|
| 1 | +# This workflow is for testing that the latest released version |
| 2 | +# of the MPL is compatible with the current DB-ESDK Head |
| 3 | +name: Test Latest Released MPL Java with DB-ESDK HEAD |
| 4 | + |
| 5 | +on: |
| 6 | + schedule: |
| 7 | + - cron: "00 16 * * 1-5" |
| 8 | + workflow_dispatch: # allows triggering this manually through the Actions UI |
| 9 | + inputs: |
| 10 | + run_test_vectors: |
| 11 | + description: "Run Test Vectors?" |
| 12 | + required: false |
| 13 | + default: true |
| 14 | + type: boolean |
| 15 | + |
| 16 | +jobs: |
| 17 | + getVersion: |
| 18 | + # Don't run the cron builds on forks |
| 19 | + if: github.event_name != 'schedule' || github.repository_owner == 'aws' |
| 20 | + uses: ./.github/workflows/dafny_version.yml |
| 21 | + getVerifyVersion: |
| 22 | + if: github.event_name != 'schedule' || github.repository_owner == 'aws' |
| 23 | + uses: ./.github/workflows/dafny_verify_version.yml |
| 24 | + getMplDependencyJavaVersion: |
| 25 | + if: github.event_name != 'schedule' || github.repository_owner == 'aws' |
| 26 | + uses: ./.github/workflows/mpl_dependency_java_version.yml |
| 27 | + testJava: |
| 28 | + needs: [getVersion, getMplDependencyJavaVersion] |
| 29 | + strategy: |
| 30 | + max-parallel: 1 |
| 31 | + matrix: |
| 32 | + java-version: [17] |
| 33 | + os: [ubuntu-22.04] |
| 34 | + runs-on: ${{ matrix.os }} |
| 35 | + permissions: |
| 36 | + id-token: write |
| 37 | + contents: read |
| 38 | + steps: |
| 39 | + - name: Configure AWS Credentials |
| 40 | + uses: aws-actions/configure-aws-credentials@v4 |
| 41 | + with: |
| 42 | + aws-region: us-west-2 |
| 43 | + role-to-assume: arn:aws:iam::370957321024:role/GitHub-CI-DDBEC-Dafny-Role-us-west-2 |
| 44 | + role-session-name: DDBEC-Dafny-Java-Tests |
| 45 | + |
| 46 | + - uses: actions/checkout@v3 |
| 47 | + with: |
| 48 | + submodules: recursive |
| 49 | + |
| 50 | + - name: Setup Java ${{ matrix.java-version }} |
| 51 | + uses: actions/setup-java@v4 |
| 52 | + with: |
| 53 | + distribution: "corretto" |
| 54 | + java-version: ${{ matrix.java-version }} |
| 55 | + |
| 56 | + - name: Setup Dafny |
| 57 | + uses: dafny-lang/[email protected] |
| 58 | + with: |
| 59 | + dafny-version: ${{ needs.getVersion.outputs.version }} |
| 60 | + |
| 61 | + - name: Regenerate code using smithy-dafny if necessary |
| 62 | + if: ${{ inputs.regenerate-code }} |
| 63 | + uses: ./.github/actions/polymorph_codegen |
| 64 | + with: |
| 65 | + dafny: ${{ env.DAFNY_VERSION }} |
| 66 | + library: DynamoDbEncryption |
| 67 | + diff-generated-code: false |
| 68 | + update-and-regenerate-mpl: true |
| 69 | + |
| 70 | + # The following two steps: "Build and deploy to maven local" and "Run Extensive Tests" |
| 71 | + # mimic the tests in ./codebuild/staging/release-staging.yml |
| 72 | + - name: Build and deploy to maven local |
| 73 | + shell: bash |
| 74 | + working-directory: ./DynamoDbEncryption |
| 75 | + run: | |
| 76 | + # Run transpile by itself. We don't want to locally build the MPL because |
| 77 | + # we want to verify that the version pulled down from maven works correctly |
| 78 | + make transpile_implementation_java |
| 79 | + make transpile_test_java |
| 80 | + make mvn_local_deploy |
| 81 | + make test_java |
| 82 | +
|
| 83 | + - name: Run Extensive Tests |
| 84 | + working-directory: ./DynamoDbEncryption |
| 85 | + run: | |
| 86 | + gradle -p runtimes/java clean |
| 87 | + gradle -p runtimes/java test |
| 88 | +
|
| 89 | + # This makes sure that we are using the correct MPL version to test the DB-ESDK. |
| 90 | + # If this contains a SNAPSHOT version, this will fail because' |
| 91 | + # we are NOT building the MPL recursively but pulling from Maven. |
| 92 | + - name: Update project.properties to use the correct MPL version (from project.properties in DB-ESDK) |
| 93 | + working-directory: ./submodules/MaterialProviders/ |
| 94 | + run: | |
| 95 | + sed "s/mplVersion=.*/mplVersion=${{needs.getMplDependencyJavaVersion.outputs.version}}/g" project.properties > project.properties2; mv project.properties2 project.properties |
| 96 | +
|
| 97 | + # The following three steps: "Transpile MPL Test Vectors without recursively building the MPL", |
| 98 | + # "Run Test Vectors", and "Test Examples" mimic the tests in ./codebuild/staging/validate-staging.yml |
| 99 | + - name: Transpile MPL Test Vectors without recursively building the MPL |
| 100 | + working-directory: ./submodules/MaterialProviders/TestVectorsAwsCryptographicMaterialProviders |
| 101 | + run: | |
| 102 | + # Run transpile by itself. We don't want to locally build the MPL because |
| 103 | + # we want to verify that the version pulled down from maven works correctly |
| 104 | + make transpile_implementation_java |
| 105 | + make transpile_test_java |
| 106 | + make mvn_local_deploy |
| 107 | +
|
| 108 | + - name: Run Test Vectors |
| 109 | + if: github.event_name == 'schedule' || (github.event_name == 'workflow_dispatch' && ${{inputs.run_test_vectors}}) |
| 110 | + working-directory: ./TestVectors |
| 111 | + run: | |
| 112 | + # Spin up ddb local |
| 113 | + docker run --name dynamodb -d -p 8000:8000 amazon/dynamodb-local -jar DynamoDBLocal.jar -port 8000 -inMemory -cors * |
| 114 | + # Run transpile by itself so we don't locally build the MPL. |
| 115 | + make transpile_implementation_java |
| 116 | + make transpile_test_java |
| 117 | + gradle -p runtimes/java runTests |
| 118 | +
|
| 119 | + - name: Test Examples |
| 120 | + working-directory: ./Examples |
| 121 | + run: | |
| 122 | + # Run Simple Examples |
| 123 | + gradle -p runtimes/java/DynamoDbEncryption test |
| 124 | + # Run Migration Examples |
| 125 | + gradle -p runtimes/java/Migration/PlaintextToAWSDBE test |
| 126 | + gradle -p runtimes/java/Migration/DDBECToAWSDBE test |
0 commit comments