# Run backward compatibility tests name: aws_tfhe_backward_compat_tests env: CARGO_TERM_COLOR: always ACTION_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} RUSTFLAGS: "-C target-cpu=native" RUST_BACKTRACE: "full" RUST_MIN_STACK: "8388608" SLACK_CHANNEL: ${{ secrets.SLACK_CHANNEL }} SLACK_ICON: https://pbs.twimg.com/profile_images/1274014582265298945/OjBKP9kn_400x400.png SLACK_USERNAME: ${{ secrets.BOT_USERNAME }} SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} SLACKIFY_MARKDOWN: true PULL_REQUEST_MD_LINK: "" CHECKOUT_TOKEN: ${{ secrets.REPO_CHECKOUT_TOKEN || secrets.GITHUB_TOKEN }} # Secrets will be available only to zama-ai organization members SECRETS_AVAILABLE: ${{ secrets.JOB_SECRET != '' }} EXTERNAL_CONTRIBUTION_RUNNER: "large_ubuntu_16" on: # Allows you to run this workflow manually from the Actions tab as an alternative. workflow_dispatch: pull_request: push: branches: - main permissions: contents: read # zizmor: ignore[concurrency-limits] concurrency is managed after instance setup to ensure safe provisioning jobs: setup-instance: name: aws_tfhe_backward_compat_tests/setup-instance runs-on: ubuntu-latest outputs: runner-name: ${{ steps.start-remote-instance.outputs.label || steps.start-github-instance.outputs.runner_group }} steps: - name: Start remote instance id: start-remote-instance if: env.SECRETS_AVAILABLE == 'true' uses: zama-ai/slab-github-runner@973c1d22702de8d0acd2b34e83404c96ed92c264 # v1.4.2 with: mode: start github-token: ${{ secrets.SLAB_ACTION_TOKEN }} slab-url: ${{ secrets.SLAB_BASE_URL }} job-secret: ${{ secrets.JOB_SECRET }} backend: aws profile: cpu-small # This instance will be spawned especially for pull-request from forked repository - name: Start GitHub instance id: start-github-instance if: env.SECRETS_AVAILABLE == 'false' run: | echo "runner_group=${EXTERNAL_CONTRIBUTION_RUNNER}" >> "$GITHUB_OUTPUT" backward-compat-tests: name: aws_tfhe_backward_compat_tests/backward-compat-tests (bpr) needs: [ setup-instance ] runs-on: ${{ needs.setup-instance.outputs.runner-name }} concurrency: group: ${{ github.workflow_ref }}${{ github.ref == 'refs/heads/main' && github.sha || '' }} cancel-in-progress: ${{ github.ref != 'refs/heads/main' }} steps: - name: Checkout tfhe-rs uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 with: persist-credentials: 'true' # Needed to pull lfs data token: ${{ env.CHECKOUT_TOKEN }} # Cache key is an aggregated hash of lfs files hashes - name: Get LFS data sha id: hash-lfs-data run: | SHA=$(git lfs ls-files -l -I utils/tfhe-backward-compat-data | sha256sum | cut -d' ' -f1) echo "sha=${SHA}" >> "${GITHUB_OUTPUT}" - name: Retrieve data from cache id: retrieve-data-cache uses: actions/cache/restore@0057852bfaa89a56745cba8c7296529d2fc39830 #v4.3.0 with: path: | utils/tfhe-backward-compat-data/**/*.cbor utils/tfhe-backward-compat-data/**/*.bcode key: ${{ steps.hash-lfs-data.outputs.sha }} - name: Pull test data if: steps.retrieve-data-cache.outputs.cache-hit != 'true' run: | make pull_backward_compat_data # Pull token was stored by action/checkout to be used by lfs, we don't need it anymore - name: Remove git credentials run: | # Starting version 6.0, action/checkout uses a dedicated file for git credentials git config --local --unset-all http.https://github.com/.extraheader || rm "${RUNNER_TEMP}"/git-credentials-*.config - name: Install latest stable uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # zizmor: ignore[stale-action-refs] this action doesn't create releases with: toolchain: stable - name: Run backward compatibility tests run: | make test_backward_compatibility_ci - name: Store data in cache if: steps.retrieve-data-cache.outputs.cache-hit != 'true' continue-on-error: true uses: actions/cache/save@0057852bfaa89a56745cba8c7296529d2fc39830 #v4.3.0 with: path: | utils/tfhe-backward-compat-data/**/*.cbor utils/tfhe-backward-compat-data/**/*.bcode key: ${{ steps.hash-lfs-data.outputs.sha }} - name: Set pull-request URL if: ${{ failure() && github.event_name == 'pull_request' }} run: | echo "PULL_REQUEST_MD_LINK=[pull-request](${PR_BASE_URL}${PR_NUMBER}), " >> "${GITHUB_ENV}" env: PR_BASE_URL: ${{ vars.PR_BASE_URL }} PR_NUMBER: ${{ github.event.pull_request.number }} - name: Slack Notification if: ${{ failure() || (cancelled() && github.event_name != 'pull_request') }} continue-on-error: true uses: rtCamp/action-slack-notify@e31e87e03dd19038e411e38ae27cbad084a90661 env: SLACK_COLOR: ${{ job.status }} SLACK_MESSAGE: "Backward compatibility tests finished with status: ${{ job.status }}. (${{ env.PULL_REQUEST_MD_LINK }}[action run](${{ env.ACTION_RUN_URL }}))" teardown-instance: name: aws_tfhe_backward_compat_tests/teardown-instance if: ${{ always() && needs.setup-instance.result == 'success' }} needs: [ setup-instance, backward-compat-tests ] runs-on: ubuntu-latest steps: - name: Stop remote instance id: stop-instance if: env.SECRETS_AVAILABLE == 'true' uses: zama-ai/slab-github-runner@973c1d22702de8d0acd2b34e83404c96ed92c264 # v1.4.2 with: mode: stop github-token: ${{ secrets.SLAB_ACTION_TOKEN }} slab-url: ${{ secrets.SLAB_BASE_URL }} job-secret: ${{ secrets.JOB_SECRET }} label: ${{ needs.setup-instance.outputs.runner-name }} - name: Slack Notification if: ${{ failure() }} uses: rtCamp/action-slack-notify@e31e87e03dd19038e411e38ae27cbad084a90661 env: SLACK_COLOR: ${{ job.status }} SLACK_MESSAGE: "Instance teardown (backward-compat-tests) finished with status: ${{ job.status }}. (${{ env.ACTION_RUN_URL }})"