diff --git a/.github/workflows/continuous-integration.yml b/.github/workflows/continuous-integration.yml index e84925d8e..d2d6649d3 100644 --- a/.github/workflows/continuous-integration.yml +++ b/.github/workflows/continuous-integration.yml @@ -45,13 +45,12 @@ jobs: with: submodules: recursive - - name: "KeySetCache" + - name: Download KeySetCache if: ${{ matrix.compiler == 'gcc7' }} - uses: actions/cache@v2 - with: - path: ${{ github.workspace }}/KeySetCache - # actions/cache does not permit to update a cache entry - key: Linux-KeySetCache-2022-02-28 + continue-on-error: true + run: | + cd compiler + GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }} make keysetcache_ci_populated - name: Build and test compiler if: ${{ matrix.compiler == 'gcc7' }} @@ -62,7 +61,9 @@ jobs: image: ${{ env.DOCKER_IMAGE_TEST_GCC7 }} username: ${{ secrets.GHCR_LOGIN }} password: ${{ secrets.GHCR_PASSWORD }} - options: -v ${{ github.workspace }}/compiler:/compiler -v ${{ github.workspace }}/KeySetCache:/tmp/KeySetCache + options: >- + -v ${{ github.workspace }}/compiler:/compiler + -v ${{ github.workspace }}/KeySetCache:/tmp/KeySetCache shell: bash run: | set -e @@ -77,6 +78,21 @@ jobs: ccache -s chmod -R ugo+rwx /tmp/KeySetCache + - name: Upload KeySetCache + if: ${{ matrix.compiler == 'gcc7' }} && github.ref == 'refs/heads/master' + uses: actions/upload-artifact@v3 + with: + name: KeySetCache + path: KeySetCache + retention-days: 90 + + - name: Cleanup Old KeySetCache + uses: Remagpie/gha-remove-artifact@v1 + if: ${{ matrix.compiler == 'gcc7' }} && github.ref == 'refs/heads/master' + with: + only-name: KeySetCache + max-count: 1 + - name: Build compiler if: ${{ matrix.compiler == 'latest' }} id: build-compiler-latest @@ -177,13 +193,11 @@ jobs: id: tmpdir-path run: echo "::set-output name=TMPDIR_PATH::`echo $TMPDIR`" - - name: KeySetCache - if: github.event_name == 'push' - uses: actions/cache@v2 - with: - path: ${{ steps.tmpdir-path.outputs.TMPDIR_PATH }}/KeySetCache - # The cache is not specific to Linux and can be used on MacOS - key: Linux-KeySetCache-2022-02-28 + - name: Download KeySetCache + continue-on-error: true + run: | + cd compiler + GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }} make keysetcache_ci_populated # We do run test-check as part of the build, as they aren't that costly # and will at least give minimum confidence that the compiler works in PRs @@ -216,12 +230,11 @@ jobs: with: submodules: recursive - - name: "KeySetCache" - uses: actions/cache@v2 - with: - path: ${{ github.workspace }}/KeySetCache - # actions/cache does not permit to update a cache entry - key: Linux-KeySetCache-2022-02-28 + - name: Download KeySetCache + continue-on-error: true + run: | + cd compiler + GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }} make keysetcache_ci_populated - name: Build and test compiler (dataflow) uses: addnab/docker-run-action@v3 @@ -230,7 +243,9 @@ jobs: image: ${{ env.DOCKER_IMAGE_TEST_DF }} username: ${{ secrets.GHCR_LOGIN }} password: ${{ secrets.GHCR_PASSWORD }} - options: -v ${{ github.workspace }}/compiler:/compiler -v ${{ github.workspace }}/KeySetCache:/tmp/KeySetCache + options: >- + -v ${{ github.workspace }}/compiler:/compiler + -v ${{ github.workspace }}/KeySetCache:/tmp/KeySetCache shell: bash run: | set -e diff --git a/builders/Dockerfile.keysetcache-env b/builders/Dockerfile.keysetcache-env new file mode 100644 index 000000000..2b1b8d5ec --- /dev/null +++ b/builders/Dockerfile.keysetcache-env @@ -0,0 +1,2 @@ +FROM alpine:latest +COPY KeySetCache /KeySetCache diff --git a/compiler/Makefile b/compiler/Makefile index 2c6cacc0e..7ba9ac200 100644 --- a/compiler/Makefile +++ b/compiler/Makefile @@ -7,6 +7,9 @@ CXX_COMPILER= EXTERNAL_HEADERS=include/boost-single-header/outcome.hpp +KEYSETCACHEDEV=/tmp/KeySetCache +KEYSETCACHECI=../KeySetCache + export PATH := $(BUILD_DIR)/bin:$(PATH) ifeq ($(shell which ccache),) @@ -91,7 +94,23 @@ test: test-check test-end-to-end-jit test-python support-unit-test testlib-unit- test-dataflow: test-end-to-end-jit-dfr test-end-to-end-jit-auto-parallelization -# install/uninstall +GITHUB_URL=https://api.github.com/repos/zama-ai/concrete-compiler-internal +GITHUB_URL_LIST_ARTIFACTS="${GITHUB_URL}/actions/artifacts" +CURL=curl -H"Accept: application/vnd.github.v3+json" -H"authorization: Bearer ${GITHUB_TOKEN}" +keysetcache.zip: REDIRECT_URL = $(shell ${CURL} -s ${GITHUB_URL_LIST_ARTIFACTS} | grep -A 10 KeySetCache | grep archive_download_url | head -n 1 | grep -o 'http[^"]\+') +keysetcache.zip: + ${CURL} --location -o keysetcache.zip ${REDIRECT_URL} + du -h keysetcache.zip + +keysetcache_ci_populated: keysetcache.zip + unzip keysetcache.zip -d ${KEYSETCACHECI} + du -sh ${KEYSETCACHECI} + rm keysetcache.zip + +keysetcache_populated: keysetcache.zip + unzip keysetcache.zip -d ${KEYSETCACHEDEV} + du -sh ${KEYSETCACHEDEV} + rm keysetcache.zip install: install_runtime_lib diff --git a/compiler/lib/ClientLib/KeySetCache.cpp b/compiler/lib/ClientLib/KeySetCache.cpp index d6b23adb6..4cf2d8629 100644 --- a/compiler/lib/ClientLib/KeySetCache.cpp +++ b/compiler/lib/ClientLib/KeySetCache.cpp @@ -13,6 +13,7 @@ #include #include #include +#include extern "C" { #include "concrete-ffi.h" @@ -78,6 +79,10 @@ KeySetCache::loadKeys(ClientParameters ¶ms, uint64_t seed_msb, // TODO: text dump of all parameter in /hash auto key_set = std::make_unique(); + // Mark the folder as recently use. + // e.g. so the CI can do some cleanup of unused keys. + utime(folderPath.c_str(), nullptr); + std::map> secretKeys; std::map>