For speed and consistency, our CodeBuild CI build projects utilze prebuilt docker images.
To setup the docker images for local testing or testing in your own AWS account see
the platform specific README in docker_images/*.
Once you have the docker images uploaded to AWS Elastic Container Registry you can setup the AWS CodeBuild projects that use the custom image with the appropriate buildspec files in codebuild/*.
The best way to test AWS-LC locally is to use the same Docker containers AWS CodeBuild uses.
- Install Docker
- Navigate to your AWS-LC project directory
- Build the docker image you want to test
- Run the docker image
- Use
-vto pass a volume from the host to the container,pwd:pwdmounts the same path on the host to the container. This ensures the container will build and test your exact working state. - Use
-wto change to that directory inside the container after launching it
- Use
- Run the build
For example testing x86-64 Ubuntu 20.04 clang 9x:
$ cd $AWS_LC_PROJECT_ROOT
$ docker build -t ubuntu-20.04:clang-9x tests/ci/docker_images/linux-x86/ubuntu-20.04_clang-9x/
$ docker run -v `pwd`:`pwd` -w `pwd` -it ubuntu-20.04:clang-9x
$ ./tests/ci/run_posix_tests.sh
Before building a "non-base" image you need to build the corresponding base one.
For example, to be able to build the ubuntu-20.04_clang-9x image from above,
you first need to build the base image ubuntu-20.04_base. In addition, the
base image has to be built with with the dependencies directory as the context
so it has access to the script that installs dependencies. So the full command
would look like this:
$ docker build -t ubuntu-18.04:base -f tests/ci/docker_images/linux-x86/ubuntu-18.04_base/Dockerfile tests/ci/docker_images/dependencies
For more examples, see build_images.sh script in directories corresponding
to different platforms (linux-x86, linux-aarch, windows).
If you are having issues contacting proxy.golang.org try running the image
with the GOPROXY=direct. For example:
docker run -e GOPROXY=direct -v `pwd`:`pwd` -w `pwd` -it ubuntu-20.04:clang-9xOur CI uses a combination of CodeBuild and GitHub Workflow build environments. Both for transparency and to assist contributors in diagnosing issues, most CI build logs are publicly available. If a CI failure occurs on your pull request and you are unable to diagnose it (whether due to lack of log availability or otherwise), our team will gladly assist you in identifying the cause. For other CI-related concerns, you may submit an issue to our Github repository.
General test suite with a varying set of build options (FIPS (shared-build), non-FIPS, debug, shared, static, etc.) is executed on the following combinations:
| CI Tool | Compiler | CPU | OS | Public Logs |
|---|---|---|---|---|
| CodeBuild | gcc 4.1.3 | x86 | Ubuntu 10.04 | aws-lc-ci-linux-x86 |
| CodeBuild | gcc 4.8.5 | x86 | Centos 7 | aws-lc-ci-linux-x86 |
| CodeBuild | gcc 4.8.5 | x86-64 | Centos 7 | aws-lc-ci-linux-x86 |
| CodeBuild | gcc 5.4.0 | x86 | Ubuntu 16.04 | aws-lc-ci-linux-x86 |
| CodeBuild | gcc 7.3.1 | x86-64 | AL2 | aws-lc-ci-linux-x86 |
| CodeBuild | gcc 7.3.1 | aarch64 | AL2 | aws-lc-ci-linux-arm |
| CodeBuild | gcc 7.5.0 | x86-64 | Ubuntu 18.04 | aws-lc-ci-linux-x86 |
| CodeBuild | gcc 7.5.0 | x86-64 | Ubuntu 20.04 | aws-lc-ci-linux-x86 |
| CodeBuild | gcc 7.5.0 | aarch64 | Ubuntu 20.04 | aws-lc-ci-linux-arm |
| CodeBuild | gcc 8.4.0 | x86-64 | Ubuntu 20.04 | aws-lc-ci-linux-x86 |
| CodeBuild | gcc 8.4.0 | aarch64 | Ubuntu 20.04 | aws-lc-ci-linux-arm |
| CodeBuild | gcc 11 | x86-64 | AL2023 | aws-lc-ci-linux-x86 |
| CodeBuild | gcc 11 | aarch64 | AL2023 | aws-lc-ci-linux-arm |
| CodeBuild | gcc 11 | x86-64 | Ubuntu 22.04 | aws-lc-ci-linux-x86 |
| CodeBuild | gcc 11 | aarch64 | Ubuntu 22.04 | aws-lc-ci-linux-arm |
| CodeBuild | gcc 12 | x86-64 | Ubuntu 22.04 | aws-lc-ci-linux-x86 |
| CodeBuild | gcc 12 | aarch64 | Ubuntu 22.04 | aws-lc-ci-linux-arm |
| CodeBuild | clang 7.0.1 | x86-64 | AL2 | aws-lc-ci-linux-x86 |
| CodeBuild | clang 7.0.1 | aarch64 | AL2 | aws-lc-ci-linux-arm |
| CodeBuild | clang 6.0.0 | x86-64 | Ubuntu 18.04 | aws-lc-ci-linux-x86 |
| CodeBuild | clang 9.0.1 | x86-64 | Fedora 31 | aws-lc-ci-linux-x86 |
| CodeBuild | clang 7.0.1 | x86-64 | Ubuntu 20.04 | aws-lc-ci-linux-x86 |
| CodeBuild | clang 7.0.1 | aarch64 | Ubuntu 20.04 | aws-lc-ci-linux-arm |
| CodeBuild | clang 8.0.1 | x86-64 | Ubuntu 20.04 | aws-lc-ci-linux-x86 |
| CodeBuild | clang 8.0.1 | aarch64 | Ubuntu 20.04 | aws-lc-ci-linux-arm |
| CodeBuild | clang 9.0.1 | x86-64 | Ubuntu 20.04 | aws-lc-ci-linux-x86 |
| CodeBuild | clang 9.0.1 | aarch64 | Ubuntu 20.04 | aws-lc-ci-linux-arm |
| CodeBuild | clang 10.0.0 | x86-64 | Ubuntu 20.04 | aws-lc-ci-linux-x86 |
| CodeBuild | clang 10.0.0 | aarch64 | Ubuntu 20.04 | aws-lc-ci-linux-arm |
| CodeBuild | clang 15.0.6 | x86-64 | AL2023 | aws-lc-ci-linux-x86 |
| CodeBuild | clang 15.0.6 | aarch64 | AL2023 | aws-lc-ci-linux-arm |
| CodeBuild | Visual Studio 2015 | x86-64 | Windows Server 19 | aws-lc-ci-windows-x86 |
| CodeBuild | Visual Studio 2017 | x86-64 | Windows Server 19 | aws-lc-ci-windows-x86 |
| GitHub Workflow | AppleClang 13.0.0 | x86-64 | macOS 11 | macOS-x86 and macOS-x86-FIPS |
| GitHub Workflow | AppleClang 14.0.0 | aarch64 | macOS 12 | macOS-ARM and macOS-ARM-FIPS |
| AWS Device Farm | Android ndkVersion "21.0.6113669" | aarch64 | Android 10 | N/A |
| AWS Device Farm | Android ndkVersion "21.0.6113669" | aarch64 | Android 11 | N/A |
| AWS Device Farm | Android ndkVersion "21.0.6113669" | aarch64 | Android 12 | N/A |
Unfortunately, it's a known issue that the FIPS build has limited support when producing a static library. The static AWS-LC FIPS build is only supported on Linux based platforms for x86_64 and aarch64.
| CI Tool | Compiler | CPU | OS | Public Logs |
|---|---|---|---|---|
| CodeBuild | gcc 4.8.5 | x86-64 | Centos 7 | aws-lc-ci-linux-x86 |
| CodeBuild | gcc 7.3.1 | x86-64 | AL2 | aws-lc-ci-linux-x86 |
| CodeBuild | gcc 7.3.1 | aarch64 | AL2 | aws-lc-ci-linux-arm |
| CodeBuild | gcc 7.5.0 | x86-64 | Ubuntu 18.04 | aws-lc-ci-linux-x86 |
| CodeBuild | gcc 7.5.0 | x86-64 | Ubuntu 20.04 | aws-lc-ci-linux-x86 |
| CodeBuild | gcc 7.5.0 | aarch64 | Ubuntu 20.04 | aws-lc-ci-linux-arm |
| CodeBuild | gcc 8.4.0 | x86-64 | Ubuntu 20.04 | aws-lc-ci-linux-x86 |
| CodeBuild | gcc 8.4.0 | aarch64 | Ubuntu 20.04 | aws-lc-ci-linux-arm |
| CodeBuild | gcc 11 | x86-64 | AL2023 | aws-lc-ci-linux-x86 |
| CodeBuild | gcc 11 | aarch64 | AL2023 | aws-lc-ci-linux-arm |
| CodeBuild | gcc 11 | x86-64 | Ubuntu 22.04 | aws-lc-ci-linux-x86 |
| CodeBuild | gcc 11 | aarch64 | Ubuntu 22.04 | aws-lc-ci-linux-arm |
| CodeBuild | gcc 12 | x86-64 | Ubuntu 22.04 | aws-lc-ci-linux-x86 |
| CodeBuild | gcc 12 | aarch64 | Ubuntu 22.04 | aws-lc-ci-linux-arm |
| CodeBuild | clang 7.0.1 | x86-64 | AL2 | aws-lc-ci-linux-x86 |
| CodeBuild | clang 7.0.1 | aarch64 | AL2 | aws-lc-ci-linux-arm |
| CodeBuild | clang 6.0.0 | x86-64 | Ubuntu 18.04 | aws-lc-ci-linux-x86 |
| CodeBuild | clang 9.0.1 | x86-64 | Fedora 31 | aws-lc-ci-linux-x86 |
| CodeBuild | clang 7.0.1 | x86-64 | Ubuntu 20.04 | aws-lc-ci-linux-x86 |
| CodeBuild | clang 7.0.1 | aarch64 | Ubuntu 20.04 | aws-lc-ci-linux-arm |
| CodeBuild | clang 8.0.1 | x86-64 | Ubuntu 20.04 | aws-lc-ci-linux-x86 |
| CodeBuild | clang 8.0.1 | aarch64 | Ubuntu 20.04 | aws-lc-ci-linux-arm |
| CodeBuild | clang 9.0.1 | x86-64 | Ubuntu 20.04 | aws-lc-ci-linux-x86 |
| CodeBuild | clang 9.0.1 | aarch64 | Ubuntu 20.04 | aws-lc-ci-linux-arm |
| CodeBuild | clang 10.0.0 | x86-64 | Ubuntu 20.04 | aws-lc-ci-linux-x86 |
| CodeBuild | clang 10.0.0 | aarch64 | Ubuntu 20.04 | aws-lc-ci-linux-arm |
| CodeBuild | clang 15.0.6 | x86-64 | AL2023 | aws-lc-ci-linux-x86 |
| CodeBuild | clang 15.0.6 | aarch64 | AL2023 | aws-lc-ci-linux-arm |
| AWS Device Farm | Android ndkVersion "21.0.6113669" | aarch64 | Android 10 | N/A |
| AWS Device Farm | Android ndkVersion "21.0.6113669" | aarch64 | Android 11 | N/A |
| AWS Device Farm | Android ndkVersion "21.0.6113669" | aarch64 | Android 12 | N/A |
Runs all tests with:
- Address sanitizer
- Memory sanitizer
- Control flow integrity
- Thread sanitizer
- Undefined behavior sanitizer
| CI Tool | Compiler | CPU platform | OS | Public Logs |
|---|---|---|---|---|
| CodeBuild | clang 15.0.6 | x86-64 | AL2023 | aws-lc-ci-linux-x86 |
| CodeBuild | clang 15.0.6 | aarch64 | AL2023 | aws-lc-ci-linux-arm |
The following Valgrind tests are run for a subset of targets in utils/all_tests.json using the debug build of AWS-LC:
| CI Tool | Compiler | CPU platform | OS | memcheck | Public Logs |
|---|---|---|---|---|---|
| CodeBuild | gcc 11 | x86-64 | AL2023 | X | aws-lc-ci-linux-x86 |
| CodeBuild | gcc 11 | aarch64 | AL2023 | X | aws-lc-ci-linux-arm |
All Fuzz tests under /fuzz are run in CodeBuild for an hour total.
| CI Tool | Compiler | CPU platform | OS | Flags |
|---|---|---|---|---|
| CodeBuild | clang 10.0.0 | x86-64 | Ubuntu 20.04 | ASAN=1 |
| CodeBuild | clang 10.0.0 | aarch64 | ubuntu 20.04 | ASAN=1 |
To add a new fuzz test create a new executable follow libFuzzer's documentation and existing tests. Generate a seed corpus and check it into a folder with the same name as the executable. The CI will pull in any files from the seed folder and merge it into the growing corpus in EFS.
Each change is built and tested with Cryptofuzz for an hour. A seed corpus is included in tests/docker_images/cryptofuzz_data.zip. As new inputs are found they are saved in a shared corpus across runs in AWS EFS. Cryptofuzz is built with 3 modules:
- AWS-LC
- Botan
- Crypto++
| CI Tool | Compiler | CPU platform | OS | Flags |
|---|---|---|---|---|
| CodeBuild | clang 10.0.0 | x86-64 | Ubuntu 20.04 | ASAN=1 |
| CodeBuild | clang 10.0.0 | aarch64 | Ubuntu 20.04 | ASAN=1 |