[aes_gcm,sca] Allow setting IV or key as FvsR #179
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Copyright lowRISC contributors (OpenTitan project). | |
# Licensed under the Apache License, Version 2.0, see LICENSE for details. | |
# SPDX-License-Identifier: Apache-2.0 | |
name: CI | |
on: | |
pull_request: | |
push: | |
branches-ignore: | |
- "backport-*" | |
tags: | |
- "*" | |
permissions: | |
contents: read | |
# Needed for workload identity federation | |
id-token: write | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: ${{ github.event_name == 'pull_request' }} | |
env: | |
VIVADO_VERSION: "2021.1" | |
jobs: | |
quick_lint: | |
name: Lint (quick) | |
runs-on: ubuntu-20.04 | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 # Required so we can lint commit messages. | |
- name: Prepare environment | |
uses: ./.github/actions/prepare-env | |
- name: Show environment | |
run: ./ci/scripts/show-env.sh | |
- name: Commit metadata | |
run: ./ci/scripts/lint-commits.sh "$GITHUB_BASE_REF" | |
if: ${{ github.event_name == 'pull_request' }} | |
- name: License headers | |
run: ./ci/scripts/check-licence-headers.sh "$GITHUB_BASE_REF" | |
if: ${{ github.event_name == 'pull_request' }} | |
- name: Executable bits | |
run: ./ci/scripts/exec-check.sh | |
- name: Non-ASCII characters | |
run: ./ci/scripts/check-ascii.sh | |
- name: Python (flake8) | |
run: ./ci/scripts/python-lint.sh "$GITHUB_BASE_REF" | |
if: ${{ github.event_name == 'pull_request' }} | |
- name: Python (mypy) | |
run: ./ci/scripts/mypy.sh | |
- name: Validate testplans with schema | |
run: ./ci/scripts/validate_testplans.sh | |
- name: C/C++ formatting | |
run: ./bazelisk.sh test //quality:clang_format_check | |
- name: Rust formatting | |
run: ./bazelisk.sh test //quality:rustfmt_check | |
- name: Shellcheck | |
run: ./bazelisk.sh test //quality:shellcheck_check | |
- name: Header guards | |
run: ./ci/scripts/include-guard.sh "$GITHUB_BASE_REF" | |
if: ${{ github.event_name == 'pull_request' }} | |
- name: Trailing whitespace | |
run: ./ci/scripts/whitespace.sh "$GITHUB_BASE_REF" | |
if: ${{ github.event_name == 'pull_request' }} | |
- name: Broken links | |
run: ./ci/scripts/check-links.sh | |
- name: Generated documentation | |
run: ./ci/scripts/check-cmdgen.sh | |
slow_lint: | |
name: Lint (slow) | |
runs-on: ubuntu-20.04 | |
needs: quick_lint | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 # Bitstream cache requires all commits. | |
- name: Prepare environment | |
uses: ./.github/actions/prepare-env | |
- name: Countermeasures implemented (earlgrey) | |
run: ./ci/scripts/check-countermeasures.sh earlgrey | |
continue-on-error: true | |
- name: Countermeasures implemented (englishbreakfast) | |
run: ./ci/scripts/check-countermeasures.sh englishbreakfast | |
continue-on-error: true | |
- name: Bazel test suite tags | |
run: ./ci/scripts/check_bazel_test_suites.py | |
continue-on-error: true | |
# See #21973: disabled until Verilator tags are fixed. | |
# - name: Check Bazel tags | |
# run: ./ci/scripts/check-bazel-tags.sh | |
# continue-on-error: true | |
- name: Banned Bazel rules | |
run: ./ci/scripts/check-bazel-banned-rules.sh | |
- name: Bazel target names | |
run: ./ci/scripts/check_bazel_target_names.py | |
continue-on-error: true | |
- name: DV software images | |
run: ./ci/scripts/check_dv_sw_images.sh | |
continue-on-error: true | |
- name: Build documentation | |
run: ./ci/scripts/build-docs.sh | |
- name: Generated files | |
run: ./ci/scripts/check-generated.sh | |
env: | |
OT_DESTRUCTIVE: 1 # Required by the script to clean up. | |
- name: Buildifier | |
run: ./bazelisk.sh test //quality:buildifier_check | |
- name: Vendored files | |
run: ./ci/scripts/check-vendoring.sh | |
- name: Verible RTL | |
run: ./ci/scripts/verible-lint.sh rtl | |
- name: Verible DV | |
run: ./ci/scripts/verible-lint.sh dv | |
- name: Verible FPV | |
run: ./ci/scripts/verible-lint.sh fpv | |
airgapped_build: | |
name: Airgapped build | |
runs-on: ubuntu-20.04 | |
needs: quick_lint | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 # Bitstream cache requires all commits. | |
- name: Prepare environment | |
uses: ./.github/actions/prepare-env | |
with: | |
configure-bazel: false | |
- name: Free disk space | |
uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be | |
- name: Check disk space | |
run: | | |
df -h | |
- name: Prepare airgapped environment | |
run: ./util/prep-bazel-airgapped-build.sh | |
- name: Check disk space | |
run: | | |
df -h | |
- name: Build in the airgapped environment | |
run: ./ci/scripts/test-airgapped-build.sh | |
verible_lint: | |
name: Verible lint | |
runs-on: ubuntu-24.04 | |
needs: quick_lint | |
if: ${{ github.event_name == 'pull_request' }} | |
env: | |
verible_config: hw/lint/tools/veriblelint/lowrisc-styleguide.rules.verible_lint | |
verible_version: v0.0-3430-g060bde0f | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Prepare Verible config | |
run: | | |
echo "Concatenating Verible waivers" | |
find . -type f -name '*.vbl' -exec cat {} \; >> verible_waiver | |
echo "::group::Verible config" | |
cat "$verible_config" | |
echo "::endgroup::" | |
echo "::group::Verible waiver" | |
cat "verible_waiver" | |
echo "::endgroup::" | |
- name: Run Verible linter action | |
uses: chipsalliance/[email protected] | |
with: | |
github_token: ${{ secrets.GITHUB_TOKEN }} | |
verible_version: ${{ env.verible_version }} | |
reviewdog_reporter: 'github-pr-check' | |
suggest_fixes: 'false' | |
config_file: ${{ env.verible_config }} | |
extra_args: "--waiver_files=verible_waiver" | |
verilator_englishbreakfast: | |
name: Verilated English Breakfast | |
runs-on: ubuntu-20.04 | |
needs: quick_lint | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Prepare environment | |
uses: ./.github/actions/prepare-env | |
- name: Build simulator with Verilator | |
run: ./ci/scripts/build-chip-verilator.sh englishbreakfast | |
- name: Upload binary | |
uses: actions/upload-artifact@v4 | |
with: | |
name: verilated_englishbreakfast | |
path: build-bin/hw/top_englishbreakfast/Vchip_englishbreakfast_verilator | |
overwrite: true | |
- name: Test | |
run: ./ci/scripts/run-english-breakfast-verilator-tests.sh | |
# Build CW305 variant of the English Breakfast toplevel design using Vivado | |
chip_englishbreakfast_cw305: | |
name: CW305's Bitstream | |
runs-on: ubuntu-22.04-bitstream | |
needs: quick_lint | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Prepare environment | |
uses: ./.github/actions/prepare-env | |
- name: Build bitstream | |
run: | | |
# Build CW305 test rom required by `build-bitstream-vivado.sh` | |
rom_path="sw/device/lib/testing/test_rom" | |
./bazelisk.sh build "//${rom_path}:test_rom_fpga_cw305" \ | |
--features=-rv32_bitmanip \ | |
--copt=-DOT_IS_ENGLISH_BREAKFAST_REDUCED_SUPPORT_FOR_INTERNAL_USE_ONLY_ | |
vmem="$(./bazelisk.sh cquery --output=files "//${rom_path}:test_rom_fpga_cw305" \ | |
--features=-rv32_bitmanip \ | |
--copt=-DOT_IS_ENGLISH_BREAKFAST_REDUCED_SUPPORT_FOR_INTERNAL_USE_ONLY_ | |
)" | |
mkdir -p "build-bin/${rom_path}" | |
cp "$vmem" "build-bin/${rom_path}" | |
module load "xilinx/vivado/${VIVADO_VERSION}" | |
ci/scripts/build-bitstream-vivado.sh top_englishbreakfast cw305 | |
- name: Upload bitstream | |
uses: actions/upload-artifact@v4 | |
with: | |
name: chip_englishbreakfast_cw305 | |
path: build-bin/hw/top_englishbreakfast/lowrisc_systems_chip_englishbreakfast_cw305_0.1.bit | |
overwrite: true | |
build_docker_containers: | |
name: Build Docker Containers | |
runs-on: ubuntu-20.04 | |
needs: quick_lint | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Build Developer Utility Container | |
uses: docker/build-push-action@v6 | |
with: | |
context: . | |
file: util/container/Dockerfile | |
continue-on-error: true | |
- name: Build Documentation Redirector Container | |
uses: docker/build-push-action@v6 | |
with: | |
context: site/redirector/landing |