From 8e3e9a4060be0ac2b0ade65bc1f6bab23bef7150 Mon Sep 17 00:00:00 2001 From: Andy Jewell Date: Thu, 2 Oct 2025 13:55:00 -0400 Subject: [PATCH 1/4] chore: use macos-14 for CI --- .github/workflows/dafny_interop_library_go_tests.yml | 2 +- .github/workflows/dafny_interop_test_net.yml | 2 +- .github/workflows/dafny_interop_test_vector_net.yml | 6 +++--- .github/workflows/go-release.yml | 2 +- .github/workflows/library_dafny_verification.yml | 4 ++-- .github/workflows/library_format.yml | 2 +- .github/workflows/library_go_tests.yml | 2 +- .github/workflows/library_interop_tests.yml | 6 +++--- .github/workflows/library_java_tests.yml | 2 +- .github/workflows/library_net_tests.yml | 4 ++-- .github/workflows/library_rust_tests.yml | 4 ++-- .github/workflows/sem_ver.yml | 2 +- .github/workflows/semantic_release.yml | 2 +- 13 files changed, 20 insertions(+), 20 deletions(-) diff --git a/.github/workflows/dafny_interop_library_go_tests.yml b/.github/workflows/dafny_interop_library_go_tests.yml index 4ffb89fd4..4973f8db3 100644 --- a/.github/workflows/dafny_interop_library_go_tests.yml +++ b/.github/workflows/dafny_interop_library_go_tests.yml @@ -30,7 +30,7 @@ jobs: # windows-latest, ubuntu-22.04, # TODO: Re-enable macOS after https://t.corp.amazon.com/P205755286 - # macos-13, + # macos-14, ] runs-on: ${{ matrix.os }} permissions: diff --git a/.github/workflows/dafny_interop_test_net.yml b/.github/workflows/dafny_interop_test_net.yml index 0272bdfdd..fed565557 100644 --- a/.github/workflows/dafny_interop_test_net.yml +++ b/.github/workflows/dafny_interop_test_net.yml @@ -34,7 +34,7 @@ jobs: strategy: fail-fast: false matrix: - os: [windows-latest, ubuntu-22.04, macos-13] + os: [windows-latest, ubuntu-22.04, macos-14] runs-on: ${{ matrix.os }} permissions: id-token: write diff --git a/.github/workflows/dafny_interop_test_vector_net.yml b/.github/workflows/dafny_interop_test_vector_net.yml index e9ef54e6e..58574ff72 100644 --- a/.github/workflows/dafny_interop_test_vector_net.yml +++ b/.github/workflows/dafny_interop_test_vector_net.yml @@ -33,7 +33,7 @@ jobs: decrypt_python_vectors: strategy: matrix: - os: [windows-latest, ubuntu-22.04, macos-13] + os: [windows-latest, ubuntu-22.04, macos-14] runs-on: ${{matrix.os}} permissions: id-token: write @@ -140,7 +140,7 @@ jobs: generate_vectors: strategy: matrix: - os: [ubuntu-22.04, macos-13] + os: [ubuntu-22.04, macos-14] runs-on: ${{ matrix.os }} permissions: id-token: write @@ -242,7 +242,7 @@ jobs: needs: generate_vectors strategy: matrix: - os: [ubuntu-22.04, macos-13] + os: [ubuntu-22.04, macos-14] runs-on: ${{ matrix.os }} permissions: id-token: write diff --git a/.github/workflows/go-release.yml b/.github/workflows/go-release.yml index 2d00a874c..60edb2ae8 100644 --- a/.github/workflows/go-release.yml +++ b/.github/workflows/go-release.yml @@ -19,7 +19,7 @@ jobs: go-release: needs: get-dafny-version - runs-on: macos-13 + runs-on: macos-14 permissions: contents: write id-token: write diff --git a/.github/workflows/library_dafny_verification.yml b/.github/workflows/library_dafny_verification.yml index 6f94c7eb2..2f431f17b 100644 --- a/.github/workflows/library_dafny_verification.yml +++ b/.github/workflows/library_dafny_verification.yml @@ -19,7 +19,7 @@ jobs: strategy: matrix: library: [AwsEncryptionSDK, TestVectors] - os: [macos-13] + os: [macos-14] runs-on: ${{ matrix.os }} env: DOTNET_CLI_TELEMETRY_OPTOUT: 1 @@ -36,7 +36,7 @@ jobs: git submodule update --init --recursive mpl # dafny-reportgenerator requires next6 - # but only 7.0 is installed on macos-13-large + # but only 7.0 is installed on macos-14-large - name: Setup .NET Core SDK '6.0.x' uses: actions/setup-dotnet@v3 with: diff --git a/.github/workflows/library_format.yml b/.github/workflows/library_format.yml index 7c30d8fd5..6c7523c4e 100644 --- a/.github/workflows/library_format.yml +++ b/.github/workflows/library_format.yml @@ -19,7 +19,7 @@ jobs: if: github.event_name != 'schedule' || github.repository_owner == 'aws' strategy: matrix: - os: [macos-13] + os: [macos-14] runs-on: ${{ matrix.os }} defaults: run: diff --git a/.github/workflows/library_go_tests.yml b/.github/workflows/library_go_tests.yml index bb821f2eb..74b581122 100644 --- a/.github/workflows/library_go_tests.yml +++ b/.github/workflows/library_go_tests.yml @@ -26,7 +26,7 @@ jobs: # windows-latest, ubuntu-22.04, # TODO: Re-enable macOS after https://t.corp.amazon.com/P205755286 - # macos-13, + # macos-14, ] runs-on: ${{ matrix.os }} permissions: diff --git a/.github/workflows/library_interop_tests.yml b/.github/workflows/library_interop_tests.yml index 700bb5440..5d382588e 100644 --- a/.github/workflows/library_interop_tests.yml +++ b/.github/workflows/library_interop_tests.yml @@ -28,7 +28,7 @@ jobs: windows-latest, ubuntu-22.04, # TODO: Re-enable macOS after https://t.corp.amazon.com/P205755286 - # macos-13, + # macos-14, ] runs-on: ${{ matrix.os }} permissions: @@ -126,7 +126,7 @@ jobs: os: [ ubuntu-22.04, # TODO: Re-enable macOS after https://t.corp.amazon.com/P205755286 - # macos-13, + # macos-14, ] runs-on: ${{ matrix.os }} permissions: @@ -228,7 +228,7 @@ jobs: os: [ ubuntu-22.04, # https://t.corp.amazon.com/P205755286 - # macos-13 + # macos-14 ] runs-on: ${{ matrix.os }} permissions: diff --git a/.github/workflows/library_java_tests.yml b/.github/workflows/library_java_tests.yml index 80c3b7d68..a355584b8 100644 --- a/.github/workflows/library_java_tests.yml +++ b/.github/workflows/library_java_tests.yml @@ -24,7 +24,7 @@ jobs: # TODO just test on mac for now #windows-latest, #ubuntu-22.04, - macos-13, + macos-14, ] runs-on: ${{ matrix.os }} permissions: diff --git a/.github/workflows/library_net_tests.yml b/.github/workflows/library_net_tests.yml index 0b2d85f1a..457ea791b 100644 --- a/.github/workflows/library_net_tests.yml +++ b/.github/workflows/library_net_tests.yml @@ -35,7 +35,7 @@ jobs: windows-latest, ubuntu-22.04, # TODO: Re-enable macOS after https://t.corp.amazon.com/P205755286 - # macos-13, + # macos-14, ] runs-on: ${{ matrix.os }} permissions: @@ -145,7 +145,7 @@ jobs: # windows-latest, ubuntu-22.04, # TODO: Re-enable macOS after https://t.corp.amazon.com/P205755286 - # macos-13, + # macos-14, ] runs-on: ${{ matrix.os }} permissions: diff --git a/.github/workflows/library_rust_tests.yml b/.github/workflows/library_rust_tests.yml index 1a9ab93bc..928d8dcdb 100644 --- a/.github/workflows/library_rust_tests.yml +++ b/.github/workflows/library_rust_tests.yml @@ -24,7 +24,7 @@ jobs: windows-latest, ubuntu-22.04, # TODO: Re-enable macOS after https://t.corp.amazon.com/P205755286 - # macos-13, + # macos-14, ] runs-on: ${{ matrix.os }} permissions: @@ -116,7 +116,7 @@ jobs: # windows-latest, ubuntu-22.04, # TODO: Re-enable macOS after https://t.corp.amazon.com/P205755286 - # macos-13, + # macos-14, ] runs-on: ${{ matrix.os }} permissions: diff --git a/.github/workflows/sem_ver.yml b/.github/workflows/sem_ver.yml index 283707c3c..4c1907b3b 100644 --- a/.github/workflows/sem_ver.yml +++ b/.github/workflows/sem_ver.yml @@ -6,7 +6,7 @@ on: jobs: semantic-release: - runs-on: macos-13 + runs-on: macos-14 permissions: id-token: write contents: read diff --git a/.github/workflows/semantic_release.yml b/.github/workflows/semantic_release.yml index 2e8455220..222562024 100644 --- a/.github/workflows/semantic_release.yml +++ b/.github/workflows/semantic_release.yml @@ -15,7 +15,7 @@ jobs: # privileged operation, so we must make sure this list of users is a subset of the users labeled as maintainers of # https://github.com/orgs/aws/teams/aws-crypto-tools if: contains('["seebees","texastony","ShubhamChaturvedi7","lucasmcdonald3","josecorella","imabhichow","rishav-karanjit","antonf-amzn","justplaz","ajewellamz","RitvikKapila"]', github.actor) - runs-on: macos-13 + runs-on: macos-14 permissions: id-token: write contents: write From fa6a0fb731911cf571df37ab794d8cdbbd917767 Mon Sep 17 00:00:00 2001 From: Andy Jewell Date: Thu, 2 Oct 2025 14:00:51 -0400 Subject: [PATCH 2/4] m --- .github/workflows/library_codegen.yml | 2 +- .../library_interop_keyring_test_vectors.yml | 4 +-- .../library_interop_mkp_test_vectors.yml | 6 ++-- .github/workflows/library_java_tests.yml | 30 ++----------------- .../library_legacy_interop_test_vectors.yml | 2 +- .github/workflows/library_rust_tests.yml | 4 +-- 6 files changed, 12 insertions(+), 36 deletions(-) diff --git a/.github/workflows/library_codegen.yml b/.github/workflows/library_codegen.yml index 6ecd90fc0..ec94befb9 100644 --- a/.github/workflows/library_codegen.yml +++ b/.github/workflows/library_codegen.yml @@ -55,7 +55,7 @@ jobs: run: echo '{"sdk":{"rollForward":"latestFeature","version":"6.0.0"}}' > ./global.json - name: Setup Java 17 for codegen - uses: actions/setup-java@v3 + uses: actions/setup-java@v5 with: distribution: "corretto" java-version: "17" diff --git a/.github/workflows/library_interop_keyring_test_vectors.yml b/.github/workflows/library_interop_keyring_test_vectors.yml index 7cad8191b..7c4a10583 100644 --- a/.github/workflows/library_interop_keyring_test_vectors.yml +++ b/.github/workflows/library_interop_keyring_test_vectors.yml @@ -141,7 +141,7 @@ jobs: # Setup Java in Rust is needed for running polymorph - name: Setup Java 17 if: matrix.language == 'java' || matrix.language == 'rust' - uses: actions/setup-java@v3 + uses: actions/setup-java@v5 with: distribution: "corretto" java-version: 17 @@ -418,7 +418,7 @@ jobs: # Setup Java in Rust is needed for running polymorph - name: Setup Java 17 if: matrix.decrypting_language == 'java' || matrix.decrypting_language == 'rust' - uses: actions/setup-java@v3 + uses: actions/setup-java@v5 with: distribution: "corretto" java-version: 17 diff --git a/.github/workflows/library_interop_mkp_test_vectors.yml b/.github/workflows/library_interop_mkp_test_vectors.yml index 7dcc7f65e..9eb8a4454 100644 --- a/.github/workflows/library_interop_mkp_test_vectors.yml +++ b/.github/workflows/library_interop_mkp_test_vectors.yml @@ -81,7 +81,7 @@ jobs: # Setup Java in Rust is needed for running polymorph - name: Setup Java 17 if: matrix.language == 'java_mkp' || matrix.language == 'java' || matrix.language == 'rust' - uses: actions/setup-java@v3 + uses: actions/setup-java@v5 with: distribution: "corretto" java-version: 17 @@ -273,7 +273,7 @@ jobs: # Setup Java in Rust is needed for running polymorph - name: Setup Java 17 if: matrix.decrypting_language == 'java' || matrix.decrypting_language == 'java_mkp'|| matrix.decrypting_language == 'rust' - uses: actions/setup-java@v3 + uses: actions/setup-java@v5 with: distribution: "corretto" java-version: 17 @@ -697,7 +697,7 @@ jobs: # Setup Java in Rust is needed for running polymorph - name: Setup Java 17 if: matrix.decrypting_language == 'java' || matrix.decrypting_language == 'java_mkp'|| matrix.decrypting_language == 'rust' - uses: actions/setup-java@v3 + uses: actions/setup-java@v5 with: distribution: "corretto" java-version: 17 diff --git a/.github/workflows/library_java_tests.yml b/.github/workflows/library_java_tests.yml index a355584b8..fd95794a1 100644 --- a/.github/workflows/library_java_tests.yml +++ b/.github/workflows/library_java_tests.yml @@ -66,7 +66,7 @@ jobs: update-and-regenerate-mpl: true - name: Setup Java 8 - uses: actions/setup-java@v3 + uses: actions/setup-java@v5 with: distribution: "corretto" java-version: 8 @@ -85,7 +85,7 @@ jobs: make test_java - name: Setup Java 11 - uses: actions/setup-java@v3 + uses: actions/setup-java@v5 with: distribution: "corretto" java-version: 11 @@ -108,32 +108,8 @@ jobs: arguments: runTests build-root-directory: ./${{ matrix.library }}/runtimes/java - - name: Setup Java 16 - uses: actions/setup-java@v3 - with: - distribution: "corretto" - java-version: 16 - - - name: Clean for next Java - uses: gradle/gradle-build-action@v2 - with: - arguments: clean - build-root-directory: ./${{ matrix.library }}/runtimes/java - - - name: Compile Java 16 - uses: gradle/gradle-build-action@v2 - with: - arguments: build - build-root-directory: ./${{ matrix.library }}/runtimes/java - - - name: Test Java 16 - uses: gradle/gradle-build-action@v2 - with: - arguments: runTests - build-root-directory: ./${{ matrix.library }}/runtimes/java - - name: Setup Java 17 - uses: actions/setup-java@v3 + uses: actions/setup-java@v5 with: distribution: "corretto" java-version: 17 diff --git a/.github/workflows/library_legacy_interop_test_vectors.yml b/.github/workflows/library_legacy_interop_test_vectors.yml index 66bd72f06..a1ffa3b99 100644 --- a/.github/workflows/library_legacy_interop_test_vectors.yml +++ b/.github/workflows/library_legacy_interop_test_vectors.yml @@ -64,7 +64,7 @@ jobs: - name: Setup Java 17 if: matrix.language == 'java' - uses: actions/setup-java@v3 + uses: actions/setup-java@v5 with: distribution: "corretto" java-version: 17 diff --git a/.github/workflows/library_rust_tests.yml b/.github/workflows/library_rust_tests.yml index 928d8dcdb..500054d8c 100644 --- a/.github/workflows/library_rust_tests.yml +++ b/.github/workflows/library_rust_tests.yml @@ -59,7 +59,7 @@ jobs: dafny-version: 4.10.0 - name: Setup Java 17 for codegen - uses: actions/setup-java@v3 + uses: actions/setup-java@v5 with: distribution: "corretto" java-version: "17" @@ -151,7 +151,7 @@ jobs: dafny-version: 4.10.0 - name: Setup Java 17 for codegen - uses: actions/setup-java@v3 + uses: actions/setup-java@v5 with: distribution: "corretto" java-version: "17" From 6aea466e91bb919ff7a9e0be3302042d1ec2b18e Mon Sep 17 00:00:00 2001 From: Andy Jewell Date: Sat, 11 Oct 2025 15:49:30 -0400 Subject: [PATCH 3/4] m --- .../action.yml | 8 +-- .github/workflows/check_only_keyword.yml | 2 +- .github/workflows/ci_static-analysis.yaml | 2 +- .github/workflows/dafny_format_version.yaml | 2 +- .../dafny_interop_library_go_tests.yml | 8 +-- .github/workflows/dafny_interop_test_net.yml | 8 +-- .../dafny_interop_test_vector_net.yml | 24 +++---- .github/workflows/dafny_verify_version.yaml | 2 +- .github/workflows/dafny_version.yaml | 2 +- .github/workflows/duvet.yaml | 2 +- .github/workflows/go-release.yml | 6 +- .github/workflows/library_codegen.yml | 6 +- .../workflows/library_dafny_verification.yml | 8 +-- .github/workflows/library_format.yml | 4 +- .github/workflows/library_go_tests.yml | 8 +-- .../library_interop_keyring_test_vectors.yml | 62 +++++++++++-------- .../library_interop_mkp_test_vectors.yml | 62 +++++++++---------- .github/workflows/library_interop_tests.yml | 24 +++---- .github/workflows/library_java_tests.yml | 24 ++++--- .../library_legacy_interop_test_vectors.yml | 21 ++++--- .github/workflows/library_net_tests.yml | 16 ++--- .github/workflows/library_rust_tests.yml | 16 ++--- .github/workflows/nighly_dafny.yml | 2 +- .github/workflows/sem_ver.yml | 10 +-- .github/workflows/semantic_release.yml | 8 +-- .github/workflows/smithy-diff.yml | 2 +- 26 files changed, 175 insertions(+), 164 deletions(-) diff --git a/.github/actions/install_smithy_dafny_codegen_dependencies/action.yml b/.github/actions/install_smithy_dafny_codegen_dependencies/action.yml index d7900e05f..331df4502 100644 --- a/.github/actions/install_smithy_dafny_codegen_dependencies/action.yml +++ b/.github/actions/install_smithy_dafny_codegen_dependencies/action.yml @@ -9,7 +9,7 @@ runs: using: "composite" steps: - name: Setup Java 17 for codegen - uses: actions/setup-java@v3 + uses: actions/setup-java@v5 with: distribution: "corretto" java-version: "17" @@ -20,7 +20,7 @@ runs: make -C mpl/smithy-dafny mvn_local_deploy_polymorph_dependencies - name: Setup Python, black, and docformatter for code formatting - uses: actions/setup-python@v4 + uses: actions/setup-python@v6 with: python-version: ${{ matrix.python-version }} architecture: x64 @@ -31,14 +31,14 @@ runs: python -m pip install --upgrade docformatter - name: Install Go - uses: actions/setup-go@v5 + uses: actions/setup-go@v6 with: go-version: "1.23" - name: Install Go imports shell: bash run: | - go install golang.org/x/tools/cmd/goimports@latest + go install golang.org/x/tools/cmd/goimports@0.36.0 # Without this the if-dafny-at-least command includes "Downloading ..." output - name: Arbitrary makefile target to force downloading Gradle diff --git a/.github/workflows/check_only_keyword.yml b/.github/workflows/check_only_keyword.yml index 4a8a5c9f3..66d03fcc5 100644 --- a/.github/workflows/check_only_keyword.yml +++ b/.github/workflows/check_only_keyword.yml @@ -13,7 +13,7 @@ jobs: issues: write pull-requests: write steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v5 with: fetch-depth: 0 diff --git a/.github/workflows/ci_static-analysis.yaml b/.github/workflows/ci_static-analysis.yaml index d08c5ea5b..2c468ea48 100644 --- a/.github/workflows/ci_static-analysis.yaml +++ b/.github/workflows/ci_static-analysis.yaml @@ -7,6 +7,6 @@ jobs: not-grep: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v5 - name: not-grep uses: mattsb42-meta/not-grep@1.0.0 diff --git a/.github/workflows/dafny_format_version.yaml b/.github/workflows/dafny_format_version.yaml index 3f1fe9bda..da191e580 100644 --- a/.github/workflows/dafny_format_version.yaml +++ b/.github/workflows/dafny_format_version.yaml @@ -16,7 +16,7 @@ jobs: outputs: version: ${{ steps.read_property.outputs.dafnyFormatVersion }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 - name: Read version from Properties-file id: read_property uses: christian-draeger/read-properties@1.1.1 diff --git a/.github/workflows/dafny_interop_library_go_tests.yml b/.github/workflows/dafny_interop_library_go_tests.yml index 4973f8db3..6c0763a82 100644 --- a/.github/workflows/dafny_interop_library_go_tests.yml +++ b/.github/workflows/dafny_interop_library_go_tests.yml @@ -30,7 +30,7 @@ jobs: # windows-latest, ubuntu-22.04, # TODO: Re-enable macOS after https://t.corp.amazon.com/P205755286 - # macos-14, + # macos-15, ] runs-on: ${{ matrix.os }} permissions: @@ -40,7 +40,7 @@ jobs: - name: Support longpaths on Git checkout run: | git config --global core.longpaths true - - uses: actions/checkout@v3 + - uses: actions/checkout@v5 - name: Init Submodules shell: bash run: | @@ -48,7 +48,7 @@ jobs: git submodule update --init --recursive mpl - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v2 + uses: aws-actions/configure-aws-credentials@v5 with: aws-region: us-west-2 role-to-assume: arn:aws:iam::370957321024:role/GitHub-CI-Public-ESDK-Dafny-Role-us-west-2 @@ -72,7 +72,7 @@ jobs: uses: ./.github/actions/install_smithy_dafny_codegen_dependencies - name: Install Go - uses: actions/setup-go@v5 + uses: actions/setup-go@v6 with: go-version: ${{ matrix.go-version }} diff --git a/.github/workflows/dafny_interop_test_net.yml b/.github/workflows/dafny_interop_test_net.yml index fed565557..d8c4ff440 100644 --- a/.github/workflows/dafny_interop_test_net.yml +++ b/.github/workflows/dafny_interop_test_net.yml @@ -34,7 +34,7 @@ jobs: strategy: fail-fast: false matrix: - os: [windows-latest, ubuntu-22.04, macos-14] + os: [windows-latest, ubuntu-22.04, macos-15] runs-on: ${{ matrix.os }} permissions: id-token: write @@ -46,13 +46,13 @@ jobs: - name: Support longpaths on Git checkout run: | git config --global core.longpaths true - - uses: actions/checkout@v3 + - uses: actions/checkout@v5 with: submodules: recursive fetch-depth: 0 - name: Setup .NET Core SDK 6 - uses: actions/setup-dotnet@v3 + uses: actions/setup-dotnet@v5 with: dotnet-version: "6.0.x" @@ -75,7 +75,7 @@ jobs: run: make setup_net - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 + uses: aws-actions/configure-aws-credentials@v5 with: aws-region: us-west-2 role-to-assume: arn:aws:iam::370957321024:role/GitHub-CI-Public-ESDK-Dafny-Role-us-west-2 diff --git a/.github/workflows/dafny_interop_test_vector_net.yml b/.github/workflows/dafny_interop_test_vector_net.yml index 58574ff72..6e3a7869d 100644 --- a/.github/workflows/dafny_interop_test_vector_net.yml +++ b/.github/workflows/dafny_interop_test_vector_net.yml @@ -33,7 +33,7 @@ jobs: decrypt_python_vectors: strategy: matrix: - os: [windows-latest, ubuntu-22.04, macos-14] + os: [windows-latest, ubuntu-22.04, macos-15] runs-on: ${{matrix.os}} permissions: id-token: write @@ -45,13 +45,13 @@ jobs: - name: Support longpaths on Git checkout run: | git config --global core.longpaths true - - uses: actions/checkout@v3 + - uses: actions/checkout@v5 with: submodules: recursive fetch-depth: 0 - name: Setup .NET Core SDK 6 - uses: actions/setup-dotnet@v3 + uses: actions/setup-dotnet@v5 with: dotnet-version: "6.0.x" @@ -74,7 +74,7 @@ jobs: run: make setup_net - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 + uses: aws-actions/configure-aws-credentials@v5 with: aws-region: us-west-2 role-to-assume: arn:aws:iam::370957321024:role/GitHub-CI-Public-ESDK-Dafny-Role-us-west-2 @@ -140,7 +140,7 @@ jobs: generate_vectors: strategy: matrix: - os: [ubuntu-22.04, macos-14] + os: [ubuntu-22.04, macos-15] runs-on: ${{ matrix.os }} permissions: id-token: write @@ -152,13 +152,13 @@ jobs: - name: Support longpaths on Git checkout run: | git config --global core.longpaths true - - uses: actions/checkout@v3 + - uses: actions/checkout@v5 with: submodules: recursive fetch-depth: 0 - name: Setup .NET Core SDK 6 - uses: actions/setup-dotnet@v3 + uses: actions/setup-dotnet@v5 with: dotnet-version: "6.0.x" @@ -181,7 +181,7 @@ jobs: run: make setup_net - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 + uses: aws-actions/configure-aws-credentials@v5 with: aws-region: us-west-2 role-to-assume: arn:aws:iam::370957321024:role/GitHub-CI-Public-ESDK-Dafny-Role-us-west-2 @@ -242,7 +242,7 @@ jobs: needs: generate_vectors strategy: matrix: - os: [ubuntu-22.04, macos-14] + os: [ubuntu-22.04, macos-15] runs-on: ${{ matrix.os }} permissions: id-token: write @@ -251,7 +251,7 @@ jobs: - name: Support longpaths on Git checkout run: | git config --global core.longpaths true - - uses: actions/checkout@v2 + - uses: actions/checkout@v5 - name: Init Submodules shell: bash run: | @@ -259,7 +259,7 @@ jobs: git submodule update --init --recursive mpl - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 + uses: aws-actions/configure-aws-credentials@v5 with: aws-region: us-west-2 role-to-assume: arn:aws:iam::370957321024:role/GitHub-CI-Public-ESDK-Dafny-Role-us-west-2 @@ -277,7 +277,7 @@ jobs: name: ${{matrix.os}}_mpl-${{inputs.mpl-dafny}}_esdk-${{inputs.esdk-dafny}}_vectors path: AwsEncryptionSDK/net41/vectors - - uses: actions/setup-node@v4 + - uses: actions/setup-node@v5 with: node-version: 17 diff --git a/.github/workflows/dafny_verify_version.yaml b/.github/workflows/dafny_verify_version.yaml index ec9ce95b9..2ba81e5cf 100644 --- a/.github/workflows/dafny_verify_version.yaml +++ b/.github/workflows/dafny_verify_version.yaml @@ -16,7 +16,7 @@ jobs: outputs: version: ${{ steps.read_property.outputs.dafnyVerifyVersion }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 - name: Read version from Properties-file id: read_property uses: christian-draeger/read-properties@1.1.1 diff --git a/.github/workflows/dafny_version.yaml b/.github/workflows/dafny_version.yaml index c20e01a43..c4e148281 100644 --- a/.github/workflows/dafny_version.yaml +++ b/.github/workflows/dafny_version.yaml @@ -16,7 +16,7 @@ jobs: outputs: version: ${{ steps.read_property.outputs.dafnyVersion }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 - name: Read version from Properties-file id: read_property uses: christian-draeger/read-properties@1.1.1 diff --git a/.github/workflows/duvet.yaml b/.github/workflows/duvet.yaml index 2286dc849..5d625e3d5 100644 --- a/.github/workflows/duvet.yaml +++ b/.github/workflows/duvet.yaml @@ -24,7 +24,7 @@ jobs: run: | git config --global core.longpaths true - - uses: actions/checkout@v3 + - uses: actions/checkout@v5 with: submodules: true diff --git a/.github/workflows/go-release.yml b/.github/workflows/go-release.yml index 60edb2ae8..09a4e5917 100644 --- a/.github/workflows/go-release.yml +++ b/.github/workflows/go-release.yml @@ -19,7 +19,7 @@ jobs: go-release: needs: get-dafny-version - runs-on: macos-14 + runs-on: macos-15 permissions: contents: write id-token: write @@ -30,14 +30,14 @@ jobs: git config --global core.longpaths true - name: Configure AWS Credentials for Tests - uses: aws-actions/configure-aws-credentials@v4 + uses: aws-actions/configure-aws-credentials@v5 with: aws-region: us-west-2 role-to-assume: arn:aws:iam::370957321024:role/GitHub-CI-Public-ESDK-Dafny-Role-us-west-2 role-session-name: GoReleaseTest - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@v5 with: fetch-depth: 0 token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/library_codegen.yml b/.github/workflows/library_codegen.yml index ec94befb9..35c72c7ac 100644 --- a/.github/workflows/library_codegen.yml +++ b/.github/workflows/library_codegen.yml @@ -31,7 +31,7 @@ jobs: run: | git config --global core.longpaths true - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 # The specification submodule is private so we don't have access, but we don't need # it to verify the Dafny code. Instead we manually pull the submodules we DO need. - run: git submodule update --init libraries @@ -46,7 +46,7 @@ jobs: dafny-version: ${{ inputs.dafny }} - name: Setup .NET Core SDK ${{ matrix.dotnet-version }} - uses: actions/setup-dotnet@v3 + uses: actions/setup-dotnet@v5 with: dotnet-version: ${{ matrix.dotnet-version }} @@ -64,7 +64,7 @@ jobs: uses: ./.github/actions/install_smithy_dafny_codegen_dependencies - name: Install Go - uses: actions/setup-go@v5 + uses: actions/setup-go@v6 with: go-version: ${{ matrix.go-version }} diff --git a/.github/workflows/library_dafny_verification.yml b/.github/workflows/library_dafny_verification.yml index 2f431f17b..b973287f9 100644 --- a/.github/workflows/library_dafny_verification.yml +++ b/.github/workflows/library_dafny_verification.yml @@ -19,7 +19,7 @@ jobs: strategy: matrix: library: [AwsEncryptionSDK, TestVectors] - os: [macos-14] + os: [macos-15] runs-on: ${{ matrix.os }} env: DOTNET_CLI_TELEMETRY_OPTOUT: 1 @@ -29,16 +29,16 @@ jobs: run: | git config --global core.longpaths true - - uses: actions/checkout@v2 + - uses: actions/checkout@v5 - name: Init Submodules run: | git submodule update --init libraries git submodule update --init --recursive mpl # dafny-reportgenerator requires next6 - # but only 7.0 is installed on macos-14-large + # but only 7.0 is installed on macos-15-large - name: Setup .NET Core SDK '6.0.x' - uses: actions/setup-dotnet@v3 + uses: actions/setup-dotnet@v5 with: dotnet-version: "9.0.x" diff --git a/.github/workflows/library_format.yml b/.github/workflows/library_format.yml index 6c7523c4e..de5bd478a 100644 --- a/.github/workflows/library_format.yml +++ b/.github/workflows/library_format.yml @@ -19,7 +19,7 @@ jobs: if: github.event_name != 'schedule' || github.repository_owner == 'aws' strategy: matrix: - os: [macos-14] + os: [macos-15] runs-on: ${{ matrix.os }} defaults: run: @@ -32,7 +32,7 @@ jobs: run: | git config --global core.longpaths true - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 with: submodules: recursive diff --git a/.github/workflows/library_go_tests.yml b/.github/workflows/library_go_tests.yml index 74b581122..37f0b7f10 100644 --- a/.github/workflows/library_go_tests.yml +++ b/.github/workflows/library_go_tests.yml @@ -26,7 +26,7 @@ jobs: # windows-latest, ubuntu-22.04, # TODO: Re-enable macOS after https://t.corp.amazon.com/P205755286 - # macos-14, + # macos-15, ] runs-on: ${{ matrix.os }} permissions: @@ -36,7 +36,7 @@ jobs: - name: Support longpaths on Git checkout run: | git config --global core.longpaths true - - uses: actions/checkout@v3 + - uses: actions/checkout@v5 - name: Init Submodules shell: bash run: | @@ -44,7 +44,7 @@ jobs: git submodule update --init --recursive mpl - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v2 + uses: aws-actions/configure-aws-credentials@v5 with: aws-region: us-west-2 role-to-assume: arn:aws:iam::370957321024:role/GitHub-CI-Public-ESDK-Dafny-Role-us-west-2 @@ -63,7 +63,7 @@ jobs: uses: ilammy/setup-nasm@v1 - name: Install Go - uses: actions/setup-go@v5 + uses: actions/setup-go@v6 with: go-version: ${{ matrix.go-version }} diff --git a/.github/workflows/library_interop_keyring_test_vectors.yml b/.github/workflows/library_interop_keyring_test_vectors.yml index 7c4a10583..7ce6cfc80 100644 --- a/.github/workflows/library_interop_keyring_test_vectors.yml +++ b/.github/workflows/library_interop_keyring_test_vectors.yml @@ -44,14 +44,14 @@ jobs: # TestVectors will call KMS - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v2 + uses: aws-actions/configure-aws-credentials@v5 with: aws-region: us-west-2 role-to-assume: arn:aws:iam::370957321024:role/GitHub-CI-Public-ESDK-Dafny-Role-us-west-2 role-session-name: InterOpTests role-duration-seconds: 7200 - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 with: submodules: "recursive" @@ -69,7 +69,7 @@ jobs: - name: Checkout C-ESDK if: matrix.language == 'c' - uses: actions/checkout@v4 + uses: actions/checkout@v5 with: repository: "aws/aws-encryption-sdk-c" path: ./${{ matrix.library }}/aws-encryption-sdk-c @@ -77,7 +77,7 @@ jobs: - name: Checkout AWS C++ SDK if: matrix.language == 'c' - uses: actions/checkout@v4 + uses: actions/checkout@v5 with: repository: "aws/aws-sdk-cpp" path: ./${{ matrix.library }}/aws-encryption-sdk-c/aws-sdk-cpp @@ -134,10 +134,18 @@ jobs: # Set up runtimes - name: Setup .NET Core SDK ${{ matrix.dotnet-version }} if: matrix.language == 'net' - uses: actions/setup-dotnet@v3 + uses: actions/setup-dotnet@v5 with: dotnet-version: ${{ matrix.dotnet-version }} + # Setup Java 8 + - name: Setup Java 8 + if: matrix.language == 'java' + uses: actions/setup-java@v5 + with: + distribution: "corretto" + java-version: 17 + # Setup Java in Rust is needed for running polymorph - name: Setup Java 17 if: matrix.language == 'java' || matrix.language == 'rust' @@ -148,7 +156,7 @@ jobs: - name: Setup Python for running tests if: matrix.language == 'python' - uses: actions/setup-python@v4 + uses: actions/setup-python@v6 with: python-version: 3.11 architecture: x64 @@ -159,7 +167,7 @@ jobs: - name: Setup Rust Toolchain for GitHub CI if: matrix.language == 'rust' - uses: actions-rust-lang/setup-rust-toolchain@v1.10.1 + uses: actions-rust-lang/setup-rust-toolchain@v1 with: components: rustfmt @@ -254,12 +262,6 @@ jobs: run: | make purge_polymorph_code - - name: Setup gradle - if: matrix.language == 'java_mkp' || matrix.language == 'java' - uses: gradle/gradle-build-action@v2 - with: - gradle-version: 7.2 - - name: Create Keyring Manifests if: matrix.language != 'c' working-directory: ./${{ matrix.library }} @@ -317,14 +319,14 @@ jobs: # TestVectors will call KMS - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v2 + uses: aws-actions/configure-aws-credentials@v5 with: aws-region: us-west-2 role-to-assume: arn:aws:iam::370957321024:role/GitHub-CI-Public-ESDK-Dafny-Role-us-west-2 role-session-name: InterOpTests role-duration-seconds: 7200 - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 with: submodules: "recursive" @@ -342,7 +344,7 @@ jobs: - name: Checkout C-ESDK if: matrix.decrypting_language == 'c' - uses: actions/checkout@v4 + uses: actions/checkout@v5 with: repository: "aws/aws-encryption-sdk-c" path: ./${{ matrix.library }}/aws-encryption-sdk-c @@ -350,7 +352,7 @@ jobs: - name: Checkout AWS C++ SDK if: matrix.decrypting_language == 'c' - uses: actions/checkout@v4 + uses: actions/checkout@v5 with: repository: "aws/aws-sdk-cpp" path: ./${{ matrix.library }}/aws-encryption-sdk-c/aws-sdk-cpp @@ -411,10 +413,18 @@ jobs: # Set up runtimes - name: Setup .NET Core SDK ${{ matrix.dotnet-version }} if: matrix.decrypting_language == 'net' - uses: actions/setup-dotnet@v3 + uses: actions/setup-dotnet@v5 with: dotnet-version: ${{ matrix.dotnet-version }} + # Setup Java in Rust is needed for running polymorph + - name: Setup Java 8 + if: matrix.decrypting_language == 'java' + uses: actions/setup-java@v5 + with: + distribution: "corretto" + java-version: 8 + # Setup Java in Rust is needed for running polymorph - name: Setup Java 17 if: matrix.decrypting_language == 'java' || matrix.decrypting_language == 'rust' @@ -425,7 +435,7 @@ jobs: - name: Setup Python for running tests if: matrix.decrypting_language == 'python' - uses: actions/setup-python@v4 + uses: actions/setup-python@v6 with: python-version: 3.11 architecture: x64 @@ -436,7 +446,7 @@ jobs: - name: Setup Rust Toolchain for GitHub CI if: matrix.decrypting_language == 'rust' - uses: actions-rust-lang/setup-rust-toolchain@v1.10.1 + uses: actions-rust-lang/setup-rust-toolchain@v1 with: components: rustfmt @@ -532,7 +542,7 @@ jobs: # TestVectors will call KMS - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v2 + uses: aws-actions/configure-aws-credentials@v5 with: aws-region: us-west-2 role-to-assume: arn:aws:iam::370957321024:role/GitHub-CI-Public-ESDK-Dafny-Role-us-west-2 @@ -562,7 +572,7 @@ jobs: # TestVectors will call KMS - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v2 + uses: aws-actions/configure-aws-credentials@v5 with: aws-region: us-west-2 role-to-assume: arn:aws:iam::370957321024:role/GitHub-CI-Public-ESDK-Dafny-Role-us-west-2 @@ -592,7 +602,7 @@ jobs: # TestVectors will call KMS - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v2 + uses: aws-actions/configure-aws-credentials@v5 with: aws-region: us-west-2 role-to-assume: arn:aws:iam::370957321024:role/GitHub-CI-Public-ESDK-Dafny-Role-us-west-2 @@ -622,7 +632,7 @@ jobs: # TestVectors will call KMS - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v2 + uses: aws-actions/configure-aws-credentials@v5 with: aws-region: us-west-2 role-to-assume: arn:aws:iam::370957321024:role/GitHub-CI-Public-ESDK-Dafny-Role-us-west-2 @@ -652,7 +662,7 @@ jobs: # TestVectors will call KMS - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v2 + uses: aws-actions/configure-aws-credentials@v5 with: aws-region: us-west-2 role-to-assume: arn:aws:iam::370957321024:role/GitHub-CI-Public-ESDK-Dafny-Role-us-west-2 @@ -682,7 +692,7 @@ jobs: # TestVectors will call KMS - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v2 + uses: aws-actions/configure-aws-credentials@v5 with: aws-region: us-west-2 role-to-assume: arn:aws:iam::370957321024:role/GitHub-CI-Public-ESDK-Dafny-Role-us-west-2 diff --git a/.github/workflows/library_interop_mkp_test_vectors.yml b/.github/workflows/library_interop_mkp_test_vectors.yml index 9eb8a4454..ac05168f0 100644 --- a/.github/workflows/library_interop_mkp_test_vectors.yml +++ b/.github/workflows/library_interop_mkp_test_vectors.yml @@ -60,21 +60,21 @@ jobs: # TestVectors will call KMS - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v2 + uses: aws-actions/configure-aws-credentials@v5 with: aws-region: us-west-2 role-to-assume: arn:aws:iam::370957321024:role/GitHub-CI-Public-ESDK-Dafny-Role-us-west-2 role-session-name: InterOpTests role-duration-seconds: 3600 - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 with: submodules: "recursive" # Set up runtimes - name: Setup .NET Core SDK ${{ matrix.dotnet-version }} if: matrix.language == 'net' - uses: actions/setup-dotnet@v3 + uses: actions/setup-dotnet@v5 with: dotnet-version: ${{ matrix.dotnet-version }} @@ -88,7 +88,7 @@ jobs: - name: Setup Python for running tests if: matrix.language == 'python_mkp' || matrix.language == 'python' - uses: actions/setup-python@v4 + uses: actions/setup-python@v6 with: python-version: 3.11 architecture: x64 @@ -99,7 +99,7 @@ jobs: - name: Setup Rust Toolchain for GitHub CI if: matrix.language == 'rust' - uses: actions-rust-lang/setup-rust-toolchain@v1.10.1 + uses: actions-rust-lang/setup-rust-toolchain@v1 with: components: rustfmt @@ -194,12 +194,6 @@ jobs: run: | make purge_polymorph_code - - name: Setup gradle - if: matrix.language == 'java_mkp' || matrix.language == 'java' - uses: gradle/gradle-build-action@v2 - with: - gradle-version: 7.2 - - name: Create Manifests if: matrix.language != 'go' working-directory: ./${{ matrix.library }} @@ -252,21 +246,21 @@ jobs: # TestVectors will call KMS - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v2 + uses: aws-actions/configure-aws-credentials@v5 with: aws-region: us-west-2 role-to-assume: arn:aws:iam::370957321024:role/GitHub-CI-Public-ESDK-Dafny-Role-us-west-2 role-session-name: InterOpTests role-duration-seconds: 3600 - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 with: submodules: "recursive" # Set up runtimes - name: Setup .NET Core SDK ${{ matrix.dotnet-version }} if: matrix.decrypting_language == 'net' - uses: actions/setup-dotnet@v3 + uses: actions/setup-dotnet@v5 with: dotnet-version: ${{ matrix.dotnet-version }} @@ -280,7 +274,7 @@ jobs: - name: Setup Python for running tests if: matrix.decrypting_language == 'python' || matrix.decrypting_language == 'python_mkp' - uses: actions/setup-python@v4 + uses: actions/setup-python@v6 with: python-version: 3.11 architecture: x64 @@ -291,7 +285,7 @@ jobs: - name: Setup Rust Toolchain for GitHub CI if: matrix.decrypting_language == 'rust' - uses: actions-rust-lang/setup-rust-toolchain@v1.10.1 + uses: actions-rust-lang/setup-rust-toolchain@v1 with: components: rustfmt @@ -387,7 +381,7 @@ jobs: # TestVectors will call KMS - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v2 + uses: aws-actions/configure-aws-credentials@v5 with: aws-region: us-west-2 role-to-assume: arn:aws:iam::370957321024:role/GitHub-CI-Public-ESDK-Dafny-Role-us-west-2 @@ -406,7 +400,7 @@ jobs: # TestVectors will call KMS - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v2 + uses: aws-actions/configure-aws-credentials@v5 with: aws-region: us-west-2 role-to-assume: arn:aws:iam::370957321024:role/GitHub-CI-Public-ESDK-Dafny-Role-us-west-2 @@ -425,7 +419,7 @@ jobs: # TestVectors will call KMS - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v2 + uses: aws-actions/configure-aws-credentials@v5 with: aws-region: us-west-2 role-to-assume: arn:aws:iam::370957321024:role/GitHub-CI-Public-ESDK-Dafny-Role-us-west-2 @@ -444,7 +438,7 @@ jobs: # TestVectors will call KMS - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v2 + uses: aws-actions/configure-aws-credentials@v5 with: aws-region: us-west-2 role-to-assume: arn:aws:iam::370957321024:role/GitHub-CI-Public-ESDK-Dafny-Role-us-west-2 @@ -463,7 +457,7 @@ jobs: # TestVectors will call KMS - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v2 + uses: aws-actions/configure-aws-credentials@v5 with: aws-region: us-west-2 role-to-assume: arn:aws:iam::370957321024:role/GitHub-CI-Public-ESDK-Dafny-Role-us-west-2 @@ -482,7 +476,7 @@ jobs: # TestVectors will call KMS - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v2 + uses: aws-actions/configure-aws-credentials@v5 with: aws-region: us-west-2 role-to-assume: arn:aws:iam::370957321024:role/GitHub-CI-Public-ESDK-Dafny-Role-us-west-2 @@ -501,7 +495,7 @@ jobs: # TestVectors will call KMS - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v2 + uses: aws-actions/configure-aws-credentials@v5 with: aws-region: us-west-2 role-to-assume: arn:aws:iam::370957321024:role/GitHub-CI-Public-ESDK-Dafny-Role-us-west-2 @@ -542,20 +536,20 @@ jobs: run: | git config --global core.longpaths true - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 with: submodules: "recursive" # TestVectors will call KMS - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v2 + uses: aws-actions/configure-aws-credentials@v5 with: aws-region: us-west-2 role-to-assume: arn:aws:iam::370957321024:role/GitHub-CI-Public-ESDK-Dafny-Role-us-west-2 role-session-name: InterOpTests role-duration-seconds: 3600 - - uses: actions/setup-node@v4 + - uses: actions/setup-node@v5 with: node-version: 17 @@ -607,20 +601,20 @@ jobs: run: | git config --global core.longpaths true - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 with: submodules: "recursive" # TestVectors will call KMS - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v2 + uses: aws-actions/configure-aws-credentials@v5 with: aws-region: us-west-2 role-to-assume: arn:aws:iam::370957321024:role/GitHub-CI-Public-ESDK-Dafny-Role-us-west-2 role-session-name: InterOpTests role-duration-seconds: 3600 - - uses: actions/setup-node@v4 + - uses: actions/setup-node@v5 with: node-version: 17 @@ -676,21 +670,21 @@ jobs: # TestVectors will call KMS - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v2 + uses: aws-actions/configure-aws-credentials@v5 with: aws-region: us-west-2 role-to-assume: arn:aws:iam::370957321024:role/GitHub-CI-Public-ESDK-Dafny-Role-us-west-2 role-session-name: InterOpTests role-duration-seconds: 3600 - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 with: submodules: "recursive" # Set up runtimes - name: Setup .NET Core SDK ${{ matrix.dotnet-version }} if: matrix.decrypting_language == 'net' - uses: actions/setup-dotnet@v3 + uses: actions/setup-dotnet@v5 with: dotnet-version: ${{ matrix.dotnet-version }} @@ -704,7 +698,7 @@ jobs: - name: Setup Python for running tests if: matrix.decrypting_language == 'python' || matrix.decrypting_language == 'python_mkp' - uses: actions/setup-python@v4 + uses: actions/setup-python@v6 with: python-version: 3.11 architecture: x64 @@ -715,7 +709,7 @@ jobs: - name: Setup Rust Toolchain for GitHub CI if: matrix.decrypting_language == 'rust' - uses: actions-rust-lang/setup-rust-toolchain@v1.10.1 + uses: actions-rust-lang/setup-rust-toolchain@v1 with: components: rustfmt diff --git a/.github/workflows/library_interop_tests.yml b/.github/workflows/library_interop_tests.yml index 5d382588e..8673f8670 100644 --- a/.github/workflows/library_interop_tests.yml +++ b/.github/workflows/library_interop_tests.yml @@ -28,7 +28,7 @@ jobs: windows-latest, ubuntu-22.04, # TODO: Re-enable macOS after https://t.corp.amazon.com/P205755286 - # macos-14, + # macos-15, ] runs-on: ${{ matrix.os }} permissions: @@ -41,7 +41,7 @@ jobs: - name: Support longpaths on Git checkout run: | git config --global core.longpaths true - - uses: actions/checkout@v2 + - uses: actions/checkout@v5 - name: Init Submodules shell: bash run: | @@ -49,14 +49,14 @@ jobs: git submodule update --init --recursive mpl - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 + uses: aws-actions/configure-aws-credentials@v5 with: aws-region: us-west-2 role-to-assume: arn:aws:iam::370957321024:role/GitHub-CI-Public-ESDK-Dafny-Role-us-west-2 role-session-name: NetTests - name: Setup .NET Core SDK 6 - uses: actions/setup-dotnet@v3 + uses: actions/setup-dotnet@v5 with: dotnet-version: "6.0.x" @@ -126,7 +126,7 @@ jobs: os: [ ubuntu-22.04, # TODO: Re-enable macOS after https://t.corp.amazon.com/P205755286 - # macos-14, + # macos-15, ] runs-on: ${{ matrix.os }} permissions: @@ -139,7 +139,7 @@ jobs: - name: Support longpaths on Git checkout run: | git config --global core.longpaths true - - uses: actions/checkout@v2 + - uses: actions/checkout@v5 - name: Init Submodules shell: bash run: | @@ -147,14 +147,14 @@ jobs: git submodule update --init --recursive mpl - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 + uses: aws-actions/configure-aws-credentials@v5 with: aws-region: us-west-2 role-to-assume: arn:aws:iam::370957321024:role/GitHub-CI-Public-ESDK-Dafny-Role-us-west-2 role-session-name: NetTests - name: Setup .NET Core SDK 6 - uses: actions/setup-dotnet@v3 + uses: actions/setup-dotnet@v5 with: dotnet-version: "6.0.x" @@ -228,7 +228,7 @@ jobs: os: [ ubuntu-22.04, # https://t.corp.amazon.com/P205755286 - # macos-14 + # macos-15 ] runs-on: ${{ matrix.os }} permissions: @@ -238,7 +238,7 @@ jobs: - name: Support longpaths on Git checkout run: | git config --global core.longpaths true - - uses: actions/checkout@v2 + - uses: actions/checkout@v5 - name: Init Submodules shell: bash run: | @@ -246,7 +246,7 @@ jobs: git submodule update --init --recursive mpl - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 + uses: aws-actions/configure-aws-credentials@v5 with: aws-region: us-west-2 role-to-assume: arn:aws:iam::370957321024:role/GitHub-CI-Public-ESDK-Dafny-Role-us-west-2 @@ -264,7 +264,7 @@ jobs: name: ${{matrix.os}}_vector_artifact path: AwsEncryptionSDK/net41/vectors - - uses: actions/setup-node@v4 + - uses: actions/setup-node@v5 with: node-version: 17 diff --git a/.github/workflows/library_java_tests.yml b/.github/workflows/library_java_tests.yml index fd95794a1..590e3e5fc 100644 --- a/.github/workflows/library_java_tests.yml +++ b/.github/workflows/library_java_tests.yml @@ -24,7 +24,7 @@ jobs: # TODO just test on mac for now #windows-latest, #ubuntu-22.04, - macos-14, + macos-15, ] runs-on: ${{ matrix.os }} permissions: @@ -35,14 +35,14 @@ jobs: run: | git config --global core.longpaths true - - uses: actions/checkout@v3 + - uses: actions/checkout@v5 - name: Init Submodules run: | git submodule update --init libraries git submodule update --init --recursive mpl - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v2 + uses: aws-actions/configure-aws-credentials@v5 with: aws-region: us-west-2 role-to-assume: arn:aws:iam::370957321024:role/GitHub-CI-Public-ESDK-Dafny-Role-us-west-2 @@ -91,23 +91,29 @@ jobs: java-version: 11 - name: Clean for next Java - uses: gradle/gradle-build-action@v2 + uses: gradle/gradle-build-action@v3 with: arguments: clean build-root-directory: ./${{ matrix.library }}/runtimes/java - name: Compile Java 11 - uses: gradle/gradle-build-action@v2 + uses: gradle/gradle-build-action@v3 with: arguments: build build-root-directory: ./${{ matrix.library }}/runtimes/java - name: Test Java 11 - uses: gradle/gradle-build-action@v2 + uses: gradle/gradle-build-action@v3 with: arguments: runTests build-root-directory: ./${{ matrix.library }}/runtimes/java + - name: Setup Java 8 + uses: actions/setup-java@v5 + with: + distribution: "corretto" + java-version: 8 + - name: Setup Java 17 uses: actions/setup-java@v5 with: @@ -115,19 +121,19 @@ jobs: java-version: 17 - name: Clean for next Java - uses: gradle/gradle-build-action@v2 + uses: gradle/gradle-build-action@v3 with: arguments: clean build-root-directory: ./${{ matrix.library }}/runtimes/java - name: Compile Java 17 - uses: gradle/gradle-build-action@v2 + uses: gradle/gradle-build-action@v3 with: arguments: build build-root-directory: ./${{ matrix.library }}/runtimes/java - name: Test Java 17 - uses: gradle/gradle-build-action@v2 + uses: gradle/gradle-build-action@v3 with: arguments: runTests build-root-directory: ./${{ matrix.library }}/runtimes/java diff --git a/.github/workflows/library_legacy_interop_test_vectors.yml b/.github/workflows/library_legacy_interop_test_vectors.yml index a1ffa3b99..ebde489d7 100644 --- a/.github/workflows/library_legacy_interop_test_vectors.yml +++ b/.github/workflows/library_legacy_interop_test_vectors.yml @@ -51,17 +51,24 @@ jobs: run: | git config --global core.longpaths true - - uses: actions/checkout@v4 + - uses: actions/checkout@v5 with: submodules: "recursive" # Set up runtimes - name: Setup .NET Core SDK ${{ matrix.dotnet-version }} if: matrix.language == 'net' - uses: actions/setup-dotnet@v3 + uses: actions/setup-dotnet@v5 with: dotnet-version: ${{ matrix.dotnet-version }} + - name: Setup Java 8 + if: matrix.language == 'java' + uses: actions/setup-java@v5 + with: + distribution: "corretto" + java-version: 8 + - name: Setup Java 17 if: matrix.language == 'java' uses: actions/setup-java@v5 @@ -76,7 +83,7 @@ jobs: - name: Setup Python for running tests if: matrix.language == 'python' - uses: actions/setup-python@v4 + uses: actions/setup-python@v6 with: python-version: 3.11 architecture: x64 @@ -124,15 +131,9 @@ jobs: CORES=$(node -e 'console.log(os.cpus().length)') make transpile_python CORES=$CORES - - name: Setup gradle - if: matrix.language == 'java' - uses: gradle/gradle-build-action@v2 - with: - gradle-version: 7.2 - # TestVectors will call KMS - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v2 + uses: aws-actions/configure-aws-credentials@v5 with: aws-region: us-west-2 role-to-assume: arn:aws:iam::370957321024:role/GitHub-CI-Public-ESDK-Dafny-Role-us-west-2 diff --git a/.github/workflows/library_net_tests.yml b/.github/workflows/library_net_tests.yml index 457ea791b..6f3569b17 100644 --- a/.github/workflows/library_net_tests.yml +++ b/.github/workflows/library_net_tests.yml @@ -35,7 +35,7 @@ jobs: windows-latest, ubuntu-22.04, # TODO: Re-enable macOS after https://t.corp.amazon.com/P205755286 - # macos-14, + # macos-15, ] runs-on: ${{ matrix.os }} permissions: @@ -48,7 +48,7 @@ jobs: - name: Support longpaths on Git checkout run: | git config --global core.longpaths true - - uses: actions/checkout@v2 + - uses: actions/checkout@v5 - name: Init Submodules shell: bash run: | @@ -56,14 +56,14 @@ jobs: git submodule update --init --recursive mpl - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v2 + uses: aws-actions/configure-aws-credentials@v5 with: aws-region: us-west-2 role-to-assume: arn:aws:iam::370957321024:role/GitHub-CI-Public-ESDK-Dafny-Role-us-west-2 role-session-name: NetTests - name: Setup .NET Core SDK 6 - uses: actions/setup-dotnet@v3 + uses: actions/setup-dotnet@v5 with: dotnet-version: "6.0.x" @@ -145,7 +145,7 @@ jobs: # windows-latest, ubuntu-22.04, # TODO: Re-enable macOS after https://t.corp.amazon.com/P205755286 - # macos-14, + # macos-15, ] runs-on: ${{ matrix.os }} permissions: @@ -158,7 +158,7 @@ jobs: - name: Support longpaths on Git checkout run: | git config --global core.longpaths true - - uses: actions/checkout@v2 + - uses: actions/checkout@v5 - name: Init Submodules shell: bash run: | @@ -166,14 +166,14 @@ jobs: git submodule update --init --recursive mpl - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v2 + uses: aws-actions/configure-aws-credentials@v5 with: aws-region: us-west-2 role-to-assume: arn:aws:iam::370957321024:role/GitHub-CI-Public-ESDK-Dafny-Role-us-west-2 role-session-name: NetTestVectors - name: Setup .NET Core SDK 6 - uses: actions/setup-dotnet@v3 + uses: actions/setup-dotnet@v5 with: dotnet-version: "6.0.x" diff --git a/.github/workflows/library_rust_tests.yml b/.github/workflows/library_rust_tests.yml index 500054d8c..7d67079e2 100644 --- a/.github/workflows/library_rust_tests.yml +++ b/.github/workflows/library_rust_tests.yml @@ -24,7 +24,7 @@ jobs: windows-latest, ubuntu-22.04, # TODO: Re-enable macOS after https://t.corp.amazon.com/P205755286 - # macos-14, + # macos-15, ] runs-on: ${{ matrix.os }} permissions: @@ -34,7 +34,7 @@ jobs: - name: Support longpaths on Git checkout run: | git config --global core.longpaths true - - uses: actions/checkout@v3 + - uses: actions/checkout@v5 - name: Init Submodules shell: bash run: | @@ -42,14 +42,14 @@ jobs: git submodule update --init --recursive mpl - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v2 + uses: aws-actions/configure-aws-credentials@v5 with: aws-region: us-west-2 role-to-assume: arn:aws:iam::370957321024:role/GitHub-CI-Public-ESDK-Dafny-Role-us-west-2 role-session-name: RustTests - name: Setup Rust Toolchain for GitHub CI - uses: actions-rust-lang/setup-rust-toolchain@v1.10.1 + uses: actions-rust-lang/setup-rust-toolchain@v1 with: components: rustfmt @@ -116,7 +116,7 @@ jobs: # windows-latest, ubuntu-22.04, # TODO: Re-enable macOS after https://t.corp.amazon.com/P205755286 - # macos-14, + # macos-15, ] runs-on: ${{ matrix.os }} permissions: @@ -126,7 +126,7 @@ jobs: - name: Support longpaths on Git checkout run: | git config --global core.longpaths true - - uses: actions/checkout@v3 + - uses: actions/checkout@v5 - name: Init Submodules shell: bash run: | @@ -134,14 +134,14 @@ jobs: git submodule update --init --recursive mpl - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v2 + uses: aws-actions/configure-aws-credentials@v5 with: aws-region: us-west-2 role-to-assume: arn:aws:iam::370957321024:role/GitHub-CI-Public-ESDK-Dafny-Role-us-west-2 role-session-name: RustTestVectors - name: Setup Rust Toolchain for GitHub CI - uses: actions-rust-lang/setup-rust-toolchain@v1.10.1 + uses: actions-rust-lang/setup-rust-toolchain@v1 with: components: rustfmt diff --git a/.github/workflows/nighly_dafny.yml b/.github/workflows/nighly_dafny.yml index 4e4b11895..b27e29c26 100644 --- a/.github/workflows/nighly_dafny.yml +++ b/.github/workflows/nighly_dafny.yml @@ -79,7 +79,7 @@ jobs: steps: # We need access to the role that is able to get CI Bot Creds - name: Configure AWS Credentials for Release - uses: aws-actions/configure-aws-credentials@v2 + uses: aws-actions/configure-aws-credentials@v5 with: aws-region: us-west-2 role-to-assume: arn:aws:iam::587316601012:role/GitHub-CI-CI-Bot-Credential-Access-Role-us-west-2 diff --git a/.github/workflows/sem_ver.yml b/.github/workflows/sem_ver.yml index 4c1907b3b..1ee8f18aa 100644 --- a/.github/workflows/sem_ver.yml +++ b/.github/workflows/sem_ver.yml @@ -6,7 +6,7 @@ on: jobs: semantic-release: - runs-on: macos-14 + runs-on: macos-15 permissions: id-token: write contents: read @@ -15,19 +15,19 @@ jobs: run: | git config --global core.longpaths true - - uses: actions/checkout@v3 + - uses: actions/checkout@v5 with: submodules: recursive # We need access to the role that is able to get CI Bot Creds - name: Configure AWS Credentials for Release - uses: aws-actions/configure-aws-credentials@v2 + uses: aws-actions/configure-aws-credentials@v5 with: aws-region: us-west-2 role-to-assume: arn:aws:iam::587316601012:role/GitHub-CI-CI-Bot-Credential-Access-Role-us-west-2 role-session-name: CI_Bot_Release - name: Upgrade Node - uses: actions/setup-node@v4 + uses: actions/setup-node@v5 with: node-version: 21 @@ -48,6 +48,6 @@ jobs: # Test to see if we can setup semantic release - name: Test Semantic Release Installation - uses: actions/checkout@v4 + uses: actions/checkout@v5 - run: | make setup_semantic_release diff --git a/.github/workflows/semantic_release.yml b/.github/workflows/semantic_release.yml index 222562024..bade99131 100644 --- a/.github/workflows/semantic_release.yml +++ b/.github/workflows/semantic_release.yml @@ -15,7 +15,7 @@ jobs: # privileged operation, so we must make sure this list of users is a subset of the users labeled as maintainers of # https://github.com/orgs/aws/teams/aws-crypto-tools if: contains('["seebees","texastony","ShubhamChaturvedi7","lucasmcdonald3","josecorella","imabhichow","rishav-karanjit","antonf-amzn","justplaz","ajewellamz","RitvikKapila"]', github.actor) - runs-on: macos-14 + runs-on: macos-15 permissions: id-token: write contents: write @@ -23,20 +23,20 @@ jobs: - name: Support longpaths on Git checkout run: | git config --global core.longpaths true - - uses: actions/checkout@v3 + - uses: actions/checkout@v5 # We only pull in the submodules we need to build the library - run: git submodule update --init libraries # We need access to the role that is able to get CI Bot Creds - name: Configure AWS Credentials for Release - uses: aws-actions/configure-aws-credentials@v2 + uses: aws-actions/configure-aws-credentials@v5 with: aws-region: us-west-2 role-to-assume: arn:aws:iam::587316601012:role/GitHub-CI-CI-Bot-Credential-Access-Role-us-west-2 role-session-name: CI_Bot_Release - name: Upgrade Node - uses: actions/setup-node@v4 + uses: actions/setup-node@v5 with: node-version: 21 diff --git a/.github/workflows/smithy-diff.yml b/.github/workflows/smithy-diff.yml index 7661bc580..a9231c4b8 100644 --- a/.github/workflows/smithy-diff.yml +++ b/.github/workflows/smithy-diff.yml @@ -13,7 +13,7 @@ jobs: issues: write pull-requests: write steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v5 with: fetch-depth: 0 From 9257c53da3d4b329cfcc38b6e3685cb0c269ae84 Mon Sep 17 00:00:00 2001 From: Andy Jewell Date: Sat, 11 Oct 2025 16:33:10 -0400 Subject: [PATCH 4/4] m --- .../install_smithy_dafny_codegen_dependencies/action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/actions/install_smithy_dafny_codegen_dependencies/action.yml b/.github/actions/install_smithy_dafny_codegen_dependencies/action.yml index 331df4502..95f586fc3 100644 --- a/.github/actions/install_smithy_dafny_codegen_dependencies/action.yml +++ b/.github/actions/install_smithy_dafny_codegen_dependencies/action.yml @@ -38,7 +38,7 @@ runs: - name: Install Go imports shell: bash run: | - go install golang.org/x/tools/cmd/goimports@0.36.0 + go install golang.org/x/tools/cmd/goimports@v0.36.0 # Without this the if-dafny-at-least command includes "Downloading ..." output - name: Arbitrary makefile target to force downloading Gradle