diff --git a/.github/workflows/cargo_build.yml b/.github/workflows/cargo_build.yml index 73a77c3bb..f74b83a70 100644 --- a/.github/workflows/cargo_build.yml +++ b/.github/workflows/cargo_build.yml @@ -39,157 +39,100 @@ jobs: parallel-pcc-cpu: name: cargo_build/parallel-pcc-cpu needs: prepare-parallel-pcc-matrix - runs-on: large_ubuntu_16 strategy: matrix: - command: ${{fromJson(needs.prepare-parallel-pcc-matrix.outputs.matrix_command)}} + command: ${{ fromJson(needs.prepare-parallel-pcc-matrix.outputs.matrix_command)}} fail-fast: false - steps: - - name: Checkout tfhe-rs repo - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 - with: - persist-credentials: 'false' - token: ${{ env.CHECKOUT_TOKEN }} - - - name: Install latest stable - uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # zizmor: ignore[stale-action-refs] this action doesn't create releases - with: - toolchain: stable - - - name: Run pcc checks batch - run: | - make "${COMMAND}" - env: - COMMAND: ${{ matrix.command }} + uses: ./.github/workflows/cargo_build_common.yml + with: + run-pcc-cpu-batch: ${{ matrix.command }} + secrets: + BOT_USERNAME: ${{ secrets.BOT_USERNAME }} + SLACK_CHANNEL: ${{ secrets.SLACK_CHANNEL }} + SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} + REPO_CHECKOUT_TOKEN: ${{ secrets.REPO_CHECKOUT_TOKEN }} + JOB_SECRET: ${{ secrets.JOB_SECRET }} + SLAB_ACTION_TOKEN: ${{ secrets.SLAB_ACTION_TOKEN }} + SLAB_URL: ${{ secrets.SLAB_URL }} + SLAB_BASE_URL: ${{ secrets.SLAB_BASE_URL }} pcc-hpu: name: cargo_build/pcc-hpu - runs-on: large_ubuntu_16 - steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 - with: - persist-credentials: 'false' - token: ${{ env.CHECKOUT_TOKEN }} - - - name: Install latest stable - uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # zizmor: ignore[stale-action-refs] this action doesn't create releases - with: - toolchain: stable - - - name: Run Hpu pcc checks - run: | - make pcc_hpu + uses: ./.github/workflows/cargo_build_common.yml + with: + run-pcc-hpu: true + secrets: + BOT_USERNAME: ${{ secrets.BOT_USERNAME }} + SLACK_CHANNEL: ${{ secrets.SLACK_CHANNEL }} + SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} + REPO_CHECKOUT_TOKEN: ${{ secrets.REPO_CHECKOUT_TOKEN }} + JOB_SECRET: ${{ secrets.JOB_SECRET }} + SLAB_ACTION_TOKEN: ${{ secrets.SLAB_ACTION_TOKEN }} + SLAB_URL: ${{ secrets.SLAB_URL }} + SLAB_BASE_URL: ${{ secrets.SLAB_BASE_URL }} build-tfhe-full: name: cargo_build/build-tfhe-full - runs-on: ${{ matrix.os }} - strategy: - matrix: - # GitHub macos-latest are now M1 macs, so use ours, we limit what runs so it will be fast - # even with a few PRs - os: [large_ubuntu_16, macos-latest-xlarge, large_windows_16_latest] - fail-fast: false - steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 - with: - persist-credentials: 'false' - token: ${{ env.CHECKOUT_TOKEN }} - - - name: Install latest stable - uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # zizmor: ignore[stale-action-refs] this action doesn't create releases - with: - toolchain: stable - - - name: Build Release tfhe full - run: | - make build_tfhe_full + uses: ./.github/workflows/cargo_build_common.yml + with: + run-build-tfhe-full: true + # GitHub macos-latest are now M1 macs, so use ours, we limit what runs so it will be fast + # even with a few PRs + extra-runners-to-use: macos-latest-xlarge,large_windows_16_latest + secrets: + BOT_USERNAME: ${{ secrets.BOT_USERNAME }} + SLACK_CHANNEL: ${{ secrets.SLACK_CHANNEL }} + SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} + REPO_CHECKOUT_TOKEN: ${{ secrets.REPO_CHECKOUT_TOKEN }} + JOB_SECRET: ${{ secrets.JOB_SECRET }} + SLAB_ACTION_TOKEN: ${{ secrets.SLAB_ACTION_TOKEN }} + SLAB_URL: ${{ secrets.SLAB_URL }} + SLAB_BASE_URL: ${{ secrets.SLAB_BASE_URL }} build: name: cargo_build/build - runs-on: large_ubuntu_16 - steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 - with: - persist-credentials: 'false' - token: ${{ env.CHECKOUT_TOKEN }} - - - name: Install latest stable - uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # zizmor: ignore[stale-action-refs] this action doesn't create releases - with: - toolchain: stable - - - name: Install and run newline linter checks - run: | - wget https://github.com/fernandrone/linelint/releases/download/0.0.6/linelint-linux-amd64 - echo "16b70fb7b471d6f95cbdc0b4e5dc2b0ac9e84ba9ecdc488f7bdf13df823aca4b linelint-linux-amd64" > checksum - sha256sum -c checksum || exit 1 - chmod +x linelint-linux-amd64 - mv linelint-linux-amd64 /usr/local/bin/linelint - make check_newline - - - name: Build tfhe-csprng - run: | - make build_tfhe_csprng - - - name: Build with MSRV - run: | - make build_tfhe_msrv - - - name: Build coverage tests - run: | - make build_tfhe_coverage + uses: ./.github/workflows/cargo_build_common.yml + with: + run-build: true + secrets: + BOT_USERNAME: ${{ secrets.BOT_USERNAME }} + SLACK_CHANNEL: ${{ secrets.SLACK_CHANNEL }} + SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} + REPO_CHECKOUT_TOKEN: ${{ secrets.REPO_CHECKOUT_TOKEN }} + JOB_SECRET: ${{ secrets.JOB_SECRET }} + SLAB_ACTION_TOKEN: ${{ secrets.SLAB_ACTION_TOKEN }} + SLAB_URL: ${{ secrets.SLAB_URL }} + SLAB_BASE_URL: ${{ secrets.SLAB_BASE_URL }} build-layers: name: cargo_build/build-layers - runs-on: large_ubuntu_16 - steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 - with: - persist-credentials: 'false' - token: ${{ env.CHECKOUT_TOKEN }} - - - name: Install latest stable - uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # zizmor: ignore[stale-action-refs] this action doesn't create releases - with: - toolchain: stable - - - name: Build Release core - run: | - make build_core AVX512_SUPPORT=ON - make build_core_experimental AVX512_SUPPORT=ON - - - name: Build Release boolean - run: | - make build_boolean - - - name: Build Release shortint - run: | - make build_shortint - - - name: Build Release integer - run: | - make build_integer + uses: ./.github/workflows/cargo_build_common.yml + with: + run-build-layers: true + secrets: + BOT_USERNAME: ${{ secrets.BOT_USERNAME }} + SLACK_CHANNEL: ${{ secrets.SLACK_CHANNEL }} + SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} + REPO_CHECKOUT_TOKEN: ${{ secrets.REPO_CHECKOUT_TOKEN }} + JOB_SECRET: ${{ secrets.JOB_SECRET }} + SLAB_ACTION_TOKEN: ${{ secrets.SLAB_ACTION_TOKEN }} + SLAB_URL: ${{ secrets.SLAB_URL }} + SLAB_BASE_URL: ${{ secrets.SLAB_BASE_URL }} build-c-api: name: cargo_build/build-c-api - runs-on: large_ubuntu_16 - steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 - with: - persist-credentials: 'false' - token: ${{ env.CHECKOUT_TOKEN }} - - - name: Install latest stable - uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # zizmor: ignore[stale-action-refs] this action doesn't create releases - with: - toolchain: stable - - - name: Build Release c_api - run: | - make build_c_api - - # The wasm build check is a bit annoying to set-up here and is done during the tests in - # aws_tfhe_tests.yml + uses: ./.github/workflows/cargo_build_common.yml + with: + run-build-c-api: true + secrets: + BOT_USERNAME: ${{ secrets.BOT_USERNAME }} + SLACK_CHANNEL: ${{ secrets.SLACK_CHANNEL }} + SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} + REPO_CHECKOUT_TOKEN: ${{ secrets.REPO_CHECKOUT_TOKEN }} + JOB_SECRET: ${{ secrets.JOB_SECRET }} + SLAB_ACTION_TOKEN: ${{ secrets.SLAB_ACTION_TOKEN }} + SLAB_URL: ${{ secrets.SLAB_URL }} + SLAB_BASE_URL: ${{ secrets.SLAB_BASE_URL }} cargo-builds: name: cargo_build/cargo-builds (bpr) diff --git a/.github/workflows/cargo_build_common.yml b/.github/workflows/cargo_build_common.yml index 6c8f0df78..e7bfcb40f 100644 --- a/.github/workflows/cargo_build_common.yml +++ b/.github/workflows/cargo_build_common.yml @@ -2,16 +2,217 @@ name: cargo_build_common on: workflow_call: + inputs: + run-pcc-cpu-batch: + type: string + run-pcc-hpu: + type: boolean + default: false + run-build: + type: boolean + default: false + run-build-layers: + type: boolean + default: false + run-build-c-api: + type: boolean + default: false + run-build-tfhe-full: + type: boolean + default: false + extra-runners-to-use: # Additional runners to run builds command against + type: string # Use comma separated values to generate an array + default: "" + secrets: + REPO_CHECKOUT_TOKEN: + required: true + SLAB_ACTION_TOKEN: + required: true + SLAB_BASE_URL: + required: true + SLAB_URL: + required: true + JOB_SECRET: + required: true + SLACK_CHANNEL: + required: true + BOT_USERNAME: + required: true + SLACK_WEBHOOK: + required: true -permissions: {} +env: + CARGO_TERM_COLOR: always + RUSTFLAGS: "-C target-cpu=native" + RUST_BACKTRACE: "full" + RUST_MIN_STACK: "8388608" + CHECKOUT_TOKEN: ${{ secrets.REPO_CHECKOUT_TOKEN || secrets.GITHUB_TOKEN }} + # Secrets will be available only to zama-ai organization members + SECRETS_AVAILABLE: ${{ secrets.JOB_SECRET != '' }} + EXTERNAL_CONTRIBUTION_RUNNER: "large_ubuntu_16" + +permissions: + contents: read # zizmor: ignore[concurrency-limits] caller workflow is responsible for the concurrency jobs: - placeholder: - name: cargo_build_common/placeholder + setup-instance: + name: cargo_build_common/setup-instance + if: inputs.run-pcc-cpu-batch || inputs.run-pcc-hpu || inputs.run-build || inputs.run-build-layers || inputs.run-build-tfhe-full || inputs.run-build-c-api runs-on: ubuntu-latest - + outputs: + runner-name: ${{ steps.start-remote-instance.outputs.label || steps.start-github-instance.outputs.runner_group }} steps: - - run: | - echo "Hello this is a placeholder workflow" + - name: Start remote instance + id: start-remote-instance + if: env.SECRETS_AVAILABLE == 'true' + uses: zama-ai/slab-github-runner@79939325c3c429837c10d6041e4fd8589d328bac + with: + mode: start + github-token: ${{ secrets.SLAB_ACTION_TOKEN }} + slab-url: ${{ secrets.SLAB_BASE_URL }} + job-secret: ${{ secrets.JOB_SECRET }} + backend: aws + profile: cpu-small + + # This instance will be spawned especially for pull-request from forked repository + - name: Start GitHub instance + id: start-github-instance + if: env.SECRETS_AVAILABLE == 'false' + run: | + echo "runner_group=${EXTERNAL_CONTRIBUTION_RUNNER}" >> "$GITHUB_OUTPUT" + + prepare-matrix: + name: cargo_build_common/prepare-matrix + runs-on: ubuntu-latest + needs: setup-instance + outputs: + runners: ${{ steps.set_matrix_runners.outputs.runners }} + steps: + - name: Parse runners + shell: python + run: | # zizmor: ignore[template-injection] these env variables are safe + runners = ["${{ needs.setup-instance.outputs.runner-name }}", ] + if "${{ inputs.extra-runners-to-use }}": + split_runners = "${{ inputs.extra-runners-to-use }}".replace(" ", "").split(",") + runners.extend(split_runners) + + with open("${{ github.env }}", "a") as f: + f.write(f"""RUNNERS=["{'", "'.join(runners)}"]\n""") + + - name: Set martix runners outputs + id: set_matrix_runners + run: | # zizmor: ignore[template-injection] these env variable are safe + echo "runners=${{ toJSON(env.RUNNERS) }}" >> "${GITHUB_OUTPUT}" + + builds: + name: cargo_build_common/builds + needs: [ setup-instance, prepare-matrix ] + runs-on: ${{ matrix.runner }} + strategy: + matrix: + runner: ${{ fromJSON(needs.prepare-matrix.outputs.runners) }} + fail-fast: false + steps: + - name: Checkout tfhe-rs repo + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 + with: + persist-credentials: 'false' + token: ${{ env.CHECKOUT_TOKEN }} + + - name: Install latest stable + uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # zizmor: ignore[stale-action-refs] this action doesn't create releases + with: + toolchain: stable + + - name: Run pcc checks batch + if: inputs.run-pcc-cpu-batch + run: | + make "${COMMAND}" + env: + COMMAND: ${{ inputs.run-pcc-cpu-batch }} + + - name: Run Hpu pcc checks + if: inputs.run-pcc-hpu + run: | + make pcc_hpu + + - name: Build Release tfhe full + if: inputs.run-build-tfhe-full + run: | + make build_tfhe_full + + - name: Run newline linter checks + if: inputs.run-build + run: | + make check_newline + + - name: Build tfhe-csprng + if: inputs.run-build + run: | + make build_tfhe_csprng + + - name: Build with MSRV + if: inputs.run-build + run: | + make build_tfhe_msrv + + - name: Build coverage tests + if: inputs.run-build + run: | + make build_tfhe_coverage + + - name: Build Release core + if: inputs.run-build-layers + run: | + make build_core AVX512_SUPPORT=ON + make build_core_experimental AVX512_SUPPORT=ON + + - name: Build Release boolean + if: inputs.run-build-layers + run: | + make build_boolean + + - name: Build Release shortint + if: inputs.run-build-layers + run: | + make build_shortint + + - name: Build Release integer + if: inputs.run-build-layers + run: | + make build_integer + + - name: Build Release c_api + if: inputs.run-build-c-api + run: | + make build_c_api + + # The wasm build check is a bit annoying to set-up here and is done during the tests in + # aws_tfhe_tests.yml + + teardown-instance: + name: cargo_build_common/teardown-instance + if: ${{ always() && needs.setup-instance.result == 'success' }} + needs: [setup-instance, builds] + runs-on: ubuntu-latest + steps: + - name: Stop remote instance + id: stop-instance + if: env.SECRETS_AVAILABLE == 'true' + uses: zama-ai/slab-github-runner@79939325c3c429837c10d6041e4fd8589d328bac + with: + mode: stop + github-token: ${{ secrets.SLAB_ACTION_TOKEN }} + slab-url: ${{ secrets.SLAB_BASE_URL }} + job-secret: ${{ secrets.JOB_SECRET }} + label: ${{ needs.setup-instance.outputs.runner-name }} + + - name: Slack Notification + if: ${{ failure() }} + continue-on-error: true + uses: rtCamp/action-slack-notify@e31e87e03dd19038e411e38ae27cbad084a90661 + env: + SLACK_COLOR: ${{ job.status }} + SLACK_MESSAGE: "Instance teardown (cargo-builds) finished with status: ${{ job.status }}. (${{ env.ACTION_RUN_URL }})" diff --git a/ci/slab.toml b/ci/slab.toml index 48ea2c728..eb3c0472c 100644 --- a/ci/slab.toml +++ b/ci/slab.toml @@ -1,6 +1,6 @@ [backend.aws.cpu-big] region = "eu-west-3" -image_id = "ami-0449b775abf884686" +image_id = "ami-0eda00173fe323828" instance_type = "m6i.32xlarge" user = "ubuntu" @@ -12,7 +12,7 @@ user = "ubuntu" [backend.aws.cpu-small] region = "eu-west-3" -image_id = "ami-0449b775abf884686" +image_id = "ami-0eda00173fe323828" instance_type = "m6i.4xlarge" user = "ubuntu"