ci.yml
1 name: CI 2 3 # Builds the Docker image and runs `make test` inside it. The ubuntu-latest 4 # GitHub-hosted runner has AVX-512 on recent provisioning windows; if not, 5 # the miner binary will SIGILL at runtime and the test step will fail 6 # with a clear message. 7 # 8 # Status: prepared but NOT deployed — this workflow needs to be enabled on 9 # the published repo and may be subject to GitHub Actions' cryptomining 10 # policy (the workload here is SHA3-256 benchmarking, not mining a 11 # currency, but "disproportionate burden" language is broad). 12 # Current guidance: keep the workflow bounded-duration (a single 30-min 13 # CI run per push, not a continuous loop). 14 15 on: 16 push: 17 branches: [main] 18 pull_request: 19 branches: [main] 20 21 jobs: 22 build-and-test: 23 runs-on: ubuntu-latest 24 timeout-minutes: 20 25 steps: 26 - uses: actions/checkout@v4 27 28 - name: Check CPU features 29 run: | 30 grep -E '^(model name|flags)' /proc/cpuinfo | head -4 || true 31 # Bail early if no AVX-512 — tests would SIGILL. 32 if ! grep -qE 'avx512f' /proc/cpuinfo; then 33 echo "::warning::Runner lacks AVX-512; skipping test. Re-run with a larger instance." 34 exit 0 35 fi 36 37 - name: Install deps 38 run: | 39 sudo apt-get update -qq 40 sudo apt-get install -y --no-install-recommends \ 41 build-essential xsltproc git python3 python3-pip 42 43 - name: Build XKCP 44 run: | 45 git clone --recurse-submodules https://github.com/XKCP/XKCP.git /tmp/XKCP 46 make -C /tmp/XKCP AVX512/libXKCP.a 47 48 - name: Build keccak_bench 49 run: make 50 51 - name: Run leak audit 52 run: ./tools/leak_audit.sh 53 54 - name: Run test suite 55 run: make test 56 57 - name: 10-second sanity bench 58 run: DURATION_SEC=10 WARMUP_SEC=2 ./tools/bench.sh