.github/workflows/ci.yml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72

on:
  # Run the checks on any push to any branch of the repo that doesn't start with `_`.
  push:
    branches-ignore: [ '_**' ]
  # Run the check for any pull request. The check is run on a merge between the
  # PR commit and the `main` branch at the time of running the check.
  pull_request:
  # Runs the check when a PR is added to the merge queue.
  merge_group:
  # Makes it possible to run the forkflow by hand from GItHub's interface.
  workflow_dispatch:

# Minimum permissions required by skip-duplicate-actions
permissions:
  actions: write
  contents: read

jobs:
  # Avoid `push` and `pull_request` running the same job twice
  check_if_skip_duplicate_job:
    # runs-on: [self-hosted, linux, nix]
    runs-on: ubuntu-latest
    steps:
      - uses: DeterminateSystems/nix-installer-action@main
      - uses: DeterminateSystems/magic-nix-cache-action@main
      - id: skip_check
        uses: fkirc/skip-duplicate-actions@v5
        with:
          concurrent_skipping: 'same_content_newer'
          skip_after_successful_duplicate: 'true'
          cancel_others: 'true'
    outputs:
      should_skip: ${{ steps.skip_check.outputs.should_skip }}

  nix:
    # runs-on: [self-hosted, linux, nix]
    runs-on: ubuntu-latest
    needs: check_if_skip_duplicate_job
    if: needs.check_if_skip_duplicate_job.outputs.should_skip != 'true'
    steps:
      - uses: DeterminateSystems/nix-installer-action@main
      - uses: DeterminateSystems/magic-nix-cache-action@main
      - uses: actions/checkout@v4
      - run: nix build -L .#checks.x86_64-linux.aeneas-check-tidiness
      - run: nix build -L .#checks.x86_64-linux.check-charon-pin
      - run: nix build -L .#aeneas
      - run: nix build -L .#checks.x86_64-linux.aeneas-tests
      - run: nix build -L .#checks.x86_64-linux.aeneas-verify-fstar
      - run: nix build -L .#checks.x86_64-linux.aeneas-verify-coq
      - run: nix build -L .#checks.x86_64-linux.aeneas-verify-hol4
      # Lean cannot run its tests in the sandbox because `elan` will download things
      #- run: nix build -L .#checks.x86_64-linux.aeneas-verify-lean

  lean:
    runs-on: [ubuntu-latest]
    needs: check_if_skip_duplicate_job
    if: needs.check_if_skip_duplicate_job.outputs.should_skip != 'true'
    steps:
      - uses: actions/checkout@v4
      - uses: cachix/install-nix-action@v26
      - run: nix develop --command bash -c "cd tests/lean && make"

  check-charon-pin:
    # runs-on: [self-hosted, linux, nix]
    runs-on: ubuntu-latest
    steps:
      - uses: DeterminateSystems/nix-installer-action@main
      - uses: DeterminateSystems/magic-nix-cache-action@main
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0 # deep clone in order to get access to other commits
      - run: nix develop --command ./scripts/ci-check-charon-pin.sh