aws · lucasmcdonald3 · Feb 17, 2026 · Feb 10, 2026 · Feb 10, 2026 · Feb 11, 2026
@@ -1,24 +1,30 @@
 # This workflow runs every weekday at 15:00 UTC (8AM PDT)
 name: Daily CI
 
+permissions:
+  contents: read
+
 on:
   schedule:
     - cron: "00 15 * * 1-5"
-
-permissions:
-  contents: read
+  pull_request:
+    paths:
+      - .github/workflows/daily_ci.yml
 
 jobs:
   codebuild:
-    if: github.event_name != 'schedule' || github.repository_owner == 'aws'
+    if: github.event_name == 'pull_request' || github.repository_owner == 'aws'
+    permissions:
+      contents: read
+      id-token: write
     uses: ./.github/workflows/codebuild.yml
     secrets: inherit
   notify:
     needs:
       [
         codebuild,
       ]
-    if: ${{ failure() }}
+    if: ${{ failure() && github.event_name == 'schedule' }}
     uses: aws/aws-cryptographic-material-providers-library/.github/workflows/slack-notification.yml@main
     with:
       message: "Daily CI failed on `${{ github.repository }}`. View run: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"

@@ -9,7 +9,7 @@ on:
 # USAGE
 #
 # If you need to use different versions for tools like CBMC, modify this file:
-# .github/workflows/proof_ci_resources/config.yaml
+# .github/workflows/proof_ci_resources/config.yml
 #
 # If you want the CI to use a different GitHub-hosted runner (which must still
 # be running Ubuntu 20.04), modify the value of this key:
@@ -30,7 +30,7 @@ jobs:
           submodules: 'recursive'
       - name: Parse config file
         run: |
-          CONFIG_FILE='.github/workflows/proof_ci_resources/config.yaml'
+          CONFIG_FILE='.github/workflows/proof_ci_resources/config.yml'
           for setting in cadical-tag cbmc-version cbmc-viewer-version kissat-tag litani-version proofs-dir run-cbmc-proofs-command; do
             VAR=$(echo $setting | tr "[:lower:]" "[:upper:]" | tr - _)
             echo "${VAR}"=$(yq .$setting $CONFIG_FILE) >> $GITHUB_ENV

@@ -19,7 +19,7 @@ jobs:
     uses: ./.github/workflows/osx.yml
     secrets: inherit
   proof-ci:
-    uses: ./.github/workflows/proof_ci.yaml
+    uses: ./.github/workflows/proof_ci.yml
     secrets: inherit
   pr-ci-all-required:
     if: always()

@@ -12,11 +12,14 @@ jobs:
     uses: ./.github/workflows/clang-format.yml
     secrets: inherit
   codebuild:
+    permissions:
+      contents: read
+      id-token: write
     uses: ./.github/workflows/codebuild.yml
     secrets: inherit
   osx:
     uses: ./.github/workflows/osx.yml
     secrets: inherit
   proof-ci:
-    uses: ./.github/workflows/proof_ci.yaml
+    uses: ./.github/workflows/proof_ci.yml
     secrets: inherit
@@ -1,14 +1,14 @@
 test_vectors: *.cpp *.h
 	g++ -g -ggdb --std=c++17 -o test_vectors -I../../include/ \
+	-Wl,-rpath,../../build-aws-encryption-sdk-c/Debug/ \
+	-Wl,-rpath,../../build-aws-encryption-sdk-c/aws-encryption-sdk-cpp/Debug/ \
+	-Wl,-rpath,../../install/lib/ \
 	base64.cpp do_decrypt.cpp do_encrypt.cpp parse_encrypt.cpp parse_keys.cpp test_vectors.cpp \
 	-I/opt/homebrew/include/ -L/opt/homebrew/lib/ \
 	-I../../install/include/ -L../../install/lib/ -I ../../aws-encryption-sdk-cpp/include/ \
 	../../build-aws-encryption-sdk-c/Debug/libaws-encryption-sdk.dylib \
 	../../build-aws-encryption-sdk-c/aws-encryption-sdk-cpp/Debug/libaws-encryption-sdk-cpp.dylib \
 	-laws-cpp-sdk-core -laws-cpp-sdk-kms -laws-c-common -lcrypto
-	install_name_tool -add_rpath ../../build-aws-encryption-sdk-c/Debug/ test_vectors
-	install_name_tool -add_rpath ../../build-aws-encryption-sdk-c/aws-encryption-sdk-cpp/Debug/ test_vectors
-	install_name_tool -add_rpath ../../install/lib/ test_vectors
 
 test_vectors_unix: *.cpp *.h
 	g++ -g -ggdb --std=c++17 -o test_vectors -I../../include/ \