m1

imabhichow · imabhichow · commit 455cc01dec9c · 2025-07-14T07:28:20.000-07:00
diff --git a/codebuild/py312/examples_mpl.yml b/codebuild/py312/examples_mpl.yml
@@ -1,11 +1,8 @@
-# Runs the same tests as examples in an environment with the MPL installed
-# to assert existing tests continue to pass with the MPL installed.
-# Then, run MPL-specific tests.
 version: 0.2
 
 env:
   variables:
-    # No TOXENV. This runs multiple environments.
+    VERSION: 4.0.2
     REGION: "us-west-2"
     AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: >-
       arn:aws:kms:us-west-2:658956600833:key/b3537ef1-d8dc-4780-9f5a-55776cbb2f7f
@@ -19,23 +16,101 @@ env:
 phases:
   install:
     runtime-versions:
-      python: 3.12
-  build:
+      python: 3.11
     commands:
-      - cd /root/.pyenv/plugins/python-build/../.. && git pull && cd -
-      - pyenv install --skip-existing 3.12.0
-      - pyenv local 3.12.0
-      - pip install --upgrade pip
-      - pip install setuptools
+      # Check VERSION is available from either environment or env.variables
+      - |
+        if [ -z "$VERSION" ]; then
+          echo "Using default VERSION=$VERSION"
+        else
+          echo "Using provided VERSION=$VERSION"
+        fi
+      # Install the released package instead of the source
+      - echo "Installing aws-encryption-sdk version $VERSION"
+      - pip install "aws-encryption-sdk==$VERSION"
       - pip install "tox < 4.0"
-      # Run non-MPL-specific tests with the MPL installed
-      - tox -e py312-examples-mpl
-      # Assume special role to access keystore
-      - TMP_ROLE=$(aws sts assume-role --role-arn "arn:aws:iam::370957321024:role/GitHub-CI-Public-ESDK-Python-Role-us-west-2" --role-session-name "CB-Py312ExamplesMpl")
+  build:
+    commands:
+      # Create a simple tox.ini file for running examples with the installed package
+      - |
+        cat > release_validation_tox.ini << 'EOF'
+        [tox]
+        envlist = py311
+        skipsdist = True
+
+        [testenv]
+        passenv =
+            AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID
+            AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2
+            AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_1
+            AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_2
+            AWS_ACCESS_KEY_ID
+            AWS_SECRET_ACCESS_KEY
+            AWS_SESSION_TOKEN
+            AWS_CONTAINER_CREDENTIALS_RELATIVE_URI
+            AWS_PROFILE
+        deps =
+            pytest
+            pytest-mock
+            mock
+            coverage
+            pyyaml
+            moto
+            boto3
+            cryptography
+        commands =
+            # Run non-MPL examples
+            pytest examples/test/legacy/ -m examples
+            # Run all other examples
+            pytest examples/test/ -m examples --ignore examples/test/legacy/
+        EOF
+
+      # Run the examples with NUM_RETRIES to handle transient failures
+      - NUM_RETRIES=3
+      - |
+        while [ $NUM_RETRIES -gt 0 ]
+        do
+          tox -c release_validation_tox.ini -e py311
+          if [ $? -eq 0 ]; then
+            break
+          fi
+          NUM_RETRIES=$((NUM_RETRIES-1))
+          if [ $NUM_RETRIES -eq 0 ]; then
+            echo "All validation attempts failed, stopping"
+            exit 1;
+          else
+            echo "Validation failed, retrying in 60 seconds; will retry $NUM_RETRIES more times" && sleep 60
+          fi
+        done
+
+      # Assume special role for MPL-specific tests
+      - echo "Running tests with special role for MPL features"
+      - TMP_ROLE=$(aws sts assume-role --role-arn "arn:aws:iam::370957321024:role/GitHub-CI-Public-ESDK-Python-Role-us-west-2" --role-session-name "CB-ValidateReleased")
       - export TMP_ROLE
       - export AWS_ACCESS_KEY_ID=$(echo "${TMP_ROLE}" | jq -r '.Credentials.AccessKeyId')
       - export AWS_SECRET_ACCESS_KEY=$(echo "${TMP_ROLE}" | jq -r '.Credentials.SecretAccessKey')
       - export AWS_SESSION_TOKEN=$(echo "${TMP_ROLE}" | jq -r '.Credentials.SessionToken')
       - aws sts get-caller-identity
-      # Run MPL-specific tests with special role
-      - tox -e py312-mplexamples-mpl
+      
+      # Also install MPL requirements
+      - pip install -r requirements_mpl.txt
+      
+      # Run MPL-specific examples
+      - NUM_RETRIES=3
+      - |
+        while [ $NUM_RETRIES -gt 0 ]
+        do
+          # Only run the MPL-specific tests that require special permissions
+          # These would normally be run with py311-mplexamples-mpl
+          python -m pytest examples/test/ -m examples --ignore examples/test/legacy/
+          if [ $? -eq 0 ]; then
+            break
+          fi
+          NUM_RETRIES=$((NUM_RETRIES-1))
+          if [ $NUM_RETRIES -eq 0 ]; then
+            echo "All MPL validation attempts failed, stopping"
+            exit 1;
+          else
+            echo "MPL validation failed, retrying in 60 seconds; will retry $NUM_RETRIES more times" && sleep 60
+          fi
+        done
