From 5d59af12fce32615ad708fd3641559272382df5a Mon Sep 17 00:00:00 2001 From: Jose Corella Date: Wed, 16 Jul 2025 12:15:13 -0700 Subject: [PATCH 1/5] chore(CI): add backwards compatability tests for nightly --- .github/workflows/dafny_interop.yml | 21 ++++ .../dafny_interop_library_go_tests.yml | 108 ++++++++++++++++++ .github/workflows/nighly_dafny.yml | 20 +++- 3 files changed, 148 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/dafny_interop_library_go_tests.yml diff --git a/.github/workflows/dafny_interop.yml b/.github/workflows/dafny_interop.yml index 3fa0800c9..39d48bff5 100644 --- a/.github/workflows/dafny_interop.yml +++ b/.github/workflows/dafny_interop.yml @@ -4,6 +4,21 @@ name: Dafny Interoperability Test on: + workflow_call: + inputs: + mpl-dafny: + description: "The Dafny version to compile the MPL with (4.2.0, nightly-latest, etc..)" + required: true + type: string + mpl-commit: + description: "The MPL branch/commit to use" + required: false + default: "main" + type: string + esdk-dafny: + description: "The Dafny version to compile the DBESDK with (4.2.0, nightly-latest, etc..)" + required: true + type: string workflow_dispatch: inputs: mpl-dafny: @@ -33,3 +48,9 @@ jobs: mpl-dafny: ${{inputs.mpl-dafny}} mpl-commit: ${{inputs.mpl-commit}} esdk-dafny: ${{inputs.esdk-dafny}} + dafny-nightly-go: + uses: ./.github/workflows/dafny_interop_library_go_tests.yml + with: + mpl-dafny: ${{inputs.mpl-dafny}} + mpl-commit: ${{inputs.mpl-commit}} + esdk-dafny: ${{inputs.esdk-dafny}} diff --git a/.github/workflows/dafny_interop_library_go_tests.yml b/.github/workflows/dafny_interop_library_go_tests.yml new file mode 100644 index 000000000..77b734502 --- /dev/null +++ b/.github/workflows/dafny_interop_library_go_tests.yml @@ -0,0 +1,108 @@ +# This workflow performs tests in DotNet with MPL nightly latest. +name: Library DotNet Backwards Interop Tests + +on: + workflow_call: + inputs: + mpl-dafny: + description: "The Dafny version to compile the MPL with (4.2.0, dafny-nightly, etc..)" + required: true + type: string + mpl-commit: + description: "The MPL commit to use" + required: false + default: "main" + type: string + esdk-dafny: + description: "The Dafny version to compile the DBESDK with (4.2.0, dafny-nightly, etc..)" + required: true + type: string + +jobs: + testGo: + strategy: + fail-fast: false + matrix: + library: [TestVectors] + go-version: ["1.23"] + os: [ + # Sed script doesn't work properly on windows + # windows-latest, + ubuntu-22.04, + # TODO: Re-enable macOS after https://t.corp.amazon.com/P205755286 + # macos-13, + ] + runs-on: ${{ matrix.os }} + permissions: + id-token: write + contents: read + steps: + - name: Support longpaths on Git checkout + run: | + git config --global core.longpaths true + - uses: actions/checkout@v3 + - name: Init Submodules + shell: bash + run: | + git submodule update --init libraries + git submodule update --init --recursive mpl + + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v2 + with: + aws-region: us-west-2 + role-to-assume: arn:aws:iam::370957321024:role/GitHub-CI-Public-ESDK-Dafny-Role-us-west-2 + role-session-name: GoTests + + - name: Setup MPL Dafny + uses: ./mpl/.github/actions/setup_dafny + with: + dafny-version: ${{ inputs.mpl-dafny }} + + - name: Update MPL submodule + working-directory: mpl + run: | + git fetch + git checkout ${{inputs.mpl-commit}} + git pull + git submodule update --init --recursive + git rev-parse HEAD + + - name: Install Smithy-Dafny codegen dependencies + uses: ./.github/actions/install_smithy_dafny_codegen_dependencies + + - name: Install Go + uses: actions/setup-go@v5 + with: + go-version: ${{ matrix.go-version }} + + - name: Install Go imports + run: | + go install golang.org/x/tools/cmd/goimports@latest + + - name: Compile MPL with Dafny ${{inputs.mpl-dafny}} + shell: bash + working-directory: mpl/TestVectorsAwsCryptographicMaterialProviders + run: | + # This works because `node` is installed by default on GHA runners + CORES=$(node -e 'console.log(os.cpus().length)') + make transpile_go CORES=$CORES + + - name: Setup ESDK Dafny + uses: ./mpl/.github/actions/setup_dafny + with: + dafny-version: ${{ inputs.esdk-dafny}} + + - name: Build ESDK implementation + shell: bash + working-directory: ./${{ matrix.library }} + run: | + # This works because `node` is installed by default on GHA runners + CORES=$(node -e 'console.log(os.cpus().length)') + make transpile_go CORES=$CORES + + - name: Test Go + working-directory: ${{ matrix.library }} + shell: bash + run: | + make test_go \ No newline at end of file diff --git a/.github/workflows/nighly_dafny.yml b/.github/workflows/nighly_dafny.yml index c3604217a..a97cab95e 100644 --- a/.github/workflows/nighly_dafny.yml +++ b/.github/workflows/nighly_dafny.yml @@ -43,13 +43,31 @@ jobs: with: dafny: "nightly-latest" regenerate-code: true + getVersion: + uses: ./.github/workflows/dafny_version.yaml + dafny_nightly_backwards_interop_esdk: + if: github.event_name != 'schedule' || github.repository_owner == 'aws' + needs: getVersion + uses: ./.github/workflows/dafny_interop.yml + with: + mpl-dafny: ${{needs.getVersion.outputs.version}} + mpl-commit: "main" + esdk-dafny: "nightly-latest" + dafny_nightly_backwards_interop_mpl: + if: github.event_name != 'schedule' || github.repository_owner == 'aws' + needs: getVersion + uses: ./.github/workflows/dafny_interop.yml + with: + mpl-dafny: "nightly-latest" + mpl-commit: "main" + esdk-dafny: ${{needs.getVersion.outputs.version}} cut-issue-on-failure: runs-on: ubuntu-22.04 permissions: id-token: write contents: read - needs: [dafny-nightly-verification, dafny-nightly-net] + needs: [dafny-nightly-verification, dafny-nightly-net, dafny-nightly-go, dafny_nightly_backwards_interop_esdk, dafny_nightly_backwards_interop_mpl] if: ${{ always() && contains(needs.*.result, 'failure') }} steps: # We need access to the role that is able to get CI Bot Creds From 3f35e48bd6261d8552657aba2d2ca7a60f060aaa Mon Sep 17 00:00:00 2001 From: Jose Corella Date: Wed, 16 Jul 2025 12:30:06 -0700 Subject: [PATCH 2/5] format --- .github/workflows/dafny_interop_library_go_tests.yml | 8 ++++---- .github/workflows/nighly_dafny.yml | 9 ++++++++- 2 files changed, 12 insertions(+), 5 deletions(-) diff --git a/.github/workflows/dafny_interop_library_go_tests.yml b/.github/workflows/dafny_interop_library_go_tests.yml index 77b734502..09e892245 100644 --- a/.github/workflows/dafny_interop_library_go_tests.yml +++ b/.github/workflows/dafny_interop_library_go_tests.yml @@ -67,10 +67,10 @@ jobs: git pull git submodule update --init --recursive git rev-parse HEAD - + - name: Install Smithy-Dafny codegen dependencies uses: ./.github/actions/install_smithy_dafny_codegen_dependencies - + - name: Install Go uses: actions/setup-go@v5 with: @@ -100,9 +100,9 @@ jobs: # This works because `node` is installed by default on GHA runners CORES=$(node -e 'console.log(os.cpus().length)') make transpile_go CORES=$CORES - + - name: Test Go working-directory: ${{ matrix.library }} shell: bash run: | - make test_go \ No newline at end of file + make test_go diff --git a/.github/workflows/nighly_dafny.yml b/.github/workflows/nighly_dafny.yml index a97cab95e..4e4b11895 100644 --- a/.github/workflows/nighly_dafny.yml +++ b/.github/workflows/nighly_dafny.yml @@ -67,7 +67,14 @@ jobs: permissions: id-token: write contents: read - needs: [dafny-nightly-verification, dafny-nightly-net, dafny-nightly-go, dafny_nightly_backwards_interop_esdk, dafny_nightly_backwards_interop_mpl] + needs: + [ + dafny-nightly-verification, + dafny-nightly-net, + dafny-nightly-go, + dafny_nightly_backwards_interop_esdk, + dafny_nightly_backwards_interop_mpl, + ] if: ${{ always() && contains(needs.*.result, 'failure') }} steps: # We need access to the role that is able to get CI Bot Creds From 37cb15dee1b5ab58461218aad783fb155c62a1f5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jos=C3=A9=20Corella?= <39066999+josecorella@users.noreply.github.com> Date: Wed, 16 Jul 2025 12:59:11 -0700 Subject: [PATCH 3/5] Update .github/workflows/dafny_interop_library_go_tests.yml --- .github/workflows/dafny_interop_library_go_tests.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/dafny_interop_library_go_tests.yml b/.github/workflows/dafny_interop_library_go_tests.yml index 09e892245..a8014d440 100644 --- a/.github/workflows/dafny_interop_library_go_tests.yml +++ b/.github/workflows/dafny_interop_library_go_tests.yml @@ -1,5 +1,5 @@ -# This workflow performs tests in DotNet with MPL nightly latest. -name: Library DotNet Backwards Interop Tests +# This workflow performs tests in Go with nightly latest versions for mpl or esdk. +name: Library Go Backwards Interop Tests on: workflow_call: From d114b4ee8570d5d65c98e0f40fb7afe0de49cbcf Mon Sep 17 00:00:00 2001 From: Jose Corella Date: Mon, 21 Jul 2025 11:18:51 -0700 Subject: [PATCH 4/5] fix --- .github/workflows/dafny_interop_test_vector_net.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/dafny_interop_test_vector_net.yml b/.github/workflows/dafny_interop_test_vector_net.yml index ed8b367c0..a1d0fc7da 100644 --- a/.github/workflows/dafny_interop_test_vector_net.yml +++ b/.github/workflows/dafny_interop_test_vector_net.yml @@ -235,7 +235,7 @@ jobs: uses: actions/upload-artifact@v4 if: matrix.os != 'windows-latest' with: - name: ${{matrix.os}}_vector_artifact + name: ${{matrix.os}}_vector_artifact_${{github.run_id}} path: AwsEncryptionSDK/net41/vectors/*.zip decrypt_net_vectors_with_js: @@ -274,7 +274,7 @@ jobs: - name: Download Encrypt Manifest Artifact uses: actions/download-artifact@v4 with: - name: ${{matrix.os}}_vector_artifact + name: ${{matrix.os}}_vector_artifact_${{github.run_id}} path: AwsEncryptionSDK/net41/vectors - uses: actions/setup-node@v4 From 6ae4cd6de6de7d94bac5a46c02b89d457a0c67f8 Mon Sep 17 00:00:00 2001 From: Jose Corella Date: Mon, 21 Jul 2025 11:42:59 -0700 Subject: [PATCH 5/5] f --- .github/workflows/dafny_interop_test_vector_net.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/dafny_interop_test_vector_net.yml b/.github/workflows/dafny_interop_test_vector_net.yml index a1d0fc7da..e9ef54e6e 100644 --- a/.github/workflows/dafny_interop_test_vector_net.yml +++ b/.github/workflows/dafny_interop_test_vector_net.yml @@ -235,7 +235,7 @@ jobs: uses: actions/upload-artifact@v4 if: matrix.os != 'windows-latest' with: - name: ${{matrix.os}}_vector_artifact_${{github.run_id}} + name: ${{matrix.os}}_mpl-${{inputs.mpl-dafny}}_esdk-${{inputs.esdk-dafny}}_vectors path: AwsEncryptionSDK/net41/vectors/*.zip decrypt_net_vectors_with_js: @@ -274,7 +274,7 @@ jobs: - name: Download Encrypt Manifest Artifact uses: actions/download-artifact@v4 with: - name: ${{matrix.os}}_vector_artifact_${{github.run_id}} + name: ${{matrix.os}}_mpl-${{inputs.mpl-dafny}}_esdk-${{inputs.esdk-dafny}}_vectors path: AwsEncryptionSDK/net41/vectors - uses: actions/setup-node@v4