From 011f8f850d8403d99b210a53618bcbdffe5d36ea Mon Sep 17 00:00:00 2001
From: Nadrieril <nadrieril+git@gmail.com>
Date: Mon, 9 Sep 2024 15:47:40 +0200
Subject: [PATCH 1/2] Run CI on the self-hosted runner

---
 .github/workflows/nix.yaml | 10 +++-------
 flake.nix                  |  1 +
 2 files changed, 4 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/nix.yaml b/.github/workflows/nix.yaml
index 0a0f9bd..8f17c86 100644
--- a/.github/workflows/nix.yaml
+++ b/.github/workflows/nix.yaml
@@ -6,20 +6,16 @@ on:
 
 jobs:
   check:
-    runs-on: ubuntu-22.04
+    runs-on: self-hosted
     steps:
       - uses: actions/checkout@v3
-      - uses: DeterminateSystems/nix-installer-action@main
-      - uses: DeterminateSystems/magic-nix-cache-action@main
       - name: Build and test
         run: nix flake check -L
 
   check-charon-pin:
-    runs-on: ubuntu-22.04
+    runs-on: self-hosted
     steps:
-      - uses: DeterminateSystems/nix-installer-action@main
-      - uses: DeterminateSystems/magic-nix-cache-action@main
       - uses: actions/checkout@v4
         with:
           fetch-depth: 0 # deep clone in order to get access to other commits
-      - run: nix-shell -p jq --run ./scripts/ci-check-charon-pin.sh
+      - run: nix develop '.#ci' --command ./scripts/ci-check-charon-pin.sh
diff --git a/flake.nix b/flake.nix
index 2d23efd..40c135d 100644
--- a/flake.nix
+++ b/flake.nix
@@ -85,6 +85,7 @@
         version = self.rev or "dirty";
       };
       checks.default = packages.default.tests;
+      devShells.ci = pkgs.mkShell { packages = [ pkgs.jq ]; };
       devShells.default = pkgs.mkShell {
         packages = [
           pkgs.clang-tools # For clang-format

From fae36b0fe425d4809a20f28d9766eb027dacc458 Mon Sep 17 00:00:00 2001
From: Nadrieril <nadrieril+git@gmail.com>
Date: Wed, 21 Aug 2024 15:14:57 +0200
Subject: [PATCH 2/2] Check kyber in CI

---
 .github/workflows/nix.yaml | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/.github/workflows/nix.yaml b/.github/workflows/nix.yaml
index 8f17c86..8fdd444 100644
--- a/.github/workflows/nix.yaml
+++ b/.github/workflows/nix.yaml
@@ -19,3 +19,25 @@ jobs:
         with:
           fetch-depth: 0 # deep clone in order to get access to other commits
       - run: nix develop '.#ci' --command ./scripts/ci-check-charon-pin.sh
+
+  kyber:
+    needs: [check]
+    runs-on: self-hosted
+    steps:
+      - uses: actions/checkout@v4
+      - run: |
+          # Flake overrides aren't recursive: if I want to use eurydice with
+          # all its dependencies, I must override each of them.
+          CHARON_REV="$(nix develop '.#ci' --command jq -r .nodes.charon.locked.rev flake.lock)"
+          KRML_REV="$(nix develop '.#ci' --command jq -r .nodes.karamel.locked.rev flake.lock)"
+          FSTAR_REV="$(nix develop '.#ci' --command jq -r .nodes.fstar.locked.rev flake.lock)"
+          nix build --refresh -L 'github:cryspen/libcrux#ml-kem' \
+              --override-input eurydice github:aeneasverif/eurydice/${{ github.sha }} \
+              --override-input charon github:aeneasverif/charon/$CHARON_REV \
+              --override-input karamel github:FStarLang/karamel/$KRML_REV \
+              --override-input fstar github:FStarLang/fstar/$FSTAR_REV \
+              --override-input eurydice/charon github:aeneasverif/charon/$CHARON_REV \
+              --override-input eurydice/karamel github:FStarLang/karamel/$KRML_REV \
+              --override-input eurydice/fstar github:FStarLang/fstar/$FSTAR_REV \
+              --update-input charon/rust-overlay \
+              --update-input crane