Skip to content

merge main

merge main #587

Workflow file for this run

name: CI
on:
push:
branches-ignore:
- 'main'
- 'docs'
env:
BUILDER_VERSION: v0.9.46
BUILDER_SOURCE: releases
BUILDER_HOST: https://d19elf31gohf1l.cloudfront.net
PACKAGE_NAME: aws-iot-device-sdk-js-v2
LINUX_BASE_IMAGE: ubuntu-16-x64
RUN: ${{ github.run_id }}-${{ github.run_number }}
AWS_DEFAULT_REGION: us-east-1
DA_TOPIC: test/da
DA_SHADOW_PROPERTY: datest
DA_SHADOW_VALUE_SET: ON
DA_SHADOW_VALUE_DEFAULT: OFF
CI_IOT_CONTAINERS: arn:aws:iam::123124136734:role/CRT_IoT_Containers
CI_PUBSUB_ROLE: arn:aws:iam::180635532705:role/CI_PubSub_Role
CI_COGNITO_ROLE: arn:aws:iam::180635532705:role/CI_Cognito_Role
CI_X509_ROLE: arn:aws:iam::180635532705:role/CI_X509_Role
CI_CUSTOM_AUTHORIZER_ROLE: arn:aws:iam::180635532705:role/CI_CustomAuthorizer_Role
CI_SHADOW_ROLE: arn:aws:iam::180635532705:role/CI_Shadow_Role
CI_JOBS_ROLE: arn:aws:iam::180635532705:role/CI_Jobs_Role
CI_FLEET_PROVISIONING_ROLE: arn:aws:iam::180635532705:role/service-role/CI_FleetProvisioning_Role
CI_DEVICE_ADVISOR: arn:aws:iam::180635532705:role/CI_DeviceAdvisor_Role
CI_MQTT5_ROLE: arn:aws:iam::180635532705:role/CI_MQTT5_Role
CI_GREENGRASS_ROLE: arn:aws:iam::180635532705:role/CI_Greengrass_Role
CI_SHADOW_SERVICE_CLIENT_ROLE: arn:aws:iam::180635532705:role/CI_ShadowServiceClient_Role
CI_JOBS_SERVICE_CLIENT_ROLE: arn:aws:iam::180635532705:role/CI_JobsServiceClient_Role
jobs:
al2:
runs-on: ubuntu-latest
permissions:
id-token: write # This is required for requesting the JWT
steps:
- name: configure AWS credentials (containers)
uses: aws-actions/configure-aws-credentials@v1
with:
role-to-assume: ${{ env.CI_IOT_CONTAINERS }}
aws-region: ${{ env.AWS_DEFAULT_REGION }}
# We can't use the `uses: docker://image` version yet, GitHub lacks authentication for actions -> packages
- name: Build ${{ env.PACKAGE_NAME }}
run: |
aws s3 cp s3://aws-crt-test-stuff/ci/${{ env.BUILDER_VERSION }}/linux-container-ci.sh ./linux-container-ci.sh && chmod a+x ./linux-container-ci.sh
./linux-container-ci.sh ${{ env.BUILDER_VERSION }} aws-crt-al2-x64 build -p ${{ env.PACKAGE_NAME }}
raspberry:
runs-on: ubuntu-latest # latest
permissions:
id-token: write # This is required for requesting the JWT
strategy:
fail-fast: false
matrix:
image:
- raspbian-bullseye
steps:
- name: configure AWS credentials (containers)
uses: aws-actions/configure-aws-credentials@v1
with:
role-to-assume: ${{ env.CI_IOT_CONTAINERS }}
aws-region: ${{ env.AWS_DEFAULT_REGION }}
# set arm arch
- name: Install qemu/docker
run: docker run --rm --privileged multiarch/qemu-user-static --reset -p yes
- name: Build ${{ env.PACKAGE_NAME }}
run: |
aws s3 cp s3://aws-crt-test-stuff/ci/${{ env.BUILDER_VERSION }}/linux-container-ci.sh ./linux-container-ci.sh && chmod a+x ./linux-container-ci.sh
./linux-container-ci.sh ${{ env.BUILDER_VERSION }} aws-crt-${{ matrix.image }} build -p ${{ env.PACKAGE_NAME }}
windows:
runs-on: windows-latest
permissions:
id-token: write # This is required for requesting the JWT
steps:
- name: Build ${{ env.PACKAGE_NAME }}
run: |
python -c "from urllib.request import urlretrieve; urlretrieve('${{ env.BUILDER_HOST }}/${{ env.BUILDER_SOURCE }}/${{ env.BUILDER_VERSION }}/builder.pyz?run=${{ env.RUN }}', 'builder.pyz')"
python builder.pyz build -p ${{ env.PACKAGE_NAME }}
- name: Running samples in CI setup
run: |
python -m pip install boto3
- name: configure AWS credentials (PubSub)
uses: aws-actions/configure-aws-credentials@v1
with:
role-to-assume: ${{ env.CI_PUBSUB_ROLE }}
aws-region: ${{ env.AWS_DEFAULT_REGION }}
- name: run PubSub sample
run: |
python ./aws-iot-device-sdk-js-v2/utils/run_in_ci.py --file ./aws-iot-device-sdk-js-v2/.github/workflows/ci_run_pubsub_cfg.json
<<<<<<< HEAD

Check failure on line 96 in .github/workflows/ci.yml

View workflow run for this annotation

GitHub Actions / .github/workflows/ci.yml

Invalid workflow file

You have an error in your yaml syntax on line 96
# The electron app in CI would not perform any IoT operations. The CI only verify the app is launched correctly.
# This is because electron requires manually input for pwd while processing the credentials. Currently we don't have a good way to workaround it.
- name: run PubSub Electron sample
run: |
python ./aws-iot-device-sdk-js-v2/utils/run_in_ci.py --file ./aws-iot-device-sdk-js-v2/.github/workflows/ci_run_pubsub_electron_cfg.json
- name: run Windows Certificate Connect sample
run: |
python ./aws-iot-device-sdk-js-v2/utils/run_in_ci.py --file ./aws-iot-device-sdk-js-v2/.github/workflows/ci_run_windows_cert_connect_cfg.json
=======
# TODO Temporarily disable this job. Enable it after the issue is properly fixes.
# - name: run Windows Certificate Connect sample
# run: |
# python ./aws-iot-device-sdk-js-v2/utils/run_in_ci.py --file ./aws-iot-device-sdk-js-v2/.github/workflows/ci_run_windows_cert_connect_cfg.json
>>>>>>> 2e175eba10e4eb60f0f70cb8482fd5801c5a4fb1
- name: configure AWS credentials (Device Advisor)
uses: aws-actions/configure-aws-credentials@v1
with:
role-to-assume: ${{ env.CI_DEVICE_ADVISOR }}
aws-region: ${{ env.AWS_DEFAULT_REGION }}
- name: run DeviceAdvisor
run: |
cd ./aws-iot-device-sdk-js-v2
python ./deviceadvisor/script/DATestRun.py
osx:
runs-on: macos-latest
permissions:
id-token: write # This is required for requesting the JWT
steps:
- name: Build ${{ env.PACKAGE_NAME }}
run: |
python3 -c "from urllib.request import urlretrieve; urlretrieve('${{ env.BUILDER_HOST }}/${{ env.BUILDER_SOURCE }}/${{ env.BUILDER_VERSION }}/builder.pyz?run=${{ env.RUN }}', 'builder')"
chmod a+x builder
./builder build -p ${{ env.PACKAGE_NAME }}
- name: Running samples in CI setup
run: |
python3 -m pip install boto3
- name: configure AWS credentials (PubSub)
uses: aws-actions/configure-aws-credentials@v1
with:
role-to-assume: ${{ env.CI_PUBSUB_ROLE }}
aws-region: ${{ env.AWS_DEFAULT_REGION }}
- name: run PubSub sample
run: |
python3 ./aws-iot-device-sdk-js-v2/utils/run_in_ci.py --file ./aws-iot-device-sdk-js-v2/.github/workflows/ci_run_pubsub_cfg.json
# The electron app in CI would not perform any IoT operations. The CI only verify the app is launched correctly.
# This is because electron requires manually input for pwd while processing the credentials. Currently we don't have a good way to workaround it.
- name: run PubSub Electron sample
run: |
python ./aws-iot-device-sdk-js-v2/utils/run_in_ci.py --file ./aws-iot-device-sdk-js-v2/.github/workflows/ci_run_pubsub_electron_cfg.json
- name: run PKCS12 sample
run: |
cert=$(aws secretsmanager get-secret-value --region us-east-1 --secret-id "ci/PubSub/cert" --query "SecretString" | cut -f2 -d":" | cut -f2 -d\") && echo -e "$cert" > /tmp/certificate.pem
key=$(aws secretsmanager get-secret-value --region us-east-1 --secret-id "ci/PubSub/key" --query "SecretString" | cut -f2 -d":" | cut -f2 -d\") && echo -e "$key" > /tmp/privatekey.pem
pkcs12_password=$(aws secretsmanager get-secret-value --region us-east-1 --secret-id "ci/PubSub/key_pkcs12_password" --query "SecretString" | cut -f2 -d":" | cut -f2 -d\")
openssl pkcs12 -export -in /tmp/certificate.pem -inkey /tmp/privatekey.pem -out /tmp/pkcs12-key.p12 -name PubSub_Thing_Alias -password pass:$pkcs12_password
python3 ./aws-iot-device-sdk-js-v2/utils/run_in_ci.py --file ./aws-iot-device-sdk-js-v2/.github/workflows/ci_run_pkcs12_connect_cfg.json
- name: configure AWS credentials (Device Advisor)
uses: aws-actions/configure-aws-credentials@v1
with:
role-to-assume: ${{ env.CI_DEVICE_ADVISOR }}
aws-region: ${{ env.AWS_DEFAULT_REGION }}
- name: run DeviceAdvisor
run: |
cd ./aws-iot-device-sdk-js-v2
python3 ./deviceadvisor/script/DATestRun.py
linux:
runs-on: ubuntu-20.04 # latest
permissions:
id-token: write # This is required for requesting the JWT
steps:
- name: Build ${{ env.PACKAGE_NAME }}
run: |
python3 -c "from urllib.request import urlretrieve; urlretrieve('${{ env.BUILDER_HOST }}/${{ env.BUILDER_SOURCE }}/${{ env.BUILDER_VERSION }}/builder.pyz?run=${{ env.RUN }}', 'builder')"
chmod a+x builder
./builder build -p ${{ env.PACKAGE_NAME }}
- name: Running samples in CI setup
run: |
python3 -m pip install boto3
- name: configure AWS credentials (PubSub)
uses: aws-actions/configure-aws-credentials@v1
with:
role-to-assume: ${{ env.CI_PUBSUB_ROLE }}
aws-region: ${{ env.AWS_DEFAULT_REGION }}
- name: run PubSub sample
run: |
python3 ./aws-iot-device-sdk-js-v2/utils/run_in_ci.py --file ./aws-iot-device-sdk-js-v2/.github/workflows/ci_run_pubsub_cfg.json
# Electron requires X11 on linux, while github actions does not have X11 support. We work around it using XVFB.
- name: run PubSub Electron sample
run: |
export DISPLAY=:99
sudo Xvfb -ac :99 -screen 0 1280x1024x24 > /dev/null 2>&1 &
python ./aws-iot-device-sdk-js-v2/utils/run_in_ci.py --file ./aws-iot-device-sdk-js-v2/.github/workflows/ci_run_pubsub_electron_cfg.json
- name: configure AWS credentials (Device Advisor)
uses: aws-actions/configure-aws-credentials@v1
with:
role-to-assume: ${{ env.CI_DEVICE_ADVISOR }}
aws-region: ${{ env.AWS_DEFAULT_REGION }}
- name: run DeviceAdvisor
run: |
cd ./aws-iot-device-sdk-js-v2
python3 ./deviceadvisor/script/DATestRun.py
# Runs the samples and ensures that everything is working
linux-smoke-tests:
runs-on: ubuntu-latest
permissions:
id-token: write # This is required for requesting the JWT
steps:
- name: Build ${{ env.PACKAGE_NAME }}
run: |
python3 -c "from urllib.request import urlretrieve; urlretrieve('${{ env.BUILDER_HOST }}/${{ env.BUILDER_SOURCE }}/${{ env.BUILDER_VERSION }}/builder.pyz?run=${{ env.RUN }}', 'builder')"
chmod a+x builder
./builder build -p ${{ env.PACKAGE_NAME }}
- name: Running samples and service clients tests in CI setup
run: |
python3 -m pip install boto3
sudo apt-get update -y
sudo apt-get install softhsm -y
softhsm2-util --version
- name: configure AWS credentials (Shadow)
uses: aws-actions/configure-aws-credentials@v2
with:
role-to-assume: ${{ env.CI_SHADOW_SERVICE_CLIENT_ROLE }}
aws-region: ${{ env.AWS_DEFAULT_REGION }}
- name: run Shadow service client test for MQTT311
working-directory: ./aws-iot-device-sdk-js-v2/servicetests
run: |
export PYTHONPATH=${{ github.workspace }}/aws-iot-device-sdk-js-v2/utils
python3 ./test_cases/test_shadow_update.py --config-file test_cases/mqtt3_shadow_cfg.json
- name: run Shadow service client test for MQTT5
working-directory: ./aws-iot-device-sdk-js-v2/servicetests
run: |
export PYTHONPATH=${{ github.workspace }}/aws-iot-device-sdk-js-v2/utils
python3 ./test_cases/test_shadow_update.py --config-file test_cases/mqtt5_shadow_cfg.json
- name: run Named Shadow service client test for MQTT311
working-directory: ./aws-iot-device-sdk-js-v2/servicetests
run: |
export PYTHONPATH=${{ github.workspace }}/aws-iot-device-sdk-js-v2/utils
python3 ./test_cases/test_shadow_update.py --config-file test_cases/mqtt3_named_shadow_cfg.json
- name: run Named Shadow service client test for MQTT5
working-directory: ./aws-iot-device-sdk-js-v2/servicetests
run: |
export PYTHONPATH=${{ github.workspace }}/aws-iot-device-sdk-js-v2/utils
python3 ./test_cases/test_shadow_update.py --config-file test_cases/mqtt5_named_shadow_cfg.json
- name: configure AWS credentials (Fleet provisioning)
uses: aws-actions/configure-aws-credentials@v2
with:
role-to-assume: ${{ env.CI_FLEET_PROVISIONING_ROLE }}
aws-region: ${{ env.AWS_DEFAULT_REGION }}
- name: run Fleet Provisioning service client test for MQTT311
working-directory: ./aws-iot-device-sdk-js-v2/servicetests
run: |
export PYTHONPATH=${{ github.workspace }}/aws-iot-device-sdk-js-v2/utils
python3 ./test_cases/test_fleet_provisioning.py --config-file test_cases/mqtt3_fleet_provisioning_cfg.json --thing-name-prefix Fleet_Thing_
- name: run Fleet Provisioning service client test for MQTT5
working-directory: ./aws-iot-device-sdk-js-v2/servicetests
run: |
export PYTHONPATH=${{ github.workspace }}/aws-iot-device-sdk-js-v2/utils
python3 ./test_cases/test_fleet_provisioning.py --config-file test_cases/mqtt5_fleet_provisioning_cfg.json --thing-name-prefix Fleet_Thing_
- name: run Fleet Provisioning with CSR service client test for MQTT311
working-directory: ./aws-iot-device-sdk-js-v2/servicetests
run: |
export PYTHONPATH=${{ github.workspace }}/aws-iot-device-sdk-js-v2/utils
python3 ./test_cases/test_fleet_provisioning.py --config-file test_cases/mqtt3_fleet_provisioning_with_csr_cfg.json --thing-name-prefix Fleet_Thing_
- name: run Fleet Provisioning with CSR service client test for MQTT5
working-directory: ./aws-iot-device-sdk-js-v2/servicetests
run: |
export PYTHONPATH=${{ github.workspace }}/aws-iot-device-sdk-js-v2/utils
python3 ./test_cases/test_fleet_provisioning.py --config-file test_cases/mqtt5_fleet_provisioning_with_csr_cfg.json --thing-name-prefix Fleet_Thing_
- name: configure AWS credentials (Jobs)
uses: aws-actions/configure-aws-credentials@v2
with:
role-to-assume: ${{ env.CI_JOBS_SERVICE_CLIENT_ROLE }}
aws-region: ${{ env.AWS_DEFAULT_REGION }}
- name: run Jobs service client test for MQTT311
working-directory: ./aws-iot-device-sdk-js-v2/servicetests
run: |
export PYTHONPATH=${{ github.workspace }}/aws-iot-device-sdk-js-v2/utils
python3 ./test_cases/test_jobs_execution.py --config-file test_cases/mqtt3_jobs_cfg.json
- name: run Jobs service client test for MQTT5
working-directory: ./aws-iot-device-sdk-js-v2/servicetests
run: |
export PYTHONPATH=${{ github.workspace }}/aws-iot-device-sdk-js-v2/utils
python3 ./test_cases/test_jobs_execution.py --config-file test_cases/mqtt5_jobs_cfg.json
- name: configure AWS credentials (Connect and PubSub)
uses: aws-actions/configure-aws-credentials@v1
with:
role-to-assume: ${{ env.CI_PUBSUB_ROLE }}
aws-region: ${{ env.AWS_DEFAULT_REGION }}
- name: run Basic Connect sample
run: |
python3 ./aws-iot-device-sdk-js-v2/utils/run_in_ci.py --file ./aws-iot-device-sdk-js-v2/.github/workflows/ci_run_basic_connect_cfg.json
- name: run Websocket Connect sample
run: |
python3 ./aws-iot-device-sdk-js-v2/utils/run_in_ci.py --file ./aws-iot-device-sdk-js-v2/.github/workflows/ci_run_websocket_connect_cfg.json
- name: run PubSub sample
run: |
python3 ./aws-iot-device-sdk-js-v2/utils/run_in_ci.py --file ./aws-iot-device-sdk-js-v2/.github/workflows/ci_run_pubsub_cfg.json
# Electron requires X11 on linux, while github actions does not have X11 support. We work around it using XVFB.
- name: run PubSub Electron sample
run: |
export DISPLAY=:99
sudo Xvfb -ac :99 -screen 0 1280x1024x24 > /dev/null 2>&1 &
python ./aws-iot-device-sdk-js-v2/utils/run_in_ci.py --file ./aws-iot-device-sdk-js-v2/.github/workflows/ci_run_pubsub_electron_cfg.json
- name: run PubSub JS sample
run: |
python3 ./aws-iot-device-sdk-js-v2/utils/run_in_ci.py --file ./aws-iot-device-sdk-js-v2/.github/workflows/ci_run_pubsub_js_cfg.json
- name: run PKCS11 Connect sample
run: |
mkdir -p /tmp/tokens
export SOFTHSM2_CONF=/tmp/softhsm2.conf
echo "directories.tokendir = /tmp/tokens" > /tmp/softhsm2.conf
python3 ./aws-iot-device-sdk-js-v2/utils/run_in_ci.py --file ./aws-iot-device-sdk-js-v2/.github/workflows/ci_run_pkcs11_connect_cfg.json
- name: configure AWS credentials (Cognito)
uses: aws-actions/configure-aws-credentials@v1
with:
role-to-assume: ${{ env.CI_COGNITO_ROLE }}
aws-region: ${{ env.AWS_DEFAULT_REGION }}
- name: run Cognito Connect sample
run: |
python3 ./aws-iot-device-sdk-js-v2/utils/run_in_ci.py --file ./aws-iot-device-sdk-js-v2/.github/workflows/ci_run_cognito_connect_cfg.json
- name: configure AWS credentials (X509)
uses: aws-actions/configure-aws-credentials@v1
with:
role-to-assume: ${{ env.CI_X509_ROLE }}
aws-region: ${{ env.AWS_DEFAULT_REGION }}
- name: run X509 sample
run: |
python3 ./aws-iot-device-sdk-js-v2/utils/run_in_ci.py --file ./aws-iot-device-sdk-js-v2/.github/workflows/ci_run_x509_connect_cfg.json
- name: configure AWS credentials (Custom Authorizer)
uses: aws-actions/configure-aws-credentials@v1
with:
role-to-assume: ${{ env.CI_CUSTOM_AUTHORIZER_ROLE }}
aws-region: ${{ env.AWS_DEFAULT_REGION }}
- name: run CustomAuthorizerConnect sample
run: |
python3 ./aws-iot-device-sdk-js-v2/utils/run_in_ci.py --file ./aws-iot-device-sdk-js-v2/.github/workflows/ci_run_custom_authorizer_connect_cfg.json
- name: configure AWS credentials (Shadow)
uses: aws-actions/configure-aws-credentials@v1
with:
role-to-assume: ${{ env.CI_SHADOW_ROLE }}
aws-region: ${{ env.AWS_DEFAULT_REGION }}
- name: run Shadow sample
run: |
python3 ./aws-iot-device-sdk-js-v2/utils/run_in_ci.py --file ./aws-iot-device-sdk-js-v2/.github/workflows/ci_run_shadow_cfg.json
- name: run Mqtt5 Shadow sample
run: |
python3 ./aws-iot-device-sdk-js-v2/utils/run_in_ci.py --file ./aws-iot-device-sdk-js-v2/.github/workflows/ci_run_shadow_mqtt5_cfg.json
- name: configure AWS credentials (Jobs)
uses: aws-actions/configure-aws-credentials@v1
with:
role-to-assume: ${{ env.CI_JOBS_ROLE }}
aws-region: ${{ env.AWS_DEFAULT_REGION }}
- name: run Jobs sample
run: |
python3 ./aws-iot-device-sdk-js-v2/utils/run_in_ci.py --file ./aws-iot-device-sdk-js-v2/.github/workflows/ci_run_jobs_cfg.json
- name: run Mqtt5 Jobs sample
run: |
python3 ./aws-iot-device-sdk-js-v2/utils/run_in_ci.py --file ./aws-iot-device-sdk-js-v2/.github/workflows/ci_run_jobs_mqtt5_cfg.json
- name: configure AWS credentials (Fleet provisioning)
uses: aws-actions/configure-aws-credentials@v1
with:
role-to-assume: ${{ env.CI_FLEET_PROVISIONING_ROLE }}
aws-region: ${{ env.AWS_DEFAULT_REGION }}
- name: run Fleet Provisioning sample
run: |
python3 ./aws-iot-device-sdk-js-v2/utils/run_fleet_provisioning_sample.py --file ./aws-iot-device-sdk-js-v2/.github/workflows/ci_run_fleet_provisioning_cfg.json --thing-name-prefix "Fleet_Thing_"
- name: run Mqtt5 Fleet Provisioning sample
run: |
python3 ./aws-iot-device-sdk-js-v2/utils/run_fleet_provisioning_sample.py --file ./aws-iot-device-sdk-js-v2/.github/workflows/ci_run_fleet_provisioning_mqtt5_cfg.json --thing-name-prefix "Fleet_Thing_"
- name: configure AWS credentials (MQTT5 PubSub)
uses: aws-actions/configure-aws-credentials@v1
with:
role-to-assume: ${{ env.CI_MQTT5_ROLE }}
aws-region: ${{ env.AWS_DEFAULT_REGION }}
- name: run MQTT5 PubSub sample
run: |
python3 ./aws-iot-device-sdk-js-v2/utils/run_in_ci.py --file ./aws-iot-device-sdk-js-v2/.github/workflows/ci_run_mqtt5_pubsub_cfg.json
- name: run MQTT5 Shared Subscription sample
run: |
python3 ./aws-iot-device-sdk-js-v2/utils/run_in_ci.py --file ./aws-iot-device-sdk-js-v2/.github/workflows/ci_run_mqtt5_shared_subscription_cfg.json
- name: configure AWS credentials (Greengrass)
uses: aws-actions/configure-aws-credentials@v1
with:
role-to-assume: ${{ env.CI_GREENGRASS_ROLE }}
aws-region: ${{ env.AWS_DEFAULT_REGION }}
- name: run Greengrass Discovery sample
run: |
python3 ./aws-iot-device-sdk-js-v2/utils/run_in_ci.py --file ./aws-iot-device-sdk-js-v2/.github/workflows/ci_run_greengrass_discovery_cfg.json
# check that docs can still build
check-docs:
runs-on: ubuntu-20.04 # latest
steps:
- uses: actions/checkout@v2
- name: Check docs
run: |
npm ci
./make-docs.sh
check-codegen-edits:
runs-on: ubuntu-20.04 # latest
steps:
- uses: actions/checkout@v2
with:
fetch-depth: 0
- name: Check for edits to code-generated files
run: |
./utils/check_codegen_edits.py
check-lockfile-version:
runs-on: ubuntu-20.04 # latest
steps:
- uses: actions/checkout@v2
with:
fetch-depth: 0
- name: Check for edits to package-lock.json
run: |
test `jq -r '.lockfileVersion' package-lock.json` = 1