-
Notifications
You must be signed in to change notification settings - Fork 20
258 lines (235 loc) · 10.4 KB
/
library_net_tests.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
# This workflow performs tests in .NET.
name: Library net tests
on:
workflow_call:
inputs:
dafny:
description: 'The Dafny version to run'
required: true
type: string
regenerate-code:
description: "Regenerate code using smithy-dafny"
required: false
default: false
type: boolean
env:
# Used in examples
AWS_ENCRYPTION_SDK_EXAMPLE_KMS_KEY_ID: arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f
AWS_ENCRYPTION_SDK_EXAMPLE_KMS_KEY_ID_2: arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2
AWS_ENCRYPTION_SDK_EXAMPLE_KMS_MRK_KEY_ID: arn:aws:kms:us-east-1:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7
AWS_ENCRYPTION_SDK_EXAMPLE_KMS_MRK_KEY_ID_2: arn:aws:kms:eu-west-1:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7
AWS_ENCRYPTION_SDK_EXAMPLE_LIMITED_ROLE_ARN_US_EAST_1: arn:aws:iam::370957321024:role/GitHub-CI-ESDK-Dafny-Role-us-west-2
AWS_ENCRYPTION_SDK_EXAMPLE_LIMITED_ROLE_ARN_EU_WEST_1: arn:aws:iam::370957321024:role/GitHub-CI-ESDK-Dafny-Role-us-west-2
# Used for Test Vectors
VECTORS_URL: https://github.com/awslabs/aws-encryption-sdk-test-vectors/raw/master/vectors/awses-decrypt/python-2.3.0.zip
jobs:
testDotNet:
strategy:
fail-fast: false
matrix:
os: [
windows-latest,
ubuntu-latest,
macos-13,
]
runs-on: ${{ matrix.os }}
permissions:
id-token: write
contents: read
env:
DOTNET_CLI_TELEMETRY_OPTOUT: 1
DOTNET_NOLOGO: 1
steps:
- name: Support longpaths on Git checkout
run: |
git config --global core.longpaths true
- uses: actions/checkout@v2
- name: Init Submodules
shell: bash
run: |
git submodule update --init libraries
git submodule update --init --recursive mpl
git submodule update --init smithy-dafny
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v2
with:
aws-region: us-west-2
role-to-assume: arn:aws:iam::370957321024:role/GitHub-CI-Public-ESDK-Dafny-Role-us-west-2
role-session-name: NetTests
- name: Setup .NET Core SDK 6
uses: actions/setup-dotnet@v3
with:
dotnet-version: '6.0.x'
- name: Setup Dafny
uses: dafny-lang/[email protected]
with:
dafny-version: ${{ inputs.dafny }}
- name: Regenerate code using smithy-dafny if necessary
if: ${{ inputs.regenerate-code }}
uses: ./.github/actions/polymorph_codegen
with:
dafny: ${{ env.DAFNY_VERSION }}
library: AwsEncryptionSDK
diff-generated-code: false
update-and-regenerate-mpl: true
- name: Download Dependencies
working-directory: ./AwsEncryptionSDK
run: make setup_net
- name: Compile AwsEncryptionSDK implementation
shell: bash
working-directory: ./AwsEncryptionSDK
run: |
# This works because `node` is installed by default on GHA runners
CORES=$(node -e 'console.log(os.cpus().length)')
make transpile_net CORES=$CORES
- name: Compile MPL TestVectors implementation
shell: bash
working-directory: ./mpl/TestVectorsAwsCryptographicMaterialProviders
run: |
# This works because `node` is installed by default on GHA runners
CORES=$(node -e 'console.log(os.cpus().length)')
make transpile_net CORES=$CORES
- name: Test .NET Framework net48
working-directory: ./AwsEncryptionSDK
if: matrix.os == 'windows-latest'
shell: bash
run: |
make test_net FRAMEWORK=net48
- name: Test .NET net6.0
working-directory: ./AwsEncryptionSDK
shell: bash
run: |
if [ "$RUNNER_OS" == "macOS" ]; then
make test_net_mac_intel FRAMEWORK=net6.0
else
make test_net FRAMEWORK=net6.0
fi
- name: Test Examples on .NET Framework net48
working-directory: ./AwsEncryptionSDK
if: matrix.os == 'windows-latest'
shell: bash
run: |
dotnet test \
runtimes/net/Examples \
--framework net48
- name: Test Examples on .NET net6.0
working-directory: ./AwsEncryptionSDK
shell: bash
run: |
if [ "$RUNNER_OS" == "macOS" ]; then
DYLD_LIBRARY_PATH="/usr/local/opt/[email protected]/lib"
dotnet test \
runtimes/net/Examples \
--framework net6.0
else
dotnet test \
runtimes/net/Examples \
--framework net6.0
fi
- name: Unzip ESDK-NET @ v4.0.0 Valid Vectors
working-directory: ./AwsEncryptionSDK/runtimes/net/TestVectorsNative/TestVectors/resources
shell: bash
run: |
NET_400_VALID_VECTORS=$GITHUB_WORKSPACE/v4Net400Valid/vectors
mkdir -p $NET_400_VALID_VECTORS
DOWNLOAD_NAME=valid-Net-4.0.0.zip
unzip -o -qq $DOWNLOAD_NAME -d $NET_400_VALID_VECTORS
- name: Run ESDK-NET @ v4.0.0 Valid Vectors expect success
working-directory: ./AwsEncryptionSDK/runtimes/net/TestVectorsNative/TestVectors
continue-on-error: true
shell: bash
run: |
NET_400_VALID_VECTORS=$GITHUB_WORKSPACE/v4Net400Valid/vectors
ESDK_NET_V400_POLICY="forbid" \
DAFNY_AWS_ESDK_TEST_VECTOR_MANIFEST_PATH="$NET_400_VALID_VECTORS/manifest.json" \
dotnet test --framework net48
ESDK_NET_V400_POLICY="forbid" \
DAFNY_AWS_ESDK_TEST_VECTOR_MANIFEST_PATH="$NET_400_VALID_VECTORS/manifest.json" \
dotnet test --framework net6.0 --logger "console;verbosity=quiet"
- name: Unzip ESDK-NET @ v4.0.0 Invalid Vectors
working-directory: ./AwsEncryptionSDK/runtimes/net/TestVectorsNative/TestVectors/resources
shell: bash
run: |
NET_400_INVALID_VECTORS=$GITHUB_WORKSPACE/v4Net400Invalid/vectors
mkdir -p $NET_400_INVALID_VECTORS
DOWNLOAD_NAME=invalid-Net-4.0.0.zip
unzip -o -qq $DOWNLOAD_NAME -d $NET_400_INVALID_VECTORS
- name: Run ESDK-NET @ v4.0.0 Invalid Vectors .NET 48 expect failure
working-directory: ./AwsEncryptionSDK/runtimes/net/TestVectorsNative/TestVectors
continue-on-error: true
shell: bash
run: |
NET_400_INVALID_VECTORS=$GITHUB_WORKSPACE/v4Net400Invalid/vectors
ESDK_NET_V400_POLICY="forbid" \
DAFNY_AWS_ESDK_TEST_VECTOR_MANIFEST_PATH="$NET_400_INVALID_VECTORS/manifest.json" \
dotnet test --framework net48
# Dotnet test returns 1 for failure.
TEMP=$?; if [[ "$TEMP" -eq 1 ]]; then true; else false; fi;
# We want this to fail, so if it returned 1, step passes, else it fails
# TODO Post-#619: Refactor Test Vectors to expect failure,
# as I doubt this true false logic works
- name: Run ESDK-NET @ v4.0.0 Invalid Vectors .NET 6.0 expect failure
working-directory: ./AwsEncryptionSDK/runtimes/net/TestVectorsNative/TestVectors
continue-on-error: true
shell: bash
run: |
NET_400_INVALID_VECTORS=$GITHUB_WORKSPACE/v4Net400Invalid/vectors
if [ "$RUNNER_OS" == "macOS" ]; then
ESDK_NET_V400_POLICY="forbid" \
DAFNY_AWS_ESDK_TEST_VECTOR_MANIFEST_PATH="$NET_400_INVALID_VECTORS/manifest.json" \
DYLD_LIBRARY_PATH="/usr/local/opt/[email protected]/lib" \
dotnet test --framework net6.0
else
ESDK_NET_V400_POLICY="forbid" \
DAFNY_AWS_ESDK_TEST_VECTOR_MANIFEST_PATH="$NET_400_INVALID_VECTORS/manifest.json" \
dotnet test --framework net6.0
fi
# Dotnet test returns 1 for failure.
TEMP=$?; if [[ "$TEMP" -eq 1 ]]; then true; else false; fi;
# We want this to fail, so if it returned 1, step passes, else it fails
# TODO Post-#619: Refactor Test Vectors to expect failure,
# as I doubt this true false logic works
- name: Run ESDK-NET @ v4.0.0 Invalid Vectors .NET expect Success
working-directory: ./AwsEncryptionSDK/runtimes/net/TestVectorsNative/TestVectors
shell: bash
run: |
NET_400_INVALID_VECTORS=$GITHUB_WORKSPACE/v4Net400Invalid/vectors
DAFNY_AWS_ESDK_TEST_VECTOR_MANIFEST_PATH="$NET_400_INVALID_VECTORS/manifest.json" \
dotnet test --framework net48 --logger "console;verbosity=quiet"
if [ "$RUNNER_OS" == "macOS" ]; then
DAFNY_AWS_ESDK_TEST_VECTOR_MANIFEST_PATH="$NET_400_INVALID_VECTORS/manifest.json" \
DYLD_LIBRARY_PATH="/usr/local/opt/[email protected]/lib" \
dotnet test --framework net6.0 --logger "console;verbosity=quiet"
else
DAFNY_AWS_ESDK_TEST_VECTOR_MANIFEST_PATH="$NET_400_INVALID_VECTORS/manifest.json" \
dotnet test --framework net6.0 --logger "console;verbosity=quiet"
fi
- name: Unzip ESDK-NET @ v4.0.1 Vectors
working-directory: ./AwsEncryptionSDK/runtimes/net/TestVectorsNative/TestVectors/resources
shell: bash
run: |
NET_401_VECTORS=$GITHUB_WORKSPACE/v4Net401/vectors
mkdir -p $NET_401_VECTORS
DOWNLOAD_NAME=v4-Net-4.0.1.zip
unzip -o -qq $DOWNLOAD_NAME -d $NET_401_VECTORS
- name: Run ESDK-NET @ v4.0.1 Vectors expect success
working-directory: ./AwsEncryptionSDK/runtimes/net/TestVectorsNative/TestVectors
shell: bash
run: |
NET_401_VECTORS=$GITHUB_WORKSPACE/v4Net401/vectors
# We expect net48 to run only for Windows
if [ "$RUNNER_OS" == "Windows" ]; then
ESDK_NET_V400_POLICY="forbid" \
DAFNY_AWS_ESDK_TEST_VECTOR_MANIFEST_PATH="$NET_401_VECTORS/manifest.json" \
dotnet test --framework net48
fi
if [ "$RUNNER_OS" == "macOS" ]; then
DYLD_LIBRARY_PATH="/usr/local/opt/[email protected]/lib" \
ESDK_NET_V400_POLICY="forbid" \
DAFNY_AWS_ESDK_TEST_VECTOR_MANIFEST_PATH="$NET_401_VECTORS/manifest.json" \
dotnet test --framework net6.0 --logger "console;verbosity=quiet"
else
ESDK_NET_V400_POLICY="forbid" \
DAFNY_AWS_ESDK_TEST_VECTOR_MANIFEST_PATH="$NET_401_VECTORS/manifest.json" \
dotnet test --framework net6.0 --logger "console;verbosity=quiet"
fi