Skip to content

Merge pull request #1183 from zama-ai/ci/trivy #2896

Merge pull request #1183 from zama-ai/ci/trivy

Merge pull request #1183 from zama-ai/ci/trivy #2896

name: concrete-python tests linux-cpu
on:
workflow_dispatch:
pull_request:
paths:
- .github/workflows/concrete_python_tests_linux.yml
- frontends/concrete-python/**
push:
branches:
- 'main'
- 'release/*'
env:
DOCKER_IMAGE_TEST: ghcr.io/zama-ai/concrete-compiler
ACTION_RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
SLACK_CHANNEL: ${{ secrets.SLACK_CHANNEL }}
SLACK_USERNAME: ${{ secrets.BOT_USERNAME }}
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
concurrency:
group: concrete_python_tests_linux_${{ github.ref }}
cancel-in-progress: ${{ github.ref != 'refs/heads/main' }}
jobs:
setup-instance:
runs-on: ubuntu-latest
outputs:
runner-name: ${{ steps.start-instance.outputs.label }}
steps:
- name: Start instance
id: start-instance
uses: zama-ai/slab-github-runner@98f0788261a7323d5d695a883e20df36591a92b7 # v1.3.0
with:
mode: start
github-token: ${{ secrets.SLAB_ACTION_TOKEN }}
slab-url: ${{ secrets.SLAB_BASE_URL }}
job-secret: ${{ secrets.JOB_SECRET }}
backend: aws
profile: cpu-test
pre-commit-check:
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Install platform dependencies
run: |
sudo apt install -y graphviz libgraphviz-dev
- name: Pre-commit Checks
run: |
cd frontends/concrete-python
make venv
source .venv/bin/activate
make pcc
build-python-bindings:
needs: setup-instance
runs-on: ${{ needs.setup-instance.outputs.runner-name }}
steps:
- name: Checkout concrete
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
submodules: recursive
fetch-depth: 0
- name: Create concrete build directory
run: mkdir build
- name: Build concrete-compiler python bindings
uses: addnab/docker-run-action@4f65fabd2431ebc8d299f8e5a018d79a769ae185 # v3
with:
registry: ghcr.io
image: ${{ env.DOCKER_IMAGE_TEST }}
username: ${{ secrets.GHCR_LOGIN }}
password: ${{ secrets.GHCR_PASSWORD }}
options: >-
-v ${{ github.workspace }}:/concrete
-v ${{ github.workspace }}/build:/build
shell: bash
run: |
set -e
rustup toolchain install nightly-2024-09-30
dnf -y install graphviz graphviz-devel
cd /concrete/frontends/concrete-python
make venv
source .venv/bin/activate
cd /concrete/compilers/concrete-compiler/compiler
make BUILD_DIR=/build DATAFLOW_EXECUTION_ENABLED=ON CCACHE=ON Python3_EXECUTABLE=$(which python3) python-bindings
echo "Debug: ccache statistics (after the build):"
ccache -s
- name: Create artifact archive
run: |
cd build
tar czvf artifacts.tgz lib/libConcretelangRuntime.so tools/concretelang/python_packages
- name: Upload concrete-compiler python-bindings
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
with:
name: concrete-compiler-python-bindings
include-hidden-files: true
retention-days: 3
path: build/artifacts.tgz
- name: Slack Notification
if: ${{ failure() && github.ref == 'refs/heads/main' }}
continue-on-error: true
uses: rtCamp/action-slack-notify@c33737706dea87cd7784c687dadc9adf1be59990
env:
SLACK_COLOR: ${{ job.status }}
SLACK_MESSAGE: "build-python-bindings finished with status: ${{ job.status }}. (${{ env.ACTION_RUN_URL }})"
test-pytest:
needs: [setup-instance, build-python-bindings]
runs-on: ${{ needs.setup-instance.outputs.runner-name }}
steps:
- name: Download concrete-compiler python-bindings
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: concrete-compiler-python-bindings
path: compiler-artifacts
- name: Extract artifacts archive
run: |
cd compiler-artifacts
tar xzvf artifacts.tgz
- name: Run pytest
uses: addnab/docker-run-action@4f65fabd2431ebc8d299f8e5a018d79a769ae185 # v3
with:
registry: ghcr.io
image: ${{ env.DOCKER_IMAGE_TEST }}
username: ${{ secrets.GHCR_LOGIN }}
password: ${{ secrets.GHCR_PASSWORD }}
options: >-
-v ${{ github.workspace }}:/concrete
-v ${{ github.workspace }}/compiler-artifacts:/compiler-artifacts
shell: bash
run: |
set -e
export COMPILER_BUILD_DIRECTORY=/compiler-artifacts
cd /concrete/frontends/concrete-python
source .venv/bin/activate
export KEY_CACHE_DIRECTORY=./key-set-cache
mkdir $KEY_CACHE_DIRECTORY
make pytest
- name: Slack Notification
if: ${{ failure() && github.ref == 'refs/heads/main' }}
continue-on-error: true
uses: rtCamp/action-slack-notify@c33737706dea87cd7784c687dadc9adf1be59990
env:
SLACK_COLOR: ${{ job.status }}
SLACK_MESSAGE: "test-pytest finished with status: ${{ job.status }}. (${{ env.ACTION_RUN_URL }})"
test-notebooks:
needs: [setup-instance, build-python-bindings]
runs-on: ${{ needs.setup-instance.outputs.runner-name }}
steps:
- name: Download concrete-compiler python-bindings
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: concrete-compiler-python-bindings
path: compiler-artifacts
- name: Extract artifacts archive
run: |
cd compiler-artifacts
tar xzvf artifacts.tgz
- name: Run pytest
uses: addnab/docker-run-action@4f65fabd2431ebc8d299f8e5a018d79a769ae185 # v3
with:
registry: ghcr.io
image: ${{ env.DOCKER_IMAGE_TEST }}
username: ${{ secrets.GHCR_LOGIN }}
password: ${{ secrets.GHCR_PASSWORD }}
options: >-
-v ${{ github.workspace }}:/concrete
-v ${{ github.workspace }}/compiler-artifacts:/compiler-artifacts
shell: bash
run: |
set -e
export COMPILER_BUILD_DIRECTORY=/compiler-artifacts
cd /concrete/frontends/concrete-python
source .venv/bin/activate
make test-notebooks
- name: Slack Notification
if: ${{ failure() && github.ref == 'refs/heads/main' }}
continue-on-error: true
uses: rtCamp/action-slack-notify@c33737706dea87cd7784c687dadc9adf1be59990
env:
SLACK_COLOR: ${{ job.status }}
SLACK_MESSAGE: "test-notebooks finished with status: ${{ job.status }}. (${{ env.ACTION_RUN_URL }})"
teardown-instance:
if: ${{ always() && needs.setup-instance.result != 'skipped' }}
needs: [ setup-instance, test-pytest, test-notebooks ]
runs-on: ubuntu-latest
steps:
- name: Stop instance
id: stop-instance
uses: zama-ai/slab-github-runner@98f0788261a7323d5d695a883e20df36591a92b7 # v1.3.0
with:
mode: stop
github-token: ${{ secrets.SLAB_ACTION_TOKEN }}
slab-url: ${{ secrets.SLAB_BASE_URL }}
job-secret: ${{ secrets.JOB_SECRET }}
label: ${{ needs.setup-instance.outputs.runner-name }}
- name: Slack Notification
if: ${{ failure() }}
continue-on-error: true
uses: rtCamp/action-slack-notify@c33737706dea87cd7784c687dadc9adf1be59990
env:
SLACK_COLOR: ${{ job.status }}
SLACK_MESSAGE: "Instance teardown finished with status: ${{ job.status }}. (${{ env.ACTION_RUN_URL }})"