From 5d8bb47dc31dfa43ba54dbe2906b533e67f27b12 Mon Sep 17 00:00:00 2001
From: thanhnguyen-aws <ntson@amazon.com>
Date: Wed, 27 Nov 2024 13:47:06 -0800
Subject: [PATCH 1/5] build linux bundle on Ubuntu 20.04

---
 .github/workflows/release.yml | 94 +++--------------------------------
 1 file changed, 7 insertions(+), 87 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 36aee463061a..da600486beae 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -75,63 +75,28 @@ jobs:
   build_bundle_linux:
     name: BuildBundle-Linux
     runs-on: ubuntu-20.04
+    permissions:
+      contents: write
     outputs:
-      # The bundle version (latest or the version to be released)
       version: ${{ steps.bundle.outputs.version }}
       bundle: ${{ steps.bundle.outputs.bundle }}
       package: ${{ steps.bundle.outputs.package }}
       crate_version: ${{ steps.bundle.outputs.crate_version }}
-    container:
-      # Build using ubuntu 18 due to compatibility issues with older OS.
-      image: ubuntu:18.04
-      volumes:
-        - /usr/local:/mnt/host-local
     steps:
-
-      - name: Free up docker disk space
-        run: |
-          # inspired by https://github.com/easimon/maximize-build-space/blob/master/action.yml
-          df -h
-          rm -r /mnt/host-local/lib/android /mnt/host-local/.ghcup
-          df -h
-
-      # This is required before checkout because the container does not
-      # have Git installed, so cannot run checkout action.
-      # The checkout action requires Git >=2.18 and python 3.7, so use the Git maintainers' PPA.
-      # and the "deadsnakes" PPA, as the default version of python on ubuntu 22.04 is Python 3.10
-      - name: Install system dependencies
-        run: |
-          apt-get update
-          apt-get install -y software-properties-common apt-utils
-          add-apt-repository ppa:git-core/ppa
-          add-apt-repository ppa:deadsnakes/ppa
-          add-apt-repository ppa:ubuntu-toolchain-r/test
-          apt-get update
-          apt-get install -y \
-            build-essential bash-completion curl lsb-release sudo g++-9 gcc-9 flex \
-            bison make patch git python3.7 python3.7-dev python3.7-distutils
-          update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-9 110 \
-            --slave /usr/bin/g++ g++ /usr/bin/g++-9
-          ln -sf cpp-9 /usr/bin/cpp
-          update-alternatives --install /usr/bin/python3 python3 /usr/bin/python3.7 1
-          curl -s https://bootstrap.pypa.io/pip/3.7/get-pip.py -o get-pip.py
-          python3 get-pip.py --force-reinstall
-          rm get-pip.py
-
-      - name: Checkout Kani
-        uses: actions/checkout@v3
+      - name: Checkout code
+        uses: actions/checkout@v4
 
       - name: Setup Kani Dependencies
         uses: ./.github/actions/setup
         with:
-          os: ubuntu-18.04
+          os: ubuntu-20.04
 
       - name: Build bundle
         id: bundle
         uses: ./.github/actions/build-bundle
         with:
           os: linux
-          arch: x86_64-unknown-linux-gnu
+          arch: x86_64-unknown-linux-gnu 
 
   test-use-local-toolchain:
     name: TestLocalToolchain
@@ -279,56 +244,11 @@ jobs:
             popd
           done
 
-  # This job will run tests for platforms that don't have a respective GitHub worker.
-  # For now, we only test for Ubuntu-18.04 so we don't bother using matrix to configure the platform.
-  test_alt_platform:
-    name: TestAlternativePlatforms
-    needs: [build_bundle_linux]
-    runs-on: ubuntu-22.04
-    env:
-      PKG: ${{ needs.build_bundle_linux.outputs.package }}
-      BUNDLE: ${{ needs.build_bundle_linux.outputs.bundle }}
-      VERSION: ${{ needs.build_bundle_linux.outputs.crate_version }}
-      KANI_SRC: ./kani_src
-    steps:
-      - name: Checkout Kani
-        uses: actions/checkout@v4
-        with:
-          path: ${{ env.KANI_SRC }}
-
-      - name: Download bundle
-        uses: actions/download-artifact@v3
-        with:
-          name: ${{ env.BUNDLE }}
-
-      - name: Download kani-verifier crate
-        uses: actions/download-artifact@v3
-        with:
-          name: ${{ env.PKG }}
-
-      - name: Build container test
-        run: |
-          docker build -t kani-18-04 -f ${{ env.KANI_SRC }}/scripts/ci/Dockerfile.bundle-test-ubuntu-18-04 .
-
-      - name: Run installed tests
-        run: |
-          for dir in simple-lib build-rs-works simple-kissat; do
-            >&2 echo "Running test $dir"
-            docker run -v /var/run/docker.sock:/var/run/docker.sock \
-              -w /tmp/kani/tests/cargo-kani/$dir kani-18-04 cargo kani
-          done
-
-          # While the above test OS issues, now try testing with nightly as
-          # default:
-          docker run -v /var/run/docker.sock:/var/run/docker.sock \
-            -w /tmp/kani/tests/cargo-kani/simple-lib kani-18-04  \
-            bash -c "rustup default nightly && cargo kani"
-
   kani_release:
     if: ${{ github.event_name == 'push' && startsWith(github.ref, 'refs/tags/kani-') }}
     name: Release
     runs-on: ubuntu-20.04
-    needs: [build_bundle_macos, build_bundle_macos_aarch64, build_bundle_linux, test_bundle, test_alt_platform]
+    needs: [build_bundle_macos, build_bundle_macos_aarch64, build_bundle_linux, test_bundle]
     permissions:
       contents: write
     outputs:

From 8382ee640e637dbc29688fedbd92bd9947930f03 Mon Sep 17 00:00:00 2001
From: thanhnguyen-aws <ntson@amazon.com>
Date: Wed, 27 Nov 2024 13:49:00 -0800
Subject: [PATCH 2/5] delete Ubuntu 18.04 docker

---
 .../ci/Dockerfile.bundle-test-ubuntu-18-04    | 37 -------------------
 1 file changed, 37 deletions(-)
 delete mode 100644 scripts/ci/Dockerfile.bundle-test-ubuntu-18-04

diff --git a/scripts/ci/Dockerfile.bundle-test-ubuntu-18-04 b/scripts/ci/Dockerfile.bundle-test-ubuntu-18-04
deleted file mode 100644
index c3f89fec1259..000000000000
--- a/scripts/ci/Dockerfile.bundle-test-ubuntu-18-04
+++ /dev/null
@@ -1,37 +0,0 @@
-# Copyright Kani Contributors
-# SPDX-License-Identifier: Apache-2.0 OR MIT
-
-# Note: this file is intended only for testing the kani release bundle
-# This docker assumes the following locations:
-# - ./kani_src/: Kani source code
-# - ./kani-*tar.gz/: The Kani release bundle. E.g. `kani-0.39.0-x86_64-unknown-linux-gnu.tar.gz`
-# - ./linux-kani-verifier.crate: The kani-verifier package
-
-FROM ubuntu:18.04
-ENV DEBIAN_FRONTEND=noninteractive \
-    DEBCONF_NONINTERACTIVE_SEEN=true
-
-RUN apt-get update && \
-    apt-get install --no-install-recommends -y build-essential software-properties-common && \
-    add-apt-repository -y ppa:deadsnakes/ppa && \
-    apt install --no-install-recommends -y python3.7 python3.7-dev python3.7-distutils curl ctags
-
-RUN update-alternatives --install /usr/bin/python3 python3 /usr/bin/python3.7 1
-
-RUN curl -s https://bootstrap.pypa.io/pip/3.7/get-pip.py -o get-pip.py && \
-    python3 get-pip.py --force-reinstall && \
-    rm get-pip.py
-
-RUN curl -sSf https://sh.rustup.rs | sh -s -- -y
-ENV PATH="/root/.cargo/bin:${PATH}"
-
-WORKDIR /tmp/kani
-COPY ./kani_src/tests ./tests
-
-# This will extract things into kani-verifier-${VERSION} folder
-COPY ./linux-kani-verifier.crate ./kani-verifier.crate
-RUN tar zxvf ./kani-verifier.crate
-RUN cargo install --path ./kani-verifier-*
-
-COPY ./kani-*.tar.gz ./
-RUN cargo-kani setup --use-local-bundle ./kani-*.tar.gz

From 3c3f27c0e65e73fd6946aeb20b3e40a3ab1d7488 Mon Sep 17 00:00:00 2001
From: thanhnguyen-aws <ntson@amazon.com>
Date: Wed, 27 Nov 2024 14:57:03 -0800
Subject: [PATCH 3/5] Update .github/workflows/release.yml

Co-authored-by: Celina G. Val <celinval@amazon.com>
---
 .github/workflows/release.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index da600486beae..35b8680f2b0d 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -96,7 +96,7 @@ jobs:
         uses: ./.github/actions/build-bundle
         with:
           os: linux
-          arch: x86_64-unknown-linux-gnu 
+          arch: x86_64-unknown-linux-gnu
 
   test-use-local-toolchain:
     name: TestLocalToolchain

From c02dac41410d0eb13407ee147fa3c10a8c69154f Mon Sep 17 00:00:00 2001
From: thanhnguyen-aws <ntson@amazon.com>
Date: Wed, 27 Nov 2024 16:06:38 -0800
Subject: [PATCH 4/5] remove permission for build-bundle-linus

---
 .github/workflows/release.yml | 2 --
 1 file changed, 2 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index da600486beae..313ba132ec87 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -75,8 +75,6 @@ jobs:
   build_bundle_linux:
     name: BuildBundle-Linux
     runs-on: ubuntu-20.04
-    permissions:
-      contents: write
     outputs:
       version: ${{ steps.bundle.outputs.version }}
       bundle: ${{ steps.bundle.outputs.bundle }}

From e9bb55fb2428eb95902bd5dc0dea2e3747beaad6 Mon Sep 17 00:00:00 2001
From: thanhnguyen-aws <ntson@amazon.com>
Date: Wed, 27 Nov 2024 16:29:51 -0800
Subject: [PATCH 5/5] remove permissions

---
 .github/workflows/release.yml | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index dd34533b4f06..350ccc026633 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -23,8 +23,6 @@ jobs:
   build_bundle_macos:
     name: BuildBundle-MacOs
     runs-on: macos-13
-    permissions:
-      contents: write
     outputs:
       version: ${{ steps.bundle.outputs.version }}
       bundle: ${{ steps.bundle.outputs.bundle }}
@@ -49,8 +47,6 @@ jobs:
   build_bundle_macos_aarch64:
     name: BuildBundle-MacOs-ARM
     runs-on: macos-14
-    permissions:
-      contents: write
     outputs:
       version: ${{ steps.bundle.outputs.version }}
       bundle: ${{ steps.bundle.outputs.bundle }}
@@ -247,8 +243,6 @@ jobs:
     name: Release
     runs-on: ubuntu-20.04
     needs: [build_bundle_macos, build_bundle_macos_aarch64, build_bundle_linux, test_bundle]
-    permissions:
-      contents: write
     outputs:
       version: ${{ steps.versioning.outputs.version }}
       upload_url: ${{ steps.create_release.outputs.upload_url }}