Skip to content

Commit 287484f

Browse files
skmcgrailskmcgrail
committed
Use new images for fuzzing
1 parent d826708 commit 287484f

File tree

7 files changed

+23
-27
lines changed

7 files changed

+23
-27
lines changed

tests/ci/cdk/cdk/aws_lc_github_ci_x509_stack.py

Lines changed: 0 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,6 @@
22

33
from aws_cdk import (
44
Duration,
5-
Stack,
65
aws_codebuild as codebuild,
76
aws_s3 as s3,
87
Environment,
@@ -11,15 +10,6 @@
1110

1211
from cdk.aws_lc_base_ci_stack import AwsLcBaseCiStack
1312
from util.build_spec_loader import BuildSpecLoader
14-
from util.metadata import (
15-
GITHUB_PUSH_CI_BRANCH_TARGETS,
16-
GITHUB_REPO_NAME,
17-
GITHUB_REPO_OWNER,
18-
PRE_PROD_ACCOUNT,
19-
STAGING_GITHUB_REPO_OWNER,
20-
STAGING_GITHUB_REPO_NAME,
21-
)
22-
2313

2414
class AwsLcGitHubX509CIStack(AwsLcBaseCiStack):
2515
def __init__(

tests/ci/cdk/cdk/aws_lc_github_fuzz_ci_stack.py

Lines changed: 0 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,6 @@
55
from aws_cdk import (
66
Duration,
77
Size,
8-
Stack,
98
aws_codebuild as codebuild,
109
aws_iam as iam,
1110
aws_ec2 as ec2,
@@ -20,14 +19,6 @@
2019
code_build_batch_policy_in_json,
2120
code_build_publish_metrics_in_json,
2221
)
23-
from util.metadata import (
24-
GITHUB_PUSH_CI_BRANCH_TARGETS,
25-
GITHUB_REPO_OWNER,
26-
GITHUB_REPO_NAME,
27-
PRE_PROD_ACCOUNT,
28-
STAGING_GITHUB_REPO_OWNER,
29-
STAGING_GITHUB_REPO_NAME,
30-
)
3122
from util.build_spec_loader import BuildSpecLoader
3223

3324

tests/ci/cdk/cdk/codebuild/github_ci_fuzzing_omnibus.yaml

Lines changed: 8 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -13,8 +13,9 @@ batch:
1313
type: LINUX_CONTAINER
1414
privileged-mode: true
1515
compute-type: BUILD_GENERAL1_LARGE
16-
image: 620771051181.dkr.ecr.us-west-2.amazonaws.com/aws-lc-docker-images-linux-x86:amazonlinux-2023_clang-15x_sanitizer_latest
16+
image: 620771051181.dkr.ecr.us-west-2.amazonaws.com/aws-lc/amazonlinux:2023
1717
variables:
18+
AWS_LC_CI_COMPILER_ENV: clang-15
1819
AWS_LC_CI_TARGET: "tests/ci/run_fuzz_tests.sh"
1920

2021
- identifier: al2023_clang14_arm_fuzz
@@ -23,8 +24,9 @@ batch:
2324
type: ARM_CONTAINER
2425
privileged-mode: true
2526
compute-type: BUILD_GENERAL1_LARGE
26-
image: 620771051181.dkr.ecr.us-west-2.amazonaws.com/aws-lc-docker-images-linux-aarch:amazonlinux-2023_clang-15x_sanitizer_latest
27+
image: 620771051181.dkr.ecr.us-west-2.amazonaws.com/aws-lc/amazonlinux:2023
2728
variables:
29+
AWS_LC_CI_COMPILER_ENV: clang-15
2830
AWS_LC_CI_TARGET: "tests/ci/run_fuzz_tests.sh"
2931

3032
- identifier: al2023_clang15_x86_64_cryptofuzz
@@ -33,8 +35,9 @@ batch:
3335
type: LINUX_CONTAINER
3436
privileged-mode: true
3537
compute-type: BUILD_GENERAL1_LARGE
36-
image: 620771051181.dkr.ecr.us-west-2.amazonaws.com/aws-lc-docker-images-linux-x86:amazonlinux-2023_clang-15x_cryptofuzz_latest
38+
image: 620771051181.dkr.ecr.us-west-2.amazonaws.com/aws-lc/amazonlinux:2023
3739
variables:
40+
AWS_LC_CI_COMPILER_ENV: clang-15
3841
AWS_LC_CI_TARGET: "tests/ci/run_cryptofuzz.sh"
3942

4043
- identifier: al2023_clang15_arm_cryptofuzz
@@ -43,6 +46,7 @@ batch:
4346
type: ARM_CONTAINER
4447
privileged-mode: true
4548
compute-type: BUILD_GENERAL1_LARGE
46-
image: 620771051181.dkr.ecr.us-west-2.amazonaws.com/aws-lc-docker-images-linux-aarch:amazonlinux-2023_clang-15x_cryptofuzz_latest
49+
image: 620771051181.dkr.ecr.us-west-2.amazonaws.com/aws-lc/amazonlinux:2023
4750
variables:
51+
AWS_LC_CI_COMPILER_ENV: clang-15
4852
AWS_LC_CI_TARGET: "tests/ci/run_cryptofuzz.sh"

tests/ci/cdk/cdk/codebuild/github_ci_x509_omnibus.yaml

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,7 @@ batch:
1313
type: LINUX_CONTAINER
1414
privileged-mode: true
1515
compute-type: BUILD_GENERAL1_LARGE
16-
image: 620771051181.dkr.ecr.us-west-2.amazonaws.com/aws-lc-docker-images-linux-x86:amazonlinux-2023_x509_latest
16+
image: 620771051181.dkr.ecr.us-west-2.amazonaws.com/aws-lc/amazonlinux:2023_x509
1717
variables:
18+
AWS_LC_CI_COMPILER_ENV: gcc
1819
AWS_LC_CI_TARGET: "tests/ci/run_x509_limbo.sh"

tests/ci/cdk/cdk/ecr_stack.py

Lines changed: 11 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -41,6 +41,7 @@ class EcrRepoDataClass:
4141
cdk_id: str
4242
ecr_name: str
4343
allow_scrutinice_pull: bool = False
44+
allow_codebuild_pull: bool = False
4445

4546

4647
class PrivateEcrStackV2(Stack):
@@ -89,20 +90,25 @@ def __init__(self,
8990
for x in [
9091
EcrRepoDataClass("aws-lc-ecr-ubuntu", UBUNTU_ECR_REPO),
9192
EcrRepoDataClass("aws-lc-ecr-amazonlinux",
92-
AMAZONLINUX_ECR_REPO, allow_scrutinice_pull=True),
93+
AMAZONLINUX_ECR_REPO,
94+
allow_scrutinice_pull=True,
95+
allow_codebuild_pull=True),
9396
EcrRepoDataClass("aws-lc-ecr-fedora", FEDORA_ECR_REPO),
9497
EcrRepoDataClass("aws-lc-ecr-centos", CENTOS_ECR_REPO),
9598
EcrRepoDataClass("aws-lc-ecr-windows", WINDOWS_ECR_REPO),
9699
EcrRepoDataClass("aws-lc-ecr-verification", VERIFICATION_ECR_REPO),
97100
EcrRepoDataClass("aws-lc-ecr-android", ANDROID_ECR_REPO),
98101
]:
99-
EcrPrivateRepo(self, x.cdk_id, repo_name=x.ecr_name, allow_scrutinice_pull=x.allow_scrutinice_pull)
102+
EcrPrivateRepo(self, x.cdk_id, repo_name=x.ecr_name,
103+
allow_scrutinice_pull=x.allow_scrutinice_pull,
104+
allow_codebuild_pull=x.allow_codebuild_pull)
100105

101106

102107
class EcrPrivateRepo(Construct):
103108
"""Define private ECR repository to store container images."""
104109

105-
def __init__(self, scope: Construct, id: str, repo_name: str, *, allow_scrutinice_pull: bool, **kwargs) -> None:
110+
def __init__(self, scope: Construct, id: str, repo_name: str, *, allow_scrutinice_pull: bool,
111+
allow_codebuild_pull: bool, **kwargs) -> None:
106112
super().__init__(scope, id, **kwargs)
107113

108114
self.repo = ecr.Repository(
@@ -114,3 +120,5 @@ def __init__(self, scope: Construct, id: str, repo_name: str, *, allow_scrutinic
114120
)
115121
if allow_scrutinice_pull:
116122
self.repo.grant_pull(iam.ArnPrincipal(SCRUTINICE_PRINCIPAL_ROLE_ARN))
123+
if allow_codebuild_pull:
124+
self.repo.grant_pull(iam.ServicePrincipal("codebuild.amazonaws.com"))

tests/ci/codebuild/common/run_simple_target.yml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -10,4 +10,5 @@ env:
1010
phases:
1111
build:
1212
commands:
13+
- source /opt/compiler-env/setup-${AWS_LC_CI_COMPILER_ENV}.sh
1314
- ./${AWS_LC_CI_TARGET}

tests/ci/codebuild/common/run_x509_limbo_reports_target.yml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,7 @@ env:
1010
phases:
1111
build:
1212
commands:
13+
- source /opt/compiler-env/setup-${AWS_LC_CI_COMPILER_ENV}.sh
1314
- "./${AWS_LC_CI_TARGET}"
1415

1516
artifacts:

0 commit comments

Comments
 (0)