autofix script and workflow #148

Workflow file for this run

.github/workflows/integration_omnibus.yml at 0cd3f94

	name: integration-omnibus
	on:
	push:
	branches: [ '*' ]
	pull_request:
	branches: [ '*' ]
	schedule:
	- cron: "0 0 * * *"
	concurrency:
	group: ${{ github.workflow }}-${{ github.ref_name }}
	cancel-in-progress: true
	env:
	GOPROXY: https://proxy.golang.org,direct
	permissions:
	contents: read
	actions: read
	id-token: write

	jobs:
	integrations:
	name: ${{ matrix.name }}-${{ matrix.arch }}
	continue-on-error: ${{ matrix.allow_failure \|\| false }}
	runs-on:
	- codebuild-aws-lc-ci-github-actions-${{ github.run_id }}-${{ github.run_attempt }}
	image:${{ matrix.arch == 'x86_64' && 'linux-5.0' \|\| matrix.arch == 'aarch64' && 'arm-3.0' }}
	instance-size:${{ matrix.size }}
	strategy:
	fail-fast: false
	matrix:
	include:
	# s2n-tls Integration Tests
	- name: s2n-tls
	arch: x86_64
	size: small
	image: ubuntu:20.04
	compiler: clang-9
	run: ./tests/ci/integration/run_s2n_integration.sh

	# AWS Common Runtime (CRT) Integration Tests
	- name: aws-crt
	arch: x86_64
	size: small
	image: amazonlinux:2023
	compiler: gcc-11
	run: ./tests/ci/integration/run_crt_integration.sh
	- name: aws-crt
	arch: aarch64
	size: small
	image: amazonlinux:2023
	compiler: gcc-11
	run: ./tests/ci/integration/run_crt_integration.sh

	# libgit2 (pinned to a release - required)
	- name: libgit2
	arch: x86_64
	size: small
	image: ubuntu:22.04
	compiler: gcc-12
	allow_failure: false
	run: ./tests/ci/integration/run_libgit2_integration.sh v1.9.4
	# libgit2 (tracking upstream main - informational, allowed to fail)
	- name: libgit2-main
	arch: x86_64
	size: small
	image: ubuntu:22.04
	compiler: gcc-12
	allow_failure: true
	run: ./tests/ci/integration/run_libgit2_integration.sh main

	# OpenSSH Integration Tests
	- name: openssh-master
	arch: x86_64
	size: small
	image: amazonlinux:2023
	compiler: clang-15
	openssh_branch: master
	run: ./tests/ci/integration/run_openssh_integration.sh
	- name: openssh-v8.9
	arch: x86_64
	size: small
	image: amazonlinux:2023
	compiler: clang-15
	openssh_branch: V_8_9
	run: ./tests/ci/integration/run_openssh_integration.sh
	- name: openssh-master
	arch: aarch64
	size: 2xlarge
	image: amazonlinux:2023
	compiler: clang-15
	openssh_branch: master
	run: ./tests/ci/integration/run_openssh_integration.sh
	- name: openssh-v8.9
	arch: aarch64
	size: 2xlarge
	image: amazonlinux:2023
	compiler: clang-15
	openssh_branch: V_8_9
	run: ./tests/ci/integration/run_openssh_integration.sh

	# PostgreSQL Integration Tests
	- name: postgresql
	arch: x86_64
	size: medium
	image: ubuntu:22.04
	compiler: gcc-12
	user: postgres
	run: ./tests/ci/integration/run_postgres_integration.sh
	- name: postgresql
	arch: aarch64
	size: large
	image: ubuntu:22.04
	compiler: gcc-12
	user: postgres
	run: ./tests/ci/integration/run_postgres_integration.sh

	# MySQL Integration Tests
	- name: mysql
	arch: x86_64
	size: 2xlarge
	image: ubuntu:22.04
	compiler: gcc-12
	credentials: true
	user: postgres
	run: ./tests/ci/integration/run_mysql_integration.sh
	- name: mysql
	arch: aarch64
	size: 2xlarge
	image: ubuntu:22.04
	compiler: gcc-12
	credentials: true
	user: postgres
	run: ./tests/ci/integration/run_mysql_integration.sh

	# MariaDB Integration Tests
	- name: mariadb
	arch: x86_64
	size: 2xlarge
	image: ubuntu:22.04
	compiler: gcc-12
	run: ./tests/ci/integration/run_mariadb_integration.sh
	- name: mariadb
	arch: aarch64
	size: 2xlarge
	image: ubuntu:22.04
	compiler: gcc-12
	run: ./tests/ci/integration/run_mariadb_integration.sh

	# Curl Integration Tests
	- name: curl
	arch: x86_64
	size: medium
	image: ubuntu:22.04
	compiler: gcc-11
	ipv6: true
	run: ./tests/ci/integration/run_curl_integration.sh
	- name: curl
	arch: aarch64
	size: large
	image: ubuntu:22.04
	compiler: gcc-11
	ipv6: true
	run: ./tests/ci/integration/run_curl_integration.sh

	# NGINX Integration Tests
	- name: nginx
	arch: x86_64
	size: medium
	image: ubuntu:22.04
	compiler: gcc-12
	user: postgres
	run: ./tests/ci/integration/run_nginx_integration.sh
	- name: nginx
	arch: aarch64
	size: large
	image: ubuntu:22.04
	compiler: gcc-12
	user: postgres
	run: ./tests/ci/integration/run_nginx_integration.sh

	# SSLProxy Integration Tests
	- name: sslproxy
	arch: x86_64
	size: medium
	image: ubuntu:22.04
	compiler: gcc-12
	run: ./tests/ci/integration/run_sslproxy_integration.sh
	- name: sslproxy
	arch: aarch64
	size: large
	image: ubuntu:22.04
	compiler: gcc-12
	run: ./tests/ci/integration/run_sslproxy_integration.sh

	# Monit Integration Tests
	- name: monit
	arch: x86_64
	size: small
	image: ubuntu:22.04
	compiler: gcc-12
	credentials: true
	run: ./tests/ci/integration/run_monit_integration.sh

	# librelp Integration Tests
	- name: librelp
	arch: x86_64
	size: small
	image: ubuntu:22.04
	compiler: gcc-12
	run: ./tests/ci/integration/run_librelp_integration.sh

	# HAProxy Integration Tests
	- name: haproxy
	arch: x86_64
	size: small
	image: ubuntu:22.04
	compiler: gcc-12
	run: ./tests/ci/integration/run_haproxy_integration.sh

	# Trousers Integration Tests
	- name: trousers
	arch: x86_64
	size: small
	image: ubuntu:22.04
	compiler: gcc-12
	run: ./tests/ci/integration/run_trousers_integration.sh

	# NTP Integration Tests
	- name: ntp
	arch: x86_64
	size: small
	image: ubuntu:22.04
	compiler: gcc-12
	run: ./tests/ci/integration/run_ntp_integration.sh

	# PQ TLS Integration Tests
	- name: pq-tls
	arch: x86_64
	size: medium
	image: ubuntu:22.04
	compiler: gcc-12
	run: ./tests/ci/integration/run_pq_tls_integration.sh

	# tpm2-tss Integration Tests
	- name: tpm2-tss
	arch: x86_64
	size: small
	image: ubuntu:22.04
	compiler: gcc-12
	run: ./tests/ci/integration/run_tpm2_tss_integration.sh

	# tcpdump Integration Tests
	- name: tcpdump
	arch: x86_64
	size: small
	image: ubuntu:22.04
	compiler: gcc-12
	run: ./tests/ci/integration/run_tcpdump_integration.sh

	# OpenLDAP Integration Tests
	- name: openldap-master
	arch: x86_64
	size: medium
	image: ubuntu:22.04
	compiler: gcc-12
	run: ./tests/ci/integration/run_openldap_integration.sh master
	- name: openldap-v2.5
	arch: x86_64
	size: medium
	image: ubuntu:22.04
	compiler: gcc-12
	run: ./tests/ci/integration/run_openldap_integration.sh OPENLDAP_REL_ENG_2_5

	# Cyrus SASL Integration Tests
	- name: cyrus-sasl
	arch: x86_64
	size: small
	image: ubuntu:22.04
	compiler: gcc-12
	run: ./tests/ci/integration/run_cyrus_sasl_integration.sh

	# Amazon Corretto Crypto Provider Integration Tests
	- name: accp-aarch64
	arch: aarch64
	size: 2xlarge
	image: ubuntu:22.04
	compiler: gcc-12
	accp_fips: false
	run: ./tests/ci/integration/run_accp_integration.sh
	- name: accp-fips-aarch64
	arch: aarch64
	size: 2xlarge
	image: ubuntu:22.04
	compiler: gcc-12
	accp_fips: true
	run: ./tests/ci/integration/run_accp_integration.sh
	- name: accp-x86_64
	arch: x86_64
	size: 2xlarge
	image: ubuntu:22.04
	compiler: gcc-12
	accp_fips: false
	run: ./tests/ci/integration/run_accp_integration.sh
	- name: accp-fips-x86_64
	arch: x86_64
	size: 2xlarge
	image: ubuntu:22.04
	compiler: gcc-12
	accp_fips: true
	run: ./tests/ci/integration/run_accp_integration.sh

	# NMAP Integration Tests
	- name: nmap-7.99
	arch: x86_64
	size: medium
	image: ubuntu:22.04
	compiler: gcc-12
	run: ./tests/ci/integration/run_nmap_integration.sh deb076224e9f138ea29fa4823bcce0030301dc54
	- name: nmap-master
	arch: x86_64
	size: medium
	image: ubuntu:22.04
	compiler: gcc-12
	# integration test against master is informational, subject to upstream breakage.
	allow_failure: true
	run: ./tests/ci/integration/run_nmap_integration.sh master

	# IBM TPM Integration Tests
	- name: ibmtpm
	arch: x86_64
	size: medium
	image: ubuntu:22.04
	compiler: gcc-12
	run: ./tests/ci/integration/run_ibmtpm_integration.sh

	# libwebsockets Integration Tests
	- name: libwebsockets
	arch: x86_64
	size: medium
	image: ubuntu:22.04
	compiler: gcc-12
	run: ./tests/ci/integration/run_libwebsockets_integration.sh

	# GRPC Integration Tests
	- name: grpc
	arch: x86_64
	size: 2xlarge
	image: ubuntu:22.04
	compiler: gcc-12
	ipv6: true
	run: ./tests/ci/integration/run_grpc_integration.sh

	# Bind9 Integration Tests
	- name: bind9
	arch: x86_64
	size: medium
	image: ubuntu:22.04
	compiler: gcc-12
	ipv6: true
	options: --privileged
	run: \|
	python3 -m pip install --upgrade meson
	./tests/ci/integration/run_bind9_integration.sh

	# strongSwan Integration Tests
	- name: strongswan
	arch: x86_64
	size: small
	image: ubuntu:22.04
	compiler: gcc-12
	ipv6: true
	run: ./tests/ci/integration/run_strongswan_integration.sh

	# OpenVPN Integration Tests
	- name: openvpn-master
	arch: x86_64
	size: medium
	image: ubuntu:22.04
	compiler: gcc-12
	ipv6: true
	run: ./tests/ci/integration/run_openvpn_integration.sh master
	- name: openvpn-v2.6
	arch: x86_64
	size: medium
	image: ubuntu:22.04
	compiler: gcc-12
	ipv6: true
	run: ./tests/ci/integration/run_openvpn_integration.sh release/2.6

	# XMLSec Integration Tests
	- name: xmlsec
	arch: x86_64
	size: medium
	image: ubuntu:22.04
	compiler: gcc-12
	options: --privileged
	run: ./tests/ci/integration/run_xmlsec_integration.sh

	# XtraBackup Integration Tests
	- name: xtrabackup
	arch: x86_64
	size: large
	image: ubuntu:22.04
	compiler: gcc-12
	run: ./tests/ci/integration/run_xtrabackup_integration.sh

	# PyOpenSSL Integration Tests
	- name: pyopenssl
	arch: x86_64
	size: medium
	image: ubuntu:22.04
	compiler: gcc-12
	run: ./tests/ci/integration/run_pyopenssl_integration.sh '25.3.0'
	env:
	OPENSSH_BRANCH: ${{ matrix.openssh_branch \|\| '' }}
	ACCP_FIPS: ${{ matrix.accp_fips \|\| '' }}
	steps:
	- uses: actions/checkout@v7
	- name: Login to Amazon ECR
	id: login-ecr
	uses: aws-actions/amazon-ecr-login@v2
	- uses: ./.github/actions/codebuild-docker-run
	name: Run Container
	id: integration-test
	with:
	image: ${{ steps.login-ecr.outputs.registry }}/aws-lc/${{ matrix.image }}
	env: \|
	OPENSSH_BRANCH
	ACCP_FIPS
	options: ${{ matrix.options \|\| '' }}
	user: ${{ matrix.user \|\| '' }}
	ipv6: ${{ matrix.ipv6 \|\| false }}
	withCredentials: ${{ matrix.credentials \|\| false }}
	run: \|
	source /opt/compiler-env/setup-${{ matrix.compiler }}.sh
	${{ matrix.run }}
	# Emit a marker only when the integration test itself fails, not on
	# operational failures, so the report-failures alarm counts real downstream breakages only, except for tests
	# that are purely informational and breakages are accepted.
	- name: Mark integration failure
	if: always() && steps.integration-test.outcome == 'failure' && github.event_name == 'schedule' && !matrix.allow_failure

	env:
	INTEGRATION_RUNNER_COMMAND: ${{ matrix.run }}
	run: \|
	# Read each line so multi-line run blocks (e.g. bind9 runs pip install
	# before invocating the runner) still resolve to the runner script + its version.
	while read -r script_path version _; do
	[[ "$script_path" == *_integration.sh ]] && break
	done <<< "$INTEGRATION_RUNNER_COMMAND"

	# Strip the path, run_ prefix, and _integration.sh suffix to get the
	# bare integration name (e.g. .../run_postgres_integration.sh -> postgres).
	integration=${script_path##*/} # .../run_postgres_integration.sh -> run_postgres_integration.sh
	integration=${integration#run_} # -> postgres_integration.sh
	integration=${integration%_integration.sh} # -> postgres
	version=${version//[\'\"]/} # strip quotes (e.g. pyopenssl '25.3.0')
	echo -e "${integration}\t${version}" > integration-failure.txt

	- uses: actions/upload-artifact@v7
	if: always() && steps.integration-test.outcome == 'failure' && github.event_name == 'schedule' && !matrix.allow_failure
	with:
	name: integration-failure-${{ matrix.name }}-${{ matrix.arch }}
	path: integration-failure.txt

	python:
	name: python-${{ matrix.version }}${{ matrix.buildFIPS == 1 && '-fips' \|\| '' }}-${{ matrix.crtUseSystemCrypto == 1 && 'crt-vendored-crypto' \|\| 'crt-system-crypto' }}-${{ matrix.arch }}
	runs-on:
	- codebuild-aws-lc-ci-github-actions-${{ github.run_id }}-${{ github.run_attempt }}
	image:linux-5.0
	instance-size:medium
	strategy:
	fail-fast: false
	matrix:
	arch: ["x86_64"]
	version:
	- "3.9"
	- "3.10"
	- "3.11"
	- "3.12"
	- "3.13"
	- "3.14"
	buildFIPS: [0, 1]
	crtUseSystemCrypto: [0, 1]
	include:
	- version: main
	buildFIPS: 0
	crtUseSystemCrypto: 0
	arch: x86_64
	env:
	FIPS: ${{ matrix.buildFIPS }}
	AWS_CRT_BUILD_USE_SYSTEM_LIBCRYPTO: ${{ matrix.crtUseSystemCrypto }}
	steps:
	- uses: actions/checkout@v7
	- name: Login to Amazon ECR
	id: login-ecr
	uses: aws-actions/amazon-ecr-login@v2
	- uses: ./.github/actions/codebuild-docker-run
	name: Run Container
	id: integration-test
	with:
	image: ${{ steps.login-ecr.outputs.registry }}/aws-lc/ubuntu:22.04
	env: \|
	FIPS
	AWS_CRT_BUILD_USE_SYSTEM_LIBCRYPTO
	ipv6: true
	run: \|
	source /opt/compiler-env/setup-gcc-12.sh
	./tests/ci/integration/run_python_integration.sh ${{ matrix.version }}
	- name: Mark integration failure
	if: always() && steps.integration-test.outcome == 'failure' && github.event_name == 'schedule'
	run: echo -e "python\t${{ matrix.version }}" > integration-failure.txt
	- uses: actions/upload-artifact@v7
	if: always() && steps.integration-test.outcome == 'failure' && github.event_name == 'schedule'
	with:
	name: integration-failure-python-${{ matrix.version }}-${{ matrix.buildFIPS }}-${{ matrix.crtUseSystemCrypto }}-${{ matrix.arch }}
	path: integration-failure.txt

	ruby:
	name: ruby-${{ matrix.version }}${{ matrix.buildFIPS == 1 && '-fips' \|\| '' }}-${{ matrix.arch }}
	runs-on:
	- codebuild-aws-lc-ci-github-actions-${{ github.run_id }}-${{ github.run_attempt }}
	image:linux-5.0
	instance-size:medium
	strategy:
	fail-fast: false
	matrix:
	arch: ["x86_64"]
	version:
	- master
	- ruby_3_2
	- ruby_3_3
	- ruby_3_4
	buildFIPS: [0, 1]
	env:
	FIPS: ${{ matrix.buildFIPS }}
	steps:
	- uses: actions/checkout@v7
	- name: Login to Amazon ECR
	id: login-ecr
	uses: aws-actions/amazon-ecr-login@v2
	- uses: ./.github/actions/codebuild-docker-run
	name: Run Container
	id: integration-test
	with:
	image: ${{ steps.login-ecr.outputs.registry }}/aws-lc/ubuntu:24.04
	env: \|
	FIPS
	ipv6: true
	run: \|
	source /opt/compiler-env/setup-gcc-13.sh
	./tests/ci/integration/run_ruby_integration.sh ${{ matrix.version }}
	- name: Mark integration failure
	if: always() && steps.integration-test.outcome == 'failure' && github.event_name == 'schedule'
	run: echo -e "ruby\t${{ matrix.version }}" > integration-failure.txt
	- uses: actions/upload-artifact@v7
	if: always() && steps.integration-test.outcome == 'failure' && github.event_name == 'schedule'
	with:
	name: integration-failure-ruby-${{ matrix.version }}-${{ matrix.buildFIPS }}-${{ matrix.arch }}
	path: integration-failure.txt

	report-failures:
	name: report-failures
	needs: [integrations, python, ruby]
	if: ${{ always() && github.event_name == 'schedule' }}
	runs-on:
	- codebuild-aws-lc-ci-github-actions-${{ github.run_id }}-${{ github.run_attempt }}
	image:linux-5.0
	instance-size:small
	steps:
	- uses: actions/checkout@v7
	with:
	persist-credentials: false
	- uses: ./.github/actions/configure-aws-credentials
	- name: Emit failure metric
	env:
	GH_TOKEN: ${{ github.token }}
	run: \|
	set -exo pipefail
	# Count the failure artifacts to get the number of broken integration tests.
	# We keep only the integration-failure-* markers and count lines with wc -l instead of jq length,
	# since --paginate would make jq emit a separate count for each page.
	failure_count=$(gh api --paginate \
	"/repos/${GITHUB_REPOSITORY}/actions/runs/${GITHUB_RUN_ID}/artifacts" \
	--jq '.artifacts[] \| select(.name \| startswith("integration-failure-")) \| .name' \
	\| wc -l \| tr -d ' ')

	aws cloudwatch put-metric-data \
	--namespace AWS-LC \
	--metric-name IntegrationOmnibusFailure \
	--value "$failure_count"

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

autofix script and workflow #148

Workflow file

autofix script and workflow #148

Uh oh!

Workflow file for this run