chore(ci): make the awslc fips install script version aware (#5100)

Co-authored-by: Lindsay Stewart <[email protected]>
Co-authored-by: Sam Clark <[email protected]>

Author: 3 people

codebuild/bin/install_awslc_fips.sh

@@ -0,0 +1,73 @@
+#!/usr/bin/env bash
+# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0
+set -eu
+
+usage() {
+    echo "install_awslc_fips.sh build_dir install_dir version"
+    exit 1
+}
+
+check_dep(){
+    if [[ ! -f "$(which $1)" ]]; then
+        echo "Could not find $1"
+        exit 1
+    fi
+}
+
+clone(){
+    git clone https://github.com/awslabs/aws-lc.git --branch "$AWSLC_BRANCH" --depth 1 $BUILD_DIR
+    cd "$BUILD_DIR"
+}
+
+build() {
+    echo "Building with shared library=$1"
+    cmake $BUILD_DIR \
+      -Bbuild \
+      -GNinja \
+      -DBUILD_SHARED_LIBS=$1 \
+      -DCMAKE_BUILD_TYPE=relwithdebinfo \
+      -DCMAKE_INSTALL_PREFIX="${INSTALL_DIR}" \
+      -DCMAKE_C_COMPILER=$(which clang) \
+      -DCMAKE_CXX_COMPILER=$(which clang++) \
+      -DFIPS="true"
+    ninja -j "$(nproc)" -C build install
+    ninja -C build clean
+}
+
+# main
+if [ "$#" -ne "3" ]; then
+    usage
+fi
+
+# Ensure tooling is available
+check_dep clang
+check_dep ninja
+check_dep go
+
+BUILD_DIR=$1
+INSTALL_DIR=$2
+VERSION=$3
+
+# Map version to a specific feature branch/tag.
+case $VERSION in
+  "2022")
+    AWSLC_BRANCH=AWS-LC-FIPS-2.0.17
+    ;;
+  "2024")
+    AWSLC_BRANCH=AWS-LC-FIPS-3.0.0
+    ;;
+  *)
+    echo "Unknown version: $VERSION"
+    usage
+    ;;
+esac
+
+clone
+# Static lib
+build false
+# Shared lib
+build true
+
+rm -rf $BUILD_DIR
+

codebuild/bin/install_awslc_fips_2022.sh

@@ -1,19 +1,7 @@
-#!/bin/bash
+#!/usr/bin/env bash
 # Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License").
-# You may not use this file except in compliance with the License.
-# A copy of the License is located at
-#
-#  http://aws.amazon.com/apache2.0
-#
-# or in the "license" file accompanying this file. This file is distributed
-# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
-# express or implied. See the License for the specific language governing
-# permissions and limitations under the License.
-
+# SPDX-License-Identifier: Apache-2.0
 set -eu
-pushd "$(pwd)"
 
 usage() {
     echo "install_awslc_fips_2022.sh build_dir install_dir"
@@ -24,38 +12,9 @@ if [ "$#" -ne "2" ]; then
     usage
 fi
 
+CBPATH=$(dirname $0)
 BUILD_DIR=$1
 INSTALL_DIR=$2
 
-if [[ ! -f "$(which clang)" ]]; then
-  echo "Could not find clang"
-  exit 1
-fi
-
-AWSLC_VERSION=AWS-LC-FIPS-2.0.17
-
-mkdir -p "$BUILD_DIR" || true
-cd "$BUILD_DIR"
-# --branch can also take tags and detaches the HEAD at that commit in the resulting repository
-# --depth 1 Create a shallow clone with a history truncated to 1 commit
-git clone https://github.com/awslabs/aws-lc.git --branch "$AWSLC_VERSION" --depth 1
-
-build() {
-    shared=$1
-    cmake . \
-      -Bbuild \
-      -GNinja \
-      -DBUILD_SHARED_LIBS="${shared}" \
-      -DCMAKE_BUILD_TYPE=relwithdebinfo \
-      -DCMAKE_INSTALL_PREFIX="${INSTALL_DIR}" \
-      -DCMAKE_C_COMPILER=$(which clang) \
-      -DCMAKE_CXX_COMPILER=$(which clang++) \
-      -DFIPS=1
-    ninja -j "$(nproc)" -C build install
-    ninja -C build clean
-}
-
-build 0
-build 1
+$CBPATH/install_awslc_fips.sh $@ 2022
 
-exit 0

codebuild/bin/install_awslc_fips_2024.sh

@@ -0,0 +1,18 @@
+#!/usr/bin/env bash
+# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0
+set -eu
+
+usage() {
+    echo "install_awslc_fips_2024.sh build_dir install_dir"
+    exit 1
+}
+
+if [ "$#" -ne "2" ]; then
+    usage
+fi
+
+CBPATH=$(dirname $0)
+
+$CBPATH/install_awslc_fips.sh $@ 2024
+