From 6dd04dc8a0e2e30771388d1744539349096327c7 Mon Sep 17 00:00:00 2001 From: texastony <5892063+texastony@users.noreply.github.com> Date: Mon, 26 Jan 2026 16:21:03 -0600 Subject: [PATCH 1/4] chore: use HTTPS for spec --- .gitmodules | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitmodules b/.gitmodules index b4e128ffa..b2d1f5495 100644 --- a/.gitmodules +++ b/.gitmodules @@ -1,3 +1,3 @@ [submodule "specification"] path = specification - url = git@github.com:awslabs/aws-encryption-sdk-specification.git \ No newline at end of file + url = https://github.com/awslabs/aws-encryption-sdk-specification.git From 6eed875604d70b2f428e77e61666616ddb5021c5 Mon Sep 17 00:00:00 2001 From: texastony <5892063+texastony@users.noreply.github.com> Date: Mon, 26 Jan 2026 16:29:03 -0600 Subject: [PATCH 2/4] remove spec --- .gitmodules | 3 --- specification | 1 - 2 files changed, 4 deletions(-) delete mode 160000 specification diff --git a/.gitmodules b/.gitmodules index b2d1f5495..e69de29bb 100644 --- a/.gitmodules +++ b/.gitmodules @@ -1,3 +0,0 @@ -[submodule "specification"] - path = specification - url = https://github.com/awslabs/aws-encryption-sdk-specification.git diff --git a/specification b/specification deleted file mode 160000 index 280a89401..000000000 --- a/specification +++ /dev/null @@ -1 +0,0 @@ -Subproject commit 280a894019cd1b4efc6b16cfb233bf1ec21bc508 From 322493b7aec5c1a323670a25dbb860ebf19a5b03 Mon Sep 17 00:00:00 2001 From: texastony <5892063+texastony@users.noreply.github.com> Date: Wed, 28 Jan 2026 15:58:25 -0600 Subject: [PATCH 3/4] duvet: point specification to private --- .gitmodules | 4 ++++ specification | 1 + 2 files changed, 5 insertions(+) create mode 160000 specification diff --git a/.gitmodules b/.gitmodules index e69de29bb..dfb50261f 100644 --- a/.gitmodules +++ b/.gitmodules @@ -0,0 +1,4 @@ +[submodule "private_aws"] + path = specification + url = git@github.com:awslabs/private-aws-encryption-sdk-specification-staging.git + branch = tonyknap/todo-cbc-encryption diff --git a/specification b/specification new file mode 160000 index 000000000..87f974b22 --- /dev/null +++ b/specification @@ -0,0 +1 @@ +Subproject commit 87f974b22cbc1678f6be3dfd821c89c0fd51a595 From 71304feccef6f045af7f123842a8069dddcda714 Mon Sep 17 00:00:00 2001 From: texastony <5892063+texastony@users.noreply.github.com> Date: Fri, 30 Jan 2026 14:45:47 -0600 Subject: [PATCH 4/4] chore(duvet): modernize duvet --- .duvet/.gitignore | 3 +++ .duvet/config.toml | 21 ++++++++++++++++++ .github/workflows/duvet.yml | 44 +++++++++++++++++++++++++++++++++++++ Makefile | 19 +++++++--------- specification | 2 +- 5 files changed, 77 insertions(+), 12 deletions(-) create mode 100644 .duvet/.gitignore create mode 100644 .duvet/config.toml create mode 100644 .github/workflows/duvet.yml diff --git a/.duvet/.gitignore b/.duvet/.gitignore new file mode 100644 index 000000000..93956e36d --- /dev/null +++ b/.duvet/.gitignore @@ -0,0 +1,3 @@ +reports/ +requirements/ +specification/ \ No newline at end of file diff --git a/.duvet/config.toml b/.duvet/config.toml new file mode 100644 index 000000000..9c8d5692f --- /dev/null +++ b/.duvet/config.toml @@ -0,0 +1,21 @@ +'$schema' = "https://awslabs.github.io/duvet/config/v0.4.0.json" + +[[source]] +pattern = "src/**/*.java" + +# Include required specifications here +[[specification]] +source = "specification/s3-encryption/client.md" +[[specification]] +source = "specification/s3-encryption/materials/keyrings.md" +[[specification]] +source = "specification/s3-encryption/materials/s3-keyring.md" +[[specification]] +source = "specification/s3-encryption/materials/s3-kms-keyring.md" + +[report.html] +enabled = true + +# Enable snapshots to prevent requirement coverage regressions +[report.snapshot] +enabled = false diff --git a/.github/workflows/duvet.yml b/.github/workflows/duvet.yml new file mode 100644 index 000000000..366348689 --- /dev/null +++ b/.github/workflows/duvet.yml @@ -0,0 +1,44 @@ +name: duvet + +on: + workflow_call: + # Optional inputs that can be provided when calling this workflow + +jobs: + test: + runs-on: macos-latest + permissions: + id-token: write + contents: read + pages: write + + steps: + - name: Checkout code + uses: actions/checkout@v5 + with: + submodules: true + + - name: Setup Rust toolchain + uses: actions-rust-lang/setup-rust-toolchain@v1 + with: + toolchain: stable + + - name: Clone duvet repository + run: git clone https://github.com/awslabs/duvet.git /tmp/duvet + + - name: Build and install duvet + run: | + cd /tmp/duvet + cargo xtask build + cargo install --path ./duvet + + - name: Run duvet + run: make duvet + + - name: Upload duvet reports + uses: actions/upload-artifact@v4 + with: + name: reports + include-hidden-files: true + path: .duvet/reports/report.html + diff --git a/Makefile b/Makefile index 1c60b7a64..1288d27da 100644 --- a/Makefile +++ b/Makefile @@ -1,15 +1,12 @@ # Used for misc supporting functions like Duvet and prettier. Builds, tests, etc. should use the usual Java/Maven tooling. -duvet: | duvet_extract duvet_report - -duvet_extract: - rm -rf compliance - $(foreach file, $(shell find specification/s3-encryption -name '*.md'), duvet extract -o compliance -f MARKDOWN $(file);) +duvet: | duvet_clean duvet_report duvet_report: - duvet \ - report \ - --spec-pattern "compliance/**/*.toml" \ - --source-pattern "src/**/*.java" \ - --source-pattern "compliance_exceptions/*.txt" \ - --html specification_compliance_report.html + duvet report + +duvet-view-report-mac: + open .duvet/reports/report.html + +duvet_clean: + rm -rf .duvet/reports/ .duvet/requirements/ diff --git a/specification b/specification index 87f974b22..280a89401 160000 --- a/specification +++ b/specification @@ -1 +1 @@ -Subproject commit 87f974b22cbc1678f6be3dfd821c89c0fd51a595 +Subproject commit 280a894019cd1b4efc6b16cfb233bf1ec21bc508