fips fixup #4317
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
push: | |
branches-ignore: | |
- 'main' | |
- 'docs' | |
# cancel in-progress builds after a new commit | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: true | |
env: | |
BUILDER_VERSION: v0.9.67 | |
BUILDER_SOURCE: releases | |
BUILDER_HOST: https://d19elf31gohf1l.cloudfront.net | |
PACKAGE_NAME: aws-crt-java | |
LINUX_BASE_IMAGE: ubuntu-18-x64 | |
RUN: ${{ github.run_id }}-${{ github.run_number }} | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }} | |
AWS_REGION: us-east-1 | |
AWS_DEVICE_FARM_REGION: us-west-2 # Device Farm only available in us-west-2 region | |
jobs: | |
linux-compat: | |
runs-on: ubuntu-22.04 # latest | |
strategy: | |
matrix: | |
image: | |
- manylinux2014-x64 | |
- manylinux2014-x86 | |
- al2-x64 | |
- fedora-34-x64 | |
- opensuse-leap | |
- rhel8-x64 | |
#- manylinux2014-x86 until we find 32-bit linux binaries we can use | |
steps: | |
- name: Checkout Sources | |
uses: actions/checkout@v4 | |
with: | |
submodules: true | |
- name: Build ${{ env.PACKAGE_NAME }} | |
run: | | |
aws s3 cp s3://aws-crt-test-stuff/ci/${{ env.BUILDER_VERSION }}/linux-container-ci.sh ./linux-container-ci.sh && chmod a+x ./linux-container-ci.sh | |
./linux-container-ci.sh ${{ env.BUILDER_VERSION }} aws-crt-${{ matrix.image }} build -p ${{ env.PACKAGE_NAME }} | |
linux-compiler-compat: | |
runs-on: ubuntu-22.04 # latest | |
strategy: | |
matrix: | |
compiler: | |
- clang-3 | |
- clang-6 | |
- clang-8 | |
- clang-9 | |
- clang-10 | |
- clang-11 | |
- gcc-4.8 | |
- gcc-5 | |
- gcc-6 | |
- gcc-7 | |
- gcc-8 | |
steps: | |
- name: Checkout Sources | |
uses: actions/checkout@v4 | |
with: | |
submodules: true | |
- name: Build ${{ env.PACKAGE_NAME }} | |
run: | | |
aws s3 cp s3://aws-crt-test-stuff/ci/${{ env.BUILDER_VERSION }}/linux-container-ci.sh ./linux-container-ci.sh && chmod a+x ./linux-container-ci.sh | |
./linux-container-ci.sh ${{ env.BUILDER_VERSION }} aws-crt-${{ env.LINUX_BASE_IMAGE }} build -p ${{ env.PACKAGE_NAME }} --compiler=${{ matrix.compiler }} | |
linux-arm: | |
name: ARM (${{ matrix.arch }}) | |
runs-on: ubuntu-22.04 # latest | |
strategy: | |
fail-fast: false | |
matrix: | |
arch: [armv6, armv7, arm64] | |
steps: | |
- name: Build ${{ env.PACKAGE_NAME }} | |
run: | | |
python3 -c "from urllib.request import urlretrieve; urlretrieve('${{ env.BUILDER_HOST }}/${{ env.BUILDER_SOURCE }}/${{ env.BUILDER_VERSION }}/builder.pyz?run=${{ env.RUN }}', 'builder')" | |
chmod a+x builder | |
./builder build -p ${{ env.PACKAGE_NAME }} --target=linux-${{ matrix.arch }} --spec=downstream | |
linux-fips-x64: | |
runs-on: ubuntu-22.04 # latest | |
steps: | |
- name: Checkout Sources | |
uses: actions/checkout@v4 | |
with: | |
submodules: true | |
fetch-depth: 0 | |
- name: Build ${{ env.PACKAGE_NAME }} | |
run: | | |
bash codebuild/cd/test-fips-branch.sh | |
export CRT_FIPS=ON | |
python3 -c "from urllib.request import urlretrieve; urlretrieve('${{ env.BUILDER_HOST }}/${{ env.BUILDER_SOURCE }}/${{ env.BUILDER_VERSION }}/builder.pyz?run=${{ env.RUN }}', 'builder')" | |
chmod a+x builder | |
./builder build -p ${{ env.PACKAGE_NAME }} | |
linux-fips-armv8: | |
runs-on: ubuntu-22.04 # latest | |
steps: | |
- name: Checkout Sources | |
uses: actions/checkout@v4 | |
with: | |
submodules: true | |
fetch-depth: 0 | |
- name: Build ${{ env.PACKAGE_NAME }} | |
run: | | |
bash codebuild/cd/test-fips-branch.sh | |
export CRT_FIPS=ON | |
python3 -c "from urllib.request import urlretrieve; urlretrieve('${{ env.BUILDER_HOST }}/${{ env.BUILDER_SOURCE }}/${{ env.BUILDER_VERSION }}/builder.pyz?run=${{ env.RUN }}', 'builder')" | |
chmod a+x builder | |
./builder build -p ${{ env.PACKAGE_NAME }} --target=linux-arm64 --spec=downstream --cmake-extra=-DCRT_FIPS=ON | |
linux-musl-x64: | |
runs-on: ubuntu-24.04 # latest | |
strategy: | |
matrix: | |
image: | |
- alpine-3.16-x64 | |
- openwrt-x64-openjdk8 | |
steps: | |
- name: Build ${{ env.PACKAGE_NAME }} | |
run: | | |
aws s3 cp s3://aws-crt-test-stuff/ci/${{ env.BUILDER_VERSION }}/linux-container-ci.sh ./linux-container-ci.sh && chmod a+x ./linux-container-ci.sh | |
./linux-container-ci.sh ${{ env.BUILDER_VERSION }} aws-crt-${{ matrix.image }} build -p ${{ env.PACKAGE_NAME }} | |
linux-musl-arm: | |
runs-on: ubuntu-24.04 # latest | |
strategy: | |
matrix: | |
image: | |
- alpine-3.16-armv7 | |
- alpine-3.16-arm64 | |
steps: | |
- name: Install qemu/docker | |
run: docker run --rm --privileged multiarch/qemu-user-static --reset -p yes | |
- name: Build ${{ env.PACKAGE_NAME }} | |
run: | | |
aws s3 cp s3://aws-crt-test-stuff/ci/${{ env.BUILDER_VERSION }}/linux-container-ci.sh ./linux-container-ci.sh && chmod a+x ./linux-container-ci.sh | |
./linux-container-ci.sh ${{ env.BUILDER_VERSION }} aws-crt-${{ matrix.image }} build -p ${{ env.PACKAGE_NAME }} | |
raspberry: | |
runs-on: ubuntu-22.04 # latest | |
strategy: | |
matrix: | |
image: | |
- raspbian-bullseye | |
steps: | |
- name: Install qemu/docker | |
run: docker run --rm --privileged multiarch/qemu-user-static --reset -p yes | |
- name: Build ${{ env.PACKAGE_NAME }} | |
run: | | |
aws s3 cp s3://aws-crt-test-stuff/ci/${{ env.BUILDER_VERSION }}/linux-container-ci.sh ./linux-container-ci.sh && chmod a+x ./linux-container-ci.sh | |
./linux-container-ci.sh ${{ env.BUILDER_VERSION }} aws-crt-${{ matrix.image }} build -p ${{ env.PACKAGE_NAME }} | |
windows: | |
runs-on: windows-2022 # latest | |
steps: | |
- name: Checkout Sources | |
uses: actions/checkout@v4 | |
with: | |
submodules: true | |
- name: Build ${{ env.PACKAGE_NAME }} + consumers | |
run: | | |
python -c "from urllib.request import urlretrieve; urlretrieve('${{ env.BUILDER_HOST }}/${{ env.BUILDER_SOURCE }}/${{ env.BUILDER_VERSION }}/builder.pyz?run=${{ env.RUN }}', 'builder.pyz')" | |
python builder.pyz build -p ${{ env.PACKAGE_NAME }} --spec=downstream | |
windows-vc14: | |
runs-on: windows-2019 # windows-2019 is last env with Visual Studio 2015 (v14.0) | |
strategy: | |
matrix: | |
arch: [x86, x64] | |
steps: | |
- name: Checkout Sources | |
uses: actions/checkout@v4 | |
with: | |
submodules: true | |
- name: Build ${{ env.PACKAGE_NAME }} + consumers | |
env: | |
AWS_CMAKE_TOOLSET: v140 | |
run: | | |
python -c "from urllib.request import urlretrieve; urlretrieve('${{ env.BUILDER_HOST }}/${{ env.BUILDER_SOURCE }}/${{ env.BUILDER_VERSION }}/builder.pyz?run=${{ env.RUN }}', 'builder.pyz')" | |
python builder.pyz build -p ${{ env.PACKAGE_NAME }} downstream | |
macos: | |
runs-on: macos-14 #latest | |
steps: | |
- name: Checkout Sources | |
uses: actions/checkout@v4 | |
with: | |
submodules: true | |
- name: Build ${{ env.PACKAGE_NAME }} + consumers | |
run: | | |
python3 -c "from urllib.request import urlretrieve; urlretrieve('${{ env.BUILDER_HOST }}/${{ env.BUILDER_SOURCE }}/${{ env.BUILDER_VERSION }}/builder.pyz?run=${{ env.RUN }}', 'builder')" | |
chmod a+x builder | |
./builder build -p ${{ env.PACKAGE_NAME }} --spec=downstream | |
python3 codebuild/macos_compatibility_check.py | |
macos-x64: | |
runs-on: macos-14-large #latest | |
steps: | |
- name: Checkout Sources | |
uses: actions/checkout@v4 | |
with: | |
submodules: true | |
- name: Build ${{ env.PACKAGE_NAME }} + consumers | |
run: | | |
python3 -c "from urllib.request import urlretrieve; urlretrieve('${{ env.BUILDER_HOST }}/${{ env.BUILDER_SOURCE }}/${{ env.BUILDER_VERSION }}/builder.pyz?run=${{ env.RUN }}', 'builder')" | |
chmod a+x builder | |
./builder build -p ${{ env.PACKAGE_NAME }} --spec=downstream | |
python3 codebuild/macos_compatibility_check.py | |
android: | |
# ubuntu-24.04 comes with Android tooling | |
name: Android | |
runs-on: ubuntu-24.04 # latest | |
steps: | |
- name: Checkout Sources | |
uses: actions/checkout@v4 | |
with: | |
submodules: true | |
# Setup JDK 11 | |
- name: set up JDK 11 | |
uses: actions/setup-java@v4 | |
with: | |
java-version: '11' | |
distribution: 'temurin' | |
# Build and publish locally for the test app to find the SNAPSHOT version | |
- name: Build ${{ env.PACKAGE_NAME }} | |
run: | | |
# Manually set -Xmx (max heap size) to something huge (tested 2g and that works, but why not go bigger). | |
# Only in CI, gradle daemon runs out of memory during "lintAnalyzeDebug" task, unless you specify it this way. | |
# You'd think Java's default of 25% RAM (ubuntu24 runner has 12g, so max 4g) would be sufficient, but no. | |
# You'd think setting -Xmx via gradle.properties would help, but no. | |
./gradlew :android:crt:build -Dorg.gradle.jvmargs="-Xmx8g" | |
./gradlew -PnewVersion="1.0.0-SNAPSHOT" :android:crt:publishToMavenLocal | |
# Setup files required by test app for Device Farm testing | |
- name: Setup Android Test Files | |
run: | | |
cd src/test/android/testapp/src/main/assets | |
python3 -m pip install boto3 | |
python3 ./android_file_creation.py | |
- name: Build Test App | |
run: | | |
cd src/test/android/testapp | |
../../../../gradlew assembledebug | |
../../../../gradlew assembleAndroidTest | |
- name: Device Farm Tests Highly Available | |
run: | | |
echo "Running Device Farm Python Script" | |
python3 ./.github/workflows/run_android_ci.py \ | |
--run_id ${{ github.run_id }} \ | |
--run_attempt ${{ github.run_attempt }} \ | |
--project_arn $(aws secretsmanager get-secret-value --region us-east-1 --secret-id "ci/DeviceFarm/ProjectArn" --query "SecretString" | cut -f5 -d\" | cut -f1 -d'\') \ | |
--device_pool_arn $(aws secretsmanager get-secret-value --region us-east-1 --secret-id "ci/DeviceFarm/DevicePoolArn" --query "SecretString" | cut -f5 -d\" | cut -f1 -d'\') \ | |
--device_pool highly_available | |
- name: Device Farm Tests Android 8.0.0 | |
run: | | |
echo "Running Device Farm Python Script" | |
python3 ./.github/workflows/run_android_ci.py \ | |
--run_id ${{ github.run_id }} \ | |
--run_attempt ${{ github.run_attempt }} \ | |
--project_arn $(aws secretsmanager get-secret-value --region us-east-1 --secret-id "ci/DeviceFarm/ProjectArn" --query "SecretString" | cut -f5 -d\" | cut -f1 -d'\') \ | |
--device_pool_arn $(aws secretsmanager get-secret-value --region us-east-1 --secret-id "ci/DeviceFarm/DevicePoolArnAndroid8" --query "SecretString" | cut -f5 -d\" | cut -f1 -d'\') \ | |
--device_pool android_8 | |
# check that docs can still build | |
check-docs: | |
runs-on: ubuntu-22.04 # use same version as docs.yml | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
submodules: true | |
- name: Check docs | |
run: | | |
./make-docs.sh | |
check-submodules: | |
runs-on: ubuntu-22.04 # latest | |
steps: | |
- name: Checkout Source | |
uses: actions/checkout@v4 | |
with: | |
submodules: true | |
fetch-depth: 0 | |
- name: Check Submodules | |
# note: using "@main" because "@${{env.BUILDER_VERSION}}" doesn't work | |
# https://github.com/actions/runner/issues/480 | |
uses: awslabs/aws-crt-builder/.github/actions/check-submodules@main | |
localhost-test-linux: | |
runs-on: ubuntu-22.04 # latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
submodules: true | |
- name: Configure local host | |
run: | | |
python3 -m pip install h2 | |
cd crt/aws-c-http/tests/py_localhost/ | |
python3 server.py & | |
python3 non_tls_server.py & | |
- name: Build and test | |
run: | | |
python3 -c "from urllib.request import urlretrieve; urlretrieve('${{ env.BUILDER_HOST }}/${{ env.BUILDER_SOURCE }}/${{ env.BUILDER_VERSION }}/builder.pyz?run=${{ env.RUN }}', 'builder.pyz')" | |
python builder.pyz localhost-test -p ${{ env.PACKAGE_NAME }} --spec=downstream | |
localhost-test-macos: | |
runs-on: macos-14 # latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
submodules: true | |
- name: Configure local host | |
run: | | |
python3 -m venv .venv | |
source .venv/bin/activate | |
python3 -m pip install h2 | |
cd crt/aws-c-http/tests/py_localhost/ | |
python3 server.py & | |
python3 non_tls_server.py & | |
- name: Build and test | |
run: | | |
python3 -c "from urllib.request import urlretrieve; urlretrieve('${{ env.BUILDER_HOST }}/${{ env.BUILDER_SOURCE }}/${{ env.BUILDER_VERSION }}/builder.pyz?run=${{ env.RUN }}', 'builder')" | |
chmod a+x builder | |
./builder localhost-test -p ${{ env.PACKAGE_NAME }} --spec=downstream | |
localhost-test-win: | |
runs-on: windows-2022 # latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
submodules: true | |
- name: Configure local host | |
run: | | |
python -m pip install h2 | |
- name: Build and test | |
run: | | |
cd crt/aws-c-http/tests/py_localhost/ | |
Start-Process -NoNewWindow python .\server.py | |
Start-Process -NoNewWindow python .\non_tls_server.py | |
python -c "from urllib.request import urlretrieve; urlretrieve('${{ env.BUILDER_HOST }}/${{ env.BUILDER_SOURCE }}/${{ env.BUILDER_VERSION }}/builder.pyz?run=${{ env.RUN }}', 'builder.pyz')" | |
python builder.pyz localhost-test -p ${{ env.PACKAGE_NAME }} downstream | |
GraalVM: | |
runs-on: ${{ matrix.os }} | |
strategy: | |
fail-fast: false | |
matrix: | |
os: [macos-latest, windows-latest, ubuntu-latest] | |
java-version: ['22', '21', '17'] | |
steps: | |
- name: Checkout Sources | |
uses: actions/checkout@v4 | |
with: | |
submodules: true | |
- name: Setup GraalVM | |
uses: graalvm/setup-graalvm@v1 | |
with: | |
java-version: ${{ matrix.java-version }} | |
distribution: 'graalvm' | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
- name: Build ${{ env.PACKAGE_NAME }} + consumers | |
run: | | |
python -c "from urllib.request import urlretrieve; urlretrieve('${{ env.BUILDER_HOST }}/${{ env.BUILDER_SOURCE }}/${{ env.BUILDER_VERSION }}/builder.pyz?run=${{ env.RUN }}', 'builder.pyz')" | |
python builder.pyz build -p ${{ env.PACKAGE_NAME }} --variant=graalvm downstream |