chore(ci): extend external contribution to all pr workflows #3481
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: AWS Signed Integer Tests on CPU | ||
| env: | ||
| CARGO_TERM_COLOR: always | ||
| ACTION_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} | ||
| RUSTFLAGS: "-C target-cpu=native" | ||
| RUST_BACKTRACE: "full" | ||
| RUST_MIN_STACK: "8388608" | ||
| SLACK_CHANNEL: ${{ secrets.SLACK_CHANNEL }} | ||
| SLACK_ICON: https://pbs.twimg.com/profile_images/1274014582265298945/OjBKP9kn_400x400.png | ||
| SLACK_USERNAME: ${{ secrets.BOT_USERNAME }} | ||
| SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} | ||
| MSG_MINIMAL: event,action url,commit | ||
| BRANCH: ${{ github.head_ref || github.ref }} | ||
| # We clear the cache to reduce memory pressure because of the numerous processes of cargo | ||
| # nextest | ||
| TFHE_RS_CLEAR_IN_MEMORY_KEY_CACHE: "1" | ||
| NO_BIG_PARAMS: FALSE | ||
| REF: ${{ github.event.pull_request.head.sha || github.sha }} | ||
| on: | ||
| # Allows you to run this workflow manually from the Actions tab as an alternative. | ||
| workflow_dispatch: | ||
| # Trigger pull_request event on CI files to be able to test changes before merging to main branch. | ||
| # Workflow would fail if changes come from a forked repository since secrets are not available with this event. | ||
| pull_request: | ||
| types: [ labeled ] | ||
| paths: | ||
| - '.github/**' | ||
| - 'ci/**' | ||
| # General entry point for Zama's pull request as well as contribution from forks. | ||
| pull_request_target: | ||
| types: [ labeled ] | ||
| paths: | ||
| - '**' | ||
| - '!.github/**' | ||
| - '!ci/**' | ||
| push: | ||
| branches: | ||
| - main | ||
| jobs: | ||
| should-run: | ||
| if: | ||
| (github.event_name == 'push' && github.repository == 'zama-ai/tfhe-rs') || | ||
| (github.event_name == 'schedule' && github.repository == 'zama-ai/tfhe-rs') || | ||
| ((github.event_name == 'pull_request_target' || github.event_name == 'pull_request_target') && contains(github.event.label.name, 'approved')) || | ||
| github.event_name == 'workflow_dispatch' | ||
| runs-on: ubuntu-latest | ||
| permissions: | ||
| pull-requests: read | ||
| outputs: | ||
| integer_test: ${{ github.event_name == 'workflow_dispatch' || | ||
| steps.changed-files.outputs.integer_any_changed }} | ||
| steps: | ||
| - name: Checkout tfhe-rs | ||
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | ||
| with: | ||
| fetch-depth: 0 | ||
| persist-credentials: 'false' | ||
| token: ${{ secrets.REPO_CHECKOUT_TOKEN }} | ||
| ref: ${{ env.REF }} | ||
| - name: Check for file changes | ||
| id: changed-files | ||
| uses: tj-actions/changed-files@d6e91a2266cdb9d62096cebf1e8546899c6aa18f | ||
| with: | ||
| since_last_remote_commit: true | ||
| files_yaml: | | ||
| integer: | ||
| - tfhe/Cargo.toml | ||
| - tfhe-csprng/** | ||
| - tfhe-fft/** | ||
| - tfhe-zk-pok/** | ||
| - tfhe/src/core_crypto/** | ||
| - tfhe/src/shortint/** | ||
| - tfhe/src/integer/** | ||
| - .github/workflows/aws_tfhe_signed_integer_tests.yml | ||
| check-ci-files: | ||
| uses: ./.github/workflows/check_ci_files_change.yml@${{ github.sha }} | ||
| with: | ||
| checkout_ref: ${{ github.event.pull_request.head.sha || github.sha }} | ||
| secrets: | ||
| REPO_CHECKOUT_TOKEN: ${{ secrets.REPO_CHECKOUT_TOKEN }} | ||
| # Fail if the triggering actor is not part of Zama organization. | ||
| # If pull_request_target is emitted and CI files have changed, skip this job. This would skip following jobs. | ||
| check-user-permission: | ||
| needs: check-ci-files | ||
| if: github.event_name != 'pull_request_target' || | ||
| (github.event_name == 'pull_request_target' && needs.check-ci-files.outputs.ci_file_changed == 'false') | ||
| uses: ./.github/workflows/check_triggering_actor.yml@${{ github.sha }} | ||
| secrets: | ||
| TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
| setup-instance: | ||
| name: Setup instance (unsigned-integer-tests) | ||
| needs: [ should-run, check-user-permission ] | ||
| if: | ||
| (github.event_name == 'push' && github.repository == 'zama-ai/tfhe-rs' && needs.should-run.outputs.integer_test == 'true') || | ||
| (github.event_name == 'schedule' && github.repository == 'zama-ai/tfhe-rs') || | ||
| (github.event.action == 'labeled' && github.event.label.name == 'approved' && needs.should-run.outputs.integer_test == 'true') || | ||
| github.event_name == 'workflow_dispatch' | ||
| runs-on: ubuntu-latest | ||
| outputs: | ||
| runner-name: ${{ steps.start-instance.outputs.label }} | ||
| steps: | ||
| - name: Start instance | ||
| id: start-instance | ||
| uses: zama-ai/slab-github-runner@79939325c3c429837c10d6041e4fd8589d328bac | ||
| with: | ||
| mode: start | ||
| github-token: ${{ secrets.SLAB_ACTION_TOKEN }} | ||
| slab-url: ${{ secrets.SLAB_BASE_URL }} | ||
| job-secret: ${{ secrets.JOB_SECRET }} | ||
| backend: aws | ||
| profile: cpu-big | ||
| signed-integer-tests: | ||
| name: Signed integer tests | ||
| needs: setup-instance | ||
| concurrency: | ||
| group: ${{ github.workflow }}_${{ github.head_ref || github.ref }} | ||
| cancel-in-progress: ${{ github.ref != 'refs/heads/main' }} | ||
| runs-on: ${{ needs.setup-instance.outputs.runner-name }} | ||
| steps: | ||
| - name: Checkout tfhe-rs | ||
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | ||
| with: | ||
| persist-credentials: "false" | ||
| token: ${{ secrets.REPO_CHECKOUT_TOKEN }} | ||
| ref: ${{ env.REF }} | ||
| - name: Install latest stable | ||
| uses: dtolnay/rust-toolchain@a54c7afa936fefeb4456b2dd8068152669aa8203 | ||
| with: | ||
| toolchain: stable | ||
| - name: Should skip big parameters set | ||
| if: github.event_name == 'pull_request_target' | ||
| run: | | ||
| echo "NO_BIG_PARAMS=TRUE" >> "${GITHUB_ENV}" | ||
| - name: Gen Keys if required | ||
| run: | | ||
| make GEN_KEY_CACHE_MULTI_BIT_ONLY=TRUE gen_key_cache | ||
| - name: Run shortint multi-bit tests | ||
| run: | | ||
| make test_shortint_multi_bit_ci | ||
| - name: Run signed integer multi-bit tests | ||
| run: | | ||
| AVX512_SUPPORT=ON make test_signed_integer_multi_bit_ci | ||
| - name: Gen Keys if required | ||
| run: | | ||
| make gen_key_cache | ||
| - name: Run signed integer tests | ||
| run: | | ||
| AVX512_SUPPORT=ON NO_BIG_PARAMS=${{ env.NO_BIG_PARAMS }} BIG_TESTS_INSTANCE=TRUE make test_signed_integer_ci | ||
| - name: Slack Notification | ||
| if: ${{ failure() }} | ||
| continue-on-error: true | ||
| uses: rtCamp/action-slack-notify@c33737706dea87cd7784c687dadc9adf1be59990 | ||
| env: | ||
| SLACK_COLOR: ${{ job.status }} | ||
| SLACK_MESSAGE: "Signed Integer tests finished with status: ${{ job.status }} on '${{ env.BRANCH }}'. (${{ env.ACTION_RUN_URL }})" | ||
| teardown-instance: | ||
| name: Teardown instance (signed-integer-tests) | ||
| if: ${{ always() && needs.setup-instance.result == 'success' }} | ||
| needs: [setup-instance, signed-integer-tests] | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Stop instance | ||
| id: stop-instance | ||
| uses: zama-ai/slab-github-runner@79939325c3c429837c10d6041e4fd8589d328bac | ||
| with: | ||
| mode: stop | ||
| github-token: ${{ secrets.SLAB_ACTION_TOKEN }} | ||
| slab-url: ${{ secrets.SLAB_BASE_URL }} | ||
| job-secret: ${{ secrets.JOB_SECRET }} | ||
| label: ${{ needs.setup-instance.outputs.runner-name }} | ||
| - name: Slack Notification | ||
| if: ${{ failure() }} | ||
| continue-on-error: true | ||
| uses: rtCamp/action-slack-notify@c33737706dea87cd7784c687dadc9adf1be59990 | ||
| env: | ||
| SLACK_COLOR: ${{ job.status }} | ||
| SLACK_MESSAGE: "Instance teardown (signed-integer-tests) finished with status: ${{ job.status }} on '${{ env.BRANCH }}'. (${{ env.ACTION_RUN_URL }})" | ||
