generated from amazon-archives/__template_Apache-2.0
-
Notifications
You must be signed in to change notification settings - Fork 176
401 lines (388 loc) · 14.9 KB
/
aws-lc-rs.yml
File metadata and controls
401 lines (388 loc) · 14.9 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
name: aws-lc-rs tests
on:
push:
branches: [ '*' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref_name }}
cancel-in-progress: true
env:
GOPROXY: https://proxy.golang.org,direct
RUST_BACKTRACE: 1
permissions:
contents: read
jobs:
# Full bindings pre-generation test on Linux (x86_64-unknown-linux-gnu)
aws-lc-rs-linux:
if: github.repository_owner == 'aws'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
repository: aws/aws-lc-rs
path: ./aws-lc-rs
submodules: 'recursive'
- name: Remove aws-lc submodule from crate directory
working-directory: ./aws-lc-rs/aws-lc-sys
shell: bash
run: rm -rf aws-lc
- uses: actions/checkout@v4
with:
path: ./aws-lc-rs/aws-lc-sys/aws-lc
- uses: dtolnay/rust-toolchain@stable
with:
components: 'rustfmt'
- uses: actions/setup-go@v4
with:
go-version: '>=1.20'
- name: Install ripgrep
run: cargo install --force --locked ripgrep --features pcre2
- name: No-prefix build
working-directory: ./aws-lc-rs
env:
AWS_LC_SYS_NO_PREFIX: "1"
AWS_LC_SYS_C_STD: "99"
run: cargo test -p aws-lc-sys --features bindgen
- name: Collect symbols
working-directory: ./aws-lc-rs
run: |
rm -rf ./aws-lc-sys/symbols/* ./aws-lc-sys/generated-include/*
mkdir -p ./aws-lc-sys/symbols ./aws-lc-sys/generated-include/openssl
./scripts/build/collect_symbols.sh -c aws-lc-sys
- name: Generate prefix headers
working-directory: ./aws-lc-rs
run: ./scripts/generate/_generate_prefix_headers.sh -c aws-lc-sys
- name: Update sys-crate metadata
working-directory: ./aws-lc-rs
run: ./scripts/ci/update_sys_crate_metadata.sh aws-lc-sys
- name: Update cc-builder source configuration
working-directory: ./aws-lc-rs
run: |
./aws-lc-sys/scripts/cc_builder/universal.sh
./aws-lc-sys/scripts/cc_builder/linux_x86_64.sh
- name: Clean
working-directory: ./aws-lc-rs
run: cargo clean
- name: Generate bindings
working-directory: ./aws-lc-rs
env:
AWS_LC_SYS_PREGENERATING_BINDINGS: "1"
run: cargo test -p aws-lc-sys --features bindgen
- name: Test with cc-builder
working-directory: ./aws-lc-rs
env:
AWS_LC_SYS_CMAKE_BUILDER: "0"
run: |
cargo clean
cargo test -p aws-lc-sys
cargo test -p aws-lc-rs
# Full bindings pre-generation test on macOS (aarch64-apple-darwin)
aws-lc-rs-macos:
if: github.repository_owner == 'aws'
runs-on: macos-latest
steps:
- uses: actions/checkout@v4
with:
repository: aws/aws-lc-rs
path: ./aws-lc-rs
submodules: 'recursive'
- name: Remove aws-lc submodule from crate directory
working-directory: ./aws-lc-rs/aws-lc-sys
shell: bash
run: rm -rf aws-lc
- uses: actions/checkout@v4
with:
path: ./aws-lc-rs/aws-lc-sys/aws-lc
- uses: dtolnay/rust-toolchain@stable
with:
components: 'rustfmt'
- uses: actions/setup-go@v4
with:
go-version: '>=1.20'
- name: Install Bash and ripgrep
run: brew install bash ripgrep
- name: No-prefix build
working-directory: ./aws-lc-rs
env:
AWS_LC_SYS_NO_PREFIX: "1"
AWS_LC_SYS_C_STD: "99"
run: cargo test -p aws-lc-sys --features bindgen
- name: Collect symbols
working-directory: ./aws-lc-rs
run: |
rm -rf ./aws-lc-sys/symbols/* ./aws-lc-sys/generated-include/*
mkdir -p ./aws-lc-sys/symbols ./aws-lc-sys/generated-include/openssl
./scripts/build/collect_symbols.sh -c aws-lc-sys
- name: Generate prefix headers
working-directory: ./aws-lc-rs
shell: /opt/homebrew/bin/bash {0}
run: ./scripts/generate/_generate_prefix_headers.sh -c aws-lc-sys
- name: Update sys-crate metadata
working-directory: ./aws-lc-rs
shell: /opt/homebrew/bin/bash {0}
run: ./scripts/ci/update_sys_crate_metadata.sh aws-lc-sys
- name: Update cc-builder source configuration
working-directory: ./aws-lc-rs
shell: /opt/homebrew/bin/bash {0}
run: |
./aws-lc-sys/scripts/cc_builder/universal.sh
./aws-lc-sys/scripts/cc_builder/apple_aarch64.sh
- name: Clean
working-directory: ./aws-lc-rs
run: cargo clean
- name: Generate bindings
working-directory: ./aws-lc-rs
env:
AWS_LC_SYS_PREGENERATING_BINDINGS: "1"
run: cargo test -p aws-lc-sys --features bindgen
- name: Test with cc-builder
working-directory: ./aws-lc-rs
env:
AWS_LC_SYS_CMAKE_BUILDER: "0"
run: |
cargo clean
cargo test -p aws-lc-sys
cargo test -p aws-lc-rs
# Full bindings pre-generation test on Windows (x86_64-pc-windows-msvc)
aws-lc-rs-windows:
if: github.repository_owner == 'aws'
runs-on: windows-latest
steps:
- uses: actions/checkout@v4
with:
repository: aws/aws-lc-rs
path: ./aws-lc-rs
submodules: 'recursive'
- name: Remove aws-lc submodule from crate directory
working-directory: ./aws-lc-rs/aws-lc-sys
shell: bash
run: rm -rf aws-lc
- uses: actions/checkout@v4
with:
path: ./aws-lc-rs/aws-lc-sys/aws-lc
- uses: dtolnay/rust-toolchain@stable
with:
toolchain: stable
target: x86_64-pc-windows-msvc
components: 'rustfmt'
- uses: ilammy/setup-nasm@v1
- uses: actions/setup-go@v4
with:
go-version: '>=1.20'
- name: No-prefix build
env:
AWS_LC_SYS_NO_PREFIX: "1"
AWS_LC_SYS_C_STD: "99"
working-directory: ./aws-lc-rs
run: cargo test -p aws-lc-sys --features bindgen --target x86_64-pc-windows-msvc
- name: Delete current symbol files and headers
working-directory: ./aws-lc-rs
shell: bash
run: |
rm -rf ./aws-lc-sys/symbols/* ./aws-lc-sys/generated-include/*
mkdir -p ./aws-lc-sys/symbols ./aws-lc-sys/generated-include/openssl
- name: Collect symbols
working-directory: ./aws-lc-rs
shell: bash
run: ./scripts/build/collect_symbols.sh -c aws-lc-sys -t x86_64-pc-windows-msvc
- name: Generate prefix headers
working-directory: ./aws-lc-rs
shell: bash
run: ./scripts/generate/_generate_prefix_headers.sh -c aws-lc-sys
- name: Update sys-crate metadata
working-directory: ./aws-lc-rs
shell: bash
run: ./scripts/ci/update_sys_crate_metadata.sh aws-lc-sys
- name: Install ripgrep
run: cargo install --force --locked ripgrep --features pcre2
- name: Update cc-builder source configuration
working-directory: ./aws-lc-rs
shell: bash
run: |
./aws-lc-sys/scripts/cc_builder/universal.sh
./aws-lc-sys/scripts/cc_builder/win_x86_64.sh
- name: Clean
working-directory: ./aws-lc-rs
run: cargo clean
- name: Generate bindings
env:
AWS_LC_SYS_PREGENERATING_BINDINGS: "1"
working-directory: ./aws-lc-rs
run: cargo test -p aws-lc-sys --features bindgen --target x86_64-pc-windows-msvc
- name: Test with cc-builder
working-directory: ./aws-lc-rs
env:
AWS_LC_SYS_CMAKE_BUILDER: "0"
run: |
cargo clean
cargo test -p aws-lc-sys --target x86_64-pc-windows-msvc
cargo test -p aws-lc-rs --target x86_64-pc-windows-msvc
# CMake Rust bindings generation tests
cmake-rust-bindings:
if: github.repository_owner == 'aws'
strategy:
fail-fast: false
matrix:
include:
- os: ubuntu-latest
name: linux
- os: ubuntu-latest
name: linux-prefix
prefix: AWSLC_PREFIX
- os: macos-latest
name: macos
- os: macos-latest
name: macos-prefix
prefix: AWSLC_PREFIX
- os: windows-latest
name: windows
- os: ubuntu-latest
name: linux-no-ssl
build_libssl: OFF
runs-on: ${{ matrix.os }}
name: cmake-rust-bindings (${{ matrix.name }})
steps:
- uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@stable
with:
components: 'rustfmt'
- uses: ilammy/setup-nasm@v1
if: runner.os == 'Windows'
- uses: actions/setup-go@v4
with:
go-version: '>=1.20'
- name: Install bindgen-cli
run: cargo install --force --locked bindgen-cli
# Prefix builds need a non-prefixed build first to collect symbols
- name: Generate prefix symbols file
if: matrix.prefix
shell: bash
run: |
cmake -B build-noprefix -DBUILD_TESTING=OFF
cmake --build build-noprefix
go run ./util/read_symbols.go build-noprefix/crypto/libcrypto.a > symbols.txt
go run ./util/read_symbols.go build-noprefix/ssl/libssl.a >> symbols.txt
echo "Collected $(wc -l < symbols.txt) symbols"
- name: Configure with Rust bindings generation
shell: bash
run: |
cmake_args="-DGENERATE_RUST_BINDINGS=ON -DBUILD_TESTING=OFF"
if [ -n "${{ matrix.prefix }}" ]; then
cmake_args="$cmake_args -DBORINGSSL_PREFIX=${{ matrix.prefix }}"
cmake_args="$cmake_args -DBORINGSSL_PREFIX_SYMBOLS=$(pwd)/symbols.txt"
fi
if [ "${{ matrix.build_libssl }}" = "OFF" ]; then
cmake_args="$cmake_args -DBUILD_LIBSSL=OFF"
fi
cmake -B build $cmake_args
- name: Build libraries
run: cmake --build build --config Release
- name: Generate bindings
run: cmake --build build --target rust_bindings --config Release --verbose
- name: Verify bindings file exists
shell: bash
run: |
if [ ! -f build/rust/aws_lc_bindings.rs ]; then
echo "ERROR: Rust bindings file was not generated"
exit 1
fi
echo "Generated bindings file size: $(wc -c < build/rust/aws_lc_bindings.rs) bytes"
echo "Generated bindings line count: $(wc -l < build/rust/aws_lc_bindings.rs) lines"
- name: Verify bindings content
shell: bash
run: |
# Verify SSL bindings based on BUILD_LIBSSL setting (defaults to ON)
if [ "${{ matrix.build_libssl }}" != "OFF" ]; then
if ! grep -q "pub fn SSL_new" build/rust/aws_lc_bindings.rs; then
echo "ERROR: Expected SSL_new function not found"
exit 1
fi
else
if grep -q "pub fn SSL_new" build/rust/aws_lc_bindings.rs; then
echo "ERROR: Unexpected SSL_new found in BUILD_LIBSSL=OFF build"
exit 1
fi
echo "Confirmed: SSL bindings correctly excluded"
fi
if [ -n "${{ matrix.prefix }}" ]; then
# Prefix builds: link_name attributes should contain the prefix.
# The exact format varies by platform (e.g., _PREFIX_ on macOS vs PREFIX_ on Linux).
if ! grep -q 'link_name.*${{ matrix.prefix }}_' build/rust/aws_lc_bindings.rs; then
echo "ERROR: Expected prefixed link_name attributes not found"
exit 1
fi
if ! grep -B1 "pub fn SSL_new" build/rust/aws_lc_bindings.rs | grep -q 'link_name.*${{ matrix.prefix }}_'; then
echo "ERROR: SSL_new should have ${{ matrix.prefix }}_ prefixed link_name"
exit 1
fi
else
# Non-prefix builds should not have link_name attributes
if grep -q '#\[link_name' build/rust/aws_lc_bindings.rs; then
echo "ERROR: Unexpected link_name attributes found in no-prefix build"
exit 1
fi
fi
echo "Bindings content verification passed"
- name: Verify bindings build and link
shell: bash
run: |
mkdir -p "${RUNNER_TEMP}/test-bindings/src"
cat > "${RUNNER_TEMP}/test-bindings/Cargo.toml" << 'EOF'
[package]
name = "test-bindings"
version = "0.1.0"
edition = "2021"
[[bin]]
name = "test-bindings"
path = "src/main.rs"
EOF
cat > "${RUNNER_TEMP}/test-bindings/build.rs" << 'EOF'
use std::env;
fn main() {
let build_dir = env::var("CMAKE_BUILD_DIR").expect("CMAKE_BUILD_DIR must be set");
// Library search paths for single-config generators (Unix Makefiles, Ninja)
println!("cargo:rustc-link-search=native={}/crypto", build_dir);
println!("cargo:rustc-link-search=native={}/ssl", build_dir);
// Library search paths for multi-config generators (Visual Studio)
println!("cargo:rustc-link-search=native={}/crypto/Release", build_dir);
println!("cargo:rustc-link-search=native={}/ssl/Release", build_dir);
println!("cargo:rustc-link-lib=static=crypto");
if env::var("INCLUDE_SSL").unwrap_or_default() == "1" {
println!("cargo:rustc-link-lib=static=ssl");
}
// Platform-specific system library dependencies required by aws-lc
let target_family = env::var("CARGO_CFG_TARGET_FAMILY").unwrap_or_default();
let target_os = env::var("CARGO_CFG_TARGET_OS").unwrap_or_default();
if target_family == "unix" {
println!("cargo:rustc-link-lib=dylib=pthread");
}
if target_os == "windows" {
println!("cargo:rustc-link-lib=dylib=ws2_32");
}
}
EOF
cat > "${RUNNER_TEMP}/test-bindings/src/main.rs" << 'EOF'
#![allow(clippy::all)]
#![allow(non_upper_case_globals)]
#![allow(non_camel_case_types)]
#![allow(non_snake_case)]
#![allow(dead_code)]
#![allow(improper_ctypes)]
#![allow(unpredictable_function_pointer_comparisons)]
include!(concat!(env!("BINDINGS_PATH"), "/aws_lc_bindings.rs"));
fn main() {
unsafe { CRYPTO_library_init(); }
println!("Bindings link test passed");
}
EOF
cd "${RUNNER_TEMP}/test-bindings"
include_ssl="0"
if [ "${{ matrix.build_libssl }}" != "OFF" ]; then
include_ssl="1"
fi
export CMAKE_BUILD_DIR="${GITHUB_WORKSPACE}/build"
export BINDINGS_PATH="${GITHUB_WORKSPACE}/build/rust"
export INCLUDE_SSL="${include_ssl}"
cargo run
echo "Bindings build, link, and run test passed"