diff --git a/.github/workflows/concrete_rust_keygen_release.yaml b/.github/workflows/concrete_rust_keygen_release.yaml new file mode 100644 index 000000000..2968e08c9 --- /dev/null +++ b/.github/workflows/concrete_rust_keygen_release.yaml @@ -0,0 +1,121 @@ +# Publish new release of concrete-keygen crate +name: Release Concrete Rust Keygen + +on: + workflow_dispatch: + inputs: + dry_run: + description: "Dry-run" + type: boolean + default: true + +env: + ACTION_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} + SLACK_CHANNEL: ${{ secrets.SLACK_CHANNEL }} + SLACK_USERNAME: ${{ secrets.BOT_USERNAME }} + SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} + +permissions: {} + +jobs: + package: + runs-on: ubuntu-latest + outputs: + hash: ${{ steps.hash.outputs.hash }} + steps: + - name: Checkout + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + fetch-depth: 0 + persist-credentials: 'false' + - name: Prepare package + run: | + sudo apt install -y capnproto libcapnp-dev + cd frontends/concrete-rust/concrete-keygen/ + cargo package --features="wasm" + - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + with: + name: crate + path: target/package/*.crate + - name: generate hash + id: hash + run: cd target/package && echo "hash=$(sha256sum ./*.crate | base64 -w0)" >> "${GITHUB_OUTPUT}" + + provenance: + if: ${{ !inputs.dry_run }} + needs: [package] + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.1.0 + permissions: + # Needed to detect the GitHub Actions environment + actions: read + # Needed to create the provenance via GitHub OIDC + id-token: write + # Needed to upload assets/artifacts + contents: write + with: + # SHA-256 hashes of the Crate package. + base64-subjects: ${{ needs.package.outputs.hash }} + + publish_release: + name: Publish Concrete Rust Keygen Release + runs-on: ubuntu-latest + needs: [package] # for comparing hashes + permissions: + # Needed to create the draft release + contents: write + steps: + - name: Checkout + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + fetch-depth: 0 + persist-credentials: 'false' + + - name: Publish crate.io package + env: + CRATES_TOKEN: ${{ secrets.CARGO_REGISTRY_TOKEN }} + DRY_RUN: ${{ inputs.dry_run && '--dry-run' || '' }} + run: | + sudo apt install -y capnproto libcapnp-dev + # DRY_RUN expansion cannot be double quoted when variable contains empty string otherwise cargo publish + # would fail. This is safe since DRY_RUN is handled in the env section above. + # shellcheck disable=SC2086 + cargo publish --token "${CRATES_TOKEN}" ${DRY_RUN} + + - name: Create draft release + run: | + VERSION=$(grep '^version = ' frontends/concrete-rust/concrete-keygen/Cargo.toml | cut -d '"' -f2) + export VERSION + TAG="concrete-keygen-v${VERSION}" + export TAG + echo "version: ${VERSION}" + echo "tag: ${TAG}" + + git tag "$TAG" + git push origin "${TAG}" + + gh release create --draft --repo ${{ github.repository }} \ + --verify-tag "${TAG}" \ + --title "${TAG}" \ + target/package/*.crate + env: + GH_TOKEN: ${{ github.token }} + + - name: Generate hash + id: published_hash + run: cd target/package && echo "pub_hash=$(sha256sum ./*.crate | base64 -w0)" >> "${GITHUB_OUTPUT}" + + - name: Slack notification (hashes comparison) + if: ${{ needs.package.outputs.hash != steps.published_hash.outputs.pub_hash }} + continue-on-error: true + uses: rtCamp/action-slack-notify@c33737706dea87cd7784c687dadc9adf1be59990 + env: + SLACK_COLOR: failure + SLACK_MESSAGE: "SLSA concrete-keygen crate - hash comparison failure: (${{ env.ACTION_RUN_URL }})" + + - name: Slack Notification + if: ${{ failure() || (cancelled() && github.event_name != 'pull_request') }} + continue-on-error: true + uses: rtCamp/action-slack-notify@c33737706dea87cd7784c687dadc9adf1be59990 + env: + SLACK_COLOR: ${{ job.status }} + SLACK_MESSAGE: "Concrete Rust Keygen release failed: (${{ env.ACTION_RUN_URL }})" diff --git a/frontends/concrete-rust/concrete-keygen/Cargo.toml b/frontends/concrete-rust/concrete-keygen/Cargo.toml index 7953c456b..d64051af4 100644 --- a/frontends/concrete-rust/concrete-keygen/Cargo.toml +++ b/frontends/concrete-rust/concrete-keygen/Cargo.toml @@ -4,7 +4,7 @@ name = "concrete-keygen" version = "0.1.0" edition = "2021" build = "build.rs" -readme = "../../../README.md" +readme = "./README.md" homepage = "https://zama.ai/" documentation = "https://docs.zama.ai/concrete" repository = "https://github.com/zama-ai/concrete" diff --git a/frontends/concrete-rust/concrete-keygen/README.md b/frontends/concrete-rust/concrete-keygen/README.md new file mode 100644 index 000000000..701c6c882 --- /dev/null +++ b/frontends/concrete-rust/concrete-keygen/README.md @@ -0,0 +1,54 @@ +

+ + + + + Zama Concrete + +

+
+ +

+ 📒 Documentation | 💛 Community support | 📚 FHE resources by Zama +

+ +

+ + + SLSA 3 +

+ + + +## About + +This crate is part of the [Concrete](https://github.com/zama-ai/concrete) framework. Its main purpose is to provide a way to manage Concrete Keys in Rust and Wasm. + +#### Key Features +- 🚀 Keygen with low memory footprint for Wasm targets +- 🔒 Wasm API to build client apps on the browser + +

+ + +### License +This software is distributed under the **BSD-3-Clause-Clear** license. Read [this](../../../LICENSE.txt) for more details. + +## Support + + + + + + Support + + + + +🌟 If you find this project helpful or interesting, please consider giving it a star on GitHub! Your support helps to grow the community and motivates further development. + + +

+ ↑ Back to top +

+