github/tfhe-rs
1
1
Fork 0
mirror of https://github.com/zama-ai/tfhe-rs.git synced 2026-01-06 21:34:05 -05:00
Code Issues Packages Projects Releases Wiki Activity

chore(ci): use aws ec2 as runner provider for cargo builds

Browse Source
This commit is contained in:
David Testé
2025-11-14 16:59:27 +01:00
committed by David Testé
parent 89bf6a3331
commit 1568f7c532
3 changed files with 285 additions and 141 deletions
Download Patch File Download Diff File Expand all files Collapse all files

209
.github/workflows/cargo_build.yml vendored
View File

@@ -39,157 +39,100 @@ jobs:
parallel-pcc-cpu:
name: cargo_build/parallel-pcc-cpu
needs: prepare-parallel-pcc-matrix
runs-on: large_ubuntu_16
strategy:
matrix:
command: ${{fromJson(needs.prepare-parallel-pcc-matrix.outputs.matrix_command)}}
command: ${{ fromJson(needs.prepare-parallel-pcc-matrix.outputs.matrix_command)}}
fail-fast: false
steps:
- name: Checkout tfhe-rs repo
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
with:
persist-credentials: 'false'
token: ${{ env.CHECKOUT_TOKEN }}
- name: Install latest stable
uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # zizmor: ignore[stale-action-refs] this action doesn't create releases
with:
toolchain: stable
- name: Run pcc checks batch
run: |
make "${COMMAND}"
env:
COMMAND: ${{ matrix.command }}
uses: ./.github/workflows/cargo_build_common.yml
with:
run-pcc-cpu-batch: ${{ matrix.command }}
secrets:
BOT_USERNAME: ${{ secrets.BOT_USERNAME }}
SLACK_CHANNEL: ${{ secrets.SLACK_CHANNEL }}
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
REPO_CHECKOUT_TOKEN: ${{ secrets.REPO_CHECKOUT_TOKEN }}
JOB_SECRET: ${{ secrets.JOB_SECRET }}
SLAB_ACTION_TOKEN: ${{ secrets.SLAB_ACTION_TOKEN }}
SLAB_URL: ${{ secrets.SLAB_URL }}
SLAB_BASE_URL: ${{ secrets.SLAB_BASE_URL }}
pcc-hpu:
name: cargo_build/pcc-hpu
runs-on: large_ubuntu_16
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
with:
persist-credentials: 'false'
token: ${{ env.CHECKOUT_TOKEN }}
- name: Install latest stable
uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # zizmor: ignore[stale-action-refs] this action doesn't create releases
with:
toolchain: stable
- name: Run Hpu pcc checks
run: |
make pcc_hpu
uses: ./.github/workflows/cargo_build_common.yml
with:
run-pcc-hpu: true
secrets:
BOT_USERNAME: ${{ secrets.BOT_USERNAME }}
SLACK_CHANNEL: ${{ secrets.SLACK_CHANNEL }}
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
REPO_CHECKOUT_TOKEN: ${{ secrets.REPO_CHECKOUT_TOKEN }}
JOB_SECRET: ${{ secrets.JOB_SECRET }}
SLAB_ACTION_TOKEN: ${{ secrets.SLAB_ACTION_TOKEN }}
SLAB_URL: ${{ secrets.SLAB_URL }}
SLAB_BASE_URL: ${{ secrets.SLAB_BASE_URL }}
build-tfhe-full:
name: cargo_build/build-tfhe-full
runs-on: ${{ matrix.os }}
strategy:
matrix:
# GitHub macos-latest are now M1 macs, so use ours, we limit what runs so it will be fast
# even with a few PRs
os: [large_ubuntu_16, macos-latest-xlarge, large_windows_16_latest]
fail-fast: false
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
with:
persist-credentials: 'false'
token: ${{ env.CHECKOUT_TOKEN }}
- name: Install latest stable
uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # zizmor: ignore[stale-action-refs] this action doesn't create releases
with:
toolchain: stable
- name: Build Release tfhe full
run: |
make build_tfhe_full
uses: ./.github/workflows/cargo_build_common.yml
with:
run-build-tfhe-full: true
# GitHub macos-latest are now M1 macs, so use ours, we limit what runs so it will be fast
# even with a few PRs
extra-runners-to-use: macos-latest-xlarge,large_windows_16_latest
secrets:
BOT_USERNAME: ${{ secrets.BOT_USERNAME }}
SLACK_CHANNEL: ${{ secrets.SLACK_CHANNEL }}
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
REPO_CHECKOUT_TOKEN: ${{ secrets.REPO_CHECKOUT_TOKEN }}
JOB_SECRET: ${{ secrets.JOB_SECRET }}
SLAB_ACTION_TOKEN: ${{ secrets.SLAB_ACTION_TOKEN }}
SLAB_URL: ${{ secrets.SLAB_URL }}
SLAB_BASE_URL: ${{ secrets.SLAB_BASE_URL }}
build:
name: cargo_build/build
runs-on: large_ubuntu_16
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
with:
persist-credentials: 'false'
token: ${{ env.CHECKOUT_TOKEN }}
- name: Install latest stable
uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # zizmor: ignore[stale-action-refs] this action doesn't create releases
with:
toolchain: stable
- name: Install and run newline linter checks
run: |
wget https://github.com/fernandrone/linelint/releases/download/0.0.6/linelint-linux-amd64
echo "16b70fb7b471d6f95cbdc0b4e5dc2b0ac9e84ba9ecdc488f7bdf13df823aca4b linelint-linux-amd64" > checksum
sha256sum -c checksum || exit 1
chmod +x linelint-linux-amd64
mv linelint-linux-amd64 /usr/local/bin/linelint
make check_newline
- name: Build tfhe-csprng
run: |
make build_tfhe_csprng
- name: Build with MSRV
run: |
make build_tfhe_msrv
- name: Build coverage tests
run: |
make build_tfhe_coverage
uses: ./.github/workflows/cargo_build_common.yml
with:
run-build: true
secrets:
BOT_USERNAME: ${{ secrets.BOT_USERNAME }}
SLACK_CHANNEL: ${{ secrets.SLACK_CHANNEL }}
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
REPO_CHECKOUT_TOKEN: ${{ secrets.REPO_CHECKOUT_TOKEN }}
JOB_SECRET: ${{ secrets.JOB_SECRET }}
SLAB_ACTION_TOKEN: ${{ secrets.SLAB_ACTION_TOKEN }}
SLAB_URL: ${{ secrets.SLAB_URL }}
SLAB_BASE_URL: ${{ secrets.SLAB_BASE_URL }}
build-layers:
name: cargo_build/build-layers
runs-on: large_ubuntu_16
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
with:
persist-credentials: 'false'
token: ${{ env.CHECKOUT_TOKEN }}
- name: Install latest stable
uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # zizmor: ignore[stale-action-refs] this action doesn't create releases
with:
toolchain: stable
- name: Build Release core
run: |
make build_core AVX512_SUPPORT=ON
make build_core_experimental AVX512_SUPPORT=ON
- name: Build Release boolean
run: |
make build_boolean
- name: Build Release shortint
run: |
make build_shortint
- name: Build Release integer
run: |
make build_integer
uses: ./.github/workflows/cargo_build_common.yml
with:
run-build-layers: true
secrets:
BOT_USERNAME: ${{ secrets.BOT_USERNAME }}
SLACK_CHANNEL: ${{ secrets.SLACK_CHANNEL }}
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
REPO_CHECKOUT_TOKEN: ${{ secrets.REPO_CHECKOUT_TOKEN }}
JOB_SECRET: ${{ secrets.JOB_SECRET }}
SLAB_ACTION_TOKEN: ${{ secrets.SLAB_ACTION_TOKEN }}
SLAB_URL: ${{ secrets.SLAB_URL }}
SLAB_BASE_URL: ${{ secrets.SLAB_BASE_URL }}
build-c-api:
name: cargo_build/build-c-api
runs-on: large_ubuntu_16
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
with:
persist-credentials: 'false'
token: ${{ env.CHECKOUT_TOKEN }}
- name: Install latest stable
uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # zizmor: ignore[stale-action-refs] this action doesn't create releases
with:
toolchain: stable
- name: Build Release c_api
run: |
make build_c_api
# The wasm build check is a bit annoying to set-up here and is done during the tests in
# aws_tfhe_tests.yml
uses: ./.github/workflows/cargo_build_common.yml
with:
run-build-c-api: true
secrets:
BOT_USERNAME: ${{ secrets.BOT_USERNAME }}
SLACK_CHANNEL: ${{ secrets.SLACK_CHANNEL }}
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
REPO_CHECKOUT_TOKEN: ${{ secrets.REPO_CHECKOUT_TOKEN }}
JOB_SECRET: ${{ secrets.JOB_SECRET }}
SLAB_ACTION_TOKEN: ${{ secrets.SLAB_ACTION_TOKEN }}
SLAB_URL: ${{ secrets.SLAB_URL }}
SLAB_BASE_URL: ${{ secrets.SLAB_BASE_URL }}
cargo-builds:
name: cargo_build/cargo-builds (bpr)

213
.github/workflows/cargo_build_common.yml vendored
View File

@@ -2,16 +2,217 @@ name: cargo_build_common
on:
workflow_call:
inputs:
run-pcc-cpu-batch:
type: string
run-pcc-hpu:
type: boolean
default: false
run-build:
type: boolean
default: false
run-build-layers:
type: boolean
default: false
run-build-c-api:
type: boolean
default: false
run-build-tfhe-full:
type: boolean
default: false
extra-runners-to-use: # Additional runners to run builds command against
type: string # Use comma separated values to generate an array
default: ""
secrets:
REPO_CHECKOUT_TOKEN:
required: true
SLAB_ACTION_TOKEN:
required: true
SLAB_BASE_URL:
required: true
SLAB_URL:
required: true
JOB_SECRET:
required: true
SLACK_CHANNEL:
required: true
BOT_USERNAME:
required: true
SLACK_WEBHOOK:
required: true
permissions: {}
env:
CARGO_TERM_COLOR: always
RUSTFLAGS: "-C target-cpu=native"
RUST_BACKTRACE: "full"
RUST_MIN_STACK: "8388608"
CHECKOUT_TOKEN: ${{ secrets.REPO_CHECKOUT_TOKEN || secrets.GITHUB_TOKEN }}
# Secrets will be available only to zama-ai organization members
SECRETS_AVAILABLE: ${{ secrets.JOB_SECRET != '' }}
EXTERNAL_CONTRIBUTION_RUNNER: "large_ubuntu_16"
permissions:
contents: read
# zizmor: ignore[concurrency-limits] caller workflow is responsible for the concurrency
jobs:
placeholder:
name: cargo_build_common/placeholder
setup-instance:
name: cargo_build_common/setup-instance
if: inputs.run-pcc-cpu-batch || inputs.run-pcc-hpu || inputs.run-build || inputs.run-build-layers || inputs.run-build-tfhe-full || inputs.run-build-c-api
runs-on: ubuntu-latest
outputs:
runner-name: ${{ steps.start-remote-instance.outputs.label || steps.start-github-instance.outputs.runner_group }}
steps:
- run: |
echo "Hello this is a placeholder workflow"
- name: Start remote instance
id: start-remote-instance
if: env.SECRETS_AVAILABLE == 'true'
uses: zama-ai/slab-github-runner@79939325c3c429837c10d6041e4fd8589d328bac
with:
mode: start
github-token: ${{ secrets.SLAB_ACTION_TOKEN }}
slab-url: ${{ secrets.SLAB_BASE_URL }}
job-secret: ${{ secrets.JOB_SECRET }}
backend: aws
profile: cpu-small
# This instance will be spawned especially for pull-request from forked repository
- name: Start GitHub instance
id: start-github-instance
if: env.SECRETS_AVAILABLE == 'false'
run: |
echo "runner_group=${EXTERNAL_CONTRIBUTION_RUNNER}" >> "$GITHUB_OUTPUT"
prepare-matrix:
name: cargo_build_common/prepare-matrix
runs-on: ubuntu-latest
needs: setup-instance
outputs:
runners: ${{ steps.set_matrix_runners.outputs.runners }}
steps:
- name: Parse runners
shell: python
run: | # zizmor: ignore[template-injection] these env variables are safe
runners = ["${{ needs.setup-instance.outputs.runner-name }}", ]
if "${{ inputs.extra-runners-to-use }}":
split_runners = "${{ inputs.extra-runners-to-use }}".replace(" ", "").split(",")
runners.extend(split_runners)
with open("${{ github.env }}", "a") as f:
f.write(f"""RUNNERS=["{'", "'.join(runners)}"]\n""")
- name: Set martix runners outputs
id: set_matrix_runners
run: | # zizmor: ignore[template-injection] these env variable are safe
echo "runners=${{ toJSON(env.RUNNERS) }}" >> "${GITHUB_OUTPUT}"
builds:
name: cargo_build_common/builds
needs: [ setup-instance, prepare-matrix ]
runs-on: ${{ matrix.runner }}
strategy:
matrix:
runner: ${{ fromJSON(needs.prepare-matrix.outputs.runners) }}
fail-fast: false
steps:
- name: Checkout tfhe-rs repo
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
with:
persist-credentials: 'false'
token: ${{ env.CHECKOUT_TOKEN }}
- name: Install latest stable
uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # zizmor: ignore[stale-action-refs] this action doesn't create releases
with:
toolchain: stable
- name: Run pcc checks batch
if: inputs.run-pcc-cpu-batch
run: |
make "${COMMAND}"
env:
COMMAND: ${{ inputs.run-pcc-cpu-batch }}
- name: Run Hpu pcc checks
if: inputs.run-pcc-hpu
run: |
make pcc_hpu
- name: Build Release tfhe full
if: inputs.run-build-tfhe-full
run: |
make build_tfhe_full
- name: Run newline linter checks
if: inputs.run-build
run: |
make check_newline
- name: Build tfhe-csprng
if: inputs.run-build
run: |
make build_tfhe_csprng
- name: Build with MSRV
if: inputs.run-build
run: |
make build_tfhe_msrv
- name: Build coverage tests
if: inputs.run-build
run: |
make build_tfhe_coverage
- name: Build Release core
if: inputs.run-build-layers
run: |
make build_core AVX512_SUPPORT=ON
make build_core_experimental AVX512_SUPPORT=ON
- name: Build Release boolean
if: inputs.run-build-layers
run: |
make build_boolean
- name: Build Release shortint
if: inputs.run-build-layers
run: |
make build_shortint
- name: Build Release integer
if: inputs.run-build-layers
run: |
make build_integer
- name: Build Release c_api
if: inputs.run-build-c-api
run: |
make build_c_api
# The wasm build check is a bit annoying to set-up here and is done during the tests in
# aws_tfhe_tests.yml
teardown-instance:
name: cargo_build_common/teardown-instance
if: ${{ always() && needs.setup-instance.result == 'success' }}
needs: [setup-instance, builds]
runs-on: ubuntu-latest
steps:
- name: Stop remote instance
id: stop-instance
if: env.SECRETS_AVAILABLE == 'true'
uses: zama-ai/slab-github-runner@79939325c3c429837c10d6041e4fd8589d328bac
with:
mode: stop
github-token: ${{ secrets.SLAB_ACTION_TOKEN }}
slab-url: ${{ secrets.SLAB_BASE_URL }}
job-secret: ${{ secrets.JOB_SECRET }}
label: ${{ needs.setup-instance.outputs.runner-name }}
- name: Slack Notification
if: ${{ failure() }}
continue-on-error: true
uses: rtCamp/action-slack-notify@e31e87e03dd19038e411e38ae27cbad084a90661
env:
SLACK_COLOR: ${{ job.status }}
SLACK_MESSAGE: "Instance teardown (cargo-builds) finished with status: ${{ job.status }}. (${{ env.ACTION_RUN_URL }})"

4
ci/slab.toml
View File

@@ -1,6 +1,6 @@
[backend.aws.cpu-big]
region = "eu-west-3"
image_id = "ami-0449b775abf884686"
image_id = "ami-0eda00173fe323828"
instance_type = "m6i.32xlarge"
user = "ubuntu"
@@ -12,7 +12,7 @@ user = "ubuntu"
[backend.aws.cpu-small]
region = "eu-west-3"
image_id = "ami-0449b775abf884686"
image_id = "ami-0eda00173fe323828"
instance_type = "m6i.4xlarge"
user = "ubuntu"