Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore: only run net48 on windows and use node 17 to run integration-node #639

Merged
merged 22 commits into from
Mar 9, 2024
Merged
269 changes: 269 additions & 0 deletions .github/workflows/library_interop_tests.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,269 @@
# This workflow performs tests in .NET.
name: Library net tests

on:
workflow_call:
inputs:
dafny:
description: 'The Dafny version to run'
required: true
type: string

env:
# Used in examples
AWS_ENCRYPTION_SDK_EXAMPLE_KMS_KEY_ID: arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f
AWS_ENCRYPTION_SDK_EXAMPLE_KMS_KEY_ID_2: arn:aws:kms:eu-central-1:658956600833:key/75414c93-5285-4b57-99c9-30c1cf0a22c2
AWS_ENCRYPTION_SDK_EXAMPLE_KMS_MRK_KEY_ID: arn:aws:kms:us-east-1:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7
AWS_ENCRYPTION_SDK_EXAMPLE_KMS_MRK_KEY_ID_2: arn:aws:kms:eu-west-1:658956600833:key/mrk-80bd8ecdcd4342aebd84b7dc9da498a7
AWS_ENCRYPTION_SDK_EXAMPLE_LIMITED_ROLE_ARN_US_EAST_1: arn:aws:iam::370957321024:role/GitHub-CI-ESDK-Dafny-Role-us-west-2
AWS_ENCRYPTION_SDK_EXAMPLE_LIMITED_ROLE_ARN_EU_WEST_1: arn:aws:iam::370957321024:role/GitHub-CI-ESDK-Dafny-Role-us-west-2
# Used for Test Vectors
VECTORS_URL: https://github.com/awslabs/aws-encryption-sdk-test-vectors/raw/master/vectors/awses-decrypt/python-2.3.0.zip

jobs:
decrypt_python_vectors:
strategy:
matrix:
os: [
windows-latest,
ubuntu-latest,
macos-latest,
]
runs-on: ${{ matrix.os }}
permissions:
id-token: write
contents: read
env:
DOTNET_CLI_TELEMETRY_OPTOUT: 1
DOTNET_NOLOGO: 1
steps:
- name: Support longpaths on Git checkout
run: |
git config --global core.longpaths true
- uses: actions/checkout@v2
- name: Init Submodules
shell: bash
run: |
git submodule update --init libraries
git submodule update --init --recursive mpl

- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: us-west-2
role-to-assume: arn:aws:iam::370957321024:role/GitHub-CI-Public-ESDK-Dafny-Role-us-west-2
role-session-name: NetTests

- name: Setup .NET Core SDK 6
uses: actions/setup-dotnet@v3
with:
dotnet-version: '6.0.x'

- name: Setup Dafny
uses: dafny-lang/[email protected]
with:
dafny-version: ${{ inputs.dafny }}

- name: Download Dependencies
working-directory: ./AwsEncryptionSDK
run: make setup_net

- name: Compile AwsEncryptionSDK implementation
shell: bash
working-directory: ./AwsEncryptionSDK
run: |
# This works because `node` is installed by default on GHA runners
CORES=$(node -e 'console.log(os.cpus().length)')
make transpile_net CORES=$CORES

- name: Fetch Python 2.3.0 Test Vectors
working-directory: ./
shell: bash
run: |
PYTHON_23_VECTOR_PATH=$GITHUB_WORKSPACE/python23/vectors
mkdir -p $PYTHON_23_VECTOR_PATH
DOWNLOAD_NAME=python23.zip
curl --no-progress-meter --output $DOWNLOAD_NAME --location $VECTORS_URL
unzip -o -qq $DOWNLOAD_NAME -d $PYTHON_23_VECTOR_PATH
rm $DOWNLOAD_NAME

- name: Decrypt Python 2.3.0 Test Vectors on .net48 (Windows ONLY)
working-directory: ./AwsEncryptionSDK/runtimes/net/TestVectorsNative/TestVectors
if: matrix.os == 'windows-latest'
shell: bash
run: |
PYTHON_23_VECTOR_PATH=$GITHUB_WORKSPACE/python23/vectors
DAFNY_AWS_ESDK_TEST_VECTOR_MANIFEST_PATH="$PYTHON_23_VECTOR_PATH/manifest.json" \
dotnet test --framework net48

- name: Decrypt Python 2.3.0 Test Vectors on .net6.0
working-directory: ./AwsEncryptionSDK/runtimes/net/TestVectorsNative/TestVectors
if: matrix.os != 'windows-latest'
shell: bash
run: |
PYTHON_23_VECTOR_PATH=$GITHUB_WORKSPACE/python23/vectors
if [ "$RUNNER_OS" == "macOS" ]; then
DAFNY_AWS_ESDK_TEST_VECTOR_MANIFEST_PATH="$PYTHON_23_VECTOR_PATH/manifest.json" \
DYLD_LIBRARY_PATH="/usr/local/opt/[email protected]/lib" \
dotnet test --framework net6.0
else
DAFNY_AWS_ESDK_TEST_VECTOR_MANIFEST_PATH="$PYTHON_23_VECTOR_PATH/manifest.json" \
dotnet test --framework net6.0
fi

generate_vectors:
strategy:
matrix:
os: [
ubuntu-latest,
macos-latest,
]
runs-on: ${{ matrix.os }}
permissions:
id-token: write
contents: read
env:
DOTNET_CLI_TELEMETRY_OPTOUT: 1
DOTNET_NOLOGO: 1
steps:
- name: Support longpaths on Git checkout
run: |
git config --global core.longpaths true
- uses: actions/checkout@v2
- name: Init Submodules
shell: bash
run: |
git submodule update --init libraries
git submodule update --init --recursive mpl

- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: us-west-2
role-to-assume: arn:aws:iam::370957321024:role/GitHub-CI-Public-ESDK-Dafny-Role-us-west-2
role-session-name: NetTests

- name: Setup .NET Core SDK 6
uses: actions/setup-dotnet@v3
with:
dotnet-version: '6.0.x'

- name: Setup Dafny
uses: dafny-lang/[email protected]
with:
dafny-version: ${{ inputs.dafny }}

- name: Download Dependencies
working-directory: ./AwsEncryptionSDK
run: make setup_net

- name: Compile AwsEncryptionSDK implementation
shell: bash
working-directory: ./AwsEncryptionSDK
run: |
# This works because `node` is installed by default on GHA runners
CORES=$(node -e 'console.log(os.cpus().length)')
make transpile_net CORES=$CORES


# # TODO: Fix Zip file creation on Windows
# # - name: Zip the Generated Test Vectors for ESDK-JS on Windows
# # if: matrix.os == 'windows-latest'
# # shell: pwsh
# # run: |
# # # NET_41_VECTOR_PATH=$GITHUB_WORKSPACE/net41/vectors
# # Set-Location -Path "$env:GITHUB_WORKSPACE\net41\vectors"
# # Compress-Archive -Path "$env:GITHUB_WORKSPACE\net41\vectors\*" -DestinationPath "$env:GITHUB_WORKSPACE\net41\vectors\net41.zip"


- name: Generate Test Vectors with .NET Framework net6.0
# TODO Post-#619: Fix Zip file creation on Windows
if: matrix.os != 'windows-latest'
working-directory: ./AwsEncryptionSDK
shell: bash
run: |
NET_41_VECTOR_PATH=net41/vectors
mkdir -p $NET_41_VECTOR_PATH
GEN_PATH=runtimes/net/TestVectorsNative/TestVectorGenerator
dotnet run --project $GEN_PATH --framework net6.0 -- \
--encrypt-manifest $GEN_PATH/resources/0006-awses-message-decryption-generation.v2.json \
--output-dir $NET_41_VECTOR_PATH

- name: Zip the Generated Test Vectors for ESDK-JS on Mac/Linux
if: matrix.os != 'windows-latest'
working-directory: ./AwsEncryptionSDK
shell: bash
run: |
NET_41_VECTOR_PATH=net41/vectors
cd $NET_41_VECTOR_PATH
zip -qq net41.zip -r .

- name: Upload Zip File
uses: actions/upload-artifact@v4
if: matrix.os != 'windows-latest'
with:
name: ${{matrix.os}}_vector_artifact
path: AwsEncryptionSDK/net41/vectors/*.zip

decrypt_net_vectors_with_js:
needs: generate_vectors
strategy:
matrix:
os: [
ubuntu-latest,
macos-latest,
]
runs-on: ${{ matrix.os }}
permissions:
id-token: write
contents: read
steps:
- name: Support longpaths on Git checkout
run: |
git config --global core.longpaths true
- uses: actions/checkout@v2
- name: Init Submodules
shell: bash
run: |
git submodule update --init libraries
git submodule update --init --recursive mpl

- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: us-west-2
role-to-assume: arn:aws:iam::370957321024:role/GitHub-CI-Public-ESDK-Dafny-Role-us-west-2
role-session-name: NetTests

- name: Set up Dirs
working-directory: ./AwsEncryptionSDK
run: |
NET_41_VECTOR_PATH=AwsEncryptionSDK/net41/vectors
mkdir -p $NET_41_VECTOR_PATH

- name: Download Encrypt Manifest Artifact
uses: actions/download-artifact@v4
with:
name: ${{matrix.os}}_vector_artifact
path: AwsEncryptionSDK/net41/vectors

- uses: actions/setup-node@v4
with:
node-version: 17

- name: Install deps
run: |
openssl version
npm install @aws-crypto/integration-node
npm install fast-xml-parser

- name: Decrypt Generated Test Vectors with ESDK-JS
working-directory: ./AwsEncryptionSDK
# TODO Post-#619: Fix Zip file creation on Windows
shell: bash
run: |
NET_41_VECTOR_PATH=net41/vectors
cd $NET_41_VECTOR_PATH
npx -y @aws-crypto/integration-node decrypt -v net41.zip -c cpu -f 100


74 changes: 2 additions & 72 deletions .github/workflows/library_net_tests.yml
Original file line number Diff line number Diff line change
Expand Up @@ -78,6 +78,7 @@ jobs:

- name: Test .NET Framework net48
working-directory: ./AwsEncryptionSDK
if: matrix.os == 'windows-latest'
shell: bash
run: |
make test_net FRAMEWORK=net48
Expand All @@ -94,6 +95,7 @@ jobs:

- name: Test Examples on .NET Framework net48
working-directory: ./AwsEncryptionSDK
if: matrix.os == 'windows-latest'
shell: bash
run: |
dotnet test \
Expand All @@ -115,78 +117,6 @@ jobs:
--framework net6.0
fi

- name: Fetch awses-decrypt/python-2.3.0.zip
working-directory: ./
shell: bash
run: |
PYTHON_23_VECTOR_PATH=$GITHUB_WORKSPACE/python23/vectors
mkdir -p $PYTHON_23_VECTOR_PATH
DOWNLOAD_NAME=python23.zip
curl --no-progress-meter --output $DOWNLOAD_NAME --location $VECTORS_URL
unzip -o -qq $DOWNLOAD_NAME -d $PYTHON_23_VECTOR_PATH
rm $DOWNLOAD_NAME

- name: Run Test Vectors on .NET Framework net48
working-directory: ./AwsEncryptionSDK/runtimes/net/TestVectorsNative/TestVectors
shell: bash
run: |
PYTHON_23_VECTOR_PATH=$GITHUB_WORKSPACE/python23/vectors
DAFNY_AWS_ESDK_TEST_VECTOR_MANIFEST_PATH="$PYTHON_23_VECTOR_PATH/manifest.json" \
dotnet test --framework net48

- name: Run Decrypt Test Vectors on .NET net6.0
working-directory: ./AwsEncryptionSDK/runtimes/net/TestVectorsNative/TestVectors
shell: bash
run: |
PYTHON_23_VECTOR_PATH=$GITHUB_WORKSPACE/python23/vectors
if [ "$RUNNER_OS" == "macOS" ]; then
DAFNY_AWS_ESDK_TEST_VECTOR_MANIFEST_PATH="$PYTHON_23_VECTOR_PATH/manifest.json" \
DYLD_LIBRARY_PATH="/usr/local/opt/[email protected]/lib" \
dotnet test --framework net6.0
else
DAFNY_AWS_ESDK_TEST_VECTOR_MANIFEST_PATH="$PYTHON_23_VECTOR_PATH/manifest.json" \
dotnet test --framework net6.0
fi

- name: Generate Test Vectors with .NET Framework net6.0
# TODO Post-#619: Fix Zip file creation on Windows
if: matrix.os != 'windows-latest'
working-directory: ./AwsEncryptionSDK
shell: bash
run: |
NET_41_VECTOR_PATH=$GITHUB_WORKSPACE/net41/vectors
mkdir -p $NET_41_VECTOR_PATH
GEN_PATH=runtimes/net/TestVectorsNative/TestVectorGenerator
dotnet run --project $GEN_PATH --framework net6.0 -- \
--encrypt-manifest $GEN_PATH/resources/0006-awses-message-decryption-generation.v2.json \
--output-dir $NET_41_VECTOR_PATH

# TODO: Fix Zip file creation on Windows
# - name: Zip the Generated Test Vectors for ESDK-JS on Windows
# if: matrix.os == 'windows-latest'
# shell: pwsh
# run: |
# # NET_41_VECTOR_PATH=$GITHUB_WORKSPACE/net41/vectors
# Set-Location -Path "$env:GITHUB_WORKSPACE\net41\vectors"
# Compress-Archive -Path "$env:GITHUB_WORKSPACE\net41\vectors\*" -DestinationPath "$env:GITHUB_WORKSPACE\net41\vectors\net41.zip"

- name: Zip the Generated Test Vectors for ESDK-JS on Mac/Linux
if: matrix.os != 'windows-latest'
shell: bash
run: |
NET_41_VECTOR_PATH=$GITHUB_WORKSPACE/net41/vectors
cd $NET_41_VECTOR_PATH
zip -qq net41.zip -r .

- name: Decrypt Generated Test Vectors with ESDK-JS
# TODO Post-#619: Fix Zip file creation on Windows
if: matrix.os != 'windows-latest'
shell: bash
run: |
NET_41_VECTOR_PATH=$GITHUB_WORKSPACE/net41/vectors
cd $NET_41_VECTOR_PATH
npx -y @aws-crypto/integration-node decrypt -v $NET_41_VECTOR_PATH/net41.zip -c cpu

- name: Unzip ESDK-NET @ v4.0.0 Valid Vectors
working-directory: ./AwsEncryptionSDK/runtimes/net/TestVectorsNative/TestVectors/resources
shell: bash
Expand Down
4 changes: 4 additions & 0 deletions .github/workflows/pull.yml
Original file line number Diff line number Diff line change
Expand Up @@ -17,3 +17,7 @@ jobs:
uses: ./.github/workflows/library_net_tests.yml
with:
dafny: '4.2.0'
pr-test-vectors:
uses: ./.github/workflows/library_interop_tests.yml
with:
dafny: '4.2.0'
4 changes: 4 additions & 0 deletions .github/workflows/push.yml
Original file line number Diff line number Diff line change
Expand Up @@ -19,3 +19,7 @@ jobs:
uses: ./.github/workflows/library_net_tests.yml
with:
dafny: '4.2.0'
pr-test-vectors:
uses: ./.github/workflows/library_interop_tests.yml
with:
dafny: '4.2.0'
Loading