diff --git a/tests/ci/cdk/app.py b/tests/ci/cdk/app.py index b5545fe6..9fa66ab1 100644 --- a/tests/ci/cdk/app.py +++ b/tests/ci/cdk/app.py @@ -7,8 +7,9 @@ from cdk.accp_github_ci_stack import ACCPGitHubCIStack from cdk.linux_docker_image_batch_build_stack import LinuxDockerImageBatchBuildStack +from cdk.windows_docker_image_build_stack import WindowsDockerImageBuildStack from cdk.ecr_stack import EcrStack -from util.metadata import AWS_ACCOUNT, AWS_REGION, LINUX_ECR_REPO +from util.metadata import AWS_ACCOUNT, AWS_REGION, LINUX_ECR_REPO, WINDOWS_X86_ECR_REPO # Initialize app. app = core.App() @@ -19,9 +20,13 @@ # Define AWS ECR stacks. # ECR holds the docker images, which are pre-built to accelerate the code builds/tests of git pull requests. EcrStack(app, "accp-ecr-linux-all", LINUX_ECR_REPO, env=env) +EcrStack(app, "accp-ecr-windows-x86", WINDOWS_X86_ECR_REPO, env=env) # Define CodeBuild Batch job for building Docker images. LinuxDockerImageBatchBuildStack(app, "accp-docker-image-build-linux", env=env) +# AWS CodeBuild cannot build Windows Docker images because DIND (Docker In Docker) is not supported on Windows. +# Windows Docker images are created by running commands in Windows EC2 instance. +WindowsDockerImageBuildStack(app, "accp-docker-image-build-windows", env=env) # Define CodeBuild Batch job for testing code. x86_build_spec_file = "./cdk/codebuild/pr_integration_linux_x86_omnibus.yaml" @@ -31,4 +36,10 @@ extra_build_spec_file = "./cdk/codebuild/dieharder_overkill_omnibus.yaml" ACCPGitHubCIStack(app, "accp-ci-overkill-dieharder", LINUX_ECR_REPO, extra_build_spec_file, env=env) +# TODO: Renable the code below when ACCP adds support for Windows. +# Issue: https://github.com/corretto/amazon-corretto-crypto-provider/issues/48 +# +# win_x86_build_spec_file = "./cdk/codebuild/pr_integration_windows_x86_omnibus.yaml" +# ACCPGitHubCIStack(app, "accp-ci-pr-integration-windows-x86", WINDOWS_X86_ECR_REPO, win_x86_build_spec_file, env=env) + app.synth() diff --git a/tests/ci/cdk/cdk/codebuild/pr_integration_windows_x86_omnibus.yaml b/tests/ci/cdk/cdk/codebuild/pr_integration_windows_x86_omnibus.yaml new file mode 100644 index 00000000..742ac055 --- /dev/null +++ b/tests/ci/cdk/cdk/codebuild/pr_integration_windows_x86_omnibus.yaml @@ -0,0 +1,64 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 + +version: 0.2 + +# Doc for batch https://docs.aws.amazon.com/codebuild/latest/userguide/batch-build-buildspec.html#build-spec.batch.build-list +batch: + build-list: + - identifier: windows_msvc2015_corretto8_x64 + buildspec: ./tests/ci/codebuild/windows-x86/windows-msvc2015.yml + env: + # https://docs.aws.amazon.com/codebuild/latest/userguide/build-env-ref-compute-types.html + type: WINDOWS_SERVER_2019_CONTAINER + privileged-mode: false + compute-type: BUILD_GENERAL1_LARGE + image: ECR_REPO_PLACEHOLDER:vs2015_corretto_latest + variables: + TEST_JAVA_HOME: C:\Program Files\Amazon Corretto\jdk1.8.0_332\bin + - identifier: windows_msvc2015_corretto11_x64 + buildspec: ./tests/ci/codebuild/windows-x86/windows-msvc2015.yml + env: + type: WINDOWS_SERVER_2019_CONTAINER + privileged-mode: false + compute-type: BUILD_GENERAL1_LARGE + image: ECR_REPO_PLACEHOLDER:vs2015_corretto_latest + variables: + TEST_JAVA_HOME: C:\Program Files\Amazon Corretto\jdk11.0.15_9\bin + - identifier: windows_msvc2015_corretto17_x64 + buildspec: ./tests/ci/codebuild/windows-x86/windows-msvc2015.yml + env: + type: WINDOWS_SERVER_2019_CONTAINER + privileged-mode: false + compute-type: BUILD_GENERAL1_LARGE + image: ECR_REPO_PLACEHOLDER:vs2015_corretto_latest + variables: + TEST_JAVA_HOME: C:\Program Files\Amazon Corretto\jdk17.0.3_6\bin + + - identifier: windows_msvc2017_corretto8_x64 + buildspec: ./tests/ci/codebuild/windows-x86/windows-msvc2017.yml + env: + type: WINDOWS_SERVER_2019_CONTAINER + privileged-mode: false + compute-type: BUILD_GENERAL1_LARGE + image: ECR_REPO_PLACEHOLDER:vs2017_corretto_latest + variables: + TEST_JAVA_HOME: C:\Program Files\Amazon Corretto\jdk1.8.0_332\bin + - identifier: windows_msvc2017_corretto11_x64 + buildspec: ./tests/ci/codebuild/windows-x86/windows-msvc2017.yml + env: + type: WINDOWS_SERVER_2019_CONTAINER + privileged-mode: false + compute-type: BUILD_GENERAL1_LARGE + image: ECR_REPO_PLACEHOLDER:vs2017_corretto_latest + variables: + TEST_JAVA_HOME: C:\Program Files\Amazon Corretto\jdk11.0.15_9\bin + - identifier: windows_msvc2017_corretto17_x64 + buildspec: ./tests/ci/codebuild/windows-x86/windows-msvc2017.yml + env: + type: WINDOWS_SERVER_2019_CONTAINER + privileged-mode: false + compute-type: BUILD_GENERAL1_LARGE + image: ECR_REPO_PLACEHOLDER:vs2017_corretto_latest + variables: + TEST_JAVA_HOME: C:\Program Files\Amazon Corretto\jdk17.0.3_6\bin diff --git a/tests/ci/cdk/cdk/ssm/windows_docker_build_ssm_document.yaml b/tests/ci/cdk/cdk/ssm/windows_docker_build_ssm_document.yaml new file mode 100644 index 00000000..e7b937d4 --- /dev/null +++ b/tests/ci/cdk/cdk/ssm/windows_docker_build_ssm_document.yaml @@ -0,0 +1,27 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 + +--- +schemaVersion: '2.2' +description: accp:buildWindowsDockerImages +mainSteps: +- action: aws:runPowerShellScript + name: runPowerShellScript + inputs: + timeoutSeconds: '7200' + runCommand: + - mkdir docker-images + - cd docker-images + # Install choco and git + - Set-ExecutionPolicy Bypass -Scope Process -Force; [Net.ServicePointManager]::SecurityProtocol = [Net.ServicePointManager]::SecurityProtocol -bor [Net.SecurityProtocolType]::Tls12; $env:chocolateyUseWindowsCompression = 'true'; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1')) | Out-Null + - choco install git --version 2.23.0 -y + - $env:path+='C:\Program Files\Git\cmd' + # Git clone accp repo. + - git clone https://github.com/GITHUB_OWNER_PLACEHOLDER/amazon-corretto-crypto-provider.git + # Build Windows docker images. + - cd .\amazon-corretto-crypto-provider + - git checkout GITHUB_SOURCE_VERSION_PLACEHOLDER + - cd .\tests\ci\docker_images\windows + - Invoke-Expression -Command (Get-ECRLoginCommand -Region REGION_PLACEHOLDER).Command + - .\build_images.ps1 + - .\push_images.ps1 ECR_PLACEHOLDER diff --git a/tests/ci/cdk/cdk/windows_docker_image_build_stack.py b/tests/ci/cdk/cdk/windows_docker_image_build_stack.py new file mode 100644 index 00000000..85d76f73 --- /dev/null +++ b/tests/ci/cdk/cdk/windows_docker_image_build_stack.py @@ -0,0 +1,62 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 + +from aws_cdk import core, aws_ec2 as ec2, aws_s3 as s3, aws_iam as iam, aws_ssm as ssm +from util.iam_policies import ecr_power_user_policy_in_json, s3_read_write_policy_in_json +from util.metadata import AWS_ACCOUNT, AWS_REGION, WINDOWS_X86_ECR_REPO, S3_BUCKET_NAME, GITHUB_REPO_OWNER, WIN_EC2_TAG_KEY, \ + WIN_EC2_TAG_VALUE, SSM_DOCUMENT_NAME, GITHUB_SOURCE_VERSION +from util.yml_loader import YmlLoader + + +class WindowsDockerImageBuildStack(core.Stack): + """Define a temporary stack used to build Windows Docker images. After build, this stack will be destroyed.""" + + def __init__(self, + scope: core.Construct, + id: str, + **kwargs) -> None: + super().__init__(scope, id, **kwargs) + + # Define SSM command document. + ecr_repo = "{}.dkr.ecr.{}.amazonaws.com/{}".format(AWS_ACCOUNT, AWS_REGION, WINDOWS_X86_ECR_REPO) + placeholder_map = {"ECR_PLACEHOLDER": ecr_repo, "GITHUB_OWNER_PLACEHOLDER": GITHUB_REPO_OWNER, + "REGION_PLACEHOLDER": AWS_REGION, "GITHUB_SOURCE_VERSION_PLACEHOLDER": GITHUB_SOURCE_VERSION} + content = YmlLoader.load("./cdk/ssm/windows_docker_build_ssm_document.yaml", placeholder_map) + ssm.CfnDocument(scope=self, + id="{}-ssm-document".format(id), + name=SSM_DOCUMENT_NAME, + content=content, + document_type="Command") + + # Define a S3 bucket to store windows docker files and build scripts. + s3.Bucket(scope=self, + id="{}-s3".format(id), + bucket_name=S3_BUCKET_NAME, + block_public_access=s3.BlockPublicAccess.BLOCK_ALL) + + # Define a role for EC2. + ecr_power_user_policy = iam.PolicyDocument.from_json(ecr_power_user_policy_in_json([WINDOWS_X86_ECR_REPO])) + s3_read_write_policy = iam.PolicyDocument.from_json(s3_read_write_policy_in_json(S3_BUCKET_NAME)) + inline_policies = {"ecr_power_user_policy": ecr_power_user_policy, "s3_read_write_policy": s3_read_write_policy} + role = iam.Role(scope=self, id="{}-role".format(id), + assumed_by=iam.ServicePrincipal("ec2.amazonaws.com"), + inline_policies=inline_policies, + managed_policies=[ + iam.ManagedPolicy.from_aws_managed_policy_name("AmazonSSMManagedInstanceCore") + ]) + + # Define Windows EC2 instance, where the SSM document will be executed. + machine_image = ec2.MachineImage.latest_windows(ec2.WindowsVersion.WINDOWS_SERVER_2019_ENGLISH_FULL_CONTAINERSLATEST) + vpc = ec2.Vpc(scope=self, id="{}-vpc".format(id)) + block_device_volume = ec2.BlockDeviceVolume.ebs(volume_size=200, delete_on_termination=True) + block_device = ec2.BlockDevice(device_name="/dev/sda1", volume=block_device_volume) + instance = ec2.Instance(scope=self, + id="{}-instance".format(id), + instance_type=ec2.InstanceType(instance_type_identifier="m5d.xlarge"), + vpc=vpc, + role=role, + block_devices=[block_device], + vpc_subnets=ec2.SubnetSelection(subnet_type=ec2.SubnetType.PUBLIC), + machine_image=machine_image) + + core.Tags.of(instance).add(WIN_EC2_TAG_KEY, WIN_EC2_TAG_VALUE) diff --git a/tests/ci/cdk/run-cdk.sh b/tests/ci/cdk/run-cdk.sh index e673a79d..f3845692 100755 --- a/tests/ci/cdk/run-cdk.sh +++ b/tests/ci/cdk/run-cdk.sh @@ -98,8 +98,97 @@ function build_linux_docker_images() { linux_docker_img_build_status_check } + +function create_win_docker_img_build_stack() { + # Clean up build stacks if exists. + destroy_docker_img_build_stack + # Deploy accp ci stacks. + # When repeatedly deploy, error 'EIP failed Reason: Maximum number of addresses has been reached' can happen. + # https://forums.aws.amazon.com/thread.jspa?messageID=952368 + # Workaround: go to AWS EIP console, release unused IP. + cdk deploy accp-docker-image-build-windows --require-approval never +} + +function run_windows_img_build() { + # EC2 takes several minutes to be ready for running command. + echo "Wait 3 min for EC2 ready for SSM command execution." + sleep 180 + + # Run commands on windows EC2 instance to build windows docker images. + for i in {1..60}; do + instance_id=$(aws ec2 describe-instances \ + --filters "Name=tag:${WIN_EC2_TAG_KEY},Values=${WIN_EC2_TAG_VALUE}" | jq -r '.Reservations[0].Instances[0].InstanceId') + if [[ "${instance_id}" == "null" ]]; then + sleep 60 + continue + fi + instance_ping_status=$(aws ssm describe-instance-information \ + --filters "Key=InstanceIds,Values=${instance_id}" | jq -r '.InstanceInformationList[0].PingStatus') + if [[ "${instance_ping_status}" == "Online" ]]; then + # https://awscli.amazonaws.com/v2/documentation/api/latest/reference/ssm/send-command.html + command_id=$(aws ssm send-command \ + --instance-ids "${instance_id}" \ + --document-name "${WIN_DOCKER_BUILD_SSM_DOCUMENT}" \ + --output-s3-bucket-name "${S3_FOR_WIN_DOCKER_IMG_BUILD}" \ + --output-s3-key-prefix 'runcommand' | jq -r '.Command.CommandId') + # Export for checking command run status. + export WINDOWS_DOCKER_IMG_BUILD_COMMAND_ID="${command_id}" + echo "Windows ec2 is executing SSM command." + return + else + echo "${i}: Current instance ping status: ${instance_ping_status}. Wait 1 minute to retry SSM command execution." + sleep 60 + fi + done + echo "After 30 minutes, Windows ec2 is still not ready for SSM commands execution. Exit." + exit 1 +} + +function win_docker_img_build_status_check() { + export IMG_BUILD_STATUS='Failed' + # Every 5 min, this function checks if the windows docker image build is finished successfully. + # Normally, docker img build can take up to 1 hour. Here, we wait up to 30 * 5 min. + for i in {1..30}; do + # https://awscli.amazonaws.com/v2/documentation/api/latest/reference/ssm/list-commands.html + command_run_status=$(aws ssm list-commands --command-id "${WINDOWS_DOCKER_IMG_BUILD_COMMAND_ID}" | jq -r '.Commands[0].Status') + if [[ ${command_run_status} == 'Success' ]]; then + export IMG_BUILD_STATUS='Success' + echo "SSM command ${WINDOWS_DOCKER_IMG_BUILD_COMMAND_ID} finished successfully." + return + elif [[ ${command_run_status} == 'Failed' ]]; then + echo "SSM command ${WINDOWS_DOCKER_IMG_BUILD_COMMAND_ID} failed." + exit 1 + else + echo "${i}: Wait 5 min for windows docker image build job finish." + sleep 300 + fi + done + echo "SSM command ${WINDOWS_DOCKER_IMG_BUILD_COMMAND_ID} takes more time than expected." + exit 1 +} + +function build_win_docker_images() { + # Always destroy docker build stacks (which include EC2 instance) on EXIT. + trap destroy_docker_img_build_stack EXIT + + # Create/update aws-ecr repo. + cdk deploy accp-ecr-windows-* --require-approval never + + # Create aws windows build stack + create_win_docker_img_build_stack + + echo "Executing AWS SSM commands to build Windows docker images." + run_windows_img_build + + echo "Waiting for docker images creation. Building the docker images need to take 1 hour." + # TODO(CryptoAlg-624): These image build may fail due to the Docker Hub pull limits made on 2020-11-01. + win_docker_img_build_status_check +} + + function setup_ci() { build_linux_docker_images + build_win_docker_images create_github_ci_stack } @@ -150,6 +239,12 @@ function export_global_variables() { DATE_NOW="$(date +%Y-%m-%d-%H-%M)" export GITHUB_REPO='amazon-corretto-crypto-provider' export ECR_LINUX_REPO_NAME='accp-docker-images-linux' + export ECR_WINDOWS_X86_REPO_NAME='accp-docker-images-windows-x86' + export ACCP_S3_BUCKET_PREFIX='accp-windows-docker-image-build-s3' + export S3_FOR_WIN_DOCKER_IMG_BUILD="${ACCP_S3_BUCKET_PREFIX}-${DATE_NOW}" + export WIN_EC2_TAG_KEY='accp' + export WIN_EC2_TAG_VALUE="accp-windows-docker-image-build-${DATE_NOW}" + export WIN_DOCKER_BUILD_SSM_DOCUMENT="windows-ssm-document-${DATE_NOW}" export IMG_BUILD_STATUS='unknown' } @@ -216,6 +311,9 @@ function main() { build-linux-img) build_linux_docker_images ;; + build-win-img) + build_win_docker_images + ;; synth) cdk synth accp-ci-* ;; diff --git a/tests/ci/cdk/util/iam_policies.py b/tests/ci/cdk/util/iam_policies.py index ccef28f7..c0d8797e 100644 --- a/tests/ci/cdk/util/iam_policies.py +++ b/tests/ci/cdk/util/iam_policies.py @@ -82,3 +82,24 @@ def ecr_power_user_policy_in_json(ecr_repo_names): } ] } + +def s3_read_write_policy_in_json(s3_bucket_name): + """ + Define an IAM policy statement for reading and writing to S3 bucket. + :return: an IAM policy statement in json. + """ + return { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "s3:Put*", + "s3:Get*" + ], + "Resource": [ + "arn:aws:s3:::{}/*".format(s3_bucket_name) + ] + } + ] + } diff --git a/tests/ci/cdk/util/metadata.py b/tests/ci/cdk/util/metadata.py index de469d18..7370d81c 100644 --- a/tests/ci/cdk/util/metadata.py +++ b/tests/ci/cdk/util/metadata.py @@ -11,8 +11,15 @@ # Used when AWS CDK defines ECR repos. LINUX_ECR_REPO = EnvUtil.get("ECR_LINUX_REPO_NAME", "accp-docker-images-linux") +WINDOWS_X86_ECR_REPO = EnvUtil.get("ECR_WINDOWS_X86_REPO_NAME", "accp-docker-images-windows-x86") # Used when AWS CodeBuild needs to create web_hooks. GITHUB_REPO_OWNER = EnvUtil.get("GITHUB_REPO_OWNER", "corretto") GITHUB_REPO_NAME = EnvUtil.get("GITHUB_REPO_NAME", "amazon-corretto-crypto-provider") GITHUB_SOURCE_VERSION = EnvUtil.get("GITHUB_SOURCE_VERSION", "develop") + +# Used when AWS CDK defines resources for Windows docker image build. +S3_BUCKET_NAME = EnvUtil.get("S3_FOR_WIN_DOCKER_IMG_BUILD", "accp-windows-docker-image-build") +WIN_EC2_TAG_KEY = EnvUtil.get("WIN_EC2_TAG_KEY", "accp") +WIN_EC2_TAG_VALUE = EnvUtil.get("WIN_EC2_TAG_VALUE", "accp-windows-docker-image-build") +SSM_DOCUMENT_NAME = EnvUtil.get("WIN_DOCKER_BUILD_SSM_DOCUMENT", "windows-ssm-document") diff --git a/tests/ci/codebuild/windows-x86/windows-msvc2015.yml b/tests/ci/codebuild/windows-x86/windows-msvc2015.yml new file mode 100644 index 00000000..cff7827f --- /dev/null +++ b/tests/ci/codebuild/windows-x86/windows-msvc2015.yml @@ -0,0 +1,11 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0. + +version: 0.2 + +phases: + build: + commands: + # vcvarsall will set the required lib and libpath for MSVC to compile everything. This is used for AWS-LC's + # Windows tests, but ACCP might use something different. + - .\tests\ci\run_windows_tests.bat "C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\vcvarsall.bat" diff --git a/tests/ci/codebuild/windows-x86/windows-msvc2017.yml b/tests/ci/codebuild/windows-x86/windows-msvc2017.yml new file mode 100644 index 00000000..b9a840b3 --- /dev/null +++ b/tests/ci/codebuild/windows-x86/windows-msvc2017.yml @@ -0,0 +1,11 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0. + +version: 0.2 + +phases: + build: + commands: + # vcvarsall will set the required lib and libpath for MSVC to compile everything. This is used for AWS-LC's + # Windows tests, but ACCP might use something different. + - .\tests\ci\run_windows_tests.bat "C:\Program Files (x86)\Microsoft Visual Studio\2017\BuildTools\VC\Auxiliary\Build\vcvarsall.bat" diff --git a/tests/ci/docker_images/windows/README.md b/tests/ci/docker_images/windows/README.md new file mode 100644 index 00000000..f87682e2 --- /dev/null +++ b/tests/ci/docker_images/windows/README.md @@ -0,0 +1,48 @@ +## Building Windows Docker Images and Uploading them to AWS Elastic Container Service +### Prerequisites +* An host to build the image with + * Windows Server 2019 with Containers. The EC2 AMI + EC2LaunchV2-Windows_Server-2019-English-Full-ContainersLatest-2021.12.15 was used to build the + images used by this repository +* Docker + * To install run the following in an admin powershell of your new instance: + ``` + Install-Module DockerMsftProvider -Force + Install-Package Docker -ProviderName DockerMsftProvider -Force + (Install-WindowsFeature Containers).RestartNeeded + Restart-Computer + ``` + * See [docker docs](https://docs.docker.com/install/windows/docker-ee/) for + latest instructions +* AWS CLI + * Installed by default in EC2 AMI, used to push the docker images + +### Build the images +In a PowerShell prompt run: +``` +build_images.ps1 +``` +You can test the images by running `docker run -it vs2015` or `docker run -it +vs2017`. To emulate a CodeBuild run locally execute the following inside one of +the docker images : +``` +$ git clone https://github.com/awslabs/aws-lc.git -b main --depth 1 +$ cd aws-lc +# Depending on the docker image run: +$ .\tests\ci\run_windows_tests.bat "C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\vcvarsall.bat" x64 +# or +$ .\tests\ci\run_windows_tests.bat "C:\Program Files (x86)\Microsoft Visual Studio 15.0\VC\vcvarsall.bat" x64 +``` + +### Push the images +If you are publishing to your own account, update the `ECS_REPO` value in +`push_images.ps1`. You can find the correct URI in the AWS Console for your ECR +repository. + +Once you have `ECS_REPO` set properly, and you have configured your Powershell +AWS CLI credentials correctly, simply _source_ push_images.ps1 `. .\push.ps1`. + +Note that because powershell CLI credentials are per-powershell-session, it's +important to use dot-sourcing if you use the `Set-AWSCredential` cmdlet to +configure your credentials. If you're using EC2 Instance Roles, then it's not +strictly necessary to dot-source the script. \ No newline at end of file diff --git a/tests/ci/docker_images/windows/build_images.ps1 b/tests/ci/docker_images/windows/build_images.ps1 new file mode 100644 index 00000000..85eb2496 --- /dev/null +++ b/tests/ci/docker_images/windows/build_images.ps1 @@ -0,0 +1,6 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 + +docker build -t accp/windows_base:2019 .\windows_base +docker build -t vs2015_corretto .\vs2015_corretto +docker build -t vs2017_corretto .\vs2017_corretto diff --git a/tests/ci/docker_images/windows/push_images.ps1 b/tests/ci/docker_images/windows/push_images.ps1 new file mode 100644 index 00000000..86eb9d84 --- /dev/null +++ b/tests/ci/docker_images/windows/push_images.ps1 @@ -0,0 +1,21 @@ +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 + +$ECS_REPO=$args[0] + +if ($args[0] -eq $null) { + # This is a ECS repository in our CI account + $ECS_REPO="838297025124.dkr.ecr.us-west-2.amazonaws.com/accp-docker-images-windows-x86" +} + +Write-Host "$ECS_REPO" + +docker tag vs2015_corretto ${ECS_REPO}:vs2015_corretto_latest +docker tag vs2015_corretto ${ECS_REPO}:vs2015_corretto-$(Get-Date -UFormat %Y-%m-%d-%H) +docker push ${ECS_REPO}:vs2015_corretto_latest +docker push ${ECS_REPO}:vs2015_corretto-$(Get-Date -UFormat %Y-%m-%d-%H) + +docker tag vs2017_corretto ${ECS_REPO}:vs2017_corretto_latest +docker tag vs2017_corretto ${ECS_REPO}:vs2017_corretto-$(Get-Date -UFormat %Y-%m-%d-%H) +docker push ${ECS_REPO}:vs2017_corretto_latest +docker push ${ECS_REPO}:vs2017_corretto-$(Get-Date -UFormat %Y-%m-%d-%H) diff --git a/tests/ci/docker_images/windows/vs2015_corretto/Dockerfile b/tests/ci/docker_images/windows/vs2015_corretto/Dockerfile new file mode 100644 index 00000000..70cad861 --- /dev/null +++ b/tests/ci/docker_images/windows/vs2015_corretto/Dockerfile @@ -0,0 +1,47 @@ +# escape=` + +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 + +# Keep parity with the upstream tags at https://hub.docker.com/_/microsoft-windows-servercore +FROM accp/windows_base:2019 + +SHELL ["cmd", "/S", "/C"] +RUN ` + # Download the Build Tools bootstrapper. + curl -SL --output vs_buildtools.exe https://aka.ms/vs/15/release/vs_buildtools.exe ` + ` + # Install Build Tools. Build Tools for MSVC2015 are not directly downloadable without a Visual Studio + # subscription, so we'll need to download MSVC2017 and add the MSVC2015 (VC.140) component available to + # download with it. + # Reference: https://docs.microsoft.com/en-us/previous-versions/visualstudio/visual-studio-2017/install/workload-component-id-vs-build-tools?view=vs-2017 + && (start /w vs_buildtools.exe --quiet --wait --norestart --nocache ` + --add Microsoft.VisualStudio.Component.VC.CLI.Support ` + --add Microsoft.VisualStudio.Component.VC.140 ` + --add Microsoft.VisualStudio.Component.VC.CMake.Project ` + || IF "%ERRORLEVEL%"=="3010" EXIT 0) ` + ` + # Cleanup + && del /q vs_buildtools.exe + +# Add msbuild and cl to PATH +RUN setx /M PATH "%PATH%;C:\Program Files (x86)\MSBuild\14.0\bin;C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\bin" + +# Replace Windows SDK with the correct binary path. vcvarsall.bat for MSVC2015 does not account for the nested directory. +RUN rmdir /s /Q "C:\Program Files (x86)\Windows Kits\10\bin\x64" && ` + rmdir /s /Q "C:\Program Files (x86)\Windows Kits\10\bin\x86" && ` + move "C:\Program Files (x86)\Windows Kits\10\bin\10.0.17763.0\x64" "C:\Program Files (x86)\Windows Kits\10\bin" && ` + move "C:\Program Files (x86)\Windows Kits\10\bin\10.0.17763.0\x86" "C:\Program Files (x86)\Windows Kits\10\bin" + +# Download and install corretto. Installed corretto directories are automatically added to PATH. +# Corretto 8: C:\Program Files\Amazon Corretto\jdk1.8.0_332\bin +# Corretto 11: C:\Program Files\Amazon Corretto\jdk11.0.15_9\bin +# Corretto 17: C:\Program Files\Amazon Corretto\jdk17.0.3_6\bin +RUN curl -SL --output amazon-corretto-11-x64-windows-jdk.msi https://corretto.aws/downloads/resources/11.0.15.9.1/amazon-corretto-11.0.15.9.1-windows-x64.msi && ` + msiexec /i amazon-corretto-11-x64-windows-jdk.msi && ` + curl -SL --output amazon-corretto-8-windows-x64-jdk.msi https://corretto.aws/downloads/resources/8.332.08.1/amazon-corretto-8.332.08.1-windows-x64-jdk.msi && ` + msiexec /i amazon-corretto-8-windows-x64-jdk.msi && ` + curl -SL --output amazon-corretto-17-x64-windows-jdk.msi https://corretto.aws/downloads/resources/17.0.3.6.1/amazon-corretto-17.0.3.6.1-windows-x64.msi && ` + msiexec /i amazon-corretto-17-x64-windows-jdk.msi + +CMD [ "cmd.exe" ] diff --git a/tests/ci/docker_images/windows/vs2017_corretto/Dockerfile b/tests/ci/docker_images/windows/vs2017_corretto/Dockerfile new file mode 100644 index 00000000..d009f545 --- /dev/null +++ b/tests/ci/docker_images/windows/vs2017_corretto/Dockerfile @@ -0,0 +1,38 @@ +# escape=` + +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 + +# Keep parity with the upstream tags at https://hub.docker.com/_/microsoft-windows-servercore +FROM accp/windows_base:2019 + +SHELL ["cmd", "/S", "/C"] +RUN ` + # Download the Build Tools bootstrapper. + curl -SL --output vs_buildtools.exe https://aka.ms/vs/15/release/vs_buildtools.exe ` + ` + # Install MSVC2017 Build Tools. + # Reference: https://docs.microsoft.com/en-us/previous-versions/visualstudio/visual-studio-2017/install/workload-component-id-vs-build-tools?view=vs-2017 + && (start /w vs_buildtools.exe --quiet --wait --norestart --nocache ` + --add Microsoft.VisualStudio.Workload.VCTools ` + --add Microsoft.VisualStudio.Component.VC.CLI.Support ` + --add Microsoft.VisualStudio.Component.VC.CMake.Project ` + || IF "%ERRORLEVEL%"=="3010" EXIT 0) ` + ` + # Cleanup + && del /q vs_buildtools.exe + +RUN setx /M PATH "%PATH%;C:\Program Files (x86)\Microsoft Visual Studio\2017\BuildTools\MSBuild\15.0\Bin" + +# Download and install corretto. Installed corretto directories are automatically added to PATH. +# Corretto 8: C:\Program Files\Amazon Corretto\jdk1.8.0_332\bin +# Corretto 11: C:\Program Files\Amazon Corretto\jdk11.0.15_9\bin +# Corretto 17: C:\Program Files\Amazon Corretto\jdk17.0.3_6\bin +RUN curl -SL --output amazon-corretto-11-x64-windows-jdk.msi https://corretto.aws/downloads/resources/11.0.15.9.1/amazon-corretto-11.0.15.9.1-windows-x64.msi && ` + msiexec /i amazon-corretto-11-x64-windows-jdk.msi && ` + curl -SL --output amazon-corretto-8-windows-x64-jdk.msi https://corretto.aws/downloads/resources/8.332.08.1/amazon-corretto-8.332.08.1-windows-x64-jdk.msi && ` + msiexec /i amazon-corretto-8-windows-x64-jdk.msi && ` + curl -SL --output amazon-corretto-17-x64-windows-jdk.msi https://corretto.aws/downloads/resources/17.0.3.6.1/amazon-corretto-17.0.3.6.1-windows-x64.msi && ` + msiexec /i amazon-corretto-17-x64-windows-jdk.msi + +CMD [ "cmd.exe" ] diff --git a/tests/ci/docker_images/windows/windows_base/Dockerfile b/tests/ci/docker_images/windows/windows_base/Dockerfile new file mode 100644 index 00000000..389ff0ab --- /dev/null +++ b/tests/ci/docker_images/windows/windows_base/Dockerfile @@ -0,0 +1,25 @@ +# escape=` + +# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +# SPDX-License-Identifier: Apache-2.0 + +FROM mcr.microsoft.com/windows/servercore:ltsc2019 + +ADD https://download.microsoft.com/download/6/A/A/6AA4EDFF-645B-48C5-81CC-ED5963AEAD48/vc_redist.x64.exe /vc_redist.x64.exe +RUN start /wait C:\vc_redist.x64.exe /quiet /norestart + +# Install chocolatey +# https://chocolatey.org/docs/troubleshooting#the-request-was-aborted-could-not-create-ssltls-secure-channel +RUN @powershell Set-ExecutionPolicy Bypass -Scope Process -Force; [Net.ServicePointManager]::SecurityProtocol = [Net.ServicePointManager]::SecurityProtocol -bor [Net.SecurityProtocolType]::Tls12; $env:chocolateyUseWindowsCompression = 'true'; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1')) + +RUN choco install git --version 2.23.0 -y && ` +choco install ninja --version 1.9.0.20190208 -y && ` +choco install strawberryperl --version 5.32.0.1 -y && ` +choco install nasm --version 2.14.02 -y && ` +choco install golang --version 1.13.1 -y && ` +choco install cmake --version 3.15.4 --installargs 'ADD_CMAKE_TO_PATH=""System""' -y + +# Remove Strawberryperl's GCC from path because it override's MSVC's C. +RUN setx /M PATH "%PATH:C:\Strawberry\c\bin;=%" + +CMD [ "cmd.exe" ] diff --git a/tests/ci/run_windows_tests.bat b/tests/ci/run_windows_tests.bat new file mode 100644 index 00000000..193406a4 --- /dev/null +++ b/tests/ci/run_windows_tests.bat @@ -0,0 +1,30 @@ +@echo on +set SRC_ROOT=%cd% +set BUILD_DIR=%SRC_ROOT%\test_build_dir + +@rem TODO: This script was taken from AWS-LC and should be adjusted when ACCP adds support for Windows. +@rem %1 contains the path to the setup batch file for the version of of visual studio that was passed into AWS-LC's build spec file. +@rem x64 comes from the architecture options https://docs.microsoft.com/en-us/cpp/build/building-on-the-command-line +set MSVC_PATH=%1 +call %MSVC_PATH% x64 || goto error +SET + +call :build_and_test release "" || goto error +call :build_and_test test "-DTEST_JAVA_HOME=%TEST_JAVA_HOME%" || goto error +call :build_and_test integration "" || goto error +call :build_and_test integration "-DTEST_JAVA_HOME=%TEST_JAVA_HOME%" || goto error + +goto :EOF + +@rem %1 is the build type release/test_integration +@rem %2 are any additional gradle args +:build_and_test +@echo on +@echo LOG: %date%-%time% %1 %2 gradle build and test started. +gradlew.bat %1 %2 || goto error +@echo LOG: %date%-%time% %1 %2 tests complete. +exit /b 0 + +:error +echo Failed with error #%errorlevel%. +exit /b 1