github/concrete
1
1
Fork 0
mirror of https://github.com/zama-ai/concrete.git synced 2026-02-09 03:55:04 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
de19fdc868296a1525138efd7527e623e30a6dcf
concrete/.github/workflows/continuous-integration.yml
youben11 de19fdc868 fix: set SYSTEM_VERSION_COMPAT to 0 during macos tests 
This is a known issue while using setup-python action
https://github.com/actions/setup-python/issues/279
2022-09-19 13:24:20 +01:00

770 lines
28 KiB
YAML
Raw Blame History

This file contains invisible Unicode characters
This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
name: Continuous Integration Pipeline
on:
push:
branches: [main, test-ci]
tags:
- 'v*'
pull_request:
types: [opened, synchronize, reopened]
# DOCKER_IMAGE variables aren't used in BuildAndPushDockerImages because of https://github.com/actions/runner/issues/480
env:
DOCKER_IMAGE_TEST: ghcr.io/zama-ai/concrete-compiler
jobs:
########################
# Tests and formating #
########################
FormattingAndLinting:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
with:
submodules: recursive
token: ${{ secrets.GH_TOKEN }}
- name: Format with clang-format (Cpp)
run: sudo apt install moreutils && .github/workflows/scripts/format_cpp.sh
- name: Format with black (Python)
run: |
cd compiler
pip install -r lib/Bindings/Python/requirements_dev.txt
make check-python-format
- name: Lint with pylint (Python)
run: |
cd compiler
# compiler requirements to lint
pip install numpy
make python-lint
- name: Linelint
uses: fernandrone/linelint@0.0.4
id: linelint
CheckLicense:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Check if sources include the license header
run: .github/workflows/scripts/check_for_license.sh
BuildAndTest:
runs-on: ubuntu-latest
# We want to always run the tests unless cancelled, but after the docker image build job.
# If there is no new build then we use the old image, else we use the new image.
if: ${{ !cancelled() }}
needs: [BuildAndPushDockerImages]
steps:
# Free 4Gb of workspace
- name: Freeing space
run: |
df -h
for image in ubuntu:{16,18}.04 \
node:{12,14,16}{-alpine,} \
buildpack-deps:{stretch,buster,bullseye} \
debian:{9,10,11} alpine:3.{12,13,14} \
moby/buildkit:latest docker:20.10
do
docker image rm $image || echo Please clean remove it from this step
done
df -h
# A SSH private key is required as some dependencies are from private repos
- uses: webfactory/ssh-agent@v0.5.2
with:
ssh-private-key: ${{ secrets.CONCRETE_COMPILER_CI_SSH_PRIVATE }}
- uses: actions/checkout@v2
with:
submodules: recursive
token: ${{ secrets.GH_TOKEN }}
- name: Install rust
uses: actions-rs/toolchain@v1
with:
toolchain: stable
- name: Concrete-Optimizer
run: |
cd compiler
make concrete-optimizer-lib
- name: Download KeySetCache
if: ${{ !contains(github.head_ref, 'newkeysetcache') }}
continue-on-error: true
run: |
cd compiler
GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }} make keysetcache_ci_populated
- name: Mark KeySetCache
run: |
touch keysetcache.timestamp
- name: Build and test compiler
uses: addnab/docker-run-action@v3
id: build-compiler
with:
registry: ghcr.io
image: ${{ env.DOCKER_IMAGE_TEST }}
username: ${{ secrets.GHCR_LOGIN }}
password: ${{ secrets.GHCR_PASSWORD }}
options: >-
-v ${{ github.workspace }}/llvm-project:/llvm-project
-v ${{ github.workspace }}/compiler:/compiler
-v ${{ github.workspace }}/KeySetCache:/tmp/KeySetCache
shell: bash
run: |
set -e
cd /compiler
rm -rf /build
pip install pytest
sed "s/pytest/python -m pytest/g" -i Makefile
make DATAFLOW_EXECUTION_ENABLED=ON CCACHE=ON Python3_EXECUTABLE=$PYTHON_EXEC BUILD_DIR=/build all run-tests run-end-to-end-dataflow-tests
echo "Debug: ccache statistics (after the build):"
ccache -s
chmod -R ugo+rwx /tmp/KeySetCache
- name: Prune KeySetCache
run: |
TO_CLEAN=$(find KeySetCache/* -maxdepth 1 -mindepth 1 -not -newer keysetcache.timestamp -type d)
if [ -n "$TO_CLEAN" ]
then
echo Cleaning $TO_CLEAN
rm -rf $TO_CLEAN
else
echo Nothing to clean
fi
- name: Upload KeySetCache
if: ${{ github.ref == 'refs/heads/main' }}
uses: actions/upload-artifact@v3
with:
name: KeySetCacheV2
path: KeySetCache
retention-days: 90
- name: Cleanup Old KeySetCache
uses: Remagpie/gha-remove-artifact@v1
if: ${{ github.ref == 'refs/heads/main' }}
with:
only-name: KeySetCacheV2
max-count: 1
- name: Build the documentation
id: build-doc
if: ${{ steps.build-compiler.outcome == 'success' && !cancelled() }}
uses: addnab/docker-run-action@v3
with:
registry: ghcr.io
image: ${{ env.DOCKER_IMAGE_TEST }}
username: ${{ secrets.GHCR_LOGIN }}
password: ${{ secrets.GHCR_PASSWORD }}
options: >-
-v ${{ github.workspace }}/compiler:/compiler
-v ${{ github.workspace }}/llvm-project:/llvm-project
-v ${{ github.workspace }}/docs:/docs
shell: bash
run: |
set -e
rm -rf /build
make DATAFLOW_EXECUTION_ENABLED=ON CCACHE=ON Python3_EXECUTABLE=$PYTHON_EXEC BUILD_DIR=/build concretecompiler python-bindings doc
cd /docs
pip install -r requirements.txt
pip install -r ../llvm-project/mlir/python/requirements.txt
dnf install -y doxygen
sed "s/sphinx-apidoc/python -m sphinx.ext.apidoc/g" -i Makefile
sed "s/sphinx-build/python -m sphinx.cmd.build/g" -i Makefile
make COMPILER_BUILD_DIR=/build/ doc
- name: Archive docs artifacts
if: ${{ steps.build-doc.outcome == 'success' && !cancelled() }}
uses: actions/upload-artifact@27121b0bdffd731efa15d66772be8dc71245d074
with:
name: html-docs
path: docs/_build/html
BuildAndTestMacOS:
runs-on: macos-11
steps:
# A SSH private key is required as some dependencies are from private repos
- uses: webfactory/ssh-agent@v0.5.2
with:
ssh-private-key: ${{ secrets.CONCRETE_COMPILER_CI_SSH_PRIVATE }}
- uses: actions/checkout@v2
with:
submodules: recursive
token: ${{ secrets.GH_TOKEN }}
- uses: actions/checkout@v2
with:
repository: zama-ai/concrete_internal
ref: engine_c_api
path: concrete
token: ${{ secrets.GH_TOKEN }}
- name: Get ConcreteLib commit hash
id: concretelib-hash
run: cd ${{ github.workspace }}/concrete && echo "::set-output name=COMMIT_SHA::`git rev-parse HEAD`"
- name: Cache ConcreteLib
uses: actions/cache@v2
with:
path: ${{ github.workspace }}/concrete/target
key: ${{ runner.os }}-concrete-lib-${{ steps.concretelib-hash.outputs.COMMIT_SHA }}
- name: Install rust
uses: actions-rs/toolchain@v1
with:
toolchain: stable
- name: Install Deps
run: |
# curl https://sh.rustup.rs -sSf | sh -s -- -y # TODO check actions-rs/toolchain@v1
brew install ninja ccache
pip3 install numpy pybind11==2.8 wheel delocate
pip3 install pytest
cd ${{ github.workspace }}/concrete/concrete-ffi
RUSTFLAGS="-C target-cpu=native" cargo build --release
- name: Cache compilation (push)
if: github.event_name == 'push'
uses: actions/cache@v2
with:
path: /Users/runner/Library/Caches/ccache
key: ${{ runner.os }}-compilation-cache-${{ github.sha }}
restore-keys: |
${{ runner.os }}-compilation-cache-
- name: Cache compilation (pull_request)
if: github.event_name == 'pull_request'
uses: actions/cache@v2
with:
path: /Users/runner/Library/Caches/ccache
key: ${{ runner.os }}-compilation-cache-${{ github.event.pull_request.base.sha }}
restore-keys: |
${{ runner.os }}-compilation-cache-
- name: Get tmpdir path
if: github.event_name == 'push'
id: tmpdir-path
run: echo "::set-output name=TMPDIR_PATH::`echo $TMPDIR`"
# We do run run-check-tests as part of the build, as they aren't that costly
# and will at least give minimum confidence that the compiler works in PRs
- name: Build
run: |
cd compiler
echo "Debug: ccache statistics (prior to the build):"
ccache -s
export CONCRETE_PROJECT=${{ github.workspace }}/concrete
make all run-check-tests
echo "Debug: ccache statistics (after the build):"
ccache -s
- name: Download KeySetCache
continue-on-error: true
if: ${{ github.event_name == 'push' && !contains(github.head_ref, 'newkeysetcache') }}
run: |
cd compiler
KEYSETCACHECI="$TMPDIR/KeySetCache" GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }} make keysetcache_ci_populated
- name: Test
if: github.event_name == 'push'
run: |
cd compiler
echo "Debug: ccache statistics (prior to the tests):"
ccache -s
export CONCRETE_PROJECT=${{ github.workspace }}/concrete
pip3 wheel --no-deps -w ${{ github.workspace }}/wheels .
delocate-wheel -v `find ${{ github.workspace }}/wheels/ -name *macosx*.whl`
pip3 install `find ${{ github.workspace }}/wheels/ -name *macosx*.whl`
make run-tests
echo "Debug: ccache statistics (after the tests):"
ccache -s
BlockMerge:
if: github.event_name == 'pull_request'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
with:
fetch-depth: 0
- name: Check Commit to Squash
run: |
set -e
git log origin/${{ github.base_ref }}..origin/${{ github.head_ref }} --format=%s | ( ! grep -e "^f [0-9a-f]\+" -q )
##################################
# Releasing and Testing Packages #
##################################
PublishDoc:
needs: [BuildAndTest]
runs-on: ubuntu-20.04
if: ${{ github.event_name == 'push' && (startsWith(github.ref, 'refs/tags/v') || github.ref == 'refs/heads/main') }}
steps:
- name: Set env
id: vars
run: echo "RELEASE_VERSION=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV
- name: Download Documentation
id: download
uses: actions/download-artifact@3be87be14a055c47b01d3bd88f8fe02320a9bb60
with:
name: html-docs
- name: Publish Documentation to S3
id: publish
if: ${{ steps.download.outcome == 'success' && !cancelled() }}
uses: jakejarvis/s3-sync-action@be0c4ab89158cac4278689ebedd8407dd5f35a83
with:
args: --acl public-read
env:
AWS_S3_BUCKET: ${{ secrets.AWS_PREPROD_REPO_DOCUMENTATION_BUCKET_NAME }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_REGION: ${{ secrets.AWS_REGION }}
SOURCE_DIR: '.'
DEST_DIR: 'concrete-compiler/${{ env.RELEASE_VERSION }}'
- name: Invalidate CloudFront Cache
if: ${{ steps.publish.outcome == 'success' }}
uses: awact/cloudfront-action@8bcfabc7b4bbc0cb8e55e48527f0e3a6d681627c
env:
SOURCE_PATH: '/concrete-compiler/*'
AWS_REGION: ${{ secrets.AWS_REGION }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
DISTRIBUTION_ID: ${{ secrets.AWS_REPO_DOCUMENTATION_DISTRIBUTION_ID }}
CreateRelease:
runs-on: ubuntu-latest
needs: [BuildAndTest, BuildAndTestMacOS]
if: ${{ github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v') }}
outputs:
upload_url: ${{ steps.release.outputs.upload_url }}
release_id: ${{ steps.release.outputs.id }}
steps:
- name: Release
id: release
uses: softprops/action-gh-release@v1
with:
token: ${{ secrets.GH_TOKEN_RELEASE }}
draft: true
prerelease: true
generate_release_notes: true
BuildAndPushPythonPackagesLinux:
runs-on: ubuntu-latest
strategy:
matrix:
include:
- python: 37
python_dir: "cp37-cp37m"
- python: 38
python_dir: "cp38-cp38"
- python: 39
python_dir: "cp39-cp39"
- python: 310
python_dir: "cp310-cp310"
outputs:
python-package-name-linux-py37: ${{ steps.set-output-wheel-linux.outputs.ASSET_NAME_PY37 }}
python-package-name-linux-py38: ${{ steps.set-output-wheel-linux.outputs.ASSET_NAME_PY38 }}
python-package-name-linux-py39: ${{ steps.set-output-wheel-linux.outputs.ASSET_NAME_PY39 }}
python-package-name-linux-py310: ${{ steps.set-output-wheel-linux.outputs.ASSET_NAME_PY310 }}
needs: CreateRelease
steps:
# A SSH private key is required as some dependencies are from private repos
- uses: webfactory/ssh-agent@v0.5.2
with:
ssh-private-key: ${{ secrets.CONCRETE_COMPILER_CI_SSH_PRIVATE }}
- uses: actions/checkout@v2
with:
submodules: recursive
token: ${{ secrets.GH_TOKEN }}
- name: Install Rust
uses: actions-rs/toolchain@v1
with:
toolchain: stable
- name: Concrete-Optimizer
run: |
cd compiler
make concrete-optimizer-lib
- name: Update Python Version
run: cd compiler && make update-python-version
- name: Login to Github Container Registry
run: echo "${{ secrets.GHCR_PASSWORD }}" | docker login -u ${{ secrets.GHCR_LOGIN }} --password-stdin ghcr.io
- name: Build Wheel
uses: addnab/docker-run-action@v3
with:
registry: ghcr.io
image: ${{ env.DOCKER_IMAGE_TEST }}
username: ${{ secrets.GHCR_LOGIN }}
password: ${{ secrets.GHCR_PASSWORD }}
options: >-
-v ${{ github.workspace }}/llvm-project:/llvm-project
-v ${{ github.workspace }}/compiler:/compiler
-v ${{ github.workspace }}/wheels:/wheels
shell: bash
run: |
set -e
cd /compiler
rm -rf /build
export PYTHON_EXEC=/opt/python/${{ matrix.python_dir }}/bin/python
$PYTHON_EXEC -m pip install -r /llvm-project/mlir/python/requirements.txt
# setup env variable for wheel building
export CONCRETE_COMPILER_Python3_EXECUTABLE=$PYTHON_EXEC
export CONCRETE_COMPILER_BUILD_DIR=/build
/opt/python/${{ matrix.python_dir }}/bin/pip wheel -vvv --no-deps -w /wheels .
# We need to run it twice: the first will generate the directories, so that
# the second run can find the packages via find_namespace_packages
/opt/python/${{ matrix.python_dir }}/bin/pip wheel -vvv --no-deps -w /wheels .
auditwheel repair /wheels/*.whl --plat manylinux_2_28_x86_64 -w /wheels
echo "Debug: ccache statistics (after the build):"
ccache -s
- name: Set Outputs
id: set-output-wheel-linux
run: |
echo "::set-output name=ASSET_NAME::`find ${{ github.workspace }}/wheels/ -name *manylinux*.whl | rev |cut -d "/" -f 1 |rev `"
# used later for python package test
echo "::set-output name=ASSET_NAME_PY${{ matrix.python }}::`find ${{ github.workspace }}/wheels/ -name *manylinux*.whl | rev |cut -d "/" -f 1 |rev `"
- name: Upload Python Package
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GH_TOKEN_RELEASE }}
with:
upload_url: ${{ needs.CreateRelease.outputs.upload_url }}
asset_path: ${{ github.workspace }}/wheels/${{ steps.set-output-wheel-linux.outputs.ASSET_NAME }}
asset_name: ${{ steps.set-output-wheel-linux.outputs.ASSET_NAME }}
asset_content_type: application/zip
BuildAndPushTarballLinux:
runs-on: ubuntu-latest
needs: CreateRelease
steps:
# A SSH private key is required as some dependencies are from private repos
- uses: webfactory/ssh-agent@v0.5.2
with:
ssh-private-key: ${{ secrets.CONCRETE_COMPILER_CI_SSH_PRIVATE }}
- uses: actions/checkout@v2
with:
submodules: recursive
token: ${{ secrets.GH_TOKEN }}
- name: Install Rust
uses: actions-rs/toolchain@v1
with:
toolchain: stable
- name: Concrete-Optimizer
run: |
cd compiler
make concrete-optimizer-lib
- name: Login to Github Container Registry
run: echo "${{ secrets.GHCR_PASSWORD }}" | docker login -u ${{ secrets.GHCR_LOGIN }} --password-stdin ghcr.io
- name: Build
id: build-tarball
run: |
cd compiler
make release-tarballs
sudo cp ${{ github.workspace }}/tarballs/concretecompiler.tar.gz ${{ github.workspace }}/tarballs/concretecompiler-`git describe --tags --abbrev=0`-x86_64-linux-gnu.tar.gz
echo "::set-output name=ASSET_NAME::concretecompiler-`git describe --tags --abbrev=0`-x86_64-linux-gnu.tar.gz"
- name: Upload Tarball
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GH_TOKEN_RELEASE }}
with:
upload_url: ${{ needs.CreateRelease.outputs.upload_url }}
asset_path: ${{ github.workspace }}/tarballs/${{ steps.build-tarball.outputs.ASSET_NAME }}
asset_name: ${{ steps.build-tarball.outputs.ASSET_NAME }}
asset_content_type: application/tar+gzip
BuildAndPushPackagesMacOS:
needs: CreateRelease
runs-on: macos-11
strategy:
matrix:
python: ['3.8', '3.9', '3.10']
outputs:
python-package-name-macos-py38: ${{ steps.build-wheel-macos.outputs.ASSET_NAME_PY38 }}
python-package-name-macos-py39: ${{ steps.build-wheel-macos.outputs.ASSET_NAME_PY39 }}
python-package-name-macos-py310: ${{ steps.build-wheel-macos.outputs.ASSET_NAME_PY310 }}
steps:
# A SSH private key is required as some dependencies are from private repos
- uses: webfactory/ssh-agent@v0.5.2
with:
ssh-private-key: ${{ secrets.CONCRETE_COMPILER_CI_SSH_PRIVATE }}
- uses: actions/checkout@v2
with:
submodules: recursive
token: ${{ secrets.GH_TOKEN }}
- name: Install Rust
uses: actions-rs/toolchain@v1
with:
toolchain: stable
- name: Concrete-Optimizer
run: |
cd compiler
make concrete-optimizer-lib
- uses: actions/checkout@v2
with:
repository: zama-ai/concrete_internal
ref: engine_c_api
path: concrete
token: ${{ secrets.GH_TOKEN }}
- name: Set up Python
uses: actions/setup-python@v2
with:
python-version: ${{ matrix.python }}
- name: Install Deps
run: |
curl https://sh.rustup.rs -sSf | sh -s -- -y
brew install ninja
pip install numpy pybind11==2.8 wheel delocate
cd ${{ github.workspace }}/concrete/concrete-ffi
RUSTFLAGS="-C target-cpu=native" cargo build --release
- name: Update Python Version
run: cd compiler && make update-python-version
- name: Build
id: build-wheel-macos
run: |
cd compiler
export CONCRETE_PROJECT=${{ github.workspace }}/concrete
make Python3_EXECUTABLE=`which python` python-bindings
pip wheel --no-deps -w ${{ github.workspace }}/wheels .
delocate-wheel -v `find ${{ github.workspace }}/wheels/ -name *macosx*.whl`
echo "::set-output name=ASSET_NAME::`find ${{ github.workspace }}/wheels/ -name *macosx*.whl | rev |cut -d "/" -f 1 |rev `"
# used later for python package test
echo "::set-output name=ASSET_NAME_PY`echo ${{ matrix.python }} |tr -d '.'`::`find ${{ github.workspace }}/wheels/ -name *macosx*.whl | rev |cut -d "/" -f 1 |rev `"
- name: Upload Python Package
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GH_TOKEN_RELEASE }}
with:
upload_url: ${{ needs.CreateRelease.outputs.upload_url }}
asset_path: ${{ github.workspace }}/wheels/${{ steps.build-wheel-macos.outputs.ASSET_NAME }}
asset_name: ${{ steps.build-wheel-macos.outputs.ASSET_NAME }}
asset_content_type: application/zip
- name: Build tarball
if: matrix.python == '3.8'
id: build-mac-tarball
run: |
cd compiler
export CONCRETE_PROJECT=${{ github.workspace }}/concrete
make concretecompiler
mkdir -p tarballs/concretecompiler/lib tarballs/concretecompiler/bin
cp build/bin/concretecompiler tarballs/concretecompiler/bin
cp build/lib/libConcretelangRuntime.dylib tarballs/concretecompiler/lib
cp ../.github/workflows/assets/Installation.md tarballs/concretecompiler/
cd tarballs && tar -czvf concretecompiler-`git describe --tags --abbrev=0`-x86_64-macos-catalina.tar.gz concretecompiler
echo "::set-output name=ASSET_NAME::concretecompiler-`git describe --tags --abbrev=0`-x86_64-macos-catalina.tar.gz"
- name: Upload Tarball
if: matrix.python == '3.8'
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GH_TOKEN_RELEASE }}
with:
upload_url: ${{ needs.CreateRelease.outputs.upload_url }}
asset_path: ${{ github.workspace }}/compiler/tarballs/${{ steps.build-mac-tarball.outputs.ASSET_NAME }}
asset_name: ${{ steps.build-mac-tarball.outputs.ASSET_NAME }}
asset_content_type: application/tar+gzip
TestPythonPackageLinux:
runs-on: ubuntu-latest
needs: [BuildAndPushPythonPackagesLinux, CreateRelease]
strategy:
matrix:
include:
- python: '3.7'
filename-index: 'python-package-name-linux-py37'
- python: '3.8'
filename-index: 'python-package-name-linux-py38'
- python: '3.9'
filename-index: 'python-package-name-linux-py39'
- python: '3.10'
filename-index: 'python-package-name-linux-py310'
steps:
- uses: actions/checkout@v2
- name: Set up Python
uses: actions/setup-python@v2
with:
python-version: ${{ matrix.python }}
- name: Extract Package Filename
id: extract-filename
run: echo "::set-output name=FILE_NAME::`echo '${{ toJson(needs.BuildAndPushPythonPackagesLinux.outputs) }}' | jq '.[\"${{ matrix.filename-index }}\"]' | tr -d '\"' `"
- name: Download and Install Package
run: |
wget --auth-no-challenge --header='Accept:application/octet-stream' \
"https://${{ secrets.GH_TOKEN_RELEASE }}:@api.github.com/repos/${{ github.repository }}/releases/assets/`curl -s -u "zama-bot:${{ secrets.GH_TOKEN_RELEASE }}" \
https://api.github.com/repos/${{ github.repository }}/releases | \
jq 'map(select(.tag_name == "${{ github.ref_name }}"))' | \
jq '.[0].assets' | \
jq 'map(select(.name == "${{ steps.extract-filename.outputs.FILE_NAME }}" ))' | \
jq '.[].id'`" -O ${{ steps.extract-filename.outputs.FILE_NAME }}
pip install ${{ steps.extract-filename.outputs.FILE_NAME }}
- name: Test
run: |
cd compiler
pip install pytest
pytest -vs tests/python
TestPythonPackageMacOS:
runs-on: macos-11
needs: [BuildAndPushPackagesMacOS, CreateRelease]
env:
SYSTEM_VERSION_COMPAT: 0
strategy:
matrix:
include:
- python: '3.8'
filename-index: 'python-package-name-macos-py38'
- python: '3.9'
filename-index: 'python-package-name-macos-py39'
- python: '3.10'
filename-index: 'python-package-name-macos-py310'
steps:
- uses: actions/checkout@v2
- name: Set up Python
uses: actions/setup-python@v2
with:
python-version: ${{ matrix.python }}
- name: Extract Package Filename
id: extract-filename
run: echo "::set-output name=FILE_NAME::`echo '${{ toJson(needs.BuildAndPushPackagesMacOS.outputs) }}' | jq '.[\"${{ matrix.filename-index }}\"]' | tr -d '\"' `"
- name: Download and Install Package
run: |
wget --auth-no-challenge --header='Accept:application/octet-stream' \
"https://${{ secrets.GH_TOKEN_RELEASE }}:@api.github.com/repos/${{ github.repository }}/releases/assets/`curl -s -u "zama-bot:${{ secrets.GH_TOKEN_RELEASE }}" \
https://api.github.com/repos/${{ github.repository }}/releases | \
jq 'map(select(.tag_name == "${{ github.ref_name }}"))' | \
jq '.[0].assets' | \
jq 'map(select(.name == "${{ steps.extract-filename.outputs.FILE_NAME }}" ))' | \
jq '.[].id'`" -O ${{ steps.extract-filename.outputs.FILE_NAME }}
pip install ${{ steps.extract-filename.outputs.FILE_NAME }}
- name: Test
run: |
cd compiler
pip install pytest
pytest -vs -m "not parallel" tests/python
#################
# Docker Images #
#################
BuildAndPushDockerImages:
if: ${{ github.event_name == 'push' && (startsWith(github.ref, 'refs/tags/v') || github.ref == 'refs/heads/main') || needs.BuildAndPublishHPXDockerImage.outputs.image_built == 'true' }}
needs: [BuildAndPublishHPXDockerImage]
name: Build & Publish Docker Images
runs-on: ubuntu-latest
strategy:
matrix:
include:
- name: test-env
image: ghcr.io/zama-ai/concrete-compiler
dockerfile: builders/Dockerfile.concrete-compiler-env
steps:
# A SSH private key is required as some dependencies are from private repos
- uses: webfactory/ssh-agent@v0.5.2
with:
ssh-private-key: ${{ secrets.CONCRETE_COMPILER_CI_SSH_PRIVATE }}
- uses: actions/checkout@v2
with:
submodules: recursive
token: ${{ secrets.GH_TOKEN }}
- name: Install rust
uses: actions-rs/toolchain@v1
with:
toolchain: stable
- name: Concrete-Optimizer
run: |
cd compiler
make concrete-optimizer-lib
- name: Login to Registry
run: echo "${{ secrets.GHCR_PASSWORD }}" | docker login -u ${{ secrets.GHCR_LOGIN }} --password-stdin ghcr.io
# label was initially a need from the frontend CI
- name: Build Image
run: docker image build --no-cache --label "commit-sha=${{ github.sha }}" -t ${{ matrix.image }} -f ${{ matrix.dockerfile }} .
- name: Tag and Publish Image
run: |
docker image tag ${{ matrix.image }} ${{ matrix.image }}:${{ github.sha }}
docker image push ${{ matrix.image }}:latest
docker image push ${{ matrix.image }}:${{ github.sha }}
- name: Tag and Publish Release Image
if: startsWith(github.ref, 'refs/tags/v')
run: |
docker image tag ${{ matrix.image }} ${{ matrix.image }}:${{ github.ref_name }}
docker image push ${{ matrix.image }}:${{ github.ref_name }}
BuildAndPublishHPXDockerImage:
name: Build & Publish HPX Docker Image
runs-on: ubuntu-latest
env:
IMAGE: ghcr.io/zama-ai/hpx
outputs:
image_built: ${{ steps.is-built.outputs.IMAGE_BUILT }}
steps:
- uses: actions/checkout@v2
with:
fetch-depth: 0
- name: Get changed files
id: changed-files
uses: tj-actions/changed-files@v2.0.0
- name: Login
id: login
if: contains(steps.changed-files.outputs.modified_files, 'builders/Dockerfile.hpx-env')
run: echo "${{ secrets.GHCR_PASSWORD }}" | docker login -u ${{ secrets.GHCR_LOGIN }} --password-stdin ghcr.io
- name: Build Tag and Publish
if: ${{ steps.login.conclusion != 'skipped' }}
run: |
docker build -t $IMAGE -f builders/Dockerfile.hpx-env .
docker push $IMAGE:latest
- name: Is Image Built
id: is-built
run: echo "::set-output name=IMAGE_BUILT::${{ contains(steps.changed-files.outputs.modified_files, 'builders/Dockerfile.hpx-env') }}"
Reference in New Issue View Git Blame Copy Permalink