2021-08-11 23:09:32 +00:00
|
|
|
# Copyright 2021 Proofcraft Pty Ltd
|
|
|
|
#
|
|
|
|
# SPDX-License-Identifier: BSD-2-Clause
|
|
|
|
|
|
|
|
# On push to master only: run proofs and deploy manifest update.
|
|
|
|
|
|
|
|
name: Proofs
|
|
|
|
|
|
|
|
on:
|
|
|
|
push:
|
|
|
|
branches:
|
|
|
|
- master
|
2021-08-18 00:12:17 +00:00
|
|
|
repository_dispatch:
|
|
|
|
types:
|
|
|
|
- manifest-update
|
2021-08-11 23:09:32 +00:00
|
|
|
|
|
|
|
jobs:
|
|
|
|
code:
|
|
|
|
name: Freeze Code
|
|
|
|
runs-on: ubuntu-latest
|
|
|
|
outputs:
|
|
|
|
xml: ${{ steps.repo.outputs.xml }}
|
|
|
|
steps:
|
|
|
|
- id: repo
|
|
|
|
uses: seL4/ci-actions/repo-checkout@master
|
|
|
|
with:
|
|
|
|
manifest_repo: verification-manifest
|
|
|
|
manifest: devel.xml
|
|
|
|
|
|
|
|
proofs:
|
|
|
|
name: Proof
|
|
|
|
needs: code
|
|
|
|
runs-on: ubuntu-latest
|
|
|
|
strategy:
|
|
|
|
fail-fast: false
|
|
|
|
matrix:
|
|
|
|
arch: [ARM, ARM_HYP, RISCV64, X64]
|
2022-01-10 23:45:45 +00:00
|
|
|
# test only most recent push:
|
|
|
|
concurrency: l4v-regression-${{ github.ref }}-${{ strategy.job-index }}
|
2021-08-11 23:09:32 +00:00
|
|
|
steps:
|
|
|
|
- name: Proofs
|
|
|
|
uses: seL4/ci-actions/aws-proofs@master
|
|
|
|
with:
|
|
|
|
L4V_ARCH: ${{ matrix.arch }}
|
|
|
|
xml: ${{ needs.code.outputs.xml }}
|
|
|
|
env:
|
|
|
|
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
|
|
|
|
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
|
|
|
|
AWS_SSH: ${{ secrets.AWS_SSH }}
|
2022-03-03 10:24:40 +00:00
|
|
|
- name: Upload C graph-lang
|
2022-03-21 02:16:05 +00:00
|
|
|
uses: actions/upload-artifact@v3
|
2022-03-03 10:24:40 +00:00
|
|
|
with:
|
2022-03-21 02:16:05 +00:00
|
|
|
name: c-graph-lang
|
|
|
|
path: artifacts/simpl-export
|
2022-03-03 10:24:40 +00:00
|
|
|
if-no-files-found: ignore
|
2021-08-11 23:09:32 +00:00
|
|
|
- name: Upload logs
|
2022-03-21 02:16:05 +00:00
|
|
|
uses: actions/upload-artifact@v3
|
2021-08-11 23:09:32 +00:00
|
|
|
with:
|
|
|
|
name: logs-${{ matrix.arch }}
|
|
|
|
path: logs.tar.xz
|
|
|
|
|
2022-03-13 05:48:11 +00:00
|
|
|
mcs-export:
|
|
|
|
name: MCS
|
|
|
|
needs: code
|
|
|
|
runs-on: ubuntu-latest
|
|
|
|
strategy:
|
|
|
|
fail-fast: false
|
|
|
|
matrix:
|
|
|
|
arch: [ARM, RISCV64]
|
|
|
|
# test only most recent push:
|
|
|
|
concurrency: l4v-regression-${{ github.ref }}-${{ strategy.job-index }}-mcs
|
|
|
|
steps:
|
|
|
|
- name: SimplExport
|
|
|
|
uses: seL4/ci-actions/aws-proofs@master
|
|
|
|
with:
|
|
|
|
L4V_ARCH: ${{ matrix.arch }}
|
|
|
|
L4V_FEATURES: MCS
|
|
|
|
xml: ${{ needs.code.outputs.xml }}
|
|
|
|
session: SimplExportAndRefine
|
|
|
|
env:
|
|
|
|
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
|
|
|
|
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
|
|
|
|
AWS_SSH: ${{ secrets.AWS_SSH }}
|
|
|
|
- name: Upload C graph-lang
|
2022-03-21 02:16:05 +00:00
|
|
|
uses: actions/upload-artifact@v3
|
2022-03-13 05:48:11 +00:00
|
|
|
with:
|
2022-03-21 02:16:05 +00:00
|
|
|
name: c-graph-lang
|
|
|
|
path: artifacts/simpl-export
|
2022-03-13 05:48:11 +00:00
|
|
|
if-no-files-found: ignore
|
|
|
|
- name: Upload logs
|
2022-03-21 02:16:05 +00:00
|
|
|
uses: actions/upload-artifact@v3
|
2022-03-13 05:48:11 +00:00
|
|
|
with:
|
|
|
|
name: logs-${{ matrix.arch }}-MCS
|
|
|
|
path: logs.tar.xz
|
|
|
|
|
2021-08-11 23:09:32 +00:00
|
|
|
deploy:
|
|
|
|
name: Deploy manifest
|
|
|
|
runs-on: ubuntu-latest
|
2022-03-13 05:48:11 +00:00
|
|
|
needs: [code, proofs, mcs-export]
|
2021-08-11 23:09:32 +00:00
|
|
|
steps:
|
|
|
|
- uses: seL4/ci-actions/l4v-deploy@master
|
|
|
|
with:
|
|
|
|
xml: ${{ needs.code.outputs.xml }}
|
|
|
|
env:
|
|
|
|
GH_SSH: ${{ secrets.CI_SSH }}
|
2022-03-21 02:17:24 +00:00
|
|
|
|
|
|
|
binary-verification:
|
|
|
|
name: Trigger binary verification
|
|
|
|
runs-on: ubuntu-latest
|
|
|
|
needs: [code, proofs, mcs-export]
|
|
|
|
steps:
|
|
|
|
# download-artifact doesn't have an option to ignore missing artifacts,
|
|
|
|
# so we download them all to test if c-graph-lang exists.
|
|
|
|
- name: Fetch artifacts
|
|
|
|
uses: actions/download-artifact@v3
|
|
|
|
with:
|
|
|
|
path: artifacts
|
|
|
|
- name: Check for C graph-lang artifacts
|
|
|
|
id: enabled
|
|
|
|
env:
|
|
|
|
MANIFEST: ${{ needs.code.outputs.xml }}
|
|
|
|
run: |
|
|
|
|
# Check if there are any C graph-lang artifacts
|
|
|
|
if [ -e artifacts/c-graph-lang ]; then
|
|
|
|
echo "C graph-lang artifacts found, will trigger binary verification"
|
|
|
|
echo -n "${MANIFEST}" > verification-manifest.xml
|
|
|
|
echo "::set-output name=enabled::true"
|
|
|
|
else
|
|
|
|
echo "No C graph-lang artifacts found, will not trigger binary verification"
|
|
|
|
fi
|
|
|
|
- name: Upload manifest
|
|
|
|
if: steps.enabled.outputs.enabled
|
|
|
|
uses: actions/upload-artifact@v3
|
|
|
|
with:
|
|
|
|
name: manifest
|
|
|
|
path: verification-manifest.xml
|
|
|
|
- name: Trigger binary verification
|
|
|
|
if: steps.enabled.outputs.enabled
|
|
|
|
uses: peter-evans/repository-dispatch@v1
|
|
|
|
with:
|
|
|
|
token: ${{ secrets.PRIV_REPO_TOKEN }}
|
|
|
|
repository: ${{ github.repository }}
|
|
|
|
event-type: binary-verification
|
|
|
|
# binary-verification uses the run_id to retrieve this workflow's artifacts.
|
|
|
|
client-payload: |
|
|
|
|
{ "repo": "${{ github.repository }}", "run_id": "${{ github.run_id }}" }
|