From a3187cfbd3124b65382f6147116700a86900c032 Mon Sep 17 00:00:00 2001
From: Andy Jewell <ajewell@amazon.com>
Date: Thu, 5 Dec 2024 17:03:20 -0500
Subject: [PATCH 1/4] chore: automate release

---
 .../runtimes/rust/start_release.sh            | 32 +++++++++++++++++
 .../runtimes/rust/test_examples/.gitignore    |  3 ++
 .../runtimes/rust/test_examples/Cargo.toml    | 30 ++++++++++++++++
 .../runtimes/rust/test_published.sh           |  9 +++++
 releases/rust/db_esdk/.gitignore~             | 35 -------------------
 5 files changed, 74 insertions(+), 35 deletions(-)
 create mode 100755 DynamoDbEncryption/runtimes/rust/start_release.sh
 create mode 100644 DynamoDbEncryption/runtimes/rust/test_examples/.gitignore
 create mode 100644 DynamoDbEncryption/runtimes/rust/test_examples/Cargo.toml
 create mode 100755 DynamoDbEncryption/runtimes/rust/test_published.sh
 delete mode 100644 releases/rust/db_esdk/.gitignore~

diff --git a/DynamoDbEncryption/runtimes/rust/start_release.sh b/DynamoDbEncryption/runtimes/rust/start_release.sh
new file mode 100755
index 000000000..841071c82
--- /dev/null
+++ b/DynamoDbEncryption/runtimes/rust/start_release.sh
@@ -0,0 +1,32 @@
+#!/bin/bash
+
+cd $( dirname ${BASH_SOURCE[0]} )
+
+REGEX_VERSION='^\d+\.\d+\.\d+$'
+
+echo "$1" | egrep -q $REGEX_VERSION
+if [ $? -ne 0 ]; then
+   echo 1>&2 "Version \"$1\" must be N.N.N"
+   exit 1
+fi
+
+perl -pe "s/^version = .*$/version = \"$1\"/" < Cargo.toml > new_Cargo.toml
+mv new_Cargo.toml Cargo.toml
+
+find src -depth 1 | egrep -v '(intercept.rs|lib.rs|software_externs.rs)' | xargs rm -rf
+cd ../..
+make polymorph_rust transpile_rust test_rust
+cd runtimes/rust
+rm -rf target
+rm -rf ../../../releases/rust/db_esdk
+cp -r . ../../../releases/rust/db_esdk
+cd ../../../releases/rust/db_esdk
+git checkout dafny_runtime_rust
+rm -f *~
+rm -f copy_externs.sh prepare_release.sh test_release *.pem
+echo Cargo.lock > .gitignore
+echo target >> .gitignore
+
+cargo test
+cargo run --example main
+rm -f Cargo.lock *.pem
diff --git a/DynamoDbEncryption/runtimes/rust/test_examples/.gitignore b/DynamoDbEncryption/runtimes/rust/test_examples/.gitignore
new file mode 100644
index 000000000..78ee6533f
--- /dev/null
+++ b/DynamoDbEncryption/runtimes/rust/test_examples/.gitignore
@@ -0,0 +1,3 @@
+*~
+*.pem
+src
diff --git a/DynamoDbEncryption/runtimes/rust/test_examples/Cargo.toml b/DynamoDbEncryption/runtimes/rust/test_examples/Cargo.toml
new file mode 100644
index 000000000..021594876
--- /dev/null
+++ b/DynamoDbEncryption/runtimes/rust/test_examples/Cargo.toml
@@ -0,0 +1,30 @@
+[package]
+name = "aws-db-esdk-examples"
+version = "0.1.0"
+edition = "2021"
+rust-version = "1.80.0"
+keywords = ["cryptography", "security", "dynamodb", "encryption", "client-side"]
+license = "ISC AND (Apache-2.0 OR ISC)"
+description = "aws-db-esdk is a library for implementing client side encryption with DynamoDB."
+homepage = "https://github.com/aws/aws-database-encryption-sdk-dynamodb/tree/main/releases/rust/db_esdk"
+repository = "https://github.com/aws/aws-database-encryption-sdk-dynamodb/tree/main/releases/rust/db_esdk"
+authors = ["AWS-CryptoTools"]
+documentation = "https://docs.rs/crate/aws-db-esdk"
+readme = "README.md"
+
+# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
+
+[dependencies]
+aws-config = "1.5.10"
+aws-lc-rs = "1.11.1"
+aws-lc-sys = "0.23.1"
+aws-sdk-dynamodb = "1.54.0"
+aws-sdk-kms = "1.50.0"
+aws-smithy-runtime-api = {version = "1.7.3", features = ["client"] }
+aws-smithy-types = "1.2.9"
+chrono = "0.4.38"
+dafny-runtime = "0.1.1"
+dashmap = "6.1.0"
+pem = "3.0.4"
+tokio = {version = "1.41.1", features = ["full"] }
+uuid = { version = "1.11.0", features = ["v4"] }
diff --git a/DynamoDbEncryption/runtimes/rust/test_published.sh b/DynamoDbEncryption/runtimes/rust/test_published.sh
new file mode 100755
index 000000000..767c43c07
--- /dev/null
+++ b/DynamoDbEncryption/runtimes/rust/test_published.sh
@@ -0,0 +1,9 @@
+#!/bin/bash -eu
+
+cd $( dirname ${BASH_SOURCE[0]} )
+
+rm -rf test_examples/src
+cp -r examples test_examples/src/
+cd test_examples
+cargo add aws-db-esdk
+cargo run
diff --git a/releases/rust/db_esdk/.gitignore~ b/releases/rust/db_esdk/.gitignore~
deleted file mode 100644
index f39a07024..000000000
--- a/releases/rust/db_esdk/.gitignore~
+++ /dev/null
@@ -1,35 +0,0 @@
-*.pem
-Cargo.lock
-src/aes_gcm.rs
-src/aes_kdf_ctr.rs
-src/client
-src/client.rs
-src/concurrent_call.rs
-src/conversions
-src/conversions.rs
-src/dafny_libraries.rs
-src/ddb.rs
-src/deps
-src/deps.rs
-src/digest.rs
-src/ecdh.rs
-src/ecdsa.rs
-src/error
-src/error.rs
-src/hmac.rs
-src/implementation_from_dafny.rs
-src/kms.rs
-src/local_cmc.rs
-src/operation
-src/operation.rs
-src/random.rs
-src/rsa.rs
-src/sets.rs
-src/standard_library_conversions.rs
-src/standard_library_externs.rs
-src/storm_tracker.rs
-src/time.rs
-src/types
-src/types.rs
-src/uuid.rs
-target

From 9b46b01c781ed028c5d114adbe7d15adddc35532 Mon Sep 17 00:00:00 2001
From: Andy Jewell <ajewell@amazon.com>
Date: Fri, 6 Dec 2024 08:12:36 -0500
Subject: [PATCH 2/4] chore: create Rust release runbook

---
 DynamoDbEncryption/runtimes/rust/RELEASE.md       | 10 ++++++++++
 DynamoDbEncryption/runtimes/rust/start_release.sh |  6 +++---
 2 files changed, 13 insertions(+), 3 deletions(-)
 create mode 100644 DynamoDbEncryption/runtimes/rust/RELEASE.md

diff --git a/DynamoDbEncryption/runtimes/rust/RELEASE.md b/DynamoDbEncryption/runtimes/rust/RELEASE.md
new file mode 100644
index 000000000..6c4c90181
--- /dev/null
+++ b/DynamoDbEncryption/runtimes/rust/RELEASE.md
@@ -0,0 +1,10 @@
+To publish a new version of the aws-db-esdk, version 1.2.3
+
+1. Acquire the appropriate permissions
+1. Ensure git checkout of main is fresh and clean
+1. ./start_release.sh 1.2.3
+1. cd ../../../releases/rust/db_esdk
+1. Create a PR with changes
+1. cargo publish
+1. cd ../../../DynamoDbEncryption/runtimes/rust/ # i.e. return here
+1. ./test_published.sh
diff --git a/DynamoDbEncryption/runtimes/rust/start_release.sh b/DynamoDbEncryption/runtimes/rust/start_release.sh
index 841071c82..ca28d30f5 100755
--- a/DynamoDbEncryption/runtimes/rust/start_release.sh
+++ b/DynamoDbEncryption/runtimes/rust/start_release.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/bash -eu
 
 cd $( dirname ${BASH_SOURCE[0]} )
 
@@ -22,11 +22,11 @@ rm -rf ../../../releases/rust/db_esdk
 cp -r . ../../../releases/rust/db_esdk
 cd ../../../releases/rust/db_esdk
 git checkout dafny_runtime_rust
-rm -f *~
-rm -f copy_externs.sh prepare_release.sh test_release *.pem
+rm -rf *~ copy_externs.sh start_release.sh test_published.sh test_examples *.pem RELEASE.md
 echo Cargo.lock > .gitignore
 echo target >> .gitignore
 
 cargo test
 cargo run --example main
 rm -f Cargo.lock *.pem
+

From 38b0f3f3c341302f4b0b8e29cbeeb47fc1d67d66 Mon Sep 17 00:00:00 2001
From: Andy Jewell <ajewell@amazon.com>
Date: Fri, 6 Dec 2024 10:47:40 -0500
Subject: [PATCH 3/4] m

---
 DynamoDbEncryption/runtimes/rust/src/lib.rs | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/DynamoDbEncryption/runtimes/rust/src/lib.rs b/DynamoDbEncryption/runtimes/rust/src/lib.rs
index eeea2b4b4..9832c4c17 100644
--- a/DynamoDbEncryption/runtimes/rust/src/lib.rs
+++ b/DynamoDbEncryption/runtimes/rust/src/lib.rs
@@ -3,6 +3,8 @@
 
 #![allow(warnings, unconditional_panic)]
 #![allow(nonstandard_style)]
+#![allow(clippy::never_loop)]
+#![allow(clippy::absurd_extreme_comparisons)]
 
 pub mod client;
 pub mod conversions;
@@ -30,7 +32,7 @@ pub use crate::deps::aws_cryptography_materialProviders;
 pub use crate::deps::aws_cryptography_primitives;
 
 pub(crate) mod implementation_from_dafny;
-pub(crate) use crate::implementation_from_dafny::r#_Wrappers_Compile;
+pub(crate) use crate::implementation_from_dafny::_Wrappers_Compile;
 pub(crate) use crate::implementation_from_dafny::software;
 pub(crate) use crate::implementation_from_dafny::AesKdfCtr;
 pub(crate) use crate::implementation_from_dafny::ConcurrentCall;

From 7a43c49469913afd4e4d562a49d30f2c94966b7a Mon Sep 17 00:00:00 2001
From: Andy Jewell <ajewell@amazon.com>
Date: Fri, 6 Dec 2024 12:41:44 -0500
Subject: [PATCH 4/4] m

---
 DynamoDbEncryption/runtimes/rust/RELEASE.md   |  8 +++----
 .../runtimes/rust/start_release.sh            | 10 ++++++---
 .../runtimes/rust/test_examples/Cargo.toml    |  8 -------
 .../runtimes/rust/test_published.sh           | 21 +++++++++++++++++++
 4 files changed, 32 insertions(+), 15 deletions(-)

diff --git a/DynamoDbEncryption/runtimes/rust/RELEASE.md b/DynamoDbEncryption/runtimes/rust/RELEASE.md
index 6c4c90181..ddcfecdec 100644
--- a/DynamoDbEncryption/runtimes/rust/RELEASE.md
+++ b/DynamoDbEncryption/runtimes/rust/RELEASE.md
@@ -1,10 +1,10 @@
-To publish a new version of the aws-db-esdk, version 1.2.3
+To publish a new version of the aws-db-esdk for version N.N.N
 
 1. Acquire the appropriate permissions
 1. Ensure git checkout of main is fresh and clean
-1. ./start_release.sh 1.2.3
+1. ./start_release.sh N.N.N
 1. cd ../../../releases/rust/db_esdk
-1. Create a PR with changes
+1. Create a PR with all changed or added files
 1. cargo publish
 1. cd ../../../DynamoDbEncryption/runtimes/rust/ # i.e. return here
-1. ./test_published.sh
+1. ./test_published.sh N.N.N
diff --git a/DynamoDbEncryption/runtimes/rust/start_release.sh b/DynamoDbEncryption/runtimes/rust/start_release.sh
index ca28d30f5..20e5dbe6e 100755
--- a/DynamoDbEncryption/runtimes/rust/start_release.sh
+++ b/DynamoDbEncryption/runtimes/rust/start_release.sh
@@ -1,11 +1,15 @@
 #!/bin/bash -eu
 
+if [ "$#" -ne 1 ]; then
+    echo 1>&2 "USAGE: start_release.sh N.N.N"
+    exit 1
+fi
+
 cd $( dirname ${BASH_SOURCE[0]} )
 
 REGEX_VERSION='^\d+\.\d+\.\d+$'
-
-echo "$1" | egrep -q $REGEX_VERSION
-if [ $? -ne 0 ]; then
+MATCHES=$(echo "$1" | egrep $REGEX_VERSION | wc -l)
+if [ $MATCHES -eq 0 ]; then
    echo 1>&2 "Version \"$1\" must be N.N.N"
    exit 1
 fi
diff --git a/DynamoDbEncryption/runtimes/rust/test_examples/Cargo.toml b/DynamoDbEncryption/runtimes/rust/test_examples/Cargo.toml
index 021594876..ffe66f515 100644
--- a/DynamoDbEncryption/runtimes/rust/test_examples/Cargo.toml
+++ b/DynamoDbEncryption/runtimes/rust/test_examples/Cargo.toml
@@ -3,14 +3,6 @@ name = "aws-db-esdk-examples"
 version = "0.1.0"
 edition = "2021"
 rust-version = "1.80.0"
-keywords = ["cryptography", "security", "dynamodb", "encryption", "client-side"]
-license = "ISC AND (Apache-2.0 OR ISC)"
-description = "aws-db-esdk is a library for implementing client side encryption with DynamoDB."
-homepage = "https://github.com/aws/aws-database-encryption-sdk-dynamodb/tree/main/releases/rust/db_esdk"
-repository = "https://github.com/aws/aws-database-encryption-sdk-dynamodb/tree/main/releases/rust/db_esdk"
-authors = ["AWS-CryptoTools"]
-documentation = "https://docs.rs/crate/aws-db-esdk"
-readme = "README.md"
 
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
 
diff --git a/DynamoDbEncryption/runtimes/rust/test_published.sh b/DynamoDbEncryption/runtimes/rust/test_published.sh
index 767c43c07..7841817fa 100755
--- a/DynamoDbEncryption/runtimes/rust/test_published.sh
+++ b/DynamoDbEncryption/runtimes/rust/test_published.sh
@@ -1,9 +1,30 @@
 #!/bin/bash -eu
 
+if [ "$#" -ne 1 ]; then
+    echo 1>&2 "USAGE: test_published.sh N.N.N"
+    exit 1
+fi
+
 cd $( dirname ${BASH_SOURCE[0]} )
 
+REGEX_VERSION='^\d+\.\d+\.\d+$'
+
+echo "$1" | egrep -q $REGEX_VERSION
+if [ $? -ne 0 ]; then
+   echo 1>&2 "Version \"$1\" must be N.N.N"
+   exit 1
+fi
+
+VERSION=$1
+
 rm -rf test_examples/src
 cp -r examples test_examples/src/
 cd test_examples
 cargo add aws-db-esdk
+MATCH=$(fgrep "aws-db-esdk = \"$VERSION\"" Cargo.toml | wc -l)
+if [ $MATCH -eq "0" ]; then
+    echo Version $VERSION of aws-db-esdk not the most recent
+    egrep '^aws-db-esdk' Cargo.toml
+    exit 1
+fi
 cargo run