mirror of
https://github.com/saymrwulf/cryptography.git
synced 2026-05-14 20:37:55 +00:00
1cc4a6e786
* Add LibreSSL 3.5.0 to CI
* Add LibreSSL 3.5.0 guard
* Expose FIPS functions in LibreSSL 3.5.0+
* Expose DH API in LibreSSL 3.5.0+
* Expose SSL_get0_verified_chain and SSL_CTX_{set,get}_keylog_callback in LibreSSL 3.5.0+
* Fix SSL_CTX_{set,get}_keylog_callback guard
* Add missing CRYPTOGRAPHY_LIBRESSL_LESS_THAN_350 symbol
* Fix SSL_CTX_{set,get}_keylog_callback guard again
* Condense LibreSSL 3.5.0 defines
* Kick CircleCI
555 lines
21 KiB
YAML
555 lines
21 KiB
YAML
name: CI
|
|
on:
|
|
pull_request: {}
|
|
push:
|
|
branches:
|
|
- main
|
|
- '*.*.x'
|
|
tags:
|
|
- '*.*'
|
|
- '*.*.*'
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
concurrency:
|
|
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }}
|
|
cancel-in-progress: true
|
|
|
|
|
|
jobs:
|
|
linux:
|
|
runs-on: ubuntu-latest
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
PYTHON:
|
|
- {VERSION: "3.9", TOXENV: "flake", COVERAGE: "false"}
|
|
- {VERSION: "3.9", TOXENV: "rust", COVERAGE: "false"}
|
|
- {VERSION: "3.9", TOXENV: "docs", COVERAGE: "false"}
|
|
- {VERSION: "pypy-3.7", TOXENV: "pypy3-nocoverage", COVERAGE: "false"}
|
|
- {VERSION: "pypy-3.8", TOXENV: "pypy3-nocoverage", COVERAGE: "false"}
|
|
- {VERSION: "3.9", TOXENV: "py39", OPENSSL: {TYPE: "openssl", VERSION: "1.1.0l"}}
|
|
- {VERSION: "3.9", TOXENV: "py39", OPENSSL: {TYPE: "openssl", VERSION: "1.1.1m"}}
|
|
- {VERSION: "3.9", TOXENV: "py39-ssh", OPENSSL: {TYPE: "openssl", VERSION: "1.1.1m"}}
|
|
- {VERSION: "3.9", TOXENV: "py39", OPENSSL: {TYPE: "openssl", VERSION: "1.1.1m", CONFIG_FLAGS: "no-engine no-rc2 no-srtp no-ct"}}
|
|
- {VERSION: "3.9", TOXENV: "py39", OPENSSL: {TYPE: "openssl", VERSION: "3.0.1"}}
|
|
- {VERSION: "3.9", TOXENV: "py39", TOXARGS: "--enable-fips=1", OPENSSL: {TYPE: "openssl", CONFIG_FLAGS: "enable-fips", VERSION: "3.0.1"}}
|
|
- {VERSION: "3.9", TOXENV: "py39", OPENSSL: {TYPE: "libressl", VERSION: "3.1.5"}}
|
|
- {VERSION: "3.9", TOXENV: "py39", OPENSSL: {TYPE: "libressl", VERSION: "3.2.7"}}
|
|
- {VERSION: "3.9", TOXENV: "py39", OPENSSL: {TYPE: "libressl", VERSION: "3.3.5"}}
|
|
- {VERSION: "3.9", TOXENV: "py39", OPENSSL: {TYPE: "libressl", VERSION: "3.4.2"}}
|
|
- {VERSION: "3.9", TOXENV: "py39", OPENSSL: {TYPE: "libressl", VERSION: "3.5.0"}}
|
|
- {VERSION: "3.10", TOXENV: "py310"}
|
|
- {VERSION: "3.11-dev", TOXENV: "py311"}
|
|
- {VERSION: "3.10", TOXENV: "py310-randomorder"}
|
|
# Latest commit on the master branch, as of February 28, 2022.
|
|
- {VERSION: "3.10", TOXENV: "py310", OPENSSL: {TYPE: "boringssl", VERSION: "81502beeddc5f116d44d0898c6c4a33057198db8"}}
|
|
RUST:
|
|
- stable
|
|
name: "${{ matrix.PYTHON.TOXENV }} ${{ matrix.PYTHON.OPENSSL.TYPE }} ${{ matrix.PYTHON.OPENSSL.VERSION }} ${{ matrix.PYTHON.TOXARGS }} ${{ matrix.PYTHON.OPENSSL.CONFIG_FLAGS }}"
|
|
timeout-minutes: 15
|
|
steps:
|
|
- uses: actions/checkout@v2.4.0
|
|
timeout-minutes: 3
|
|
with:
|
|
persist-credentials: false
|
|
- name: Setup python
|
|
id: setup-python
|
|
uses: actions/setup-python@v3.0.0
|
|
with:
|
|
python-version: ${{ matrix.PYTHON.VERSION }}
|
|
- uses: actions/cache@v2.1.7
|
|
timeout-minutes: 5
|
|
with:
|
|
path: |
|
|
~/.cache/pip/
|
|
~/.cargo/bin/
|
|
~/.cargo/registry/index/
|
|
~/.cargo/registry/cache/
|
|
~/.cargo/registry/src/
|
|
~/.cargo/git/db/
|
|
src/rust/target/
|
|
key: ${{ runner.os }}-${{ steps.setup-python.outputs.python-version }}-cargo-3-${{ hashFiles('**/Cargo.lock') }}
|
|
|
|
- uses: actions-rs/toolchain@v1.0.7
|
|
with:
|
|
profile: minimal
|
|
toolchain: ${{ matrix.RUST }}
|
|
override: true
|
|
default: true
|
|
- uses: actions/checkout@v2.4.0
|
|
timeout-minutes: 3
|
|
with:
|
|
repository: "google/wycheproof"
|
|
path: "wycheproof"
|
|
ref: "master"
|
|
- run: python -m pip install tox requests coverage
|
|
- name: Compute config hash and set config vars
|
|
run: |
|
|
DEFAULT_CONFIG_FLAGS="shared no-ssl2 no-ssl3"
|
|
CONFIG_FLAGS="$DEFAULT_CONFIG_FLAGS $CONFIG_FLAGS"
|
|
CONFIG_HASH=$(echo "$CONFIG_FLAGS" | sha1sum | sed 's/ .*$//')
|
|
echo "CONFIG_FLAGS=${CONFIG_FLAGS}" >> $GITHUB_ENV
|
|
echo "CONFIG_HASH=${CONFIG_HASH}" >> $GITHUB_ENV
|
|
echo "OSSL_INFO=${{ matrix.PYTHON.OPENSSL.TYPE }}-${{ matrix.PYTHON.OPENSSL.VERSION }}-${CONFIG_FLAGS}" >> $GITHUB_ENV
|
|
echo "OSSL_PATH=${{ github.workspace }}/osslcache/${{ matrix.PYTHON.OPENSSL.TYPE }}-${{ matrix.PYTHON.OPENSSL.VERSION }}-${CONFIG_HASH}" >> $GITHUB_ENV
|
|
env:
|
|
CONFIG_FLAGS: ${{ matrix.PYTHON.OPENSSL.CONFIG_FLAGS }}
|
|
if: matrix.PYTHON.OPENSSL
|
|
- name: Load cache
|
|
uses: actions/cache@v2.1.7
|
|
id: ossl-cache
|
|
timeout-minutes: 5
|
|
with:
|
|
path: ${{ github.workspace }}/osslcache
|
|
# When altering the openssl build process you may need to increment the value on the end of this cache key
|
|
# so that you can prevent it from fetching the cache and skipping the build step.
|
|
key: ${{ matrix.PYTHON.OPENSSL.TYPE }}-${{ matrix.PYTHON.OPENSSL.VERSION }}-${{ env.CONFIG_HASH }}-2
|
|
if: matrix.PYTHON.OPENSSL
|
|
- name: Build custom OpenSSL/LibreSSL
|
|
run: .github/workflows/build_openssl.sh
|
|
env:
|
|
TYPE: ${{ matrix.PYTHON.OPENSSL.TYPE }}
|
|
VERSION: ${{ matrix.PYTHON.OPENSSL.VERSION }}
|
|
if: matrix.PYTHON.OPENSSL && steps.ossl-cache.outputs.cache-hit != 'true'
|
|
- name: Set CFLAGS/LDFLAGS
|
|
run: |
|
|
echo "CFLAGS=${CFLAGS} -Werror=implicit-function-declaration -I${OSSL_PATH}/include" >> $GITHUB_ENV
|
|
echo "LDFLAGS=${LDFLAGS} -L${OSSL_PATH}/lib -L${OSSL_PATH}/lib64 -Wl,-rpath=${OSSL_PATH}/lib -Wl,-rpath=${OSSL_PATH}/lib64" >> $GITHUB_ENV
|
|
if: matrix.PYTHON.OPENSSL
|
|
- name: Tests
|
|
run: |
|
|
tox -vvv -r -- --color=yes --wycheproof-root=wycheproof ${{ matrix.PYTHON.TOXARGS }}
|
|
env:
|
|
TOXENV: ${{ matrix.PYTHON.TOXENV }}
|
|
CARGO_TARGET_DIR: ${{ format('{0}/src/rust/target/', github.workspace) }}
|
|
|
|
- uses: ./.github/actions/upload-coverage
|
|
with:
|
|
name: "tox -e ${{ matrix.PYTHON.TOXENV }} ${{ env.OSSL_INFO }}"
|
|
if: matrix.PYTHON.COVERAGE != 'false'
|
|
|
|
linux-distros:
|
|
runs-on: ubuntu-latest
|
|
container: ghcr.io/pyca/cryptography-runner-${{ matrix.IMAGE.IMAGE }}
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
IMAGE:
|
|
- {IMAGE: "rhel8", TOXENV: "py36"}
|
|
- {IMAGE: "rhel8-fips", TOXENV: "py36", FIPS: true}
|
|
- {IMAGE: "buster", TOXENV: "py37"}
|
|
- {IMAGE: "bullseye", TOXENV: "py39"}
|
|
- {IMAGE: "bookworm", TOXENV: "py39"}
|
|
- {IMAGE: "sid", TOXENV: "py39"}
|
|
- {IMAGE: "ubuntu-bionic", TOXENV: "py36"}
|
|
- {IMAGE: "ubuntu-focal", TOXENV: "py38"}
|
|
- {IMAGE: "ubuntu-rolling", TOXENV: "py39"}
|
|
- {IMAGE: "fedora", TOXENV: "py310"}
|
|
- {IMAGE: "alpine", TOXENV: "py39"}
|
|
name: "${{ matrix.IMAGE.TOXENV }} on ${{ matrix.IMAGE.IMAGE }}"
|
|
timeout-minutes: 15
|
|
steps:
|
|
- uses: actions/checkout@v2.4.0
|
|
timeout-minutes: 3
|
|
with:
|
|
persist-credentials: false
|
|
- uses: actions/cache@v2.1.7
|
|
timeout-minutes: 5
|
|
with:
|
|
path: |
|
|
~/.cache/pip/
|
|
~/.cargo/bin/
|
|
~/.cargo/registry/index/
|
|
~/.cargo/registry/cache/
|
|
~/.cargo/registry/src/
|
|
~/.cargo/git/db/
|
|
src/rust/target/
|
|
key: ${{ runner.os }}-${{ matrix.IMAGE.IMAGE }}-cargo-3-${{ hashFiles('**/Cargo.lock') }}
|
|
|
|
- uses: actions/checkout@v2.4.0
|
|
timeout-minutes: 3
|
|
with:
|
|
repository: "google/wycheproof"
|
|
path: "wycheproof"
|
|
ref: "master"
|
|
# When run in a docker container the home directory doesn't have the same owner as the
|
|
# apparent user so pip refuses to create a cache dir
|
|
- name: create pip cache dir
|
|
run: mkdir -p "${HOME}/.cache/pip"
|
|
- run: |
|
|
echo "OPENSSL_FORCE_FIPS_MODE=1" >> $GITHUB_ENV
|
|
echo "CFLAGS=-DUSE_OSRANDOM_RNG_FOR_TESTING" >> $GITHUB_ENV
|
|
if: matrix.IMAGE.FIPS
|
|
- run: 'tox -vvv -- --wycheproof-root="wycheproof"'
|
|
env:
|
|
TOXENV: ${{ matrix.IMAGE.TOXENV }}
|
|
RUSTUP_HOME: /root/.rustup
|
|
CARGO_TARGET_DIR: ${{ format('{0}/src/rust/target/', github.workspace) }}
|
|
- uses: ./.github/actions/upload-coverage
|
|
with:
|
|
name: "${{ matrix.IMAGE.TOXENV }} on ${{ matrix.IMAGE.IMAGE }}"
|
|
|
|
linux-rust:
|
|
runs-on: ubuntu-latest
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
PYTHON:
|
|
- {VERSION: "3.9", TOXENV: "py39"}
|
|
RUST:
|
|
# Cover MSRV (and likely next MSRV). In-dev versions are below in
|
|
# the linux-rust-coverage section.
|
|
- 1.41.0
|
|
- 1.45.0
|
|
name: "${{ matrix.PYTHON.TOXENV }} with Rust ${{ matrix.RUST }}"
|
|
timeout-minutes: 15
|
|
steps:
|
|
- uses: actions/checkout@v2.4.0
|
|
timeout-minutes: 3
|
|
with:
|
|
persist-credentials: false
|
|
- uses: actions/cache@v2.1.7
|
|
timeout-minutes: 5
|
|
with:
|
|
path: |
|
|
~/.cache/pip/
|
|
~/.cargo/bin/
|
|
~/.cargo/registry/index/
|
|
~/.cargo/registry/cache/
|
|
~/.cargo/registry/src/
|
|
~/.cargo/git/db/
|
|
src/rust/target/
|
|
key: ${{ runner.os }}-cargo-3-${{ hashFiles('**/Cargo.lock') }}-${{ matrix.RUST }}
|
|
|
|
- name: Setup python
|
|
uses: actions/setup-python@v3.0.0
|
|
with:
|
|
python-version: ${{ matrix.PYTHON.VERSION }}
|
|
- uses: actions-rs/toolchain@v1.0.7
|
|
with:
|
|
profile: minimal
|
|
toolchain: ${{ matrix.RUST }}
|
|
override: true
|
|
default: true
|
|
- uses: actions/checkout@v2.4.0
|
|
timeout-minutes: 3
|
|
with:
|
|
repository: "google/wycheproof"
|
|
path: "wycheproof"
|
|
ref: "master"
|
|
- run: python -m pip install tox coverage
|
|
- name: Tests
|
|
run: |
|
|
tox -vvv -r -- --color=yes --wycheproof-root=wycheproof
|
|
env:
|
|
TOXENV: ${{ matrix.PYTHON.TOXENV }}
|
|
CARGO_TARGET_DIR: ${{ format('{0}/src/rust/target/', github.workspace) }}
|
|
- uses: ./.github/actions/upload-coverage
|
|
with:
|
|
name: "${{ matrix.PYTHON.TOXENV }} with Rust ${{ matrix.RUST }}"
|
|
|
|
linux-rust-coverage:
|
|
runs-on: ubuntu-latest
|
|
strategy:
|
|
matrix:
|
|
PYTHON:
|
|
- {VERSION: "3.10", TOXENV: "py310"}
|
|
RUST:
|
|
- beta
|
|
- nightly
|
|
name: "Rust Coverage"
|
|
timeout-minutes: 15
|
|
steps:
|
|
- uses: actions/checkout@v2.4.0
|
|
timeout-minutes: 3
|
|
with:
|
|
persist-credentials: false
|
|
- uses: actions/cache@v2.1.7
|
|
id: cargo-cache
|
|
timeout-minutes: 5
|
|
with:
|
|
path: |
|
|
~/.cache/pip/
|
|
~/.cargo/bin/
|
|
~/.cargo/registry/index/
|
|
~/.cargo/registry/cache/
|
|
~/.cargo/registry/src/
|
|
~/.cargo/git/db/
|
|
src/rust/target/
|
|
key: ${{ runner.os }}-cargo-3-${{ hashFiles('**/Cargo.lock') }}-rust-${{ matrix.RUST }}-coverage
|
|
|
|
- name: Setup python
|
|
uses: actions/setup-python@v3.0.0
|
|
with:
|
|
python-version: ${{ matrix.PYTHON.VERSION }}
|
|
- uses: actions-rs/toolchain@v1.0.7
|
|
with:
|
|
profile: minimal
|
|
toolchain: ${{ matrix.RUST }}
|
|
override: true
|
|
default: true
|
|
components: llvm-tools-preview
|
|
- uses: actions-rs/install@v0.1.2
|
|
with:
|
|
crate: cargo-binutils
|
|
version: latest
|
|
if: steps.cargo-cache.outputs.cache-hit != 'true'
|
|
|
|
- uses: actions/checkout@v2.4.0
|
|
timeout-minutes: 3
|
|
with:
|
|
repository: "google/wycheproof"
|
|
path: "wycheproof"
|
|
ref: "master"
|
|
- run: python -m pip install tox coverage
|
|
- name: Tests
|
|
run: |
|
|
tox -vvv -r -- --color=yes --wycheproof-root=wycheproof
|
|
env:
|
|
TOXENV: ${{ matrix.PYTHON.TOXENV }}
|
|
CARGO_TARGET_DIR: ${{ format('{0}/src/rust/target/', github.workspace) }}
|
|
RUSTFLAGS: "-Cinstrument-coverage"
|
|
LLVM_PROFILE_FILE: "rust-cov/cov-%p.profraw"
|
|
- name: Rust Tests
|
|
run: |
|
|
cd src/rust
|
|
cargo test --no-default-features
|
|
env:
|
|
RUSTFLAGS: "-Cinstrument-coverage"
|
|
LLVM_PROFILE_FILE: "rust-cov/cov-%m-%p.profraw"
|
|
- name: Process coverage data
|
|
run: |
|
|
cd src/rust/
|
|
cargo profdata -- merge -sparse ../../rust-cov/*.profraw -o pytest-rust-cov.profdata
|
|
cargo profdata -- merge -sparse rust-cov/*.profraw -o cargo-test-rust-cov.profdata
|
|
|
|
cargo cov -- export \
|
|
../../.tox/${{ matrix.PYTHON.TOXENV }}/lib/python${{ matrix.PYTHON.VERSION }}/site-packages/cryptography/hazmat/bindings/_rust.abi3.so \
|
|
-instr-profile=pytest-rust-cov.profdata \
|
|
--ignore-filename-regex='/.cargo/registry' \
|
|
--ignore-filename-regex='/rustc/' \
|
|
--ignore-filename-regex='/.rustup/toolchains/' --format=lcov > ../../pytest-rust-cov.lcov
|
|
cargo cov -- export \
|
|
$(env RUSTFLAGS="-Cinstrument-coverage" cargo test --no-default-features --tests --no-run --message-format=json | jq -r "select(.profile.test == true) | .filenames[]") \
|
|
-instr-profile=cargo-test-rust-cov.profdata \
|
|
--ignore-filename-regex='/.cargo/registry' \
|
|
--ignore-filename-regex='/rustc/' \
|
|
--ignore-filename-regex='/.rustup/toolchains/' --format=lcov > ../../cargo-test-rust-cov.lcov
|
|
|
|
sed -E -i 's/SF:src\/(.*)/SF:src\/rust\/src\/\1/g' ../../pytest-rust-cov.lcov
|
|
sed -E -i 's/SF:src\/(.*)/SF:src\/rust\/src\/\1/g' ../../cargo-test-rust-cov.lcov
|
|
|
|
- uses: ./.github/actions/upload-coverage
|
|
with:
|
|
name: "Rust Coverage"
|
|
|
|
macos:
|
|
runs-on: macos-latest
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
PYTHON:
|
|
- {VERSION: "3.6", TOXENV: "py36", EXTRA_CFLAGS: ""}
|
|
- {VERSION: "3.10", TOXENV: "py310", EXTRA_CFLAGS: "-DUSE_OSRANDOM_RNG_FOR_TESTING"}
|
|
RUST:
|
|
- stable
|
|
name: "${{ matrix.PYTHON.TOXENV }} on macOS"
|
|
timeout-minutes: 15
|
|
steps:
|
|
- uses: actions/checkout@v2.4.0
|
|
timeout-minutes: 3
|
|
with:
|
|
persist-credentials: false
|
|
- uses: actions/cache@v2.1.7
|
|
timeout-minutes: 5
|
|
with:
|
|
path: |
|
|
~/Library/Caches/pip/
|
|
~/.cargo/bin/
|
|
~/.cargo/registry/index/
|
|
~/.cargo/registry/cache/
|
|
~/.cargo/registry/src/
|
|
~/.cargo/git/db/
|
|
src/rust/target/
|
|
key: ${{ runner.os }}-${{ matrix.PYTHON.VERSION }}-cargo-3-${{ hashFiles('**/Cargo.lock') }}
|
|
|
|
- name: Setup python
|
|
uses: actions/setup-python@v3.0.0
|
|
with:
|
|
python-version: ${{ matrix.PYTHON.VERSION }}
|
|
- uses: actions-rs/toolchain@v1.0.7
|
|
with:
|
|
profile: minimal
|
|
toolchain: ${{ matrix.RUST }}
|
|
override: true
|
|
default: true
|
|
|
|
- run: python -m pip install tox requests coverage
|
|
|
|
- uses: actions/checkout@v2.4.0
|
|
timeout-minutes: 3
|
|
with:
|
|
repository: "google/wycheproof"
|
|
path: "wycheproof"
|
|
ref: "master"
|
|
|
|
- name: Download OpenSSL
|
|
run: |
|
|
python .github/workflows/download_openssl.py macos openssl-macos-x86-64
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
- name: Tests
|
|
run: |
|
|
CRYPTOGRAPHY_SUPPRESS_LINK_FLAGS=1 \
|
|
LDFLAGS="${HOME}/openssl-macos-x86-64/lib/libcrypto.a ${HOME}/openssl-macos-x86-64/lib/libssl.a" \
|
|
CFLAGS="-I${HOME}/openssl-macos-x86-64/include -Werror -Wno-error=deprecated-declarations -Wno-error=incompatible-pointer-types-discards-qualifiers -Wno-error=unused-function -Wno-error=unused-command-line-argument -mmacosx-version-min=10.10 -march=core2 $EXTRA_CFLAGS" \
|
|
tox -vvv -r -- --color=yes --wycheproof-root=wycheproof
|
|
env:
|
|
TOXENV: ${{ matrix.PYTHON.TOXENV }}
|
|
EXTRA_CFLAGS: ${{ matrix.PYTHON.EXTRA_CFLAGS }}
|
|
CARGO_TARGET_DIR: ${{ format('{0}/src/rust/target/', github.workspace) }}
|
|
|
|
- uses: ./.github/actions/upload-coverage
|
|
with:
|
|
name: "${{ matrix.PYTHON.TOXENV }} on macOS"
|
|
|
|
windows:
|
|
runs-on: windows-latest
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
WINDOWS:
|
|
- {ARCH: 'x86', WINDOWS: 'win32', RUST_TRIPLE: 'i686-pc-windows-msvc'}
|
|
- {ARCH: 'x64', WINDOWS: 'win64', RUST_TRIPLE: 'x86_64-pc-windows-msvc'}
|
|
PYTHON:
|
|
- {VERSION: "3.6", TOXENV: "py36", MSVC_VERSION: "2019", CL_FLAGS: ""}
|
|
- {VERSION: "3.10", TOXENV: "py310", MSVC_VERSION: "2019", CL_FLAGS: "/D USE_OSRANDOM_RNG_FOR_TESTING"}
|
|
RUST:
|
|
- stable
|
|
JOB_NUMBER: [0, 1, 2]
|
|
name: "${{ matrix.PYTHON.TOXENV }} on ${{ matrix.WINDOWS.WINDOWS }} (part ${{ matrix.JOB_NUMBER }})"
|
|
timeout-minutes: 15
|
|
steps:
|
|
- uses: actions/checkout@v2.4.0
|
|
timeout-minutes: 3
|
|
with:
|
|
persist-credentials: false
|
|
- name: Setup python
|
|
id: setup-python
|
|
uses: actions/setup-python@v3.0.0
|
|
with:
|
|
python-version: ${{ matrix.PYTHON.VERSION }}
|
|
architecture: ${{ matrix.WINDOWS.ARCH }}
|
|
- uses: actions/cache@v2.1.7
|
|
timeout-minutes: 5
|
|
with:
|
|
path: |
|
|
~/AppData/Local/pip/Cache/
|
|
~/.cargo/bin/
|
|
~/.cargo/registry/index/
|
|
~/.cargo/registry/cache/
|
|
~/.cargo/registry/src/
|
|
~/.cargo/git/db/
|
|
src/rust/target/
|
|
key: ${{ runner.os }}-${{ matrix.WINDOWS.ARCH }}-${{ steps.setup-python.outputs.python-version }}-cargo-3-${{ hashFiles('**/Cargo.lock') }}
|
|
|
|
- uses: actions-rs/toolchain@v1.0.7
|
|
with:
|
|
profile: minimal
|
|
toolchain: ${{ matrix.RUST }}
|
|
override: true
|
|
default: true
|
|
target: ${{ matrix.WINDOWS.RUST_TRIPLE }}
|
|
|
|
- run: python -m pip install tox requests coverage
|
|
- name: Download OpenSSL
|
|
run: |
|
|
python .github/workflows/download_openssl.py windows openssl-${{ matrix.WINDOWS.WINDOWS }}-${{ matrix.PYTHON.MSVC_VERSION }}
|
|
echo "INCLUDE=C:/openssl-${{ matrix.WINDOWS.WINDOWS }}-${{ matrix.PYTHON.MSVC_VERSION }}/include;$INCLUDE" >> $GITHUB_ENV
|
|
echo "LIB=C:/openssl-${{ matrix.WINDOWS.WINDOWS }}-${{ matrix.PYTHON.MSVC_VERSION }}/lib;$LIB" >> $GITHUB_ENV
|
|
echo "CL=${{ matrix.PYTHON.CL_FLAGS }}" >> $GITHUB_ENV
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
shell: bash
|
|
- uses: actions/checkout@v2.4.0
|
|
timeout-minutes: 3
|
|
with:
|
|
repository: "google/wycheproof"
|
|
path: "wycheproof"
|
|
ref: "master"
|
|
|
|
- run: tox -vvv -r -- --color=yes --wycheproof-root=wycheproof --num-shards=3 --shard-id=${{ matrix.JOB_NUMBER }}
|
|
env:
|
|
TOXENV: ${{ matrix.PYTHON.TOXENV }}
|
|
CARGO_TARGET_DIR: ${{ format('{0}/src/rust/target/', github.workspace) }}
|
|
|
|
- uses: ./.github/actions/upload-coverage
|
|
with:
|
|
name: "${{ matrix.PYTHON.TOXENV }} on ${{ matrix.WINDOWS.WINDOWS }} (part ${{ matrix.JOB_NUMBER }})"
|
|
|
|
linux-downstream:
|
|
runs-on: ubuntu-latest
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
DOWNSTREAM:
|
|
- paramiko
|
|
- pyopenssl
|
|
- pyopenssl-release
|
|
- aws-encryption-sdk
|
|
- dynamodb-encryption-sdk
|
|
- certbot
|
|
- certbot-josepy
|
|
- mitmproxy
|
|
RUST:
|
|
- stable
|
|
PYTHON:
|
|
- 3.8
|
|
name: "Downstream tests for ${{ matrix.DOWNSTREAM }}"
|
|
timeout-minutes: 15
|
|
steps:
|
|
- uses: actions/checkout@v2.4.0
|
|
timeout-minutes: 3
|
|
with:
|
|
persist-credentials: false
|
|
- uses: actions/cache@v2.1.7
|
|
timeout-minutes: 5
|
|
with:
|
|
path: |
|
|
~/.cache/pip/
|
|
~/.cargo/bin/
|
|
~/.cargo/registry/index/
|
|
~/.cargo/registry/cache/
|
|
~/.cargo/registry/src/
|
|
~/.cargo/git/db/
|
|
src/rust/target/
|
|
key: ${{ runner.os }}-cargo-3-${{ hashFiles('**/Cargo.lock') }}
|
|
|
|
- name: Setup python
|
|
uses: actions/setup-python@v3.0.0
|
|
with:
|
|
python-version: ${{ matrix.PYTHON }}
|
|
- uses: actions-rs/toolchain@v1.0.7
|
|
with:
|
|
profile: minimal
|
|
toolchain: ${{ matrix.RUST }}
|
|
override: true
|
|
default: true
|
|
- run: python -m pip install -U pip wheel
|
|
- run: ./.github/downstream.d/${{ matrix.DOWNSTREAM }}.sh install
|
|
- run: pip install .
|
|
env:
|
|
CARGO_TARGET_DIR: ${{ format('{0}/src/rust/target/', github.workspace) }}
|
|
- run: ./.github/downstream.d/${{ matrix.DOWNSTREAM }}.sh run
|
|
|
|
all-green:
|
|
# https://github.community/t/is-it-possible-to-require-all-github-actions-tasks-to-pass-without-enumerating-them/117957/4?u=graingert
|
|
runs-on: ubuntu-latest
|
|
needs: [linux, linux-distros, linux-rust, linux-rust-coverage, macos, windows, linux-downstream]
|
|
if: ${{ always() }}
|
|
steps:
|
|
- run: echo "😢"; exit 1
|
|
if: ${{ needs.linux.result != 'success' || needs.linux-distros.result != 'success' || needs.linux-rust.result != 'success' || needs.linux-rust-coverage.result != 'success' || needs.macos.result != 'success' || needs.windows.result != 'success' || needs.linux-downstream.result != 'success' }}
|
|
- run: echo "🎉"
|