make up to date

.github/workflows/clang-format.yml

@@ -1,6 +1,7 @@
 name: test-clang-format
 
-on: ["pull_request", "push"]
+on:
+  workflow_call:
 
 jobs:
   build:
@@ -13,4 +14,4 @@ jobs:
         source: '.'
         exclude: 'docker-images,doxygen,examples,testing-resources'
         extensions: 'h,c,cpp'
-        clangFormatVersion: 9
+        clangFormatVersion: 9

.github/workflows/codebuild.yml

@@ -0,0 +1,96 @@
+name: AWS CodeBuild Batch Workflow
+
+on:
+  workflow_call:
+
+permissions:
+  id-token: write
+  contents: read
+
+jobs:
+  build_test_dynamic:
+    name: Build Test Dynamic (${{ matrix.project }})
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        project: [csdk-ubuntu-latest-x64-awslc, csdk-ubuntu-latest-x64]
+    steps:
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v2
+        with:
+          role-to-assume: ${{ secrets.CI_AWS_ROLE_ARN }}
+          aws-region: us-west-2
+
+      - name: Run CodeBuild
+        uses: aws-actions/aws-codebuild-run-build@v1
+        with:
+          project-name: ${{ matrix.project }}
+          buildspec-override: codebuild/ubuntu-latest-x64/build_test.yml
+          env-vars-for-codebuild: TEST_MODE
+        env:
+          TEST_MODE: dynamic
+
+  build_test_static_debug:
+    name: Build Test Static Debug (${{ matrix.project }})
+    runs-on: ubuntu-latest
+    needs: build_test_dynamic
+    strategy:
+      matrix:
+        project: [csdk-ubuntu-latest-x64-awslc, csdk-ubuntu-latest-x64]
+    steps:
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v2
+        with:
+          role-to-assume: ${{ secrets.CI_AWS_ROLE_ARN }}
+          aws-region: us-west-2
+
+      - name: Run CodeBuild
+        uses: aws-actions/aws-codebuild-run-build@v1
+        with:
+          project-name: ${{ matrix.project }}
+          buildspec-override: codebuild/ubuntu-latest-x64/build_test.yml
+          env-vars-for-codebuild: TEST_MODE
+        env:
+          TEST_MODE: static_debug
+
+  build_test_static_valgrind:
+    name: Build Test Static Valgrind (${{ matrix.project }})
+    runs-on: ubuntu-latest
+    needs: build_test_static_debug
+    strategy:
+      matrix:
+        project: [csdk-ubuntu-latest-x64-awslc, csdk-ubuntu-latest-x64]
+    steps:
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v2
+        with:
+          role-to-assume: ${{ secrets.CI_AWS_ROLE_ARN }}
+          aws-region: us-west-2
+
+      - name: Run CodeBuild
+        uses: aws-actions/aws-codebuild-run-build@v1
+        with:
+          project-name: ${{ matrix.project }}
+          buildspec-override: codebuild/ubuntu-latest-x64/build_test.yml
+          env-vars-for-codebuild: TEST_MODE
+        env:
+          TEST_MODE: static_valgrind
+
+  compliance:
+    name: Compliance (${{ matrix.project }})
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        project: [csdk-ubuntu-latest-x64-awslc, csdk-ubuntu-latest-x64]
+    steps:
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v2
+        with:
+          role-to-assume: ${{ secrets.CI_AWS_ROLE_ARN }}
+          aws-region: us-west-2
+
+      - name: Run CodeBuild
+        uses: aws-actions/aws-codebuild-run-build@v1
+        with:
+          project-name: ${{ matrix.project }}
+          buildspec-override: codebuild/ubuntu-latest-x64/compliance.yml

.github/workflows/daily_ci.yml

@@ -0,0 +1,12 @@
+# This workflow runs every weekday at 15:00 UTC (8AM PDT)
+name: Daily CI
+
+on:
+  schedule:
+    - cron: "00 15 * * 1-5"
+
+jobs:
+  codebuild:
+    if: github.event_name != 'schedule' || github.repository_owner == 'aws'
+    uses: ./.github/workflows/codebuild.yml
+    secrets: inherit

.github/workflows/osx.yml

@@ -1,7 +1,8 @@
 ---
 name: macOS build and test AWS Encryption SDK for C
 
-on: ["pull_request", "push"]
+on:
+  workflow_call:
 
 
 jobs:
@@ -11,11 +12,22 @@ jobs:
 
     strategy:
       matrix:
-        os: [macos-11, macos-latest]
+        # macos-latest-large is the latest intel based runner
+        os: [macos-13, macos-latest-large, ubuntu-22.04]
         openssl_version: [[email protected]]
 
+    permissions:
+      id-token: write
+      contents: read
+
     steps:
-      - run: brew install ${{ matrix.openssl_version }}
+      - name: Install OpenSSL
+        if: matrix.os != 'ubuntu-22.04'
+        run: brew install ${{ matrix.openssl_version }}
+
+      - name: Install LibCurl
+        if: matrix.os == 'ubuntu-22.04'
+        run: sudo apt-get install libcurl4-openssl-dev
 
       - name: Checkout PR
         uses: actions/checkout@v4
@@ -38,27 +50,79 @@ jobs:
           submodules: recursive
 
       - name: Install dependencies
+        if: matrix.os != 'ubuntu-22.04'
         run:
           brew install json-c
 
       - name: Build and install aws-sdk-cpp
+        if: matrix.os != 'ubuntu-22.04'
         run: |
           # remove the following line once aws-sdk-cpp fixes linux-shared/SimpleUDP.cpp
           perl -i -p -e 's/"-Werror"//' aws-sdk-cpp/cmake/compiler_settings.cmake
           mkdir -p build-aws-sdk-cpp || true
           mkdir -p install || true
           cd build-aws-sdk-cpp
-          cmake -G Xcode -DTARGET_ARCH="APPLE" -DBUILD_SHARED_LIBS=ON -DBUILD_ONLY="kms" -DENABLE_UNITY_BUILD=ON ../aws-sdk-cpp
+          cmake -G Xcode -DTARGET_ARCH="APPLE" -DBUILD_SHARED_LIBS=ON -DBUILD_ONLY="kms" -DENABLE_UNITY_BUILD=ON -DCMAKE_INSTALL_PREFIX=${{github.workspace}}/install -DCMAKE_PREFIX_PATH=${{github.workspace}}/install ../aws-sdk-cpp
           xcodebuild -target ALL_BUILD
           xcodebuild -target install
 
+      - name: Build and install aws-sdk-cpp
+        if: matrix.os == 'ubuntu-22.04'
+        run: |
+          # remove the following line once aws-sdk-cpp fixes linux-shared/SimpleUDP.cpp
+          perl -i -p -e 's/"-Werror"//' aws-sdk-cpp/cmake/compiler_settings.cmake
+          mkdir -p build-aws-sdk-cpp || true
+          mkdir -p install || true
+          cd build-aws-sdk-cpp
+          cmake -DBUILD_SHARED_LIBS=ON -DBUILD_ONLY="kms" -DENABLE_UNITY_BUILD=ON -DCMAKE_INSTALL_PREFIX=${{github.workspace}}/install -DCMAKE_PREFIX_PATH=${{github.workspace}}/install ../aws-sdk-cpp
+          make
+          make install
+
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v2
+        with:
+          aws-region: us-west-2
+          role-to-assume: arn:aws:iam::370957321024:role/GitHub-CI-Public-ESDK-Dafny-Role-us-west-2
+          role-session-name: CESDKTests
+
       - name: Build C-ESDK
+        if: matrix.os != 'ubuntu-22.04'
         env:
           OPENSSL_VERSION: ${{ matrix.openssl_version }}
-        # TODO-RS: Figure out how to safely add AWS credentials and add -DAWS_ENC_SDK_END_TO_END_TESTS=ON and -DAWS_ENC_SDK_KNOWN_GOOD_TESTS=ON 
+        # TODO-RS: Figure out how to safely add AWS credentials and add -DAWS_ENC_SDK_END_TO_END_TESTS=ON and -DAWS_ENC_SDK_KNOWN_GOOD_TESTS=ON
         run: |
           mkdir build-aws-encryption-sdk-c || true
           cd build-aws-encryption-sdk-c
-          cmake -G Xcode -DBUILD_SHARED_LIBS=ON -DOPENSSL_ROOT_DIR="/usr/local/opt/${OPENSSL_VERSION}" ../
+          cmake -G Xcode -DBUILD_SHARED_LIBS=ON -DCMAKE_INSTALL_PREFIX=${{github.workspace}}/install -DCMAKE_PREFIX_PATH=${{github.workspace}}/install -DOPENSSL_ROOT_DIR="/usr/local/opt/${OPENSSL_VERSION}" ../
           xcodebuild -target ALL_BUILD
           xcodebuild -scheme RUN_TESTS
+
+      - name: Build C-ESDK
+        if: matrix.os == 'ubuntu-22.04'
+        env:
+          OPENSSL_VERSION: ${{ matrix.openssl_version }}
+        # TODO-RS: Figure out how to safely add AWS credentials and add -DAWS_ENC_SDK_END_TO_END_TESTS=ON and -DAWS_ENC_SDK_KNOWN_GOOD_TESTS=ON
+        run: |
+          mkdir build-aws-encryption-sdk-c || true
+          cd build-aws-encryption-sdk-c
+          cmake -DBUILD_SHARED_LIBS=ON -DCMAKE_INSTALL_PREFIX=${{github.workspace}}/install -DCMAKE_PREFIX_PATH=${{github.workspace}}/install -DOPENSSL_ROOT_DIR="/usr/local/opt/${OPENSSL_VERSION}" ../
+          make
+          make test
+          make install
+
+      - name: Run Interop Test Vectors
+        if: matrix.os != 'ubuntu-22.04'
+        run: |
+          cd tests/TestVectors/
+          make decrypt_dafny
+          make encrypt
+          make decrypt
+
+      - name: Run Interop Test Vectors
+        if: matrix.os == 'ubuntu-22.04'
+        run: |
+          cd tests/TestVectors/
+          make test_vectors_unix
+          make decrypt_dafny
+          make encrypt
+          make decrypt

.github/workflows/proof_ci.yaml

@@ -3,13 +3,8 @@
 # CBMC starter kit 2.9
 name: Run CBMC proofs
 on:
-  push:
-    branches-ignore:
-      - gh-pages
-  pull_request:
-    branches-ignore:
-      - gh-pages
   workflow_dispatch:
+  workflow_call:
 
 # USAGE
 #

.github/workflows/pull.yml

@@ -0,0 +1,31 @@
+name: Pull Request Workflow
+
+on:
+  pull_request:
+
+jobs:
+  clang-format:
+    uses: ./.github/workflows/clang-format.yml
+    secrets: inherit
+  codebuild:
+    uses: ./.github/workflows/codebuild.yml
+    secrets: inherit
+  osx:
+    uses: ./.github/workflows/osx.yml
+    secrets: inherit
+  proof-ci:
+    uses: ./.github/workflows/proof_ci.yaml
+    secrets: inherit
+  pr-ci-all-required:
+    if: always()
+    needs:
+      - clang-format
+      - codebuild
+      - osx
+      - proof-ci
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Verify all required jobs passed
+        uses: re-actors/alls-green@release/v1
+        with:
+          jobs: ${{ toJSON(needs) }}

.github/workflows/push.yml

@@ -0,0 +1,19 @@
+name: Push Workflow
+
+on:
+  push:
+    branches: master
+
+jobs:
+  clang-format:
+    uses: ./.github/workflows/clang-format.yml
+    secrets: inherit
+  codebuild:
+    uses: ./.github/workflows/codebuild.yml
+    secrets: inherit
+  osx:
+    uses: ./.github/workflows/osx.yml
+    secrets: inherit
+  proof-ci:
+    uses: ./.github/workflows/proof_ci.yaml
+    secrets: inherit

CHANGELOG.md

@@ -1,5 +1,26 @@
 # Changelog
 
+## What's Changed
+* fix(CI): Update Ubuntu Docker Images for AWS-LC by @texastony in https://github.com/aws/aws-encryption-sdk-c/pull/767
+* chore: silence deprecation warnings by @ajewellamz in https://github.com/aws/aws-encryption-sdk-c/pull/771
+* chore: limit number of random bytes generated by @ajewellamz in https://github.com/aws/aws-encryption-sdk-c/pull/773
+* Fix type inconsistencies in CBMC proof harnesses by @tautschnig in https://github.com/aws/aws-encryption-sdk-c/pull/772
+* chore: enable dependabot for git submodules by @tautschnig in https://github.com/aws/aws-encryption-sdk-c/pull/775
+* chore: enable dependabot for github actions by @tautschnig in https://github.com/aws/aws-encryption-sdk-c/pull/779
+* chore(deps): bump aws-encryption-sdk-specification from `c35fbd9` to `0d4d63c` by @dependabot in https://github.com/aws/aws-encryption-sdk-c/pull/778
+* chore: update CBMC version by @tautschnig in https://github.com/aws/aws-encryption-sdk-c/pull/780
+* chore(deps): bump DoozyX/clang-format-lint-action from 0.5 to 0.17 by @dependabot in https://github.com/aws/aws-encryption-sdk-c/pull/782
+* chore(deps): bump actions/checkout from 2 to 4 by @dependabot in https://github.com/aws/aws-encryption-sdk-c/pull/783
+* chore(deps): bump actions/upload-artifact from 3 to 4 by @dependabot in https://github.com/aws/aws-encryption-sdk-c/pull/784
+* chore: use built-in SAT solver for CBMC proofs by @tautschnig in https://github.com/aws/aws-encryption-sdk-c/pull/781
+* fix: CMake Fixes to Make it Compatible with Latest Aws-c-common by @waahm7 in https://github.com/aws/aws-encryption-sdk-c/pull/812
+
+## New Contributors
+* @dependabot made their first contribution in https://github.com/aws/aws-encryption-sdk-c/pull/778
+* @waahm7 made their first contribution in https://github.com/aws/aws-encryption-sdk-c/pull/812
+
+**Full Changelog**: https://github.com/aws/aws-encryption-sdk-c/compare/v2.4.0...v2.4.1
+
 ## 2.4.0 -- 2023-04-04
 
 * feat: Add support for AWS-LC build in ESDK ([#750](https://github.com/aws/aws-encryption-sdk-c/pull/750))

CMakeLists.txt

@@ -12,19 +12,16 @@
 # limitations under the License.
 #
 
-cmake_minimum_required (VERSION 3.9)
+cmake_minimum_required (VERSION 3.10)
 project (aws-encryption-sdk LANGUAGES C)
 
-if (UNIX AND NOT APPLE)
-    include(GNUInstallDirs)
-elseif(NOT DEFINED CMAKE_INSTALL_LIBDIR)
-    set(CMAKE_INSTALL_LIBDIR "lib")
-endif()
-
+include(GNUInstallDirs)
 include(CTest)
 
 list(APPEND CMAKE_MODULE_PATH "${CMAKE_CURRENT_SOURCE_DIR}/cmake")
 
+# This was required for older versions of aws-c-common and fixed in the latest versions.
+# Remove this hack, after updating our CodeBuild tests to use the latest version of aws-c-common.
 # Make sure we can pick up Cmake modules installed by dependencies
 # both when they are in the CMAKE_INSTALL_PREFIX directory
 # and in the CMAKE_PREFIX_PATH list.
@@ -51,7 +48,7 @@ set(PROJECT_NAME aws-encryption-sdk)
 # Version number of the SDK to be consumed by C code and Doxygen
 set(MAJOR 2)
 set(MINOR 4)
-set(PATCH 0)
+set(PATCH 1)
 
 # Compiler feature tests and feature flags
 set(USE_ASM TRUE

cmake/InstallLogic.cmake

@@ -42,17 +42,16 @@ function(aws_install_target)
     endforeach(HEADER_SRCPATH)
 
     install(TARGETS ${AWS_INSTALL_TARGET} EXPORT ${AWS_INSTALL_TARGET}-targets
-        ARCHIVE DESTINATION "${LIBRARY_DIRECTORY}"
-        LIBRARY DESTINATION "${LIBRARY_DIRECTORY}"
-        RUNTIME DESTINATION "${RUNTIME_DIRECTORY}")
-    
+        ARCHIVE DESTINATION "${CMAKE_INSTALL_LIBDIR}"
+        LIBRARY DESTINATION "${CMAKE_INSTALL_LIBDIR}"
+        RUNTIME DESTINATION "${CMAKE_INSTALL_BINDIR}")
+
     configure_file("${PROJECT_SOURCE_DIR}/cmake/${AWS_INSTALL_TARGET}-config.cmake"
         "${CMAKE_CURRENT_BINARY_DIR}/${AWS_INSTALL_TARGET}-config.cmake" @ONLY)
-
-    install(EXPORT "${AWS_INSTALL_TARGET}-targets" DESTINATION "${LIBRARY_DIRECTORY}/${AWS_INSTALL_TARGET}/cmake/"
+    install(EXPORT "${AWS_INSTALL_TARGET}-targets" DESTINATION "${CMAKE_INSTALL_LIBDIR}/${AWS_INSTALL_TARGET}/cmake/"
         NAMESPACE AWS::
     )
-    
+
     install(FILES "${CMAKE_CURRENT_BINARY_DIR}/${AWS_INSTALL_TARGET}-config.cmake"
-        DESTINATION "${LIBRARY_DIRECTORY}/${AWS_INSTALL_TARGET}/cmake/")
+        DESTINATION "${CMAKE_INSTALL_LIBDIR}/${AWS_INSTALL_TARGET}/cmake/")
 endfunction(aws_install_target)