From 7d91bb2e78d9c13eb1d7102021bdc6debe785625 Mon Sep 17 00:00:00 2001 From: "Jan Winkelmann (keks)" Date: Thu, 21 Aug 2025 18:16:58 +0200 Subject: [PATCH 01/12] refactor benchmarks to support comments too --- .github/workflows/benches.yml | 277 ++++++++++++++++++++++++++++++ .github/workflows/mldsa-bench.yml | 112 ------------ .github/workflows/mlkem-bench.yml | 114 ------------ 3 files changed, 277 insertions(+), 226 deletions(-) create mode 100644 .github/workflows/benches.yml delete mode 100644 .github/workflows/mldsa-bench.yml delete mode 100644 .github/workflows/mlkem-bench.yml diff --git a/.github/workflows/benches.yml b/.github/workflows/benches.yml new file mode 100644 index 000000000..94db7c52a --- /dev/null +++ b/.github/workflows/benches.yml @@ -0,0 +1,277 @@ +name: Test Comment Action + +on: + merge_group: + pull_request: + branches: ["main", "dev"] + workflow_dispatch: + push: + branches: ["main"] + +jobs: + bench-mlkem: + strategy: + fail-fast: true + matrix: + bits: [32, 64] + os: + - macos-13 + - macos-latest + - ubuntu-latest + - windows-latest + exclude: + # There's no such thing as 32-bit macOS + - bits: 32 + os: "macos-latest" + - bits: 32 + os: "macos-13" + runs-on: ${{ matrix.os }} + defaults: + run: + shell: bash + working-directory: libcrux-ml-kem + + steps: + - uses: actions/checkout@v4 + with: + repository: 'cryspen/libcrux' + + # set up rust env + + - name: Update dependencies + run: cargo update + + - run: echo "RUST_TARGET_FLAG=" > $GITHUB_ENV + if: ${{ matrix.bits == 64 }} + + - name: 🛠️ Setup Ubuntu x86 + if: ${{ matrix.bits == 32 && matrix.os == 'ubuntu-latest' }} + run: | + rustup target add i686-unknown-linux-gnu + sudo apt-get update + sudo apt-get install -y gcc-multilib g++-multilib + + - name: 🛠️ Setup macOS + if: ${{ matrix.os == 'macos-latest' }} + run: | + rustup target add aarch64-apple-darwin + + # Set up 32 bit systems + + - name: 🛠️ Config Windows x86 + run: echo "RUST_TARGET_FLAG=--target=i686-pc-windows-msvc" > $GITHUB_ENV + if: ${{ matrix.bits == 32 && matrix.os == 'windows-latest' }} + + - name: 🛠️ Config Linux x86 + run: | + echo "RUST_TARGET_FLAG=--target=i686-unknown-linux-gnu" > $GITHUB_ENV + if: ${{ matrix.bits == 32 && matrix.os == 'ubuntu-latest' }} + + # run benchmarks + + - name: 🏃🏻‍♀️ Benchmarks + run: cargo bench --verbose $RUST_TARGET_FLAG -- --output-format bencher | tee bench.txt + + # extract benchmark json + + - name: Extract benchmarks + uses: cryspen/benchmark-data-extract-transform@v2 + with: + name: ML-KEM Benchmark + tool: 'cargo' + os: ${{ matrix.os }}_${{ matrix.bits }} + output-file-path: libcrux-ml-kem/bench.txt + data-out-path: benchdata-mlkem-${{matrix.os}}-${{matrix.bits}}.json + + - uses: actions/upload-artifact@v4 + with: + name: benchdata-mlkem-${{matrix.os}}-${{matrix.bits}}.json + path: benchdata-mlkem-${{matrix.os}}-${{matrix.bits}}.json + + bench-mldsa: + strategy: + fail-fast: true + matrix: + bits: [32, 64] + os: + - macos-13 + - macos-latest + - ubuntu-latest + - windows-latest + exclude: + # There's no such thing as 32-bit macOS + - bits: 32 + os: "macos-latest" + - bits: 32 + os: "macos-13" + runs-on: ${{ matrix.os }} + defaults: + run: + shell: bash + working-directory: libcrux-ml-dsa + + steps: + - uses: actions/checkout@v4 + with: + repository: 'cryspen/libcrux' + + # set up rust env + + - name: Update dependencies + run: cargo update + + - run: echo "RUST_TARGET_FLAG=" > $GITHUB_ENV + if: ${{ matrix.bits == 64 }} + + - name: 🛠️ Setup Ubuntu x86 + if: ${{ matrix.bits == 32 && matrix.os == 'ubuntu-latest' }} + run: | + rustup target add i686-unknown-linux-gnu + sudo apt-get update + sudo apt-get install -y gcc-multilib g++-multilib + + - name: 🛠️ Setup macOS + if: ${{ matrix.os == 'macos-latest' }} + run: | + rustup target add aarch64-apple-darwin + + # Set up 32 bit systems + + - name: 🛠️ Config Windows x86 + run: echo "RUST_TARGET_FLAG=--target=i686-pc-windows-msvc" > $GITHUB_ENV + if: ${{ matrix.bits == 32 && matrix.os == 'windows-latest' }} + + - name: 🛠️ Config Linux x86 + run: | + echo "RUST_TARGET_FLAG=--target=i686-unknown-linux-gnu" > $GITHUB_ENV + if: ${{ matrix.bits == 32 && matrix.os == 'ubuntu-latest' }} + + # run benchmarks + + - name: 🏃🏻‍♀️ Benchmarks + run: cargo bench --bench manual44 --bench manual65 --bench manual87 --verbose $RUST_TARGET_FLAG -- --output-format bencher | tee bench.txt + + # extract benchmark json + + - name: Extract benchmarks + uses: cryspen/benchmark-data-extract-transform@v2 + with: + name: ML-DSA Benchmark + tool: 'cargo' + os: ${{ matrix.os }}_${{ matrix.bits }} + output-file-path: libcrux-ml-dsa/bench.txt + data-out-path: benchdata-mldsa-${{matrix.os}}-${{matrix.bits}}.json + + - uses: actions/upload-artifact@v4 + with: + name: benchdata-mldsa-${{matrix.os}}-${{matrix.bits}}.json + path: benchdata-mldsa-${{matrix.os}}-${{matrix.bits}}.json + + merge: + runs-on: ubuntu-latest + needs: [bench-mlkem, bench-mldsa] + steps: + - uses: actions/checkout@v4 + with: + repository: 'cryspen/libcrux' + + - run: mkdir benchdata + - uses: actions/download-artifact@v5 + with: + pattern: benchdata-*.json + path: benchdata/ + merge-multiple: true + + - name: Join per-run data + run: | + jq -s add benchdata/benchdata-mlkem-* > benchdata-mlkem.json + jq -s add benchdata/benchdata-mldsa-* > benchdata-mldsa.json + + # check if the PR branch is on a fork. if it is, post comments. + # otherwise, generate page and merge it. + - name: Set IS_FORK environment variable + run: echo "IS_FORK=${{ github.event.pull_request.head.repo.fork }}" >> $GITHUB_ENV + + # if not a fork, use page generation action + - name: Upload ML-DSA benchmarks + if: env.IS_FORK == 'false' + uses: cryspen/benchmark-upload-and-plot-action@v3 + with: + name: ML-DSA Benchmark + input-data-path: benchdata-mldsa.json + github-token: ${{ secrets.GITHUB_TOKEN }} + gh-repository: github.com/${{ github.repository }} + group-by: label,keySize,os + schema: implementation,keySize,label,hardware,os + auto-push: false + fail-on-alert: true + alert-threshold: 200% + + - name: Upload ML-KEM benchmarks + if: env.IS_FORK == 'false' + uses: cryspen/benchmark-upload-and-plot-action@v3 + with: + name: ML-KEM Benchmark + input-data-path: benchdata-mlkem.json + github-token: ${{ secrets.GITHUB_TOKEN }} + gh-repository: github.com/${{ github.repository }} + group-by: os,keySize + schema: category,keySize,name,platform,api,os + auto-push: false + fail-on-alert: true + alert-threshold: 200% + + # if a fork, use comment-based action + - uses: cryspen/benchmark-comment-and-plot-action@main + if: env.IS_FORK == 'true' + with: + id: mldsa + gh-repository: cryspen/libcrux + group-by: label,keySize,os + schema: implementation,keySize,label,hardware,os + input-data-path: benchdata-mldsa.json + name: ML-DSA Benchmark + output-md: report-mldsa.md + + - name: TODO remove previous checkout + run: rm -rf benchmark-data-repository + + - uses: cryspen/benchmark-comment-and-plot-action@main + if: env.IS_FORK == 'true' + with: + id: mlkem + gh-repository: cryspen/libcrux + group-by: os,keySize + schema: category,keySize,name,platform,api,os + input-data-path: benchdata-mlkem.json + name: ML-KEM Benchmark + output-md: report-mlkem.md + + - name: Build comment + if: env.IS_FORK == 'true' + run: | + BASE_HASH="${{ github.event.pull_request.base.sha }}" + BASE_HASH_SHORT=$(echo "${{ github.event.pull_request.base.sha }}" | cut -c1-7) + + PR_HEAD_HASH="${{ github.event.pull_request.head.sha }}" + PR_HEAD_HASH_SHORT=$(echo "${{ github.event.pull_request.head.sha }}" | cut -c1-7) + + PR_COMMIT_URL="${{ github.server_url }}/${{ github.repository }}/commit/${PR_HEAD_HASH}" + BASE_COMMIT_URL="${{ github.server_url }}/${{ github.repository }}/commit/${BASE_HASH}" + + cat >comment.md < $GITHUB_ENV - if: ${{ matrix.bits == 32 && matrix.os == 'windows-latest' }} - - - name: 🛠️ Config Linux x86 - run: | - echo "RUST_TARGET_FLAG=--target=i686-unknown-linux-gnu" > $GITHUB_ENV - if: ${{ matrix.bits == 32 && matrix.os == 'ubuntu-latest' }} - - # Benchmarks ... - - - name: 🏃🏻‍♀️ Benchmarks - run: cargo bench --bench manual44 --bench manual65 --bench manual87 --verbose $RUST_TARGET_FLAG -- --output-format bencher | tee bench.txt - - - name: Extract benchmarks - uses: cryspen/benchmark-data-extract-transform@v2 - with: - name: ML-DSA Benchmark - tool: 'cargo' - os: ${{ matrix.os }}_${{ matrix.bits }} - output-file-path: libcrux-ml-dsa/bench.txt - data-out-path: libcrux-ml-dsa/bench-processed.json - - - name: Upload benchmarks - uses: cryspen/benchmark-upload-and-plot-action@v3 - with: - name: ML-DSA Benchmark - input-data-path: libcrux-ml-dsa/bench-processed.json - github-token: ${{ secrets.GITHUB_TOKEN }} - gh-repository: github.com/${{ github.repository }} - group-by: label,keySize,os - schema: implementation,keySize,label,hardware,os - auto-push: true - fail-on-alert: true - alert-threshold: 200% - - mldsa-bench-status: - if: ${{ always() }} - needs: [benchmark] - runs-on: ubuntu-latest - steps: - - name: Successful - if: ${{ !(contains(needs.*.result, 'failure')) }} - run: exit 0 - - name: Failing - if: ${{ (contains(needs.*.result, 'failure')) }} - run: exit 1 diff --git a/.github/workflows/mlkem-bench.yml b/.github/workflows/mlkem-bench.yml deleted file mode 100644 index 1f3c038fc..000000000 --- a/.github/workflows/mlkem-bench.yml +++ /dev/null @@ -1,114 +0,0 @@ -name: ML-KEM - Benchmark - -on: - # run benchmarks and fail on regression - merge_group: - # run on PR but skip - pull_request: - branches: ["main", "dev"] - workflow_dispatch: - # run benchmarks once merged and push data - push: - branches: ["main"] -env: - CARGO_TERM_COLOR: always - -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true - -jobs: - benchmark: - if: ${{ github.event_name != 'pull_request' }} - strategy: - fail-fast: true - matrix: - bits: [32, 64] - os: - - macos-13 - - macos-latest - - ubuntu-latest - - windows-latest - exclude: - # There's no such thing as 32-bit macOS - - bits: 32 - os: "macos-latest" - - bits: 32 - os: "macos-13" - - runs-on: ${{ matrix.os }} - defaults: - run: - shell: bash - working-directory: libcrux-ml-kem - - steps: - - uses: actions/checkout@v5 - - - name: Update dependencies - run: cargo update - - - run: echo "RUST_TARGET_FLAG=" > $GITHUB_ENV - if: ${{ matrix.bits == 64 }} - - - name: 🛠️ Setup Ubuntu x86 - if: ${{ matrix.bits == 32 && matrix.os == 'ubuntu-latest' }} - run: | - rustup target add i686-unknown-linux-gnu - sudo apt-get update - sudo apt-get install -y gcc-multilib g++-multilib - - - name: 🛠️ Setup macOS - if: ${{ matrix.os == 'macos-latest' }} - run: | - rustup target add aarch64-apple-darwin - - # Set up 32 bit systems - - - name: 🛠️ Config Windows x86 - run: echo "RUST_TARGET_FLAG=--target=i686-pc-windows-msvc" > $GITHUB_ENV - if: ${{ matrix.bits == 32 && matrix.os == 'windows-latest' }} - - - name: 🛠️ Config Linux x86 - run: | - echo "RUST_TARGET_FLAG=--target=i686-unknown-linux-gnu" > $GITHUB_ENV - if: ${{ matrix.bits == 32 && matrix.os == 'ubuntu-latest' }} - - # Benchmarks ... - - - name: 🏃🏻‍♀️ Benchmarks - run: cargo bench --verbose $RUST_TARGET_FLAG -- --output-format bencher | tee bench.txt - - - name: Extract benchmarks - uses: cryspen/benchmark-data-extract-transform@v2 - with: - name: ML-KEM Benchmark - tool: 'cargo' - os: ${{ matrix.os }}_${{ matrix.bits }} - output-file-path: libcrux-ml-kem/bench.txt - data-out-path: libcrux-ml-kem/bench-processed.json - - - name: Upload benchmarks - uses: cryspen/benchmark-upload-and-plot-action@v3 - with: - name: ML-KEM Benchmark - input-data-path: libcrux-ml-kem/bench-processed.json - github-token: ${{ secrets.GITHUB_TOKEN }} - gh-repository: github.com/${{ github.repository }} - group-by: os,keySize - schema: category,keySize,name,platform,api,os - auto-push: true - fail-on-alert: true - alert-threshold: 200% - - mlkem-bench-status: - if: ${{ always() }} - needs: [benchmark] - runs-on: ubuntu-latest - steps: - - name: Successful - if: ${{ !(contains(needs.*.result, 'failure')) }} - run: exit 0 - - name: Failing - if: ${{ (contains(needs.*.result, 'failure')) }} - run: exit 1 From f87c31d0c82fbcd8eb632c5df299c0aea2e76c6d Mon Sep 17 00:00:00 2001 From: "Jan Winkelmann (keks)" Date: Mon, 25 Aug 2025 11:28:34 +0200 Subject: [PATCH 02/12] grant PR permissions to job that wants to post comment --- .github/workflows/benches.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/benches.yml b/.github/workflows/benches.yml index 94db7c52a..978a4509a 100644 --- a/.github/workflows/benches.yml +++ b/.github/workflows/benches.yml @@ -168,6 +168,8 @@ jobs: path: benchdata-mldsa-${{matrix.os}}-${{matrix.bits}}.json merge: + permissions: + pull-requests: write runs-on: ubuntu-latest needs: [bench-mlkem, bench-mldsa] steps: From aefdee6d86cfd78c12968b1cd10520b1556740f2 Mon Sep 17 00:00:00 2001 From: "Jan Winkelmann (keks)" Date: Thu, 28 Aug 2025 09:53:24 +0200 Subject: [PATCH 03/12] try fixing the commenting --- .github/workflows/benches.yml | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/.github/workflows/benches.yml b/.github/workflows/benches.yml index 978a4509a..5d6506003 100644 --- a/.github/workflows/benches.yml +++ b/.github/workflows/benches.yml @@ -250,6 +250,7 @@ jobs: output-md: report-mlkem.md - name: Build comment + id: build_comment if: env.IS_FORK == 'true' run: | BASE_HASH="${{ github.event.pull_request.base.sha }}" @@ -261,7 +262,7 @@ jobs: PR_COMMIT_URL="${{ github.server_url }}/${{ github.repository }}/commit/${PR_HEAD_HASH}" BASE_COMMIT_URL="${{ github.server_url }}/${{ github.repository }}/commit/${BASE_HASH}" - cat >comment.md <$GITHUB_OUTPUT < Date: Thu, 28 Aug 2025 12:03:38 +0200 Subject: [PATCH 04/12] move removing to the right place --- .github/workflows/benches.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/benches.yml b/.github/workflows/benches.yml index 5d6506003..22ae8644b 100644 --- a/.github/workflows/benches.yml +++ b/.github/workflows/benches.yml @@ -209,6 +209,9 @@ jobs: fail-on-alert: true alert-threshold: 200% + - name: TODO remove previous checkout + run: rm -rf benchmark-data-repository + - name: Upload ML-KEM benchmarks if: env.IS_FORK == 'false' uses: cryspen/benchmark-upload-and-plot-action@v3 @@ -235,9 +238,6 @@ jobs: name: ML-DSA Benchmark output-md: report-mldsa.md - - name: TODO remove previous checkout - run: rm -rf benchmark-data-repository - - uses: cryspen/benchmark-comment-and-plot-action@main if: env.IS_FORK == 'true' with: From f18f3dd26433317c780aa9890873277f3e457f1c Mon Sep 17 00:00:00 2001 From: "Jan Winkelmann (keks)" Date: Thu, 28 Aug 2025 15:20:40 +0200 Subject: [PATCH 05/12] temporary diable benchmarks --- .github/workflows/benches.yml | 36 +++++++++---------- ...est.yml => docker-c-build-test.yml.tmpoff} | 0 ...st.yml => docker-c-push-latest.yml.tmpoff} | 0 ...ld-test.yml => ecdh-build-test.yml.tmpoff} | 0 ...get-hax-ref.yml => get-hax-ref.yml.tmpoff} | 0 ...-reviews.yml => github-reviews.yml.tmpoff} | 0 ...b-skip-benches-in-prs.yml.disabled.tmpoff} | 0 ...thub-stale.yml => github-stale.yml.tmpoff} | 0 ...ild-test.yml => kem-build-test.yml.tmpoff} | 0 ...bled => libcrux-bench.yml.disabled.tmpoff} | 0 ...test.yml => libcrux-build-test.yml.tmpoff} | 0 ...te.yml => libcrux-flake-update.yml.tmpoff} | 0 ...d-test.yml => mldsa-build-test.yml.tmpoff} | 0 .../{mldsa-c.yml => mldsa-c.yml.tmpoff} | 0 .../{mldsa-hax.yml => mldsa-hax.yml.tmpoff} | 0 ...d-test.yml => mlkem-build-test.yml.tmpoff} | 0 ...bled => mlkem-c-bench.yml.disabled.tmpoff} | 0 .../{mlkem-c.yml => mlkem-c.yml.tmpoff} | 0 .../{mlkem-hax.yml => mlkem-hax.yml.tmpoff} | 0 ...disabled => mlkem-nix.yml.disabled.tmpoff} | 0 ...mlkem-s390x.yml => mlkem-s390x.yml.tmpoff} | 0 ...est.yml => platform-build-test.yml.tmpoff} | 0 ...ild-test.yml => psq-build-test.yml.tmpoff} | 0 .../{sha3-hax.yml => sha3-hax.yml.tmpoff} | 0 ...d-test.yml => specs-build-test.yml.tmpoff} | 0 ...aits-build.yml => traits-build.yml.tmpoff} | 0 ....yml => wasm-and-no-std-checks.yml.tmpoff} | 0 ...checks.yml => workspace-checks.yml.tmpoff} | 0 28 files changed, 18 insertions(+), 18 deletions(-) rename .github/workflows/{docker-c-build-test.yml => docker-c-build-test.yml.tmpoff} (100%) rename .github/workflows/{docker-c-push-latest.yml => docker-c-push-latest.yml.tmpoff} (100%) rename .github/workflows/{ecdh-build-test.yml => ecdh-build-test.yml.tmpoff} (100%) rename .github/workflows/{get-hax-ref.yml => get-hax-ref.yml.tmpoff} (100%) rename .github/workflows/{github-reviews.yml => github-reviews.yml.tmpoff} (100%) rename .github/workflows/{github-skip-benches-in-prs.yml.disabled => github-skip-benches-in-prs.yml.disabled.tmpoff} (100%) rename .github/workflows/{github-stale.yml => github-stale.yml.tmpoff} (100%) rename .github/workflows/{kem-build-test.yml => kem-build-test.yml.tmpoff} (100%) rename .github/workflows/{libcrux-bench.yml.disabled => libcrux-bench.yml.disabled.tmpoff} (100%) rename .github/workflows/{libcrux-build-test.yml => libcrux-build-test.yml.tmpoff} (100%) rename .github/workflows/{libcrux-flake-update.yml => libcrux-flake-update.yml.tmpoff} (100%) rename .github/workflows/{mldsa-build-test.yml => mldsa-build-test.yml.tmpoff} (100%) rename .github/workflows/{mldsa-c.yml => mldsa-c.yml.tmpoff} (100%) rename .github/workflows/{mldsa-hax.yml => mldsa-hax.yml.tmpoff} (100%) rename .github/workflows/{mlkem-build-test.yml => mlkem-build-test.yml.tmpoff} (100%) rename .github/workflows/{mlkem-c-bench.yml.disabled => mlkem-c-bench.yml.disabled.tmpoff} (100%) rename .github/workflows/{mlkem-c.yml => mlkem-c.yml.tmpoff} (100%) rename .github/workflows/{mlkem-hax.yml => mlkem-hax.yml.tmpoff} (100%) rename .github/workflows/{mlkem-nix.yml.disabled => mlkem-nix.yml.disabled.tmpoff} (100%) rename .github/workflows/{mlkem-s390x.yml => mlkem-s390x.yml.tmpoff} (100%) rename .github/workflows/{platform-build-test.yml => platform-build-test.yml.tmpoff} (100%) rename .github/workflows/{psq-build-test.yml => psq-build-test.yml.tmpoff} (100%) rename .github/workflows/{sha3-hax.yml => sha3-hax.yml.tmpoff} (100%) rename .github/workflows/{specs-build-test.yml => specs-build-test.yml.tmpoff} (100%) rename .github/workflows/{traits-build.yml => traits-build.yml.tmpoff} (100%) rename .github/workflows/{wasm-and-no-std-checks.yml => wasm-and-no-std-checks.yml.tmpoff} (100%) rename .github/workflows/{workspace-checks.yml => workspace-checks.yml.tmpoff} (100%) diff --git a/.github/workflows/benches.yml b/.github/workflows/benches.yml index 22ae8644b..553a1df43 100644 --- a/.github/workflows/benches.yml +++ b/.github/workflows/benches.yml @@ -15,16 +15,16 @@ jobs: matrix: bits: [32, 64] os: - - macos-13 - - macos-latest + #- macos-13 + #- macos-latest - ubuntu-latest - - windows-latest - exclude: - # There's no such thing as 32-bit macOS - - bits: 32 - os: "macos-latest" - - bits: 32 - os: "macos-13" + #- windows-latest + #exclude: + # # There's no such thing as 32-bit macOS + # - bits: 32 + # os: "macos-latest" + # - bits: 32 + # os: "macos-13" runs-on: ${{ matrix.os }} defaults: run: @@ -94,16 +94,16 @@ jobs: matrix: bits: [32, 64] os: - - macos-13 - - macos-latest + #- macos-13 + #- macos-latest - ubuntu-latest - - windows-latest - exclude: - # There's no such thing as 32-bit macOS - - bits: 32 - os: "macos-latest" - - bits: 32 - os: "macos-13" + #- windows-latest + #exclude: + # # There's no such thing as 32-bit macOS + # - bits: 32 + # os: "macos-latest" + # - bits: 32 + # os: "macos-13" runs-on: ${{ matrix.os }} defaults: run: diff --git a/.github/workflows/docker-c-build-test.yml b/.github/workflows/docker-c-build-test.yml.tmpoff similarity index 100% rename from .github/workflows/docker-c-build-test.yml rename to .github/workflows/docker-c-build-test.yml.tmpoff diff --git a/.github/workflows/docker-c-push-latest.yml b/.github/workflows/docker-c-push-latest.yml.tmpoff similarity index 100% rename from .github/workflows/docker-c-push-latest.yml rename to .github/workflows/docker-c-push-latest.yml.tmpoff diff --git a/.github/workflows/ecdh-build-test.yml b/.github/workflows/ecdh-build-test.yml.tmpoff similarity index 100% rename from .github/workflows/ecdh-build-test.yml rename to .github/workflows/ecdh-build-test.yml.tmpoff diff --git a/.github/workflows/get-hax-ref.yml b/.github/workflows/get-hax-ref.yml.tmpoff similarity index 100% rename from .github/workflows/get-hax-ref.yml rename to .github/workflows/get-hax-ref.yml.tmpoff diff --git a/.github/workflows/github-reviews.yml b/.github/workflows/github-reviews.yml.tmpoff similarity index 100% rename from .github/workflows/github-reviews.yml rename to .github/workflows/github-reviews.yml.tmpoff diff --git a/.github/workflows/github-skip-benches-in-prs.yml.disabled b/.github/workflows/github-skip-benches-in-prs.yml.disabled.tmpoff similarity index 100% rename from .github/workflows/github-skip-benches-in-prs.yml.disabled rename to .github/workflows/github-skip-benches-in-prs.yml.disabled.tmpoff diff --git a/.github/workflows/github-stale.yml b/.github/workflows/github-stale.yml.tmpoff similarity index 100% rename from .github/workflows/github-stale.yml rename to .github/workflows/github-stale.yml.tmpoff diff --git a/.github/workflows/kem-build-test.yml b/.github/workflows/kem-build-test.yml.tmpoff similarity index 100% rename from .github/workflows/kem-build-test.yml rename to .github/workflows/kem-build-test.yml.tmpoff diff --git a/.github/workflows/libcrux-bench.yml.disabled b/.github/workflows/libcrux-bench.yml.disabled.tmpoff similarity index 100% rename from .github/workflows/libcrux-bench.yml.disabled rename to .github/workflows/libcrux-bench.yml.disabled.tmpoff diff --git a/.github/workflows/libcrux-build-test.yml b/.github/workflows/libcrux-build-test.yml.tmpoff similarity index 100% rename from .github/workflows/libcrux-build-test.yml rename to .github/workflows/libcrux-build-test.yml.tmpoff diff --git a/.github/workflows/libcrux-flake-update.yml b/.github/workflows/libcrux-flake-update.yml.tmpoff similarity index 100% rename from .github/workflows/libcrux-flake-update.yml rename to .github/workflows/libcrux-flake-update.yml.tmpoff diff --git a/.github/workflows/mldsa-build-test.yml b/.github/workflows/mldsa-build-test.yml.tmpoff similarity index 100% rename from .github/workflows/mldsa-build-test.yml rename to .github/workflows/mldsa-build-test.yml.tmpoff diff --git a/.github/workflows/mldsa-c.yml b/.github/workflows/mldsa-c.yml.tmpoff similarity index 100% rename from .github/workflows/mldsa-c.yml rename to .github/workflows/mldsa-c.yml.tmpoff diff --git a/.github/workflows/mldsa-hax.yml b/.github/workflows/mldsa-hax.yml.tmpoff similarity index 100% rename from .github/workflows/mldsa-hax.yml rename to .github/workflows/mldsa-hax.yml.tmpoff diff --git a/.github/workflows/mlkem-build-test.yml b/.github/workflows/mlkem-build-test.yml.tmpoff similarity index 100% rename from .github/workflows/mlkem-build-test.yml rename to .github/workflows/mlkem-build-test.yml.tmpoff diff --git a/.github/workflows/mlkem-c-bench.yml.disabled b/.github/workflows/mlkem-c-bench.yml.disabled.tmpoff similarity index 100% rename from .github/workflows/mlkem-c-bench.yml.disabled rename to .github/workflows/mlkem-c-bench.yml.disabled.tmpoff diff --git a/.github/workflows/mlkem-c.yml b/.github/workflows/mlkem-c.yml.tmpoff similarity index 100% rename from .github/workflows/mlkem-c.yml rename to .github/workflows/mlkem-c.yml.tmpoff diff --git a/.github/workflows/mlkem-hax.yml b/.github/workflows/mlkem-hax.yml.tmpoff similarity index 100% rename from .github/workflows/mlkem-hax.yml rename to .github/workflows/mlkem-hax.yml.tmpoff diff --git a/.github/workflows/mlkem-nix.yml.disabled b/.github/workflows/mlkem-nix.yml.disabled.tmpoff similarity index 100% rename from .github/workflows/mlkem-nix.yml.disabled rename to .github/workflows/mlkem-nix.yml.disabled.tmpoff diff --git a/.github/workflows/mlkem-s390x.yml b/.github/workflows/mlkem-s390x.yml.tmpoff similarity index 100% rename from .github/workflows/mlkem-s390x.yml rename to .github/workflows/mlkem-s390x.yml.tmpoff diff --git a/.github/workflows/platform-build-test.yml b/.github/workflows/platform-build-test.yml.tmpoff similarity index 100% rename from .github/workflows/platform-build-test.yml rename to .github/workflows/platform-build-test.yml.tmpoff diff --git a/.github/workflows/psq-build-test.yml b/.github/workflows/psq-build-test.yml.tmpoff similarity index 100% rename from .github/workflows/psq-build-test.yml rename to .github/workflows/psq-build-test.yml.tmpoff diff --git a/.github/workflows/sha3-hax.yml b/.github/workflows/sha3-hax.yml.tmpoff similarity index 100% rename from .github/workflows/sha3-hax.yml rename to .github/workflows/sha3-hax.yml.tmpoff diff --git a/.github/workflows/specs-build-test.yml b/.github/workflows/specs-build-test.yml.tmpoff similarity index 100% rename from .github/workflows/specs-build-test.yml rename to .github/workflows/specs-build-test.yml.tmpoff diff --git a/.github/workflows/traits-build.yml b/.github/workflows/traits-build.yml.tmpoff similarity index 100% rename from .github/workflows/traits-build.yml rename to .github/workflows/traits-build.yml.tmpoff diff --git a/.github/workflows/wasm-and-no-std-checks.yml b/.github/workflows/wasm-and-no-std-checks.yml.tmpoff similarity index 100% rename from .github/workflows/wasm-and-no-std-checks.yml rename to .github/workflows/wasm-and-no-std-checks.yml.tmpoff diff --git a/.github/workflows/workspace-checks.yml b/.github/workflows/workspace-checks.yml.tmpoff similarity index 100% rename from .github/workflows/workspace-checks.yml rename to .github/workflows/workspace-checks.yml.tmpoff From 8cbdf5642e925fdac97eb3cb3ccba56d8c4a0779 Mon Sep 17 00:00:00 2001 From: "Jan Winkelmann (keks)" Date: Thu, 28 Aug 2025 15:20:59 +0200 Subject: [PATCH 06/12] fix writing to GITHUB_OUTPUT --- .github/workflows/benches.yml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/.github/workflows/benches.yml b/.github/workflows/benches.yml index 553a1df43..61e884969 100644 --- a/.github/workflows/benches.yml +++ b/.github/workflows/benches.yml @@ -262,17 +262,19 @@ jobs: PR_COMMIT_URL="${{ github.server_url }}/${{ github.repository }}/commit/${PR_HEAD_HASH}" BASE_COMMIT_URL="${{ github.server_url }}/${{ github.repository }}/commit/${BASE_HASH}" - cat >$GITHUB_OUTPUT <"$GITHUB_OUTPUT" < Date: Fri, 29 Aug 2025 18:39:55 +0200 Subject: [PATCH 07/12] Revert "temporary diable benchmarks" This reverts commit f00e9a2f1521481879f30cec43e7d7f7b5905ac4. --- .github/workflows/benches.yml | 36 +++++++++---------- ...est.yml.tmpoff => docker-c-build-test.yml} | 0 ...st.yml.tmpoff => docker-c-push-latest.yml} | 0 ...ld-test.yml.tmpoff => ecdh-build-test.yml} | 0 ...get-hax-ref.yml.tmpoff => get-hax-ref.yml} | 0 ...-reviews.yml.tmpoff => github-reviews.yml} | 0 ...> github-skip-benches-in-prs.yml.disabled} | 0 ...thub-stale.yml.tmpoff => github-stale.yml} | 0 ...ild-test.yml.tmpoff => kem-build-test.yml} | 0 ...bled.tmpoff => libcrux-bench.yml.disabled} | 0 ...test.yml.tmpoff => libcrux-build-test.yml} | 0 ...te.yml.tmpoff => libcrux-flake-update.yml} | 0 ...d-test.yml.tmpoff => mldsa-build-test.yml} | 0 .../{mldsa-c.yml.tmpoff => mldsa-c.yml} | 0 .../{mldsa-hax.yml.tmpoff => mldsa-hax.yml} | 0 ...d-test.yml.tmpoff => mlkem-build-test.yml} | 0 ...bled.tmpoff => mlkem-c-bench.yml.disabled} | 0 .../{mlkem-c.yml.tmpoff => mlkem-c.yml} | 0 .../{mlkem-hax.yml.tmpoff => mlkem-hax.yml} | 0 ...disabled.tmpoff => mlkem-nix.yml.disabled} | 0 ...mlkem-s390x.yml.tmpoff => mlkem-s390x.yml} | 0 ...est.yml.tmpoff => platform-build-test.yml} | 0 ...ild-test.yml.tmpoff => psq-build-test.yml} | 0 .../{sha3-hax.yml.tmpoff => sha3-hax.yml} | 0 ...d-test.yml.tmpoff => specs-build-test.yml} | 0 ...aits-build.yml.tmpoff => traits-build.yml} | 0 ....yml.tmpoff => wasm-and-no-std-checks.yml} | 0 ...checks.yml.tmpoff => workspace-checks.yml} | 0 28 files changed, 18 insertions(+), 18 deletions(-) rename .github/workflows/{docker-c-build-test.yml.tmpoff => docker-c-build-test.yml} (100%) rename .github/workflows/{docker-c-push-latest.yml.tmpoff => docker-c-push-latest.yml} (100%) rename .github/workflows/{ecdh-build-test.yml.tmpoff => ecdh-build-test.yml} (100%) rename .github/workflows/{get-hax-ref.yml.tmpoff => get-hax-ref.yml} (100%) rename .github/workflows/{github-reviews.yml.tmpoff => github-reviews.yml} (100%) rename .github/workflows/{github-skip-benches-in-prs.yml.disabled.tmpoff => github-skip-benches-in-prs.yml.disabled} (100%) rename .github/workflows/{github-stale.yml.tmpoff => github-stale.yml} (100%) rename .github/workflows/{kem-build-test.yml.tmpoff => kem-build-test.yml} (100%) rename .github/workflows/{libcrux-bench.yml.disabled.tmpoff => libcrux-bench.yml.disabled} (100%) rename .github/workflows/{libcrux-build-test.yml.tmpoff => libcrux-build-test.yml} (100%) rename .github/workflows/{libcrux-flake-update.yml.tmpoff => libcrux-flake-update.yml} (100%) rename .github/workflows/{mldsa-build-test.yml.tmpoff => mldsa-build-test.yml} (100%) rename .github/workflows/{mldsa-c.yml.tmpoff => mldsa-c.yml} (100%) rename .github/workflows/{mldsa-hax.yml.tmpoff => mldsa-hax.yml} (100%) rename .github/workflows/{mlkem-build-test.yml.tmpoff => mlkem-build-test.yml} (100%) rename .github/workflows/{mlkem-c-bench.yml.disabled.tmpoff => mlkem-c-bench.yml.disabled} (100%) rename .github/workflows/{mlkem-c.yml.tmpoff => mlkem-c.yml} (100%) rename .github/workflows/{mlkem-hax.yml.tmpoff => mlkem-hax.yml} (100%) rename .github/workflows/{mlkem-nix.yml.disabled.tmpoff => mlkem-nix.yml.disabled} (100%) rename .github/workflows/{mlkem-s390x.yml.tmpoff => mlkem-s390x.yml} (100%) rename .github/workflows/{platform-build-test.yml.tmpoff => platform-build-test.yml} (100%) rename .github/workflows/{psq-build-test.yml.tmpoff => psq-build-test.yml} (100%) rename .github/workflows/{sha3-hax.yml.tmpoff => sha3-hax.yml} (100%) rename .github/workflows/{specs-build-test.yml.tmpoff => specs-build-test.yml} (100%) rename .github/workflows/{traits-build.yml.tmpoff => traits-build.yml} (100%) rename .github/workflows/{wasm-and-no-std-checks.yml.tmpoff => wasm-and-no-std-checks.yml} (100%) rename .github/workflows/{workspace-checks.yml.tmpoff => workspace-checks.yml} (100%) diff --git a/.github/workflows/benches.yml b/.github/workflows/benches.yml index 61e884969..d5ae330c8 100644 --- a/.github/workflows/benches.yml +++ b/.github/workflows/benches.yml @@ -15,16 +15,16 @@ jobs: matrix: bits: [32, 64] os: - #- macos-13 - #- macos-latest + - macos-13 + - macos-latest - ubuntu-latest - #- windows-latest - #exclude: - # # There's no such thing as 32-bit macOS - # - bits: 32 - # os: "macos-latest" - # - bits: 32 - # os: "macos-13" + - windows-latest + exclude: + # There's no such thing as 32-bit macOS + - bits: 32 + os: "macos-latest" + - bits: 32 + os: "macos-13" runs-on: ${{ matrix.os }} defaults: run: @@ -94,16 +94,16 @@ jobs: matrix: bits: [32, 64] os: - #- macos-13 - #- macos-latest + - macos-13 + - macos-latest - ubuntu-latest - #- windows-latest - #exclude: - # # There's no such thing as 32-bit macOS - # - bits: 32 - # os: "macos-latest" - # - bits: 32 - # os: "macos-13" + - windows-latest + exclude: + # There's no such thing as 32-bit macOS + - bits: 32 + os: "macos-latest" + - bits: 32 + os: "macos-13" runs-on: ${{ matrix.os }} defaults: run: diff --git a/.github/workflows/docker-c-build-test.yml.tmpoff b/.github/workflows/docker-c-build-test.yml similarity index 100% rename from .github/workflows/docker-c-build-test.yml.tmpoff rename to .github/workflows/docker-c-build-test.yml diff --git a/.github/workflows/docker-c-push-latest.yml.tmpoff b/.github/workflows/docker-c-push-latest.yml similarity index 100% rename from .github/workflows/docker-c-push-latest.yml.tmpoff rename to .github/workflows/docker-c-push-latest.yml diff --git a/.github/workflows/ecdh-build-test.yml.tmpoff b/.github/workflows/ecdh-build-test.yml similarity index 100% rename from .github/workflows/ecdh-build-test.yml.tmpoff rename to .github/workflows/ecdh-build-test.yml diff --git a/.github/workflows/get-hax-ref.yml.tmpoff b/.github/workflows/get-hax-ref.yml similarity index 100% rename from .github/workflows/get-hax-ref.yml.tmpoff rename to .github/workflows/get-hax-ref.yml diff --git a/.github/workflows/github-reviews.yml.tmpoff b/.github/workflows/github-reviews.yml similarity index 100% rename from .github/workflows/github-reviews.yml.tmpoff rename to .github/workflows/github-reviews.yml diff --git a/.github/workflows/github-skip-benches-in-prs.yml.disabled.tmpoff b/.github/workflows/github-skip-benches-in-prs.yml.disabled similarity index 100% rename from .github/workflows/github-skip-benches-in-prs.yml.disabled.tmpoff rename to .github/workflows/github-skip-benches-in-prs.yml.disabled diff --git a/.github/workflows/github-stale.yml.tmpoff b/.github/workflows/github-stale.yml similarity index 100% rename from .github/workflows/github-stale.yml.tmpoff rename to .github/workflows/github-stale.yml diff --git a/.github/workflows/kem-build-test.yml.tmpoff b/.github/workflows/kem-build-test.yml similarity index 100% rename from .github/workflows/kem-build-test.yml.tmpoff rename to .github/workflows/kem-build-test.yml diff --git a/.github/workflows/libcrux-bench.yml.disabled.tmpoff b/.github/workflows/libcrux-bench.yml.disabled similarity index 100% rename from .github/workflows/libcrux-bench.yml.disabled.tmpoff rename to .github/workflows/libcrux-bench.yml.disabled diff --git a/.github/workflows/libcrux-build-test.yml.tmpoff b/.github/workflows/libcrux-build-test.yml similarity index 100% rename from .github/workflows/libcrux-build-test.yml.tmpoff rename to .github/workflows/libcrux-build-test.yml diff --git a/.github/workflows/libcrux-flake-update.yml.tmpoff b/.github/workflows/libcrux-flake-update.yml similarity index 100% rename from .github/workflows/libcrux-flake-update.yml.tmpoff rename to .github/workflows/libcrux-flake-update.yml diff --git a/.github/workflows/mldsa-build-test.yml.tmpoff b/.github/workflows/mldsa-build-test.yml similarity index 100% rename from .github/workflows/mldsa-build-test.yml.tmpoff rename to .github/workflows/mldsa-build-test.yml diff --git a/.github/workflows/mldsa-c.yml.tmpoff b/.github/workflows/mldsa-c.yml similarity index 100% rename from .github/workflows/mldsa-c.yml.tmpoff rename to .github/workflows/mldsa-c.yml diff --git a/.github/workflows/mldsa-hax.yml.tmpoff b/.github/workflows/mldsa-hax.yml similarity index 100% rename from .github/workflows/mldsa-hax.yml.tmpoff rename to .github/workflows/mldsa-hax.yml diff --git a/.github/workflows/mlkem-build-test.yml.tmpoff b/.github/workflows/mlkem-build-test.yml similarity index 100% rename from .github/workflows/mlkem-build-test.yml.tmpoff rename to .github/workflows/mlkem-build-test.yml diff --git a/.github/workflows/mlkem-c-bench.yml.disabled.tmpoff b/.github/workflows/mlkem-c-bench.yml.disabled similarity index 100% rename from .github/workflows/mlkem-c-bench.yml.disabled.tmpoff rename to .github/workflows/mlkem-c-bench.yml.disabled diff --git a/.github/workflows/mlkem-c.yml.tmpoff b/.github/workflows/mlkem-c.yml similarity index 100% rename from .github/workflows/mlkem-c.yml.tmpoff rename to .github/workflows/mlkem-c.yml diff --git a/.github/workflows/mlkem-hax.yml.tmpoff b/.github/workflows/mlkem-hax.yml similarity index 100% rename from .github/workflows/mlkem-hax.yml.tmpoff rename to .github/workflows/mlkem-hax.yml diff --git a/.github/workflows/mlkem-nix.yml.disabled.tmpoff b/.github/workflows/mlkem-nix.yml.disabled similarity index 100% rename from .github/workflows/mlkem-nix.yml.disabled.tmpoff rename to .github/workflows/mlkem-nix.yml.disabled diff --git a/.github/workflows/mlkem-s390x.yml.tmpoff b/.github/workflows/mlkem-s390x.yml similarity index 100% rename from .github/workflows/mlkem-s390x.yml.tmpoff rename to .github/workflows/mlkem-s390x.yml diff --git a/.github/workflows/platform-build-test.yml.tmpoff b/.github/workflows/platform-build-test.yml similarity index 100% rename from .github/workflows/platform-build-test.yml.tmpoff rename to .github/workflows/platform-build-test.yml diff --git a/.github/workflows/psq-build-test.yml.tmpoff b/.github/workflows/psq-build-test.yml similarity index 100% rename from .github/workflows/psq-build-test.yml.tmpoff rename to .github/workflows/psq-build-test.yml diff --git a/.github/workflows/sha3-hax.yml.tmpoff b/.github/workflows/sha3-hax.yml similarity index 100% rename from .github/workflows/sha3-hax.yml.tmpoff rename to .github/workflows/sha3-hax.yml diff --git a/.github/workflows/specs-build-test.yml.tmpoff b/.github/workflows/specs-build-test.yml similarity index 100% rename from .github/workflows/specs-build-test.yml.tmpoff rename to .github/workflows/specs-build-test.yml diff --git a/.github/workflows/traits-build.yml.tmpoff b/.github/workflows/traits-build.yml similarity index 100% rename from .github/workflows/traits-build.yml.tmpoff rename to .github/workflows/traits-build.yml diff --git a/.github/workflows/wasm-and-no-std-checks.yml.tmpoff b/.github/workflows/wasm-and-no-std-checks.yml similarity index 100% rename from .github/workflows/wasm-and-no-std-checks.yml.tmpoff rename to .github/workflows/wasm-and-no-std-checks.yml diff --git a/.github/workflows/workspace-checks.yml.tmpoff b/.github/workflows/workspace-checks.yml similarity index 100% rename from .github/workflows/workspace-checks.yml.tmpoff rename to .github/workflows/workspace-checks.yml From 731e4d9aff728700975ab7f689f4b1b83545b1bb Mon Sep 17 00:00:00 2001 From: "Jan Winkelmann (keks)" Date: Mon, 8 Sep 2025 10:47:01 +0200 Subject: [PATCH 08/12] grant different permission --- .github/workflows/benches.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/benches.yml b/.github/workflows/benches.yml index d5ae330c8..7596141c5 100644 --- a/.github/workflows/benches.yml +++ b/.github/workflows/benches.yml @@ -169,7 +169,7 @@ jobs: merge: permissions: - pull-requests: write + issues: write runs-on: ubuntu-latest needs: [bench-mlkem, bench-mldsa] steps: From 3b501eb58138f17b1129b6d90da6f817dc3a01b9 Mon Sep 17 00:00:00 2001 From: "Jan Winkelmann (keks)" Date: Mon, 8 Sep 2025 11:29:02 +0200 Subject: [PATCH 09/12] ci: benches: drop macos-13 --- .github/workflows/benches.yml | 6 ------ 1 file changed, 6 deletions(-) diff --git a/.github/workflows/benches.yml b/.github/workflows/benches.yml index 7596141c5..575041fec 100644 --- a/.github/workflows/benches.yml +++ b/.github/workflows/benches.yml @@ -15,7 +15,6 @@ jobs: matrix: bits: [32, 64] os: - - macos-13 - macos-latest - ubuntu-latest - windows-latest @@ -23,8 +22,6 @@ jobs: # There's no such thing as 32-bit macOS - bits: 32 os: "macos-latest" - - bits: 32 - os: "macos-13" runs-on: ${{ matrix.os }} defaults: run: @@ -94,7 +91,6 @@ jobs: matrix: bits: [32, 64] os: - - macos-13 - macos-latest - ubuntu-latest - windows-latest @@ -102,8 +98,6 @@ jobs: # There's no such thing as 32-bit macOS - bits: 32 os: "macos-latest" - - bits: 32 - os: "macos-13" runs-on: ${{ matrix.os }} defaults: run: From 1a07f5a809ba758422aa32aaf56fe606f48917e6 Mon Sep 17 00:00:00 2001 From: "Jan Winkelmann (keks)" Date: Mon, 8 Sep 2025 18:30:17 +0200 Subject: [PATCH 10/12] post comment not just if on fork --- .github/workflows/benches.yml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/.github/workflows/benches.yml b/.github/workflows/benches.yml index 575041fec..a93046050 100644 --- a/.github/workflows/benches.yml +++ b/.github/workflows/benches.yml @@ -222,7 +222,6 @@ jobs: # if a fork, use comment-based action - uses: cryspen/benchmark-comment-and-plot-action@main - if: env.IS_FORK == 'true' with: id: mldsa gh-repository: cryspen/libcrux @@ -233,7 +232,6 @@ jobs: output-md: report-mldsa.md - uses: cryspen/benchmark-comment-and-plot-action@main - if: env.IS_FORK == 'true' with: id: mlkem gh-repository: cryspen/libcrux @@ -245,7 +243,6 @@ jobs: - name: Build comment id: build_comment - if: env.IS_FORK == 'true' run: | BASE_HASH="${{ github.event.pull_request.base.sha }}" BASE_HASH_SHORT=$(echo "${{ github.event.pull_request.base.sha }}" | cut -c1-7) @@ -271,7 +268,6 @@ jobs: ACTUALEOF - name: Post comment to PR - if: env.IS_FORK == 'true' uses: actions/github-script@v7 env: COMMENT_BODY: ${{ steps.read_comment.outputs.body }} From 74f403c44e082284b77032471d362867899c113a Mon Sep 17 00:00:00 2001 From: "Jan Winkelmann (keks)" Date: Wed, 17 Sep 2025 16:29:15 +0200 Subject: [PATCH 11/12] fix permissions and step ids --- .github/workflows/benches.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/benches.yml b/.github/workflows/benches.yml index a93046050..80561e1f3 100644 --- a/.github/workflows/benches.yml +++ b/.github/workflows/benches.yml @@ -163,7 +163,7 @@ jobs: merge: permissions: - issues: write + pull-requests: write runs-on: ubuntu-latest needs: [bench-mlkem, bench-mldsa] steps: @@ -254,7 +254,7 @@ jobs: BASE_COMMIT_URL="${{ github.server_url }}/${{ github.repository }}/commit/${BASE_HASH}" cat >"$GITHUB_OUTPUT" < Date: Thu, 18 Sep 2025 12:34:56 +0200 Subject: [PATCH 12/12] run on pull_request_target event --- .github/workflows/benches.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/benches.yml b/.github/workflows/benches.yml index 80561e1f3..4c107cae3 100644 --- a/.github/workflows/benches.yml +++ b/.github/workflows/benches.yml @@ -1,8 +1,8 @@ -name: Test Comment Action +name: Benchmark ML-KEM and ML-DSA on: merge_group: - pull_request: + pull_request_target: branches: ["main", "dev"] workflow_dispatch: push: