RuleMonkey/.github/workflows/ci.yml at main · richardposner/RuleMonkey · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
name: ci

on:
  push:
    branches: [main]
  pull_request:
    branches: [main]

jobs:
  build:
    # macOS runs build + smoke ctest only (the feature_coverage benchmark
    # job below requires the Linux-only NFsim binary from BioNetGen).  Treat
    # the macOS leg as a "build-clean" gate, not a correctness gate.
    strategy:
      fail-fast: false
      matrix:
        os: [ubuntu-latest, macos-latest]
    runs-on: ${{ matrix.os }}

    steps:
      - uses: actions/checkout@v4

      - name: Install Ninja
        uses: seanmiddleditch/gha-setup-ninja@v5

      - name: Configure
        run: cmake --preset release

      - name: Build
        run: cmake --build --preset release

      - name: Test
        run: ctest --preset release

  asan:
    # AddressSanitizer + UBSan run of the unit-test suite.  This is the
    # correctness gate for memory / pointer / index / signed-overflow
    # bugs that observable-trajectory parity tests in feature_coverage
    # cannot see (e.g., a use-after-free in pool reuse that happens to
    # land on zeroed memory).  Both Linux (libstdc++ + clang asan) and
    # macOS (libc++ + AppleClang asan) are exercised, since std-lib
    # divergence is exactly the kind of thing that hides UB on one
    # platform and reveals it on the other.
    strategy:
      fail-fast: false
      matrix:
        os: [ubuntu-latest, macos-latest]
    runs-on: ${{ matrix.os }}

    steps:
      - uses: actions/checkout@v4

      - name: Install Ninja
        uses: seanmiddleditch/gha-setup-ninja@v5

      - name: Configure (asan)
        run: cmake --preset asan

      - name: Build (asan)
        run: cmake --build --preset asan

      - name: Test (asan)
        # UBSAN_OPTIONS=print_stacktrace=1 surfaces the call site, not
        # just the diagnostic line — required to triage macOS UBSan
        # findings, which historically lacked symbolized traces.
        run: UBSAN_OPTIONS=print_stacktrace=1:halt_on_error=1 ASAN_OPTIONS=detect_leaks=0 ctest --preset asan

  feature_coverage:
    # Runs the full feature_coverage benchmark on every push / PR.  ctest
    # alone would not catch regressions in simulation correctness — the
    # smoke test only verifies the engine loads and steps an XML.  This
    # job runs the 77-model RM-vs-NFsim z-score + RM-vs-ODE rel-err
    # comparison that surfaced the self-binding propensity bug, the MM
    # silent-zero-rate bug, the TFUN sentinel typo, etc., in development.
    #
    # Wall budget: ~3-5 min including BioNetGen download and RM build.
    # Linux only: the BioNetGen release tarball ships a Linux NFsim
    # binary, but no macOS binary that matches the GitHub Actions runner.
    runs-on: ubuntu-latest
    needs: build  # don't bother running benchmark if the build is broken

    env:
      BNG_VERSION: "2.9.3"

    steps:
      - uses: actions/checkout@v4

      - name: Install Ninja
        uses: seanmiddleditch/gha-setup-ninja@v5

      - name: Set up Python
        uses: actions/setup-python@v5
        with:
          python-version: "3.11"

      - name: Download BioNetGen + NFsim (Linux)
        run: |
          set -euo pipefail
          curl -fsSL -o /tmp/bng.tgz \
            "https://github.com/RuleWorld/bionetgen/releases/download/BioNetGen-${BNG_VERSION}/BioNetGen-${BNG_VERSION}-linux.tar.gz"
          tar -xzf /tmp/bng.tgz -C /tmp/
          BNG_DIR="/tmp/BioNetGen-${BNG_VERSION}"
          test -x "${BNG_DIR}/BNG2.pl"     # script
          test -x "${BNG_DIR}/bin/NFsim"   # bundled NFsim binary
          echo "BNG2=${BNG_DIR}/BNG2.pl"       >> "$GITHUB_ENV"
          echo "NFSIM_BIN=${BNG_DIR}/bin/NFsim" >> "$GITHUB_ENV"

      - name: Build RM
        run: |
          cmake --preset release
          cmake --build --preset release

      - name: Run feature_coverage benchmark
        run: |
          python3 harness/benchmark_feature_coverage.py --reps 5 \
            | tee build/feature_coverage_console.log
          # Fail the job if any model failed.  The runner's tail line is
          # exactly "TOTAL: X PASS / Y FAIL / Z other"; we extract Y.
          fails=$(grep -oE 'TOTAL: [0-9]+ PASS / [0-9]+ FAIL' \
                    build/feature_coverage_console.log \
                  | tail -1 | grep -oE '/ [0-9]+ FAIL' | grep -oE '[0-9]+')
          echo "FAIL count: ${fails:-?}"
          if [[ "${fails:-1}" != "0" ]]; then
            echo "::error::feature_coverage benchmark reported failures"
            exit 1
          fi

      - name: Upload benchmark report
        if: always()  # surface the report even when the job failed
        uses: actions/upload-artifact@v4
        with:
          name: feature-coverage-report
          path: |
            build/feature_coverage_report.md
            build/feature_coverage_console.log
          if-no-files-found: warn