No commit message

.github/workflows/ci.yml

@@ -3,12 +3,8 @@ name: Continuous Integration
 on:
   push:
     branches:
-      # Push events on main branch
-      - main
       # Push events to branches matching refs/heads/release-
       - 'release-*'
-  pull_request:
-    branches: [ main ]
 
 #### Global environment variables
 env:
@@ -662,19 +658,19 @@ jobs:
         distribution: 'temurin'
         java-version: '17'
         cache: 'maven'
-    - name: Set up Go 1.19
+    - name: Set up Go 1.22
       uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753
       with:
-        go-version: '1.19'
+        go-version: '1.22'
         cache-dependency-path: 'go/*/go.sum'
-    - name: Set up Python 3.7
+    - name: Set up Python 3.12
       uses: actions/setup-python@db9987b4c1f10f0404fa60ee629f675fafbd6763
       with:
-        python-version: 3.7
-    - name: Set up NodeJS 13
+        python-version: 3.12
+    - name: Set up NodeJS 20
       uses: actions/setup-node@a9893b0cfb0821c9c7b5fec28a6a2e6cdd5e20a4
       with:
-        node-version: 13.x
+        node-version: 20.x
     - name: Extract branch name
       shell: bash
       run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})"
@@ -726,15 +722,15 @@ jobs:
       uses: actions/setup-dotnet@0f534f5829b2e991ed7d67169d882659f921a60d
       with:
         dotnet-version: '3.1.x'
-    - name: Set up Go 1.19
+    - name: Set up Go 1.22
       uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753
       with:
-        go-version: '1.19'
+        go-version: '1.22'
         cache-dependency-path: 'go/*/go.sum'
-    - name: Set up Python 3.8
+    - name: Set up Python 3.12
       uses: actions/setup-python@db9987b4c1f10f0404fa60ee629f675fafbd6763
       with:
-        python-version: 3.8
+        python-version: 3.12
     - name: Extract branch name
       shell: bash
       run: echo "##[set-output name=branch;]$(echo ${GITHUB_REF#refs/heads/})"

.github/workflows/cross-language-validation.yml

@@ -0,0 +1,222 @@
+name: 'Cross Language Validation'
+
+on:
+  workflow_dispatch:
+    inputs:
+      go-version:
+        description: 'Go version'
+        required: false
+      java-version:
+        description: 'Java version'
+        required: false
+
+  pull_request:
+    branches:
+      - main
+    paths:
+      - '.github/workflows/cross-language-validation.yml'
+      - 'tests/cross-language/**'
+      - 'go/**'
+      - 'java/**'
+      - 'csharp/**'
+      - 'server/**'
+
+permissions:
+  contents: read
+
+concurrency:
+  group: ${{ github.workflow }}-cross-lang-${{ github.ref }}
+  cancel-in-progress: true
+
+env:
+  DYNAMODB_HOSTNAME: dynamodb
+  MYSQL_HOSTNAME: mysql
+  MYSQL_DATABASE: testdb
+  MYSQL_USERNAME: root
+  MYSQL_PASSWORD: Password123
+  DISABLE_TESTCONTAINERS: true
+  AWS_ACCESS_KEY_ID: dummykey
+  AWS_SECRET_ACCESS_KEY: dummy_secret
+  AWS_DEFAULT_REGION: us-west-2
+  AWS_REGION: us-west-2
+
+jobs:
+  init-defaults:
+    name: Init Defaults
+    runs-on: ubuntu-latest
+    outputs:
+      go-version: ${{ steps.init.outputs.go-version }}
+      java-version: ${{ steps.init.outputs.java-version }}
+    steps:
+      - id: init
+        name: Init versions
+        run: |
+          go_version="${{ inputs.go-version }}"
+          if [ -z "${go_version}" ]; then
+            go_version='stable'
+          fi
+
+          echo "Go version: ${go_version}"
+          echo "go-version=${go_version}" >> $GITHUB_OUTPUT
+
+          java_version="${{ inputs.java-version }}"
+          if [ -z "${java_version}" ]; then
+            java_version='17'
+          fi
+
+          echo "Java version: ${java_version}"
+          echo "java-version=${java_version}" >> $GITHUB_OUTPUT
+
+  server-samples:
+    name: 'Server Samples: Build & Test'
+    runs-on: ubuntu-latest
+    needs: init-defaults
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+
+      - name: Install build tools
+        run: |
+          sudo apt-get update
+          sudo apt-get -y upgrade --fix-missing
+          sudo apt-get install -y build-essential
+
+      - name: Set up Go
+        uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
+        with:
+          go-version: ${{ needs.init-defaults.outputs.go-version }}
+          cache-dependency-path: 'go/*/go.sum'
+
+      - name: Set up Java
+        uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1
+        with:
+          java-version: ${{ needs.init-defaults.outputs.java-version }}
+          distribution: 'temurin'
+          cache: 'maven'
+          cache-dependency-path: 'java/*/pom.xml'
+
+      - name: Set up Python
+        uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f # v5.1.1
+        with:
+          python-version: '3.x'
+          cache: 'pip'
+
+      - name: Set up Node
+        uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3
+        with:
+          node-version: 'current'
+
+      - name: Build the Java project
+        run: |
+          mvn -v
+          # Delete previous builds and rebuild from the current branch
+          rm -rf ~/.m2/repository/com/godaddy/asherah/grpc-server ~/.m2/repository/com/godaddy/asherah/appencryption
+          mvn --no-transfer-progress clean install -f java/app-encryption/pom.xml -DskipTests
+          mvn --no-transfer-progress clean install -f server/java/pom.xml -DskipTests
+
+      - name: Test clients
+        run: |
+          cd server/samples/clients
+          ./test_clients.sh
+
+  cross-language-tests:
+    name: Cross-Language Tests
+    runs-on: ubuntu-latest
+    needs: init-defaults
+    services:
+      mysql:
+        image: mysql:5.7
+        env:
+          MYSQL_DATABASE: ${{ env.MYSQL_DATABASE }}
+          MYSQL_ROOT_PASSWORD: ${{ env.MYSQL_PASSWORD }}
+        ports:
+          - 3306
+        options: --health-cmd "mysqladmin ping" --health-interval 10s --health-timeout 5s --health-retries 10
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+
+      - name: Set up C#
+        uses: actions/setup-dotnet@6bd8b7f7774af54e05809fcc5431931b3eb1ddee # v4.0.1
+        with:
+          dotnet-version: |
+            3.1.x
+            6.0.x
+
+      - name: Set up Go
+        uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
+        with:
+          go-version: ${{ needs.init-defaults.outputs.go-version }}
+          cache-dependency-path: 'go/*/go.sum'
+
+      - name: Set up Java
+        uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1
+        with:
+          java-version: ${{ needs.init-defaults.outputs.java-version }}
+          distribution: 'temurin'
+          cache: 'maven'
+          cache-dependency-path: 'java/*/pom.xml'
+
+      - name: Set up Python
+        uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f # v5.1.1
+        with:
+          python-version: '3.x'
+          cache: 'pip'
+
+      - name: Initialize RDBMS based metastore
+        run: |
+          mysql -h 127.0.0.1 -P${{ job.services.mysql.ports[3306] }} -u ${{ env.MYSQL_USERNAME }} -p${{ env.MYSQL_PASSWORD }} -e "CREATE TABLE ${{ env.MYSQL_DATABASE }}.encryption_key (
+            id             VARCHAR(255) NOT NULL,
+            created        TIMESTAMP    NOT NULL DEFAULT CURRENT_TIMESTAMP,
+            key_record     TEXT         NOT NULL,
+            PRIMARY KEY (id, created),
+            INDEX (created)
+          );"
+
+      - name: Build the Java project
+        run: |
+          mvn -v
+          # Delete previous builds and rebuild from the current branch
+          rm -rf ~/.m2/repository/com/godaddy/asherah/grpc-server ~/.m2/repository/com/godaddy/asherah/appencryption
+          mvn --no-transfer-progress clean install -f java/app-encryption/pom.xml -DskipTests
+          mvn --no-transfer-progress clean install -f server/java/pom.xml -DskipTests
+          cd tests/cross-language/java
+          ./scripts/build.sh
+
+      - name: Build the C# project
+        run: |
+          cd tests/cross-language/csharp
+          ./scripts/clean.sh
+          # Workaround for https://github.com/SpecFlowOSS/SpecFlow/issues/1912#issue-583000545
+          export MSBUILDSINGLELOADCONTEXT=1
+          ./scripts/build.sh
+
+      - name: Lint the Go project
+        uses: golangci/golangci-lint-action@aaa42aa0628b4ae2578232a66b541047968fac86 # v6.1.0
+        with:
+          version: 'v1.60.1'
+          skip-cache: true
+          working-directory: 'tests/cross-language/go'
+
+      - name: Build the Go project
+        run: |
+          cd tests/cross-language/go
+          go mod edit -replace github.com/godaddy/asherah/go/appencryption=../../../go/appencryption
+          go install github.com/cucumber/godog/cmd/godog@latest
+          ./scripts/build.sh
+
+      - name: Test
+        env:
+          TEST_DB_NAME: ${{ env.MYSQL_DATABASE }}
+          TEST_DB_PASSWORD: ${{ env.MYSQL_PASSWORD }}
+          TEST_DB_USER: ${{ env.MYSQL_USERNAME }}
+          TEST_DB_HOSTNAME: localhost
+          TEST_DB_PORT: ${{ job.services.mysql.ports[3306] }}
+          ASHERAH_SERVICE_NAME: service
+          ASHERAH_PRODUCT_NAME: product
+          ASHERAH_KMS_MODE: static
+        run: |
+          export JAVA_AE_VERSION=$(mvn -f java/app-encryption/pom.xml -q -DforceStdout help:evaluate -Dexpression=project.version)
+          cd tests/cross-language/
+          ./scripts/encrypt_all.sh
+          ./scripts/decrypt_all.sh

.github/workflows/csharp-appencryption-ci.yml

@@ -0,0 +1,114 @@
+name: '[C#] AppEncryption CI'
+
+on:
+  workflow_dispatch:
+
+  push:
+    paths:
+      - 'csharp/AppEncryption/**'
+      - '.github/workflows/csharp-appencryption-*'
+    branches-ignore:
+      - 'release-*'
+
+permissions:
+  contents: read
+
+concurrency:
+  group: ${{ github.workflow }}-csharp-ae-${{ github.ref }}
+  cancel-in-progress: true
+
+env:
+  DYNAMODB_HOSTNAME: dynamodb
+  MYSQL_HOSTNAME: mysql
+  MYSQL_DATABASE: testdb
+  MYSQL_USERNAME: root
+  MYSQL_PASSWORD: Password123
+  DISABLE_TESTCONTAINERS: true
+  AWS_ACCESS_KEY_ID: dummykey
+  AWS_SECRET_ACCESS_KEY: dummy_secret
+  AWS_DEFAULT_REGION: us-west-2
+  AWS_REGION: us-west-2
+
+jobs:
+  build:
+    name: Build
+    runs-on: ubuntu-latest
+    outputs:
+      artifact: ${{ steps.upload-artifact.outputs.artifact_id }}
+    container:
+      image: mcr.microsoft.com/dotnet/sdk:6.0
+      options: --ulimit core=-1 --ulimit memlock=-1:-1
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+
+      - name: Add workspace to safe.directory
+        run: git config --global --add safe.directory "$GITHUB_WORKSPACE"
+
+      - name: Cache dotnet packages
+        uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
+        with:
+          path: ~/.nuget/packages
+          key: ${{ runner.os }}-nuget-${{ hashFiles('csharp/**/*.csproj') }}-v2
+
+      - name: Build
+        run: |
+          cd csharp/AppEncryption
+          ./scripts/clean.sh
+          ./scripts/build.sh
+
+      - name: Upload artifact
+        id: upload-artifact
+        uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4
+        with:
+          name: csharp-app-encryption
+          path: |
+            csharp/AppEncryption/AppEncryption/bin/**
+            csharp/AppEncryption/AppEncryption/obj/**
+            csharp/AppEncryption/Crypto/bin/**
+            csharp/AppEncryption/Crypto/obj/**
+            csharp/AppEncryption/AppEncryption.Tests/bin/**
+            csharp/AppEncryption/AppEncryption.Tests/obj/**
+            csharp/AppEncryption/AppEncryption.IntegrationTests/bin/**
+            csharp/AppEncryption/AppEncryption.IntegrationTests/obj/**
+
+  test:
+    name: Run Unit Tests
+    runs-on: ubuntu-latest
+    needs: build
+    container:
+      image: mcr.microsoft.com/dotnet/sdk:6.0
+      options: --ulimit core=-1 --ulimit memlock=-1:-1
+    services:
+      dynamodb:
+        image: amazon/dynamodb-local
+      mysql:
+        image: mysql:5.7
+        env:
+          MYSQL_ROOT_PASSWORD: ${{ env.MYSQL_PASSWORD }}
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+
+      - name: Cache dotnet packages
+        uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
+        with:
+          path: ~/.nuget/packages
+          key: ${{ runner.os }}-nuget-${{ hashFiles('csharp/**/*.csproj') }}-v2
+
+      - name: Download artifact
+        uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
+        with:
+          name: csharp-app-encryption
+          path: ${{ github.workspace }}/csharp/AppEncryption
+
+      - name: Run unit tests
+        run: |
+          cd csharp/AppEncryption
+          ./scripts/test.sh
+
+      - name: Unit test summary
+        uses: test-summary/action@032c8a9cec6aaa3c20228112cae6ca10a3b29336 # v2.3.0
+        with:
+          paths: 'csharp/AppEncryption/AppEncryption.Tests/test-result.xml'
+        if: always()