mirror of
https://github.com/zama-ai/tfhe-rs.git
synced 2026-01-07 22:04:10 -05:00
031c3fe34f
Bumps [actions/checkout](https://github.com/actions/checkout) from 6.0.0 to 6.0.1.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](1af3b93b68...8e8c483db8)
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-version: 6.0.1
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
154 lines
5.5 KiB
YAML
154 lines
5.5 KiB
YAML
# Perform a security check on all the cryptographic parameters set
|
|
name: parameters_check
|
|
|
|
env:
|
|
CARGO_TERM_COLOR: always
|
|
ACTION_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
|
|
RUSTFLAGS: "-C target-cpu=native"
|
|
# Secrets will be available only to zama-ai organization members
|
|
SECRETS_AVAILABLE: ${{ secrets.JOB_SECRET != '' }}
|
|
EXTERNAL_CONTRIBUTION_RUNNER: "large_ubuntu_16"
|
|
|
|
on:
|
|
pull_request:
|
|
paths:
|
|
- '.github/workflows/parameters_check.yml'
|
|
- 'ci/lattice_estimator.sage'
|
|
- 'tfhe/examples/utilities/params_to_file.rs'
|
|
- 'tfhe/src/shortint/parameters/*'
|
|
push:
|
|
branches:
|
|
- "main"
|
|
workflow_dispatch:
|
|
|
|
permissions: {}
|
|
|
|
# zizmor: ignore[concurrency-limits] only Zama organization members and GitHub can trigger this workflow
|
|
|
|
jobs:
|
|
setup-instance:
|
|
name: parameters_check/setup-instance
|
|
if:
|
|
(github.event_name == 'push' && github.repository == 'zama-ai/tfhe-rs') ||
|
|
github.event_name == 'workflow_dispatch'
|
|
runs-on: ubuntu-latest
|
|
outputs:
|
|
runner-name: ${{ steps.start-remote-instance.outputs.label || steps.start-github-instance.outputs.runner_group }}
|
|
steps:
|
|
- name: Start remote instance
|
|
id: start-remote-instance
|
|
if: env.SECRETS_AVAILABLE == 'true'
|
|
uses: zama-ai/slab-github-runner@973c1d22702de8d0acd2b34e83404c96ed92c264 # v1.4.2
|
|
with:
|
|
mode: start
|
|
github-token: ${{ secrets.SLAB_ACTION_TOKEN }}
|
|
slab-url: ${{ secrets.SLAB_BASE_URL }}
|
|
job-secret: ${{ secrets.JOB_SECRET }}
|
|
backend: aws
|
|
profile: cpu-small
|
|
|
|
# This instance will be spawned especially for pull-request from forked repository
|
|
- name: Start GitHub instance
|
|
id: start-github-instance
|
|
if: env.SECRETS_AVAILABLE == 'false'
|
|
run: |
|
|
echo "runner_group=${EXTERNAL_CONTRIBUTION_RUNNER}" >> "$GITHUB_OUTPUT"
|
|
|
|
params-curves-security-check:
|
|
name: parameters_check/params-curves-security-check
|
|
needs: setup-instance
|
|
runs-on: ${{ needs.setup-instance.outputs.runner-name }}
|
|
steps:
|
|
- name: Checkout tfhe-rs
|
|
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
|
|
with:
|
|
persist-credentials: 'false'
|
|
token: ${{ secrets.REPO_CHECKOUT_TOKEN }}
|
|
|
|
- name: Install latest stable
|
|
uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # zizmor: ignore[stale-action-refs] this action doesn't create releases
|
|
with:
|
|
toolchain: stable
|
|
|
|
- name: Checkout lattice-estimator
|
|
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
|
|
with:
|
|
repository: malb/lattice-estimator
|
|
path: lattice_estimator
|
|
ref: '352ddaf4a288a0543f5d9eb588d2f89c7acec463'
|
|
persist-credentials: 'false'
|
|
|
|
- name: Install Sage
|
|
run: |
|
|
sudo apt update
|
|
sudo apt install -y sagemath
|
|
|
|
- name: Collect parameters
|
|
run: |
|
|
CARGO_PROFILE=devo make write_params_to_file
|
|
|
|
- name: Get start time
|
|
if: ${{ always() }}
|
|
id: start-time
|
|
run: |
|
|
echo "value=$(date +%s)" >> "${GITHUB_OUTPUT}"
|
|
|
|
- name: Perform security check
|
|
run: |
|
|
PYTHONPATH=lattice_estimator sage ci/lattice_estimator.sage
|
|
|
|
- name: Get time elapsed
|
|
if: ${{ always() }}
|
|
shell: python
|
|
env:
|
|
START_DATE: ${{ steps.start-time.outputs.value }}
|
|
run: |
|
|
import datetime
|
|
import math
|
|
import os
|
|
|
|
env_file = os.environ["GITHUB_ENV"]
|
|
|
|
start_date = datetime.datetime.fromtimestamp(int(os.environ["START_DATE"]))
|
|
end_date = datetime.datetime.now()
|
|
total_minutes = math.floor((end_date - start_date).total_seconds() / 60)
|
|
|
|
with open(env_file, "a") as f:
|
|
f.write(f"TIME_ELAPSED={total_minutes}\n")
|
|
|
|
- name: Slack Notification
|
|
if: ${{ always() }}
|
|
continue-on-error: true
|
|
uses: rtCamp/action-slack-notify@e31e87e03dd19038e411e38ae27cbad084a90661
|
|
env:
|
|
SLACK_COLOR: ${{ job.status }}
|
|
SLACK_CHANNEL: ${{ secrets.SLACK_CHANNEL }}
|
|
SLACK_ICON: https://pbs.twimg.com/profile_images/1274014582265298945/OjBKP9kn_400x400.png
|
|
SLACK_MESSAGE: "Security check for parameters finished with status: ${{ job.status }} (analysis took: ${{ env.TIME_ELAPSED }} mins). (${{ env.ACTION_RUN_URL }})"
|
|
SLACK_USERNAME: ${{ secrets.BOT_USERNAME }}
|
|
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
|
|
|
|
teardown-instance:
|
|
name: parameters_check/teardown-instance
|
|
if: ${{ always() && needs.setup-instance.result == 'success' }}
|
|
needs: [setup-instance, params-curves-security-check]
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Stop remote instance
|
|
id: stop-instance
|
|
if: env.SECRETS_AVAILABLE == 'true'
|
|
uses: zama-ai/slab-github-runner@973c1d22702de8d0acd2b34e83404c96ed92c264 # v1.4.2
|
|
with:
|
|
mode: stop
|
|
github-token: ${{ secrets.SLAB_ACTION_TOKEN }}
|
|
slab-url: ${{ secrets.SLAB_BASE_URL }}
|
|
job-secret: ${{ secrets.JOB_SECRET }}
|
|
label: ${{ needs.setup-instance.outputs.runner-name }}
|
|
|
|
- name: Slack Notification
|
|
if: ${{ failure() }}
|
|
uses: rtCamp/action-slack-notify@e31e87e03dd19038e411e38ae27cbad084a90661
|
|
env:
|
|
SLACK_COLOR: ${{ job.status }}
|
|
SLACK_MESSAGE: "Instance teardown (params-curves-security-check) finished with status: ${{ job.status }}. (${{ env.ACTION_RUN_URL }})"
|