github/concrete
1
1
Fork 0
mirror of https://github.com/zama-ai/concrete.git synced 2026-02-08 19:44:57 -05:00
Code Issues Packages Projects Releases Wiki Activity

ci: refactor docker images and CI jobs

Browse Source 
use a single docker image for all testing environments
unify some CI jobs on this single environment
also parameterize the build of the doc, which no longer have a hardcoded
path for the compiler build directory
This commit is contained in:
youben11
2022-09-09 11:51:51 +01:00
committed by Ayoub Benaissa
parent 584942251f
commit 698bd28104
9 changed files with 67 additions and 270 deletions
Download Patch File Download Diff File Expand all files Collapse all files

181
.github/workflows/continuous-integration.yml vendored
View File

@@ -11,8 +11,6 @@ on:
# DOCKER_IMAGE variables aren't used in BuildAndPushDockerImages because of https://github.com/actions/runner/issues/480
env:
DOCKER_IMAGE_TEST: ghcr.io/zama-ai/concrete-compiler
DOCKER_IMAGE_TEST_GCC7: ghcr.io/zama-ai/concrete-compiler-gcc7
DOCKER_IMAGE_TEST_DF: ghcr.io/zama-ai/concrete-compiler-df
jobs:
########################
@@ -53,12 +51,8 @@ jobs:
BuildAndTest:
runs-on: ubuntu-latest
strategy:
matrix:
compiler: [gcc7, latest]
# We want to always run the tests unless cancelled, but after the docker image build job.
# If there is no new build then we use the old image, else we use the new image.
# The latest compiler job isn't using the built image, so it suffers the dependance of the gcc7 job.
if: ${{ !cancelled() }}
needs: [BuildAndPushDockerImages]
steps:
@@ -97,23 +91,22 @@ jobs:
make concrete-optimizer-lib
- name: Download KeySetCache
if: ${{ matrix.compiler == 'gcc7' && !contains(github.head_ref, 'newkeysetcache') }}
if: ${{ !contains(github.head_ref, 'newkeysetcache') }}
continue-on-error: true
run: |
cd compiler
GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }} make keysetcache_ci_populated
- name: Mark KeySetCache
if: ${{ matrix.compiler == 'gcc7' }}
run: |
touch keysetcache.timestamp
- name: Build and test compiler
if: ${{ matrix.compiler == 'gcc7' }}
uses: addnab/docker-run-action@v3
id: build-compiler
with:
registry: ghcr.io
image: ${{ env.DOCKER_IMAGE_TEST_GCC7 }}
image: ${{ env.DOCKER_IMAGE_TEST }}
username: ${{ secrets.GHCR_LOGIN }}
password: ${{ secrets.GHCR_PASSWORD }}
options: >-
@@ -125,15 +118,14 @@ jobs:
set -e
cd /compiler
rm -rf /build
/opt/python/cp38-cp38/bin/pip install pytest
sed "s/pytest/\/opt\/python\/cp38-cp38\/bin\/python -m pytest/g" -i Makefile
make CXX_COMPILER=/gcc7/bin/g++-7.5.0 CC_COMPILER=/gcc7/bin/gcc-7.5.0 CCACHE=ON Python3_EXECUTABLE=/opt/python/cp38-cp38/bin/python BUILD_DIR=/build all run-tests
pip install pytest
sed "s/pytest/python -m pytest/g" -i Makefile
make DATAFLOW_EXECUTION_ENABLED=ON CCACHE=ON Python3_EXECUTABLE=$PYTHON_EXEC BUILD_DIR=/build all run-tests run-end-to-end-dataflow-tests
echo "Debug: ccache statistics (after the build):"
ccache -s
chmod -R ugo+rwx /tmp/KeySetCache
- name: Prune KeySetCache
if: ${{ matrix.compiler == 'gcc7' }}
run: |
TO_CLEAN=$(find KeySetCache/* -maxdepth 1 -mindepth 1 -not -newer keysetcache.timestamp -type d)
if [ -n "$TO_CLEAN" ]
@@ -145,7 +137,7 @@ jobs:
fi
- name: Upload KeySetCache
if: ${{ matrix.compiler == 'gcc7' && github.ref == 'refs/heads/main' }}
if: ${{ github.ref == 'refs/heads/main' }}
uses: actions/upload-artifact@v3
with:
name: KeySetCacheV2
@@ -154,49 +146,36 @@ jobs:
- name: Cleanup Old KeySetCache
uses: Remagpie/gha-remove-artifact@v1
if: ${{ matrix.compiler == 'gcc7' && github.ref == 'refs/heads/main' }}
if: ${{ github.ref == 'refs/heads/main' }}
with:
only-name: KeySetCacheV2
max-count: 1
- name: Build compiler
if: ${{ matrix.compiler == 'latest' }}
id: build-compiler-latest
uses: addnab/docker-run-action@v3
with:
registry: ghcr.io
image: ${{ env.DOCKER_IMAGE_TEST }}
username: ${{ secrets.GHCR_LOGIN }}
password: ${{ secrets.GHCR_PASSWORD }}
options: -v ${{ github.workspace }}/compiler:/compiler -v ${{ github.workspace }}/llvm-project:/llvm-project -v ${{ github.workspace }}/build:/build
shell: bash
run: |
set -e
cd /compiler
export PYTHONPATH=""
make CCACHE=ON BUILD_DIR=/build all
echo "Debug: ccache statistics (after the build):"
ccache -s
- name: Build the documentation
id: build-doc
if: ${{ steps.build-compiler-latest.outcome == 'success' && !cancelled() }}
if: ${{ steps.build-compiler.outcome == 'success' && !cancelled() }}
uses: addnab/docker-run-action@v3
with:
registry: ghcr.io
image: ${{ env.DOCKER_IMAGE_TEST }}
username: ${{ secrets.GHCR_LOGIN }}
password: ${{ secrets.GHCR_PASSWORD }}
options: -v ${{ github.workspace }}/compiler:/compiler -v ${{ github.workspace }}/llvm-project:/llvm-project -v ${{ github.workspace }}/docs:/docs -v ${{ github.workspace }}/build:/compiler/build
options: >-
-v ${{ github.workspace }}/compiler:/compiler
-v ${{ github.workspace }}/llvm-project:/llvm-project
-v ${{ github.workspace }}/docs:/docs
shell: bash
run: |
set -e
make CCACHE=ON BUILD_DIR=/build concretecompiler python-bindings doc
rm -rf /build
make DATAFLOW_EXECUTION_ENABLED=ON CCACHE=ON Python3_EXECUTABLE=$PYTHON_EXEC BUILD_DIR=/build concretecompiler python-bindings doc
cd /docs
pip install -r requirements.txt
pip install -r ../llvm-project/mlir/python/requirements.txt
DEBIAN_FRONTEND="noninteractive" apt-get install -y doxygen
make CCACHE=ON doc
dnf install -y doxygen
sed "s/sphinx-apidoc/python -m sphinx.ext.apidoc/g" -i Makefile
sed "s/sphinx-build/python -m sphinx.cmd.build/g" -i Makefile
make COMPILER_BUILD_DIR=/build/ doc
- name: Archive docs artifacts
if: ${{ steps.build-doc.outcome == 'success' && !cancelled() }}
@@ -305,65 +284,6 @@ jobs:
echo "Debug: ccache statistics (after the tests):"
ccache -s
BuildAndTestDF:
runs-on: ubuntu-latest
# We want to always run the tests unless cancelled, but after the docker image build job.
# If there is no new build then we use the old image, else we use the new image.
if: ${{ !cancelled() }}
needs: [BuildAndPushDockerImages]
steps:
# A SSH private key is required as some dependencies are from private repos
- uses: webfactory/ssh-agent@v0.5.2
with:
ssh-private-key: ${{ secrets.CONCRETE_COMPILER_CI_SSH_PRIVATE }}
- uses: actions/checkout@v2
with:
submodules: recursive
token: ${{ secrets.GH_TOKEN }}
- name: Install Rust
uses: actions-rs/toolchain@v1
with:
toolchain: stable
- name: Concrete-Optimizer
run: |
cd compiler
make concrete-optimizer-lib
- name: Download KeySetCache
if: ${{ !contains(github.head_ref, 'newkeysetcache') }}
continue-on-error: true
run: |
cd compiler
GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }} make keysetcache_ci_populated
- name: Build and test compiler (dataflow)
uses: addnab/docker-run-action@v3
with:
registry: ghcr.io
image: ${{ env.DOCKER_IMAGE_TEST_DF }}
username: ${{ secrets.GHCR_LOGIN }}
password: ${{ secrets.GHCR_PASSWORD }}
options: >-
-v ${{ github.workspace }}/compiler:/compiler
-v ${{ github.workspace }}/llvm-project:/llvm-project
-v ${{ github.workspace }}/KeySetCache:/tmp/KeySetCache
shell: bash
run: |
set -e
echo "Debug: ccache statistics (prior to the build):"
ccache -s
cd /compiler
pip install pytest
rm -rf /build
export PYTHONPATH=""
make DATAFLOW_EXECUTION_ENABLED=ON CCACHE=ON BUILD_DIR=/build run-tests run-end-to-end-dataflow-tests
echo "Debug: ccache statistics (after the build):"
ccache -s
chmod -R ugo+rwx /tmp/KeySetCache
BlockMerge:
if: github.event_name == 'pull_request'
runs-on: ubuntu-latest
@@ -421,7 +341,7 @@ jobs:
CreateRelease:
runs-on: ubuntu-latest
needs: [BuildAndTest, BuildAndTestDF, BuildAndTestMacOS]
needs: [BuildAndTest, BuildAndTestMacOS]
if: ${{ github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v') }}
outputs:
upload_url: ${{ steps.release.outputs.upload_url }}
@@ -725,8 +645,8 @@ jobs:
#################
BuildAndPushDockerImages:
if: ${{ github.event_name == 'push' && (startsWith(github.ref, 'refs/tags/v') || github.ref == 'refs/heads/main') || needs.BuildAndPublishHPXDockerImage.outputs.image_built == 'true' || needs.BuildAndPublishGCC7DockerImage.outputs.image_built == 'true' }}
needs: [BuildAndPublishHPXDockerImage, BuildAndPublishGCC7DockerImage]
if: ${{ github.event_name == 'push' && (startsWith(github.ref, 'refs/tags/v') || github.ref == 'refs/heads/main') || needs.BuildAndPublishHPXDockerImage.outputs.image_built == 'true' }}
needs: [BuildAndPublishHPXDockerImage]
name: Build & Publish Docker Images
runs-on: ubuntu-latest
strategy:
@@ -735,12 +655,6 @@ jobs:
- name: test-env
image: ghcr.io/zama-ai/concrete-compiler
dockerfile: builders/Dockerfile.concrete-compiler-env
- name: test-env-gcc7
image: ghcr.io/zama-ai/concrete-compiler-gcc7
dockerfile: builders/Dockerfile.concrete-compiler-gcc7-env
- name: test-df
image: ghcr.io/zama-ai/concrete-compiler-df
dockerfile: builders/Dockerfile.concrete-compiler-df-env
steps:
# A SSH private key is required as some dependencies are from private repos
@@ -813,54 +727,3 @@ jobs:
- name: Is Image Built
id: is-built
run: echo "::set-output name=IMAGE_BUILT::${{ contains(steps.changed-files.outputs.modified_files, 'builders/Dockerfile.hpx-env') }}"
BuildAndPublishGCC7DockerImage:
name: Build & Publish GCC7 Docker Image
runs-on: ubuntu-latest
env:
IMAGE: ghcr.io/zama-ai/gcc7
outputs:
image_built: ${{ steps.is-built.outputs.IMAGE_BUILT }}
steps:
# A SSH private key is required as some dependencies are from private repos
- uses: webfactory/ssh-agent@v0.5.2
with:
ssh-private-key: ${{ secrets.CONCRETE_COMPILER_CI_SSH_PRIVATE }}
- uses: actions/checkout@v2
with:
fetch-depth: 0
submodules: recursive
token: ${{ secrets.GH_TOKEN }}
- name: Get changed files
id: changed-files
uses: tj-actions/changed-files@v2.0.0
- name: Login
id: login
if: contains(steps.changed-files.outputs.modified_files, 'builders/Dockerfile.gcc7-env')
run: echo "${{ secrets.GHCR_PASSWORD }}" | docker login -u ${{ secrets.GHCR_LOGIN }} --password-stdin ghcr.io
- name: Install rust
if: ${{ steps.login.conclusion != 'skipped' }}
uses: actions-rs/toolchain@v1
with:
toolchain: stable
- name: Concrete-Optimizer
if: ${{ steps.login.conclusion != 'skipped' }}
run: |
cd compiler
make concrete-optimizer-lib
- name: Build Tag and Publish
if: ${{ steps.login.conclusion != 'skipped' }}
run: |
docker build -t $IMAGE -f builders/Dockerfile.gcc7-env .
docker push $IMAGE:latest
- name: Is Image Built
id: is-built
run: echo "::set-output name=IMAGE_BUILT::${{ contains(steps.changed-files.outputs.modified_files, 'builders/Dockerfile.gcc7-env') }}"

25
builders/Dockerfile.concrete-compiler-df-env
View File

@@ -1,25 +0,0 @@
FROM ubuntu:latest
RUN apt-get update
RUN DEBIAN_FRONTEND="noninteractive" apt-get install -y curl cmake g++ \
build-essential python3 python3-pip \
python3-setuptools ninja-build git \
zlib1g-dev ccache cmake libboost-filesystem-dev libhwloc-dev
# setup ccache with an unlimited amount of files and storage
RUN ccache -M 0
RUN ccache -F 0
RUN pip install numpy pybind11==2.8 PyYAML
# Setup HPX
COPY --from=ghcr.io/zama-ai/hpx:latest /hpx /hpx
ENV HPX_INSTALL_DIR=/hpx/build
# Setup LLVM
COPY /llvm-project /llvm-project
# Setup and build compiler
COPY /compiler /compiler
WORKDIR /compiler
RUN mkdir -p /build
RUN make DATAFLOW_EXECUTION_ENABLED=ON BUILD_DIR=/build CCACHE=ON \
concretecompiler python-bindings
ENV PYTHONPATH "$PYTHONPATH:/build/tools/concretelang/python_packages/concretelang_core"
ENV PATH "$PATH:/build/bin"
RUN ccache -z

27
builders/Dockerfile.concrete-compiler-env
View File

@@ -1,10 +1,27 @@
FROM ubuntu:latest
FROM quay.io/pypa/manylinux_2_28_x86_64
RUN apt-get update
RUN DEBIAN_FRONTEND="noninteractive" apt-get install -y curl cmake g++ build-essential python3 python3-pip python3-setuptools ninja-build git zlib1g-dev ccache
# epel-release is for install ccache
RUN dnf install -y epel-release
RUN dnf update -y
RUN dnf install -y ninja-build hwloc-devel ccache
# setup ccache with an unlimited amount of files and storage
RUN ccache -M 0
RUN ccache -F 0
# Install boost
ADD https://boostorg.jfrog.io/artifactory/main/release/1.71.0/source/boost_1_71_0.tar.gz /boost_1_71_0.tar.gz
RUN tar -xzvf /boost_1_71_0.tar.gz
WORKDIR /boost_1_71_0
RUN ./bootstrap.sh && ./b2 --with-filesystem install
# Setup HPX
COPY --from=ghcr.io/zama-ai/hpx:latest /hpx /hpx
ENV HPX_INSTALL_DIR=/hpx/build
# Set the python path. Options: [cp37-cp37m, cp38-cp38, cp39-cp39, cp310-cp310]
# Links and env would be available to use the appropriate python version
ARG python_tag=cp38-cp38
RUN ln -s /opt/python/${python_tag}/bin/pip /bin/pip
RUN ln -s /opt/python/${python_tag}/bin/python /bin/python
ENV PYTHON_EXEC=/opt/python/${python_tag}/bin/python
# Install python deps
RUN pip install numpy pybind11==2.8 PyYAML
# Setup LLVM
COPY /llvm-project /llvm-project
@@ -12,7 +29,9 @@ COPY /llvm-project /llvm-project
COPY /compiler /compiler
WORKDIR /compiler
RUN mkdir -p /build
RUN make BUILD_DIR=/build CCACHE=ON concretecompiler python-bindings
RUN make DATAFLOW_EXECUTION_ENABLED=ON BUILD_DIR=/build CCACHE=ON \
Python3_EXECUTABLE=${PYTHON_EXEC} \
concretecompiler python-bindings
ENV PYTHONPATH "$PYTHONPATH:/build/tools/concretelang/python_packages/concretelang_core"
ENV PATH "$PATH:/build/bin"
RUN ccache -z

28
builders/Dockerfile.concrete-compiler-gcc7-env
View File

@@ -1,28 +0,0 @@
FROM quay.io/pypa/manylinux_2_24_x86_64
RUN apt-get update
RUN DEBIAN_FRONTEND="noninteractive" apt-get install -y build-essential ninja-build ccache
# setup ccache with an unlimited amount of files and storage
RUN ccache -M 0
RUN ccache -F 0
# Set the python path. Options: [cp38-cp38, cp39-cp39, cp310-cp310]
ARG python_tag=cp38-cp38
# Install python deps
RUN /opt/python/${python_tag}/bin/pip install numpy pybind11==2.8 PyYAML
# Setup gcc7
COPY --from=ghcr.io/zama-ai/gcc7:latest /gcc7 /gcc7
ENV PATH=/gcc7/bin:$PATH
ENV LD_LIBRARY_PATH=/gcc7/lib/:/gcc7/lib64/:$LD_LIBRARY_PATH
ENV CC=/gcc7/bin/gcc-7.5.0
ENV CXX=/gcc7/bin/g++-7.5.0
# Setup LLVM
COPY /llvm-project /llvm-project
# Setup and build compiler
COPY /compiler /compiler
WORKDIR /compiler
RUN mkdir -p /build
RUN make -e CXX_COMPILER=$CXX CC_COMPILER=$CC BUILD_DIR=/build Python3_EXECUTABLE=/opt/python/${python_tag}/bin/python CCACHE=ON python-bindings concretecompiler
ENV PATH "$PATH:/build/bin"
RUN ccache -z

21
builders/Dockerfile.gcc7-env
View File

@@ -1,21 +0,0 @@
FROM quay.io/pypa/manylinux_2_24_x86_64
RUN apt-get update
RUN DEBIAN_FRONTEND="noninteractive" apt-get install -y build-essential
# Build GCC-7.5.0
RUN curl -L https://mirrorservice.org/sites/sourceware.org/pub/gcc/releases/gcc-7.5.0/gcc-7.5.0.tar.gz --output gcc750.tar.gz && tar xzf gcc750.tar.gz && rm -f gcc750.tar.gz
ENV GCC750=$PWD/gcc-7.5.0
RUN curl -L https://mirrorservice.org/sites/sourceware.org/pub/gcc/infrastructure/gmp-6.2.1.tar.bz2 --output gmp.tar.bz2 && tar xjf gmp.tar.bz2
RUN mv gmp-6.2.1 ${GCC750}/gmp && rm -f gmp.tar.bz2
RUN curl -L https://mirrorservice.org/sites/sourceware.org/pub/gcc/infrastructure/mpc-1.2.1.tar.gz --output mpc.tar.gz && tar xzf mpc.tar.gz
RUN mv mpc-1.2.1 ${GCC750}/mpc && rm -f mpc.tar.gz
RUN curl -L https://mirrorservice.org/sites/sourceware.org/pub/gcc/infrastructure/mpfr-4.1.0.tar.bz2 --output mpfr.tar.bz2 && tar xjf mpfr.tar.bz2
RUN mv mpfr-4.1.0 ${GCC750}/mpfr && rm -f mpfr.tar.bz2
RUN curl -L https://mirrorservice.org/sites/sourceware.org/pub/gcc/infrastructure/isl-0.24.tar.bz2 --output isl.tar.bz2 && tar xjf isl.tar.bz2
RUN mv isl-0.24 ${GCC750}/isl && rm -f isl-0.24.tar.bz2
RUN mkdir ${GCC750}/build
RUN cd ${GCC750}/build && ../configure --disable-bootstrap --disable-multilib --program-suffix=-7.5.0 --prefix=/gcc7 && make -j4 && make install
FROM quay.io/pypa/manylinux_2_24_x86_64
COPY --from=0 /gcc7/ /gcc7/

26
builders/Dockerfile.mlir-env
View File

@@ -1,26 +0,0 @@
FROM ubuntu:latest
RUN apt-get update --fix-missing
RUN DEBIAN_FRONTEND="noninteractive" apt-get install -y curl cmake g++ build-essential python3 python3-pip python3-setuptools ninja-build git
RUN pip install numpy pybind11==2.8 PyYAML
RUN git clone --depth 1 https://github.com/llvm/llvm-project.git
ENV LLVM_PROJECT=$PWD/llvm-project
RUN cd ${LLVM_PROJECT} && git log -1
RUN mkdir ${LLVM_PROJECT}/build
RUN cd ${LLVM_PROJECT}/build && cmake -GNinja ../llvm \
-DLLVM_ENABLE_PROJECTS=mlir \
-DLLVM_BUILD_EXAMPLES=OFF \
-DLLVM_TARGETS_TO_BUILD="host" \
-DCMAKE_BUILD_TYPE=Release \
-DLLVM_ENABLE_ASSERTIONS=ON \
-DMLIR_ENABLE_BINDINGS_PYTHON=ON
RUN cd ${LLVM_PROJECT}/build && cmake --build . --target check-mlir
ENV PATH=${LLVM_PROJECT}/build/bin:${PATH}
FROM ubuntu:latest
COPY --from=0 /llvm-project/ /llvm-project/
ENV LLVM_PROJECT=/llvm-project
ENV PATH=${LLVM_PROJECT}/build/bin:${PATH}
RUN apt-get update
RUN DEBIAN_FRONTEND="noninteractive" apt-get install -y cmake g++ build-essential python3 zlib1g-dev python3-pip python3-setuptools
RUN pip install numpy pybind11==2.8 PyYAML

13
docs/Makefile
View File

@@ -1,13 +1,18 @@
COMPILER_BUILD_DIR?=$(realpath ../compiler)/build/
update_doc_version:
sed -i "s/release = '.*'/release = '`git describe --tags --abbrev=0`'/g" conf.py
doc: update_doc_version
cd ../compiler; make doc python-bindings
bash symlink_md.bash
bash symlink_py.bash
# This depends on calling make doc in the compiler project first
doc: update_doc_version update_doxygen_conf
bash symlink_md.bash ${COMPILER_BUILD_DIR}
bash symlink_py.bash ${COMPILER_BUILD_DIR}
sphinx-apidoc -o python_api/ links_to_compiler_build/py/concretelang_core/concrete -f
PYTHONPATH=links_to_compiler_build/py/concretelang_core sphinx-build -M html . _build
update_doxygen_conf:
sed "s#../compiler/build#${COMPILER_BUILD_DIR}#g" -i Doxyfile.in
clean:
rm -rf _build/
rm -rf links_to_compiler_build/

7
docs/symlink_md.bash
View File

@@ -1,10 +1,15 @@
#!/bin/bash
if [ "$#" -ne 1 ]; then
echo "You must provide the compiler build directory"
exit 1
fi
mkdir -p links_to_compiler_build/md
cd links_to_compiler_build/md
yourfilenames=`find ../../../compiler/build/tools/concretelang/docs/concretelang -name "*.md"`
yourfilenames=`find $1/tools/concretelang/docs/concretelang -name "*.md"`
for entry in $yourfilenames
do

9
docs/symlink_py.bash
View File

@@ -1,5 +1,10 @@
#!/bin/bash
if [ "$#" -ne 1 ]; then
echo "You must provide the compiler build directory"
exit 1
fi
create_check_symlink () {
ln -s $1 $2 -f
if ! [ -e ${2} ] ; then
@@ -13,7 +18,7 @@ mkdir -p links_to_compiler_build/py/concretelang_core
cd links_to_compiler_build/py/concretelang_core
ln -s ../../../../compiler/build/tools/concretelang/python_packages/concretelang_core/mlir -f
ln -s $1/tools/concretelang/python_packages/concretelang_core/mlir -f
# Create directories needed for symlinks
mkdir -p concrete/lang/dialects
@@ -22,7 +27,7 @@ cd concrete
# Consider concrete as a package, as it's not detecting it as a namespace
touch __init__.py
py_prefix="$PWD/../../../../../compiler/build/tools/concretelang/python_packages/concretelang_core/concrete/"
py_prefix="$1/tools/concretelang/python_packages/concretelang_core/concrete/"
pyfiles=`find $py_prefix -iname "*.py"`
for file in $pyfiles