diff --git a/.github/docker-images/al2-x64/Dockerfile b/.github/docker-images/al2-x64/Dockerfile index b8228f253..8344c47ae 100644 --- a/.github/docker-images/al2-x64/Dockerfile +++ b/.github/docker-images/al2-x64/Dockerfile @@ -1,4 +1,4 @@ -FROM amazonlinux:latest +FROM amazonlinux:2 ############################################################################### @@ -14,14 +14,11 @@ RUN yum -y update \ python3-devel \ python3-pip \ make \ - cmake3 \ gcc \ gcc-c++ \ which \ && yum clean all \ - && rm -rf /var/cache/yum \ - && cmake --version \ - && ctest --version + && rm -rf /var/cache/yum ############################################################################### # Python/AWS CLI @@ -37,6 +34,7 @@ WORKDIR /tmp RUN curl -sSL https://d19elf31gohf1l.cloudfront.net/_binaries/cmake/cmake-3.13-manylinux1-x64.tar.gz -o cmake.tar.gz \ && tar xvzf cmake.tar.gz -C /usr/local \ && cmake --version \ + && ctest --version \ && rm -f /tmp/cmake.tar.gz ############################################################################### diff --git a/.github/docker-images/al2023-x64/Dockerfile b/.github/docker-images/al2023-x64/Dockerfile new file mode 100644 index 000000000..c8f77ef6f --- /dev/null +++ b/.github/docker-images/al2023-x64/Dockerfile @@ -0,0 +1,45 @@ +FROM amazonlinux:2023 + + +############################################################################### +# Install prereqs +############################################################################### +RUN yum -y update \ + && yum -y install \ + tar \ + git \ + sudo \ + # Python + python3 \ + python3-devel \ + python3-pip \ + make \ + gcc \ + gcc-c++ \ + which \ + && yum clean all \ + && rm -rf /var/cache/yum + +############################################################################### +# Python/AWS CLI +############################################################################### +RUN python3 -m pip install setuptools virtualenv \ + && python3 -m pip install --upgrade awscli \ + && aws --version + +############################################################################### +# Install pre-built CMake +############################################################################### +WORKDIR /tmp +RUN curl -sSL https://d19elf31gohf1l.cloudfront.net/_binaries/cmake/cmake-3.13-manylinux1-x64.tar.gz -o cmake.tar.gz \ + && tar xvzf cmake.tar.gz -C /usr/local \ + && cmake --version \ + && ctest --version \ + && rm -f /tmp/cmake.tar.gz + +############################################################################### +# Install entrypoint +############################################################################### +ADD entrypoint.sh /usr/local/bin/builder +RUN chmod a+x /usr/local/bin/builder +ENTRYPOINT ["/usr/local/bin/builder"] diff --git a/.github/workflows/create-channel.yml b/.github/workflows/create-channel.yml index dceed3c27..6b293a7fa 100644 --- a/.github/workflows/create-channel.yml +++ b/.github/workflows/create-channel.yml @@ -16,17 +16,24 @@ on: env: AWS_S3_BUCKET: ${{ secrets.AWS_S3_BUCKET }} - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - AWS_REGION: 'us-east-1' + CRT_CI_ROLE: ${{ secrets.CRT_CI_ROLE_ARN }} + AWS_DEFAULT_REGION: us-east-1 + +permissions: + id-token: write # This is required for requesting the JWT # nothing jobs: package: name: Package builder app - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 steps: + - uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: ${{ env.CRT_CI_ROLE }} + aws-region: ${{ env.AWS_DEFAULT_REGION }} + - name: Checkout Source uses: actions/checkout@v4 @@ -54,7 +61,7 @@ jobs: standard-images: name: ${{ matrix.variant.name }} - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 strategy: fail-fast: false matrix: @@ -68,6 +75,7 @@ jobs: - name: musllinux-1-1-x64 - name: al2012-x64 - name: al2-x64 + - name: al2023-x64 - name: ubuntu-18-x64 - name: ubuntu-20-x64 - name: ubuntu-20-aarch64 @@ -89,6 +97,11 @@ jobs: - name: openwrt-x64-openjdk8 steps: + - uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: ${{ env.CRT_CI_ROLE }} + aws-region: ${{ env.AWS_DEFAULT_REGION }} + - name: Checkout Sources uses: actions/checkout@v4 @@ -109,8 +122,9 @@ jobs: uses: whoan/docker-build-with-cache-action@v8 with: registry: ${{ secrets.AWS_ECR_REPO }} - username: ${{ secrets.AWS_ACCESS_KEY_ID }} - password: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + username: ${{ steps.creds.outputs.aws-access-key-id }} + password: ${{ steps.creds.outputs.aws-secret-access-key }} + session: ${{ steps.creds.outputs.aws-session-token }} image_name: aws-crt-${{ matrix.variant.name }} image_tag: ${{ steps.tag.outputs.release_tag }} context: .github/docker-images/${{ matrix.variant.name }} diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml index 98516df3c..12dba54f1 100644 --- a/.github/workflows/create-release.yml +++ b/.github/workflows/create-release.yml @@ -6,19 +6,30 @@ on: types: [published] workflow_dispatch: - env: AWS_S3_BUCKET: ${{ secrets.AWS_S3_BUCKET }} - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - AWS_REGION: 'us-east-1' + CRT_CI_ROLE: ${{ secrets.CRT_CI_ROLE_ARN }} + AWS_DEFAULT_REGION: us-east-1 + +permissions: + id-token: write # This is required for requesting the JWT jobs: package: name: Package builder app - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 steps: + - uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: ${{ env.CRT_CI_ROLE }} + aws-region: ${{ env.AWS_DEFAULT_REGION }} + + - uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: ${{ env.CRT_CI_ROLE }} + aws-region: ${{ env.AWS_DEFAULT_REGION }} + - name: Checkout Source uses: actions/checkout@v4 @@ -48,7 +59,7 @@ jobs: export-linux-images: name: Release aws-crt-${{ matrix.variant }} - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 strategy: fail-fast: false matrix: @@ -62,6 +73,7 @@ jobs: - name: musllinux-1-1-x64 - name: al2012-x64 - name: al2-x64 + - name: al2023-x64 - name: ubuntu-18-x64 - name: ubuntu-20-x64 - name: ubuntu-20-aarch64 @@ -83,6 +95,11 @@ jobs: - name: openwrt-x64-openjdk8 steps: + - uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: ${{ env.CRT_CI_ROLE }} + aws-region: ${{ env.AWS_DEFAULT_REGION }} + - name: Checkout Sources uses: actions/checkout@v4 @@ -100,8 +117,9 @@ jobs: uses: whoan/docker-build-with-cache-action@v8 with: registry: ${{ secrets.AWS_ECR_REPO }} - username: ${{ secrets.AWS_ACCESS_KEY_ID }} - password: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + username: ${{ steps.creds.outputs.aws-access-key-id }} + password: ${{ steps.creds.outputs.aws-secret-access-key }} + session: ${{ steps.creds.outputs.aws-session-token }} image_name: aws-crt-${{ matrix.variant.name }} image_tag: ${{ steps.tag.outputs.release_tag }} context: .github/docker-images/${{ matrix.variant.name }} @@ -134,9 +152,14 @@ jobs: upload-ci-script: name: Upload container ci script - runs-on: ubuntu-latest + runs-on: ubuntu-2024 steps: + - uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: ${{ env.CRT_CI_ROLE }} + aws-region: ${{ env.AWS_DEFAULT_REGION }} + - name: Checkout Source uses: actions/checkout@v4 diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 77d1f0e26..1167a0e1d 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -7,7 +7,7 @@ on: jobs: autopep8: - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 steps: - name: Checkout Source diff --git a/.github/workflows/sanity-test.yml b/.github/workflows/sanity-test.yml index d1faed477..61722b7f8 100644 --- a/.github/workflows/sanity-test.yml +++ b/.github/workflows/sanity-test.yml @@ -12,14 +12,16 @@ on: env: AWS_S3_BUCKET: ${{ secrets.AWS_S3_BUCKET }} - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - AWS_REGION: 'us-east-1' + CRT_CI_ROLE: ${{ secrets.CRT_CI_ROLE_ARN }} + AWS_DEFAULT_REGION: us-east-1 + +permissions: + id-token: write # This is required for requesting the JWT jobs: cleanup: name: Clean up previous branch jobs - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 steps: - name: Clean up previous branch jobs uses: rokroskar/workflow-run-cleanup-action@master @@ -28,7 +30,7 @@ jobs: unit_test: name: Unit Tests - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 steps: - name: Checkout Source uses: actions/checkout@v4 @@ -38,9 +40,14 @@ jobs: package: name: Package builder app - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 steps: + - uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: ${{ env.CRT_CI_ROLE }} + aws-region: ${{ env.AWS_DEFAULT_REGION }} + - name: Checkout Source uses: actions/checkout@v4 @@ -78,7 +85,7 @@ jobs: strategy: fail-fast: false matrix: - host: [ubuntu-22.04, macos-12, macos-13, macos-14, windows-2022] + host: [ubuntu-22.04, macos-13, macos-14, windows-2022] needs: package runs-on: ${{ matrix.host }} steps: @@ -137,7 +144,7 @@ jobs: # Make sure cross compiling works cross_compile: - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 needs: [package] strategy: matrix: @@ -204,6 +211,10 @@ jobs: compiler: [gcc-8, clang-9] std: [c++11, c++14, c++17, c++2a] steps: + - uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: ${{ env.CRT_CI_ROLE }} + aws-region: ${{ env.AWS_DEFAULT_REGION }} - name: Checkout Source uses: actions/checkout@v4 @@ -227,7 +238,7 @@ jobs: - aws-iot-device-sdk-python-v2 needs: package - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 steps: - name: Install builder uses: actions/download-artifact@v4 @@ -254,6 +265,11 @@ jobs: needs: package runs-on: ubuntu-20.04 steps: + - uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: ${{ env.CRT_CI_ROLE }} + aws-region: ${{ env.AWS_DEFAULT_REGION }} + - name: Checkout Source uses: actions/checkout@v4 @@ -281,8 +297,13 @@ jobs: - musllinux-1-1-x64 needs: package - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 steps: + - uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: ${{ env.CRT_CI_ROLE }} + aws-region: ${{ env.AWS_DEFAULT_REGION }} + - name: Checkout Source uses: actions/checkout@v4 @@ -314,8 +335,13 @@ jobs: - swift-5-al2-x64 needs: package - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 steps: + - uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: ${{ env.CRT_CI_ROLE }} + aws-region: ${{ env.AWS_DEFAULT_REGION }} + - name: Checkout Source uses: actions/checkout@v4 @@ -334,7 +360,7 @@ jobs: sanity-tests-passed: name: All Sanity Tests passed - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 needs: - unit_test - sanity_test diff --git a/builder/core/host.py b/builder/core/host.py index 41d3a9aca..e2e67d08e 100644 --- a/builder/core/host.py +++ b/builder/core/host.py @@ -70,7 +70,11 @@ def current_host(): def _discover_host(): platform = current_os() if platform == 'linux': - if _file_contains('/etc/system-release', 'Amazon Linux release 2'): + # Note: that AL2 and AL2023 have the same substring. Check for AL2023 explicitly. + # And also check that AL2 has "2 (", which is common to all base distributions of AL2 + if _file_contains('/etc/system-release', 'Amazon Linux release 2023'): + return 'al2023' + if _file_contains('/etc/system-release', 'Amazon Linux release 2 ('): return 'al2' if _file_contains('/etc/system-release', 'Bare Metal') or _file_contains('/etc/system-release', 'Amazon Linux AMI'): return 'al2012'