Update aws-lc-fips-sys to v0.13.0, align w/ AWS-LC-FIPS-3.0.0 #37
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: compilers | |
on: | |
push: | |
branches: | |
- '*' | |
- '!generate/aws-lc-*' | |
pull_request: | |
branches: | |
- '*' | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref_name }} | |
cancel-in-progress: true | |
env: | |
RUST_BACKTRACE: 1 | |
# We can pin the version if nightly is too unstable. | |
# Otherwise, we test against the latest version. | |
RUST_NIGHTLY_TOOLCHAIN: nightly | |
jobs: | |
aws-lc-rs-2004-gcc: | |
if: github.repository_owner == 'aws' | |
name: GCC ${{ matrix.gcc_version }} - CMake ${{ matrix.cmake }} - FIPS ${{ matrix.fips }} | |
runs-on: ubuntu-20.04 | |
env: | |
AWS_LC_SYS_CMAKE_BUILDER: ${{ matrix.cmake }} | |
strategy: | |
fail-fast: false | |
matrix: | |
cmake: [ '0', '1' ] | |
gcc_version: [ '7', '8' ] | |
fips: [ '0', '1' ] | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
submodules: 'recursive' | |
- uses: dtolnay/rust-toolchain@master | |
id: toolchain | |
with: | |
toolchain: stable | |
- name: Set up GCC | |
uses: egor-tensin/setup-gcc@v1.3 | |
with: | |
version: ${{ matrix.gcc_version }} | |
platform: x64 | |
- if: matrix.fips == '1' | |
uses: actions/setup-go@v4 | |
with: | |
go-version: '>=1.18' | |
- name: Run cargo test (debug) | |
run: cargo test -p aws-lc-rs --all-targets --no-default-features --features ${{ (matrix.fips == '0' && 'unstable,aws-lc-sys') || 'unstable,fips' }} | |
- name: Run cargo test (release) | |
run: cargo test -p aws-lc-rs --release --all-targets --no-default-features --features ${{ (matrix.fips == '0' && 'unstable,aws-lc-sys') || 'unstable,fips' }} | |
# The steps below verify that we're successfully using `-ffile-prefix-map` | |
# to remove build environment paths from the resulting library. | |
- if: ${{ matrix.gcc_version == '8' }} | |
name: Verify paths found in debug build | |
run: | | |
DEBUG_LIBCRYPTO=$(find ./target/debug -name "libaws_lc_*_crypto.a") | |
if strings ${DEBUG_LIBCRYPTO} | grep runner; then | |
exit 0; # SUCCESS | |
else | |
exit 1; # FAIL - we expected to find "runner" (i.e., a path) | |
fi | |
# TODO: Due to the nature of the FIPS build (e.g., its dynamic generation of | |
# assembly files and its custom compilation commands within CMake), not all | |
# source paths are stripped from the resulting binary. | |
- if: ${{ matrix.gcc_version == '8' && matrix.fips == '0' }} | |
name: Verify paths not found in release build | |
run: | | |
RELEASE_LIBCRYPTO=$(find ./target/release -name "libaws_lc_*_crypto.a") | |
if strings ${RELEASE_LIBCRYPTO} | grep runner; then | |
exit 1; # FAIL - we did not expect to find "runner" (i.e., a path) | |
else | |
exit 0; # SUCCESS | |
fi | |
aws-lc-rs-1804-gcc: | |
if: github.repository_owner == 'aws' | |
name: GCC ${{ matrix.gcc_version }} - CMake ${{ matrix.cmake }} - FIPS ${{ matrix.fips }} | |
runs-on: ubuntu-20.04 | |
container: | |
image: ubuntu:18.04 | |
env: | |
AWS_LC_SYS_CMAKE_BUILDER: ${{ matrix.cmake }} | |
strategy: | |
fail-fast: false | |
matrix: | |
cmake: [ '0', '1' ] | |
gcc_version: [ '4.8', '5', '6' ] | |
fips: [ '0', '1' ] | |
steps: | |
- run: | | |
apt-get update | |
apt-get install -y ca-certificates | |
apt-get install -y cmake curl sudo | |
apt-get install -y --no-install-recommends gpg-agent software-properties-common | |
apt-add-repository --yes ppa:git-core/ppa | |
add-apt-repository --yes ppa:longsleep/golang-backports | |
apt-get update | |
apt-get install -y build-essential git golang-go | |
curl -L -O -J https://github.com/PowerShell/PowerShell/releases/download/v7.2.23/powershell_7.2.23-1.deb_amd64.deb | |
dpkg -i powershell_7.2.23-1.deb_amd64.deb | |
apt-get install -f | |
rm powershell_7.2.23-1.deb_amd64.deb | |
- name: Checkout | |
run: | | |
git config --global --add safe.directory '*' | |
git clone --recursive ${{ github.server_url }}/${{ github.repository }}.git . | |
git fetch origin ${{ github.sha }} | |
git checkout --recurse-submodules -b ci-job ${{ github.sha }} | |
- uses: dtolnay/rust-toolchain@master | |
id: toolchain | |
with: | |
toolchain: stable | |
- name: Set up GCC | |
uses: egor-tensin/setup-gcc@v1.3 | |
with: | |
version: ${{ matrix.gcc_version }} | |
platform: x64 | |
- name: Run cargo test (debug) | |
run: cargo test -p aws-lc-rs --all-targets --no-default-features --features ${{ (matrix.fips == '0' && 'unstable,aws-lc-sys') || 'unstable,fips' }} | |
- name: Run cargo test (release) | |
run: cargo test -p aws-lc-rs --release --all-targets --no-default-features --features ${{ (matrix.fips == '0' && 'unstable,aws-lc-sys') || 'unstable,fips' }} | |
aws-lc-rs-c-std-test: | |
if: github.repository_owner == 'aws' | |
name: C-std ${{ matrix.os }} - ${{ matrix.c_std }} - Force CMake ${{ matrix.cmake }} | |
runs-on: ${{ matrix.os }} | |
strategy: | |
fail-fast: false | |
matrix: | |
rust: [ stable ] | |
os: [ ubuntu-latest, macos-13, macos-14-xlarge, windows-latest ] | |
c_std: [ "11", "99" ] | |
cmake: [ '0', '1' ] | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
submodules: 'recursive' | |
- uses: dtolnay/rust-toolchain@master | |
id: toolchain | |
with: | |
toolchain: stable | |
- run: | | |
echo 'export AWS_LC_SYS_CMAKE_BUILDER=${{ matrix.cmake }}' >> "$GITHUB_ENV" | |
- name: Run cargo test | |
working-directory: ./aws-lc-rs | |
env: | |
AWS_LC_SYS_PREBUILT_NASM: 1 | |
AWS_LC_SYS_C_STD: ${{ matrix.c_std }} | |
run: cargo test --all-targets --features unstable |