Move reusable workflows into actions

Signed-off-by: Hanno Becker <beckphan@amazon.co.uk>

Author: hanno-becker

.github/actions/bench/action.yml

@@ -32,24 +32,42 @@ inputs:
   gh_token:
      description: GitHub access token
      required: true
+  use-nix:
+     default: true
+env:
+  SHELL: ${{ inputs.use_nix && "nix develop .#ci -c bash -e {0}" || inputs.custom_shell }}
 runs:
   using: composite
   steps:
-      - name: Run benchmark
-        shell: nix develop .#ci -c bash -e {0}
-        run: |
-          tests bench -c ${{ inputs.perf }} --cflags "${{ inputs.cflags }}" --arch-flags "${{ inputs.archflags }}" -v --output output.json ${{ inputs.bench_extra_args }}
-      - name: Dump benchmark
-        shell: bash
-        if: ${{ inputs.store_results != 'true' }}
-        run: |
-          cat output.json
-      - name: Store benchmark result
-        if: ${{ inputs.store_results == 'true' }}
-        uses: benchmark-action/github-action-benchmark@v1
-        with:
-          name: ${{ inputs.name }}
-          tool: 'customSmallerIsBetter'
-          output-file-path: output.json
-          github-token: ${{ inputs.gh_token }}
-          auto-push: true
+    - name: Setup nix
+      if: ${{ inputs.use_nix }}
+      uses: ./.github/actions/setup-nix
+      with:
+        devShell: ci
+        script: |
+          ARCH=$(uname -m)
+          cat >> $GITHUB_STEP_SUMMARY <<-EOF
+            ## Setup
+            Architecture: $ARCH
+            - $(uname -a)
+            - $(nix --version)
+            - $(astyle --version)
+            - $(${{ matrix.target.cross_prefix }}gcc --version | grep -m1 "")
+            - $(bash --version | grep -m1 "")
+
+            ## CPU Info
+            $(cat /proc/cpuinfo)
+          EOF
+    - name: Run benchmark
+      shell: ${{ env.SHELL }}
+      run: |
+        tests bench -c ${{ inputs.perf }} --cflags "${{ inputs.cflags }}" --arch-flags "${{ inputs.archflags }}" -v --output output.json ${{ inputs.bench_extra_args }}
+    - name: Store benchmark result
+      if: ${{ inputs.store_results == 'true' }}
+      uses: benchmark-action/github-action-benchmark@v1
+      with:
+        name: ${{ inputs.name }}
+        tool: 'customSmallerIsBetter'
+        output-file-path: output.json
+        github-token: ${{ inputs.gh_token }}
+        auto-push: true

.github/workflows/cbmc_core_reusable.yml renamed to .github/actions/cbmc/action.yml

@@ -1,24 +1,26 @@
-name: cbmc-core-reusable
-on:
-  workflow_call:
-    inputs:
-      runner:
-        type: string
-        description: Name of the runner to use
-      cross-prefix:
-        type: string
-        description: Cross-compilation binary prefix, if any
-        default: ' '
-jobs:
-  cbmc:
-    name: CBMC ${{ inputs.runner }}
-    runs-on: ${{ inputs.runner }}
-    defaults:
-      run:
-        shell: nix develop .#ci-cbmc -c bash -e {0}
+# SPDX-License-Identifier: Apache-2.0
+
+name: CBMC
+description: Run CBMC proofs for MLKEM-C_AArch64
+
+inputs:
+  use_nix:
+    description: Whether to run in the default Nix environment
+    default: true
+  custom_shell:
+    description: The shell to use. Only relevant if use_nix is 'false'
+    default: 'bash'
+  cross-prefix:
+    description: Binary prefix for cross compilation
+    default: ''
+runs:
+  using: composite
+    env:
+      SHELL:
     steps:
       - uses: actions/checkout@v4
       - name: Setup nix
+        if: ${{ inputs.use_nix }}
         uses: ./.github/actions/setup-nix
         with:
           devShell: ci-cbmc
@@ -33,7 +35,11 @@ jobs:
               - $(${{ inputs.cross_prefix }}gcc --version | grep -m1 "")
               - $(bash --version | grep -m1 "")
             EOF
+      - name: Set shell
+        shell: bash
+        run: echo SHELL="${{ inputs.use_nix && 'nix develop .#ci-cbmc -c bash -e {0}' || inputs.custom_shell }}" >> $GITHUB_ENV
       - name: Run CBMC proofs
+        shell: ${{ env.SHELL }}
         run: |
           cd cbmc/proofs;
           KYBER_K=2 ./run-cbmc-proofs.py --summarize;

.github/actions/functest/action.yml

@@ -4,6 +4,9 @@ name: Functional tests
 description: Run functional tests for MLKEM-C_AArch64
 
 inputs:
+  use_nix:
+    description: Whether to run in the default Nix environment
+    default: true
   cflags:
     description: CFLAGS to pass to compilation
     default: ''
@@ -13,17 +16,36 @@ inputs:
 runs:
   using: composite
   steps:
+      - name: Setup nix
+        uses: ./.github/actions/setup-nix
+        if: ${{ inputs.use_nix }}
+        with:
+          devShell: ci
+          script: |
+            ARCH=$(uname -m)
+            cat >> $GITHUB_STEP_SUMMARY <<-EOF
+              ## Setup
+              Architecture: $ARCH
+              - $(uname -a)
+              - $(nix --version)
+              - $(astyle --version)
+              - $(${{ inputs.cross-prefix }}gcc --version | grep -m1 "")
+              - $(bash --version | grep -m1 "")
+            EOF
+      - name: Set shell
+        shell: bash
+        run: echo SHELL="${{ inputs.use_nix && 'nix develop .#ci -c bash -e {0}' || inputs.custom_shell }}" >> $GITHUB_ENV
       - name: Run functional tests
         id: func_test
-        shell: nix develop .#ci -c bash -e {0}
+        shell: ${{ env.SHELL }}
         run: |
           tests func --cross-prefix=${{ inputs.cross-prefix }} --cflags ${{ inputs.cflags }} -v
       - name: Run KAT tests
         if: |
           success()
           || steps.func_test.conclusion == 'failure'
         id: kat_test
-        shell: nix develop .#ci -c bash -e {0}
+        shell: ${{ env.SHELL }}
         run: |
           tests kat --cross-prefix=${{ inputs.cross-prefix }} --cflags ${{ inputs.cflags }} -v
       - name: Run Nistkat tests
@@ -32,6 +54,6 @@ runs:
           success()
           || steps.func_test.conclusion == 'failure'
           || steps.kat_test.conclusion == 'failure'
-        shell: nix develop .#ci -c bash -e {0}
+        shell: ${{ env.SHELL }}
         run: |
           tests nistkat --cross-prefix=${{ inputs.cross-prefix }} --cflags ${{ inputs.cflags }} -v

.github/actions/lint/action.yml

@@ -0,0 +1,41 @@
+# SPDX-License-Identifier: Apache-2.0
+
+name: Lint
+description: Lint MLKEM-C_AArch64
+
+inputs:
+  use_nix:
+    description: Whether to run in the default Nix environment
+    default: true
+  custom_shell:
+    description: The shell to use. Only relevant if use_nix is 'false'
+    default: 'bash'
+  cross-prefix:
+    description: Binary prefix for cross compilation
+    default: ''
+runs:
+  using: composite
+    steps:
+      - name: Setup nix
+        if: ${{ inputs.use_nix }}
+        uses: ./.github/actions/setup-nix
+        with:
+          devShell: ci-linter
+          script: |
+            cat >> $GITHUB_STEP_SUMMARY << EOF
+              ## Setup
+              Architecture: $(uname -m)
+              - $(uname -a)
+              - $(nix --version)
+              - $(astyle --version)
+              - $(${{ matrix.target.cross-prefix }}gcc --version | grep -m1 "")
+              - $(bash --version | grep -m1 "")
+            EOF
+      - name: Set shell
+        shell: bash
+        run: echo SHELL="${{ inputs.use_nix && 'nix develop .#ci-linter -c bash -e {0}' || inputs.custom_shell }}" >> $GITHUB_ENV
+      - name: Run CBMC proofs
+        shell: ${{ env.SHELL }}
+        run: |
+          echo "## Lint & Checks" >> $GITHUB_STEP_SUMMARY
+          lint

.github/workflows/bench.yml

@@ -32,15 +32,16 @@ jobs:
           archflags: "-mcpu=cortex-a55 -march=armv8.2-a"
           cflags: "-static -DFORCE_AARCH64"
           bench_extra_args: -w exec-on-a55
-    uses: ./.github/workflows/bench_core_reusable.yml
     if: github.repository_owner == 'pq-code-package' && (github.event.label.name == 'benchmark' || github.ref == 'refs/heads/main')
-    with:
-      runner: self-hosted-${{ matrix.target.system }}
-      name: ${{ matrix.target.name }}
-      cflags: ${{ matrix.target.cflags }}
-      archflags: ${{ matrix.target.archflags }}
-      perf: ${{ matrix.target.bench_pmu }}
-      store_results: ${{ github.repository_owner == 'pq-code-package' && github.ref == 'refs/heads/main' }}
-      bench_extra_args: ${{ matrix.target.bench_extra_args }}
-    secrets:
-      inherit
+    steps:
+      - uses: actions/checkout@v4
+      - uses: ./.github/actions/bench
+        with:
+          runner: self-hosted-${{ matrix.target.system }}
+          name: ${{ matrix.target.name }}
+          cflags: ${{ matrix.target.cflags }}
+          archflags: ${{ matrix.target.archflags }}
+          perf: ${{ matrix.target.bench_pmu }}
+          store_results: ${{ github.repository_owner == 'pq-code-package' && github.ref == 'refs/heads/main' }}
+          bench_extra_args: ${{ matrix.target.bench_extra_args }}
+          gh_token: ${{ secrets.AWS_GITHUB_TOKEN }}

.github/workflows/bench_core_reusable.yml

@@ -73,16 +73,19 @@ jobs:
   bench:
     name: Bench ${{ inputs.name }}
     needs: start-ec2-runner # required to start the main job when the runner is ready
-    uses: ./.github/workflows/bench_core_reusable.yml
-    with:
-      runner: ${{ needs.start-ec2-runner.outputs.label }}
-      name: ${{ inputs.name }}
-      cflags: ${{ inputs.cflags }}
-      archflags: ${{ inputs.archflags }}
-      perf: PERF
-      store_results: ${{ inputs.store_results }}
-      bench_extra_args: ${{ inputs.bench_extra_args }}
-    secrets: inherit
+    steps:
+      - uses: actions/checkout@v4
+      - uses: ./.github/actions/bench
+        with:
+          use-nix: true
+          runner: ${{ needs.start-ec2-runner.outputs.label }}
+          name: ${{ inputs.name }}
+          cflags: ${{ inputs.cflags }}
+          archflags: ${{ inputs.archflags }}
+          perf: PERF
+          store_results: ${{ inputs.store_results }}
+          bench_extra_args: ${{ inputs.bench_extra_args }}
+          gh_token: ${{ secrets.AWS_GITHUB_TOKEN }}
   stop-ec2-runner:
     name: Stop ${{ github.event.inputs.name }} (${{ github.event.inputs.ec2_instance_type }})
     permissions:

.github/workflows/bench_ec2_reusable.yml

@@ -35,24 +35,34 @@ jobs:
              - runner: 'pqcp-arm64'
                name: 'ubuntu-latest (aarch64)'
     name: Functional tests (${{ matrix.target.name }})
-    uses: ./.github/workflows/functest_core_reusable.yml
-    with:
-      runner: ${{ matrix.target.runner }}
-      cflags: ${{ matrix.target.cflags }}
-      cross-prefix: ${{ matrix.target.cross-prefix }}
+    runs-on: ${{ matrix.target.runner }}
+    steps:
+      - uses: actions/checkout@v4
+      - uses: ./.github/actions/functest
+        with:
+          use-nix: true
+          cflags: ${{ matrix.target.cflags }}
+          cross-prefix: ${{ matrix.target.cross-prefix }}
   lint:
     strategy:
       matrix:
         system: [ubuntu-latest]
-    uses: ./.github/workflows/lint_core_reusable.yml
-    with:
-      runner: ${{ matrix.system }}
-      cross-prefix: "aarch64-unknown-linux-gnu-"
+    name: Linting
+    runs-on: ${{ matrix.target.runner }}
+    steps:
+      - uses: actions/checkout@v4
+      - uses: ./.github/actions/lint
+        with:
+          use-nix: true
+          cross-prefix: "aarch64-unknown-linux-gnu-"
   cbmc:
     strategy:
       matrix:
         system: [macos-latest]
-    uses: ./.github/workflows/cbmc_core_reusable.yml
-    with:
-      runner: ${{ matrix.system }}
-      cross-prefix: "aarch64-unknown-linux-gnu-"
+    name: CBMC
+    runs-on: ${{ matrix.target.runner }}
+    steps:
+      - uses: actions/checkout@v4
+      - uses: ./.github/actions/cbmc
+        with:
+          use-nix: true