Skip to content

Commit 1dc42ba

Browse files
sobolksobolk
authored
chore: add binary validation in all builds (#11424)
* chore: add binary validation in all builds * chore: add binary validation in all builds - fix script * chore: add binary validation in all builds - try this * chore: add binary validation in all builds - try this * chore: add binary validation in all builds - try this * chore: add binary validation in all builds - try this * chore: add binary validation in all builds - try this * chore: add binary validation in all builds - try this * chore: add binary validation in all builds - try this * chore: add binary validation in all builds - try this
1 parent d8a9270 commit 1dc42ba

File tree

3 files changed

+222
-34
lines changed

3 files changed

+222
-34
lines changed

.circleci/config.base.yml

Lines changed: 148 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -213,7 +213,30 @@ jobs:
213213
paths:
214214
- ~/repo/.amplify-pkg-version
215215

216-
build_pkg_binaries:
216+
upload_pkg_binaries:
217+
<<: *linux-e2e-executor
218+
steps:
219+
- restore_cache:
220+
key: amplify-cli-repo-{{ .Branch }}-{{ .Revision }}
221+
- restore_cache:
222+
key: amplify-pkg-binaries-linux-{{ .Branch }}-{{ .Revision }}
223+
- restore_cache:
224+
key: amplify-pkg-binaries-macos-{{ .Branch }}-{{ .Revision }}
225+
- restore_cache:
226+
key: amplify-pkg-binaries-win-{{ .Branch }}-{{ .Revision }}
227+
- restore_cache:
228+
key: amplify-pkg-binaries-arm-{{ .Branch }}-{{ .Revision }}
229+
- run:
230+
name: Consolidate binaries cache and upload
231+
command: |
232+
source .circleci/local_publish_helpers.sh
233+
uploadPkgCli
234+
- save_cache:
235+
key: amplify-pkg-binaries-{{ .Branch }}-{{ .Revision }}
236+
paths:
237+
- ~/repo/out
238+
239+
build_pkg_binaries_linux:
217240
<<: *linux-e2e-executor
218241
steps:
219242
- restore_cache:
@@ -229,14 +252,101 @@ jobs:
229252
startLocalRegistry "$(pwd)/.circleci/verdaccio.yaml"
230253
setNpmRegistryUrlToLocal
231254
changeNpmGlobalPath
232-
generatePkgCli
255+
generatePkgCli linux
233256
unsetNpmRegistryUrl
234-
uploadPkgCli
235257
- save_cache:
236-
key: amplify-pkg-binaries-{{ .Branch }}-{{ .Revision }}
258+
key: amplify-pkg-binaries-linux-{{ .Branch }}-{{ .Revision }}
259+
paths:
260+
- ~/repo/out
261+
262+
build_pkg_binaries_macos:
263+
<<: *linux-e2e-executor
264+
steps:
265+
- restore_cache:
266+
key: amplify-cli-repo-{{ .Branch }}-{{ .Revision }}
267+
- restore_cache:
268+
key: amplify-cli-yarn-deps-{{ .Branch }}-{{ checksum "yarn.lock" }}
269+
- restore_cache:
270+
key: amplify-verdaccio-cache-{{ .Branch }}-{{ .Revision }}
271+
- run:
272+
name: Start verdaccio and package CLI
273+
command: |
274+
source .circleci/local_publish_helpers.sh
275+
startLocalRegistry "$(pwd)/.circleci/verdaccio.yaml"
276+
setNpmRegistryUrlToLocal
277+
changeNpmGlobalPath
278+
generatePkgCli macos
279+
unsetNpmRegistryUrl
280+
- save_cache:
281+
key: amplify-pkg-binaries-macos-{{ .Branch }}-{{ .Revision }}
237282
paths:
238283
- ~/repo/out
239284

285+
build_pkg_binaries_win:
286+
<<: *linux-e2e-executor
287+
steps:
288+
- restore_cache:
289+
key: amplify-cli-repo-{{ .Branch }}-{{ .Revision }}
290+
- restore_cache:
291+
key: amplify-cli-yarn-deps-{{ .Branch }}-{{ checksum "yarn.lock" }}
292+
- restore_cache:
293+
key: amplify-verdaccio-cache-{{ .Branch }}-{{ .Revision }}
294+
- run:
295+
name: Start verdaccio and package CLI
296+
command: |
297+
source .circleci/local_publish_helpers.sh
298+
startLocalRegistry "$(pwd)/.circleci/verdaccio.yaml"
299+
setNpmRegistryUrlToLocal
300+
changeNpmGlobalPath
301+
generatePkgCli win
302+
unsetNpmRegistryUrl
303+
- save_cache:
304+
key: amplify-pkg-binaries-win-{{ .Branch }}-{{ .Revision }}
305+
paths:
306+
- ~/repo/out
307+
308+
build_pkg_binaries_arm:
309+
<<: *linux-e2e-executor
310+
steps:
311+
- restore_cache:
312+
key: amplify-cli-repo-{{ .Branch }}-{{ .Revision }}
313+
- restore_cache:
314+
key: amplify-cli-yarn-deps-{{ .Branch }}-{{ checksum "yarn.lock" }}
315+
- restore_cache:
316+
key: amplify-verdaccio-cache-{{ .Branch }}-{{ .Revision }}
317+
- run:
318+
name: Start verdaccio and package CLI
319+
command: |
320+
source .circleci/local_publish_helpers.sh
321+
startLocalRegistry "$(pwd)/.circleci/verdaccio.yaml"
322+
setNpmRegistryUrlToLocal
323+
changeNpmGlobalPath
324+
generatePkgCli arm
325+
unsetNpmRegistryUrl
326+
- save_cache:
327+
key: amplify-pkg-binaries-arm-{{ .Branch }}-{{ .Revision }}
328+
paths:
329+
- ~/repo/out
330+
331+
verify_pkg_binaries:
332+
<<: *linux-e2e-executor
333+
steps:
334+
- restore_cache:
335+
key: amplify-cli-repo-{{ .Branch }}-{{ .Revision }}
336+
- restore_cache:
337+
key: amplify-pkg-binaries-linux-{{ .Branch }}-{{ .Revision }}
338+
- restore_cache:
339+
key: amplify-pkg-binaries-macos-{{ .Branch }}-{{ .Revision }}
340+
- restore_cache:
341+
key: amplify-pkg-binaries-win-{{ .Branch }}-{{ .Revision }}
342+
- restore_cache:
343+
key: amplify-pkg-binaries-arm-{{ .Branch }}-{{ .Revision }}
344+
- run:
345+
name: Verify packaged CLI
346+
command: |
347+
source .circleci/local_publish_helpers.sh
348+
verifyPkgCli
349+
240350
graphql_e2e_tests:
241351
<<: *defaults
242352
steps:
@@ -748,7 +858,7 @@ workflows:
748858
- /tagged-release\/.*/
749859
- /run-e2e\/.*/
750860
requires:
751-
- build_pkg_binaries
861+
- upload_pkg_binaries
752862
- integration_test:
753863
context:
754864
- e2e-test-context
@@ -762,6 +872,9 @@ workflows:
762872
requires:
763873
- build
764874
- publish_to_local_registry:
875+
requires:
876+
- build
877+
- upload_pkg_binaries:
765878
filters:
766879
branches:
767880
only:
@@ -772,19 +885,37 @@ workflows:
772885
- /tagged-release\/.*/
773886
- /tagged-release-without-e2e-tests\/.*/
774887
- /run-e2e\/.*/
775-
requires:
776-
- build
777-
- build_pkg_binaries:
778888
context:
779889
- e2e-auth-credentials
780890
- e2e-test-context
781891
- amplify-s3-upload
892+
requires:
893+
- build_pkg_binaries_linux
894+
- build_pkg_binaries_macos
895+
- build_pkg_binaries_win
896+
- build_pkg_binaries_arm
897+
- build_pkg_binaries_linux:
898+
requires:
899+
- publish_to_local_registry
900+
- build_pkg_binaries_macos:
901+
requires:
902+
- publish_to_local_registry
903+
- build_pkg_binaries_win:
782904
requires:
783905
- publish_to_local_registry
906+
- build_pkg_binaries_arm:
907+
requires:
908+
- publish_to_local_registry
909+
- verify_pkg_binaries:
910+
requires:
911+
- build_pkg_binaries_linux
912+
- build_pkg_binaries_macos
913+
- build_pkg_binaries_win
914+
- build_pkg_binaries_arm
784915
- amplify_sudo_install_test:
785916
context: amplify-ecr-image-pull
786917
requires:
787-
- build_pkg_binaries
918+
- upload_pkg_binaries
788919
filters:
789920
branches:
790921
only:
@@ -817,7 +948,7 @@ workflows:
817948
- /tagged-release\/.*/
818949
- /run-e2e\/.*/
819950
requires:
820-
- build_pkg_binaries
951+
- upload_pkg_binaries
821952
- build_windows_workspace_for_e2e
822953
- amplify_migration_tests_v6:
823954
context:
@@ -832,7 +963,7 @@ workflows:
832963
- /tagged-release\/.*/
833964
- /run-e2e\/.*/
834965
requires:
835-
- build_pkg_binaries
966+
- upload_pkg_binaries
836967
- amplify_migration_tests_v5:
837968
context:
838969
- e2e-auth-credentials
@@ -846,7 +977,7 @@ workflows:
846977
- /tagged-release\/.*/
847978
- /run-e2e\/.*/
848979
requires:
849-
- build_pkg_binaries
980+
- upload_pkg_binaries
850981
- amplify_migration_tests_non_multi_env_layers:
851982
context:
852983
- e2e-auth-credentials
@@ -860,7 +991,7 @@ workflows:
860991
- /tagged-release\/.*/
861992
- /run-e2e\/.*/
862993
requires:
863-
- build_pkg_binaries
994+
- upload_pkg_binaries
864995
- amplify_migration_tests_multi_env_layers:
865996
context:
866997
- e2e-auth-credentials
@@ -874,7 +1005,7 @@ workflows:
8741005
- /tagged-release\/.*/
8751006
- /run-e2e\/.*/
8761007
requires:
877-
- build_pkg_binaries
1008+
- upload_pkg_binaries
8781009
- amplify_console_integration_tests:
8791010
context:
8801011
- e2e-auth-credentials
@@ -886,11 +1017,11 @@ workflows:
8861017
only:
8871018
- dev
8881019
requires:
889-
- build_pkg_binaries
1020+
- upload_pkg_binaries
8901021
- github_prerelease:
8911022
context: github-publish
8921023
requires:
893-
- build_pkg_binaries
1024+
- upload_pkg_binaries
8941025
filters:
8951026
branches:
8961027
only:
@@ -949,7 +1080,7 @@ workflows:
9491080
- amplify_migration_tests_non_multi_env_layers
9501081
- amplify_migration_tests_multi_env_layers
9511082
- github_prerelease_install_sanity_check
952-
- build_pkg_binaries
1083+
- upload_pkg_binaries
9531084
filters:
9541085
branches:
9551086
only:

.circleci/local_publish_helpers.sh

Lines changed: 51 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -21,11 +21,6 @@ function uploadPkgCli {
2121
export version=$(./amplify-pkg-linux-x64 --version)
2222

2323
if [[ "$CIRCLE_BRANCH" == "release" ]] || [[ "$CIRCLE_BRANCH" =~ ^run-e2e-with-rc\/.* ]] || [[ "$CIRCLE_BRANCH" =~ ^release_rc\/.* ]] || [[ "$CIRCLE_BRANCH" =~ ^tagged-release ]]; then
24-
tar -czvf amplify-pkg-linux-arm64.tgz amplify-pkg-linux-arm64
25-
tar -czvf amplify-pkg-linux-x64.tgz amplify-pkg-linux-x64
26-
tar -czvf amplify-pkg-macos-x64.tgz amplify-pkg-macos-x64
27-
tar -czvf amplify-pkg-win-x64.tgz amplify-pkg-win-x64.exe
28-
2924
aws --profile=s3-uploader s3 cp amplify-pkg-win-x64.tgz s3://aws-amplify-cli-do-not-delete/$(echo $version)/amplify-pkg-win-x64-$(echo $hash).tgz
3025
aws --profile=s3-uploader s3 cp amplify-pkg-macos-x64.tgz s3://aws-amplify-cli-do-not-delete/$(echo $version)/amplify-pkg-macos-x64-$(echo $hash).tgz
3126
aws --profile=s3-uploader s3 cp amplify-pkg-linux-arm64.tgz s3://aws-amplify-cli-do-not-delete/$(echo $version)/amplify-pkg-linux-arm64-$(echo $hash).tgz
@@ -50,7 +45,6 @@ function uploadPkgCli {
5045
aws --profile=s3-uploader s3 cp amplify-pkg-linux-x64.tgz s3://aws-amplify-cli-do-not-delete/$(echo $version)/amplify-pkg-linux-x64.tgz
5146

5247
else
53-
tar -czvf amplify-pkg-linux-x64.tgz amplify-pkg-linux-x64
5448
aws --profile=s3-uploader s3 cp amplify-pkg-linux-x64.tgz s3://aws-amplify-cli-do-not-delete/$(echo $version)/amplify-pkg-linux-x64-$(echo $hash).tgz
5549
fi
5650

@@ -78,23 +72,65 @@ function generatePkgCli {
7872

7973
# Build pkg cli
8074
cp package.json ../build/node_modules/package.json
81-
if [[ "$CIRCLE_BRANCH" == "release" ]] || [[ "$CIRCLE_BRANCH" =~ ^run-e2e-with-rc\/.* ]] || [[ "$CIRCLE_BRANCH" =~ ^release_rc\/.* ]] || [[ "$CIRCLE_BRANCH" =~ ^tagged-release ]]; then
82-
# This will generate a file our arm64 binary
75+
76+
if [[ "$@" =~ 'arm' ]]; then
8377
npx pkg --no-bytecode --public-packages "*" --public -t node14-linux-arm64 ../build/node_modules -o ../out/amplify-pkg-linux-arm64
84-
# This will generate files for our x64 binaries.
85-
npx pkg -t node14-macos-x64 ../build/node_modules -o ../out/amplify-pkg-macos-x64
78+
tar -czvf ../out/amplify-pkg-linux-arm64.tgz ../out/amplify-pkg-linux-arm64
79+
fi
80+
81+
if [[ "$@" =~ 'linux' ]]; then
8682
npx pkg -t node14-linux-x64 ../build/node_modules -o ../out/amplify-pkg-linux-x64
87-
npx pkg -t node14-win-x64 ../build/node_modules -o ../out/amplify-pkg-win-x64.exe
88-
else
89-
# This will generate files for our x64 binaries.
83+
tar -czvf ../out/amplify-pkg-linux-x64.tgz ../out/amplify-pkg-linux-x64
84+
fi
85+
86+
if [[ "$@" =~ 'macos' ]]; then
9087
npx pkg -t node14-macos-x64 ../build/node_modules -o ../out/amplify-pkg-macos-x64
91-
npx pkg -t node14-linux-x64 ../build/node_modules -o ../out/amplify-pkg-linux-x64
92-
npx pkg -t node14-win-x64 ../build/node_modules -o ../out/amplify-pkg-win-x64.exe
88+
tar -czvf ../out/amplify-pkg-macos-x64.tgz ../out/amplify-pkg-macos-x64
9389
fi
9490

91+
if [[ "$@" =~ 'win' ]]; then
92+
npx pkg -t node14-win-x64 ../build/node_modules -o ../out/amplify-pkg-win-x64.exe
93+
tar -czvf ../out/amplify-pkg-win-x64.tgz ../out/amplify-pkg-win-x64.exe
94+
fi
9595

9696
cd ..
9797
}
98+
99+
function verifyPkgCli {
100+
echo "Human readable sizes"
101+
du -h out/*
102+
echo "Sizes in bytes"
103+
wc -c out/*
104+
105+
linux_compressed_binary_threshold_in_bytes=$((200 * 1024 * 1024))
106+
linux_compressed_binary_size=$(wc -c out/amplify-pkg-linux-x64.tgz | awk '{print $1}')
107+
if (( linux_compressed_binary_size > linux_compressed_binary_threshold_in_bytes )); then
108+
echo "Linux compressed binary size has grown over $linux_compressed_binary_threshold_in_bytes bytes"
109+
exit 1
110+
fi
111+
112+
macos_compressed_binary_threshold_in_bytes=$((200 * 1024 * 1024))
113+
macos_compressed_binary_size=$(wc -c out/amplify-pkg-macos-x64.tgz | awk '{print $1}')
114+
if (( macos_compressed_binary_size > macos_compressed_binary_threshold_in_bytes )); then
115+
echo "MacOS compressed binary size has grown over $macos_compressed_binary_threshold_in_bytes bytes"
116+
exit 1
117+
fi
118+
119+
win_compressed_binary_threshold_in_bytes=$((200 * 1024 * 1024))
120+
win_compressed_binary_size=$(wc -c out/amplify-pkg-win-x64.tgz | awk '{print $1}')
121+
if (( win_compressed_binary_size > win_compressed_binary_threshold_in_bytes )); then
122+
echo "Windows compressed binary size has grown over $win_compressed_binary_threshold_in_bytes bytes"
123+
exit 1
124+
fi
125+
126+
arm_compressed_binary_threshold_in_bytes=$((150 * 1024 * 1024))
127+
arm_compressed_binary_size=$(wc -c out/amplify-pkg-linux-arm64.tgz | awk '{print $1}')
128+
if (( arm_compressed_binary_size > arm_compressed_binary_threshold_in_bytes )); then
129+
echo "Windows compressed binary size has grown over $arm_compressed_binary_threshold_in_bytes bytes"
130+
exit 1
131+
fi
132+
}
133+
98134
function unsetNpmRegistryUrl {
99135
# Restore the original NPM and Yarn registry URLs
100136
npm set registry "https://registry.npmjs.org/"

.circleci/publish.sh

Lines changed: 23 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,27 @@
11
#!/bin/bash -e
2-
git config --global user.email $GITHUB_EMAIL
3-
git config --global user.name $GITHUB_USER
2+
3+
if [ -z "$GITHUB_EMAIL" ]; then
4+
if [[ "$LOCAL_PUBLISH_TO_LATEST" == "true" ]]; then
5+
git config --global user.email [email protected]
6+
else
7+
echo "GITHUB_EMAIL email is missing"
8+
exit 1
9+
fi
10+
else
11+
git config --global user.email $GITHUB_EMAIL
12+
fi
13+
14+
if [ -z "$GITHUB_USER" ]; then
15+
if [[ "$LOCAL_PUBLISH_TO_LATEST" == "true" ]]; then
16+
git config --global user.name "Doesnt Matter"
17+
else
18+
echo "GITHUB_USER email is missing"
19+
exit 1
20+
fi
21+
else
22+
git config --global user.name $GITHUB_USER
23+
fi
24+
425
if [[ "$CIRCLE_BRANCH" =~ ^tagged-release ]]; then
526
if [[ "$CIRCLE_BRANCH" =~ ^tagged-release-without-e2e-tests\/.* ]]; then
627
# Remove tagged-release-without-e2e-tests/

0 commit comments

Comments
 (0)