chore: only run net48 on windows and use node 17 to run integration-n…

…ode (#639)
aws · Mar 9, 2024 · d6c62fb · d6c62fb
1 parent efef497
commit d6c62fb
Show file tree

Hide file tree

Showing 4 changed files with 279 additions and 72 deletions.
diff --git a/.github/workflows/library_interop_tests.yml b/.github/workflows/library_interop_tests.yml
@@ -0,0 +1,269 @@
+# This workflow performs tests in .NET.
+name: Library net tests
+
+on: 
+  workflow_call:
+    inputs:
+      dafny:
+        description: 'The Dafny version to run'
+        required: true
+        type: string  
+
+env:
+  # Used in examples
+  AWS_ENCRYPTION_SDK_EXAMPLE_KMS_KEY_ID: arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f
+  AWS_ENCRYPTION_SDK_EXAMPLE_KMS_KEY_ID_2: arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2
+  AWS_ENCRYPTION_SDK_EXAMPLE_KMS_MRK_KEY_ID: arn:aws:kms:us-east-1:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7
+  AWS_ENCRYPTION_SDK_EXAMPLE_KMS_MRK_KEY_ID_2: arn:aws:kms:eu-west-1:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7
+  AWS_ENCRYPTION_SDK_EXAMPLE_LIMITED_ROLE_ARN_US_EAST_1: arn:aws:iam::370957321024:role/GitHub-CI-ESDK-Dafny-Role-us-west-2
+  AWS_ENCRYPTION_SDK_EXAMPLE_LIMITED_ROLE_ARN_EU_WEST_1: arn:aws:iam::370957321024:role/GitHub-CI-ESDK-Dafny-Role-us-west-2
+  # Used for Test Vectors
+  VECTORS_URL: https://github.com/awslabs/aws-encryption-sdk-test-vectors/raw/master/vectors/awses-decrypt/python-2.3.0.zip
+
+jobs:
+  decrypt_python_vectors:
+    strategy:
+      matrix:
+        os: [
+          windows-latest,
+          ubuntu-latest,
+          macos-latest,
+        ]
+    runs-on: ${{ matrix.os }}
+    permissions:
+      id-token: write
+      contents: read
+    env:
+      DOTNET_CLI_TELEMETRY_OPTOUT: 1
+      DOTNET_NOLOGO: 1
+    steps:
+      - name: Support longpaths on Git checkout
+        run: |
+          git config --global core.longpaths true
+      - uses: actions/checkout@v2
+      - name: Init Submodules
+        shell: bash
+        run: |
+          git submodule update --init libraries
+          git submodule update --init --recursive mpl
+          
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-region: us-west-2
+          role-to-assume: arn:aws:iam::370957321024:role/GitHub-CI-Public-ESDK-Dafny-Role-us-west-2 
+          role-session-name: NetTests
+
+      - name: Setup .NET Core SDK 6
+        uses: actions/setup-dotnet@v3
+        with:
+          dotnet-version: '6.0.x'
+
+      - name: Setup Dafny
+        uses: dafny-lang/[email protected]
+        with:
+          dafny-version: ${{ inputs.dafny }}
+
+      - name: Download Dependencies 
+        working-directory: ./AwsEncryptionSDK
+        run: make setup_net
+
+      - name: Compile AwsEncryptionSDK implementation
+        shell: bash
+        working-directory: ./AwsEncryptionSDK
+        run: |
+          # This works because `node` is installed by default on GHA runners
+          CORES=$(node -e 'console.log(os.cpus().length)')
+          make transpile_net CORES=$CORES
+      
+      - name: Fetch Python 2.3.0 Test Vectors
+        working-directory: ./
+        shell: bash
+        run: |
+          PYTHON_23_VECTOR_PATH=$GITHUB_WORKSPACE/python23/vectors
+          mkdir -p $PYTHON_23_VECTOR_PATH
+          DOWNLOAD_NAME=python23.zip
+          curl --no-progress-meter --output $DOWNLOAD_NAME --location $VECTORS_URL
+          unzip -o -qq $DOWNLOAD_NAME  -d $PYTHON_23_VECTOR_PATH
+          rm  $DOWNLOAD_NAME
+      
+      - name: Decrypt Python 2.3.0 Test Vectors on .net48 (Windows ONLY)
+        working-directory: ./AwsEncryptionSDK/runtimes/net/TestVectorsNative/TestVectors
+        if: matrix.os == 'windows-latest'
+        shell: bash
+        run: |
+          PYTHON_23_VECTOR_PATH=$GITHUB_WORKSPACE/python23/vectors
+          DAFNY_AWS_ESDK_TEST_VECTOR_MANIFEST_PATH="$PYTHON_23_VECTOR_PATH/manifest.json" \
+          dotnet test --framework net48
+      
+      - name: Decrypt Python 2.3.0 Test Vectors on .net6.0
+        working-directory: ./AwsEncryptionSDK/runtimes/net/TestVectorsNative/TestVectors
+        if: matrix.os != 'windows-latest'
+        shell: bash
+        run: |
+          PYTHON_23_VECTOR_PATH=$GITHUB_WORKSPACE/python23/vectors
+          if [ "$RUNNER_OS" == "macOS" ]; then
+            DAFNY_AWS_ESDK_TEST_VECTOR_MANIFEST_PATH="$PYTHON_23_VECTOR_PATH/manifest.json" \
+            DYLD_LIBRARY_PATH="/usr/local/opt/[email protected]/lib" \
+            dotnet test --framework net6.0
+          else
+            DAFNY_AWS_ESDK_TEST_VECTOR_MANIFEST_PATH="$PYTHON_23_VECTOR_PATH/manifest.json" \
+            dotnet test --framework net6.0
+          fi
+          
+  generate_vectors:
+    strategy:
+      matrix:
+        os: [
+          ubuntu-latest,
+          macos-latest,
+        ]
+    runs-on: ${{ matrix.os }}
+    permissions:
+      id-token: write
+      contents: read
+    env:
+      DOTNET_CLI_TELEMETRY_OPTOUT: 1
+      DOTNET_NOLOGO: 1
+    steps:
+      - name: Support longpaths on Git checkout
+        run: |
+          git config --global core.longpaths true
+      - uses: actions/checkout@v2
+      - name: Init Submodules
+        shell: bash
+        run: |
+          git submodule update --init libraries
+          git submodule update --init --recursive mpl
+          
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-region: us-west-2
+          role-to-assume: arn:aws:iam::370957321024:role/GitHub-CI-Public-ESDK-Dafny-Role-us-west-2 
+          role-session-name: NetTests
+
+      - name: Setup .NET Core SDK 6
+        uses: actions/setup-dotnet@v3
+        with:
+          dotnet-version: '6.0.x'
+
+      - name: Setup Dafny
+        uses: dafny-lang/[email protected]
+        with:
+          dafny-version: ${{ inputs.dafny }}
+
+      - name: Download Dependencies 
+        working-directory: ./AwsEncryptionSDK
+        run: make setup_net
+
+      - name: Compile AwsEncryptionSDK implementation
+        shell: bash
+        working-directory: ./AwsEncryptionSDK
+        run: |
+          # This works because `node` is installed by default on GHA runners
+          CORES=$(node -e 'console.log(os.cpus().length)')
+          make transpile_net CORES=$CORES
+      
+
+      # # TODO: Fix Zip file creation on Windows
+      # # - name: Zip the Generated Test Vectors for ESDK-JS on Windows
+      # #   if: matrix.os == 'windows-latest'
+      # #   shell: pwsh
+      # #   run: |
+      # #     # NET_41_VECTOR_PATH=$GITHUB_WORKSPACE/net41/vectors
+      # #     Set-Location -Path "$env:GITHUB_WORKSPACE\net41\vectors"
+      # #     Compress-Archive -Path "$env:GITHUB_WORKSPACE\net41\vectors\*" -DestinationPath "$env:GITHUB_WORKSPACE\net41\vectors\net41.zip"        
+
+
+      - name: Generate Test Vectors with .NET Framework net6.0
+        # TODO Post-#619: Fix Zip file creation on Windows
+        if: matrix.os != 'windows-latest'
+        working-directory: ./AwsEncryptionSDK
+        shell: bash
+        run: |
+          NET_41_VECTOR_PATH=net41/vectors
+          mkdir -p $NET_41_VECTOR_PATH
+          GEN_PATH=runtimes/net/TestVectorsNative/TestVectorGenerator
+          dotnet run --project $GEN_PATH --framework net6.0 -- \
+            --encrypt-manifest $GEN_PATH/resources/0006-awses-message-decryption-generation.v2.json \
+            --output-dir $NET_41_VECTOR_PATH
+     
+      - name: Zip the Generated Test Vectors for ESDK-JS on Mac/Linux
+        if: matrix.os != 'windows-latest'
+        working-directory: ./AwsEncryptionSDK
+        shell: bash
+        run: |
+          NET_41_VECTOR_PATH=net41/vectors
+          cd $NET_41_VECTOR_PATH
+          zip -qq net41.zip -r .
+      
+      - name: Upload Zip File
+        uses: actions/upload-artifact@v4
+        if: matrix.os != 'windows-latest'
+        with:
+          name: ${{matrix.os}}_vector_artifact
+          path: AwsEncryptionSDK/net41/vectors/*.zip
+
+  decrypt_net_vectors_with_js:
+    needs: generate_vectors
+    strategy:
+      matrix:
+        os: [
+          ubuntu-latest,
+          macos-latest,
+        ]
+    runs-on: ${{ matrix.os }}
+    permissions:
+      id-token: write
+      contents: read
+    steps:
+      - name: Support longpaths on Git checkout
+        run: |
+          git config --global core.longpaths true
+      - uses: actions/checkout@v2
+      - name: Init Submodules
+        shell: bash
+        run: |
+          git submodule update --init libraries
+          git submodule update --init --recursive mpl
+          
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-region: us-west-2
+          role-to-assume: arn:aws:iam::370957321024:role/GitHub-CI-Public-ESDK-Dafny-Role-us-west-2 
+          role-session-name: NetTests
+
+      - name: Set up Dirs
+        working-directory: ./AwsEncryptionSDK
+        run: |
+          NET_41_VECTOR_PATH=AwsEncryptionSDK/net41/vectors
+          mkdir -p $NET_41_VECTOR_PATH
+        
+      - name: Download Encrypt Manifest Artifact
+        uses: actions/download-artifact@v4
+        with:
+          name: ${{matrix.os}}_vector_artifact
+          path: AwsEncryptionSDK/net41/vectors
+
+      - uses: actions/setup-node@v4
+        with:
+            node-version: 17
+
+      - name: Install deps
+        run: |
+          openssl version
+          npm install @aws-crypto/integration-node
+          npm install fast-xml-parser
+      
+      - name: Decrypt Generated Test Vectors with ESDK-JS
+        working-directory: ./AwsEncryptionSDK
+        # TODO Post-#619: Fix Zip file creation on Windows
+        shell: bash
+        run: |
+          NET_41_VECTOR_PATH=net41/vectors
+          cd $NET_41_VECTOR_PATH
+          npx -y @aws-crypto/integration-node decrypt -v net41.zip -c cpu -f 100
+    
+
diff --git a/.github/workflows/library_net_tests.yml b/.github/workflows/library_net_tests.yml
@@ -78,6 +78,7 @@ jobs:
 
       - name: Test .NET Framework net48
         working-directory: ./AwsEncryptionSDK
+        if: matrix.os == 'windows-latest' 
         shell: bash
         run: |
           make test_net FRAMEWORK=net48
@@ -94,6 +95,7 @@ jobs:
 
       - name: Test Examples on .NET Framework net48
         working-directory: ./AwsEncryptionSDK
+        if: matrix.os == 'windows-latest' 
         shell: bash
         run: |
           dotnet test \
@@ -115,78 +117,6 @@ jobs:
               --framework net6.0
           fi
 
-      - name: Fetch awses-decrypt/python-2.3.0.zip
-        working-directory: ./
-        shell: bash
-        run: |
-          PYTHON_23_VECTOR_PATH=$GITHUB_WORKSPACE/python23/vectors
-          mkdir -p $PYTHON_23_VECTOR_PATH
-          DOWNLOAD_NAME=python23.zip
-          curl --no-progress-meter --output $DOWNLOAD_NAME --location $VECTORS_URL
-          unzip -o -qq $DOWNLOAD_NAME  -d $PYTHON_23_VECTOR_PATH
-          rm  $DOWNLOAD_NAME
-
-      - name: Run Test Vectors on .NET Framework net48
-        working-directory: ./AwsEncryptionSDK/runtimes/net/TestVectorsNative/TestVectors
-        shell: bash
-        run: |
-          PYTHON_23_VECTOR_PATH=$GITHUB_WORKSPACE/python23/vectors
-          DAFNY_AWS_ESDK_TEST_VECTOR_MANIFEST_PATH="$PYTHON_23_VECTOR_PATH/manifest.json" \
-          dotnet test --framework net48
-
-      - name: Run Decrypt Test Vectors on .NET net6.0
-        working-directory: ./AwsEncryptionSDK/runtimes/net/TestVectorsNative/TestVectors
-        shell: bash
-        run: |
-          PYTHON_23_VECTOR_PATH=$GITHUB_WORKSPACE/python23/vectors
-          if [ "$RUNNER_OS" == "macOS" ]; then
-            DAFNY_AWS_ESDK_TEST_VECTOR_MANIFEST_PATH="$PYTHON_23_VECTOR_PATH/manifest.json" \
-            DYLD_LIBRARY_PATH="/usr/local/opt/[email protected]/lib" \
-            dotnet test --framework net6.0
-          else
-            DAFNY_AWS_ESDK_TEST_VECTOR_MANIFEST_PATH="$PYTHON_23_VECTOR_PATH/manifest.json" \
-            dotnet test --framework net6.0
-          fi
-
-      - name: Generate Test Vectors with .NET Framework net6.0
-        # TODO Post-#619: Fix Zip file creation on Windows
-        if: matrix.os != 'windows-latest'
-        working-directory: ./AwsEncryptionSDK
-        shell: bash
-        run: |
-          NET_41_VECTOR_PATH=$GITHUB_WORKSPACE/net41/vectors
-          mkdir -p $NET_41_VECTOR_PATH
-          GEN_PATH=runtimes/net/TestVectorsNative/TestVectorGenerator
-          dotnet run --project $GEN_PATH --framework net6.0 -- \
-            --encrypt-manifest $GEN_PATH/resources/0006-awses-message-decryption-generation.v2.json \
-            --output-dir $NET_41_VECTOR_PATH
-
-      # TODO: Fix Zip file creation on Windows
-      # - name: Zip the Generated Test Vectors for ESDK-JS on Windows
-      #   if: matrix.os == 'windows-latest'
-      #   shell: pwsh
-      #   run: |
-      #     # NET_41_VECTOR_PATH=$GITHUB_WORKSPACE/net41/vectors
-      #     Set-Location -Path "$env:GITHUB_WORKSPACE\net41\vectors"
-      #     Compress-Archive -Path "$env:GITHUB_WORKSPACE\net41\vectors\*" -DestinationPath "$env:GITHUB_WORKSPACE\net41\vectors\net41.zip"        
-
-      - name: Zip the Generated Test Vectors for ESDK-JS on Mac/Linux
-        if: matrix.os != 'windows-latest'
-        shell: bash
-        run: |
-          NET_41_VECTOR_PATH=$GITHUB_WORKSPACE/net41/vectors
-          cd $NET_41_VECTOR_PATH
-          zip -qq net41.zip -r .
-
-      - name: Decrypt Generated Test Vectors with ESDK-JS
-        # TODO Post-#619: Fix Zip file creation on Windows
-        if: matrix.os != 'windows-latest'
-        shell: bash
-        run: |
-          NET_41_VECTOR_PATH=$GITHUB_WORKSPACE/net41/vectors
-          cd $NET_41_VECTOR_PATH
-          npx -y @aws-crypto/integration-node decrypt -v $NET_41_VECTOR_PATH/net41.zip -c cpu
-
       - name: Unzip ESDK-NET @ v4.0.0 Valid Vectors
         working-directory: ./AwsEncryptionSDK/runtimes/net/TestVectorsNative/TestVectors/resources
         shell: bash

diff --git a/.github/workflows/pull.yml b/.github/workflows/pull.yml
@@ -17,3 +17,7 @@ jobs:
     uses: ./.github/workflows/library_net_tests.yml
     with:
       dafny: '4.2.0'
+  pr-test-vectors:
+    uses: ./.github/workflows/library_interop_tests.yml
+    with:
+      dafny: '4.2.0'
diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml
@@ -19,3 +19,7 @@ jobs:
     uses: ./.github/workflows/library_net_tests.yml
     with:
       dafny: '4.2.0'
+  pr-test-vectors:
+    uses: ./.github/workflows/library_interop_tests.yml
+    with:
+      dafny: '4.2.0'