The HACL Packages project uses GitHub Actions as its primary CI/CD system.
When a pull request (PR) or push is made to HACL Packages, the CI automatically runs a series of checks to ensure that all code compiles, all tests pass, and all changes are of a certain quality.
To reduce the amount of computational work, the HACL Packages CI is configured to ignore commits that don't justify a CI run.
For example, the CI will not run on changes of the README.md (and other
*.md files in the root folder).
If, for whatever reason, you think that a particular commit should not start the CI, consider including
[skip ci] to your commit message.
(See Skip pull request and push workflows.)
The CI configuration files are located in the
Local actions reused across the HACL Packages CI are in the
There are multiple workflow files with the following tasks:
build.ymlbuilds and tests HACL Packages on many systems (see below).
build_pull_request.ymlbuilds and tests HACL Packages PRs on many systems (see below).
sanitizer_builds.ymlbuilds and tests HACL Packages on Linux (x86/x64) with UBSAN and ASAN
gh-pages.ymlbuilds and publishes new versions of this book.
new_issue.ymladds newly created issues to the HACL Packages project board.
ocaml.ymlbuilds the OCaml bindings for HACL packages.
rust.ymlbuilds the Rust bindings for HACL packages.
What systems are tested?
GitHub Actions uses the concept of a "job matrix" to fan out a single job description to multiple separate jobs.
This is useful to test a job on different systems, e.g., Linux, macOS, and Windows.
In HACL Packages, and especially in the
build workflow, we use matrices of the form ...
matrix: compiler: [ gcc, clang ] version: [ 7, 8, ..., 14 ] bits: [ 32, 64 ] edition: [ "" ] exclude: - compiler: gcc version: 12 # ... # Not available - compiler: clang version: 14
... to cover the following targets:
|Linux (ubuntu-latest)||gcc (7-11), clang (7-12)||x86_64, i686|
|macOS (macos-latest)||gcc (9-12), clang (11-14)||x86_64|
|Windows (windows-latest)||clang-cl (latest), msvc (latest)||x86_64, i686|
|Linux (ubuntu-latest)||gcc (9-12), clang (11-14)||aarch64|
|macOS (macos-latest)||gcc (9-12), clang (11-14)||aarch64|
|Android (ubuntu-latest)||gcc (latest)||aarch64|
|iOS (macos-latest)||gcc (9-12), clang (11-14)||aarch64|
|Linux (ubuntu-latest)||gcc (latest)||s390x|
Furthermore, on Linux, we test different "editions" of the C programming language, i.e., "msvc".