Add ability to prepare the next operation and it's associated nonce for OpeningKey and SealingKey #1161
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: tests | |
| on: | |
| push: | |
| branches: | |
| - '*' | |
| - '!generate/aws-lc-*' | |
| pull_request: | |
| branches: | |
| - '*' | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref_name }} | |
| cancel-in-progress: true | |
| env: | |
| RUST_BACKTRACE: 1 | |
| # We can pin the version if nightly is too unstable. | |
| # Otherwise, we test against the latest version. | |
| RUST_NIGHTLY_TOOLCHAIN: nightly | |
| jobs: | |
| aws-lc-rs-test: | |
| if: github.repository_owner == 'aws' | |
| name: aws-lc-rs tests | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| rust: [ stable ] | |
| os: [ ubuntu-latest, macos-13, macos-14-xlarge ] | |
| args: | |
| - --all-targets --features unstable | |
| - --release --all-targets --features unstable | |
| - --no-default-features --features non-fips,unstable | |
| - --no-default-features --features non-fips,ring-io,unstable | |
| - --no-default-features --features non-fips,ring-sig-verify,unstable | |
| - --no-default-features --features non-fips,alloc,unstable | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| submodules: 'recursive' | |
| - uses: dtolnay/rust-toolchain@master | |
| id: toolchain | |
| with: | |
| toolchain: ${{ matrix.rust }} | |
| - name: Set Rust toolchain override | |
| run: rustup override set ${{ steps.toolchain.outputs.name }} | |
| - name: Run cargo test | |
| working-directory: ./aws-lc-rs | |
| run: cargo test ${{ matrix.args }} | |
| - name: Run extra tests | |
| working-directory: ./aws-lc-rs-testing | |
| run: cargo test --all-targets | |
| bindgen-test: | |
| if: github.repository_owner == 'aws' | |
| name: aws-lc-rs bindgen-tests | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| rust: [ stable ] | |
| os: [ ubuntu-latest, macos-13, macos-14-xlarge ] | |
| args: | |
| - --no-default-features --features aws-lc-sys,bindgen,unstable | |
| - --release --all-targets --features bindgen,unstable | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| submodules: 'recursive' | |
| - if: ${{ startsWith(matrix.os, 'macos-') }} | |
| run: | | |
| brew install llvm | |
| echo 'export PATH="/opt/homebrew/opt/llvm/bin:$PATH"' >> "$GITHUB_ENV" | |
| echo 'export LIBCLANG_PATH=/opt/homebrew/opt/llvm' >> "$GITHUB_ENV" | |
| - uses: dtolnay/rust-toolchain@master | |
| id: toolchain | |
| with: | |
| toolchain: ${{ matrix.rust }} | |
| - name: Set Rust toolchain override | |
| run: rustup override set ${{ steps.toolchain.outputs.name }} | |
| - name: Run cargo test | |
| working-directory: ./aws-lc-rs | |
| run: cargo test ${{ matrix.args }} | |
| windows-test: | |
| if: github.repository_owner == 'aws' | |
| name: aws-lc-rs windows-tests | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| rust: [ stable ] | |
| os: [ windows-2019, windows-2022 ] | |
| args: | |
| - --all-targets --features unstable | |
| - --all-targets --features bindgen,unstable | |
| - --release --all-targets --features unstable | |
| - --no-default-features --features non-fips,unstable | |
| - --no-default-features --features non-fips,ring-io,unstable | |
| - --no-default-features --features non-fips,ring-sig-verify,unstable | |
| - --no-default-features --features non-fips,alloc,unstable | |
| env: | |
| AWS_LC_SYS_PREBUILT_NASM: 1 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| submodules: 'recursive' | |
| - uses: dtolnay/rust-toolchain@master | |
| id: toolchain | |
| with: | |
| toolchain: ${{ matrix.rust }} | |
| - name: Set Rust toolchain override | |
| run: rustup override set ${{ steps.toolchain.outputs.name }} | |
| - name: Run cargo test | |
| working-directory: ./aws-lc-rs | |
| run: cargo test ${{ matrix.args }} | |
| aws-lc-rs-coverage: | |
| name: aws-ls-rs coverage | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| submodules: 'recursive' | |
| lfs: true | |
| - uses: dtolnay/rust-toolchain@master | |
| id: toolchain | |
| with: | |
| toolchain: ${{ env.RUST_NIGHTLY_TOOLCHAIN }} | |
| components: llvm-tools-preview | |
| - name: Set Rust toolchain override | |
| run: rustup override set ${{ steps.toolchain.outputs.name }} | |
| - name: Install cargo-llvm-cov | |
| run: cargo install cargo-llvm-cov | |
| - name: Run coverage | |
| run: cargo llvm-cov -p aws-lc-rs --features unstable --no-fail-fast --ignore-filename-regex "aws-lc-(fips-)?sys/.*" --codecov --output-path ./codecov.json | |
| - name: Run FIPS coverage | |
| run: cargo llvm-cov -p aws-lc-rs --features unstable,fips --no-fail-fast --ignore-filename-regex "aws-lc-(fips-)?sys/.*" --codecov --output-path ./codecov-fips.json | |
| - name: Upload coverage reports to Codecov | |
| env: | |
| CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} | |
| uses: codecov/codecov-action@v4 | |
| with: | |
| files: ./codecov.json,./codecov-fips.json | |
| verbose: true | |
| fail_ci_if_error: true | |
| aws-lc-rs-asan: | |
| if: github.repository_owner == 'aws' | |
| name: aws-lc-rs asan | |
| strategy: | |
| matrix: | |
| args: | |
| - | |
| - --release | |
| features: | |
| - --features asan | |
| - --no-default-features --features fips,asan | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| submodules: 'recursive' | |
| - uses: dtolnay/rust-toolchain@master | |
| id: toolchain | |
| with: | |
| toolchain: ${{ env.RUST_NIGHTLY_TOOLCHAIN }} | |
| - name: Set Rust toolchain override | |
| run: rustup override set ${{ steps.toolchain.outputs.name }} | |
| - name: Run address sanitizers | |
| env: | |
| ASAN_OPTIONS: detect_leaks=1 | |
| RUSTFLAGS: -Zsanitizer=address | |
| RUSTDOCFLAGS: -Zsanitizer=address | |
| working-directory: ./aws-lc-rs | |
| run: cargo test ${{ matrix.args }} --lib --bins --tests --examples --target x86_64-unknown-linux-gnu --features asan | |
| build-env-static-test: | |
| if: github.repository_owner == 'aws' | |
| name: aws-lc-rs build-env-static-test | |
| runs-on: ${{ matrix.os }} | |
| env: | |
| AWS_LC_SYS_STATIC: ${{ matrix.static }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| os: [ ubuntu-latest, macos-13, macos-14-xlarge ] | |
| static: [ 0, 1 ] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| submodules: 'recursive' | |
| - uses: dtolnay/rust-toolchain@stable | |
| - name: Run cargo test | |
| # Doc-tests fail to link with dynamic build | |
| # See: https://github.com/rust-lang/cargo/issues/8531 | |
| run: cargo test -p aws-lc-rs --tests | |
| build-prebuild-nasm-test: | |
| if: github.repository_owner == 'aws' | |
| name: prebuilt-nasm usage | |
| runs-on: windows-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| target: | |
| - 'x86_64-pc-windows-msvc' | |
| - 'x86_64-pc-windows-gnu' | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| submodules: 'recursive' | |
| - uses: dtolnay/rust-toolchain@stable | |
| - name: Verify NASM not available | |
| shell: bash | |
| run: | | |
| if nasm --version; then | |
| exit 1 | |
| else | |
| exit 0; | |
| fi | |
| - name: Run cargo test w/ prebuilt-nasm feature | |
| shell: bash | |
| run: cargo test --tests -p aws-lc-rs --release --no-default-features --features aws-lc-sys,prebuilt-nasm | |
| - name: Run cargo test w/ AWS_LC_SYS_PREBUILT_NASM=1 | |
| shell: bash | |
| run: AWS_LC_SYS_PREBUILT_NASM=1 cargo test --tests -p aws-lc-rs --release --no-default-features --features aws-lc-sys | |
| build-env-nasm-test: | |
| if: github.repository_owner == 'aws' | |
| name: prebuilt NASM verification | |
| runs-on: windows-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| target: | |
| - 'x86_64-pc-windows-msvc' | |
| - 'x86_64-pc-windows-gnu' | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| submodules: 'recursive' | |
| - uses: dtolnay/rust-toolchain@stable | |
| - name: Install NASM | |
| uses: ilammy/setup-nasm@v1 | |
| - name: Remove NASM artifacts | |
| shell: bash | |
| run: | | |
| cargo clean | |
| rm ./aws-lc-sys/builder/prebuilt-nasm/* | |
| - name: Run cargo test | |
| shell: bash | |
| run: AWS_LC_SYS_PREBUILT_NASM=0 cargo test --tests -p aws-lc-rs --release --no-default-features --features aws-lc-sys | |
| - name: Collect NASM outputs | |
| shell: bash | |
| run: ./scripts/build/collect_nasm_obj.sh | |
| - name: Flag any NASM changes | |
| shell: bash | |
| run: | | |
| git add . | |
| git diff --cached --exit-code HEAD -- aws-lc-sys/builder/prebuilt-nasm/*.txt | |
| build-env-external-bindgen-test: | |
| if: github.repository_owner == 'aws' | |
| name: aws-lc-rs FIPS - External bindgen test | |
| runs-on: ${{ matrix.os }} | |
| env: | |
| AWS_LC_SYS_EXTERNAL_BINDGEN: 1 | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| os: [ ubuntu-latest, macos-13, macos-14-xlarge, windows-latest ] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| submodules: 'recursive' | |
| - uses: dtolnay/rust-toolchain@stable | |
| - if: ${{ matrix.os == 'windows-latest' }} | |
| uses: ilammy/setup-nasm@v1 | |
| - name: Install bindgen-cli | |
| run: cargo install --locked bindgen-cli | |
| - name: Remove bindings | |
| run: | | |
| rm ./aws-lc-sys/src/x86_64* | |
| rm ./aws-lc-sys/src/aarch64* | |
| - name: Run cargo test | |
| run: cargo test --tests -p aws-lc-rs --no-default-features --features aws-lc-sys | |
| build-env-fips-static-test: | |
| if: github.repository_owner == 'aws' | |
| name: aws-lc-rs build-env-fips-static-test | |
| runs-on: ${{ matrix.os }} | |
| env: | |
| AWS_LC_FIPS_SYS_STATIC: ${{ matrix.static }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| os: [ ubuntu-latest, macos-13, macos-14-xlarge ] | |
| static: [ 0, 1 ] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| submodules: 'recursive' | |
| - uses: dtolnay/rust-toolchain@stable | |
| - uses: actions/setup-go@v4 | |
| with: | |
| go-version: '>=1.18' | |
| - name: Run cargo test | |
| if: ${{ matrix.os == 'ubuntu-latest' || matrix.static != 1 }} | |
| # Doc-tests fail to link with dynamic build | |
| # See: https://github.com/rust-lang/cargo/issues/8531 | |
| run: cargo test -p aws-lc-rs --tests --no-default-features --features fips | |
| build-env-no-asm-test: | |
| if: github.repository_owner == 'aws' | |
| name: build-env-no-asm-test | |
| runs-on: ${{ matrix.os }} | |
| env: | |
| AWS_LC_SYS_NO_ASM: 1 | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| os: [ ubuntu-latest, macos-13, macos-14-xlarge, windows-latest ] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| submodules: 'recursive' | |
| - uses: dtolnay/rust-toolchain@stable | |
| - name: Run cargo test | |
| run: cargo test -p aws-lc-rs | |
| - name: Release build | |
| if: ${{ matrix.os != 'windows-latest' }} | |
| run: | | |
| if cargo build -p aws-lc-rs --release; then | |
| exit 1 | |
| else | |
| exit 0 | |
| fi | |
| - name: Release build | |
| if: ${{ matrix.os == 'windows-latest' }} | |
| shell: pwsh | |
| run: | | |
| if (cargo build -p aws-lc-rs --release) { | |
| exit 1 | |
| } else { | |
| exit 0 | |
| } | |
| build-env-fips-no-asm-test: | |
| if: github.repository_owner == 'aws' | |
| name: aws-lc-rs build-env-fips-no-asm-test | |
| runs-on: ${{ matrix.os }} | |
| env: | |
| AWS_LC_FIPS_SYS_NO_ASM: 1 | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| os: [ ubuntu-latest, macos-13, macos-14-xlarge, windows-latest ] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| submodules: 'recursive' | |
| - uses: dtolnay/rust-toolchain@stable | |
| - uses: actions/setup-go@v4 | |
| with: | |
| go-version: '>=1.18' | |
| - uses: seanmiddleditch/gha-setup-ninja@v5 | |
| - name: Run cargo test | |
| run: cargo test -p aws-lc-rs --tests --no-default-features --features fips | |
| - name: Release build | |
| if: ${{ matrix.os != 'windows-latest' }} | |
| run: | | |
| if cargo build -p aws-lc-rs --release --no-default-features --features fips; then | |
| exit 1 | |
| else | |
| exit 0 | |
| fi | |
| - name: Release build | |
| if: ${{ matrix.os == 'windows-latest' }} | |
| shell: pwsh | |
| run: | | |
| if (cargo build -p aws-lc-rs --release --no-default-features --features fips) { | |
| exit 1 | |
| } else { | |
| exit 0 | |
| } | |
| build-env-fips-external-bindgen-test: | |
| if: github.repository_owner == 'aws' | |
| name: aws-lc-rs FIPS - External bindgen test | |
| runs-on: ${{ matrix.os }} | |
| env: | |
| AWS_LC_FIPS_SYS_EXTERNAL_BINDGEN: 1 | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| os: [ ubuntu-latest, macos-13, macos-14-xlarge, windows-latest ] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| submodules: 'recursive' | |
| - if: ${{ matrix.os == 'windows-latest' }} | |
| uses: ilammy/setup-nasm@v1 | |
| - if: ${{ matrix.os == 'windows-latest' }} | |
| uses: seanmiddleditch/gha-setup-ninja@v5 | |
| - uses: dtolnay/rust-toolchain@stable | |
| - uses: actions/setup-go@v4 | |
| with: | |
| go-version: '>=1.18' | |
| - name: Install bindgen-cli | |
| run: cargo install --locked bindgen-cli | |
| - name: Remove bindings | |
| run: | | |
| rm ./aws-lc-fips-sys/src/x86_64* | |
| rm ./aws-lc-fips-sys/src/aarch64* | |
| - name: Run cargo test | |
| run: cargo test --tests -p aws-lc-rs --no-default-features --features fips | |
| careful: | |
| if: github.repository_owner == 'aws' | |
| name: Run carefully | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| os: | |
| - ubuntu-latest | |
| - macos-13 | |
| - macos-14-xlarge | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| submodules: 'recursive' | |
| lfs: true | |
| - uses: dtolnay/rust-toolchain@master | |
| id: toolchain | |
| with: | |
| toolchain: ${{ env.RUST_NIGHTLY_TOOLCHAIN }} | |
| components: 'rust-src' | |
| - if: ${{ startsWith(matrix.os, 'macos-') }} | |
| run: | | |
| brew install llvm | |
| echo 'export PATH="/opt/homebrew/opt/llvm/bin:$PATH"' | |
| echo 'export LIBCLANG_PATH=/opt/homebrew/opt/llvm' >> "$GITHUB_ENV" | |
| - name: Set Rust toolchain override | |
| run: rustup override set ${{ steps.toolchain.outputs.name }} | |
| - name: Install cargo-careful | |
| run: cargo install --locked cargo-careful | |
| - uses: actions/setup-go@v4 | |
| with: | |
| go-version: '>=1.18' | |
| - name: Run tests | |
| working-directory: ./aws-lc-rs | |
| run: cargo careful test | |
| - name: Run tests w/ FIPS | |
| working-directory: ./aws-lc-rs | |
| # Rust doc tests dislike dynamic linking | |
| run: cargo careful test --tests --features fips,bindgen | |
| clang-19-bindgen: | |
| if: github.repository_owner == 'aws' | |
| name: Clang 19.1 + bindgen tests | |
| runs-on: macos-14-xlarge | |
| env: | |
| LIBCLANG_PATH: /opt/homebrew/opt/llvm/lib | |
| LLVM_CONFIG_PATH: /opt/homebrew/opt/llvm/llvm-config | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| submodules: 'recursive' | |
| - uses: actions/setup-go@v4 | |
| with: | |
| go-version: '>=1.18' | |
| - uses: dtolnay/rust-toolchain@master | |
| id: toolchain | |
| with: | |
| toolchain: stable | |
| - run: | | |
| brew update | |
| brew uninstall --force llvm | |
| brew install llvm@19 | |
| echo 'export PATH="/opt/homebrew/opt/llvm/bin:$PATH"' >> "$GITHUB_ENV" | |
| - name: aws-lc-sys bindgen build | |
| working-directory: ./aws-lc-sys | |
| run: cargo test --features bindgen | |
| - name: aws-lc-fips-sys bindgen build | |
| working-directory: ./aws-lc-fips-sys | |
| run: cargo test --features bindgen | |
| source-path-has-spaces: | |
| if: github.repository_owner == 'aws' | |
| name: | |
| "Spaces in path - ${{ matrix.os }} - FIPS: ${{ matrix.fips }}" | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| os: [ ubuntu-latest, macos-13, macos-14-xlarge, windows-latest ] | |
| fips: [ 0, 1 ] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| submodules: 'recursive' | |
| path: "path has spaces/aws-lc-rs" | |
| - if: ${{ matrix.os == 'windows-latest' }} | |
| uses: ilammy/setup-nasm@v1 | |
| - uses: dtolnay/rust-toolchain@stable | |
| - uses: seanmiddleditch/gha-setup-ninja@v5 | |
| - uses: actions/setup-go@v4 | |
| with: | |
| go-version: '>=1.18' | |
| # FIPS builds for ARM platforms (e.g, macos-14-xlarge) will fail until upstream change is made: | |
| # https://github.com/aws/aws-lc/pull/2005 | |
| - if: matrix.os != 'macos-14-xlarge' || matrix.fips != 1 | |
| name: Run cargo test | |
| working-directory: "path has spaces/aws-lc-rs" | |
| run: cargo test --tests -p aws-lc-rs --no-default-features --features ${{ (matrix.fips == 1 && 'fips') || 'aws-lc-sys' }} | |
| cmake-source-path-has-spaces: | |
| if: github.repository_owner == 'aws' | |
| name: | |
| "Spaces in path (CMake) - ${{ matrix.os }}" | |
| runs-on: ${{ matrix.os }} | |
| env: | |
| AWS_LC_SYS_CMAKE_BUILDER: 1 | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| os: [ ubuntu-latest, macos-13, macos-14-xlarge ] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| submodules: 'recursive' | |
| path: "path has spaces/aws-lc-rs" | |
| - if: ${{ matrix.os == 'windows-latest' }} | |
| uses: ilammy/setup-nasm@v1 | |
| - uses: dtolnay/rust-toolchain@stable | |
| - uses: seanmiddleditch/gha-setup-ninja@v5 | |
| - uses: actions/setup-go@v4 | |
| with: | |
| go-version: '>=1.18' | |
| - name: Run cargo test | |
| working-directory: "path has spaces/aws-lc-rs" | |
| run: cargo test --tests -p aws-lc-rs --features bindgen |