CI: Introduce a dedicated workflow for AWS-LC integration

Signed-off-by: Hanno Becker <beckphan@amazon.co.uk>
pq-code-package · Feb 6, 2025 · 7b42f21 · 7b42f21
1 parent 9cd852d
commit 7b42f21
Show file tree

Hide file tree

Showing 2 changed files with 96 additions and 56 deletions.
diff --git a/.github/workflows/aws_lc.yml b/.github/workflows/aws_lc.yml
@@ -0,0 +1,96 @@
+# SPDX-License-Identifier: Apache-2.0
+
+name: AWS-LC Integration tests
+permissions:
+  contents: read
+on:
+  workflow_dispatch:
+  push:
+    branches: ["main"]
+  pull_request:
+    branches: ["main"]
+    types: [ "opened", "synchronize" ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  aws_lc_integration_fips:
+    strategy:
+      fail-fast: false
+      matrix:
+        system: [ubuntu-latest, pqcp-arm64]
+        fips: [0,1]
+    name: AWS-LC FIPS test (${{ matrix.system }}, FIPS=${{ matrix.fips }})
+    runs-on: ${{ matrix.system }}
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: ./.github/actions/setup-os
+        with:
+          packages: 'cmake'
+      - uses: ./.github/actions/setup-aws-lc
+        with:
+          repository: 'hanno-becker/aws-lc'
+          commit: 'mlkem_native'
+      - name: Run importer
+        run: |
+          cd $AWSLC_DIR/crypto/fipsmodule/ml_kem
+          rm -rf mlkem
+          GITHUB_REPOSITORY=$GITHUB_REPOSITORY GITHUB_SHA=$GITHUB_SHA ./importer.sh
+      - name: Build+Test AWS-LC (FIPS=${{ matrix.fips }})
+        run: |
+          cd $AWSLC_DIR
+          mkdir build
+          cd build
+          cmake -DFIPS=${{ matrix.fips }} ..
+          cd ..
+
+          cmake --build ./build --target all
+          cmake --build ./build --target run_tests
+  aws_lc_integration_posix:
+    # This is a parallelization of the run_posix_tests.sh script
+    strategy:
+      max-parallel: 12
+      fail-fast: false
+      matrix:
+        system: [ubuntu-latest, pqcp-arm64, macos-latest, macos-13]
+        test:
+          - name: Debug mode
+            flags: -DENABLE_DILITHIUM=ON
+          - name: Release mode
+            flags: -DCMAKE_BUILD_TYPE=Release -DENABLE_DILITHIUM=ON
+          - name: Dilithium disabled
+            flags: -DENABLE_DILITHIUM=OFF
+          - name: Small compilation
+            flags: -DOPENSSL_SMALL=1 -DCMAKE_BUILD_TYPE=Release -DENABLE_DILITHIUM=ON
+          - name: LibSSL off.
+            flags: -DBUILD_LIBSSL=OFF -DCMAKE_BUILD_TYPE=Release -DENABLE_DILITHIUM=ON
+          - name: No-ASM
+            flags: -DOPENSSL_NO_ASM=1 -DCMAKE_BUILD_TYPE=Release -DENABLE_DILITHIUM=ON
+          - name: Shared
+            flags: -DBUILD_SHARED_LIBS=1 -DCMAKE_BUILD_TYPE=Release -DENABLE_DILITHIUM=ON
+          - name: Pre-Gen ASM
+            flags: -DDISABLE_PERL=ON -DENABLE_DILITHIUM=ON
+          - name: DIT
+            flags: -DENABLE_DATA_INDEPENDENT_TIMING=ON -DCMAKE_BUILD_TYPE=Release -DENABLE_DILITHIUM=ON
+    name: AWS-LC Posix test (${{ matrix.test.name }}, ${{ matrix.system }})
+    runs-on: ${{ matrix.system }}
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: ./.github/actions/setup-os
+        with:
+          packages: 'cmake golang'
+      - uses: ./.github/actions/setup-aws-lc
+        with:
+          repository: 'hanno-becker/aws-lc'
+          commit: 'mlkem_native'
+      - name: Run importer
+        run: |
+          cd $AWSLC_DIR/crypto/fipsmodule/ml_kem
+          GITHUB_REPOSITORY=$GITHUB_REPOSITORY GITHUB_SHA=$GITHUB_SHA ./importer.sh
+      - name: Run test
+        run: |
+          cd $AWSLC_DIR
+          source tests/ci/common_posix_setup.sh
+          build_and_test ${{ matrix.test.flags }}
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -217,62 +217,6 @@ jobs:
             ./scripts/autogen ${{ matrix.backend.arg }} ${{ matrix.simplify.arg }}
             make clean
             OPT=1 make quickcheck
-  aws_lc_integration_fips:
-    strategy:
-      fail-fast: false
-      matrix:
-        system: [ubuntu-latest, pqcp-arm64]
-        fips: [0,1]
-    name: AWS-LC FIPS test (${{ matrix.system }}, FIPS=${{ matrix.fips }})
-    runs-on: ${{ matrix.system }}
-    steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-      - uses: ./.github/actions/setup-os
-        with:
-          packages: 'cmake'
-      - uses: ./.github/actions/setup-aws-lc
-        with:
-          repository: 'hanno-becker/aws-lc'
-          commit: 'mlkem_native'
-      - name: Run importer
-        run: |
-          cd $AWSLC_DIR/crypto/fipsmodule/ml_kem
-          rm -rf mlkem
-          GITHUB_REPOSITORY=$GITHUB_REPOSITORY GITHUB_SHA=$GITHUB_SHA ./importer.sh
-      - name: Build+Test AWS-LC (FIPS=${{ matrix.fips }})
-        run: |
-          cd $AWSLC_DIR
-          mkdir build
-          cd build
-          cmake -DFIPS=${{ matrix.fips }} ..
-          cd ..
-
-          cmake --build ./build --target all
-          cmake --build ./build --target run_tests
-  aws_lc_integration_posix:
-    strategy:
-      fail-fast: false
-      matrix:
-        system: [ubuntu-latest, pqcp-arm64, macos-latest]
-    name: AWS-LC Posix test (${{ matrix.system }})
-    runs-on: ${{ matrix.system }}
-    steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-      - uses: ./.github/actions/setup-os
-        with:
-          packages: 'cmake golang'
-      - uses: ./.github/actions/setup-aws-lc
-        with:
-          repository: 'hanno-becker/aws-lc'
-          commit: 'mlkem_native'
-      - name: Run importer
-        run: |
-          cd $AWSLC_DIR/crypto/fipsmodule/ml_kem
-          GITHUB_REPOSITORY=$GITHUB_REPOSITORY GITHUB_SHA=$GITHUB_SHA ./importer.sh
-      - name: Run POSIX tests
-        run: |
-          cd $AWSLC_DIR
-          ./tests/ci/run_posix_tests.sh
   build_kat:
     needs: [quickcheck, quickcheck-windows, quickcheck-c90, quickcheck-lib, examples, lint, lint-markdown-link]
     strategy: