name: csprng_randomness_tests env: CARGO_TERM_COLOR: always ACTION_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} RUSTFLAGS: "-C target-cpu=native" RUST_BACKTRACE: "full" RUST_MIN_STACK: "8388608" SLACK_CHANNEL: ${{ secrets.SLACK_CHANNEL }} SLACK_ICON: https://pbs.twimg.com/profile_images/1274014582265298945/OjBKP9kn_400x400.png SLACK_USERNAME: ${{ secrets.BOT_USERNAME }} SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} CHECKOUT_TOKEN: ${{ secrets.REPO_CHECKOUT_TOKEN || secrets.GITHUB_TOKEN }} # Secrets will be available only to zama-ai organization members SECRETS_AVAILABLE: ${{ secrets.JOB_SECRET != '' }} EXTERNAL_CONTRIBUTION_RUNNER: "large_ubuntu_16" on: # Allows you to run this workflow manually from the Actions tab as an alternative. workflow_dispatch: pull_request: types: [ labeled ] permissions: contents: read # zizmor: ignore[concurrency-limits] concurrency is managed after instance setup to ensure safe provisioning jobs: setup-instance: name: csprng_randomness_tests/setup-instance if: ${{ github.event_name == 'workflow_dispatch' || contains(github.event.label.name, 'approved') }} runs-on: ubuntu-latest outputs: runner-name: ${{ steps.start-remote-instance.outputs.label || steps.start-github-instance.outputs.runner_group }} steps: - name: Start remote instance id: start-remote-instance if: env.SECRETS_AVAILABLE == 'true' uses: zama-ai/slab-github-runner@973c1d22702de8d0acd2b34e83404c96ed92c264 # v1.4.2 with: mode: start github-token: ${{ secrets.SLAB_ACTION_TOKEN }} slab-url: ${{ secrets.SLAB_BASE_URL }} job-secret: ${{ secrets.JOB_SECRET }} backend: aws profile: cpu-small # This instance will be spawned especially for pull-request from forked repository - name: Start GitHub instance id: start-github-instance if: env.SECRETS_AVAILABLE == 'false' run: | echo "runner_group=${EXTERNAL_CONTRIBUTION_RUNNER}" >> "$GITHUB_OUTPUT" csprng-randomness-tests: name: csprng_randomness_tests/csprng-randomness-tests needs: setup-instance concurrency: group: ${{ github.workflow_ref }}_${{ github.sha }}_${{ github.event_name }} cancel-in-progress: true runs-on: ${{ needs.setup-instance.outputs.runner-name }} steps: - name: Checkout tfhe-rs uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 with: persist-credentials: 'false' token: ${{ env.CHECKOUT_TOKEN }} - name: Install latest stable uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # zizmor: ignore[stale-action-refs] this action doesn't create releases with: toolchain: stable - name: Dieharder randomness test suite run: | make dieharder_csprng - name: Slack Notification if: ${{ failure() || (cancelled() && github.event_name != 'pull_request') }} continue-on-error: true uses: rtCamp/action-slack-notify@e31e87e03dd19038e411e38ae27cbad084a90661 env: SLACK_COLOR: ${{ job.status }} SLACK_MESSAGE: "tfhe-csprng randomness check finished with status: ${{ job.status }}. (${{ env.ACTION_RUN_URL }})" teardown-instance: name: csprng_randomness_tests/teardown-instance if: ${{ always() && needs.setup-instance.result == 'success' }} needs: [ setup-instance, csprng-randomness-tests ] runs-on: ubuntu-latest steps: - name: Stop remote instance id: stop-instance if: env.SECRETS_AVAILABLE == 'true' uses: zama-ai/slab-github-runner@973c1d22702de8d0acd2b34e83404c96ed92c264 # v1.4.2 with: mode: stop github-token: ${{ secrets.SLAB_ACTION_TOKEN }} slab-url: ${{ secrets.SLAB_BASE_URL }} job-secret: ${{ secrets.JOB_SECRET }} label: ${{ needs.setup-instance.outputs.runner-name }} - name: Slack Notification if: ${{ failure() }} uses: rtCamp/action-slack-notify@e31e87e03dd19038e411e38ae27cbad084a90661 env: SLACK_COLOR: ${{ job.status }} SLACK_MESSAGE: "Instance teardown (csprng-randomness-tests) finished with status: ${{ job.status }}. (${{ env.ACTION_RUN_URL }})"