johubertj
diff --git a/‎.git-blame-ignore-revs
Lines changed: 2 additions & 0 deletions b/‎.git-blame-ignore-revs
Lines changed: 2 additions & 0 deletions
diff --git a/‎.github/ISSUE_TEMPLATE/custom.md
Lines changed: 4 additions & 0 deletions b/‎.github/ISSUE_TEMPLATE/custom.md
Lines changed: 4 additions & 0 deletions
diff --git a/‎.github/ISSUE_TEMPLATE/s2n-issue.md
Lines changed: 4 additions & 0 deletions b/‎.github/ISSUE_TEMPLATE/s2n-issue.md
Lines changed: 4 additions & 0 deletions
diff --git a/‎.github/dependabot.yml
Lines changed: 2 additions & 1 deletion b/‎.github/dependabot.yml
Lines changed: 2 additions & 1 deletion
diff --git a/‎.github/install_osx_dependencies.sh
Lines changed: 1 addition & 1 deletion b/‎.github/install_osx_dependencies.sh
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/s2n_osx.sh
Lines changed: 6 additions & 6 deletions b/‎.github/s2n_osx.sh
Lines changed: 6 additions & 6 deletions
diff --git a/‎.github/teams.yml
Lines changed: 2 additions & 1 deletion b/‎.github/teams.yml
Lines changed: 2 additions & 1 deletion
diff --git a/‎.github/workflows/bench.yml
Lines changed: 9 additions & 4 deletions b/‎.github/workflows/bench.yml
Lines changed: 9 additions & 4 deletions
diff --git a/‎.github/workflows/ci_compliance.yml
Lines changed: 1 addition & 0 deletions b/‎.github/workflows/ci_compliance.yml
Lines changed: 1 addition & 0 deletions
diff --git a/‎.github/workflows/ci_freebsd.yml
Lines changed: 2 additions & 0 deletions b/‎.github/workflows/ci_freebsd.yml
Lines changed: 2 additions & 0 deletions
diff --git a/‎.github/workflows/ci_linting.yml
Lines changed: 75 additions & 15 deletions b/‎.github/workflows/ci_linting.yml
Lines changed: 75 additions & 15 deletions
diff --git a/‎.github/workflows/ci_openbsd.yml
Lines changed: 3 additions & 1 deletion b/‎.github/workflows/ci_openbsd.yml
Lines changed: 3 additions & 1 deletion
@@ -39,3 +39,5 @@ f5351ef6629d1f6de144ab478bf4294ec277b321
 e8cdc1ae63ff1de6f14cf91e3c317fbf57c198ec
 # clang-format `utils/` and enforce in ci (#3651)
 be8ad6c027b50e9dc86d8f8eb729ce88f2d4206d
+# Ruff format updated CI and code (#5138)
+ac1d09851b4d625f83d1fa68b467abbca8fdd408
@@ -17,6 +17,10 @@ AWS Security via our [vulnerability reporting page](http://aws.amazon.com/securi
 
 A short description of what the problem is and why we need to fix it. Add reproduction steps if necessary.
 
+### Need By Date:
+
+Do you have a date that you need this issue resolved by? What is the reason for that date, and what are the consequences of missing it? Any additional information you can provide to help prioritize the issue is appreciated. However, we cannot guarantee that this issue will be fixed by the requested date.
+
 ### Solution:
 
 A description of the possible solution in terms of S2N architecture. Highlight and explain any potentially controversial design decisions taken.
 
@@ -16,6 +16,10 @@ AWS Security via our [vulnerability reporting page](http://aws.amazon.com/securi
 
 A short description of what the problem is and why we need to fix it. Add reproduction steps if necessary.
 
+### Need By Date:
+
+Do you have a date that you need this issue resolved by? What is the reason for that date, and what are the consequences of missing it? Any additional information you can provide to help prioritize the issue is appreciated. However, we cannot guarantee that this issue will be fixed by the requested date.
+
 ### Solution:
 
 A description of the possible solution in terms of S2N architecture. Highlight and explain any potentially controversial design decisions taken.
 
@@ -31,6 +31,7 @@ updates:
   # restricted-MSRV, so don't do batch updates
   - package-ecosystem: "cargo"
     directories:
-      - "/bindings/rust"
+      - "/bindings/rust/standard"
+      - "/bindings/rust/extended"
     schedule:
       interval: "daily"
@@ -26,4 +26,4 @@ brew_install_if_not_installed coreutils
 brew_install_if_not_installed cppcheck
 brew_install_if_not_installed pkg-config  # for gnutls compilation
 brew_install_if_not_installed ninja
-brew_install_if_not_installed openssl@1.1 # for libcrypto
+brew_install_if_not_installed openssl@3 # for libcrypto
@@ -14,25 +14,25 @@
 # permissions and limitations under the License.
 #
 set -eu
-source codebuild/bin/s2n_setup_env.sh
 
+export S2N_LIBCRYPTO=openssl-3.4
 export CTEST_OUTPUT_ON_FAILURE=1
-BREWINSTLLPATH=$(brew --prefix openssl@1.1)
-OPENSSL_1_1_1_INSTALL_DIR="${BREWINSTLLPATH:-"/usr/local/Cellar/openssl@1.1/1.1.1?"}"
+BREWINSTLLPATH=$(brew --prefix openssl@3)
+OPENSSL_3_INSTALL_DIR="${BREWINSTLLPATH:-"/opt/homebrew/Cellar/openssl@3"}"
 
-echo "Using OpenSSL at $OPENSSL_1_1_1_INSTALL_DIR"
+echo "Using OpenSSL at $OPENSSL_3_INSTALL_DIR"
 # Build with debug symbols and a specific OpenSSL version
 cmake . -Bbuild -GNinja \
 -DCMAKE_BUILD_TYPE=Debug \
--DCMAKE_PREFIX_PATH=${OPENSSL_1_1_1_INSTALL_DIR} ..
+-DCMAKE_PREFIX_PATH=${OPENSSL_3_INSTALL_DIR} ..
 
 cmake --build ./build -j $(nproc)
 time CTEST_PARALLEL_LEVEL=$(nproc) ninja -C build test
 
 # Build shared library
 cmake . -Bbuild -GNinja \
 -DCMAKE_BUILD_TYPE=Debug \
--DCMAKE_PREFIX_PATH=${OPENSSL_1_1_1_INSTALL_DIR} .. \
+-DCMAKE_PREFIX_PATH=${OPENSSL_3_INSTALL_DIR} .. \
 -DBUILD_SHARED_LIBS=ON
 
 cmake --build ./build -j $(nproc)
 
@@ -8,4 +8,5 @@ s2n-core:
   - '@jmayclin'
   - '@jouho'
   - '@boquan-fang'
-  - '@CarolYeh910'
+  - '@CarolYeh910'
+  - '@johubertj'
@@ -1,6 +1,8 @@
 name: Benchmarking
 
 on:
+  pull_request:
+    branches: [main]
   push:
     branches: [main]
   schedule:
@@ -29,23 +31,26 @@ jobs:
           pip3 install "boto3[crt]"
 
       - name: Generate
-        working-directory: bindings/rust
+        working-directory: bindings/rust/extended
         run: ./generate.sh --skip-tests
 
       - name: Benchmark
-        working-directory: bindings/rust/bench
+        working-directory: bindings/rust/standard/bench
         run: cargo criterion --message-format json > criterion_output.log
 
       - name: Configure AWS Credentials
-        uses: aws-actions/[email protected]
+        # Only continue with the workflow to emit metrics on code that has been merged to main.
+        if: github.event_name != 'pull_request'
+        uses: aws-actions/[email protected]
         with:
           role-to-assume: arn:aws:iam::024603541914:role/GitHubOIDCRole
           role-session-name: s2ntlsghabenchsession
           aws-region: us-west-2
 
       - name: Emit CloudWatch metrics
+        if: github.event_name != 'pull_request'
         run: |
           python3 .github/bin/criterion_to_cloudwatch.py \
-            --criterion_output_path bindings/rust/bench/criterion_output.log \
+            --criterion_output_path bindings/rust/standard/bench/criterion_output.log \
             --namespace s2n-tls-bench \
             --platform ${{ runner.os }}-${{ runner.arch }}
@@ -31,6 +31,7 @@ jobs:
       - name: Run duvet action
         uses: ./s2n-quic/.github/actions/duvet
         with:
+          duvet-version: 0.3.0 # Pin until we fix parsing issues
           s2n-quic-dir: ./s2n-quic
           report-script: compliance/generate_report.sh
           role-to-assume: arn:aws:iam::024603541914:role/GitHubOIDCRole
 
@@ -1,6 +1,8 @@
 name: FreeBSD
 
 on:
+  push:
+    branches: [main]
   pull_request:
     branches: [main]
   merge_group:
 
@@ -1,17 +1,16 @@
 ---
 name: Linters
 on:
+  push:
+    branches: [main]
   pull_request:
     branches: [main]
   merge_group:
     types: [checks_requested]
     branches: [main]
 jobs:
   cppcheck:
-    # ubuntu-latest introduced a newer gcc version that cannot compile cppcheck 2.3
-    # TODO: upgrade to latest cppcheck and revert to ubuntu-latest
-    #       see https://github.com/aws/s2n-tls/issues/3656
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-latest
     env:
       CPPCHECK_INSTALL_DIR: test-deps/cppcheck
     steps:
@@ -72,21 +71,40 @@ jobs:
         run: |
           ./codebuild/bin/run_kwstyle.sh
           ./codebuild/bin/cpp_style_comment_linter.sh
-  pepeight:
+
+  ruff:
     runs-on: ubuntu-latest
     steps:
       - name: checkout
         uses: actions/checkout@v4
-      - name: Run autopep8
-        id: autopep8
-        uses: peter-evans/autopep8@v2
-        with:
-          args: --diff --exit-code .
-      - name: Check exit code
-        if: steps.autopep8.outputs.exit-code != 0
+
+      - name: Set up uv
+        uses: astral-sh/setup-uv@v5
+
+      - name: Run Ruff formatting check
+        working-directory: tests/integrationv2
+        id: ruff_format
+        run: uv run ruff format --diff .
+        continue-on-error: true
+
+      - name: Check format exit code
+        if: steps.ruff_format.outcome == 'failure'
         run: |
-            echo "Run 'autopep8 --in-place .' to fix"
+            echo "Run 'ruff format .' to fix formatting issues"
             exit 1
+
+      - name: Run Ruff lint check
+        working-directory: tests/integrationv2
+        id: ruff_lint
+        run: uv run ruff check .
+        continue-on-error: true
+
+      - name: Check lint exit code
+        if: steps.ruff_lint.outcome == 'failure'
+        run: |
+          echo "Linting issues detected. Run 'ruff check .' locally to see errors and fix them."
+          exit 1
+
   clang-format:
     runs-on: ubuntu-latest
     steps:
@@ -101,7 +119,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
-      - uses: nixbuild/nix-quick-install-action@v29
+      - uses: nixbuild/nix-quick-install-action@v30
         with:
           nix_conf: experimental-features = nix-command flakes
       - name: nix flake check
@@ -110,7 +128,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
-      - uses: nixbuild/nix-quick-install-action@v29
+      - uses: nixbuild/nix-quick-install-action@v30
         with:
           nix_conf: experimental-features = nix-command flakes
       - name: nix fmt
@@ -128,3 +146,45 @@ jobs:
           exit 1
       - name: Success
         run: echo "All nix files passed format check"
+        
+  validate_start_codebuild_script:
+    name: validate start_codebuild.sh
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: pause
+        run: "sleep 120"
+      - name: retrieve statuses
+        id: get_statuses
+        uses: octokit/[email protected]
+        with:
+          route: GET /repos/{repo}/commits/{ref}/statuses?per_page=100
+          repo: ${{ github.repository }}
+          ref: ${{ github.event.merge_group.head_sha || github.event.pull_request.head.sha || github.event.after }}
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      - name: check start_codebuild.sh against statuses
+        id: github_builds
+        run: |
+            from_github=$(
+                jq '.[] | .description' <<< '${{ steps.get_statuses.outputs.data }}' \
+                    | grep "for project" \
+                    | sed -r "s/^.*?for project (.*?)\"$/\1/" \
+                    | sort -u
+            )
+            if [ -z "$from_github" ]; then
+                echo "No codebuild job statuses!"
+                echo "You may need to kick off the codebuild jobs with" \
+                    "./codebuild/bin/start_codebuild.sh and then retry."
+                exit 1
+            fi
+            echo builds from github statuses:
+            printf "$from_github\n\n"
+            from_file=$(
+                source codebuild/bin/start_codebuild.sh > /dev/null \
+                || printf "%s\n" "${BUILDS[@]}" | cut -d" " -f1 | sort -u
+            )
+            echo builds from start_codebuild.sh:
+            printf "$from_file\n\n"
+            echo "diff output:"
+            diff <(echo "$from_github") <(echo "$from_file")
@@ -1,6 +1,8 @@
 name: OpenBSD
 
 on:
+  push:
+    branches: [main]
   pull_request:
     branches: [main]
   merge_group:
@@ -15,7 +17,7 @@ jobs:
       - uses: actions/checkout@v4
       - name: Build and test in OpenBSD
         id: test
-        uses: cross-platform-actions/action@v0.26.0
+        uses: cross-platform-actions/action@v0.27.0
         with:
           operating_system: openbsd
           architecture: x86-64