github/concrete
1
1
Fork 0
mirror of https://github.com/zama-ai/concrete.git synced 2026-02-09 03:55:04 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
c08a06ed8ec849ae2bd20795d8e66fb40d7031bb
concrete/.github/workflows/continuous-integration.yml

867 lines
32 KiB
YAML
Raw Blame History

This file contains invisible Unicode characters
This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
name: Continuous Integration Pipeline
on:
push:
branches: [main, test-ci]
tags:
- 'v*'
pull_request:
types: [opened, synchronize, reopened]
# DOCKER_IMAGE variables aren't used in BuildAndPushDockerImages because of https://github.com/actions/runner/issues/480
env:
DOCKER_IMAGE_TEST: ghcr.io/zama-ai/concrete-compiler
DOCKER_IMAGE_TEST_GCC7: ghcr.io/zama-ai/concrete-compiler-gcc7
DOCKER_IMAGE_TEST_DF: ghcr.io/zama-ai/concrete-compiler-df
jobs:
########################
# Tests and formating #
########################
FormattingAndLinting:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
with:
submodules: recursive
token: ${{ secrets.GH_TOKEN }}
- name: Format with clang-format (Cpp)
run: sudo apt install moreutils && .github/workflows/scripts/format_cpp.sh
- name: Format with black (Python)
run: |
cd compiler
pip install -r lib/Bindings/Python/requirements_dev.txt
make check_python_format
- name: Lint with pylint (Python)
run: |
cd compiler
# compiler requirements to lint
pip install numpy
make python_lint
- name: Linelint
uses: fernandrone/linelint@0.0.4
id: linelint
CheckLicense:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Check if sources include the license header
run: .github/workflows/scripts/check_for_license.sh
BuildAndTest:
runs-on: ubuntu-latest
strategy:
matrix:
compiler: [gcc7, latest]
# We want to always run the tests, but after the docker image build job.
# If there is no new build then we use the old image, else we use the new image.
# The latest compiler job isn't using the built image, so it suffers the dependance of the gcc7 job.
if: ${{ always() }}
needs: [BuildAndPushDockerImages]
steps:
# Free 4Gb of workspace
- name: Freeing space
run: |
df -h
for image in ubuntu:{16,18}.04 \
node:{12,14,16}{-alpine,} \
buildpack-deps:{stretch,buster,bullseye} \
debian:{9,10,11} alpine:3.{12,13,14} \
moby/buildkit:latest docker:20.10
do
docker image rm $image || echo Please clean remove it from this step
done
df -h
# A SSH private key is required as some dependencies are from private repos
- uses: webfactory/ssh-agent@v0.5.2
with:
ssh-private-key: ${{ secrets.CONCRETE_COMPILER_CI_SSH_PRIVATE }}
- uses: actions/checkout@v2
with:
submodules: recursive
token: ${{ secrets.GH_TOKEN }}
- name: Install rust
uses: actions-rs/toolchain@v1
with:
toolchain: stable
- name: Concrete-Optimizer
run: |
cd compiler
make concrete-optimizer-lib
- name: Download KeySetCache
if: ${{ matrix.compiler == 'gcc7' && !contains(github.head_ref, 'newkeysetcache') }}
continue-on-error: true
run: |
cd compiler
GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }} make keysetcache_ci_populated
- name: Mark KeySetCache
if: ${{ matrix.compiler == 'gcc7' }}
run: |
touch keysetcache.timestamp
- name: Build and test compiler
if: ${{ matrix.compiler == 'gcc7' }}
uses: addnab/docker-run-action@v3
with:
registry: ghcr.io
image: ${{ env.DOCKER_IMAGE_TEST_GCC7 }}
username: ${{ secrets.GHCR_LOGIN }}
password: ${{ secrets.GHCR_PASSWORD }}
options: >-
-v ${{ github.workspace }}/llvm-project:/llvm-project
-v ${{ github.workspace }}/compiler:/compiler
-v ${{ github.workspace }}/KeySetCache:/tmp/KeySetCache
shell: bash
run: |
set -e
cd /compiler
rm -rf /build
/opt/python/cp38-cp38/bin/pip install pytest
sed "s/pytest/\/opt\/python\/cp38-cp38\/bin\/python -m pytest/g" -i Makefile
make CXX_COMPILER=/gcc7/bin/g++-7.5.0 CC_COMPILER=/gcc7/bin/gcc-7.5.0 CCACHE=ON Python3_EXECUTABLE=/opt/python/cp38-cp38/bin/python BUILD_DIR=/build all run-tests
echo "Debug: ccache statistics (after the build):"
ccache -s
chmod -R ugo+rwx /tmp/KeySetCache
- name: Prune KeySetCache
if: ${{ matrix.compiler == 'gcc7' }}
run: |
TO_CLEAN=$(find KeySetCache/* -maxdepth 1 -mindepth 1 -not -newer keysetcache.timestamp -type d)
if [ -n "$TO_CLEAN" ]
then
echo Cleaning $TO_CLEAN
rm -rf $TO_CLEAN
else
echo Nothing to clean
fi
- name: Upload KeySetCache
if: ${{ matrix.compiler == 'gcc7' && github.ref == 'refs/heads/main' }}
uses: actions/upload-artifact@v3
with:
name: KeySetCacheV1
path: KeySetCache
retention-days: 90
- name: Cleanup Old KeySetCache
uses: Remagpie/gha-remove-artifact@v1
if: ${{ matrix.compiler == 'gcc7' && github.ref == 'refs/heads/main' }}
with:
only-name: KeySetCacheV1
max-count: 1
- name: Build compiler
if: ${{ matrix.compiler == 'latest' }}
id: build-compiler-latest
uses: addnab/docker-run-action@v3
with:
registry: ghcr.io
image: ${{ env.DOCKER_IMAGE_TEST }}
username: ${{ secrets.GHCR_LOGIN }}
password: ${{ secrets.GHCR_PASSWORD }}
options: -v ${{ github.workspace }}/compiler:/compiler -v ${{ github.workspace }}/llvm-project:/llvm-project -v ${{ github.workspace }}/build:/build
shell: bash
run: |
set -e
cd /compiler
export PYTHONPATH=""
make CCACHE=ON BUILD_DIR=/build all
echo "Debug: ccache statistics (after the build):"
ccache -s
- name: Build the documentation
id: build-doc
if: ${{ steps.build-compiler-latest.outcome == 'success' && !cancelled() }}
uses: addnab/docker-run-action@v3
with:
registry: ghcr.io
image: ${{ env.DOCKER_IMAGE_TEST }}
username: ${{ secrets.GHCR_LOGIN }}
password: ${{ secrets.GHCR_PASSWORD }}
options: -v ${{ github.workspace }}/compiler:/compiler -v ${{ github.workspace }}/llvm-project:/llvm-project -v ${{ github.workspace }}/docs:/docs -v ${{ github.workspace }}/build:/compiler/build
shell: bash
run: |
set -e
make CCACHE=ON BUILD_DIR=/build concretecompiler python-bindings doc
cd /docs
pip install -r requirements.txt
pip install -r ../llvm-project/mlir/python/requirements.txt
DEBIAN_FRONTEND="noninteractive" apt-get install -y doxygen
make CCACHE=ON doc
- name: Archive docs artifacts
if: ${{ steps.build-doc.outcome == 'success' && !cancelled() }}
uses: actions/upload-artifact@27121b0bdffd731efa15d66772be8dc71245d074
with:
name: html-docs
path: docs/_build/html
BuildAndTestMacOS:
runs-on: macos-11
steps:
# A SSH private key is required as some dependencies are from private repos
- uses: webfactory/ssh-agent@v0.5.2
with:
ssh-private-key: ${{ secrets.CONCRETE_COMPILER_CI_SSH_PRIVATE }}
- uses: actions/checkout@v2
with:
submodules: recursive
token: ${{ secrets.GH_TOKEN }}
- uses: actions/checkout@v2
with:
repository: zama-ai/concrete_internal
ref: engine_c_api
path: concrete
token: ${{ secrets.GH_TOKEN }}
- name: Get ConcreteLib commit hash
id: concretelib-hash
run: cd ${{ github.workspace }}/concrete && echo "::set-output name=COMMIT_SHA::`git rev-parse HEAD`"
- name: Cache ConcreteLib
uses: actions/cache@v2
with:
path: ${{ github.workspace }}/concrete/target
key: ${{ runner.os }}-concrete-lib-${{ steps.concretelib-hash.outputs.COMMIT_SHA }}
- name: Install rust
uses: actions-rs/toolchain@v1
with:
toolchain: stable
- name: Install Deps
run: |
# curl https://sh.rustup.rs -sSf | sh -s -- -y # TODO check actions-rs/toolchain@v1
brew install ninja ccache
pip3 install numpy pybind11==2.8 wheel delocate
pip3 install pytest
cd ${{ github.workspace }}/concrete/concrete-ffi
RUSTFLAGS="-C target-cpu=native" cargo build --release
- name: Cache compilation (push)
if: github.event_name == 'push'
uses: actions/cache@v2
with:
path: /Users/runner/Library/Caches/ccache
key: ${{ runner.os }}-compilation-cache-${{ github.sha }}
restore-keys: |
${{ runner.os }}-compilation-cache-
- name: Cache compilation (pull_request)
if: github.event_name == 'pull_request'
uses: actions/cache@v2
with:
path: /Users/runner/Library/Caches/ccache
key: ${{ runner.os }}-compilation-cache-${{ github.event.pull_request.base.sha }}
restore-keys: |
${{ runner.os }}-compilation-cache-
- name: Get tmpdir path
if: github.event_name == 'push'
id: tmpdir-path
run: echo "::set-output name=TMPDIR_PATH::`echo $TMPDIR`"
# We do run run-check-tests as part of the build, as they aren't that costly
# and will at least give minimum confidence that the compiler works in PRs
- name: Build
run: |
cd compiler
echo "Debug: ccache statistics (prior to the build):"
ccache -s
export CONCRETE_PROJECT=${{ github.workspace }}/concrete
make all run-check-tests
echo "Debug: ccache statistics (after the build):"
ccache -s
- name: Download KeySetCache
continue-on-error: true
if: ${{ github.event_name == 'push' && !contains(github.head_ref, 'newkeysetcache') }}
run: |
cd compiler
KEYSETCACHECI="$TMPDIR/KeySetCache" GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }} make keysetcache_ci_populated
- name: Test
if: github.event_name == 'push'
run: |
cd compiler
echo "Debug: ccache statistics (prior to the tests):"
ccache -s
export CONCRETE_PROJECT=${{ github.workspace }}/concrete
pip3 wheel --no-deps -w ${{ github.workspace }}/wheels .
delocate-wheel -v `find ${{ github.workspace }}/wheels/ -name *macosx*.whl`
pip3 install `find ${{ github.workspace }}/wheels/ -name *macosx*.whl`
make run-tests
echo "Debug: ccache statistics (after the tests):"
ccache -s
BuildAndTestDF:
runs-on: ubuntu-latest
# We want to always run the tests, but after the docker image build job.
# If there is no new build then we use the old image, else we use the new image.
if: ${{ always() }}
needs: [BuildAndPushDockerImages]
steps:
# A SSH private key is required as some dependencies are from private repos
- uses: webfactory/ssh-agent@v0.5.2
with:
ssh-private-key: ${{ secrets.CONCRETE_COMPILER_CI_SSH_PRIVATE }}
- uses: actions/checkout@v2
with:
submodules: recursive
token: ${{ secrets.GH_TOKEN }}
- name: Install Rust
uses: actions-rs/toolchain@v1
with:
toolchain: stable
- name: Concrete-Optimizer
run: |
cd compiler
make concrete-optimizer-lib
- name: Download KeySetCache
if: ${{ !contains(github.head_ref, 'newkeysetcache') }}
continue-on-error: true
run: |
cd compiler
GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }} make keysetcache_ci_populated
- name: Build and test compiler (dataflow)
uses: addnab/docker-run-action@v3
with:
registry: ghcr.io
image: ${{ env.DOCKER_IMAGE_TEST_DF }}
username: ${{ secrets.GHCR_LOGIN }}
password: ${{ secrets.GHCR_PASSWORD }}
options: >-
-v ${{ github.workspace }}/compiler:/compiler
-v ${{ github.workspace }}/llvm-project:/llvm-project
-v ${{ github.workspace }}/KeySetCache:/tmp/KeySetCache
shell: bash
run: |
set -e
echo "Debug: ccache statistics (prior to the build):"
ccache -s
cd /compiler
pip install pytest
rm -rf /build
export PYTHONPATH=""
make DATAFLOW_EXECUTION_ENABLED=ON CCACHE=ON BUILD_DIR=/build run-tests run-end-to-end-dataflow-tests
echo "Debug: ccache statistics (after the build):"
ccache -s
chmod -R ugo+rwx /tmp/KeySetCache
BlockMerge:
if: github.event_name == 'pull_request'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
with:
fetch-depth: 0
- name: Check Commit to Squash
run: |
set -e
git log origin/${{ github.base_ref }}..origin/${{ github.head_ref }} --format=%s | ( ! grep -e "^f [0-9a-f]\+" -q )
##################################
# Releasing and Testing Packages #
##################################
PublishDoc:
needs: [BuildAndTest]
runs-on: ubuntu-20.04
if: ${{ github.event_name == 'push' && (startsWith(github.ref, 'refs/tags/v') || github.ref == 'refs/heads/main') }}
steps:
- name: Set env
id: vars
run: echo "RELEASE_VERSION=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV
- name: Download Documentation
id: download
uses: actions/download-artifact@3be87be14a055c47b01d3bd88f8fe02320a9bb60
with:
name: html-docs
- name: Publish Documentation to S3
id: publish
if: ${{ steps.download.outcome == 'success' && !cancelled() }}
uses: jakejarvis/s3-sync-action@be0c4ab89158cac4278689ebedd8407dd5f35a83
with:
args: --acl public-read
env:
AWS_S3_BUCKET: ${{ secrets.AWS_PREPROD_REPO_DOCUMENTATION_BUCKET_NAME }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_REGION: ${{ secrets.AWS_REGION }}
SOURCE_DIR: '.'
DEST_DIR: 'concrete-compiler/${{ env.RELEASE_VERSION }}'
- name: Invalidate CloudFront Cache
if: ${{ steps.publish.outcome == 'success' }}
uses: awact/cloudfront-action@8bcfabc7b4bbc0cb8e55e48527f0e3a6d681627c
env:
SOURCE_PATH: '/concrete-compiler/*'
AWS_REGION: ${{ secrets.AWS_REGION }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
DISTRIBUTION_ID: ${{ secrets.AWS_REPO_DOCUMENTATION_DISTRIBUTION_ID }}
CreateRelease:
runs-on: ubuntu-latest
needs: [BuildAndTest, BuildAndTestDF, BuildAndTestMacOS]
if: ${{ github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v') }}
outputs:
upload_url: ${{ steps.release.outputs.upload_url }}
release_id: ${{ steps.release.outputs.id }}
steps:
- name: Release
id: release
uses: softprops/action-gh-release@v1
with:
token: ${{ secrets.GH_TOKEN_RELEASE }}
draft: true
prerelease: true
generate_release_notes: true
BuildAndPushPythonPackagesLinux:
runs-on: ubuntu-latest
strategy:
matrix:
python: [37, 38, 39, 310]
outputs:
python-package-name-linux-py37: ${{ steps.build-wheel-linux.outputs.ASSET_NAME_PY37 }}
python-package-name-linux-py38: ${{ steps.build-wheel-linux.outputs.ASSET_NAME_PY38 }}
python-package-name-linux-py39: ${{ steps.build-wheel-linux.outputs.ASSET_NAME_PY39 }}
python-package-name-linux-py310: ${{ steps.build-wheel-linux.outputs.ASSET_NAME_PY310 }}
needs: CreateRelease
steps:
# A SSH private key is required as some dependencies are from private repos
- uses: webfactory/ssh-agent@v0.5.2
with:
ssh-private-key: ${{ secrets.CONCRETE_COMPILER_CI_SSH_PRIVATE }}
- uses: actions/checkout@v2
with:
submodules: recursive
token: ${{ secrets.GH_TOKEN }}
- name: Install Rust
uses: actions-rs/toolchain@v1
with:
toolchain: stable
- name: Concrete-Optimizer
run: |
cd compiler
make concrete-optimizer-lib
- name: Login to Github Container Registry
run: echo "${{ secrets.GHCR_PASSWORD }}" | docker login -u ${{ secrets.GHCR_LOGIN }} --password-stdin ghcr.io
- name: Build
id: build-wheel-linux
run: |
cd compiler
make package_py${{ matrix.python }}
echo "::set-output name=ASSET_NAME::`find ${{ github.workspace }}/wheels/ -name *manylinux*.whl | rev |cut -d "/" -f 1 |rev `"
# used later for python package test
echo "::set-output name=ASSET_NAME_PY${{ matrix.python }}::`find ${{ github.workspace }}/wheels/ -name *manylinux*.whl | rev |cut -d "/" -f 1 |rev `"
- name: Upload Python Package
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GH_TOKEN_RELEASE }}
with:
upload_url: ${{ needs.CreateRelease.outputs.upload_url }}
asset_path: ${{ github.workspace }}/wheels/${{ steps.build-wheel-linux.outputs.ASSET_NAME }}
asset_name: ${{ steps.build-wheel-linux.outputs.ASSET_NAME }}
asset_content_type: application/zip
BuildAndPushTarballLinux:
runs-on: ubuntu-latest
needs: CreateRelease
steps:
# A SSH private key is required as some dependencies are from private repos
- uses: webfactory/ssh-agent@v0.5.2
with:
ssh-private-key: ${{ secrets.CONCRETE_COMPILER_CI_SSH_PRIVATE }}
- uses: actions/checkout@v2
with:
submodules: recursive
token: ${{ secrets.GH_TOKEN }}
- name: Install Rust
uses: actions-rs/toolchain@v1
with:
toolchain: stable
- name: Concrete-Optimizer
run: |
cd compiler
make concrete-optimizer-lib
- name: Login to Github Container Registry
run: echo "${{ secrets.GHCR_PASSWORD }}" | docker login -u ${{ secrets.GHCR_LOGIN }} --password-stdin ghcr.io
- name: Build
id: build-tarball
run: |
cd compiler
make release_tarballs
sudo cp ${{ github.workspace }}/tarballs/concretecompiler.tar.gz ${{ github.workspace }}/tarballs/concretecompiler-`git describe --tags --abbrev=0`-x86_64-linux-gnu.tar.gz
echo "::set-output name=ASSET_NAME::concretecompiler-`git describe --tags --abbrev=0`-x86_64-linux-gnu.tar.gz"
- name: Upload Tarball
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GH_TOKEN_RELEASE }}
with:
upload_url: ${{ needs.CreateRelease.outputs.upload_url }}
asset_path: ${{ github.workspace }}/tarballs/${{ steps.build-tarball.outputs.ASSET_NAME }}
asset_name: ${{ steps.build-tarball.outputs.ASSET_NAME }}
asset_content_type: application/tar+gzip
BuildAndPushPackagesMacOS:
needs: CreateRelease
runs-on: macos-11
strategy:
matrix:
python: ['3.8', '3.9', '3.10']
outputs:
python-package-name-macos-py38: ${{ steps.build-wheel-macos.outputs.ASSET_NAME_PY38 }}
python-package-name-macos-py39: ${{ steps.build-wheel-macos.outputs.ASSET_NAME_PY39 }}
python-package-name-macos-py310: ${{ steps.build-wheel-macos.outputs.ASSET_NAME_PY310 }}
steps:
# A SSH private key is required as some dependencies are from private repos
- uses: webfactory/ssh-agent@v0.5.2
with:
ssh-private-key: ${{ secrets.CONCRETE_COMPILER_CI_SSH_PRIVATE }}
- uses: actions/checkout@v2
with:
submodules: recursive
token: ${{ secrets.GH_TOKEN }}
- name: Install Rust
uses: actions-rs/toolchain@v1
with:
toolchain: stable
- name: Concrete-Optimizer
run: |
cd compiler
make concrete-optimizer-lib
- uses: actions/checkout@v2
with:
repository: zama-ai/concrete_internal
ref: engine_c_api
path: concrete
token: ${{ secrets.GH_TOKEN }}
- name: Set up Python
uses: actions/setup-python@v2
with:
python-version: ${{ matrix.python }}
- name: Install Deps
run: |
curl https://sh.rustup.rs -sSf | sh -s -- -y
brew install ninja
pip install numpy pybind11==2.8 wheel delocate
cd ${{ github.workspace }}/concrete/concrete-ffi
RUSTFLAGS="-C target-cpu=native" cargo build --release
- name: Update Python Version
run: cd compiler && make update_python_version
- name: Build
id: build-wheel-macos
run: |
cd compiler
export CONCRETE_PROJECT=${{ github.workspace }}/concrete
make Python3_EXECUTABLE=`which python` python-bindings
pip wheel --no-deps -w ${{ github.workspace }}/wheels .
delocate-wheel -v `find ${{ github.workspace }}/wheels/ -name *macosx*.whl`
echo "::set-output name=ASSET_NAME::`find ${{ github.workspace }}/wheels/ -name *macosx*.whl | rev |cut -d "/" -f 1 |rev `"
# used later for python package test
echo "::set-output name=ASSET_NAME_PY`echo ${{ matrix.python }} |tr -d '.'`::`find ${{ github.workspace }}/wheels/ -name *macosx*.whl | rev |cut -d "/" -f 1 |rev `"
- name: Upload Python Package
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GH_TOKEN_RELEASE }}
with:
upload_url: ${{ needs.CreateRelease.outputs.upload_url }}
asset_path: ${{ github.workspace }}/wheels/${{ steps.build-wheel-macos.outputs.ASSET_NAME }}
asset_name: ${{ steps.build-wheel-macos.outputs.ASSET_NAME }}
asset_content_type: application/zip
- name: Build tarball
if: matrix.python == '3.8'
id: build-mac-tarball
run: |
cd compiler
export CONCRETE_PROJECT=${{ github.workspace }}/concrete
make concretecompiler
mkdir -p tarballs/concretecompiler/lib tarballs/concretecompiler/bin
cp build/bin/concretecompiler tarballs/concretecompiler/bin
cp build/lib/libConcretelangRuntime.dylib tarballs/concretecompiler/lib
cp ../.github/workflows/assets/Installation.md tarballs/concretecompiler/
cd tarballs && tar -czvf concretecompiler-`git describe --tags --abbrev=0`-x86_64-macos-catalina.tar.gz concretecompiler
echo "::set-output name=ASSET_NAME::concretecompiler-`git describe --tags --abbrev=0`-x86_64-macos-catalina.tar.gz"
- name: Upload Tarball
if: matrix.python == '3.8'
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GH_TOKEN_RELEASE }}
with:
upload_url: ${{ needs.CreateRelease.outputs.upload_url }}
asset_path: ${{ github.workspace }}/compiler/tarballs/${{ steps.build-mac-tarball.outputs.ASSET_NAME }}
asset_name: ${{ steps.build-mac-tarball.outputs.ASSET_NAME }}
asset_content_type: application/tar+gzip
TestPythonPackageLinux:
runs-on: ubuntu-latest
needs: [BuildAndPushPythonPackagesLinux, CreateRelease]
strategy:
matrix:
include:
- python: '3.7'
filename-index: 'python-package-name-linux-py37'
- python: '3.8'
filename-index: 'python-package-name-linux-py38'
- python: '3.9'
filename-index: 'python-package-name-linux-py39'
- python: '3.10'
filename-index: 'python-package-name-linux-py310'
steps:
- uses: actions/checkout@v2
- name: Set up Python
uses: actions/setup-python@v2
with:
python-version: ${{ matrix.python }}
- name: Extract Package Filename
id: extract-filename
run: echo "::set-output name=FILE_NAME::`echo '${{ toJson(needs.BuildAndPushPythonPackagesLinux.outputs) }}' | jq '.[\"${{ matrix.filename-index }}\"]' | tr -d '\"' `"
- name: Download and Install Package
run: |
wget --auth-no-challenge --header='Accept:application/octet-stream' \
"https://${{ secrets.GH_TOKEN_RELEASE }}:@api.github.com/repos/${{ github.repository }}/releases/assets/`curl -s -u "zama-bot:${{ secrets.GH_TOKEN_RELEASE }}" \
https://api.github.com/repos/${{ github.repository }}/releases | \
jq 'map(select(.tag_name == "${{ github.ref_name }}"))' | \
jq '.[0].assets' | \
jq 'map(select(.name == "${{ steps.extract-filename.outputs.FILE_NAME }}" ))' | \
jq '.[].id'`" -O ${{ steps.extract-filename.outputs.FILE_NAME }}
pip install ${{ steps.extract-filename.outputs.FILE_NAME }}
- name: Test
run: |
cd compiler
pip install pytest
pytest -vs -m "not parallel" tests/python
TestPythonPackageMacOS:
runs-on: macos-11
needs: [BuildAndPushPackagesMacOS, CreateRelease]
strategy:
matrix:
include:
- python: '3.8'
filename-index: 'python-package-name-macos-py38'
- python: '3.9'
filename-index: 'python-package-name-macos-py39'
- python: '3.10'
filename-index: 'python-package-name-macos-py310'
steps:
- uses: actions/checkout@v2
- name: Set up Python
uses: actions/setup-python@v2
with:
python-version: ${{ matrix.python }}
- name: Extract Package Filename
id: extract-filename
run: echo "::set-output name=FILE_NAME::`echo '${{ toJson(needs.BuildAndPushPackagesMacOS.outputs) }}' | jq '.[\"${{ matrix.filename-index }}\"]' | tr -d '\"' `"
- name: Download and Install Package
run: |
wget --auth-no-challenge --header='Accept:application/octet-stream' \
"https://${{ secrets.GH_TOKEN_RELEASE }}:@api.github.com/repos/${{ github.repository }}/releases/assets/`curl -s -u "zama-bot:${{ secrets.GH_TOKEN_RELEASE }}" \
https://api.github.com/repos/${{ github.repository }}/releases | \
jq 'map(select(.tag_name == "${{ github.ref_name }}"))' | \
jq '.[0].assets' | \
jq 'map(select(.name == "${{ steps.extract-filename.outputs.FILE_NAME }}" ))' | \
jq '.[].id'`" -O ${{ steps.extract-filename.outputs.FILE_NAME }}
pip install ${{ steps.extract-filename.outputs.FILE_NAME }}
- name: Test
run: |
cd compiler
pip install pytest
pytest -vs -m "not parallel" tests/python
#################
# Docker Images #
#################
BuildAndPushDockerImages:
if: ${{ github.event_name == 'push' && (startsWith(github.ref, 'refs/tags/v') || github.ref == 'refs/heads/main') || needs.BuildAndPublishHPXDockerImage.outputs.image_built == 'true' || needs.BuildAndPublishGCC7DockerImage.outputs.image_built == 'true' }}
needs: [BuildAndPublishHPXDockerImage, BuildAndPublishGCC7DockerImage]
name: Build & Publish Docker Images
runs-on: ubuntu-latest
strategy:
matrix:
include:
- name: test-env
image: ghcr.io/zama-ai/concrete-compiler
dockerfile: builders/Dockerfile.concrete-compiler-env
- name: test-env-gcc7
image: ghcr.io/zama-ai/concrete-compiler-gcc7
dockerfile: builders/Dockerfile.concrete-compiler-gcc7-env
- name: test-df
image: ghcr.io/zama-ai/concrete-compiler-df
dockerfile: builders/Dockerfile.concrete-compiler-df-env
steps:
# A SSH private key is required as some dependencies are from private repos
- uses: webfactory/ssh-agent@v0.5.2
with:
ssh-private-key: ${{ secrets.CONCRETE_COMPILER_CI_SSH_PRIVATE }}
- uses: actions/checkout@v2
with:
submodules: recursive
token: ${{ secrets.GH_TOKEN }}
- name: Install rust
uses: actions-rs/toolchain@v1
with:
toolchain: stable
- name: Concrete-Optimizer
run: |
cd compiler
make concrete-optimizer-lib
- name: Login to Registry
run: echo "${{ secrets.GHCR_PASSWORD }}" | docker login -u ${{ secrets.GHCR_LOGIN }} --password-stdin ghcr.io
# label was initially a need from the frontend CI
- name: Build Image
run: docker image build --no-cache --label "commit-sha=${{ github.sha }}" -t ${{ matrix.image }} -f ${{ matrix.dockerfile }} .
- name: Tag and Publish Image
run: |
docker image tag ${{ matrix.image }} ${{ matrix.image }}:${{ github.sha }}
docker image push ${{ matrix.image }}:latest
docker image push ${{ matrix.image }}:${{ github.sha }}
- name: Tag and Publish Release Image
if: startsWith(github.ref, 'refs/tags/v')
run: |
docker image tag ${{ matrix.image }} ${{ matrix.image }}:${{ github.ref_name }}
docker image push ${{ matrix.image }}:${{ github.ref_name }}
BuildAndPublishHPXDockerImage:
name: Build & Publish HPX Docker Image
runs-on: ubuntu-latest
env:
IMAGE: ghcr.io/zama-ai/hpx
outputs:
image_built: ${{ steps.is-built.outputs.IMAGE_BUILT }}
steps:
- uses: actions/checkout@v2
with:
fetch-depth: 0
- name: Get changed files
id: changed-files
uses: tj-actions/changed-files@v2.0.0
- name: Login
id: login
if: contains(steps.changed-files.outputs.modified_files, 'builders/Dockerfile.hpx-env')
run: echo "${{ secrets.GHCR_PASSWORD }}" | docker login -u ${{ secrets.GHCR_LOGIN }} --password-stdin ghcr.io
- name: Build Tag and Publish
if: ${{ steps.login.conclusion != 'skipped' }}
run: |
docker build -t $IMAGE -f builders/Dockerfile.hpx-env .
docker push $IMAGE:latest
- name: Is Image Built
id: is-built
run: echo "::set-output name=IMAGE_BUILT::${{ contains(steps.changed-files.outputs.modified_files, 'builders/Dockerfile.hpx-env') }}"
BuildAndPublishGCC7DockerImage:
name: Build & Publish GCC7 Docker Image
runs-on: ubuntu-latest
env:
IMAGE: ghcr.io/zama-ai/gcc7
outputs:
image_built: ${{ steps.is-built.outputs.IMAGE_BUILT }}
steps:
# A SSH private key is required as some dependencies are from private repos
- uses: webfactory/ssh-agent@v0.5.2
with:
ssh-private-key: ${{ secrets.CONCRETE_COMPILER_CI_SSH_PRIVATE }}
- uses: actions/checkout@v2
with:
fetch-depth: 0
submodules: recursive
token: ${{ secrets.GH_TOKEN }}
- name: Get changed files
id: changed-files
uses: tj-actions/changed-files@v2.0.0
- name: Login
id: login
if: contains(steps.changed-files.outputs.modified_files, 'builders/Dockerfile.gcc7-env')
run: echo "${{ secrets.GHCR_PASSWORD }}" | docker login -u ${{ secrets.GHCR_LOGIN }} --password-stdin ghcr.io
- name: Install rust
if: ${{ steps.login.conclusion != 'skipped' }}
uses: actions-rs/toolchain@v1
with:
toolchain: stable
- name: Concrete-Optimizer
if: ${{ steps.login.conclusion != 'skipped' }}
run: |
cd compiler
make concrete-optimizer-lib
- name: Build Tag and Publish
if: ${{ steps.login.conclusion != 'skipped' }}
run: |
docker build -t $IMAGE -f builders/Dockerfile.gcc7-env .
docker push $IMAGE:latest
- name: Is Image Built
id: is-built
run: echo "::set-output name=IMAGE_BUILT::${{ contains(steps.changed-files.outputs.modified_files, 'builders/Dockerfile.gcc7-env') }}"
Reference in New Issue View Git Blame Copy Permalink