-
Notifications
You must be signed in to change notification settings - Fork 14
/
Copy pathrelease-staging.yml
67 lines (64 loc) · 3.43 KB
/
release-staging.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
version: 0.2
phases:
install:
runtime-versions:
dotnet: 6.0
python: 3.x
commands:
- cd ..
# Get Dafny
#- export `cat ./aws-database-encryption-sdk-dynamodb/project.properties`
- curl https://github.com/dafny-lang/dafny/releases/download/v$dafnyVersion/dafny-$dafnyVersion-x64-ubuntu-20.04.zip -L -o dafny.zip
- unzip -qq dafny.zip && rm dafny.zip
- export PATH="$PWD/dafny:$PATH"
# Switch back to the main directory
- cd aws-database-encryption-sdk-dynamodb
pre_build:
commands:
# UNIQUE_ID should be passed in as an environment variable. It is used to tie
# the different parts of the asynchronous signing process together
- echo "Using unique id for flow $UNIQUE_ID"
# Build unsigned source
- cd DynamoDbEncryption
- make transpile_net
- dotnet build runtimes/net /p:Configuration=Release -nowarn:CS0162,CS0168
# This step assumes signing has already happened and we just need to retrieve
# the signed artifacts
- export ASSEMBLY_NAME="AWS.Cryptography.DbEncryptionSDK.DynamoDb.dll"
- export BASE=../codebuild/net
- python $BASE/retrieve_signed_assembly.py --target net6.0 --unique-id $UNIQUE_ID
- python $BASE/retrieve_signed_assembly.py --target net48 --unique-id $UNIQUE_ID
build:
commands:
- mkdir build
- >-
aws codeartifact login \
--tool dotnet \
--repository dbesdk-net-staging \
--domain crypto-tools-internal \
--domain-owner 587316601012 \
--region us-east-1
# Set a unique version for releasing to staging, because this may fail and we don't
# want to collide with previous runs
- export VERSION=`grep '<Version>' runtimes/net/DynamoDbEncryption.csproj | sed 's/.*<Version>\(.*\)<\/Version>/\1/'`
- dotnet pack runtimes/net/DynamoDbEncryption.csproj --no-build /p:Configuration=Release --output build
- dotnet nuget push build/AWS.Cryptography.DbEncryptionSDK.DynamoDb.$VERSION.nupkg --source crypto-tools-internal/dbesdk-net-staging
# Now validate we can run the tests
- sed -i.backup "/\<ProjectReference Include=\"..\/DynamoDbEncryption.csproj\" \/>/d" runtimes/net/tests/Test-DynamoDbEncryption.csproj
- dotnet add runtimes/net/tests/Test-DynamoDbEncryption.csproj package AWS.Cryptography.DbEncryptionSDK.DynamoDb --version $VERSION
# run tests
- TMP_ROLE=$(aws sts assume-role --role-arn "arn:aws:iam::370957321024:role/GitHub-CI-DDBEC-Dafny-Role-us-west-2" --role-session-name "CB-TestVectorResources")
- export TMP_ROLE
- export AWS_ACCESS_KEY_ID=$(echo "${TMP_ROLE}" | jq -r '.Credentials.AccessKeyId')
- export AWS_SECRET_ACCESS_KEY=$(echo "${TMP_ROLE}" | jq -r '.Credentials.SecretAccessKey')
- export AWS_SESSION_TOKEN=$(echo "${TMP_ROLE}" | jq -r '.Credentials.SessionToken')
- aws sts get-caller-identity
- make test_net FRAMEWORK=net6.0
# run test vectors
- cd ../TestVectors
- sed -i.backup "/\<ProjectReference Include=\"..\/..\/..\/DynamoDbEncryption\/runtimes\/net\/DynamoDbEncryption.csproj\" \/>/d" runtimes/net/DbEsdkTestVectors.csproj
- dotnet add runtimes/net/DbEsdkTestVectors.csproj package AWS.Cryptography.DbEncryptionSDK.DynamoDb --version $VERSION
- make transpile_net
- cd runtimes/net
- cp ../java/decrypt_java_*.json ../java/decrypt_dotnet_*.json .
- dotnet run --framework net6.0