Skip to content

Stabilize ML-KEM & KDFs; bump to v1.12.0 #1205

Stabilize ML-KEM & KDFs; bump to v1.12.0

Stabilize ML-KEM & KDFs; bump to v1.12.0 #1205

Workflow file for this run

name: integration
on:
push:
branches:
- '*'
- '!generate/aws-lc-*'
pull_request:
branches:
- '*'
concurrency:
group: ${{ github.workflow }}-${{ github.ref_name }}
cancel-in-progress: true
env:
RUST_BACKTRACE: 1
# We can pin the version if nightly is too unstable.
# Otherwise, we test against the latest version.
RUST_NIGHTLY_TOOLCHAIN: nightly
jobs:
s2n-quic-integration:
if: github.repository_owner == 'aws'
name: s2n-quic-integration
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
os: [ ubuntu-latest, macos-13, macos-14-xlarge ]
env:
GIT_CLONE_PROTECTION_ACTIVE: false
steps:
- uses: actions/checkout@v3
with:
submodules: 'recursive'
- uses: dtolnay/rust-toolchain@stable
id: toolchain
- name: Set Rust toolchain override
run: rustup override set ${{ steps.toolchain.outputs.name }}
- name: Run s2n-quic integration
working-directory: ./aws-lc-rs
run: |
./scripts/run-s2n-quic-integration.sh
rustls-integration:
if: github.repository_owner == 'aws'
name: rustls-integration
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
os: [ ubuntu-latest, macos-13, macos-14-xlarge ]
steps:
- uses: actions/checkout@v3
with:
submodules: 'recursive'
- uses: dtolnay/rust-toolchain@stable
id: toolchain
- name: Set Rust toolchain override
run: rustup override set ${{ steps.toolchain.outputs.name }}
- name: Install cargo-download
run: cargo install cargo-download
- name: Run rustls integration
working-directory: ./aws-lc-rs
run: |
./scripts/run-rustls-integration.sh
links-crate-tests:
if: github.repository_owner == 'aws'
name: sys crate tests
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
os: [ ubuntu-latest, macos-13, macos-14-xlarge, windows-latest ]
features: [ aws-lc-rs, aws-lc-rs-fips, aws-lc-sys, aws-lc-fips-sys ]
steps:
- uses: actions/checkout@v3
with:
submodules: 'recursive'
- uses: dtolnay/rust-toolchain@stable
id: toolchain
- name: Set Rust toolchain override
run: rustup override set ${{ steps.toolchain.outputs.name }}
- name: Install NASM on Windows
if: runner.os == 'Windows'
uses: ilammy/setup-nasm@v1
- name: Setup Go >=v1.18
uses: actions/setup-go@v4
with:
go-version: '>=1.18'
- name: Install ninja-build tool
uses: seanmiddleditch/gha-setup-ninja@v4
- name: Run cargo test
working-directory: ./links-testing
run: cargo test --features ${{ matrix.features }} --no-default-features
- name: Run cargo run
working-directory: ./links-testing
run: cargo run --features ${{ matrix.features }} --no-default-features
publish-dry-run:
if: github.repository_owner == 'aws'
name: publish dry-run
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
rust: [ stable ]
os: [ windows-latest, ubuntu-latest, macos-13, macos-14-xlarge ]
crate: [ aws-lc-sys, aws-lc-rs, aws-lc-fips-sys ]
args:
- publish --dry-run
steps:
- uses: actions/setup-go@v4
with:
go-version: '>=1.18'
- run: go version
- uses: actions/checkout@v3
with:
submodules: 'recursive'
- if: ${{ matrix.os == 'windows-latest' }}
uses: ilammy/setup-nasm@v1
- name: Install ninja-build tool
if: ${{ matrix.os == 'windows-latest' }}
uses: seanmiddleditch/gha-setup-ninja@v4
- uses: dtolnay/rust-toolchain@master
id: toolchain
with:
toolchain: ${{ matrix.rust }}
- name: Set Rust toolchain override
run: rustup override set ${{ steps.toolchain.outputs.name }}
- name: ${{ matrix.crate }}
working-directory: ./${{ matrix.crate }}
run: cargo ${{ matrix.args }}
- name: Clean
run: cargo clean
- name: Force Linux shared build
working-directory: ./${{ matrix.crate }}
if: ${{ matrix.os == 'ubuntu-latest' }}
# Doc-tests fail to link with dynamic build
# See: https://github.com/rust-lang/cargo/issues/8531
run: AWS_LC_SYS_STATIC=0 AWS_LC_FIPS_SYS_STATIC=0 cargo publish --dry-run
## Verify that prebuilt-nasm objects were published properly
publish-dry-run-prebuild-nasm:
if: github.repository_owner == 'aws'
name: publish dry-run prebuilt-nasm
runs-on: windows-latest
strategy:
fail-fast: false
matrix:
crate: [ aws-lc-sys, aws-lc-rs ]
args:
- publish --dry-run
steps:
- uses: actions/checkout@v3
with:
submodules: 'recursive'
- uses: dtolnay/rust-toolchain@master
id: toolchain
with:
toolchain: stable
- name: Set Rust toolchain override
run: rustup override set ${{ steps.toolchain.outputs.name }}
- name: Verify NASM not available
shell: bash
run: |
if nasm --version; then
exit 1
else
exit 0;
fi
- name: ${{ matrix.crate }}
working-directory: ./${{ matrix.crate }}
shell: bash
run: AWS_LC_SYS_PREBUILT_NASM=1 cargo publish --dry-run
msrv:
name: Minimum Supported Rust Version
if: github.repository_owner == 'aws'
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
os: [ ubuntu-latest, macos-13, macos-14-xlarge, windows-latest ]
steps:
- uses: actions/checkout@v3
with:
submodules: 'recursive'
lfs: true
- if: ${{ startsWith(matrix.os, 'macos-') }}
run: |
brew install llvm
echo 'export PATH="/opt/homebrew/opt/llvm/bin:$PATH"'
echo 'export LIBCLANG_PATH=/opt/homebrew/opt/llvm' >> "$GITHUB_ENV"
- name: Install NASM on Windows
if: runner.os == 'Windows'
uses: ilammy/setup-nasm@v1
- name: Install MSRV Rust version
uses: dtolnay/rust-toolchain@stable
with:
toolchain: 1.63.0 # TODO: dynamically identify MSRV
- name: Update dependencies
run: |
cargo +1.63.0 update
cargo +1.63.0 tree
- name: Verify msrv
working-directory: ./aws-lc-rs
run: cargo +1.63.0 check --features bindgen