diff --git a/.github/ci.sh b/.github/ci.sh index 64e5ebef97..1d46cd0de5 100755 --- a/.github/ci.sh +++ b/.github/ci.sh @@ -117,11 +117,11 @@ build() { pkgs=(saw saw-remote-api) fi tee -a cabal.project.local > /dev/null < cabal.project.ci - if ! retry cabal v2-build "$@" "${pkgs[@]}"; then + if ! retry cabal v2-build --disable-executable-dynamic --enable-executable-static "$@" "${pkgs[@]}"; then if [[ "$RUNNER_OS" == "macOS" ]]; then echo "Working around a dylib issue on macos by removing the cache and trying again" cabal v2-clean - retry cabal v2-build "$@" "${pkgs[@]}" + retry cabal v2-build --disable-executable-dynamic --enable-executable-static "$@" "${pkgs[@]}" else return 1 fi diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index ea7e5f3209..6c9e28d680 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -23,7 +23,7 @@ env: jobs: config: - runs-on: ubuntu-latest + runs-on: self-hosted outputs: name: ${{ steps.config.outputs.name }} version: ${{ steps.config.outputs.version }} @@ -60,7 +60,7 @@ jobs: strategy: fail-fast: false matrix: - os: [ubuntu-18.04] + os: [self-hosted] ghc: ["8.8.4", "8.10.3"] include: - os: macos-latest @@ -71,6 +71,15 @@ jobs: cabal-test-suites-json: ${{ steps.cabal-test-suites.outputs.targets-json }} steps: + - name: System Dependencies + if: runner.os == 'Linux' + run: | + sudo apt update + sudo apt install -y software-properties-common apt-transport-https ca-certificates wget curl + sudo apt install -y zlibc zlib1g zlib1g-dev git build-essential language-pack-en-base language-pack-en + sudo locale-gen en_US.UTF-8 + sudo update-locale LANG=$LANG LANGUAGE=$LANGUAGE + - uses: actions/checkout@v2 - run: | git submodule update --init @@ -99,6 +108,7 @@ jobs: ${{ env.CACHE_VERSION }}-cabal-${{ runner.os }}-${{ matrix.ghc }}-${{ hashFiles(format('cabal.GHC-{0}.config', matrix.ghc)) }}- - if: needs.config.outputs.release == 'true' + name: Set release version shell: bash run: | sed -i.bak \ @@ -116,6 +126,7 @@ jobs: run: .github/ci.sh build - uses: GaloisInc/.github/actions/cabal-collect-bins@v1 + if: runner.os != 'Windows' id: cabal-test-suites with: targets: | @@ -127,15 +138,17 @@ jobs: matrix.ghc == '8.8.4' && runner.os != 'Windows' uses: actions/upload-artifact@v2 + name: Upload abc with: path: ${{ steps.abc.outputs.path }} name: abc-${{ runner.os }} - uses: actions/upload-artifact@v2 + name: Upload dist-tests if: "matrix.ghc == '8.8.4'" with: path: dist-tests - name: dist-tests-${{ matrix.os }} + name: dist-tests-${{ runner.os }} - shell: bash run: .github/ci.sh setup_dist_bins @@ -154,6 +167,7 @@ jobs: run: .github/ci.sh sign $NAME.tar.gz - if: matrix.ghc == '8.8.4' + name: Upload ${{ steps.config.outputs.name }}.tar.gz uses: actions/upload-artifact@v2 with: name: ${{ steps.config.outputs.name }} (GHC ${{ matrix.ghc }}) @@ -163,12 +177,14 @@ jobs: - if: "matrix.ghc == '8.8.4'" uses: actions/upload-artifact@v2 + name: Upload ${{ runner.os }} dist-bin with: path: dist/bin name: ${{ runner.os }}-bins - - if: "matrix.os == 'ubuntu-18.04'" + - if: "runner.os == 'Linux'" uses: actions/upload-artifact@v2 + name: Upload saw-${{ runner.os }}-${{ matrix.ghc }} with: name: "saw-${{ runner.os }}-${{ matrix.ghc }}" path: "dist/bin/saw" @@ -215,11 +231,11 @@ jobs: matrix: include: - test: saw-remote-api/scripts/run_rpc_tests.sh - os: ubuntu-18.04 + os: ubuntu-20.04 - test: saw-remote-api/scripts/run_rpc_tests.sh os: macos-latest - test: saw-remote-api/scripts/check_docs.sh - os: ubuntu-18.04 + os: ubuntu-20.04 steps: - uses: actions/checkout@v2 with: @@ -267,7 +283,7 @@ jobs: fail-fast: false matrix: suite: ${{ fromJson(needs.build.outputs.cabal-test-suites-json) }} - os: [ubuntu-18.04] + os: [ubuntu-20.04] continue-on-error: [false] include: - suite: integration_tests @@ -312,7 +328,7 @@ jobs: - uses: actions/download-artifact@v2 with: - name: dist-tests-${{ matrix.os }} + name: dist-tests-${{ runner.os }} path: dist-tests - shell: bash @@ -435,7 +451,7 @@ jobs: name: "Test s2n proofs" timeout-minutes: 60 needs: build - runs-on: ubuntu-18.04 + runs-on: self-hosted strategy: fail-fast: false matrix: @@ -448,8 +464,17 @@ jobs: - hmac-failure - awslc - blst - ghc: ["8.8.4", "8.10.3"] + ghc: ["8.10.3"] steps: + - name: System Dependencies + if: runner.os == 'Linux' + run: | + sudo apt update + sudo apt install -y software-properties-common apt-transport-https ca-certificates wget curl + sudo apt install -y docker-compose build-essential libtinfo6 language-pack-en-base language-pack-en + sudo locale-gen en_US.UTF-8 + sudo update-locale LANG=$LANG LANGUAGE=$LANGUAGE + - uses: actions/checkout@v2 - run: | mkdir -p s2nTests/bin diff --git a/s2nTests/docker/s2n.dockerfile b/s2nTests/docker/s2n.dockerfile index 82b7af20c8..cb5a9ecbab 100644 --- a/s2nTests/docker/s2n.dockerfile +++ b/s2nTests/docker/s2n.dockerfile @@ -1,14 +1,24 @@ -FROM ubuntu:18.04 +# Note: this Dockerfile will be used to run the saw binary built by +# the CI process, which means that the loadable libraries should be +# the same between the two systems. This stipulates that the "FROM" +# instance specified here should match the OS image used to perform +# the build stage (whether that's a Github runner or a self-hosted +# runner). +# +# A common symptom of these not matching is that the bin/saw image +# cannot be run because libtinfoX.so is not found. + +FROM ubuntu:20.04 RUN apt-get update -y -q && \ apt-get install -y software-properties-common && \ apt-get update -q -y && \ apt install -y \ - clang-3.9 \ + clang-10 \ curl \ gcc \ git \ - llvm-3.9 \ + llvm-10 \ make \ sudo \ && \ diff --git a/s2nTests/scripts/s2n-entrypoint.sh b/s2nTests/scripts/s2n-entrypoint.sh index 48a0d807f3..afa5deb264 100755 --- a/s2nTests/scripts/s2n-entrypoint.sh +++ b/s2nTests/scripts/s2n-entrypoint.sh @@ -12,5 +12,7 @@ source codebuild/bin/s2n_setup_env.sh SAW=true SAW_INSTALL_DIR=tmp-saw codebuild/bin/s2n_install_test_dependencies.sh cp /saw-bin/saw "$SAW_INSTALL_DIR"/bin/saw cp /saw-bin/abc "$SAW_INSTALL_DIR"/bin/abc +ldd "$SAW_INSTALL_DIR"/bin/saw "$SAW_INSTALL_DIR"/bin/saw --version +ldd "$SAW_INSTALL_DIR"/bin/abc exec codebuild/bin/s2n_codebuild.sh