Update from upstream - 2026-03-18

Author: lambda-tooling+rie

.github/workflows/check-binaries.yml

@@ -0,0 +1,85 @@
+name: Check binaries
+
+on: 
+  workflow_dispatch:
+  schedule:
+   - cron: "0 16 * * 1-5"  # min h d Mo DoW / 9am PST M-F
+
+permissions:
+  issues: write
+
+jobs:
+  check-for-vulnerabilities:
+    runs-on: ubuntu-latest
+    outputs:
+      report_contents: ${{ steps.save-output.outputs.report_contents }}
+    steps:
+      - name: Setup python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.11'
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          ref: main
+      - name: Download latest release
+        uses: robinraju/release-downloader@v1.10
+        with:
+          latest: true
+          fileName: 'aws-lambda-rie*'
+          out-file-path: "bin"
+      - name: Run check for vulnerabilities
+        id: check-binaries
+        run: |
+          make check-binaries
+      - if: always() && failure()   # `always()` to run even if the previous step failed. Failure means that there are vulnerabilities
+        name: Save content of the vulnerabilities report as GitHub output
+        id: save-output
+        run: |
+          report_csv="$(ls -tr output.cve-bin-*.csv 2>/dev/null | tail -n1)"   # last file generated
+          if [ -z "$report_csv" ]; then
+            echo "No file with vulnerabilities. Probably a failure in previous step."
+          else
+            echo "Vulnerabilities stored in $report_csv"
+          fi
+          final_report="${report_csv}.txt"
+          awk -F',' '{n=split($10, path, "/"); print $2,$3,$4,$5,path[n]}' "$report_csv" | column -t > "$final_report"   # make the CSV nicer
+          echo "report_contents<<EOF" >> "$GITHUB_OUTPUT"
+          cat "$final_report"         >> "$GITHUB_OUTPUT"
+          echo "EOF"                  >> "$GITHUB_OUTPUT"
+      - if: always() && steps.save-output.outputs.report_contents
+        name: Build new binaries and check vulnerabilities again
+        id: check-new-version
+        run: |
+          mkdir ./bin2
+          mv ./bin/* ./bin2
+          make compile-with-docker-all
+          latest_version=$(strings bin/aws-lambda-rie* | grep '^go1\.' | sort | uniq)
+          echo "latest_version=$latest_version" >> "$GITHUB_OUTPUT"
+          make check-binaries
+      - if: always() && steps.save-output.outputs.report_contents
+        name: Save outputs for the check with the latest build
+        id: save-new-version
+        run: |
+          if [ "${{ steps.check-new-version.outcome }}" == "failure" ]; then
+            fixed="No"
+          else
+            fixed="Yes"
+          fi
+          echo "fixed=$fixed" >> "$GITHUB_OUTPUT"
+      - if: always() && steps.save-output.outputs.report_contents
+        name: Create GitHub Issue indicating vulnerabilities
+        id: create-issue
+        uses: dacbd/create-issue-action@main
+        with:
+          token: ${{ github.token }}
+          title: |
+            CVEs found in latest RIE release
+          body: |
+            ###  CVEs found in latest RIE release
+            ```
+            ${{ steps.save-output.outputs.report_contents }}
+            ```
+            
+            #### Are these resolved by building with the latest patch version of Go (${{ steps.check-new-version.outputs.latest_version }})?:
+            > **${{ steps.save-new-version.outputs.fixed }}**

.github/workflows/integ-tests.yml

@@ -0,0 +1,53 @@
+name: Run Integration Tests
+
+on:
+  pull_request:
+    branches:
+      - develop
+      - main
+
+permissions:
+  contents: read
+
+jobs:
+  go-tests:
+    runs-on: ubuntu-latest
+    environment:
+      name: integ-tests
+    steps:
+        - uses: actions/checkout@v4
+        - name: run go tests
+          run: make tests-with-docker
+  integ-tests-x86:
+    runs-on: ubuntu-latest
+    environment:
+      name: integ-tests
+    steps:
+        - uses: actions/checkout@v4
+        - uses: actions/setup-python@v5
+          with:
+            python-version: '3.11'
+        - name: run integration tests
+          run: make integ-tests-with-docker-x86-64
+  integ-tests-arm64:
+    runs-on: ubuntu-latest
+    environment:
+      name: integ-tests
+    steps:
+        - uses: actions/checkout@v4
+        - uses: actions/setup-python@v5
+          with:
+            python-version: '3.11'
+        - name: run integration tests
+          run: make integ-tests-with-docker-arm64
+  integ-tests-old:
+    runs-on: ubuntu-latest
+    environment:
+      name: integ-tests
+    steps:
+        - uses: actions/checkout@v4
+        - uses: actions/setup-python@v5
+          with:
+            python-version: '3.11'
+        - name: run integration tests
+          run: make integ-tests-with-docker-old

.github/workflows/release.yml

@@ -0,0 +1,44 @@
+name: Release
+
+on:
+  workflow_dispatch:
+    inputs:
+      releaseVersion:
+        description: "Version to use for the release."
+        required: true
+        default: "X.Y"
+      releaseBody:
+        description: "Information about the release"
+        required: true
+        default: "New release"
+permissions:
+  contents: write
+
+jobs:
+  Release:
+    environment: Release
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          ref: main
+      - name: Set up python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.11'
+      - name: Build
+        run: make compile-with-docker-all
+      - name: Run Integ Tests
+        run: |
+          make tests-with-docker
+          make integ-tests
+      - name: Release
+        uses: softprops/action-gh-release@v2
+        with:
+          name: Release ${{ github.event.inputs.releaseVersion }}
+          tag_name: v${{ github.event.inputs.releaseVersion }}
+          body: ${{ github.event.inputs.releaseBody }}
+          files: |
+            bin/aws-lambda-rie
+            bin/aws-lambda-rie-arm64
+            bin/aws-lambda-rie-x86_64

.github/workflows/validate-branch-into-main.yaml

@@ -0,0 +1,20 @@
+name: Validate PR Branch into Main 
+
+on:
+  pull_request:
+    branches:
+      - main
+
+jobs:
+  validate-pr-branch:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check source branch
+        run: |
+          SOURCE_BRANCH="${{ github.head_ref }}"
+          if [[ "$SOURCE_BRANCH" != "develop" ]]; then
+            echo "Error: Only pull requests from develop branch are allowed into main"
+            echo "Current source branch ($SOURCE_BRANCH)."
+            exit 1
+          fi
+          echo "Source branch is develop - merge allowed"

.gitignore

@@ -0,0 +1,9 @@
+/pkg
+/build
+/bin
+*.swp
+*.iml
+tags
+.idea
+.DS_Store
+.venv

CODE_OF_CONDUCT.md

@@ -0,0 +1,4 @@
+## Code of Conduct
+This project has adopted the [Amazon Open Source Code of Conduct](https://aws.github.io/code-of-conduct).
+For more information see the [Code of Conduct FAQ](https://aws.github.io/code-of-conduct-faq) or contact
+opensource-codeofconduct@amazon.com with any additional questions or comments.

CONTRIBUTING.md

@@ -0,0 +1,61 @@
+# Contributing Guidelines
+
+Thank you for your interest in contributing to our project. Whether it's a bug report, new feature, correction, or additional
+documentation, we greatly value feedback and contributions from our community.
+
+Please read through this document before submitting any issues or pull requests to ensure we have all the necessary
+information to effectively respond to your bug report or contribution.
+
+
+## Reporting Bugs/Feature Requests
+
+We welcome you to use the GitHub issue tracker to report bugs or suggest features.
+
+When filing an issue, please check existing open, or recently closed, issues to make sure somebody else hasn't already
+reported the issue. Please try to include as much information as you can. Details like these are incredibly useful:
+
+* A reproducible test case or series of steps
+* The version of our code being used
+* Any modifications you've made relevant to the bug
+* Anything unusual about your environment or deployment
+
+
+## Contributing via Pull Requests
+This repository contains the source code and examples for the Runtime Interface Emulator. We will accept pull requests on documentation, examples, bug fixes and the Dockerfiles. We will also accept pull requests, issues and feedback on improvements to the Runtime Interface Emulator. However, our priority will be to maintain fidelity with AWS Lambda’s Runtime Interface on the cloud. 
+
+Contributions via pull requests are much appreciated. Before sending us a pull request, please ensure that:
+
+1. You are working against the latest source on the *main* branch.
+2. You check existing open, and recently merged, pull requests to make sure someone else hasn't addressed the problem already.
+3. You open an issue to discuss any significant work - we would hate for your time to be wasted.
+
+To send us a pull request, please:
+
+1. Fork the repository.
+2. Modify the source; please focus on the specific change you are contributing. If you also reformat all the code, it will be hard for us to focus on your change.
+3. Ensure local tests pass through `make integ-tests-and-compile`
+4. Commit to your fork using clear commit messages.
+5. Send us a pull request, answering any default questions in the pull request interface.
+6. Pay attention to any automated CI failures reported in the pull request, and stay involved in the conversation.
+
+GitHub provides additional document on [forking a repository](https://help.github.com/articles/fork-a-repo/) and
+[creating a pull request](https://help.github.com/articles/creating-a-pull-request/).
+
+
+## Finding contributions to work on
+Looking at the existing issues is a great way to find something to contribute on. As our projects, by default, use the default GitHub issue labels (enhancement/bug/duplicate/help wanted/invalid/question/wontfix), looking at any 'help wanted' issues is a great place to start.
+
+
+## Code of Conduct
+This project has adopted the [Amazon Open Source Code of Conduct](https://aws.github.io/code-of-conduct).
+For more information see the [Code of Conduct FAQ](https://aws.github.io/code-of-conduct-faq) or contact
+opensource-codeofconduct@amazon.com with any additional questions or comments.
+
+
+## Security issue notifications
+If you discover a potential security issue in this project we ask that you notify AWS/Amazon Security via our [vulnerability reporting page](http://aws.amazon.com/security/vulnerability-reporting/). Please do **not** create a public github issue.
+
+
+## Licensing
+
+See the [LICENSE](LICENSE) file for our project's licensing. We will ask you to confirm the licensing of your contribution.