[CI] [debian] Containerize testing of standalone #872
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI (Coq, Debian) | |
on: | |
push: | |
branches: [ master , sp2019latest ] | |
pull_request: | |
merge_group: | |
workflow_dispatch: | |
release: | |
types: [published] | |
schedule: | |
- cron: '0 0 1 * *' | |
jobs: | |
build: | |
strategy: | |
fail-fast: false | |
matrix: | |
include: | |
- debian: "sid" | |
#- debian: "bookworm" # restore once 8.17 lands in Debian stable | |
runs-on: 'ubuntu-22.04' | |
name: debian-${{ matrix.debian }} | |
container: debian:${{ matrix.debian }} | |
concurrency: | |
group: ${{ github.workflow }}-${{ matrix.debian }}-${{ github.head_ref || github.run_id }} | |
cancel-in-progress: true | |
steps: | |
- name: install system dependencies | |
run: | | |
apt-get -o Acquire::Retries=30 update -y | |
apt-get -q -y --allow-unauthenticated -o Acquire::Retries=30 install sudo git make time jq python3 python-is-python3 ocaml coq libcoq-core-ocaml-dev libfindlib-ocaml-dev ocaml-findlib cabal-install js-of-ocaml | |
- uses: actions/checkout@v4 | |
with: | |
submodules: recursive | |
- name: container build params | |
run: etc/ci/describe-system-config.sh | |
- name: make deps | |
run: etc/ci/github-actions-make.sh -j2 deps | |
- name: all-except-generated-and-js-of-ocaml | |
run: etc/ci/github-actions-make.sh -j2 all-except-generated-and-js-of-ocaml | |
- name: generated-files | |
run: etc/ci/github-actions-make.sh -j2 generated-files | |
- run: tar -czvf generated-files.tgz fiat-*/ | |
if: ${{ failure() }} | |
- name: upload generated files | |
uses: actions/upload-artifact@v4 | |
with: | |
name: generated-files-${{ matrix.debian }} | |
path: generated-files.tgz | |
if: ${{ failure() }} | |
- name: install-standalone-unified-ocaml | |
run: etc/ci/github-actions-make.sh install-standalone-unified-ocaml BINDIR=dist | |
- name: standalone-js-of-ocaml | |
run: etc/ci/github-actions-make.sh -j2 standalone-js-of-ocaml | |
- name: install-standalone-js-of-ocaml | |
run: etc/ci/github-actions-make.sh install-standalone-js-of-ocaml | |
- name: upload standalone files | |
uses: actions/upload-artifact@v4 | |
with: | |
name: standalone-${{ matrix.debian }} | |
path: dist/fiat_crypto | |
- name: upload standalone js files | |
uses: actions/upload-artifact@v4 | |
with: | |
name: standalone-html-${{ matrix.debian }} | |
path: fiat-html | |
- name: upload OCaml files | |
uses: actions/upload-artifact@v4 | |
with: | |
name: ExtractionOCaml-${{ matrix.debian }} | |
path: src/ExtractionOCaml | |
if: always () | |
- name: upload js_of_ocaml files | |
uses: actions/upload-artifact@v4 | |
with: | |
name: ExtractionJsOfOCaml-${{ matrix.debian }} | |
path: src/ExtractionJsOfOCaml | |
if: always () | |
- name: standalone-haskell | |
run: etc/ci/github-actions-make.sh -j1 standalone-haskell GHCFLAGS='+RTS -M7G -RTS' | |
- name: upload Haskell files | |
uses: actions/upload-artifact@v4 | |
with: | |
name: ExtractionHaskell-${{ matrix.debian }} | |
path: src/ExtractionHaskell | |
if: always () | |
- name: only-test-amd64-files-lite | |
run: etc/ci/github-actions-make.sh -j2 only-test-amd64-files-lite SLOWEST_FIRST=1 | |
- name: install | |
run: sudo etc/ci/github-actions-make.sh EXTERNAL_DEPENDENCIES=1 SKIP_COQSCRIPTS_INCLUDE=1 install install-standalone-ocaml | |
- name: install-without-bedrock2 | |
run: sudo etc/ci/github-actions-make.sh EXTERNAL_DEPENDENCIES=1 SKIP_BEDROCK2=1 install-without-bedrock2 install-standalone-ocaml | |
- name: install-dev | |
run: sudo etc/ci/github-actions-make.sh EXTERNAL_REWRITER=1 EXTERNAL_COQPRIME=1 install install-standalone-ocaml | |
- name: display timing info | |
run: cat time-of-build-pretty.log | |
- name: display per-line timing info | |
run: etc/ci/github-actions-display-per-line-timing.sh | |
test-standalone-host: | |
strategy: | |
fail-fast: false | |
matrix: | |
include: | |
- debian: sid | |
#- debian: bookworm # restore once 8.17 lands in Debian stable | |
runs-on: ubuntu-latest | |
needs: build | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Download standalone ${{ matrix.debian }} | |
uses: actions/download-artifact@v4 | |
with: | |
name: standalone-${{ matrix.debian }} | |
path: dist/ | |
- name: List files | |
run: find dist | |
- run: chmod +x dist/fiat_crypto | |
- name: host build params | |
run: etc/ci/describe-system-config.sh | |
- name: Test files (host) | |
run: | | |
echo "::group::file fiat_crypto" | |
file dist/fiat_crypto | |
echo "::endgroup::" | |
echo "::group::ldd fiat_crypto" | |
ldd dist/fiat_crypto | |
echo "::endgroup::" | |
etc/ci/test-run-fiat-crypto.sh dist/fiat_crypto || { | |
printf '::warning::Debian ${{ matrix.debian }} binary does not run on ubuntu: %s\n' \ | |
"$(etc/ci/test-run-fiat-crypto.sh dist/fiat_crypto 2>&1 | tr '\n' '~' | sed 's/~/%0A/g')"; | |
} | |
test-standalone-container: | |
strategy: | |
fail-fast: false | |
matrix: | |
include: | |
- debian: sid | |
#- debian: bookworm # restore once 8.17 lands in Debian stable | |
runs-on: ubuntu-latest | |
container: debian:${{ matrix.debian }} | |
needs: build | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Download standalone ${{ matrix.debian }} | |
uses: actions/download-artifact@v4 | |
with: | |
name: standalone-${{ matrix.debian }} | |
path: dist/ | |
- name: install system dependencies | |
run: | | |
apt-get -o Acquire::Retries=30 update -y | |
apt-get -q -y --allow-unauthenticated -o Acquire::Retries=30 install sudo time file | |
- name: List files | |
run: find dist | |
- run: chmod +x dist/fiat_crypto | |
- name: host build params | |
run: etc/ci/describe-system-config.sh | |
- name: Test files (container) | |
run: | | |
echo "::group::file fiat_crypto" | |
file dist/fiat_crypto | |
echo "::endgroup::" | |
echo "::group::ldd fiat_crypto" | |
ldd dist/fiat_crypto | |
echo "::endgroup::" | |
etc/ci/test-run-fiat-crypto.sh dist/fiat_crypto | |
publish-standalone-dry-run: | |
runs-on: ubuntu-latest | |
needs: build | |
# permissions: | |
# contents: write # IMPORTANT: mandatory for making GitHub Releases | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 # Fetch all history for all tags and branches | |
tags: true # Fetch all tags as well, `fetch-depth: 0` might be sufficient depending on Git version | |
- name: Download standalone sid | |
uses: actions/download-artifact@v4 | |
with: | |
name: standalone-sid | |
path: dist/ | |
- name: List files | |
run: find dist | |
- name: Rename files | |
run: | | |
echo "::group::find arch" | |
arch="$(etc/ci/find-arch.sh dist/fiat_crypto "unknown")" | |
tag="$(git describe --tags HEAD)" | |
fname="Fiat-Cryptography_${tag}_Linux_debian_sid_${arch}" | |
echo "$fname" | |
mv dist/fiat_crypto "dist/$fname" | |
find dist | |
# - name: Upload artifacts to GitHub Release | |
# env: | |
# GITHUB_TOKEN: ${{ github.token }} | |
# # Upload to GitHub Release using the `gh` CLI. | |
# # `dist/` contains the built packages | |
# run: >- | |
# gh release upload | |
# '${{ github.ref_name }}' dist/** | |
# --repo '${{ github.repository }}' | |
# if: ${{ startsWith(github.ref, 'refs/tags/') && github.event_name == 'release' }} | |
debian-check-all: | |
runs-on: ubuntu-latest | |
needs: [build, test-standalone-host, test-standalone-container, publish-standalone-dry-run] | |
if: always() | |
steps: | |
- run: echo 'build passed' | |
if: ${{ needs.build.result == 'success' }} | |
- run: echo 'test-standalone-host passed' | |
if: ${{ needs.test-standalone-host.result == 'success' }} | |
- run: echo 'test-standalone-container passed' | |
if: ${{ needs.test-standalone-container.result == 'success' }} | |
- run: echo 'publish-standalone-dry-run passed' | |
if: ${{ needs.publish-standalone-dry-run.result == 'success' }} | |
- run: echo 'build failed' && false | |
if: ${{ needs.build.result != 'success' }} | |
- run: echo 'test-standalone-host failed' && false | |
if: ${{ needs.test-standalone-host.result != 'success' }} | |
- run: echo 'test-standalone-container failed' && false | |
if: ${{ needs.test-standalone-container.result != 'success' }} | |
- run: echo 'publish-standalone-dry-run failed' && false | |
if: ${{ needs.publish-standalone-dry-run.result != 'success' }} |