From d9df7849d4dc5356e3b54e15a8e0d2e273327265 Mon Sep 17 00:00:00 2001
From: Doug Chapman <54039637+dougch@users.noreply.github.com>
Date: Wed, 20 Nov 2024 15:37:32 -0800
Subject: [PATCH] ci: Move kTLS test out of GeneralBatch (#4904)

---
 codebuild/spec/buildspec_al2023_ktls.yml  | 26 +++++++++++++++++++++++
 codebuild/spec/buildspec_generalbatch.yml | 14 ------------
 2 files changed, 26 insertions(+), 14 deletions(-)
 create mode 100644 codebuild/spec/buildspec_al2023_ktls.yml

diff --git a/codebuild/spec/buildspec_al2023_ktls.yml b/codebuild/spec/buildspec_al2023_ktls.yml
new file mode 100644
index 00000000000..6b95d5df73b
--- /dev/null
+++ b/codebuild/spec/buildspec_al2023_ktls.yml
@@ -0,0 +1,26 @@
+---
+# This is designed to work with CodeBuild's reserved instances fleet and curated Ec2 AMI for AL2023.
+version: 0.2
+env:
+  variables:
+    NIX_CACHE_BUCKET: "s3://s2n-tls-nixcachebucket-x86-64?region=us-west-2"
+    S2N_KTLS_TESTING_EXPECTED: 1
+phases:
+  install:
+    commands:
+      - yum update -y; yum upgrade -y
+  pre_build:
+    commands:
+      # Nix is installed, but intentionally not setup for root, fix that
+      - cp -aR /home/nix/.nix-profile ~/; chown -R root /root/.nix-profile; export PATH=$HOME/.nix-profile/bin:$PATH
+      # Turn on flakes
+      - mkdir -p ~/.config/nix; echo "experimental-features = nix-command flakes" >> ~/.config/nix/nix.conf
+      # Populate the store from the nix cache
+      - nix copy --from $NIX_CACHE_BUCKET --all  --no-check-sigs
+      # Load the TLS kernel module
+      - sudo modprobe tls
+      - echo "Checking that the TLS kernel mod loaded..."; test $(sudo lsmod|grep -c tls) = 1
+  build:
+    commands:
+      - nix develop .#openssl111 --command bash -c  'source ./nix/shell.sh && clean && configure && unit'
+      - S2N_CMAKE_OPTIONS="-DASAN=ON" nix develop .#openssl111 --command bash -c  'source ./nix/shell.sh && clean && configure && unit'
diff --git a/codebuild/spec/buildspec_generalbatch.yml b/codebuild/spec/buildspec_generalbatch.yml
index 129d242eabb..319ec155212 100644
--- a/codebuild/spec/buildspec_generalbatch.yml
+++ b/codebuild/spec/buildspec_generalbatch.yml
@@ -388,17 +388,3 @@ batch:
         privileged-mode: true
         compute-type: BUILD_GENERAL1_LARGE
         image: 024603541914.dkr.ecr.us-west-2.amazonaws.com/docker:ubuntu22codebuild
-    - identifier: ktls
-      buildspec: codebuild/spec/buildspec_ktls.yml
-      env:
-        compute-type: BUILD_GENERAL1_LARGE
-        image: aws/codebuild/standard:7.0
-        privileged-mode: true
-    - identifier: ktlsASAN
-      buildspec: codebuild/spec/buildspec_ktls.yml
-      env:
-        compute-type: BUILD_GENERAL1_LARGE
-        image: aws/codebuild/standard:7.0
-        privileged-mode: true
-        variables:
-            S2N_CMAKE_OPTIONS: "-DASAN=ON"