| version: 2.1 |
| |
| require_stylecheck: &require_stylecheck |
| requires: |
| - stylecheck |
| |
| require_buildcheck: &require_buildcheck |
| requires: |
| - stylecheck |
| - buildcheck |
| |
| require_testapproval: &require_testapproval |
| requires: |
| - stylecheck |
| - buildcheck |
| - testapproval |
| |
| # CircleCI doesn't handle large file sets properly for local builds |
| # https://github.com/CircleCI-Public/circleci-cli/issues/281#issuecomment-472808051 |
| localCheckout: &localCheckout |
| run: |- |
| PROJECT_PATH=$(cd ${CIRCLE_WORKING_DIRECTORY}; pwd) |
| mkdir -p ${PROJECT_PATH} |
| git config --global --add safe.directory /tmp/_circleci_local_build_repo |
| cd /tmp/_circleci_local_build_repo |
| git ls-files -z | xargs -0 -s 2090860 tar -c | tar -x -C ${PROJECT_PATH} |
| cp -a /tmp/_circleci_local_build_repo/.git ${PROJECT_PATH} |
| |
| jobs: |
| stylecheck: |
| description: Validate formatting of code and documentation |
| docker: |
| - image: openquantumsafe/ci-ubuntu-focal-x86_64:latest |
| # Re-enable iff docker enforces rate limitations without auth: |
| # auth: |
| # username: $DOCKER_LOGIN |
| # password: $DOCKER_PASSWORD |
| steps: |
| - checkout # change this from "checkout" to "*localCheckout" when running CircleCI locally |
| - run: |
| name: Ensure code conventions are upheld |
| command: python3 -m pytest --verbose tests/test_code_conventions.py |
| - run: |
| name: Check that doxygen can parse the documentation |
| command: mkdir -p build/docs && ./scripts/run_doxygen.sh doxygen docs/.Doxyfile build/docs |
| |
| buildcheck: |
| description: Test that we can build a single KEM/Signature pair as part of a minimal build. |
| parameters: |
| CONTAINER: |
| description: "The docker container to use." |
| type: string |
| CMAKE_ARGS: |
| description: "Arguments to pass to CMake." |
| type: string |
| default: '' |
| KEM_NAME: |
| description: "The KEM to build." |
| type: string |
| SIG_NAME: |
| description: "The signature scheme to build." |
| type: string |
| docker: |
| - image: << parameters.CONTAINER >> |
| steps: |
| - checkout # change this from "checkout" to "*localCheckout" when running CircleCI locally |
| - run: |
| name: Configure |
| command: |2 |
| mkdir build && cd build && source ~/.bashrc && \ |
| cmake .. --warn-uninitialized \ |
| -GNinja << parameters.CMAKE_ARGS >> \ |
| -DOQS_MINIMAL_BUILD="KEM_<< parameters.KEM_NAME >>;SIG_<< parameters.SIG_NAME >>" \ |
| > config.log 2>&1 && \ |
| cat config.log && \ |
| cmake -LA .. && ! (grep "uninitialized variable" config.log) |
| - run: |
| name: Build |
| command: ninja |
| working_directory: build |
| |
| linux_oqs: |
| description: A template for running liboqs tests on Linux Docker VMs |
| parameters: |
| CONTAINER: |
| description: "The docker container to use." |
| type: string |
| CMAKE_ARGS: |
| description: "Arguments to pass to CMake." |
| type: string |
| default: '' |
| PYTEST_ARGS: |
| description: "Arguments to pass to pytest." |
| type: string |
| # Not every executor handles --numprocesses=auto being passed to pytest well |
| # See https://github.com/open-quantum-safe/liboqs/issues/738#issuecomment-621394744 |
| default: --numprocesses=auto |
| SKIP_ALGS: |
| description: "Algorithms not to test in test_constant_time." |
| type: string |
| default: '' |
| docker: |
| - image: << parameters.CONTAINER >> |
| # Re-enable iff docker enforces rate limitations without auth: |
| # auth: |
| # username: $DOCKER_LOGIN |
| # password: $DOCKER_PASSWORD |
| steps: |
| - checkout # change this from "checkout" to "*localCheckout" when running CircleCI locally |
| - run: |
| name: Configure |
| command: mkdir build && cd build && source ~/.bashrc && cmake -GNinja << parameters.CMAKE_ARGS >> .. && cmake -LA .. |
| - run: |
| name: Build |
| command: ninja |
| working_directory: build |
| - run: |
| name: Run tests |
| no_output_timeout: 1h |
| command: mkdir -p tmp && python3 -m pytest --verbose --ignore=tests/test_speed.py --ignore=tests/test_code_conventions.py --junitxml=build/test-results/pytest/test-results.xml << parameters.PYTEST_ARGS >> |
| environment: |
| SKIP_ALGS: << parameters.SKIP_ALGS >> |
| - store_test_results: # Note that this command will fail when running CircleCI locally, that is expected behaviour |
| path: build/test-results |
| - store_artifacts: |
| path: build/test-results |
| |
| |
| scan_build: |
| description: Executing scan-build test |
| parameters: |
| CONTAINER: |
| description: "The docker container to use." |
| type: string |
| docker: |
| - image: << parameters.CONTAINER >> |
| steps: |
| - checkout # change this from "checkout" to "*localCheckout" when running CircleCI locally |
| - run: |
| name: Configure |
| command: mkdir build && cd build && pwd && source ~/.bashrc && scan-build-15 cmake -GNinja .. |
| - run: |
| name: Build |
| command: scan-build-15 --status-bugs ninja |
| working_directory: build |
| |
| arm_machine: |
| description: A template for running liboqs tests on ARM(presently only 64) machines |
| parameters: |
| CMAKE_ARGS: |
| description: "Arguments to pass to CMake." |
| type: string |
| default: '' |
| PYTEST_ARGS: |
| description: "Arguments to pass to pytest." |
| type: string |
| # Not every executor handles --numprocesses=auto being passed to pytest well |
| # See https://github.com/open-quantum-safe/liboqs/issues/738#issuecomment-621394744 |
| default: --numprocesses=auto |
| machine: |
| image: default # analogous to ubuntu-latest on GH Actions |
| resource_class: arm.medium |
| steps: |
| - checkout |
| # It seems the machine doesn't contain all preprequisites, and we don't have permission to add them explicitly, |
| # so we can only run in a prepared ARM64 CI image |
| - run: |
| name: Build and run tests in docker |
| no_output_timeout: 1h |
| command: |2 |
| docker run -it -e CMAKE_ARGS="<< parameters.CMAKE_ARGS >>" \ |
| -e PYTEST_ARGS="<< parameters.PYTEST_ARGS >>" \ |
| -v `pwd`:/root/project \ |
| openquantumsafe/ci-ubuntu-focal-arm64:latest bash \ |
| -c 'cd /root/project && \ |
| uname -a && \ |
| mkdir build && cd build && source ~/.bashrc && \ |
| cmake -GNinja -DOQS_STRICT_WARNINGS=ON $CMAKE_ARGS .. && cmake -LA .. && ninja && \ |
| cd .. && mkdir -p tmp && \ |
| python3 -m pytest --verbose \ |
| --ignore=tests/test_code_conventions.py \ |
| --junitxml=build/test-results/pytest/test-results.xml $PYTEST_ARGS' |
| - store_test_results: # Note that this command will fail when running CircleCI locally, that is expected behaviour |
| path: build/test-results |
| - store_artifacts: |
| path: build/test-results |
| |
| trigger-downstream-ci: |
| docker: |
| - image: cimg/base:2020.01 |
| # Re-enable iff docker enforces rate limitations without auth: |
| # auth: |
| # username: $DOCKER_LOGIN |
| # password: $DOCKER_PASSWORD |
| steps: |
| - run: |
| name: Trigger OQS-OpenSSL CI |
| command: |2 |
| curl --silent \ |
| --write-out "\n%{response_code}\n" \ |
| --user ${BUILD_TRIGGER_TOKEN}: \ |
| --request POST \ |
| --header "Content-Type: application/json" \ |
| --data '{ "branch": "OQS-OpenSSL_1_1_1-stable", "parameters": { "run_downstream_tests": true } }' \ |
| https://circleci.com/api/v2/project/gh/open-quantum-safe/openssl/pipeline | tee curl_out \ |
| && grep -q "201" curl_out |
| |
| - run: |
| name: Trigger OQS-BoringSSL CI |
| command: |2 |
| curl --silent \ |
| --write-out "\n%{response_code}\n" \ |
| --user ${BUILD_TRIGGER_TOKEN}: \ |
| --request POST \ |
| --header "Content-Type: application/json" \ |
| --data '{ "branch": "master", "parameters": { "run_downstream_tests": true } }' \ |
| https://circleci.com/api/v2/project/gh/open-quantum-safe/boringssl/pipeline | tee curl_out \ |
| && grep -q "201" curl_out |
| - run: |
| name: Trigger OQS-OpenSSH CI |
| command: |2 |
| curl --silent \ |
| --write-out "\n%{response_code}\n" \ |
| --user ${BUILD_TRIGGER_TOKEN}: \ |
| --request POST \ |
| --header "Content-Type: application/json" \ |
| --data '{ "branch": "OQS-v8", "parameters": { "run_downstream_tests": true } }' \ |
| https://circleci.com/api/v2/project/gh/open-quantum-safe/openssh/pipeline | tee curl_out \ |
| && grep -q "201" curl_out |
| - run: |
| name: Trigger oqs-provider CI |
| command: |2 |
| curl --silent \ |
| --write-out "\n%{response_code}\n" \ |
| --user ${BUILD_TRIGGER_TOKEN}: \ |
| --request POST \ |
| --header "Content-Type: application/json" \ |
| --data '{ "branch": "main" }' \ |
| https://circleci.com/api/v2/project/gh/open-quantum-safe/oqs-provider/pipeline | tee curl_out \ |
| && grep -q "201" curl_out |
| - run: |
| name: Trigger liboqs-dotnet CI |
| command: |2 |
| curl --silent \ |
| --write-out "\n%{response_code}\n" \ |
| --user ${BUILD_TRIGGER_TOKEN}: \ |
| --request POST \ |
| --header "Content-Type: application/json" \ |
| --data '{ "branch": "master" }' \ |
| https://circleci.com/api/v2/project/gh/open-quantum-safe/liboqs-dotnet/pipeline | tee curl_out \ |
| && grep -q "201" curl_out |
| - run: |
| name: Trigger liboqs-java CI |
| command: |2 |
| curl --silent \ |
| --write-out "\n%{response_code}\n" \ |
| --user ${BUILD_TRIGGER_TOKEN}: \ |
| --request POST \ |
| --header "Content-Type: application/json" \ |
| --data '{ "branch": "master" }' \ |
| https://circleci.com/api/v2/project/gh/open-quantum-safe/liboqs-java/pipeline | tee curl_out \ |
| && grep -q "201" curl_out |
| - run: |
| name: Trigger liboqs-python CI |
| command: |2 |
| curl --silent \ |
| --write-out "\n%{response_code}\n" \ |
| --request POST \ |
| --header "Accept: application/vnd.github+json" \ |
| --header "Authorization: Bearer $OQSBOT_GITHUB_ACTIONS" \ |
| --header "X-GitHub-Api-Version: 2022-11-28" \ |
| --data '{"event_type":"liboqs-upstream-trigger"}' \ |
| https://api.github.com/repos/open-quantum-safe/liboqs-python/dispatches | tee curl_out \ |
| && grep -q "204" curl_out |
| |
| workflows: |
| version: 2.1 |
| build: |
| when: |
| and: |
| - not: |
| equal: [ main, << pipeline.git.branch >> ] |
| - not: |
| matches: { pattern: "^ghactionsonly-.*", value: << pipeline.git.branch >> } |
| jobs: |
| - stylecheck |
| - buildcheck: |
| <<: *require_stylecheck |
| context: openquantumsafe |
| CONTAINER: openquantumsafe/ci-ubuntu-focal-x86_64:latest |
| KEM_NAME: kyber_768 |
| SIG_NAME: dilithium_3 |
| # Disabling testapproval as no jobs currently need it. |
| #- testapproval: |
| # <<: *require_buildcheck |
| # type: approval |
| # Disabling centos-8 and debian-buster. |
| # Re-enable if specific configurations (package versions etc) that need to be tested are identified. |
| #- linux_oqs: |
| # <<: *require_buildcheck |
| # name: centos-8 |
| # context: openquantumsafe |
| # CONTAINER: openquantumsafe/ci-centos-8-amd64:latest |
| # CMAKE_ARGS: -DCMAKE_C_COMPILER=clang |
| #- linux_oqs: |
| # <<: *require_buildcheck |
| # name: debian-buster |
| # context: openquantumsafe |
| # CONTAINER: openquantumsafe/ci-debian-buster-amd64:latest |
| - scan_build: |
| <<: *require_buildcheck |
| name: scan_build |
| context: openquantumsafe |
| CONTAINER: openquantumsafe/ci-ubuntu-focal-x86_64:latest |
| - linux_oqs: |
| <<: *require_buildcheck |
| name: ubuntu-focal-noopenssl |
| context: openquantumsafe |
| CONTAINER: openquantumsafe/ci-ubuntu-focal-x86_64:latest |
| CMAKE_ARGS: -DCMAKE_C_COMPILER=gcc-8 -DOQS_USE_OPENSSL=OFF |
| PYTEST_ARGS: --ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py |
| - linux_oqs: |
| <<: *require_buildcheck |
| name: ubuntu-focal-shared-noopenssl |
| context: openquantumsafe |
| CONTAINER: openquantumsafe/ci-ubuntu-focal-x86_64:latest |
| CMAKE_ARGS: -DCMAKE_C_COMPILER=gcc-7 -DOQS_DIST_BUILD=OFF -DOQS_USE_OPENSSL=OFF -DBUILD_SHARED_LIBS=ON |
| PYTEST_ARGS: --ignore=tests/test_namespace.py --ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py --numprocesses=auto |
| - linux_oqs: |
| <<: *require_buildcheck |
| name: ubuntu-focal-clang15 |
| context: openquantumsafe |
| CONTAINER: openquantumsafe/ci-ubuntu-focal-x86_64:latest |
| CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DCMAKE_C_COMPILER=clang-15 -DOQS_OPT_TARGET=skylake |
| PYTEST_ARGS: --ignore=tests/test_kat_all.py |
| - linux_oqs: |
| <<: *require_buildcheck |
| name: ubuntu-bionic-i386 |
| context: openquantumsafe |
| CONTAINER: openquantumsafe/ci-ubuntu-bionic-i386:latest |
| CMAKE_ARGS: -DCMAKE_TOOLCHAIN_FILE=../.CMake/toolchain_x86.cmake |
| PYTEST_ARGS: --ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py |
| - arm_machine: |
| <<: *require_buildcheck |
| name: arm64 |
| PYTEST_ARGS: --numprocesses=auto --maxprocesses=10 --ignore=tests/test_kat_all.py |
| |
| commit-to-main: |
| when: |
| equal: [ main, << pipeline.git.branch >> ] |
| jobs: |
| - trigger-downstream-ci: |
| context: openquantumsafe |
