chore(ci): use aws ec2 as runner provider for cargo builds #6505
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Run backward compatibility tests | |
| name: aws_tfhe_backward_compat_tests | |
| env: | |
| CARGO_TERM_COLOR: always | |
| ACTION_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} | |
| RUSTFLAGS: "-C target-cpu=native" | |
| RUST_BACKTRACE: "full" | |
| RUST_MIN_STACK: "8388608" | |
| SLACK_CHANNEL: ${{ secrets.SLACK_CHANNEL }} | |
| SLACK_ICON: https://pbs.twimg.com/profile_images/1274014582265298945/OjBKP9kn_400x400.png | |
| SLACK_USERNAME: ${{ secrets.BOT_USERNAME }} | |
| SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} | |
| SLACKIFY_MARKDOWN: true | |
| PULL_REQUEST_MD_LINK: "" | |
| CHECKOUT_TOKEN: ${{ secrets.REPO_CHECKOUT_TOKEN || secrets.GITHUB_TOKEN }} | |
| # Secrets will be available only to zama-ai organization members | |
| SECRETS_AVAILABLE: ${{ secrets.JOB_SECRET != '' }} | |
| EXTERNAL_CONTRIBUTION_RUNNER: "large_ubuntu_16" | |
| on: | |
| # Allows you to run this workflow manually from the Actions tab as an alternative. | |
| workflow_dispatch: | |
| pull_request: | |
| push: | |
| branches: | |
| - main | |
| permissions: | |
| contents: read | |
| # zizmor: ignore[concurrency-limits] concurrency is managed after instance setup to ensure safe provisioning | |
| jobs: | |
| setup-instance: | |
| name: aws_tfhe_backward_compat_tests/setup-instance | |
| runs-on: ubuntu-latest | |
| outputs: | |
| runner-name: ${{ steps.start-remote-instance.outputs.label || steps.start-github-instance.outputs.runner_group }} | |
| steps: | |
| - name: Start remote instance | |
| id: start-remote-instance | |
| if: env.SECRETS_AVAILABLE == 'true' | |
| uses: zama-ai/slab-github-runner@79939325c3c429837c10d6041e4fd8589d328bac | |
| with: | |
| mode: start | |
| github-token: ${{ secrets.SLAB_ACTION_TOKEN }} | |
| slab-url: ${{ secrets.SLAB_BASE_URL }} | |
| job-secret: ${{ secrets.JOB_SECRET }} | |
| backend: aws | |
| profile: cpu-small | |
| # This instance will be spawned especially for pull-request from forked repository | |
| - name: Start GitHub instance | |
| id: start-github-instance | |
| if: env.SECRETS_AVAILABLE == 'false' | |
| run: | | |
| echo "runner_group=${EXTERNAL_CONTRIBUTION_RUNNER}" >> "$GITHUB_OUTPUT" | |
| backward-compat-tests: | |
| name: aws_tfhe_backward_compat_tests/backward-compat-tests (bpr) | |
| needs: [ setup-instance ] | |
| runs-on: ${{ needs.setup-instance.outputs.runner-name }} | |
| concurrency: | |
| group: ${{ github.workflow_ref }}${{ github.ref == 'refs/heads/main' && github.sha || '' }} | |
| cancel-in-progress: ${{ github.ref != 'refs/heads/main' }} | |
| steps: | |
| - name: Checkout tfhe-rs | |
| uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 | |
| with: | |
| persist-credentials: 'true' # Needed to pull lfs data | |
| token: ${{ env.CHECKOUT_TOKEN }} | |
| # Cache key is an aggregated hash of lfs files hashes | |
| - name: Get LFS data sha | |
| id: hash-lfs-data | |
| run: | | |
| SHA=$(git lfs ls-files -l -I utils/tfhe-backward-compat-data | sha256sum | cut -d' ' -f1) | |
| echo "sha=${SHA}" >> "${GITHUB_OUTPUT}" | |
| - name: Retrieve data from cache | |
| id: retrieve-data-cache | |
| uses: actions/cache/restore@0057852bfaa89a56745cba8c7296529d2fc39830 #v4.3.0 | |
| with: | |
| path: | | |
| utils/tfhe-backward-compat-data/**/*.cbor | |
| utils/tfhe-backward-compat-data/**/*.bcode | |
| key: ${{ steps.hash-lfs-data.outputs.sha }} | |
| - name: Pull test data | |
| if: steps.retrieve-data-cache.outputs.cache-hit != 'true' | |
| run: | | |
| make pull_backward_compat_data | |
| # Pull token was stored by action/checkout to be used by lfs, we don't need it anymore | |
| - name: Remove git credentials | |
| run: | | |
| git config --local --unset-all http.https://github.com/.extraheader | |
| - name: Install latest stable | |
| uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # zizmor: ignore[stale-action-refs] this action doesn't create releases | |
| with: | |
| toolchain: stable | |
| - name: Run backward compatibility tests | |
| run: | | |
| make test_backward_compatibility_ci | |
| - name: Store data in cache | |
| if: steps.retrieve-data-cache.outputs.cache-hit != 'true' | |
| continue-on-error: true | |
| uses: actions/cache/save@0057852bfaa89a56745cba8c7296529d2fc39830 #v4.3.0 | |
| with: | |
| path: | | |
| utils/tfhe-backward-compat-data/**/*.cbor | |
| utils/tfhe-backward-compat-data/**/*.bcode | |
| key: ${{ steps.hash-lfs-data.outputs.sha }} | |
| - name: Set pull-request URL | |
| if: ${{ failure() && github.event_name == 'pull_request' }} | |
| run: | | |
| echo "PULL_REQUEST_MD_LINK=[pull-request](${PR_BASE_URL}${PR_NUMBER}), " >> "${GITHUB_ENV}" | |
| env: | |
| PR_BASE_URL: ${{ vars.PR_BASE_URL }} | |
| PR_NUMBER: ${{ github.event.pull_request.number }} | |
| - name: Slack Notification | |
| if: ${{ failure() || (cancelled() && github.event_name != 'pull_request') }} | |
| continue-on-error: true | |
| uses: rtCamp/action-slack-notify@e31e87e03dd19038e411e38ae27cbad084a90661 | |
| env: | |
| SLACK_COLOR: ${{ job.status }} | |
| SLACK_MESSAGE: "Backward compatibility tests finished with status: ${{ job.status }}. (${{ env.PULL_REQUEST_MD_LINK }}[action run](${{ env.ACTION_RUN_URL }}))" | |
| teardown-instance: | |
| name: aws_tfhe_backward_compat_tests/teardown-instance | |
| if: ${{ always() && needs.setup-instance.result == 'success' }} | |
| needs: [ setup-instance, backward-compat-tests ] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Stop remote instance | |
| id: stop-instance | |
| if: env.SECRETS_AVAILABLE == 'true' | |
| uses: zama-ai/slab-github-runner@79939325c3c429837c10d6041e4fd8589d328bac | |
| with: | |
| mode: stop | |
| github-token: ${{ secrets.SLAB_ACTION_TOKEN }} | |
| slab-url: ${{ secrets.SLAB_BASE_URL }} | |
| job-secret: ${{ secrets.JOB_SECRET }} | |
| label: ${{ needs.setup-instance.outputs.runner-name }} | |
| - name: Slack Notification | |
| if: ${{ failure() }} | |
| continue-on-error: true | |
| uses: rtCamp/action-slack-notify@e31e87e03dd19038e411e38ae27cbad084a90661 | |
| env: | |
| SLACK_COLOR: ${{ job.status }} | |
| SLACK_MESSAGE: "Instance teardown (backward-compat-tests) finished with status: ${{ job.status }}. (${{ env.ACTION_RUN_URL }})" |