From 29424dc261981e0f56c59fd7e334c14a6a7b67f7 Mon Sep 17 00:00:00 2001 From: "Matthias J. Kannwischer" Date: Tue, 10 Feb 2026 18:59:39 +0800 Subject: [PATCH] CI: Add Docker-based compiler tests workflow Signed-off-by: Matthias J. Kannwischer --- .github/actions/compiler-functest/action.yml | 103 ++++++++++ .github/workflows/all.yml | 88 +-------- .github/workflows/compiler-tests.yml | 196 +++++++++++++++++++ 3 files changed, 302 insertions(+), 85 deletions(-) create mode 100644 .github/actions/compiler-functest/action.yml create mode 100644 .github/workflows/compiler-tests.yml diff --git a/.github/actions/compiler-functest/action.yml b/.github/actions/compiler-functest/action.yml new file mode 100644 index 0000000000..6ea4c329cb --- /dev/null +++ b/.github/actions/compiler-functest/action.yml @@ -0,0 +1,103 @@ +# Copyright (c) The mlkem-native project authors +# SPDX-License-Identifier: Apache-2.0 OR ISC OR MIT + +name: Compiler functional tests +description: Run functional tests across C standard versions + +inputs: + cflags: + description: Base CFLAGS (e.g. -O0, -Os, -O3) + required: true + opt: + description: Whether to build opt/non-opt binaries or all (all | opt | no_opt) + default: "all" + examples: + description: Determine whether to run examples or not + default: "true" + c17: + description: Whether compiler supports C17 + default: "true" + c23: + description: Whether compiler supports C23 + default: "false" + gh_token: + description: Github access token to use + required: true + +runs: + using: composite + steps: + - name: functest (${{ inputs.cflags }}) + uses: ./.github/actions/multi-functest + with: + nix-shell: "" + gh_token: ${{ inputs.gh_token }} + compile_mode: native + func: true + kat: false + acvp: false + examples: ${{ inputs.examples }} + opt: ${{ inputs.opt }} + cflags: "${{ inputs.cflags }} -DNTESTS_FUNC=10 -DNUM_RANDOM_TESTS=10 -DNUM_RANDOM_TESTS_REJ_UNIFORM=10" + - name: functest (${{ inputs.cflags }}, C90) + uses: ./.github/actions/multi-functest + with: + nix-shell: "" + gh_token: ${{ inputs.gh_token }} + compile_mode: native + func: true + kat: false + acvp: false + examples: ${{ inputs.examples }} + opt: ${{ inputs.opt }} + cflags: "-std=c90 ${{ inputs.cflags }} -DNTESTS_FUNC=10 -DNUM_RANDOM_TESTS=10 -DNUM_RANDOM_TESTS_REJ_UNIFORM=10" + - name: functest (${{ inputs.cflags }}, C99) + uses: ./.github/actions/multi-functest + with: + nix-shell: "" + gh_token: ${{ inputs.gh_token }} + compile_mode: native + func: true + kat: false + acvp: false + examples: ${{ inputs.examples }} + opt: ${{ inputs.opt }} + cflags: "-std=c99 ${{ inputs.cflags }} -DNTESTS_FUNC=10 -DNUM_RANDOM_TESTS=10 -DNUM_RANDOM_TESTS_REJ_UNIFORM=10" + - name: functest (${{ inputs.cflags }}, C11) + uses: ./.github/actions/multi-functest + with: + nix-shell: "" + gh_token: ${{ inputs.gh_token }} + compile_mode: native + func: true + kat: false + acvp: false + examples: ${{ inputs.examples }} + opt: ${{ inputs.opt }} + cflags: "-std=c11 ${{ inputs.cflags }} -DNTESTS_FUNC=10 -DNUM_RANDOM_TESTS=10 -DNUM_RANDOM_TESTS_REJ_UNIFORM=10" + - name: functest (${{ inputs.cflags }}, C17) + if: ${{ inputs.c17 == 'true' }} + uses: ./.github/actions/multi-functest + with: + nix-shell: "" + gh_token: ${{ inputs.gh_token }} + compile_mode: native + func: true + kat: false + acvp: false + examples: ${{ inputs.examples }} + opt: ${{ inputs.opt }} + cflags: "-std=c17 ${{ inputs.cflags }} -DNTESTS_FUNC=10 -DNUM_RANDOM_TESTS=10 -DNUM_RANDOM_TESTS_REJ_UNIFORM=10" + - name: functest (${{ inputs.cflags }}, C23) + if: ${{ inputs.c23 == 'true' }} + uses: ./.github/actions/multi-functest + with: + nix-shell: "" + gh_token: ${{ inputs.gh_token }} + compile_mode: native + func: true + kat: false + acvp: false + examples: ${{ inputs.examples }} + opt: ${{ inputs.opt }} + cflags: "-std=c23 ${{ inputs.cflags }} -DNTESTS_FUNC=10 -DNUM_RANDOM_TESTS=10 -DNUM_RANDOM_TESTS_REJ_UNIFORM=10" diff --git a/.github/workflows/all.yml b/.github/workflows/all.yml index 1b08e56302..b3ae9ad5bb 100644 --- a/.github/workflows/all.yml +++ b/.github/workflows/all.yml @@ -13,91 +13,9 @@ on: types: [ "opened", "synchronize" ] jobs: - base: - name: Base + compiler-tests: + name: Compiler tests (Docker) permissions: contents: 'read' - id-token: 'write' - uses: ./.github/workflows/base.yml - secrets: inherit - lint-markdown: - name: Lint Markdown - permissions: - contents: 'read' - id-token: 'write' - uses: ./.github/workflows/lint_markdown.yml - nix: - name: Nix - permissions: - actions: 'write' - contents: 'read' - id-token: 'write' - uses: ./.github/workflows/nix.yml - secrets: inherit - ci: - name: Extended - permissions: - contents: 'read' - id-token: 'write' - needs: [ base, nix ] - uses: ./.github/workflows/ci.yml - secrets: inherit - cbmc: - name: CBMC - permissions: - contents: 'read' - id-token: 'write' - pull-requests: 'write' - needs: [ base, nix ] - uses: ./.github/workflows/cbmc.yml - secrets: inherit - oqs_integration: - name: libOQS - permissions: - contents: 'read' - id-token: 'write' - needs: [ base ] - uses: ./.github/workflows/integration-liboqs.yml - secrets: inherit - opentitan_integration: - name: OpenTitan - permissions: - contents: 'read' - id-token: 'write' - needs: [ base ] - uses: ./.github/workflows/integration-opentitan.yml - secrets: inherit - awslc_integration: - name: AWS-LC - permissions: - contents: 'read' - id-token: 'write' - needs: [ base ] - uses: ./.github/workflows/integration-awslc.yml - with: - commit: v1.67.0 - secrets: inherit - ct-test: - name: Constant-time - permissions: - contents: 'read' - id-token: 'write' - needs: [ base, nix ] - uses: ./.github/workflows/ct-tests.yml - secrets: inherit - slothy: - name: SLOTHY - permissions: - contents: 'read' - id-token: 'write' - needs: [ base, nix ] - uses: ./.github/workflows/slothy.yml - secrets: inherit - baremetal: - name: Baremetal - permissions: - contents: 'read' - id-token: 'write' - needs: [ base ] - uses: ./.github/workflows/baremetal.yml + uses: ./.github/workflows/compiler-tests.yml secrets: inherit diff --git a/.github/workflows/compiler-tests.yml b/.github/workflows/compiler-tests.yml new file mode 100644 index 0000000000..1bed257ed7 --- /dev/null +++ b/.github/workflows/compiler-tests.yml @@ -0,0 +1,196 @@ +# Copyright (c) The mlkem-native project authors +# SPDX-License-Identifier: Apache-2.0 OR ISC OR MIT + +name: Compiler tests +permissions: + contents: read +on: + workflow_call: + workflow_dispatch: + +jobs: + compiler_tests: + name: Compiler tests (${{ matrix.compiler.name }}, ${{ matrix.target.name }}) + strategy: + fail-fast: false + matrix: + target: + - runner: ubuntu-24.04-arm + name: 'aarch64' + - runner: ubuntu-latest + name: 'x86_64' + - runner: macos-latest + name: 'macos' + compiler: + # GCC compilers + # Linux: installed via ubuntu-toolchain-r PPA + # macOS: installed via Homebrew + - name: gcc-9 + type: gcc + version: '9' + c17: true + c23: false + opt: all + examples: true + macos: false + - name: gcc-10 + type: gcc + version: '10' + c17: true + c23: false + opt: all + examples: true + macos: false + - name: gcc-11 + type: gcc + version: '11' + c17: true + c23: false + opt: all + examples: true + macos: true + - name: gcc-12 + type: gcc + version: '12' + c17: true + c23: false + opt: all + examples: true + macos: true + - name: gcc-13 + type: gcc + version: '13' + c17: true + c23: false + opt: all + examples: true + macos: true + - name: gcc-14 + type: gcc + version: '14' + c17: true + c23: true + opt: all + examples: true + macos: true + # Clang compilers (installed via install-llvm-action) + - name: clang-14 + type: clang + version: '14' + c17: true + c23: false + opt: all + examples: true + macos: true + - name: clang-15 + type: clang + version: '15' + c17: true + c23: false + opt: all + examples: true + macos: true + - name: clang-16 + type: clang + version: '16' + c17: true + c23: false + opt: all + examples: true + macos: true + - name: clang-17 + type: clang + version: '17' + c17: true + c23: false + opt: all + examples: true + macos: true + - name: clang-18 + type: clang + version: '18' + c17: true + c23: true + opt: all + examples: true + macos: true + - name: clang-19 + type: clang + version: '19' + c17: true + c23: true + opt: all + examples: true + macos: true + - name: clang-20 + type: clang + version: '20' + c17: true + c23: true + opt: all + examples: true + macos: true + - name: clang-21 + type: clang + version: '21' + c17: true + c23: true + opt: all + examples: true + macos: true + exclude: + - target: { name: 'macos' } + compiler: { macos: false } + runs-on: ${{ matrix.target.runner }} + steps: + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - name: Setup GCC (Linux) + if: ${{ matrix.compiler.type == 'gcc' && runner.os == 'Linux' }} + run: | + sudo add-apt-repository -y ppa:ubuntu-toolchain-r/test + sudo apt-get update + sudo apt-get install -y gcc-${{ matrix.compiler.version }} + echo "CC=gcc-${{ matrix.compiler.version }}" >> $GITHUB_ENV + - name: Setup GCC (macOS) + if: ${{ matrix.compiler.type == 'gcc' && runner.os == 'macOS' }} + run: | + brew install gcc@${{ matrix.compiler.version }} + echo "CC=gcc-${{ matrix.compiler.version }}" >> $GITHUB_ENV + - name: Setup Clang dependencies + if: ${{ matrix.compiler.type == 'clang' && runner.os == 'Linux' }} + run: sudo apt-get install -y libtinfo5 + - name: Install Clang + if: ${{ matrix.compiler.type == 'clang' }} + uses: KyleMayes/install-llvm-action@v2 + with: + version: ${{ matrix.compiler.version }} + env: true + - name: Compiler info + run: ${{ env.CC }} --version + - name: Tests (-O0) + uses: ./.github/actions/compiler-functest + with: + cflags: "-O0" + opt: ${{ matrix.compiler.opt }} + examples: ${{ matrix.compiler.examples }} + c17: ${{ matrix.compiler.c17 }} + c23: ${{ matrix.compiler.c23 }} + gh_token: ${{ secrets.GITHUB_TOKEN }} + - name: Tests (-Os) + uses: ./.github/actions/compiler-functest + with: + cflags: "-Os" + opt: ${{ matrix.compiler.opt }} + examples: ${{ matrix.compiler.examples }} + c17: ${{ matrix.compiler.c17 }} + c23: ${{ matrix.compiler.c23 }} + gh_token: ${{ secrets.GITHUB_TOKEN }} + - name: Tests (-O3) + uses: ./.github/actions/compiler-functest + with: + cflags: "-O3" + opt: ${{ matrix.compiler.opt }} + examples: ${{ matrix.compiler.examples }} + c17: ${{ matrix.compiler.c17 }} + c23: ${{ matrix.compiler.c23 }} + gh_token: ${{ secrets.GITHUB_TOKEN }}