diff --git a/.github/workflows/aws_build_cpu.yml b/.github/workflows/aws_build_cpu.yml index 00ab596c7..48f75ce33 100644 --- a/.github/workflows/aws_build_cpu.yml +++ b/.github/workflows/aws_build_cpu.yml @@ -61,7 +61,7 @@ jobs: uses: actions/checkout@v3 with: submodules: recursive - token: ${{ secrets.GH_TOKEN }} + token: ${{ secrets.CONCRETE_ACTIONS_TOKEN }} - name: Install rust uses: actions-rs/toolchain@v1 @@ -178,8 +178,8 @@ jobs: args: --acl public-read env: AWS_S3_BUCKET: ${{ secrets.AWS_PREPROD_REPO_DOCUMENTATION_BUCKET_NAME }} - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + AWS_IAM_ID: ${{ secrets.AWS_IAM_ID }} + AWS_IAM_KEY: ${{ secrets.AWS_IAM_KEY }} AWS_REGION: ${{ secrets.AWS_REGION }} SOURCE_DIR: '.' DEST_DIR: 'concrete-compiler/${{ github.ref_name }}' @@ -190,6 +190,6 @@ jobs: env: SOURCE_PATH: '/concrete-compiler/*' AWS_REGION: ${{ secrets.AWS_REGION }} - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + AWS_IAM_ID: ${{ secrets.AWS_IAM_ID }} + AWS_IAM_KEY: ${{ secrets.AWS_IAM_KEY }} DISTRIBUTION_ID: ${{ secrets.AWS_REPO_DOCUMENTATION_DISTRIBUTION_ID }} diff --git a/.github/workflows/aws_build_gpu.yml b/.github/workflows/aws_build_gpu.yml index 6b13bf388..657897b4d 100644 --- a/.github/workflows/aws_build_gpu.yml +++ b/.github/workflows/aws_build_gpu.yml @@ -62,7 +62,7 @@ jobs: uses: actions/checkout@v3 with: submodules: recursive - token: ${{ secrets.GH_TOKEN }} + token: ${{ secrets.CONCRETE_ACTIONS_TOKEN }} - name: Install rust uses: actions-rs/toolchain@v1 diff --git a/.github/workflows/benchmark.yml b/.github/workflows/benchmark.yml index 1a1dbf5fc..dc11054d2 100644 --- a/.github/workflows/benchmark.yml +++ b/.github/workflows/benchmark.yml @@ -78,8 +78,8 @@ jobs: - name: Configure AWS credentials uses: aws-actions/configure-aws-credentials@v1 with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws-access-key-id: ${{ secrets.AWS_IAM_ID }} + aws-secret-access-key: ${{ secrets.AWS_IAM_KEY }} aws-region: ${{ env.AWS_REGION }} - name: Start EC2 runner id: start-ec2-runner @@ -116,7 +116,7 @@ jobs: with: fetch-depth: 0 submodules: recursive - token: ${{ secrets.GH_TOKEN }} + token: ${{ secrets.CONCRETE_ACTIONS_TOKEN }} - name: Set up home # "Install rust" step require root user to have a HOME directory which is not set. @@ -202,7 +202,7 @@ jobs: with: repository: zama-ai/slab path: slab - token: ${{ secrets.GH_TOKEN }} + token: ${{ secrets.CONCRETE_ACTIONS_TOKEN }} - name: Send data to Slab shell: bash @@ -244,8 +244,8 @@ jobs: - name: Configure AWS credentials uses: aws-actions/configure-aws-credentials@v1 with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws-access-key-id: ${{ secrets.AWS_IAM_ID }} + aws-secret-access-key: ${{ secrets.AWS_IAM_KEY }} aws-region: ${{ env.AWS_REGION }} - name: Stop EC2 runner uses: machulav/ec2-github-runner@v2 diff --git a/.github/workflows/format_and_linting.yml b/.github/workflows/format_and_linting.yml index af782030c..e10320ec1 100644 --- a/.github/workflows/format_and_linting.yml +++ b/.github/workflows/format_and_linting.yml @@ -13,7 +13,7 @@ jobs: - uses: actions/checkout@v3 with: submodules: recursive - token: ${{ secrets.GH_TOKEN }} + token: ${{ secrets.CONCRETE_ACTIONS_TOKEN }} - name: Format with clang-format (Cpp) run: sudo apt install moreutils && .github/workflows/scripts/format_cpp.sh - name: Format with cmake-format (Cmake) diff --git a/.github/workflows/llvm-compatibility.yml b/.github/workflows/llvm-compatibility.yml index 3b4f7dcdc..9a98b9a46 100644 --- a/.github/workflows/llvm-compatibility.yml +++ b/.github/workflows/llvm-compatibility.yml @@ -14,7 +14,7 @@ jobs: - uses: actions/checkout@v2 with: submodules: recursive - token: ${{ secrets.GH_TOKEN }} + token: ${{ secrets.CONCRETE_ACTIONS_TOKEN }} - name: Rebase LLVM run: | @@ -44,7 +44,7 @@ jobs: - name: Update Custom LLVM uses: ad-m/github-push-action@master with: - github_token: ${{ secrets.GH_TOKEN }} + github_token: ${{ secrets.CONCRETE_ACTIONS_TOKEN }} branch: main force: true repository: zama-ai/concrete-compiler-internal-llvm-project diff --git a/.github/workflows/macos_build.yml b/.github/workflows/macos_build.yml index f267a1fc4..5a19cc7e9 100644 --- a/.github/workflows/macos_build.yml +++ b/.github/workflows/macos_build.yml @@ -19,7 +19,7 @@ jobs: - uses: actions/checkout@v3 with: submodules: recursive - token: ${{ secrets.GH_TOKEN }} + token: ${{ secrets.CONCRETE_ACTIONS_TOKEN }} - name: Install rust uses: actions-rs/toolchain@v1 diff --git a/.github/workflows/ml_benchmark_subset.yml b/.github/workflows/ml_benchmark_subset.yml index 20ec43a59..00c758aec 100644 --- a/.github/workflows/ml_benchmark_subset.yml +++ b/.github/workflows/ml_benchmark_subset.yml @@ -56,7 +56,7 @@ jobs: with: fetch-depth: 0 submodules: recursive - token: ${{ secrets.GH_TOKEN }} + token: ${{ secrets.CONCRETE_ACTIONS_TOKEN }} - name: Set up home # "Install rust" step require root user to have a HOME directory which is not set. @@ -118,7 +118,7 @@ jobs: with: repository: zama-ai/slab path: slab - token: ${{ secrets.GH_TOKEN }} + token: ${{ secrets.CONCRETE_ACTIONS_TOKEN }} - name: Send data to Slab shell: bash diff --git a/.github/workflows/prepare_release.yml b/.github/workflows/prepare_release.yml index aee72633a..24c2963ec 100644 --- a/.github/workflows/prepare_release.yml +++ b/.github/workflows/prepare_release.yml @@ -29,7 +29,7 @@ jobs: id: release uses: softprops/action-gh-release@v1 with: - token: ${{ secrets.GH_TOKEN_RELEASE }} + token: ${{ secrets.CONCRETE_ACTIONS_TOKEN }} draft: true prerelease: true generate_release_notes: true @@ -62,7 +62,7 @@ jobs: - uses: actions/checkout@v3 with: submodules: recursive - token: ${{ secrets.GH_TOKEN }} + token: ${{ secrets.CONCRETE_ACTIONS_TOKEN }} - name: Update Python Version run: cd compiler && make update-python-version @@ -114,7 +114,7 @@ jobs: - name: Upload Python Package uses: actions/upload-release-asset@v1 env: - GITHUB_TOKEN: ${{ secrets.GH_TOKEN_RELEASE }} + GITHUB_TOKEN: ${{ secrets.CONCRETE_ACTIONS_TOKEN }} with: upload_url: ${{ needs.CreateRelease.outputs.upload_url }} asset_path: ${{ github.workspace }}/wheels/${{ steps.set-output-wheel-linux.outputs.ASSET_NAME }} @@ -133,7 +133,7 @@ jobs: - uses: actions/checkout@v3 with: submodules: recursive - token: ${{ secrets.GH_TOKEN }} + token: ${{ secrets.CONCRETE_ACTIONS_TOKEN }} - name: Login to Github Container Registry run: echo "${{ secrets.GHCR_PASSWORD }}" | docker login -u ${{ secrets.GHCR_LOGIN }} --password-stdin ghcr.io @@ -173,7 +173,7 @@ jobs: - name: Upload Tarball uses: actions/upload-release-asset@v1 env: - GITHUB_TOKEN: ${{ secrets.GH_TOKEN_RELEASE }} + GITHUB_TOKEN: ${{ secrets.CONCRETE_ACTIONS_TOKEN }} with: upload_url: ${{ needs.CreateRelease.outputs.upload_url }} asset_path: ${{ github.workspace }}/tarballs/${{ steps.tag-tarball.outputs.ASSET_NAME }} @@ -199,7 +199,7 @@ jobs: - uses: actions/checkout@v3 with: submodules: recursive - token: ${{ secrets.GH_TOKEN }} + token: ${{ secrets.CONCRETE_ACTIONS_TOKEN }} - name: Install Rust uses: actions-rs/toolchain@v1 @@ -249,7 +249,7 @@ jobs: - name: Upload Python Package uses: actions/upload-release-asset@v1 env: - GITHUB_TOKEN: ${{ secrets.GH_TOKEN_RELEASE }} + GITHUB_TOKEN: ${{ secrets.CONCRETE_ACTIONS_TOKEN }} with: upload_url: ${{ needs.CreateRelease.outputs.upload_url }} asset_path: ${{ github.workspace }}/wheels/${{ steps.build-wheel-macos.outputs.ASSET_NAME }} @@ -271,7 +271,7 @@ jobs: if: matrix.python == '3.8' uses: actions/upload-release-asset@v1 env: - GITHUB_TOKEN: ${{ secrets.GH_TOKEN_RELEASE }} + GITHUB_TOKEN: ${{ secrets.CONCRETE_ACTIONS_TOKEN }} with: upload_url: ${{ needs.CreateRelease.outputs.upload_url }} asset_path: ${{ github.workspace }}/compiler/tarballs/${{ steps.build-mac-tarball.outputs.ASSET_NAME }} @@ -306,7 +306,7 @@ jobs: - name: Download and Install Package run: | - FILE_NAME=$(curl -s -u "zama-bot:${{ secrets.GH_TOKEN_RELEASE }}" \ + FILE_NAME=$(curl -s -u "zama-bot:${{ secrets.CONCRETE_ACTIONS_TOKEN }}" \ https://api.github.com/repos/${{ github.repository }}/releases | \ jq 'map(select(.tag_name == "${{ github.ref_name }}"))' | \ jq '.[0].assets' | \ @@ -314,7 +314,7 @@ jobs: jq '.[].id') wget --auth-no-challenge --header='Accept:application/octet-stream' \ - "https://${{ secrets.GH_TOKEN_RELEASE }}:@api.github.com/repos/${{ github.repository }}/releases/assets/${FILE_NAME}" \ + "https://${{ secrets.CONCRETE_ACTIONS_TOKEN }}:@api.github.com/repos/${{ github.repository }}/releases/assets/${FILE_NAME}" \ -O ${{ steps.extract-filename.outputs.FILE_NAME }} pip install ${{ steps.extract-filename.outputs.FILE_NAME }} @@ -352,7 +352,7 @@ jobs: - name: Download and Install Package run: | - FILE_NAME=$(curl -s -u "zama-bot:${{ secrets.GH_TOKEN_RELEASE }}" \ + FILE_NAME=$(curl -s -u "zama-bot:${{ secrets.CONCRETE_ACTIONS_TOKEN }}" \ https://api.github.com/repos/${{ github.repository }}/releases | \ jq 'map(select(.tag_name == "${{ github.ref_name }}"))' | \ jq '.[0].assets' | \ @@ -360,7 +360,7 @@ jobs: jq '.[].id') wget --auth-no-challenge --header='Accept:application/octet-stream' \ - "https://${{ secrets.GH_TOKEN_RELEASE }}:@api.github.com/repos/${{ github.repository }}/releases/assets/${FILE_NAME}" \ + "https://${{ secrets.CONCRETE_ACTIONS_TOKEN }}:@api.github.com/repos/${{ github.repository }}/releases/assets/${FILE_NAME}" \ -O ${{ steps.extract-filename.outputs.FILE_NAME }} pip install ${{ steps.extract-filename.outputs.FILE_NAME }} diff --git a/.github/workflows/publish_docker_images.yml b/.github/workflows/publish_docker_images.yml index 431b31112..77a21417f 100644 --- a/.github/workflows/publish_docker_images.yml +++ b/.github/workflows/publish_docker_images.yml @@ -47,7 +47,7 @@ jobs: - uses: actions/checkout@v3 with: submodules: recursive - token: ${{ secrets.GH_TOKEN }} + token: ${{ secrets.CONCRETE_ACTIONS_TOKEN }} - name: Login to Registry run: echo "${{ secrets.GHCR_PASSWORD }}" | docker login -u ${{ secrets.GHCR_LOGIN }} --password-stdin ghcr.io diff --git a/.github/workflows/push-python-packages.yml b/.github/workflows/push-python-packages.yml index 1f176fafc..04bbe283b 100644 --- a/.github/workflows/push-python-packages.yml +++ b/.github/workflows/push-python-packages.yml @@ -25,7 +25,7 @@ jobs: - name: Download release assets uses: duhow/download-github-release-assets@v1 with: - token: ${{ secrets.GH_TOKEN_RELEASE }} + token: ${{ secrets.CONCRETE_ACTIONS_TOKEN }} repository: ${{ github.repository }} tag: ${{ github.event.inputs.tag }} files: '*'