CI: Introduce a dedicated workflow for AWS-LC integration #4
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # SPDX-License-Identifier: Apache-2.0 | ||
| name: AWS-LC | ||
| permissions: | ||
| contents: read | ||
| on: | ||
| workflow_dispatch: | ||
| push: | ||
| branches: ["main"] | ||
| pull_request: | ||
| branches: ["main"] | ||
| types: [ "opened", "synchronize" ] | ||
| concurrency: | ||
| group: ${{ github.workflow }}-${{ github.ref }} | ||
| cancel-in-progress: true | ||
| jobs: | ||
| aws_lc_integration_fips: | ||
| strategy: | ||
| fail-fast: false | ||
| matrix: | ||
| system: [ubuntu-latest, pqcp-arm64] | ||
| fips: [0,1] | ||
| name: AWS-LC FIPS test (${{ matrix.system }}, FIPS=${{ matrix.fips }}) | ||
| runs-on: ${{ matrix.system }} | ||
| steps: | ||
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | ||
| - uses: ./.github/actions/setup-os | ||
| with: | ||
| packages: 'cmake' | ||
| - uses: ./.github/actions/setup-aws-lc | ||
| with: | ||
| repository: 'hanno-becker/aws-lc' | ||
| commit: 'mlkem_native' | ||
| - name: Run importer | ||
| run: | | ||
| cd $AWSLC_DIR/crypto/fipsmodule/ml_kem | ||
| rm -rf mlkem | ||
| GITHUB_REPOSITORY=$GITHUB_REPOSITORY GITHUB_SHA=$GITHUB_SHA ./importer.sh | ||
| - name: Build+Test AWS-LC (FIPS=${{ matrix.fips }}) | ||
| run: | | ||
| cd $AWSLC_DIR | ||
| mkdir build | ||
| cd build | ||
| cmake -DFIPS=${{ matrix.fips }} .. | ||
| cd .. | ||
| cmake --build ./build --target all | ||
| cmake --build ./build --target run_tests | ||
| posix: | ||
| # This is a parallelization of the run_posix_tests.sh script | ||
| strategy: | ||
| max-parallel: 8 | ||
| fail-fast: false | ||
| matrix: | ||
| system: [ubuntu-latest, pqcp-arm64, macos-latest, macos-13] | ||
| test: | ||
| - name: Debug mode | ||
| flags: -DENABLE_DILITHIUM=ON | ||
| - name: Release mode | ||
| flags: -DCMAKE_BUILD_TYPE=Release -DENABLE_DILITHIUM=ON | ||
| - name: Dilithium disabled | ||
| flags: -DENABLE_DILITHIUM=OFF | ||
| - name: Small compilation | ||
| flags: -DOPENSSL_SMALL=1 -DCMAKE_BUILD_TYPE=Release -DENABLE_DILITHIUM=ON | ||
| - name: LibSSL off. | ||
| flags: -DBUILD_LIBSSL=OFF -DCMAKE_BUILD_TYPE=Release -DENABLE_DILITHIUM=ON | ||
| - name: No-ASM | ||
| flags: -DOPENSSL_NO_ASM=1 -DCMAKE_BUILD_TYPE=Release -DENABLE_DILITHIUM=ON | ||
| - name: Shared | ||
| flags: -DBUILD_SHARED_LIBS=1 -DCMAKE_BUILD_TYPE=Release -DENABLE_DILITHIUM=ON | ||
| - name: Pre-Gen ASM | ||
| flags: -DDISABLE_PERL=ON -DENABLE_DILITHIUM=ON | ||
| - name: DIT | ||
| flags: -DENABLE_DATA_INDEPENDENT_TIMING=ON -DCMAKE_BUILD_TYPE=Release -DENABLE_DILITHIUM=ON | ||
| name: Posix test (${{ matrix.test.name }}, ${{ matrix.system }}) | ||
| runs-on: ${{ matrix.system }} | ||
| steps: | ||
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | ||
| - uses: ./.github/actions/setup-os | ||
| with: | ||
| packages: 'cmake golang' | ||
| - uses: ./.github/actions/setup-aws-lc | ||
| with: | ||
| repository: 'hanno-becker/aws-lc' | ||
| commit: 'mlkem_native' | ||
| - name: Run importer | ||
| run: | | ||
| cd $AWSLC_DIR/crypto/fipsmodule/ml_kem | ||
| GITHUB_REPOSITORY=$GITHUB_REPOSITORY GITHUB_SHA=$GITHUB_SHA ./importer.sh | ||
| - name: Run test | ||
| run: | | ||
| cd $AWSLC_DIR | ||
| source tests/ci/common_posix_setup.sh | ||
| build_and_test ${{ matrix.test.flags }} | ||
| posix: | ||
| # This is a parallelization of the run_posix_tests.sh script | ||
| strategy: | ||
| max-parallel: 8 | ||
| fail-fast: false | ||
| matrix: | ||
| system: [ubuntu-latest, pqcp-arm64, macos-latest, macos-13] | ||
| test: | ||
| - name: Testing a prefix build of AWS-LC in debug mode. | ||
| flags: | ||
| - name: Testing a prefix build of AWS-LC in release mode. | ||
| flags: -DCMAKE_BUILD_TYPE=Release | ||
| - name: Testing a prefix build of AWS-LC small compilation. | ||
| flags: -DOPENSSL_SMALL=1 -DCMAKE_BUILD_TYPE=Release | ||
| - name: Testing a prefix build of AWS-LC in no asm mode. | ||
| flags: -DOPENSSL_NO_ASM=1 -DCMAKE_BUILD_TYPE=Release | ||
| name: Prefix test (${{ matrix.test.name }}, ${{ matrix.system }}) | ||
| runs-on: ${{ matrix.system }} | ||
| steps: | ||
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | ||
| - uses: ./.github/actions/setup-os | ||
| with: | ||
| packages: 'cmake golang' | ||
| - uses: ./.github/actions/setup-aws-lc | ||
| with: | ||
| repository: 'hanno-becker/aws-lc' | ||
| commit: 'mlkem_native' | ||
| - name: Run importer | ||
| run: | | ||
| cd $AWSLC_DIR/crypto/fipsmodule/ml_kem | ||
| GITHUB_REPOSITORY=$GITHUB_REPOSITORY GITHUB_SHA=$GITHUB_SHA ./importer.sh | ||
| - name: Run test | ||
| run: | | ||
| cd $AWSLC_DIR | ||
| source tests/ci/common_posix_setup.sh | ||
| build_prefix_and_test ${{ matrix.flags }} | ||
