Basic import

.github/workflows/arm.yml

@@ -0,0 +1,22 @@
+name: ARM64 github
+
+on: workflow_dispatch
+
+jobs:
+  ry-arm:
+    runs-on: macos-14
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+      - name: Build project
+        run: |
+          docker run -it -v `pwd`:/root/project \
+                         openquantumsafe/ci-ubuntu-focal-arm64:latest bash \
+                         -c 'cd /root/project && \
+                             uname -a && \
+                             mkdir build && cd build && source ~/.bashrc && \
+                             cmake -GNinja -DOQS_STRICT_WARNINGS=ON $CMAKE_ARGS .. && cmake -LA .. && ninja && \
+                             cd .. && mkdir -p tmp && \
+                             python3 -m pytest --verbose \
+                                               --ignore=tests/test_code_conventions.py \
+                                               --junitxml=build/test-results/pytest/test-results.xml $PYTEST_ARGS'

.github/workflows/source.xxx

@@ -0,0 +1,330 @@
+---
+version: 2.1
+require_stylecheck:
+  requires:
+  - stylecheck
+require_buildcheck:
+  requires:
+  - stylecheck
+  - buildcheck
+require_testapproval:
+  requires:
+  - stylecheck
+  - buildcheck
+  - testapproval
+localCheckout:
+  run: |-
+    PROJECT_PATH=$(cd ${CIRCLE_WORKING_DIRECTORY}; pwd)
+    mkdir -p ${PROJECT_PATH}
+    git config --global --add safe.directory /tmp/_circleci_local_build_repo
+    cd /tmp/_circleci_local_build_repo
+    git ls-files -z | xargs -0 -s 2090860 tar -c | tar -x -C ${PROJECT_PATH}
+    cp -a /tmp/_circleci_local_build_repo/.git ${PROJECT_PATH}
+jobs:
+  stylecheck:
+    description: Validate formatting of code and documentation
+    docker:
+    - image: openquantumsafe/ci-ubuntu-focal-x86_64:latest
+    steps:
+    - checkout
+    - run:
+        name: Ensure code conventions are upheld
+        command: python3 -m pytest --verbose tests/test_code_conventions.py
+    - run:
+        name: Check that doxygen can parse the documentation
+        command: mkdir -p build/docs && ./scripts/run_doxygen.sh doxygen docs/.Doxyfile
+          build/docs
+  buildcheck:
+    description: Test that we can build a single KEM/Signature pair as part of a minimal
+      build.
+    parameters:
+      CONTAINER:
+        description: The docker container to use.
+        type: string
+      CMAKE_ARGS:
+        description: Arguments to pass to CMake.
+        type: string
+        default: ''
+      KEM_NAME:
+        description: The KEM to build.
+        type: string
+      SIG_NAME:
+        description: The signature scheme to build.
+        type: string
+    docker:
+    - image: "<< parameters.CONTAINER >>"
+    steps:
+    - checkout
+    - run:
+        name: Configure
+        command: |
+          mkdir build && cd build && source ~/.bashrc && \
+          cmake .. --warn-uninitialized \
+                   -GNinja << parameters.CMAKE_ARGS >> \
+                   -DOQS_MINIMAL_BUILD="KEM_<< parameters.KEM_NAME >>;SIG_<< parameters.SIG_NAME >>" \
+                   > config.log 2>&1 && \
+          cat config.log && \
+          cmake -LA .. && ! (grep "uninitialized variable" config.log)
+    - run:
+        name: Build
+        command: ninja
+        working_directory: build
+  linux_oqs:
+    description: A template for running liboqs tests on Linux Docker VMs
+    parameters:
+      CONTAINER:
+        description: The docker container to use.
+        type: string
+      CMAKE_ARGS:
+        description: Arguments to pass to CMake.
+        type: string
+        default: ''
+      PYTEST_ARGS:
+        description: Arguments to pass to pytest.
+        type: string
+        default: "--numprocesses=auto"
+      SKIP_ALGS:
+        description: Algorithms not to test in test_constant_time.
+        type: string
+        default: ''
+    docker:
+    - image: "<< parameters.CONTAINER >>"
+    steps:
+    - checkout
+    - run:
+        name: Configure
+        command: mkdir build && cd build && source ~/.bashrc && cmake -GNinja << parameters.CMAKE_ARGS
+          >> .. && cmake -LA ..
+    - run:
+        name: Build
+        command: ninja
+        working_directory: build
+    - run:
+        name: Run tests
+        no_output_timeout: 1h
+        command: mkdir -p tmp && python3 -m pytest --verbose --ignore=tests/test_speed.py
+          --ignore=tests/test_code_conventions.py --junitxml=build/test-results/pytest/test-results.xml
+          << parameters.PYTEST_ARGS >>
+        environment:
+          SKIP_ALGS: "<< parameters.SKIP_ALGS >>"
+    - store_test_results:
+        path: build/test-results
+    - store_artifacts:
+        path: build/test-results
+  scan_build:
+    description: Executing scan-build test
+    parameters:
+      CONTAINER:
+        description: The docker container to use.
+        type: string
+    docker:
+    - image: "<< parameters.CONTAINER >>"
+    steps:
+    - checkout
+    - run:
+        name: Configure
+        command: mkdir build && cd build && pwd && source ~/.bashrc && scan-build-15
+          cmake -GNinja ..
+    - run:
+        name: Build
+        command: scan-build-15 --status-bugs ninja
+        working_directory: build
+  arm_machine:
+    description: A template for running liboqs tests on ARM(presently only 64) machines
+    parameters:
+      CMAKE_ARGS:
+        description: Arguments to pass to CMake.
+        type: string
+        default: ''
+      PYTEST_ARGS:
+        description: Arguments to pass to pytest.
+        type: string
+        default: "--numprocesses=auto"
+    machine:
+      image: default
+    resource_class: arm.medium
+    steps:
+    - checkout
+    - run:
+        name: Build and run tests in docker
+        no_output_timeout: 1h
+        command: |
+          docker run -it -e CMAKE_ARGS="<< parameters.CMAKE_ARGS >>" \
+                         -e PYTEST_ARGS="<< parameters.PYTEST_ARGS >>" \
+                         -v `pwd`:/root/project \
+                         openquantumsafe/ci-ubuntu-focal-arm64:latest bash \
+                         -c 'cd /root/project && \
+                             uname -a && \
+                             mkdir build && cd build && source ~/.bashrc && \
+                             cmake -GNinja -DOQS_STRICT_WARNINGS=ON $CMAKE_ARGS .. && cmake -LA .. && ninja && \
+                             cd .. && mkdir -p tmp && \
+                             python3 -m pytest --verbose \
+                                               --ignore=tests/test_code_conventions.py \
+                                               --junitxml=build/test-results/pytest/test-results.xml $PYTEST_ARGS'
+    - store_test_results:
+        path: build/test-results
+    - store_artifacts:
+        path: build/test-results
+  trigger-downstream-ci:
+    docker:
+    - image: cimg/base:2020.01
+    steps:
+    - run:
+        name: Trigger OQS-OpenSSL CI
+        command: |
+          curl --silent \
+               --write-out "\n%{response_code}\n" \
+               --user ${BUILD_TRIGGER_TOKEN}: \
+               --request POST \
+               --header "Content-Type: application/json" \
+               --data '{ "branch": "OQS-OpenSSL_1_1_1-stable", "parameters": { "run_downstream_tests": true } }' \
+               REDACTED2/project/gh/open-quantum-safe/openssl/pipeline | tee curl_out \
+          && grep -q "201" curl_out
+    - run:
+        name: Trigger OQS-BoringSSL CI
+        command: |
+          curl --silent \
+               --write-out "\n%{response_code}\n" \
+               --user ${BUILD_TRIGGER_TOKEN}: \
+               --request POST \
+               --header "Content-Type: application/json" \
+               --data '{ "branch": "master", "parameters": { "run_downstream_tests": true } }' \
+               REDACTED2/project/gh/open-quantum-safe/boringssl/pipeline | tee curl_out \
+          && grep -q "201" curl_out
+    - run:
+        name: Trigger OQS-OpenSSH CI
+        command: |
+          curl --silent \
+               --write-out "\n%{response_code}\n" \
+               --user ${BUILD_TRIGGER_TOKEN}: \
+               --request POST \
+               --header "Content-Type: application/json" \
+               --data '{ "branch": "OQS-v8", "parameters": { "run_downstream_tests": true } }' \
+               REDACTED2/project/gh/open-quantum-safe/openssh/pipeline | tee curl_out \
+          && grep -q "201" curl_out
+    - run:
+        name: Trigger oqs-provider CI
+        command: |
+          curl --silent \
+               --write-out "\n%{response_code}\n" \
+               --user ${BUILD_TRIGGER_TOKEN}: \
+               --request POST \
+               --header "Content-Type: application/json" \
+               --data '{ "branch": "main" }' \
+               REDACTED2/project/gh/open-quantum-safe/oqs-provider/pipeline | tee curl_out \
+          && grep -q "201" curl_out
+    - run:
+        name: Trigger liboqs-dotnet CI
+        command: |
+          curl --silent \
+               --write-out "\n%{response_code}\n" \
+               --user ${BUILD_TRIGGER_TOKEN}: \
+               --request POST \
+               --header "Content-Type: application/json" \
+               --data '{ "branch": "master" }' \
+               REDACTED2/project/gh/open-quantum-safe/liboqs-dotnet/pipeline | tee curl_out \
+          && grep -q "201" curl_out
+    - run:
+        name: Trigger liboqs-java CI
+        command: |
+          curl --silent \
+               --write-out "\n%{response_code}\n" \
+               --user ${BUILD_TRIGGER_TOKEN}: \
+               --request POST \
+               --header "Content-Type: application/json" \
+               --data '{ "branch": "master" }' \
+               REDACTED2/project/gh/open-quantum-safe/liboqs-java/pipeline | tee curl_out \
+          && grep -q "201" curl_out
+    - run:
+        name: Trigger liboqs-python CI
+        command: |
+          curl --silent \
+               --write-out "\n%{response_code}\n" \
+               --request POST \
+               --header "Accept: application/vnd.github+json" \
+               --header "Authorization: Bearer $OQSBOT_GITHUB_ACTIONS" \
+               --header "X-GitHub-Api-Version: 2022-11-28" \
+               --data '{"event_type":"liboqs-upstream-trigger"}' \
+               REDACTED-quantum-safe/liboqs-python/dispatches | tee curl_out \
+          && grep -q "204" curl_out
+workflows:
+  version: 2.1
+  build:
+    when:
+      and:
+      - not:
+          equal:
+          - main
+          - "<< pipeline.git.branch >>"
+      - not:
+          matches:
+            pattern: "^ghactionsonly-.*"
+            value: "<< pipeline.git.branch >>"
+    jobs:
+    - stylecheck
+    - buildcheck:
+        requires:
+        - stylecheck
+        context: openquantumsafe
+        CONTAINER: openquantumsafe/ci-ubuntu-focal-x86_64:latest
+        KEM_NAME: kyber_768
+        SIG_NAME: dilithium_3
+    - scan_build:
+        requires:
+        - stylecheck
+        - buildcheck
+        name: scan_build
+        context: openquantumsafe
+        CONTAINER: openquantumsafe/ci-ubuntu-focal-x86_64:latest
+    - linux_oqs:
+        requires:
+        - stylecheck
+        - buildcheck
+        name: ubuntu-focal-noopenssl
+        context: openquantumsafe
+        CONTAINER: openquantumsafe/ci-ubuntu-focal-x86_64:latest
+        CMAKE_ARGS: "-DCMAKE_C_COMPILER=gcc-8 -DOQS_USE_OPENSSL=OFF"
+        PYTEST_ARGS: "--ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py"
+    - linux_oqs:
+        requires:
+        - stylecheck
+        - buildcheck
+        name: ubuntu-focal-shared-noopenssl
+        context: openquantumsafe
+        CONTAINER: openquantumsafe/ci-ubuntu-focal-x86_64:latest
+        CMAKE_ARGS: "-DCMAKE_C_COMPILER=gcc-7 -DOQS_DIST_BUILD=OFF -DOQS_USE_OPENSSL=OFF
+          -DBUILD_SHARED_LIBS=ON"
+        PYTEST_ARGS: "--ignore=tests/test_namespace.py --ignore=tests/test_leaks.py
+          --ignore=tests/test_kat_all.py --numprocesses=auto"
+    - linux_oqs:
+        requires:
+        - stylecheck
+        - buildcheck
+        name: ubuntu-focal-clang15
+        context: openquantumsafe
+        CONTAINER: openquantumsafe/ci-ubuntu-focal-x86_64:latest
+        CMAKE_ARGS: "-DOQS_STRICT_WARNINGS=ON -DCMAKE_C_COMPILER=clang-15 -DOQS_OPT_TARGET=skylake"
+        PYTEST_ARGS: "--ignore=tests/test_kat_all.py"
+    - linux_oqs:
+        requires:
+        - stylecheck
+        - buildcheck
+        name: ubuntu-bionic-i386
+        context: openquantumsafe
+        CONTAINER: openquantumsafe/ci-ubuntu-bionic-i386:latest
+        CMAKE_ARGS: "-DCMAKE_TOOLCHAIN_FILE=../.CMake/toolchain_x86.cmake"
+        PYTEST_ARGS: "--ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py"
+    - arm_machine:
+        requires:
+        - stylecheck
+        - buildcheck
+        name: arm64
+        PYTEST_ARGS: "--numprocesses=auto --maxprocesses=10 --ignore=tests/test_kat_all.py"
+  commit-to-main:
+    when:
+      equal:
+      - main
+      - "<< pipeline.git.branch >>"
+    jobs:
+    - trigger-downstream-ci:
+        context: openquantumsafe