-
Notifications
You must be signed in to change notification settings - Fork 50
191 lines (182 loc) · 6.16 KB
/
ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
name: EasyCrypt compilation & check
on:
push:
branches:
- 'main'
pull_request:
env:
HOME: /home/charlie
OPAMYES: true
OPAMJOBS: 2
jobs:
compile-opam:
name: EasyCrypt compilation (opam)
runs-on: ubuntu-20.04
container:
image: ghcr.io/easycrypt/ec-build-box
steps:
- uses: actions/checkout@v4
- name: Install EasyCrypt dependencies
run: |
opam pin add -n easycrypt .
opam install --deps-only easycrypt
- name: Compile EasyCrypt
run: opam exec -- make PROFILE=ci
compile-nix:
name: EasyCrypt compilation (nix)
env:
HOME: /home/runner
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@v4
- name: Setup Nix
uses: cachix/install-nix-action@v26
with:
nix_path: nixpkgs=channel:nixos-unstable
- name: Setup Cachix
uses: cachix/cachix-action@v14
with:
name: formosa-crypto
authToken: '${{ secrets.CACHIX_WRITE_TOKEN }}'
- name: Build and cache EasyCrypt and dependencies
run: |
make nix-build-with-provers
check:
name: Check EasyCrypt Libraries
needs: compile-opam
runs-on: ubuntu-20.04
container:
image: ghcr.io/easycrypt/ec-build-box
strategy:
fail-fast: false
matrix:
target: [unit, stdlib, examples]
steps:
- uses: actions/checkout@v4
- name: Install EasyCrypt dependencies
run: |
opam pin add -n easycrypt .
opam install --deps-only easycrypt
- name: Compile EasyCrypt
run: opam exec -- make
- name: Detect SMT provers
run: |
rm -f ~/.why3.conf
opam exec -- ./ec.native why3config -why3 ~/.why3.conf
- name: Compile Library (${{ matrix.target }})
env:
TARGET: ${{ matrix.target }}
run: opam exec -- make $TARGET
- uses: actions/upload-artifact@v4
name: Upload report.log
if: always()
with:
name: report.log (${{ matrix.target }})
path: report.log
if-no-files-found: ignore
fetch-external-matrix:
name: Fetch EasyCrypt External Projects Matrix
runs-on: ubuntu-20.04
outputs:
matrix: ${{ steps.set-matrix.outputs.matrix }}
steps:
- uses: actions/checkout@v4
with:
path: 'easycrypt'
- id: set-matrix
run: |
JSON=$(jq -c . < easycrypt/.github/workflows/external.json)
echo "matrix=${JSON}" >> $GITHUB_OUTPUT
external:
name: Check EasyCrypt External Projects
needs: [compile-opam, fetch-external-matrix]
runs-on: ubuntu-20.04
container:
image: ghcr.io/easycrypt/ec-build-box
strategy:
fail-fast: false
matrix:
target: ${{fromJson(needs.fetch-external-matrix.outputs.matrix)}}
steps:
- uses: actions/checkout@v4
with:
path: easycrypt
- name: Extract target branch name
run: echo "branch=merge-${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" >> $GITHUB_OUTPUT
id: extract_branch
- name: Find remote branch
id: branch_name
run: |
git ls-remote --exit-code --heads ${{ matrix.target.repository }} refs/heads/${{ steps.extract_branch.outputs.branch }} || exists=$?
if [ "$exists" = "2" ];
then echo "REPO_BRANCH=${{ matrix.target.branch }}" >> $GITHUB_OUTPUT;
else echo "REPO_BRANCH=${{ steps.extract_branch.outputs.branch }}" >> $GITHUB_OUTPUT;
fi
- name: Checkout External Project
run: |
git clone --recurse-submodules \
-b ${{ steps.branch_name.outputs.REPO_BRANCH }} \
${{ matrix.target.repository }} \
project/${{ matrix.target.name }}
- name: Install EasyCrypt dependencies
run: |
opam pin add -n easycrypt easycrypt
opam install --deps-only easycrypt
- name: Compile & Install EasyCrypt
run: opam exec -- make -C easycrypt build install
- name: Detect SMT provers
run: |
rm -f ~/.why3.conf ~/.config/easycrypt/why3.conf
opam exec -- easycrypt why3config
- name: Compile project
working-directory: project/${{ matrix.target.name }}/${{ matrix.target.subdir }}
run: |
opam exec -- easycrypt runtest \
-report report.log \
${{ matrix.target.options }} \
${{ matrix.target.config }} \
${{ matrix.target.scenario }}
- name: Compute real-path to report.log
if: always()
run: |
echo "report=$(realpath project/${{ matrix.target.name }}/${{ matrix.target.subdir }})/report.log" >> $GITHUB_ENV
- uses: actions/upload-artifact@v4
name: Upload report.log
if: always()
with:
name: report.log (${{ matrix.target.name }})
path: ${{ env.report }}
if-no-files-found: ignore
external-status:
name: Check EasyCrypt External Projects (set-status)
if: always()
needs: [external]
runs-on: ubuntu-20.04
steps:
- uses: re-actors/alls-green@release/v1
with:
jobs: ${{ toJSON(needs) }}
allowed-skips: external
notification:
name: Notification
needs: [compile-opam, compile-nix, check, external, external-status]
if: |
(github.event_name == 'push') ||
(github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.repository)
runs-on: ubuntu-20.04
steps:
- uses: technote-space/workflow-conclusion-action@v3
- uses: zulip/github-actions-zulip/send-message@v1
with:
api-key: ${{ secrets.ZULIP_APIKEY }}
email: ${{ secrets.ZULIP_EMAIL }}
organization-url: 'https://formosa-crypto.zulipchat.com'
type: 'stream'
to: 'GitHub notifications'
topic: 'EasyCrypt / CI'
content: |
**Build status**: ${{ env.WORKFLOW_CONCLUSION }} ${{ env.WORKFLOW_CONCLUSION == 'success' && ':check_mark:' || ':cross_mark:' }}
**Author**: [${{ github.actor }}](${{ github.server_url }}/${{ github.actor }})
**Event**: ${{ github.event_name }} on ${{ github.ref }}
**Commit**: [${{ github.sha }}](${{ github.server_url }}/${{ github.repository }}/commit/${{ github.sha }})
**Details**: [Build log](${{ github.server_url }}/${{ github.repository }}/commit/${{ github.sha }}/checks)