUILD_TRIGGER_TOKEN}: \
--request POST \
--header "Content-Type: application/json" \
--data '{ "branch": "main" }' \
https://circleci.com/api/v2/project/gh/open-quantum-safe/oqs-provider/pipeline | tee curl_out \
&& grep -q "201" curl_out
- run:
name: Trigger liboqs-dotnet CI
command: |2
curl --silent \
--write-out "\n%{response_code}\n" \
--user ${BUILD_TRIGGER_TOKEN}: \
--request POST \
--header "Content-Type: application/json" \
--data '{ "branch": "master" }' \
https://circleci.com/api/v2/project/gh/open-quantum-safe/liboqs-dotnet/pipeline | tee curl_out \
&& grep -q "201" curl_out
- run:
name: Trigger liboqs-java CI
command: |2
curl --silent \
--write-out "\n%{response_code}\n" \
--user ${BUILD_TRIGGER_TOKEN}: \
--request POST \
--header "Content-Type: application/json" \
--data '{ "branch": "master" }' \
https://circleci.com/api/v2/project/gh/open-quantum-safe/liboqs-java/pipeline | tee curl_out \
&& grep -q "201" curl_out
- run:
name: Trigger liboqs-python CI
command: |2
curl --silent \
--write-out "\n%{response_code}\n" \
--request POST \
--header "Accept: application/vnd.github+json" \
--header "Authorization: Bearer $OQSBOT_GITHUB_ACTIONS" \
--header "X-GitHub-Api-Version: 2022-11-28" \
--data '{"event_type":"liboqs-upstream-trigger"}' \
https://api.github.com/repos/open-quantum-safe/liboqs-python/dispatches | tee curl_out \
&& grep -q "204" curl_out
workflows:
version: 2.1
build:
when:
and:
- not:
equal: [ main, << pipeline.git.branch >> ]
- not:
matches: { pattern: "^ghactionsonly-.*", value: << pipeline.git.branch >> }
jobs:
- stylecheck
- buildcheck:
<<: *require_stylecheck
context: openquantumsafe
CONTAINER: openquantumsafe/ci-ubuntu-focal-x86_64:latest
KEM_NAME: kyber_768
SIG_NAME: dilithium_3
# Disabling testapproval as no jobs currently need it.
#- testapproval:
# <<: *require_buildcheck
# type: approval
# Disabling centos-8 and debian-buster.
# Re-enable if specific configurations (package versions etc) that need to be tested are identified.
#- linux_oqs:
# <<: *require_buildcheck
# name: centos-8
# context: openquantumsafe
# CONTAINER: openquantumsafe/ci-centos-8-amd64:latest
# CMAKE_ARGS: -DCMAKE_C_COMPILER=clang
#- linux_oqs:
# <<: *require_buildcheck
# name: debian-buster
# context: openquantumsafe
# CONTAINER: openquantumsafe/ci-debian-buster-amd64:latest
- scan_build:
<<: *require_buildcheck
name: scan_build
context: openquantumsafe
CONTAINER: openquantumsafe/ci-ubuntu-focal-x86_64:latest
- linux_oqs:
<<: *require_buildcheck
name: ubuntu-focal-noopenssl
context: openquantumsafe
CONTAINER: openquantumsafe/ci-ubuntu-focal-x86_64:latest
CMAKE_ARGS: -DCMAKE_C_COMPILER=gcc-8 -DOQS_USE_OPENSSL=OFF
PYTEST_ARGS: --ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py
- linux_oqs:
<<: *require_buildcheck
name: ubuntu-focal-shared-noopenssl
context: openquantumsafe
CONTAINER: openquantumsafe/ci-ubuntu-focal-x86_64:latest
CMAKE_ARGS: -DCMAKE_C_COMPILER=gcc-7 -DOQS_DIST_BUILD=OFF -DOQS_USE_OPENSSL=OFF -DBUILD_SHARED_LIBS=ON
PYTEST_ARGS: --ignore=tests/test_namespace.py --ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py --numprocesses=auto
- linux_oqs:
<<: *require_buildcheck
name: ubuntu-focal-clang15
context: openquantumsafe
CONTAINER: openquantumsafe/ci-ubuntu-focal-x86_64:latest
CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DCMAKE_C_COMPILER=clang-15 -DOQS_OPT_TARGET=skylake
PYTEST_ARGS: --ignore=tests/test_kat_all.py
- linux_oqs:
<<: *require_buildcheck
name: ubuntu-bionic-i386
context: openquantumsafe
CONTAINER: openquantumsafe/ci-ubuntu-bionic-i386:latest
CMAKE_ARGS: -DCMAKE_TOOLCHAIN_FILE=../.CMake/toolchain_x86.cmake
PYTEST_ARGS: --ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py
- arm_machine:
<<: *require_buildcheck
name: arm64
PYTEST_ARGS: --numprocesses=auto --maxprocesses=10 --ignore=tests/test_kat_all.py
commit-to-main:
when:
equal: [ main, << pipeline.git.branch >> ]
jobs:
- trigger-downstream-ci:
context: openquantumsafe
Reference in New Issue View Git Blame Copy Permalink