From a545eb730602a0c5186c1f7048bfd0f1a83fbc12 Mon Sep 17 00:00:00 2001 From: samuel40791765 Date: Mon, 2 Oct 2023 18:19:23 +0000 Subject: [PATCH 1/2] abstract some ec2 CI logic and add support for c7g --- tests/ci/cdk/app.py | 8 +- ... => aws_lc_ec2_test_framework_ci_stack.py} | 26 ++-- .../codebuild/ec2_test_framework_omnibus.yaml | 30 ++++ .../codebuild/github_ci_macos_m1_omnibus.yaml | 16 --- .../ssm/general_test_run_ssm_document.yaml | 40 ++++++ .../ci/cdk/cdk/ssm/m1_tests_ssm_document.yaml | 4 +- tests/ci/codebuild/common/run_ec2_target.yml | 13 ++ tests/ci/run_ec2_test_framework.sh | 132 ++++++++++++++++++ tests/ci/run_m1_ec2_instance.sh | 2 +- 9 files changed, 237 insertions(+), 34 deletions(-) rename tests/ci/cdk/cdk/{aws_lc_mac_arm_ci_stack.py => aws_lc_ec2_test_framework_ci_stack.py} (87%) create mode 100644 tests/ci/cdk/cdk/codebuild/ec2_test_framework_omnibus.yaml delete mode 100644 tests/ci/cdk/cdk/codebuild/github_ci_macos_m1_omnibus.yaml create mode 100644 tests/ci/cdk/cdk/ssm/general_test_run_ssm_document.yaml create mode 100755 tests/ci/codebuild/common/run_ec2_target.yml create mode 100755 tests/ci/run_ec2_test_framework.sh diff --git a/tests/ci/cdk/app.py b/tests/ci/cdk/app.py index 01322e69d3..7931a6f4af 100644 --- a/tests/ci/cdk/app.py +++ b/tests/ci/cdk/app.py @@ -6,11 +6,11 @@ from aws_cdk import Environment, App # from cdk.bm_framework_stack import BmFrameworkStack -from cdk.aws_lc_mac_arm_ci_stack import AwsLcMacArmCIStack from cdk.aws_lc_analytics_stack import AwsLcGitHubAnalyticsStack +from cdk.aws_lc_android_ci_stack import AwsLcAndroidCIStack from cdk.aws_lc_github_ci_stack import AwsLcGitHubCIStack from cdk.aws_lc_github_fuzz_ci_stack import AwsLcGitHubFuzzCIStack -from cdk.aws_lc_android_ci_stack import AwsLcAndroidCIStack +from cdk.aws_lc_ec2_test_framework_ci_stack import AwsLcEC2TestingCIStack from cdk.linux_docker_image_batch_build_stack import LinuxDockerImageBatchBuildStack from cdk.windows_docker_image_build_stack import WindowsDockerImageBuildStack from cdk.ecr_stack import EcrStack @@ -50,8 +50,8 @@ AwsLcGitHubAnalyticsStack(app, "aws-lc-ci-analytics", analytics_build_spec_file, env=env) # bm_framework_build_spec_file = "cdk/codebuild/bm_framework_omnibus.yaml" # BmFrameworkStack(app, "aws-lc-ci-bm-framework", bm_framework_build_spec_file, env=env) -mac_arm_build_spec_file = "cdk/codebuild/github_ci_macos_m1_omnibus.yaml" -AwsLcMacArmCIStack(app, "aws-lc-ci-macos-arm", mac_arm_build_spec_file, env=env) +ec2_test_framework_build_spec_file = "cdk/codebuild/ec2_test_framework_omnibus.yaml" +AwsLcEC2TestingCIStack(app, "aws-lc-ci-ec2-test-framework", ec2_test_framework_build_spec_file, env=env) android_build_spec_file = "cdk/codebuild/github_ci_android_omnibus.yaml" AwsLcAndroidCIStack(app, "aws-lc-ci-devicefarm-android", android_build_spec_file, env=env) diff --git a/tests/ci/cdk/cdk/aws_lc_mac_arm_ci_stack.py b/tests/ci/cdk/cdk/aws_lc_ec2_test_framework_ci_stack.py similarity index 87% rename from tests/ci/cdk/cdk/aws_lc_mac_arm_ci_stack.py rename to tests/ci/cdk/cdk/aws_lc_ec2_test_framework_ci_stack.py index 4719e98159..bdf52129ed 100644 --- a/tests/ci/cdk/cdk/aws_lc_mac_arm_ci_stack.py +++ b/tests/ci/cdk/cdk/aws_lc_ec2_test_framework_ci_stack.py @@ -9,13 +9,14 @@ from constructs import Construct from cdk.components import PruneStaleGitHubBuilds -from util.metadata import AWS_ACCOUNT, AWS_REGION, GITHUB_PUSH_CI_BRANCH_TARGETS, GITHUB_REPO_OWNER, GITHUB_REPO_NAME -from util.iam_policies import code_build_batch_policy_in_json, ec2_policies_in_json, ssm_policies_in_json, s3_read_write_policy_in_json +from util.metadata import AWS_ACCOUNT, AWS_REGION, GITHUB_PUSH_CI_BRANCH_TARGETS, GITHUB_REPO_OWNER, GITHUB_REPO_NAME, LINUX_AARCH_ECR_REPO, \ + LINUX_X86_ECR_REPO +from util.iam_policies import code_build_batch_policy_in_json, ec2_policies_in_json, ssm_policies_in_json, s3_read_write_policy_in_json, ecr_power_user_policy_in_json from util.build_spec_loader import BuildSpecLoader # detailed documentation can be found here: https://docs.aws.amazon.com/cdk/api/latest/docs/aws-ec2-readme.html -class AwsLcMacArmCIStack(Stack): +class AwsLcEC2TestingCIStack(Stack): """Define a stack used to create a CodeBuild instance on which to execute the AWS-LC m1 ci ec2 instance""" def __init__(self, @@ -25,9 +26,6 @@ def __init__(self, **kwargs) -> None: super().__init__(scope, id, **kwargs) - # Define some variables that will be commonly used - CLOUDWATCH_LOGS = "{}-cw-logs".format(id) - # Define CodeBuild resource. git_hub_source = codebuild.Source.git_hub( owner=GITHUB_REPO_OWNER, @@ -76,7 +74,8 @@ def __init__(self, # S3 bucket for testing internal fixes. s3_read_write_policy = iam.PolicyDocument.from_json(s3_read_write_policy_in_json("aws-lc-codebuild")) - ec2_inline_policies = {"s3_read_write_policy": s3_read_write_policy} + ecr_power_user_policy = iam.PolicyDocument.from_json(ecr_power_user_policy_in_json([LINUX_X86_ECR_REPO, LINUX_AARCH_ECR_REPO])) + ec2_inline_policies = {"s3_read_write_policy": s3_read_write_policy, "ecr_power_user_policy": ecr_power_user_policy} ec2_role = iam.Role(scope=self, id="{}-ec2-role".format(id), role_name="{}-ec2-role".format(id), assumed_by=iam.ServicePrincipal("ec2.amazonaws.com"), @@ -97,18 +96,18 @@ def __init__(self, security_group = ec2.SecurityGroup(self, id="{}-ec2-sg".format(id), allow_all_outbound=True, vpc=vpc, - security_group_name='macos_arm_ec2_sg') + security_group_name='codebuild_ec2_sg') + # MacOS EC2 tag names must be specific for use in general tests/ci/run_m1_ec2_instance.sh script. # Dedicated Hosts are required for Mac ec2 instances. cfn_host = ec2.CfnHost(self, id="{}-dedicated-host".format(id), availability_zone="us-west-2a", auto_placement="off", instance_type="mac2.metal") Tags.of(cfn_host).add("Name", "{}-dedicated-host".format(id)) - # AMI is for M1 MacOS Monterey. ami_id="ami-084c6ab9d03ad4d46" - cfn_instance = ec2.CfnInstance(self, "{}-ec2-instance".format(id), + macos_arm_instance = ec2.CfnInstance(self, "aws-lc-ci-macos-arm-ec2-instance", availability_zone="us-west-2a", tenancy="host", host_id=cfn_host.attr_host_id, @@ -120,4 +119,9 @@ def __init__(self, tags=[CfnTag(key="Name",value="aws-lc-ci-macos-arm-ec2-instance")]) # Define logs for SSM. - logs.LogGroup(self, "{}-cw-logs".format(id), log_group_name=CLOUDWATCH_LOGS) + log_group_name = "{}-cw-logs".format(id) + log_group = logs.CfnLogGroup(self, log_group_name, + log_group_name=log_group_name, + retention_in_days=365, + ) + diff --git a/tests/ci/cdk/cdk/codebuild/ec2_test_framework_omnibus.yaml b/tests/ci/cdk/cdk/codebuild/ec2_test_framework_omnibus.yaml new file mode 100644 index 0000000000..f8d3b4f558 --- /dev/null +++ b/tests/ci/cdk/cdk/codebuild/ec2_test_framework_omnibus.yaml @@ -0,0 +1,30 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 OR ISC + +version: 0.2 + +# Doc for batch https://docs.aws.amazon.com/codebuild/latest/userguide/batch-build-buildspec.html#build-spec.batch.build-list +batch: + build-list: + # Actual tests are ran on an m1 ec2 instance via SSM Commands. + # MacOS is special since the ec2 instance can't be spun up and closed on the fly. + # TODO: Migrate this to Github Actions when https://github.com/actions/runner-images/issues/2187 is resolved. + - identifier: macos_arm_tests + buildspec: ./tests/ci/codebuild/macos-aarch/run_m1_tests.yml + env: + type: LINUX_CONTAINER + privileged-mode: true + compute-type: BUILD_GENERAL1_LARGE + image: 620771051181.dkr.ecr.us-west-2.amazonaws.com/aws-lc-docker-images-linux-x86:ubuntu-20.04_clang-7x-bm-framework_latest + + # Actual tests are ran on an Graviton3 ec2 instance via SSM Commands. + - identifier: graviton3_tests + buildspec: ./tests/ci/codebuild/common/run_ec2_target.yml + env: + type: LINUX_CONTAINER + privileged-mode: true + compute-type: BUILD_GENERAL1_LARGE + image: 620771051181.dkr.ecr.us-west-2.amazonaws.com/aws-lc-docker-images-linux-x86:ubuntu-20.04_clang-7x-bm-framework_latest + variables: + EC2_AMI: "ami-0c79a55dda52434da" + EC2_INSTANCE_TYPE: "c7g.2xlarge" diff --git a/tests/ci/cdk/cdk/codebuild/github_ci_macos_m1_omnibus.yaml b/tests/ci/cdk/cdk/codebuild/github_ci_macos_m1_omnibus.yaml deleted file mode 100644 index 7fa5a78be7..0000000000 --- a/tests/ci/cdk/cdk/codebuild/github_ci_macos_m1_omnibus.yaml +++ /dev/null @@ -1,16 +0,0 @@ -# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. -# SPDX-License-Identifier: Apache-2.0 OR ISC - -version: 0.2 - -# Doc for batch https://docs.aws.amazon.com/codebuild/latest/userguide/batch-build-buildspec.html#build-spec.batch.build-list -batch: - build-list: - # Actual tests are ran on an m1 ec2 instance via SSM Commands. - - identifier: macos_arm_tests - buildspec: ./tests/ci/codebuild/macos-aarch/run_m1_tests.yml - env: - type: LINUX_CONTAINER - privileged-mode: true - compute-type: BUILD_GENERAL1_LARGE - image: 620771051181.dkr.ecr.us-west-2.amazonaws.com/aws-lc-docker-images-linux-x86:ubuntu-20.04_clang-7x-bm-framework_latest diff --git a/tests/ci/cdk/cdk/ssm/general_test_run_ssm_document.yaml b/tests/ci/cdk/cdk/ssm/general_test_run_ssm_document.yaml new file mode 100644 index 0000000000..f3a247490b --- /dev/null +++ b/tests/ci/cdk/cdk/ssm/general_test_run_ssm_document.yaml @@ -0,0 +1,40 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 OR ISC + +--- +schemaVersion: '2.2' +description: aws-lc:bmFrameworkEc2Benchmark +mainSteps: + - action: aws:runShellScript + name: runShellScript + inputs: + timeoutSeconds: '7200' + runCommand: + - sudo -i + - export DEBIAN_FRONTEND=noninteractive + - export CPU_TYPE=$(dpkg --print-architecture) + # if we have a cpu type of x86, we want linux-x86 + - if [ "${CPU_TYPE}" = amd64 ]; then export CPU_ARCH=linux-x86; export AWS_CLI_PREFIX=x86_; sudo sh -c "echo 1 > /sys/devices/system/cpu/intel_pstate/no_turbo"; fi + # if we have a cpu type of arm, we want linux-aarch + - if [ "${CPU_TYPE}" = arm64 ]; then export CPU_ARCH=linux-aarch; export AWS_CLI_PREFIX=aarch; fi + # install aws-cli + - apt-get -y install unzip + - curl "https://awscli.amazonaws.com/awscli-exe-linux-${AWS_CLI_PREFIX}64.zip" -o "awscliv2.zip" + - unzip awscliv2.zip + - ./aws/install + - git clone {GITHUB_REPO} aws-lc-pr + - cd aws-lc-pr + - git checkout {COMMIT_ID} + # install docker if its not already installed + - chmod +x ./tests/ci/benchmark_framework/install_docker.sh + - ./tests/ci/benchmark_framework/install_docker.sh + # log into docker and get needed docker image from ecr + - export ECR_REPO="{AWS_ACCOUNT_ID}.dkr.ecr.us-west-2.amazonaws.com/aws-lc-docker-images-${CPU_ARCH}" + - aws ecr get-login-password --region us-west-2 | docker login -u AWS --password-stdin "${ECR_REPO}" + - docker pull "${ECR_REPO}:amazonlinux-2023_clang-15x_sanitizer" + - # start the container and run the bm script + - exec_docker="docker run --env AWS_ACCOUNT_ID={AWS_ACCOUNT_ID} --env PR_NUM={PR_NUM} --env COMMIT_ID={COMMIT_ID} --env CPU_TYPE=${CPU_TYPE} -v `pwd`:`pwd` -w `pwd` ${ECR_REPO}:amazonlinux-2023_clang-15x_sanitizer_latest" + - chmod +x ./tests/ci/run_posix_sanitizers.sh + - $exec_docker ./tests/ci/run_posix_sanitizers.sh + - chmod +x ./tests/ci/run_fips_tests.sh + - $exec_docker ./tests/ci/run_fips_tests.sh diff --git a/tests/ci/cdk/cdk/ssm/m1_tests_ssm_document.yaml b/tests/ci/cdk/cdk/ssm/m1_tests_ssm_document.yaml index bc5e3637c0..5003889a7f 100644 --- a/tests/ci/cdk/cdk/ssm/m1_tests_ssm_document.yaml +++ b/tests/ci/cdk/cdk/ssm/m1_tests_ssm_document.yaml @@ -10,12 +10,12 @@ mainSteps: inputs: timeoutSeconds: '7200' runCommand: + - export HOME="/var/root" + - export SOURCE={SOURCE} - eval $(/opt/homebrew/bin/brew shellenv) - sudo su - BUILD_ROOT=$(mktemp -d) - cd ${BUILD_ROOT} - - export HOME="/var/root" - - export SOURCE={SOURCE} - trap "rm -rf ${BUILD_ROOT}" EXIT # Check if the source code is on S3, otherwise treat the source as a PR. - > diff --git a/tests/ci/codebuild/common/run_ec2_target.yml b/tests/ci/codebuild/common/run_ec2_target.yml new file mode 100755 index 0000000000..80f4f3b7f1 --- /dev/null +++ b/tests/ci/codebuild/common/run_ec2_target.yml @@ -0,0 +1,13 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 OR ISC + +version: 0.2 + +env: + variables: + GOPROXY: https://proxy.golang.org,direct + +phases: + build: + commands: + - ./tests/ci/run_ec2_test_framework.sh "${EC2_AMI}" "${EC2_INSTANCE_TYPE}" diff --git a/tests/ci/run_ec2_test_framework.sh b/tests/ci/run_ec2_test_framework.sh new file mode 100755 index 0000000000..c1b347f53a --- /dev/null +++ b/tests/ci/run_ec2_test_framework.sh @@ -0,0 +1,132 @@ +#!/bin/bash +set -exo pipefail +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 OR ISC + +# Please run from project root folder! +# You'll want to set the codebuild env variables set if running locally +source tests/ci/common_ssm_setup.sh + +AWS_ACCOUNT_ID=$(aws sts get-caller-identity --query Account --output text) + +# Cleanup AWS resources. +cleanup() { + set +e + aws ec2 terminate-instances --instance-ids "${instance_id}" + aws ssm delete-document --name "${ssm_doc_name}" +} + +generate_ssm_document_file() { + # use sed to replace placeholder values inside preexisting document + sed -e "s,{AWS_ACCOUNT_ID},${AWS_ACCOUNT_ID},g" \ + -e "s,{PR_NUM},${CODEBUILD_WEBHOOK_TRIGGER},g" \ + -e "s,{COMMIT_ID},${CODEBUILD_SOURCE_VERSION},g" \ + -e "s,{GITHUB_REPO},${CODEBUILD_SOURCE_REPO_URL},g" \ + tests/ci/cdk/cdk/ssm/general_test_run_ssm_document.yaml \ + > "tests/ci/cdk/cdk/ssm/${ec2_ami_id}_ssm_document.yaml" +} + +#$1 for ami, $2 for instance-type, echos the instance id so we can capture the output +create_ec2_instances() { + local instance_id + instance_id="$(aws ec2 run-instances --image-id "$1" --count 1 \ + --instance-type "$2" --security-group-ids "${sg_id}" --subnet-id "${subnet_id}" \ + --block-device-mappings 'DeviceName="/dev/sda1",Ebs={DeleteOnTermination=True,VolumeSize=200}' \ + --tag-specifications 'ResourceType="instance",Tags=[{Key="aws-lc",Value="aws-lc-ci-ec2-test-framework-ec2-x86-instance"}]' \ + --iam-instance-profile Name=aws-lc-ci-ec2-test-framework-ec2-profile \ + --placement 'AvailabilityZone=us-west-2a' \ + --query Instances[*].InstanceId --output text)" + echo "${instance_id}" +} + +trap cleanup EXIT + +# print some information for reference +echo GitHub PR Number: "${CODEBUILD_WEBHOOK_TRIGGER}" +echo GitHub Commit Version: "${CODEBUILD_SOURCE_VERSION}" +echo AWS Account ID: "${AWS_ACCOUNT_ID}" +echo GitHub Repo Link: "${CODEBUILD_SOURCE_REPO_URL}" +export ec2_ami_id="$1" +export ec2_instance_type="$2" +export s3_bucket_name="aws-lc-codebuild" + +# Get resources for ec2 instances. These were created with the cdk script. +vpc_id="$(aws ec2 describe-vpcs --filter Name=tag:Name,Values=aws-lc-ci-ec2-test-framework/aws-lc-ci-ec2-test-framework-ec2-vpc --query Vpcs[*].VpcId --output text)" +sg_id="$(aws ec2 describe-security-groups --filter Name=vpc-id,Values="${vpc_id}" --filter Name=group-name,Values=codebuild_ec2_sg --query SecurityGroups[*].GroupId --output text)" +subnet_id="$(aws ec2 describe-subnets --filter Name=vpc-id,Values="${vpc_id}" --filter Name=state,Values=available --filter Name=tag:Name,Values=aws-lc-ci-ec2-test-framework/aws-lc-ci-ec2-test-framework-ec2-vpc/PrivateSubnet1 --query Subnets[*].SubnetId --output text)" + +# create the ssm documents that will be used for the various ssm commands +generate_ssm_document_file + +# create ec2 instances +instance_id=$(create_ec2_instances "${ec2_ami_id}" "${ec2_instance_type}") +if [[ -z "${instance_id}" ]]; then + exit 1 +fi + +# Give a few minutes for the ec2 instance to be ready +sleep 60 +for i in {1..30}; do + status=$(aws ssm describe-instance-information --filter Key="InstanceIds",Values="${instance_id}" \ + --query InstanceInformationList[*].PingStatus --output text) + if [ "${status}" == Online ]; then + break + fi + echo "Wait for instances to be able to run the SSM commands" + + # if we've hit the 30 minute mark and still aren't ready, then something has gone wrong + if [ "${i}" = 30 ]; then exit 1; fi + sleep 60 +done + + +# Create, and run ssm command. +ssm_doc_name=$(create_ssm_document "${ec2_ami_id}") + +cloudwatch_group_name="aws-lc-ci-ec2-test-framework-cw-logs" +ec2_test_ssm_command_id=$(run_ssm_command "${ssm_doc_name}" "${instance_id}" ${cloudwatch_group_name}) + +run_url="https://${AWS_REGION}.console.aws.amazon.com/cloudwatch/home?region=${AWS_REGION}\ +#logsV2:log-groups/log-group/${cloudwatch_group_name}/log-events/\ +${ec2_test_ssm_command_id}\$252F${instance_id}\$252FrunShellScript\$252Fstdout" + +echo "Actual Run in EC2 can be observered at CloudWatch URL: ${run_url}" + +# Give some time for the commands to run +done=false +success=false +for i in {1..45}; do + echo "${i}: Continue to wait 2 min for SSM commands to finish." + sleep 120 + + ssm_command_status="$(aws ssm list-commands --command-id "${ec2_test_ssm_command_id}" --query Commands[*].Status --output text)" + ssm_target_count="$(aws ssm list-commands --command-id "${ec2_test_ssm_command_id}" --query Commands[*].TargetCount --output text)" + ssm_completed_count="$(aws ssm list-commands --command-id "${ec2_test_ssm_command_id}" --query Commands[*].CompletedCount --output text)" + if [[ ${ssm_command_status} == 'Success' && ${ssm_completed_count} == "${ssm_target_count}" ]]; then + echo "SSM command ${ec2_test_ssm_command_id} finished successfully." + success=true + done=true + elif [[ ${ssm_command_status} == 'Failed' && ${ssm_completed_count} == "${ssm_target_count}" ]]; then + echo "SSM command ${ec2_test_ssm_command_id} failed." + done=true + else + # Still running. + done=false + fi + + # if after the loop finish and done is still true, then we're done + if [ "${done}" = true ]; then + echo "EC2 SSM command has finished." + + # if success is still true here, then none of the commands failed + if [ "${success}" == true ]; then + echo "EC2 SSM command succeeded!" + exit 0 + else + echo "EC2 SSM command failed!" + exit 1 + fi + break + fi +done +exit 1 diff --git a/tests/ci/run_m1_ec2_instance.sh b/tests/ci/run_m1_ec2_instance.sh index 7bac0d6764..f33ed139c1 100755 --- a/tests/ci/run_m1_ec2_instance.sh +++ b/tests/ci/run_m1_ec2_instance.sh @@ -25,7 +25,7 @@ echo GitHub Branch Name: "${CODEBUILD_WEBHOOK_HEAD_REF}" AWS_ACCOUNT_ID=$(aws sts get-caller-identity --query Account --output text) echo AWS Account ID: "${AWS_ACCOUNT_ID}" echo GitHub Repo Link: "${CODEBUILD_SOURCE_REPO_URL}" -export cloudwatch_group_name="aws-lc-ci-macos-arm-cw-logs" +export cloudwatch_group_name="aws-lc-ci-ec2-test-framework-cw-logs" export s3_bucket_name="aws-lc-codebuild" # get information for ec2 instances From c6dea97479f2af3e0402dbbb1c64cd86ca60b9b2 Mon Sep 17 00:00:00 2001 From: samuel40791765 Date: Wed, 4 Oct 2023 22:04:37 +0000 Subject: [PATCH 2/2] PR comments; minor tweaks and variable abstractions --- tests/ci/cdk/cdk/codebuild/ec2_test_framework_omnibus.yaml | 1 + tests/ci/cdk/cdk/ssm/general_test_run_ssm_document.yaml | 4 ++-- tests/ci/codebuild/common/run_ec2_target.yml | 2 +- tests/ci/run_ec2_test_framework.sh | 4 +++- tests/ci/run_m1_ec2_instance.sh | 2 +- 5 files changed, 8 insertions(+), 5 deletions(-) diff --git a/tests/ci/cdk/cdk/codebuild/ec2_test_framework_omnibus.yaml b/tests/ci/cdk/cdk/codebuild/ec2_test_framework_omnibus.yaml index f8d3b4f558..53e498b434 100644 --- a/tests/ci/cdk/cdk/codebuild/ec2_test_framework_omnibus.yaml +++ b/tests/ci/cdk/cdk/codebuild/ec2_test_framework_omnibus.yaml @@ -28,3 +28,4 @@ batch: variables: EC2_AMI: "ami-0c79a55dda52434da" EC2_INSTANCE_TYPE: "c7g.2xlarge" + ECR_DOCKER_TAG: "amazonlinux-2023_clang-15x_sanitizer" \ No newline at end of file diff --git a/tests/ci/cdk/cdk/ssm/general_test_run_ssm_document.yaml b/tests/ci/cdk/cdk/ssm/general_test_run_ssm_document.yaml index f3a247490b..28b90d14f1 100644 --- a/tests/ci/cdk/cdk/ssm/general_test_run_ssm_document.yaml +++ b/tests/ci/cdk/cdk/ssm/general_test_run_ssm_document.yaml @@ -31,9 +31,9 @@ mainSteps: # log into docker and get needed docker image from ecr - export ECR_REPO="{AWS_ACCOUNT_ID}.dkr.ecr.us-west-2.amazonaws.com/aws-lc-docker-images-${CPU_ARCH}" - aws ecr get-login-password --region us-west-2 | docker login -u AWS --password-stdin "${ECR_REPO}" - - docker pull "${ECR_REPO}:amazonlinux-2023_clang-15x_sanitizer" + - docker pull "${ECR_REPO}:{ECR_DOCKER_TAG}" - # start the container and run the bm script - - exec_docker="docker run --env AWS_ACCOUNT_ID={AWS_ACCOUNT_ID} --env PR_NUM={PR_NUM} --env COMMIT_ID={COMMIT_ID} --env CPU_TYPE=${CPU_TYPE} -v `pwd`:`pwd` -w `pwd` ${ECR_REPO}:amazonlinux-2023_clang-15x_sanitizer_latest" + - exec_docker="docker run --env AWS_ACCOUNT_ID={AWS_ACCOUNT_ID} --env PR_NUM={PR_NUM} --env COMMIT_ID={COMMIT_ID} --env CPU_TYPE=${CPU_TYPE} -v `pwd`:`pwd` -w `pwd` ${ECR_REPO}:{ECR_DOCKER_TAG}_latest" - chmod +x ./tests/ci/run_posix_sanitizers.sh - $exec_docker ./tests/ci/run_posix_sanitizers.sh - chmod +x ./tests/ci/run_fips_tests.sh diff --git a/tests/ci/codebuild/common/run_ec2_target.yml b/tests/ci/codebuild/common/run_ec2_target.yml index 80f4f3b7f1..bf2b6b9525 100755 --- a/tests/ci/codebuild/common/run_ec2_target.yml +++ b/tests/ci/codebuild/common/run_ec2_target.yml @@ -10,4 +10,4 @@ env: phases: build: commands: - - ./tests/ci/run_ec2_test_framework.sh "${EC2_AMI}" "${EC2_INSTANCE_TYPE}" + - ./tests/ci/run_ec2_test_framework.sh "${EC2_AMI}" "${EC2_INSTANCE_TYPE}" "${ECR_DOCKER_TAG}" diff --git a/tests/ci/run_ec2_test_framework.sh b/tests/ci/run_ec2_test_framework.sh index c1b347f53a..9c121e1df3 100755 --- a/tests/ci/run_ec2_test_framework.sh +++ b/tests/ci/run_ec2_test_framework.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash set -exo pipefail # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. # SPDX-License-Identifier: Apache-2.0 OR ISC @@ -22,6 +22,7 @@ generate_ssm_document_file() { -e "s,{PR_NUM},${CODEBUILD_WEBHOOK_TRIGGER},g" \ -e "s,{COMMIT_ID},${CODEBUILD_SOURCE_VERSION},g" \ -e "s,{GITHUB_REPO},${CODEBUILD_SOURCE_REPO_URL},g" \ + -e "s,{ECR_DOCKER_TAG},${ecr_docker_tag},g" \ tests/ci/cdk/cdk/ssm/general_test_run_ssm_document.yaml \ > "tests/ci/cdk/cdk/ssm/${ec2_ami_id}_ssm_document.yaml" } @@ -48,6 +49,7 @@ echo AWS Account ID: "${AWS_ACCOUNT_ID}" echo GitHub Repo Link: "${CODEBUILD_SOURCE_REPO_URL}" export ec2_ami_id="$1" export ec2_instance_type="$2" +export ecr_docker_tag="$3" export s3_bucket_name="aws-lc-codebuild" # Get resources for ec2 instances. These were created with the cdk script. diff --git a/tests/ci/run_m1_ec2_instance.sh b/tests/ci/run_m1_ec2_instance.sh index f33ed139c1..ce77e3e0d0 100755 --- a/tests/ci/run_m1_ec2_instance.sh +++ b/tests/ci/run_m1_ec2_instance.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash set -exo pipefail # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. # SPDX-License-Identifier: Apache-2.0 OR ISC