aws · josecorella · Jul 3, 2025 · Jul 3, 2025
@@ -6,6 +6,12 @@ on:
   # Run once a day
   schedule:
     - cron: "0 0 * * *"
+  # Add workflow_call trigger
+  workflow_call:
+    # Define any secrets that need to be passed from the caller
+    secrets:
+      CI_AWS_ROLE_ARN:
+        required: true
 
 permissions:
   id-token: write

@@ -1,11 +1,11 @@
 name: AWS CodeBuild Batch Workflow
 
 on:
-  pull_request:
-  push:
-  # Run once a day
-  schedule:
-    - cron: "0 0 * * *"
+  workflow_call:
+    # Define any secrets that need to be passed from the caller
+    secrets:
+      CI_AWS_ROLE_ARN:
+        required: true
 
 permissions:
   id-token: write

@@ -1,11 +1,7 @@
 name: Continuous Integration tests for the decrypt oracle
 
 on:
-  pull_request:
-  push:
-  # Run once a day
-  schedule:
-    - cron: '0 0 * * *'
+  workflow_call:
 
 jobs:
   tests:

@@ -1,11 +1,7 @@
 name: Static analysis checks
 
 on:
-  pull_request:
-  push:
-  # Run once a day
-  schedule:
-    - cron: '0 0 * * *'
+  workflow_call:
 
 jobs:
   analysis:

@@ -1,11 +1,13 @@
 name: Continuous Integration tests for the test vector handler
 
 on:
-  pull_request:
-  push:
-  # Run once a day
-  schedule:
-    - cron: '0 0 * * *'
+  workflow_call:
+    # Define any secrets that need to be passed from the caller
+    secrets:
+      INTEG_AWS_ACCESS_KEY_ID:
+        required: true
+      INTEG_AWS_SECRET_ACCESS_KEY:
+        required: true
 
 jobs:
   tests:

@@ -1,11 +1,7 @@
 name: Continuous Integration tests
 
 on:
-  pull_request:
-  push:
-  # Run once a day
-  schedule:
-    - cron: '0 0 * * *'
+  workflow_call:
 
 env:
   AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID: |

@@ -0,0 +1,39 @@
+# This workflow runs every weekday at 15:00 UTC (8AM PDT)
+name: Daily CI
+
+on:
+  schedule:
+    - cron: "00 15 * * 1-5"
+
+jobs:
+  codebuild_batch:
+    # Don't run the cron builds on forks
+    if: github.event_name != 'schedule' || github.repository_owner == 'aws'
+    uses: ./.github/workflows/ci_codebuild_batch.yml
+    secrets:
+      CI_AWS_ROLE_ARN: ${{ secrets.CI_AWS_ROLE_ARN }}
+  codebuild_tests:
+    # Don't run the cron builds on forks
+    if: github.event_name != 'schedule' || github.repository_owner == 'aws'
+    uses: ./.github/workflows/ci_codebuild-tests.yml
+    secrets:
+      CI_AWS_ROLE_ARN: ${{ secrets.CI_AWS_ROLE_ARN }}
+  decrypt_oracle:
+    # Don't run the cron builds on forks
+    if: github.event_name != 'schedule' || github.repository_owner == 'aws'
+    uses: ./.github/workflows/ci_decrypt-oracle.yaml
+  static_analysis:
+    # Don't run the cron builds on forks
+    if: github.event_name != 'schedule' || github.repository_owner == 'aws'
+    uses: ./.github/workflows/ci_static-analysis.yaml
+  test_vector_handler:
+    # Don't run the cron builds on forks
+    if: github.event_name != 'schedule' || github.repository_owner == 'aws'
+    uses: ./.github/workflows/ci_test-vector-handler.yaml
+    secrets:
+      INTEG_AWS_ACCESS_KEY_ID: ${{ secrets.INTEG_AWS_ACCESS_KEY_ID }}
+      INTEG_AWS_SECRET_ACCESS_KEY: ${{ secrets.INTEG_AWS_SECRET_ACCESS_KEY }}
+  tests:
+    # Don't run the cron builds on forks
+    if: github.event_name != 'schedule' || github.repository_owner == 'aws'
+    uses: ./.github/workflows/ci_tests.yaml
@@ -0,0 +1,45 @@
+name: Pull Request Workflow
+
+on:
+  pull_request:
+
+permissions:
+  id-token: write
+  contents: read
+
+jobs:
+  # Call each workflow with appropriate parameters
+  codebuild_batch:
+    uses: ./.github/workflows/ci_codebuild_batch.yml
+    secrets:
+      CI_AWS_ROLE_ARN: ${{ secrets.CI_AWS_ROLE_ARN }}
+  codebuild_tests:
+    uses: ./.github/workflows/ci_codebuild-tests.yml
+    secrets:
+      CI_AWS_ROLE_ARN: ${{ secrets.CI_AWS_ROLE_ARN }}
+  decrypt_oracle:
+    uses: ./.github/workflows/ci_decrypt-oracle.yaml
+  static_analysis:
+    uses: ./.github/workflows/ci_static-analysis.yaml
+  test_vector_handler:
+    uses: ./.github/workflows/ci_test-vector-handler.yaml
+    secrets:
+      INTEG_AWS_ACCESS_KEY_ID: ${{ secrets.INTEG_AWS_ACCESS_KEY_ID }}
+      INTEG_AWS_SECRET_ACCESS_KEY: ${{ secrets.INTEG_AWS_SECRET_ACCESS_KEY }}
+  tests:
+    uses: ./.github/workflows/ci_tests.yaml
+  pr-ci-all-required:
+    if: always()
+    needs:
+      - codebuild_batch 
+      - codebuild_tests
+      - decrypt_oracle
+      - static_analysis
+      - test_vector_handler
+      - tests
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Verify all required jobs passed
+        uses: re-actors/alls-green@release/v1
+        with:
+          jobs: ${{ toJSON(needs) }}
@@ -0,0 +1,36 @@
+name: Push Workflow
+
+on:
+  push:
+    branches: master
+
+permissions:
+  id-token: write
+  contents: read
+
+jobs:
+  # Call each workflow with appropriate parameters
+  codebuild_batch:
+    uses: ./.github/workflows/ci_codebuild_batch.yml
+    secrets:
+      CI_AWS_ROLE_ARN: ${{ secrets.CI_AWS_ROLE_ARN }}
+
+  codebuild_tests:
+    uses: ./.github/workflows/ci_codebuild-tests.yml
+    secrets:
+      CI_AWS_ROLE_ARN: ${{ secrets.CI_AWS_ROLE_ARN }}
+
+  decrypt_oracle:
+    uses: ./.github/workflows/ci_decrypt-oracle.yaml
+
+  static_analysis:
+    uses: ./.github/workflows/ci_static-analysis.yaml
+
+  test_vector_handler:
+    uses: ./.github/workflows/ci_test-vector-handler.yaml
+    secrets:
+      INTEG_AWS_ACCESS_KEY_ID: ${{ secrets.INTEG_AWS_ACCESS_KEY_ID }}
+      INTEG_AWS_SECRET_ACCESS_KEY: ${{ secrets.INTEG_AWS_SECRET_ACCESS_KEY }}
+
+  tests:
+    uses: ./.github/workflows/ci_tests.yaml