From 02b45c84a5d69cf7d1ec8cd19bf46ed121c2ad0f Mon Sep 17 00:00:00 2001 From: Kevin Quick Date: Wed, 21 Jul 2021 14:52:17 -0700 Subject: [PATCH 01/21] Specify use of self-hosted runners for github CI. --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index ea7e5f3209..e9700fb344 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -23,7 +23,7 @@ env: jobs: config: - runs-on: ubuntu-latest + runs-on: self-hosted outputs: name: ${{ steps.config.outputs.name }} version: ${{ steps.config.outputs.version }} From d22b5f1b8a0163e51225d2d32640a6bbcbbff12e Mon Sep 17 00:00:00 2001 From: Kevin Quick Date: Wed, 21 Jul 2021 15:00:21 -0700 Subject: [PATCH 02/21] Use self hosted runner for ubuntu build job. --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index e9700fb344..4db5fd71e7 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -60,7 +60,7 @@ jobs: strategy: fail-fast: false matrix: - os: [ubuntu-18.04] + os: [[self-hosted, ubuntu-18.04]] ghc: ["8.8.4", "8.10.3"] include: - os: macos-latest From 0d89da50a7deedc32fc45550bc5cf6e9aae52618 Mon Sep 17 00:00:00 2001 From: Kevin Quick Date: Wed, 21 Jul 2021 15:55:52 -0700 Subject: [PATCH 03/21] Update label for self-hosted; no other labels currently assigned. --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 4db5fd71e7..eca7dac3eb 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -60,7 +60,7 @@ jobs: strategy: fail-fast: false matrix: - os: [[self-hosted, ubuntu-18.04]] + os: [self-hosted] ghc: ["8.8.4", "8.10.3"] include: - os: macos-latest From 5da942087c198c8480b0d84ca886fe4998d013f0 Mon Sep 17 00:00:00 2001 From: Kevin Quick Date: Wed, 21 Jul 2021 16:38:58 -0700 Subject: [PATCH 04/21] Add a better name for an interim step. --- .github/workflows/ci.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index eca7dac3eb..8a673399a6 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -99,6 +99,7 @@ jobs: ${{ env.CACHE_VERSION }}-cabal-${{ runner.os }}-${{ matrix.ghc }}-${{ hashFiles(format('cabal.GHC-{0}.config', matrix.ghc)) }}- - if: needs.config.outputs.release == 'true' + name: Set release version shell: bash run: | sed -i.bak \ From f04595698a6cfb64fd0b56877de70d2ad7a30f5d Mon Sep 17 00:00:00 2001 From: Kevin Quick Date: Wed, 21 Jul 2021 16:39:22 -0700 Subject: [PATCH 05/21] Add system dependency initialization for Linux in case of self-hosted runners. --- .github/workflows/ci.yml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 8a673399a6..0064af217b 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -71,6 +71,15 @@ jobs: cabal-test-suites-json: ${{ steps.cabal-test-suites.outputs.targets-json }} steps: + - name: System Dependencies + if: runner.os == 'Linux' + run: | + sudo apt update + sudo apt install -y software-properties-common apt-transport-https ca-certificates wget curl + sudo apt install -y zlibc zlib1g zlib1g-dev git build-essential language-pack-en-base language-pack-en + sudo locale-gen en_US.UTF-8 + sudo update-locale LANG=$LANG LANGUAGE=$LANGUAGE + - uses: actions/checkout@v2 - run: | git submodule update --init From 693077702680a046dd1ab69fd8895f8a570807c7 Mon Sep 17 00:00:00 2001 From: Kevin Quick Date: Wed, 21 Jul 2021 21:40:03 -0700 Subject: [PATCH 06/21] Run CI s2n proofs on internal self-hosted runners. --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 0064af217b..7c5e998578 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -445,7 +445,7 @@ jobs: name: "Test s2n proofs" timeout-minutes: 60 needs: build - runs-on: ubuntu-18.04 + runs-on: self-hosted strategy: fail-fast: false matrix: From 7b74cc1c38cce3d7850924c642cd6ae842e4ef20 Mon Sep 17 00:00:00 2001 From: Kevin Quick Date: Fri, 23 Jul 2021 08:49:51 -0700 Subject: [PATCH 07/21] Add names for various CI steps. --- .github/workflows/ci.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 7c5e998578..bb3b2c6f9d 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -137,11 +137,13 @@ jobs: matrix.ghc == '8.8.4' && runner.os != 'Windows' uses: actions/upload-artifact@v2 + name: Upload abc with: path: ${{ steps.abc.outputs.path }} name: abc-${{ runner.os }} - uses: actions/upload-artifact@v2 + name: Upload dist-tests if: "matrix.ghc == '8.8.4'" with: path: dist-tests @@ -164,6 +166,7 @@ jobs: run: .github/ci.sh sign $NAME.tar.gz - if: matrix.ghc == '8.8.4' + name: Upload ${{ steps.config.outputs.name }}.tar.gz uses: actions/upload-artifact@v2 with: name: ${{ steps.config.outputs.name }} (GHC ${{ matrix.ghc }}) @@ -173,12 +176,14 @@ jobs: - if: "matrix.ghc == '8.8.4'" uses: actions/upload-artifact@v2 + name: Upload ${{ runner.os }} dist-bin with: path: dist/bin name: ${{ runner.os }}-bins - if: "matrix.os == 'ubuntu-18.04'" uses: actions/upload-artifact@v2 + name: Upload saw-${{ runner.os }}-${{ matrix.ghc }} with: name: "saw-${{ runner.os }}-${{ matrix.ghc }}" path: "dist/bin/saw" From 74c2ac8111e294389242a3c50f8b8e92f9c51351 Mon Sep 17 00:00:00 2001 From: Kevin Quick Date: Fri, 23 Jul 2021 08:50:22 -0700 Subject: [PATCH 08/21] Modify CI upload to trigger on os type, not distribution name. --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index bb3b2c6f9d..44ea9fd4b0 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -181,7 +181,7 @@ jobs: path: dist/bin name: ${{ runner.os }}-bins - - if: "matrix.os == 'ubuntu-18.04'" + - if: "runner.os == 'Linux'" uses: actions/upload-artifact@v2 name: Upload saw-${{ runner.os }}-${{ matrix.ghc }} with: From 39bff81945b598b548c26403fa77345963b042b1 Mon Sep 17 00:00:00 2001 From: Kevin Quick Date: Fri, 23 Jul 2021 11:05:05 -0700 Subject: [PATCH 09/21] Add CI system dependencies for the "Test s2n proofs" jobs. --- .github/workflows/ci.yml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 44ea9fd4b0..52234ab072 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -465,6 +465,15 @@ jobs: - blst ghc: ["8.8.4", "8.10.3"] steps: + - name: System Dependencies + if: runner.os == 'Linux' + run: | + sudo apt update + sudo apt install -y software-properties-common apt-transport-https ca-certificates wget curl + sudo apt install -y docker-compose language-pack-en-base language-pack-en + sudo locale-gen en_US.UTF-8 + sudo update-locale LANG=$LANG LANGUAGE=$LANGUAGE + - uses: actions/checkout@v2 - run: | mkdir -p s2nTests/bin From 5b24d3f3411c4ce1dfb405b2483800473ef7b9e8 Mon Sep 17 00:00:00 2001 From: Kevin Quick Date: Fri, 23 Jul 2021 11:10:20 -0700 Subject: [PATCH 10/21] The s2n tests don't depend on GHC build version: run only for one build. --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 52234ab072..4f09e872e5 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -463,7 +463,7 @@ jobs: - hmac-failure - awslc - blst - ghc: ["8.8.4", "8.10.3"] + ghc: ["8.10.3"] steps: - name: System Dependencies if: runner.os == 'Linux' From e811539a63a8dc948c869681753ba49025427762 Mon Sep 17 00:00:00 2001 From: Kevin Quick Date: Fri, 23 Jul 2021 12:23:59 -0700 Subject: [PATCH 11/21] Add libtinfo6 system dependency for s2n tests CI job. --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 4f09e872e5..9826f46ee7 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -470,7 +470,7 @@ jobs: run: | sudo apt update sudo apt install -y software-properties-common apt-transport-https ca-certificates wget curl - sudo apt install -y docker-compose language-pack-en-base language-pack-en + sudo apt install -y docker-compose libtinfo6 language-pack-en-base language-pack-en sudo locale-gen en_US.UTF-8 sudo update-locale LANG=$LANG LANGUAGE=$LANGUAGE From 2a8973621b9bc9c0c25b5ba183091a839c3c1c34 Mon Sep 17 00:00:00 2001 From: Kevin Quick Date: Fri, 23 Jul 2021 12:25:14 -0700 Subject: [PATCH 12/21] Update CI workflow to reference uploads/downloads by runner OS for stability --- .github/workflows/ci.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 9826f46ee7..44712354dd 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -147,7 +147,7 @@ jobs: if: "matrix.ghc == '8.8.4'" with: path: dist-tests - name: dist-tests-${{ matrix.os }} + name: dist-tests-${{ runner.os }} - shell: bash run: .github/ci.sh setup_dist_bins @@ -327,7 +327,7 @@ jobs: - uses: actions/download-artifact@v2 with: - name: dist-tests-${{ matrix.os }} + name: dist-tests-${{ runner.os }} path: dist-tests - shell: bash From c0080921fcbc0b994693e49cde45e782f1dca93c Mon Sep 17 00:00:00 2001 From: Kevin Quick Date: Tue, 27 Jul 2021 09:53:16 -0700 Subject: [PATCH 13/21] Add build-essential packages to s2n CI deployment. --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 44712354dd..4e3a34a129 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -470,7 +470,7 @@ jobs: run: | sudo apt update sudo apt install -y software-properties-common apt-transport-https ca-certificates wget curl - sudo apt install -y docker-compose libtinfo6 language-pack-en-base language-pack-en + sudo apt install -y docker-compose build-essential libtinfo6 language-pack-en-base language-pack-en sudo locale-gen en_US.UTF-8 sudo update-locale LANG=$LANG LANGUAGE=$LANGUAGE From 8642dbbdff6893666e622dbe9bb6518593694d73 Mon Sep 17 00:00:00 2001 From: Kevin Quick Date: Tue, 27 Jul 2021 09:53:43 -0700 Subject: [PATCH 14/21] Add load-path debug for s2n testing under CI/docker-compose. --- s2nTests/scripts/s2n-entrypoint.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/s2nTests/scripts/s2n-entrypoint.sh b/s2nTests/scripts/s2n-entrypoint.sh index 48a0d807f3..afa5deb264 100755 --- a/s2nTests/scripts/s2n-entrypoint.sh +++ b/s2nTests/scripts/s2n-entrypoint.sh @@ -12,5 +12,7 @@ source codebuild/bin/s2n_setup_env.sh SAW=true SAW_INSTALL_DIR=tmp-saw codebuild/bin/s2n_install_test_dependencies.sh cp /saw-bin/saw "$SAW_INSTALL_DIR"/bin/saw cp /saw-bin/abc "$SAW_INSTALL_DIR"/bin/abc +ldd "$SAW_INSTALL_DIR"/bin/saw "$SAW_INSTALL_DIR"/bin/saw --version +ldd "$SAW_INSTALL_DIR"/bin/abc exec codebuild/bin/s2n_codebuild.sh From 676dab8a72abee11e16dac2afc15e8c79bff33ad Mon Sep 17 00:00:00 2001 From: Kevin Quick Date: Tue, 27 Jul 2021 11:32:06 -0700 Subject: [PATCH 15/21] Add libtinfo6 to s2n docker configuration to allow running saw. --- s2nTests/docker/s2n.dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/s2nTests/docker/s2n.dockerfile b/s2nTests/docker/s2n.dockerfile index 82b7af20c8..47c0b46336 100644 --- a/s2nTests/docker/s2n.dockerfile +++ b/s2nTests/docker/s2n.dockerfile @@ -11,6 +11,7 @@ RUN apt-get update -y -q && \ llvm-3.9 \ make \ sudo \ + libtinfo6 \ && \ rm -rf /var/lib/apt/lists/* From 0a85b7974a5135524c4f570e8208762d2a262c56 Mon Sep 17 00:00:00 2001 From: Kevin Quick Date: Tue, 27 Jul 2021 14:21:36 -0700 Subject: [PATCH 16/21] Update s2n testing docker image to ubuntu:20.04 to match (self-hosted) builder --- s2nTests/docker/s2n.dockerfile | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/s2nTests/docker/s2n.dockerfile b/s2nTests/docker/s2n.dockerfile index 47c0b46336..f89d2eeddc 100644 --- a/s2nTests/docker/s2n.dockerfile +++ b/s2nTests/docker/s2n.dockerfile @@ -1,4 +1,14 @@ -FROM ubuntu:18.04 +# Note: this Dockerfile will be used to run the saw binary built by +# the CI process, which means that the loadable libraries should be +# the same between the two systems. This stipulates that the "FROM" +# instance specified here should match the OS image used to perform +# the build stage (whether that's a Github runner or a self-hosted +# runner). +# +# A common symptom of these not matching is that the bin/saw image +# cannot be run because libtinfoX.so is not found. + +FROM ubuntu:20.04 RUN apt-get update -y -q && \ apt-get install -y software-properties-common && \ @@ -11,7 +21,6 @@ RUN apt-get update -y -q && \ llvm-3.9 \ make \ sudo \ - libtinfo6 \ && \ rm -rf /var/lib/apt/lists/* From ad6cdb4f15a42993709444b9a33032c7d1b182bb Mon Sep 17 00:00:00 2001 From: Kevin Quick Date: Tue, 27 Jul 2021 22:37:27 -0700 Subject: [PATCH 17/21] Skip Windows builds in CI for collecting built cabal tests for later use. The CI process runs the cabal tests in a separate job from the build process. To do this, the build process "collects" the tests by building them and uploading them. This test-build portion fails for Windows (symptom is the linker finding a duplicate symbol, cause is probably misconfiguration and use of multiple versions of the same dependency). Since the tests are not run for Windows, this build+upload/collection step should not be needed for Windows and can be skipped. --- .github/workflows/ci.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 4e3a34a129..85fc1d122c 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -126,6 +126,7 @@ jobs: run: .github/ci.sh build - uses: GaloisInc/.github/actions/cabal-collect-bins@v1 + if: runner.os != 'Windows' id: cabal-test-suites with: targets: | From 72e12eaa94620e15e56129734445fccfff6cf1ac Mon Sep 17 00:00:00 2001 From: Kevin Quick Date: Tue, 27 Jul 2021 23:35:59 -0700 Subject: [PATCH 18/21] CI consolidation on ubuntu 20.04 (from 18.04) to match internal runners. --- .github/workflows/ci.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 85fc1d122c..6c9e28d680 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -231,11 +231,11 @@ jobs: matrix: include: - test: saw-remote-api/scripts/run_rpc_tests.sh - os: ubuntu-18.04 + os: ubuntu-20.04 - test: saw-remote-api/scripts/run_rpc_tests.sh os: macos-latest - test: saw-remote-api/scripts/check_docs.sh - os: ubuntu-18.04 + os: ubuntu-20.04 steps: - uses: actions/checkout@v2 with: @@ -283,7 +283,7 @@ jobs: fail-fast: false matrix: suite: ${{ fromJson(needs.build.outputs.cabal-test-suites-json) }} - os: [ubuntu-18.04] + os: [ubuntu-20.04] continue-on-error: [false] include: - suite: integration_tests From bc99ad119e86b205f0ea635ddacaec0824e7e3ea Mon Sep 17 00:00:00 2001 From: Kevin Quick Date: Tue, 27 Jul 2021 23:36:56 -0700 Subject: [PATCH 19/21] [s2nTests/docker] Use clang/llvm v5; Ubuntu 20.04 removed 3.9 --- s2nTests/docker/s2n.dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/s2nTests/docker/s2n.dockerfile b/s2nTests/docker/s2n.dockerfile index f89d2eeddc..7255c24088 100644 --- a/s2nTests/docker/s2n.dockerfile +++ b/s2nTests/docker/s2n.dockerfile @@ -14,11 +14,11 @@ RUN apt-get update -y -q && \ apt-get install -y software-properties-common && \ apt-get update -q -y && \ apt install -y \ - clang-3.9 \ + clang-5 \ curl \ gcc \ git \ - llvm-3.9 \ + llvm-5 \ make \ sudo \ && \ From fc70554c52f60142760c41a4ba7100f1b3c4c7b8 Mon Sep 17 00:00:00 2001 From: Kevin Quick Date: Wed, 28 Jul 2021 00:22:23 -0700 Subject: [PATCH 20/21] [s2nTests/docker] use clang/llvm version 10 --- s2nTests/docker/s2n.dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/s2nTests/docker/s2n.dockerfile b/s2nTests/docker/s2n.dockerfile index 7255c24088..cb5a9ecbab 100644 --- a/s2nTests/docker/s2n.dockerfile +++ b/s2nTests/docker/s2n.dockerfile @@ -14,11 +14,11 @@ RUN apt-get update -y -q && \ apt-get install -y software-properties-common && \ apt-get update -q -y && \ apt install -y \ - clang-5 \ + clang-10 \ curl \ gcc \ git \ - llvm-5 \ + llvm-10 \ make \ sudo \ && \ From eddcdbfeeecd8ce71027aab7dfeb21d966447f70 Mon Sep 17 00:00:00 2001 From: Kevin Quick Date: Fri, 30 Jul 2021 14:09:49 -0700 Subject: [PATCH 21/21] Use static executable builds to resolve OS inconsistencies in shared libs --- .github/ci.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/ci.sh b/.github/ci.sh index 64e5ebef97..1d46cd0de5 100755 --- a/.github/ci.sh +++ b/.github/ci.sh @@ -117,11 +117,11 @@ build() { pkgs=(saw saw-remote-api) fi tee -a cabal.project.local > /dev/null < cabal.project.ci - if ! retry cabal v2-build "$@" "${pkgs[@]}"; then + if ! retry cabal v2-build --disable-executable-dynamic --enable-executable-static "$@" "${pkgs[@]}"; then if [[ "$RUNNER_OS" == "macOS" ]]; then echo "Working around a dylib issue on macos by removing the cache and trying again" cabal v2-clean - retry cabal v2-build "$@" "${pkgs[@]}" + retry cabal v2-build --disable-executable-dynamic --enable-executable-static "$@" "${pkgs[@]}" else return 1 fi