Skip to content

CI: Port ec2_compatibilitytests #665

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Nov 21, 2025
Merged

CI: Port ec2_compatibilitytests #665

merged 1 commit into from
Nov 21, 2025

Conversation

@willieyz
Copy link
Contributor

@willieyz willieyz commented Nov 11, 2025
edited
Loading

  • Resolves: CI: Port ec2_compatibilitytests #583

  • This PR ports the ec2_compatibilitytests workflow to mldsa-native, based on the implementation in mlkem-native.

  • Main changes:

    • Adds ec2_compatibilitytests to ci.yml.
    • Introduces ci_ec2_container.yml, adapted from ci_ec2_reuseable.yml and aligned with the mlkem-native version.
    • AMIs currently match those used in mlkem-native.

  • During testing, the following Amazon Linux 2 containers failed ACVP tests due to missing sha512_224 support:
    (This failure is unrelated to test correctness; the issue is solely the missing hash support required for computing the verification value.)

    • amazonlinux-2-aarch:base
    • amazonlinux-2-aarch:gcc-7x
    • amazonlinux-2-aarch:clang-7x

  • For these containers, acvptest is set to false, and a guard around make quickcheck has been added with a comment for future refinement.

@willieyz
Copy link
Contributor Author

willieyz commented Nov 11, 2025

Hi @hanno-becker , sorry to bother you,
I’m currently working on porting the ec2_compatibilitytests to mldsa-native, and I noticed that the workflow for mlkem-native uses a custom AMI.
Could you please share how that AMI was created or configured for mlkem-native?
We plan to set up a new EC2 instance with the same environment to ensure consistency for mldsa-native testing.
Thank you for your time and support!

@hanno-becker
Copy link
Contributor

hanno-becker commented Nov 17, 2025

@willieyz I don't recall the specifics, unfortunately, but I think it's mainly about the docker installation. Have you tried just using the same AMIs in mldsa-native?

@willieyz willieyz force-pushed the ec2-compatibilitytests branch 5 times, most recently from e632cc3 to 20112a6 Compare November 17, 2025 11:56
hanno-becker
hanno-becker reviewed Nov 17, 2025
View reviewed changes
hanno-becker
hanno-becker reviewed Nov 17, 2025
View reviewed changes
@willieyz willieyz force-pushed the ec2-compatibilitytests branch 2 times, most recently from c1c56a2 to 5ecc83b Compare November 17, 2025 14:50
@mkannwischer
Copy link
Contributor

mkannwischer commented Nov 18, 2025
edited
Loading

@willieyz I don't recall the specifics, unfortunately, but I think it's mainly about the docker installation. Have you tried just using the same AMIs in mldsa-native?

I thought you can't use the same AMIs as they are bound to the mlkem-native account? Or what am I missing here?
Do you know if these can be shared with the mldsa-native account?

@willieyz willieyz force-pushed the ec2-compatibilitytests branch 7 times, most recently from d8c75cd to af19d17 Compare November 19, 2025 08:08
@willieyz willieyz mentioned this pull request Nov 19, 2025
Open
@willieyz willieyz force-pushed the ec2-compatibilitytests branch from af19d17 to 2b80aee Compare November 20, 2025 02:00
@willieyz willieyz marked this pull request as ready for review November 20, 2025 02:42
@willieyz willieyz requested a review from a team as a code owner November 20, 2025 02:42
mkannwischer
mkannwischer requested changes Nov 20, 2025
View reviewed changes
Copy link
Contributor

@mkannwischer mkannwischer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @willieyz - looks mostly good!

Please clean-up the commit history. This feels like one logical change.
Also please address the left-over TODO in ci_ec2_container.yml‎.

@willieyz willieyz force-pushed the ec2-compatibilitytests branch from 2b80aee to 3a27a00 Compare November 21, 2025 06:16
mkannwischer
mkannwischer requested changes Nov 21, 2025
View reviewed changes
Copy link
Contributor

@mkannwischer mkannwischer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One nit. Then this is good to go.

@willieyz willieyz force-pushed the ec2-compatibilitytests branch 2 times, most recently from 314a31e to dbf8138 Compare November 21, 2025 07:05
mkannwischer
mkannwischer approved these changes Nov 21, 2025
View reviewed changes
Copy link
Contributor

@mkannwischer mkannwischer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Thanks @willieyz!

@willieyz @mkannwischer
Port ec2_compatibilitytests from mlkem
8e0b777 
- This commit port ec2_compatibilitytests from mlkem to mldsa
- Also, due to the requement for ci_ec2_container.yml, this commit add
  the ci_ec2_container.yml based on ci_ec2_reuseable.yml,
  referencing from mlkem-native

- About the AMI and AWS_ROLE we use, this commit aligns the AWS_ROLE and
  other parameters with those used in mlkem-native. we now use the same
  AMI, AWS_ROLE, and related configuration parameters for
  ec2_compatibilitytests to ensure consistency with mlkem-native.

- Skip ACVP tests on Amazon Linux 2 containers when Python on these
  containers does not support hashlib sha512_224.

- when adding several containers to ec2_compatibilitytests, we found
  that three Amazon Linux 2 containers could not run ACVP tests
  correctly due to missing support for newer hashlib hash types:
    * `amazonlinux-2-aarch:base`
    * `amazonlinux-2-aarch:gcc-7x`
    * `amazonlinux-2-aarch:clang-7x`

- For these containers, we set `acvptest` to false. We also added a guard
  around `make quickcheck` in `ci_ec2_container.yml` and left a comment
  for future refinement.

Signed-off-by: willieyz <willie.zhao@chelpis.com>
@mkannwischer mkannwischer force-pushed the ec2-compatibilitytests branch from dbf8138 to 8e0b777 Compare November 21, 2025 08:31
@mkannwischer mkannwischer merged commit e9b84bb into main Nov 21, 2025
328 checks passed
@mkannwischer mkannwischer deleted the ec2-compatibilitytests branch November 21, 2025 09:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@hanno-becker hanno-becker hanno-becker left review comments

@mkannwischer mkannwischer mkannwischer approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

CI: Port ec2_compatibilitytests

4 participants

@willieyz @hanno-becker @mkannwischer