From 8dff2c55863ff6c0b56dc8694eae58651f174382 Mon Sep 17 00:00:00 2001
From: Tianyi Song <42670338+tysg@users.noreply.github.com>
Date: Fri, 4 Mar 2022 14:39:23 +0800
Subject: [PATCH 1/8] DONT MERGE add qemu to untrusted

---
 .github/workflows/untrusted.yml | 3 +++
 Dockerfile                      | 2 +-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/untrusted.yml b/.github/workflows/untrusted.yml
index b611376..78fbfcf 100644
--- a/.github/workflows/untrusted.yml
+++ b/.github/workflows/untrusted.yml
@@ -9,6 +9,9 @@ jobs:
   test:
     runs-on: ubuntu-latest
     steps:
+      -
+        name: Set up QEMU
+        uses: docker/setup-qemu-action@v1
       - uses: actions/checkout@v1
       - name: Test
         run: make test
\ No newline at end of file
diff --git a/Dockerfile b/Dockerfile
index 71a7ead..5d7ca67 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-FROM public.ecr.aws/lambda/provided:al2
+FROM public.ecr.aws/lambda/provided:al2-arm64
 
 ARG RUST_VERSION=1.58.1
 RUN yum install -y jq openssl-devel gcc zip

From 244f01524d34d3520498d39fde18f4cee16d68dc Mon Sep 17 00:00:00 2001
From: Tianyi Song <42670338+tysg@users.noreply.github.com>
Date: Fri, 4 Mar 2022 14:56:11 +0800
Subject: [PATCH 2/8] If this fails then the previous commit has worked

---
 .github/workflows/untrusted.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/untrusted.yml b/.github/workflows/untrusted.yml
index 78fbfcf..539cefd 100644
--- a/.github/workflows/untrusted.yml
+++ b/.github/workflows/untrusted.yml
@@ -9,9 +9,9 @@ jobs:
   test:
     runs-on: ubuntu-latest
     steps:
-      -
-        name: Set up QEMU
-        uses: docker/setup-qemu-action@v1
+      # -
+      #   name: Set up QEMU
+      #   uses: docker/setup-qemu-action@v1
       - uses: actions/checkout@v1
       - name: Test
         run: make test
\ No newline at end of file

From 66becca8d1ae0c7dfc5440f79136ef9b4efc6b13 Mon Sep 17 00:00:00 2001
From: Tianyi Song <42670338+tysg@users.noreply.github.com>
Date: Fri, 4 Mar 2022 15:01:07 +0800
Subject: [PATCH 3/8] Add build step to untrusted workflow

---
 .github/workflows/untrusted.yml | 2 ++
 Dockerfile                      | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/untrusted.yml b/.github/workflows/untrusted.yml
index 539cefd..394f293 100644
--- a/.github/workflows/untrusted.yml
+++ b/.github/workflows/untrusted.yml
@@ -13,5 +13,7 @@ jobs:
       #   name: Set up QEMU
       #   uses: docker/setup-qemu-action@v1
       - uses: actions/checkout@v1
+      - name: Build
+        run: make build-arm64
       - name: Test
         run: make test
\ No newline at end of file
diff --git a/Dockerfile b/Dockerfile
index 5d7ca67..71a7ead 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-FROM public.ecr.aws/lambda/provided:al2-arm64
+FROM public.ecr.aws/lambda/provided:al2
 
 ARG RUST_VERSION=1.58.1
 RUN yum install -y jq openssl-devel gcc zip

From 1fd001ac1f8829cd3d8ee290cfdddf7b1a8fdb26 Mon Sep 17 00:00:00 2001
From: Tianyi Song <42670338+tysg@users.noreply.github.com>
Date: Fri, 4 Mar 2022 15:02:22 +0800
Subject: [PATCH 4/8] Test building with QEMU

---
 .github/workflows/untrusted.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/untrusted.yml b/.github/workflows/untrusted.yml
index 394f293..5e0b0af 100644
--- a/.github/workflows/untrusted.yml
+++ b/.github/workflows/untrusted.yml
@@ -9,9 +9,9 @@ jobs:
   test:
     runs-on: ubuntu-latest
     steps:
-      # -
-      #   name: Set up QEMU
-      #   uses: docker/setup-qemu-action@v1
+      -
+        name: Set up QEMU
+        uses: docker/setup-qemu-action@v1
       - uses: actions/checkout@v1
       - name: Build
         run: make build-arm64

From b02797ebd5b83f94deac87b4a38d97d87f9d05f0 Mon Sep 17 00:00:00 2001
From: Tianyi Song <42670338+tysg@users.noreply.github.com>
Date: Fri, 4 Mar 2022 15:06:06 +0800
Subject: [PATCH 5/8] Let test run with arm64 image

---
 tests/test.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/test.sh b/tests/test.sh
index 95bd9dc..92cccbd 100755
--- a/tests/test.sh
+++ b/tests/test.sh
@@ -2,7 +2,7 @@
 
 # Directory of the integration test
 HERE="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
-: "${IMAGE:=rustserverless/lambda-rust}"
+: "${IMAGE:=rustserverless/lambda-rust:lastest-arm64}"
 
 source "${HERE}"/bashtest.sh
 

From d03ff5c54c6ef301bf29637c0e386f52c890c968 Mon Sep 17 00:00:00 2001
From: Tianyi Song <42670338+tysg@users.noreply.github.com>
Date: Fri, 4 Mar 2022 15:12:55 +0800
Subject: [PATCH 6/8] Correct spelling

---
 tests/test.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/test.sh b/tests/test.sh
index 92cccbd..65abeb8 100755
--- a/tests/test.sh
+++ b/tests/test.sh
@@ -2,7 +2,7 @@
 
 # Directory of the integration test
 HERE="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
-: "${IMAGE:=rustserverless/lambda-rust:lastest-arm64}"
+: "${IMAGE:=rustserverless/lambda-rust:latest-arm64}"
 
 source "${HERE}"/bashtest.sh
 

From f49da2982f0f9f280ec5412ef08484c7b5f5adaf Mon Sep 17 00:00:00 2001
From: Tianyi Song <42670338+tysg@users.noreply.github.com>
Date: Fri, 4 Mar 2022 17:18:53 +0800
Subject: [PATCH 7/8] Skip `make test` on arm64

---
 .github/workflows/main.yml      | 12 ++++++++----
 .github/workflows/release.yml   |  6 ++++--
 .github/workflows/untrusted.yml |  5 ++---
 tests/test.sh                   |  2 +-
 4 files changed, 15 insertions(+), 10 deletions(-)

diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index a8f7d7f..983973e 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -30,22 +30,26 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v1
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v1
       - name: Build
         shell: bash
-        run: make build
+        run: make build && make build-arm64
       - name: Test
-        run: make test
+        run: make test 
   publish:
     needs: [scan, test]
     if: github.repository == 'rust-serverless/lambda-rust'
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v1
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v1
       - name: Build
         shell: bash
-        run: make build
+        run: make build && make build-arm64
       - name: Publish Latest
         shell: bash
         run: |
           echo "${{ secrets.DOCKER_PASSWORD }}" | docker login -u "${{ secrets.DOCKER_USERNAME }}" --password-stdin
-          make publish
+          make publish && make publish-arm64
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index fbe6d4c..585c425 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -21,11 +21,13 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v1
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v1
       - name: Build
         shell: bash
-        run: make build
+        run: make build && make build-arm64
       - name: Publish
         shell: bash
         run: |
           echo "${{ secrets.DOCKER_PASSWORD }}" | docker login -u "${{ secrets.DOCKER_USERNAME }}" --password-stdin
-          make publish-tag
+          make publish-tag && make publish-tag-arm64
diff --git a/.github/workflows/untrusted.yml b/.github/workflows/untrusted.yml
index 5e0b0af..15c9604 100644
--- a/.github/workflows/untrusted.yml
+++ b/.github/workflows/untrusted.yml
@@ -9,11 +9,10 @@ jobs:
   test:
     runs-on: ubuntu-latest
     steps:
-      -
-        name: Set up QEMU
+      - name: Set up QEMU
         uses: docker/setup-qemu-action@v1
       - uses: actions/checkout@v1
       - name: Build
-        run: make build-arm64
+        run: make build && make build-arm64
       - name: Test
         run: make test
\ No newline at end of file
diff --git a/tests/test.sh b/tests/test.sh
index 65abeb8..95bd9dc 100755
--- a/tests/test.sh
+++ b/tests/test.sh
@@ -2,7 +2,7 @@
 
 # Directory of the integration test
 HERE="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
-: "${IMAGE:=rustserverless/lambda-rust:latest-arm64}"
+: "${IMAGE:=rustserverless/lambda-rust}"
 
 source "${HERE}"/bashtest.sh
 

From 28cca1c705333bfed1345e33192b7f0d3016cc75 Mon Sep 17 00:00:00 2001
From: Tianyi Song <42670338+tysg@users.noreply.github.com>
Date: Fri, 4 Mar 2022 17:30:51 +0800
Subject: [PATCH 8/8] Scan the arm64 image for vulnerability too

---
 .github/workflows/main.yml | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 983973e..ead5f09 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -10,13 +10,15 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v1
+    - name: Set up QEMU
+      uses: docker/setup-qemu-action@v1
     - name: Build
       env:
         REPO: ${{ github.repository }}
       shell: bash
       run: |
         echo "docker_repo=${{ env.REPO }}" >> $GITHUB_ENV
-        make build
+        make build && make build-arm64
     - name: Trivy vulnerability scanner
       uses: aquasecurity/trivy-action@0.0.20
       with:
@@ -26,6 +28,15 @@ jobs:
         ignore-unfixed: true
         vuln-type: 'os,library'
         severity: 'CRITICAL,HIGH'
+    - name: Trivy vulnerability scanner on arm64 image
+      uses: aquasecurity/trivy-action@0.0.20
+      with:
+        image-ref: '${{ env.docker_repo }}:latest-arm64'
+        format: 'table'
+        exit-code: '1'
+        ignore-unfixed: true
+        vuln-type: 'os,library'
+        severity: 'CRITICAL,HIGH'
   test:
     runs-on: ubuntu-latest
     steps: