Skip to content

fips fixup

fips fixup #4317

Workflow file for this run

name: CI
on:
push:
branches-ignore:
- 'main'
- 'docs'
# cancel in-progress builds after a new commit
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
env:
BUILDER_VERSION: v0.9.67
BUILDER_SOURCE: releases
BUILDER_HOST: https://d19elf31gohf1l.cloudfront.net
PACKAGE_NAME: aws-crt-java
LINUX_BASE_IMAGE: ubuntu-18-x64
RUN: ${{ github.run_id }}-${{ github.run_number }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
AWS_REGION: us-east-1
AWS_DEVICE_FARM_REGION: us-west-2 # Device Farm only available in us-west-2 region
jobs:
linux-compat:
runs-on: ubuntu-22.04 # latest
strategy:
matrix:
image:
- manylinux2014-x64
- manylinux2014-x86
- al2-x64
- fedora-34-x64
- opensuse-leap
- rhel8-x64
#- manylinux2014-x86 until we find 32-bit linux binaries we can use
steps:
- name: Checkout Sources
uses: actions/checkout@v4
with:
submodules: true
- name: Build ${{ env.PACKAGE_NAME }}
run: |
aws s3 cp s3://aws-crt-test-stuff/ci/${{ env.BUILDER_VERSION }}/linux-container-ci.sh ./linux-container-ci.sh && chmod a+x ./linux-container-ci.sh
./linux-container-ci.sh ${{ env.BUILDER_VERSION }} aws-crt-${{ matrix.image }} build -p ${{ env.PACKAGE_NAME }}
linux-compiler-compat:
runs-on: ubuntu-22.04 # latest
strategy:
matrix:
compiler:
- clang-3
- clang-6
- clang-8
- clang-9
- clang-10
- clang-11
- gcc-4.8
- gcc-5
- gcc-6
- gcc-7
- gcc-8
steps:
- name: Checkout Sources
uses: actions/checkout@v4
with:
submodules: true
- name: Build ${{ env.PACKAGE_NAME }}
run: |
aws s3 cp s3://aws-crt-test-stuff/ci/${{ env.BUILDER_VERSION }}/linux-container-ci.sh ./linux-container-ci.sh && chmod a+x ./linux-container-ci.sh
./linux-container-ci.sh ${{ env.BUILDER_VERSION }} aws-crt-${{ env.LINUX_BASE_IMAGE }} build -p ${{ env.PACKAGE_NAME }} --compiler=${{ matrix.compiler }}
linux-arm:
name: ARM (${{ matrix.arch }})
runs-on: ubuntu-22.04 # latest
strategy:
fail-fast: false
matrix:
arch: [armv6, armv7, arm64]
steps:
- name: Build ${{ env.PACKAGE_NAME }}
run: |
python3 -c "from urllib.request import urlretrieve; urlretrieve('${{ env.BUILDER_HOST }}/${{ env.BUILDER_SOURCE }}/${{ env.BUILDER_VERSION }}/builder.pyz?run=${{ env.RUN }}', 'builder')"
chmod a+x builder
./builder build -p ${{ env.PACKAGE_NAME }} --target=linux-${{ matrix.arch }} --spec=downstream
linux-fips-x64:
runs-on: ubuntu-22.04 # latest
steps:
- name: Checkout Sources
uses: actions/checkout@v4
with:
submodules: true
fetch-depth: 0
- name: Build ${{ env.PACKAGE_NAME }}
run: |
bash codebuild/cd/test-fips-branch.sh
export CRT_FIPS=ON
python3 -c "from urllib.request import urlretrieve; urlretrieve('${{ env.BUILDER_HOST }}/${{ env.BUILDER_SOURCE }}/${{ env.BUILDER_VERSION }}/builder.pyz?run=${{ env.RUN }}', 'builder')"
chmod a+x builder
./builder build -p ${{ env.PACKAGE_NAME }}
linux-fips-armv8:
runs-on: ubuntu-22.04 # latest
steps:
- name: Checkout Sources
uses: actions/checkout@v4
with:
submodules: true
fetch-depth: 0
- name: Build ${{ env.PACKAGE_NAME }}
run: |
bash codebuild/cd/test-fips-branch.sh
export CRT_FIPS=ON
python3 -c "from urllib.request import urlretrieve; urlretrieve('${{ env.BUILDER_HOST }}/${{ env.BUILDER_SOURCE }}/${{ env.BUILDER_VERSION }}/builder.pyz?run=${{ env.RUN }}', 'builder')"
chmod a+x builder
./builder build -p ${{ env.PACKAGE_NAME }} --target=linux-arm64 --spec=downstream --cmake-extra=-DCRT_FIPS=ON
linux-musl-x64:
runs-on: ubuntu-24.04 # latest
strategy:
matrix:
image:
- alpine-3.16-x64
- openwrt-x64-openjdk8
steps:
- name: Build ${{ env.PACKAGE_NAME }}
run: |
aws s3 cp s3://aws-crt-test-stuff/ci/${{ env.BUILDER_VERSION }}/linux-container-ci.sh ./linux-container-ci.sh && chmod a+x ./linux-container-ci.sh
./linux-container-ci.sh ${{ env.BUILDER_VERSION }} aws-crt-${{ matrix.image }} build -p ${{ env.PACKAGE_NAME }}
linux-musl-arm:
runs-on: ubuntu-24.04 # latest
strategy:
matrix:
image:
- alpine-3.16-armv7
- alpine-3.16-arm64
steps:
- name: Install qemu/docker
run: docker run --rm --privileged multiarch/qemu-user-static --reset -p yes
- name: Build ${{ env.PACKAGE_NAME }}
run: |
aws s3 cp s3://aws-crt-test-stuff/ci/${{ env.BUILDER_VERSION }}/linux-container-ci.sh ./linux-container-ci.sh && chmod a+x ./linux-container-ci.sh
./linux-container-ci.sh ${{ env.BUILDER_VERSION }} aws-crt-${{ matrix.image }} build -p ${{ env.PACKAGE_NAME }}
raspberry:
runs-on: ubuntu-22.04 # latest
strategy:
matrix:
image:
- raspbian-bullseye
steps:
- name: Install qemu/docker
run: docker run --rm --privileged multiarch/qemu-user-static --reset -p yes
- name: Build ${{ env.PACKAGE_NAME }}
run: |
aws s3 cp s3://aws-crt-test-stuff/ci/${{ env.BUILDER_VERSION }}/linux-container-ci.sh ./linux-container-ci.sh && chmod a+x ./linux-container-ci.sh
./linux-container-ci.sh ${{ env.BUILDER_VERSION }} aws-crt-${{ matrix.image }} build -p ${{ env.PACKAGE_NAME }}
windows:
runs-on: windows-2022 # latest
steps:
- name: Checkout Sources
uses: actions/checkout@v4
with:
submodules: true
- name: Build ${{ env.PACKAGE_NAME }} + consumers
run: |
python -c "from urllib.request import urlretrieve; urlretrieve('${{ env.BUILDER_HOST }}/${{ env.BUILDER_SOURCE }}/${{ env.BUILDER_VERSION }}/builder.pyz?run=${{ env.RUN }}', 'builder.pyz')"
python builder.pyz build -p ${{ env.PACKAGE_NAME }} --spec=downstream
windows-vc14:
runs-on: windows-2019 # windows-2019 is last env with Visual Studio 2015 (v14.0)
strategy:
matrix:
arch: [x86, x64]
steps:
- name: Checkout Sources
uses: actions/checkout@v4
with:
submodules: true
- name: Build ${{ env.PACKAGE_NAME }} + consumers
env:
AWS_CMAKE_TOOLSET: v140
run: |
python -c "from urllib.request import urlretrieve; urlretrieve('${{ env.BUILDER_HOST }}/${{ env.BUILDER_SOURCE }}/${{ env.BUILDER_VERSION }}/builder.pyz?run=${{ env.RUN }}', 'builder.pyz')"
python builder.pyz build -p ${{ env.PACKAGE_NAME }} downstream
macos:
runs-on: macos-14 #latest
steps:
- name: Checkout Sources
uses: actions/checkout@v4
with:
submodules: true
- name: Build ${{ env.PACKAGE_NAME }} + consumers
run: |
python3 -c "from urllib.request import urlretrieve; urlretrieve('${{ env.BUILDER_HOST }}/${{ env.BUILDER_SOURCE }}/${{ env.BUILDER_VERSION }}/builder.pyz?run=${{ env.RUN }}', 'builder')"
chmod a+x builder
./builder build -p ${{ env.PACKAGE_NAME }} --spec=downstream
python3 codebuild/macos_compatibility_check.py
macos-x64:
runs-on: macos-14-large #latest
steps:
- name: Checkout Sources
uses: actions/checkout@v4
with:
submodules: true
- name: Build ${{ env.PACKAGE_NAME }} + consumers
run: |
python3 -c "from urllib.request import urlretrieve; urlretrieve('${{ env.BUILDER_HOST }}/${{ env.BUILDER_SOURCE }}/${{ env.BUILDER_VERSION }}/builder.pyz?run=${{ env.RUN }}', 'builder')"
chmod a+x builder
./builder build -p ${{ env.PACKAGE_NAME }} --spec=downstream
python3 codebuild/macos_compatibility_check.py
android:
# ubuntu-24.04 comes with Android tooling
name: Android
runs-on: ubuntu-24.04 # latest
steps:
- name: Checkout Sources
uses: actions/checkout@v4
with:
submodules: true
# Setup JDK 11
- name: set up JDK 11
uses: actions/setup-java@v4
with:
java-version: '11'
distribution: 'temurin'
# Build and publish locally for the test app to find the SNAPSHOT version
- name: Build ${{ env.PACKAGE_NAME }}
run: |
# Manually set -Xmx (max heap size) to something huge (tested 2g and that works, but why not go bigger).
# Only in CI, gradle daemon runs out of memory during "lintAnalyzeDebug" task, unless you specify it this way.
# You'd think Java's default of 25% RAM (ubuntu24 runner has 12g, so max 4g) would be sufficient, but no.
# You'd think setting -Xmx via gradle.properties would help, but no.
./gradlew :android:crt:build -Dorg.gradle.jvmargs="-Xmx8g"
./gradlew -PnewVersion="1.0.0-SNAPSHOT" :android:crt:publishToMavenLocal
# Setup files required by test app for Device Farm testing
- name: Setup Android Test Files
run: |
cd src/test/android/testapp/src/main/assets
python3 -m pip install boto3
python3 ./android_file_creation.py
- name: Build Test App
run: |
cd src/test/android/testapp
../../../../gradlew assembledebug
../../../../gradlew assembleAndroidTest
- name: Device Farm Tests Highly Available
run: |
echo "Running Device Farm Python Script"
python3 ./.github/workflows/run_android_ci.py \
--run_id ${{ github.run_id }} \
--run_attempt ${{ github.run_attempt }} \
--project_arn $(aws secretsmanager get-secret-value --region us-east-1 --secret-id "ci/DeviceFarm/ProjectArn" --query "SecretString" | cut -f5 -d\" | cut -f1 -d'\') \
--device_pool_arn $(aws secretsmanager get-secret-value --region us-east-1 --secret-id "ci/DeviceFarm/DevicePoolArn" --query "SecretString" | cut -f5 -d\" | cut -f1 -d'\') \
--device_pool highly_available
- name: Device Farm Tests Android 8.0.0
run: |
echo "Running Device Farm Python Script"
python3 ./.github/workflows/run_android_ci.py \
--run_id ${{ github.run_id }} \
--run_attempt ${{ github.run_attempt }} \
--project_arn $(aws secretsmanager get-secret-value --region us-east-1 --secret-id "ci/DeviceFarm/ProjectArn" --query "SecretString" | cut -f5 -d\" | cut -f1 -d'\') \
--device_pool_arn $(aws secretsmanager get-secret-value --region us-east-1 --secret-id "ci/DeviceFarm/DevicePoolArnAndroid8" --query "SecretString" | cut -f5 -d\" | cut -f1 -d'\') \
--device_pool android_8
# check that docs can still build
check-docs:
runs-on: ubuntu-22.04 # use same version as docs.yml
steps:
- uses: actions/checkout@v4
with:
submodules: true
- name: Check docs
run: |
./make-docs.sh
check-submodules:
runs-on: ubuntu-22.04 # latest
steps:
- name: Checkout Source
uses: actions/checkout@v4
with:
submodules: true
fetch-depth: 0
- name: Check Submodules
# note: using "@main" because "@${{env.BUILDER_VERSION}}" doesn't work
# https://github.com/actions/runner/issues/480
uses: awslabs/aws-crt-builder/.github/actions/check-submodules@main
localhost-test-linux:
runs-on: ubuntu-22.04 # latest
steps:
- name: Checkout
uses: actions/checkout@v4
with:
submodules: true
- name: Configure local host
run: |
python3 -m pip install h2
cd crt/aws-c-http/tests/py_localhost/
python3 server.py &
python3 non_tls_server.py &
- name: Build and test
run: |
python3 -c "from urllib.request import urlretrieve; urlretrieve('${{ env.BUILDER_HOST }}/${{ env.BUILDER_SOURCE }}/${{ env.BUILDER_VERSION }}/builder.pyz?run=${{ env.RUN }}', 'builder.pyz')"
python builder.pyz localhost-test -p ${{ env.PACKAGE_NAME }} --spec=downstream
localhost-test-macos:
runs-on: macos-14 # latest
steps:
- name: Checkout
uses: actions/checkout@v4
with:
submodules: true
- name: Configure local host
run: |
python3 -m venv .venv
source .venv/bin/activate
python3 -m pip install h2
cd crt/aws-c-http/tests/py_localhost/
python3 server.py &
python3 non_tls_server.py &
- name: Build and test
run: |
python3 -c "from urllib.request import urlretrieve; urlretrieve('${{ env.BUILDER_HOST }}/${{ env.BUILDER_SOURCE }}/${{ env.BUILDER_VERSION }}/builder.pyz?run=${{ env.RUN }}', 'builder')"
chmod a+x builder
./builder localhost-test -p ${{ env.PACKAGE_NAME }} --spec=downstream
localhost-test-win:
runs-on: windows-2022 # latest
steps:
- name: Checkout
uses: actions/checkout@v4
with:
submodules: true
- name: Configure local host
run: |
python -m pip install h2
- name: Build and test
run: |
cd crt/aws-c-http/tests/py_localhost/
Start-Process -NoNewWindow python .\server.py
Start-Process -NoNewWindow python .\non_tls_server.py
python -c "from urllib.request import urlretrieve; urlretrieve('${{ env.BUILDER_HOST }}/${{ env.BUILDER_SOURCE }}/${{ env.BUILDER_VERSION }}/builder.pyz?run=${{ env.RUN }}', 'builder.pyz')"
python builder.pyz localhost-test -p ${{ env.PACKAGE_NAME }} downstream
GraalVM:
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
os: [macos-latest, windows-latest, ubuntu-latest]
java-version: ['22', '21', '17']
steps:
- name: Checkout Sources
uses: actions/checkout@v4
with:
submodules: true
- name: Setup GraalVM
uses: graalvm/setup-graalvm@v1
with:
java-version: ${{ matrix.java-version }}
distribution: 'graalvm'
github-token: ${{ secrets.GITHUB_TOKEN }}
- name: Build ${{ env.PACKAGE_NAME }} + consumers
run: |
python -c "from urllib.request import urlretrieve; urlretrieve('${{ env.BUILDER_HOST }}/${{ env.BUILDER_SOURCE }}/${{ env.BUILDER_VERSION }}/builder.pyz?run=${{ env.RUN }}', 'builder.pyz')"
python builder.pyz build -p ${{ env.PACKAGE_NAME }} --variant=graalvm downstream