Canary refactor (#708)

bretambrose · Bret Ambrose · web-flow · commit a5f4081a3f6d · 2026-01-14T11:03:53.000-08:00
Co-authored-by: Bret Ambrose &lt;bambrose@amazon.com&gt;
diff --git a/codebuild/mqtt5-python-canary-test.sh b/codebuild/mqtt5-python-canary-test.sh
@@ -9,6 +9,5 @@ git submodule update --init
 # build package
 cd $CODEBUILD_SRC_DIR
 
-export AWS_TEST_S3=YES
 python -m pip install --verbose .
-python codebuild/CanaryWrapper.py --canary_executable 'python test/mqtt5_canary.py' --git_hash ${GIT_HASH} --git_repo_name $PACKAGE_NAME --codebuild_log_path $CODEBUILD_LOG_PATH
+python codebuild/CanaryWrapper.py --canary_executable 'python test/mqtt5_canary.py' --git_hash ${GIT_HASH} --git_repo_name $PACKAGE_NAME --ticket_item "IoT SDK for Python" --cloudwatch_namespace mqtt5_canary
diff --git a/codebuild/mqtt5-python-canary-test.yml b/codebuild/mqtt5-python-canary-test.yml
@@ -4,7 +4,7 @@ version: 0.2
 env:
   shell: bash
   variables:
-    CANARY_DURATION: 25200
+    CANARY_DURATION: 300
     CANARY_THREADS: 3
     CANARY_TPS: 50
     CANARY_CLIENT_COUNT: 10
@@ -24,13 +24,39 @@ phases:
   pre_build:
     commands:
       - export CC=gcc-7
+      # Retrieve the private key from Secrets Manager
+      - DEPLOY_KEY=$(aws secretsmanager get-secret-value --secret-id Aws-crt-canaries-deploy-key --query SecretString --output text)
+
+      # Set up SSH configuration
+      - mkdir -p ~/.ssh
+      - echo "$DEPLOY_KEY" > ~/.ssh/id_rsa
+      - chmod 600 ~/.ssh/id_rsa
+
+      # Add GitHub to known hosts to avoid host verification prompt
+      - ssh-keyscan -H github.com >> ~/.ssh/known_hosts
+
+      # Configure SSH to use the key for GitHub
+      - |
+        cat > ~/.ssh/config << EOF
+        Host github.com
+          HostName github.com
+          User git
+          IdentityFile ~/.ssh/id_rsa
+          StrictHostKeyChecking no
+        EOF
+      - chmod 600 ~/.ssh/config
   build:
     commands:
       - echo Build started on `date`
+      # pull and copy canary scripts
+      - git clone git@github.com:awslabs/aws-crt-canaries.git
+      - cp aws-crt-canaries/source/mqtt5/*.py ./codebuild
       - source ./codebuild/mqtt5_test_setup.sh s3://aws-crt-test-stuff/TestIotProdMQTT5EnvironmentVariables.txt us-east-1
       - export ENDPOINT=$(aws secretsmanager get-secret-value --secret-id "$CANARY_SERVER_ARN" --query "SecretString" | cut -f2 -d":" | sed -e 's/[\\\"\}]//g')
       - export GIT_HASH=$(git rev-parse HEAD)
       - $CODEBUILD_SRC_DIR/codebuild/mqtt5-python-canary-test.sh
   post_build:
     commands:
       - echo Build completed on `date`
+      # Clean up SSH keys for security
+      - rm -rf ~/.ssh/id_rsa ~/.ssh/config
