bump,ci,fix: bump up dependencies and enable AOT

.github/workflows/release.yml

@@ -14,9 +14,24 @@ jobs:
   build:
     strategy:
       matrix:
-        runtime: ["linux-x64", "linux-arm64", "win-x64", "osx-x64", "osx-arm64"]
+        config:
+          - runtime: osx-x64
+            build_args: ""
+            os: ubuntu-latest
+          - runtime: osx-arm64
+            build_args: ""
+            os: ubuntu-latest
+          - runtime: linux-x64
+            build_args: --enable-aot
+            os: ubuntu-latest
+          - runtime: linux-arm64
+            build_args: --enable-aot
+            os: ubuntu-22.04
+          - runtime: win-x64
+            build_args: --enable-aot
+            os: windows-latest
     name: Build
-    runs-on: ubuntu-latest
+    runs-on: ${{ matrix.config.os }}
     steps:
       - name: Checkout
         uses: actions/checkout@v3
@@ -26,14 +41,26 @@ jobs:
         uses: actions/setup-dotnet@v3
         with:
           dotnet-version: '8.0.x'
+      - name: Setup ARM64 Emulator
+        if: matrix.config.runtime == 'linux-arm64'
+        run: |
+          sudo dpkg --add-architecture arm64
+          sudo bash -c 'cat > /etc/apt/sources.list.d/arm64.list <<EOF
+          deb [arch=arm64] http://ports.ubuntu.com/ubuntu-ports/ jammy main restricted
+          deb [arch=arm64] http://ports.ubuntu.com/ubuntu-ports/ jammy-updates main restricted
+          deb [arch=arm64] http://ports.ubuntu.com/ubuntu-ports/ jammy-backports main restricted universe multiverse
+          EOF'
+          sudo sed -i -e 's/deb http/deb [arch=amd64] http/g' /etc/apt/sources.list
+          sudo sed -i -e 's/deb mirror/deb [arch=amd64] mirror/g' /etc/apt/sources.list
+          sudo apt update
+          sudo apt install -y clang llvm binutils-aarch64-linux-gnu gcc-aarch64-linux-gnu zlib1g-dev:arm64
       - name: Build .NET project
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: bash ./scripts/build.sh "${GITHUB_REF_NAME}" ${{ matrix.runtime }}
-      - name: Upload ${{ matrix.runtime }} artifact
+        shell: bash
+        run: python3 ./scripts/build.py "${GITHUB_REF_NAME}" ${{ matrix.config.runtime }} ${{ matrix.config.build_args }}
+      - name: Upload ${{ matrix.config.runtime }} artifact
         uses: actions/upload-artifact@v3
         with:
-          name: ${{ matrix.runtime }}
+          name: ${{ matrix.config.runtime }}
           path: ${{ github.workspace }}/bin/artifacts/*
           retention-days: 1
   macos_codesign:

.github/workflows/test.yml

@@ -32,7 +32,7 @@ jobs:
           DEFAULT_BRANCH: main
           DEFAULT_WORKSPACE: ./Notation.Plugin.AzureKeyVault
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          FILTER_REGEX_EXCLUDE: '.*Tests/.*|.*.yml|.*/scripts/generate-certs.sh'
+          FILTER_REGEX_EXCLUDE: '.*Tests/.*|.*.yml|.*/scripts/generate-certs.sh|.*.py'
           VALIDATE_MARKDOWN: false
   test:
     name: Unit Testing and Build
@@ -51,32 +51,28 @@ jobs:
         run: make test
       - name: Upload coverage reports to Codecov
         uses: codecov/codecov-action@v3
-      - name: Build bianry for E2E testing
+      - name: Build Linux Binary
         run: |
-          ./scripts/build.sh v0.0.1 linux-x64
-          ./scripts/build.sh v0.0.1 win-x64
-          ./scripts/build.sh v0.0.1 osx-x64
+          # the binary will be used in E2E test
+          python3 ./scripts/build.py v0.0.1 linux-x64 --enable-aot
       - name: Upload Linux artifact
         if: github.event.pull_request.head.repo.full_name == github.repository || github.event_name == 'push'
         uses: actions/upload-artifact@v2
         with:
           name: linux-amd64-binary
           path: ./bin/artifacts/notation-azure-kv_0.0.1_linux_amd64.tar.gz
           retention-days: 1
+      - name: Build macOS Binary
+        run: |
+          # the binary will be used in E2E test
+          python3 ./scripts/build.py v0.0.1 osx-x64
       - name: Upload macOS artifact
         if: github.event.pull_request.head.repo.full_name == github.repository || github.event_name == 'push'
         uses: actions/upload-artifact@v2
         with:
           name: darwin-amd64-binary
           path: ./bin/artifacts/notation-azure-kv_0.0.1_darwin_amd64.tar.gz
           retention-days: 1
-      - name: Upload Windows artifact
-        if: github.event.pull_request.head.repo.full_name == github.repository || github.event_name == 'push'
-        uses: actions/upload-artifact@v2
-        with:
-          name: win-amd64-binary
-          path: ./bin/artifacts/notation-azure-kv_0.0.1_windows_amd64.zip
-          retention-days: 1
   e2e-mariner-container:
     name: E2E testing for Mariner container
     runs-on: ubuntu-latest
@@ -138,16 +134,18 @@ jobs:
           pluginChecksum: ${{ env.pluginChecksum }}
   e2e-windows:
     name: E2E testing on Windows
-    runs-on: windows-2022
+    runs-on: windows-latest
     needs: test
     if: github.event.pull_request.head.repo.full_name == github.repository || github.event_name == 'push'
     steps:
       - name: Check out code into the project directory
         uses: actions/checkout@v3
-      - uses: actions/download-artifact@v3
+      - name: Setup .NET
+        uses: actions/setup-dotnet@v4
         with:
-          name: win-amd64-binary
-          path: ./bin/artifacts
+          dotnet-version: '8.0.x'
+      - name: Build Windows Binary
+        run: python3 ./scripts/build.py v0.0.1 win-x64 --enable-aot
       - name: Run download server locally
         run: |
           # wsl bash

.gitignore

@@ -19,6 +19,7 @@ coverage.txt
 .vscode/
 .idea/
 .devcontainer
+.mono
 
 # binary output
 bin/

Notation.Plugin.AzureKeyVault/Notation.Plugin.AzureKeyVault.csproj

@@ -18,9 +18,9 @@
 
   <ItemGroup>
     <PackageReference Include="Azure.Identity" Version="1.10.4" />
-    <PackageReference Include="Azure.Security.KeyVault.Certificates" Version="4.5.1" />
-    <PackageReference Include="Azure.Security.KeyVault.Keys" Version="4.5.0" />
-    <PackageReference Include="Azure.Security.KeyVault.Secrets" Version="4.5.0" />
+    <PackageReference Include="Azure.Security.KeyVault.Certificates" Version="4.6.0" />
+    <PackageReference Include="Azure.Security.KeyVault.Keys" Version="4.6.0" />
+    <PackageReference Include="Azure.Security.KeyVault.Secrets" Version="4.6.0" />
     <PackageReference Include="System.Security.Cryptography.Pkcs" Version="8.0.0" />
   </ItemGroup>
 

notation-azure-kv.sln

@@ -0,0 +1,31 @@
+
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio Version 17
+VisualStudioVersion = 17.5.002.0
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Notation.Plugin.AzureKeyVault.Tests", "Notation.Plugin.AzureKeyVault.Tests\Notation.Plugin.AzureKeyVault.Tests.csproj", "{40C4B7A1-22EF-4A39-B7EB-5CCD4B55280C}"
+EndProject
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Notation.Plugin.AzureKeyVault", "Notation.Plugin.AzureKeyVault\Notation.Plugin.AzureKeyVault.csproj", "{8605E5E0-2031-44AE-BBDB-E77BCB7FC4C7}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|Any CPU = Debug|Any CPU
+		Release|Any CPU = Release|Any CPU
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{40C4B7A1-22EF-4A39-B7EB-5CCD4B55280C}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{40C4B7A1-22EF-4A39-B7EB-5CCD4B55280C}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{40C4B7A1-22EF-4A39-B7EB-5CCD4B55280C}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{40C4B7A1-22EF-4A39-B7EB-5CCD4B55280C}.Release|Any CPU.Build.0 = Release|Any CPU
+		{8605E5E0-2031-44AE-BBDB-E77BCB7FC4C7}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{8605E5E0-2031-44AE-BBDB-E77BCB7FC4C7}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{8605E5E0-2031-44AE-BBDB-E77BCB7FC4C7}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{8605E5E0-2031-44AE-BBDB-E77BCB7FC4C7}.Release|Any CPU.Build.0 = Release|Any CPU
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+	GlobalSection(ExtensibilityGlobals) = postSolution
+		SolutionGuid = {E33D37BA-53C5-4424-8536-7687A827BB1A}
+	EndGlobalSection
+EndGlobal

scripts/build.py

@@ -0,0 +1,82 @@
+import argparse
+import os
+import subprocess
+import tarfile
+import zipfile
+
+
+def main():
+    parser = argparse.ArgumentParser()
+    parser.add_argument("version", help="The version tag, starts with v")
+    parser.add_argument(
+        "runtime",
+        help="The runtime environment, e.g. win-x64, linux-x64, osx-x64, linux-arm64, osx-arm64",
+    )
+    parser.add_argument(
+        "--enable-aot", action="store_true", help="Enable AOT compilation"
+    )
+    args = parser.parse_args()
+
+    version = args.version.lstrip("v")
+    project_name = "notation-azure-kv"
+    output_dir = os.path.join(".", "bin", "publish")
+    os.makedirs(output_dir, exist_ok=True)
+    artifacts_dir = os.path.join(".", "bin", "artifacts")
+    os.makedirs(artifacts_dir, exist_ok=True)
+
+    # Get the latest commit hash
+    commit_hash = subprocess.check_output(
+        ["git", "log", "--pretty=format:%h", "-n", "1"]
+    ).decode("utf-8")
+    print(f"Commit hash: {commit_hash}")
+
+    # Prepare the dotnet publish command
+    publish_command = [
+        "dotnet",
+        "publish",
+        "./Notation.Plugin.AzureKeyVault",
+        "--configuration", "Release",
+        "--self-contained", "true",
+        f"-p:CommitHash={commit_hash}",
+        f"-p:Version={version}",
+        "-r", args.runtime,
+        "-o", os.path.join(output_dir, args.runtime),
+    ]
+
+    if args.enable_aot:
+        publish_command.append("-p:PublishAot=true")
+    else:
+        publish_command.append("-p:PublishSingleFile=true")
+
+    # Publish for each runtime
+    subprocess.run(publish_command, check=True)
+
+    # Determine the target platform
+    if args.runtime.startswith("win"):
+        ext = "zip"
+        binary_name = f"{project_name}.exe"
+    else:
+        ext = "tar.gz"
+        binary_name = project_name
+
+    # Apply the runtime name mapping
+    mapped_runtime = args.runtime.replace("x64", "amd64")
+    mapped_runtime = mapped_runtime.replace("win", "windows")
+    mapped_runtime = mapped_runtime.replace("osx", "darwin")
+    mapped_runtime = mapped_runtime.replace("-", "_")
+    artifact_name = f"{artifacts_dir}/{project_name}_{version}_{mapped_runtime}.{ext}"
+    binary_dir = f"{output_dir}/{args.runtime}"
+
+    # Create the artifact
+    if ext == "zip":
+        with zipfile.ZipFile(artifact_name, "w", zipfile.ZIP_DEFLATED) as zipf:
+            zipf.write(os.path.join(binary_dir, binary_name), arcname=binary_name)
+            zipf.write("LICENSE")
+    else:
+        with tarfile.open(artifact_name, "w:gz") as tar:
+            tar.add(os.path.join(binary_dir, binary_name), arcname=binary_name)
+            tar.add("LICENSE")
+
+
+if __name__ == "__main__":
+    main()