github: use central CI workflows

Use GitHub workflow_call feature to reduce workflow duplication. Signed-off-by: Gerwin Klein <gerwin.klein@proofcraft.systems>
2025-03-14 13:32:34 +11:00 · 2025-03-14 13:32:34 +11:00 · ad97ba5848
parent a52904a652
commit ad97ba5848
5 changed files with 42 additions and 160 deletions
--- a/.github/workflows/hw-tests.yml
+++ b/.github/workflows/hw-tests.yml
@ -0,0 +1,26 @@
+# Copyright 2024, Proofcraft Pty Ltd
+#
+# SPDX-License-Identifier: BSD-2-Clause
+
+# sel4test and sel4bench hardware builds and runs
+#
+# See sel4test-hw/builds.yml and sel4bench-hw/builds.yml in the repo
+# seL4/ci-actions for configs.
+
+name: HW
+
+on:
+  # needs PR target for secrets access; guard by requiring label
+  pull_request_target:
+    types: [synchronize, labeled]
+
+jobs:
+  sel4test:
+    name: seL4Test
+    uses: seL4/ci-actions/.github/workflows/sel4test-hw.yml@master
+    secrets: inherit
+
+  sel4bench:
+    name: seL4Bench
+    uses: seL4/ci-actions/.github/workflows/sel4bench-hw.yml@master
+    secrets: inherit
--- a/.github/workflows/pr.yml
+++ b/.github/workflows/pr.yml
@ -1,4 +1,4 @@
-# Copyright 2020, Data61, CSIRO (ABN 41 687 119 230)
+# Copyright 2025, Proofcraft Pty Ltd
 #
 # SPDX-License-Identifier: BSD-2-Clause

@ -6,23 +6,9 @@

 name: PR

-on: [pull_request]
+on: [pull_request, workflow_dispatch]

 jobs:
-  gitlint:
-    name: Gitlint
-    runs-on: ubuntu-latest
-    steps:
-    - uses: seL4/ci-actions/gitlint@master
-
-  whitespace:
-    name: 'Trailing Whitespace'
-    runs-on: ubuntu-latest
-    steps:
-    - uses: seL4/ci-actions/git-diff-check@master
-
-  shell:
-    name: 'Portable Shell'
-    runs-on: ubuntu-latest
-    steps:
-    - uses: seL4/ci-actions/bashisms@master
+  pr-checks:
+    name: Checks
+    uses: seL4/ci-actions/.github/workflows/pr.yml@master
--- a/.github/workflows/push.yml
+++ b/.github/workflows/push.yml
@ -10,24 +10,9 @@ on:
    branches:
      - master
  pull_request:
+  workflow_dispatch:

 jobs:
-  check:
-    name: License Check
-    runs-on: ubuntu-latest
-    steps:
-    - uses: seL4/ci-actions/license-check@master
-
-  links:
-    name: Links
-    runs-on: ubuntu-latest
-    steps:
-      - uses: seL4/ci-actions/link-check@master
-        with:
-          exclude: js/node_modules
-
-  style:
-    name: Style
-    runs-on: ubuntu-latest
-    steps:
-    - uses: seL4/ci-actions/style@master
+  checks:
+    name: Checks
+    uses: seL4/ci-actions/.github/workflows/push.yml@master
--- a/.github/workflows/sel4test-hw.yml
+++ b/.github/workflows/sel4test-hw.yml
@ -1,101 +0,0 @@
-# Copyright 2021, Proofcraft Pty Ltd
-#
-# SPDX-License-Identifier: BSD-2-Clause
-
-# sel4test hardware builds and runs
-#
-# See sel4test-hw/builds.yml in the repo seL4/ci-actions for configs.
-
-name: seL4Test-HW
-
-on:
-  # needs PR target for secrets access; guard by requiring label
-  pull_request_target:
-    types: [opened, reopened, synchronize, labeled]
-
-# downgrade permissions to read-only as you would have in a standard PR action
-permissions:
-  contents: read
-
-# Cancel older runs of this workflow that are still not finished for the
-# current PR. This reduces the CI load.
-concurrency:
-  group: ${{ github.workflow }}-pr-${{ github.event.number }}
-  cancel-in-progress: true
-
-jobs:
-  hw-build:
-    name: HW Build
-    runs-on: ubuntu-latest
-    if: ${{ github.event_name == 'push' ||
-            github.event_name == 'pull_request_target' &&
-              github.event.action != 'labeled' &&
-              (contains(github.event.pull_request.labels.*.name, 'hw-build') ||
-               contains(github.event.pull_request.labels.*.name, 'hw-test')) ||
-            github.event_name == 'pull_request_target' &&
-              github.event.action == 'labeled' &&
-              (github.event.label.name == 'hw-build' ||
-               github.event.label.name == 'hw-test') }}
-    strategy:
-      fail-fast: false
-      matrix:
-        # There is no "rv32imac" hardware yet.
-        march: [armv7a, armv8a, nehalem, rv64imac]
-        compiler: [gcc, clang]
-    steps:
-    - name: Build
-      uses: seL4/ci-actions/sel4test-hw@master
-      with:
-        march: ${{ matrix.march }}
-        compiler: ${{ matrix.compiler }}
-        sha: ${{ github.event.pull_request.head.sha }}
-    - name: Upload images
-      uses: actions/upload-artifact@v4
-      with:
-        name: images-${{ matrix.march }}-${{ matrix.compiler }}
-        path: '*-images.tar.gz'
-
-  the_matrix:
-    name: Matrix
-    needs: hw-build
-    runs-on: ubuntu-latest
-    outputs:
-      matrix: ${{ steps.matrix.outputs.matrix }}
-    steps:
-    - id: matrix
-      uses: seL4/ci-actions/sel4test-hw-matrix@master
-
-  hw-run:
-    name: HW Run
-    runs-on: ubuntu-latest
-    needs: the_matrix
-    if: ${{ github.repository_owner == 'seL4' &&
-            (github.event_name == 'push' ||
-             github.event_name == 'pull_request_target' &&
-               github.event.action != 'labeled' &&
-               contains(github.event.pull_request.labels.*.name, 'hw-test') ||
-             github.event_name == 'pull_request_target' &&
-               github.event.action == 'labeled' &&
-               github.event.label.name == 'hw-test') }}
-    strategy:
-      fail-fast: false
-      matrix: ${{ fromJson(needs.the_matrix.outputs.matrix) }}
-    steps:
-      - name: Get machine queue
-        uses: actions/checkout@v4
-        with:
-          repository: seL4/machine_queue
-          path: machine_queue
-      - name: Download image
-        uses: actions/download-artifact@v4
-        with:
-          name: images-${{ matrix.march }}-${{ matrix.compiler }}
-      - name: Run
-        uses: seL4/ci-actions/sel4test-hw-run@master
-        with:
-          platform: ${{ matrix.platform }}
-          compiler: ${{ matrix.compiler }}
-          mode: ${{ matrix.mode }}
-          index: $${{ strategy.job-index }}
-        env:
-          HW_SSH: ${{ secrets.HW_SSH }}
--- a/.github/workflows/sel4test-sim.yml
+++ b/.github/workflows/sel4test-sim.yml
@ -9,27 +9,13 @@
 name: seL4Test

 on:
-  push:
-    branches: [master]
  pull_request:
-
-# Cancel older runs of this workflow that are still not finished for the
-# current PR. This reduces the CI load. For deployment to the master branch,
-# the workflow will run on each push, but no cancellation happens here.
-concurrency:
-  group: ${{ github.workflow }}-${{ github.event_name == 'pull_request' && format('pr-{0}', github.event.number) || format('run-{0}', github.run_id) }}
-  cancel-in-progress: ${{ github.event_name == 'pull_request' }}
+    paths-ignore:
+      - 'LICENSES/**'
+      - '*.md'
+  workflow_dispatch:

 jobs:
-  simulation:
-    name: Simulation
-    runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        march: [armv7a, armv8a, nehalem, rv32imac, rv64imac]
-        compiler: [gcc, clang]
-    steps:
-    - uses: seL4/ci-actions/sel4test-sim@master
-      with:
-        march: ${{ matrix.march }}
-        compiler: ${{ matrix.compiler }}
+  sim:
+    name: Sim
+    uses: seL4/ci-actions/.github/workflows/sel4test-sim.yml@master