saymrwulf/cryptography
1
0
Fork 0
mirror of https://github.com/saymrwulf/cryptography.git synced 2026-05-14 20:37:55 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

goodbye azure (#5207)

Browse source 
* goodbye azure

* Update tox.ini

Co-Authored-By: Alex Gaynor <alex.gaynor@gmail.com>

* review comments

* update a comment

* delete final azure yaml

* linting

Co-authored-by: Alex Gaynor <alex.gaynor@gmail.com>
This commit is contained in:
Paul Kehrer 2020-04-19 19:32:28 -05:00 committed by GitHub
parent def74d90f1
commit 5526dca15b
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
7 changed files with 9 additions and 149 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

75
.azure-pipelines/wheel-builder.yml
View file

@ -1,75 +0,0 @@
variables:
agent.preferPowerShellOnContainers: true
trigger: none
pr: none
jobs:
- job: 'macOS'
pool:
vmImage: 'macOS-10.14'
strategy:
matrix:
Python27:
python.version: '2.7'
PYTHON_DOWNLOAD_URL: "https://www.python.org/ftp/python/2.7.16/python-2.7.16-macosx10.6.pkg"
PYTHON_BIN_PATH: /Library/Frameworks/Python.framework/Versions/2.7/bin/python
Python3:
python.version: '3.5'
PYTHON_DOWNLOAD_URL: "https://www.python.org/ftp/python/3.7.3/python-3.7.3-macosx10.6.pkg"
PYTHON_BIN_PATH: /Library/Frameworks/Python.framework/Versions/3.7/bin/python3
steps:
- script: |
set -e
set -x
curl "$PYTHON_DOWNLOAD_URL" -o python.pkg
sudo installer -pkg python.pkg -target /
displayName: Download and install Python
- script: brew update
displayName: Update brew
- script: brew upgrade openssl@1.1
displayName: Install OpenSSL with brew
- script: $PYTHON_BIN_PATH -m pip install -U virtualenv
displayName: Install virtualenv
- script: $PYTHON_BIN_PATH -m virtualenv .venv
displayName: Create virtualenv
- script: .venv/bin/pip install -U wheel
displayName: Update wheel to the latest version
- script: .venv/bin/pip install -U pip==10.0.1
displayName: Downgrade pip lol
- script: .venv/bin/pip install cffi six ipaddress "enum34; python_version < '3'"
displayName: Install our Python dependencies
- script: |
set -e
set -x
REGEX="3\.([0-9])*"
if [[ "$PYTHON_VERSION" =~ $REGEX ]]; then
PY_LIMITED_API="--build-option --py-limited-api=cp3${BASH_REMATCH[1]}"
fi
CRYPTOGRAPHY_SUPPRESS_LINK_FLAGS="1" \
LDFLAGS="/usr/local/opt/openssl@1.1/lib/libcrypto.a /usr/local/opt/openssl@1.1/lib/libssl.a" \
CFLAGS="-I/usr/local/opt/openssl@1.1/include -mmacosx-version-min=10.9" \
.venv/bin/pip wheel cryptography==$BUILD_VERSION --wheel-dir=wheelhouse --no-binary cryptography --no-deps $PY_LIMITED_API
displayName: Build the wheel
- script: .venv/bin/pip install --no-index -f wheelhouse cryptography
displayName: Test installing the wheel
- script: |
.venv/bin/python -c "from cryptography.hazmat.backends.openssl.backend import backend;print('Loaded: ' + backend.openssl_version_text());print('Linked Against: ' + backend._ffi.string(backend._lib.OPENSSL_VERSION_TEXT).decode('ascii'))"
displayName: Print the OpenSSL we built and linked against
- script: otool -L `find .venv -name '_openssl*.so'`
displayName: Print everything we link against
- script: lipo -info `find .venv -name '*.so'`
displayName: Print the architectures in our fat mach-o binary
- script: otool -L `find .venv -name '_openssl*.so'` | grep -vG "libcrypto\\|libssl"
displayName: Verify that we did not link against OpenSSL
- task: PublishBuildArtifacts@1
inputs:
pathToPublish: wheelhouse/
artifactName: cryptography-macos-python$(python.version)

2
.travis/install.sh
View file

@ -60,5 +60,5 @@ pip install virtualenv
python -m virtualenv ~/.venv
source ~/.venv/bin/activate
# If we pin coverage it must be kept in sync with tox.ini and azure-pipelines.yml
# If we pin coverage it must be kept in sync with tox.ini and .github/workflows/ci.yml
pip install tox codecov coverage

4
MANIFEST.in
View file

@ -16,8 +16,8 @@ recursive-include tests *.py
exclude vectors
recursive-exclude vectors *
exclude azure-pipelines.yml .azure-pipelines .travis.yml .travis
recursive-exclude .azure-pipelines *
exclude .travis.yml .travis
recursive-exclude .travis *
recursive-exclude .github *
exclude release.py .coveragerc codecov.yml dev-requirements.txt rtd-requirements.txt tox.ini

1
dev-requirements.txt
View file

@ -1,4 +1,3 @@
azure-devops
click
coverage
tox >= 2.4.1

9
docs/doing-a-release.rst
View file

@ -21,11 +21,10 @@ Verifying OpenSSL version
-------------------------
The release process creates wheels bundling OpenSSL for Windows, macOS, and
Linux. Check that the Windows and macOS Azure Pipelines builders have the latest
version of OpenSSL installed and verify that the latest version is present in
both the ``pyca/cryptography-manylinux1`` and
``pyca/cryptography-manylinux2010`` docker containers. If anything is out
of date follow the instructions for upgrading OpenSSL.
Linux. Check that the Windows, macOS, and Linux builders (both
``pyca/cryptography-manylinux1`` and ``pyca/cryptography-manylinux2010``) have
the latest OpenSSL. If anything is out of date follow the instructions for
upgrading OpenSSL.
Upgrading OpenSSL
-----------------

65
release.py
View file

@ -10,17 +10,11 @@ import io
import json
import os
import subprocess
import tempfile
import time
import zipfile
from azure.devops.connection import Connection
from azure.devops.v5_1.build.models import Build
import click
from msrest.authentication import BasicAuthentication
import requests
@ -29,61 +23,6 @@ def run(*args, **kwargs):
subprocess.check_call(list(args), **kwargs)
def wait_for_build_completed_azure(build_client, build_id):
while True:
build = build_client.get_build("cryptography", build_id)
if build.finish_time is not None:
break
time.sleep(3)
def download_artifacts_azure(build_client, build_id):
artifacts = build_client.get_artifacts("cryptography", build_id)
paths = []
for artifact in artifacts:
contents = build_client.get_artifact_content_zip(
"cryptography", build_id, artifact.name
)
with tempfile.NamedTemporaryFile() as f:
for chunk in contents:
f.write(chunk)
f.flush()
with zipfile.ZipFile(f.name) as z:
for name in z.namelist():
if not name.endswith(".whl"):
continue
p = z.open(name)
out_path = os.path.join(
os.path.dirname(__file__),
"dist",
os.path.basename(name),
)
with open(out_path, "wb") as f:
f.write(p.read())
paths.append(out_path)
return paths
def build_wheels_azure(token, version):
credentials = BasicAuthentication("", token)
connection = Connection(
base_url="https://dev.azure.com/pyca", creds=credentials
)
build_client = connection.clients.get_build_client()
[definition] = build_client.get_definitions(
"cryptography", "wheel builder"
)
build_description = Build(
definition=definition,
parameters=json.dumps({"BUILD_VERSION": version}),
)
build = build_client.queue_build(
project="cryptography", build=build_description
)
wait_for_build_completed_azure(build_client, build.id)
return download_artifacts_azure(build_client, build.id)
def wait_for_build_complete_github_actions(session, token, run_url):
while True:
response = session.get(run_url, headers={
@ -173,7 +112,6 @@ def release(version):
"""
``version`` should be a string like '0.4' or '1.0'.
"""
azure_token = getpass.getpass("Azure personal access token: ")
github_token = getpass.getpass("Github person access token: ")
run("git", "tag", "-s", version, "-m", "{0} release".format(version))
@ -188,11 +126,10 @@ def release(version):
)
run("twine", "upload", "-s", *packages)
azure_wheel_paths = build_wheels_azure(azure_token, version)
github_actions_wheel_paths = build_github_actions_wheels(
github_token, version
)
run("twine", "upload", *(azure_wheel_paths, github_actions_wheel_paths))
run("twine", "upload", *github_actions_wheel_paths)
if __name__ == "__main__":

2
tox.ini
View file

@ -8,7 +8,7 @@ extras =
test
idna: idna
deps =
# This must be kept in sync with .travis/install.sh and azure-pipelines.yml
# This must be kept in sync with .travis/install.sh and .github/workflows/ci.yml
coverage
./vectors
randomorder: pytest-randomly