saymrwulf/cryptography
1
0
Fork 0
mirror of https://github.com/saymrwulf/cryptography.git synced 2026-05-14 20:37:55 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
cryptography/.github/workflows/wheel-builder.yml
Alex Gaynor bb204c8ca7
Backport: Added PyPy 3.10 to CI (#8933) (#9210) 
* Added PyPy 3.10 to CI (#8933)

* Bump proc-macro2 for nightly
2023-07-10 07:10:11 -05:00

330 lines
16 KiB
YAML
Raw Blame History

name: Wheel Builder
permissions:
contents: read
on:
workflow_dispatch:
inputs:
version:
description: The version to build
# Do not add any non-tag push events without updating pypi-publish.yml. If
# you do, it'll upload wheels to PyPI.
push:
tags:
- '*.*'
- '*.*.*'
pull_request:
paths:
- .github/workflows/wheel-builder.yml
- setup.py
- pyproject.toml
- vectors/pyproject.toml
env:
CARGO_REGISTRIES_CRATES_IO_PROTOCOL: sparse
jobs:
sdist:
runs-on: ubuntu-latest
name: sdists
steps:
- uses: actions/checkout@v3.5.2
with:
# The tag to build or the tag received by the tag event
ref: ${{ github.event.inputs.version || github.ref }}
persist-credentials: false
- run: python -m venv .venv
- name: Install Python dependencies
run: .venv/bin/pip install -U pip build
- name: Make sdist (cryptography)
run: .venv/bin/python -m build --sdist
- name: Make sdist and wheel (vectors)
run: cd vectors/ && ../.venv/bin/python -m build
- uses: actions/upload-artifact@v3.1.2
with:
name: "cryptography-sdist"
path: dist/cryptography*
- uses: actions/upload-artifact@v3.1.2
with:
name: "vectors-sdist-wheel"
path: vectors/dist/cryptography*
manylinux:
needs: [sdist]
runs-on: ${{ matrix.MANYLINUX.RUNNER }}
container: ghcr.io/pyca/${{ matrix.MANYLINUX.CONTAINER }}
strategy:
fail-fast: false
matrix:
PYTHON:
- { VERSION: "cp37-cp37m", ABI_VERSION: 'cp37' }
- { VERSION: "pp38-pypy38_pp73" }
- { VERSION: "pp39-pypy39_pp73" }
- { VERSION: "pp310-pypy310_pp73" }
MANYLINUX:
- { NAME: "manylinux2014_x86_64", CONTAINER: "cryptography-manylinux2014:x86_64", RUNNER: "ubuntu-latest" }
- { NAME: "manylinux_2_28_x86_64", CONTAINER: "cryptography-manylinux_2_28:x86_64", RUNNER: "ubuntu-latest"}
- { NAME: "musllinux_1_1_x86_64", CONTAINER: "cryptography-musllinux_1_1:x86_64", RUNNER: "ubuntu-latest"}
- { NAME: "manylinux2014_aarch64", CONTAINER: "cryptography-manylinux2014_aarch64", RUNNER: [self-hosted, Linux, ARM64] }
- { NAME: "manylinux_2_28_aarch64", CONTAINER: "cryptography-manylinux_2_28:aarch64", RUNNER: [self-hosted, Linux, ARM64]}
- { NAME: "musllinux_1_1_aarch64", CONTAINER: "cryptography-musllinux_1_1:aarch64", RUNNER: [self-hosted, Linux, ARM64]}
exclude:
# There are no readily available musllinux PyPy distributions
- PYTHON: { VERSION: "pp38-pypy38_pp73" }
MANYLINUX: { NAME: "musllinux_1_1_x86_64", CONTAINER: "cryptography-musllinux_1_1:x86_64", RUNNER: "ubuntu-latest"}
- PYTHON: { VERSION: "pp39-pypy39_pp73" }
MANYLINUX: { NAME: "musllinux_1_1_x86_64", CONTAINER: "cryptography-musllinux_1_1:x86_64", RUNNER: "ubuntu-latest"}
- PYTHON: { VERSION: "pp310-pypy310_pp73" }
MANYLINUX: { NAME: "musllinux_1_1_x86_64", CONTAINER: "cryptography-musllinux_1_1:x86_64", RUNNER: "ubuntu-latest"}
- PYTHON: { VERSION: "pp38-pypy38_pp73" }
MANYLINUX: { NAME: "musllinux_1_1_aarch64", CONTAINER: "cryptography-musllinux_1_1:aarch64", RUNNER: [self-hosted, Linux, ARM64]}
- PYTHON: { VERSION: "pp39-pypy39_pp73" }
MANYLINUX: { NAME: "musllinux_1_1_aarch64", CONTAINER: "cryptography-musllinux_1_1:aarch64", RUNNER: [self-hosted, Linux, ARM64]}
- PYTHON: { VERSION: "pp310-pypy310_pp73" }
MANYLINUX: { NAME: "musllinux_1_1_aarch64", CONTAINER: "cryptography-musllinux_1_1:aarch64", RUNNER: [self-hosted, Linux, ARM64]}
# We also don't build pypy wheels for anything except the latest manylinux
- PYTHON: { VERSION: "pp38-pypy38_pp73" }
MANYLINUX: { NAME: "manylinux2014_x86_64", CONTAINER: "cryptography-manylinux2014:x86_64", RUNNER: "ubuntu-latest"}
- PYTHON: { VERSION: "pp39-pypy39_pp73" }
MANYLINUX: { NAME: "manylinux2014_x86_64", CONTAINER: "cryptography-manylinux2014:x86_64", RUNNER: "ubuntu-latest"}
- PYTHON: { VERSION: "pp310-pypy310_pp73" }
MANYLINUX: { NAME: "manylinux2014_x86_64", CONTAINER: "cryptography-manylinux2014:x86_64", RUNNER: "ubuntu-latest"}
- PYTHON: { VERSION: "pp38-pypy38_pp73" }
MANYLINUX: { NAME: "manylinux2014_aarch64", CONTAINER: "cryptography-manylinux2014_aarch64", RUNNER: [self-hosted, Linux, ARM64]}
- PYTHON: { VERSION: "pp39-pypy39_pp73" }
MANYLINUX: { NAME: "manylinux2014_aarch64", CONTAINER: "cryptography-manylinux2014_aarch64", RUNNER: [self-hosted, Linux, ARM64]}
- PYTHON: { VERSION: "pp310-pypy310_pp73" }
MANYLINUX: { NAME: "manylinux2014_aarch64", CONTAINER: "cryptography-manylinux2014_aarch64", RUNNER: [self-hosted, Linux, ARM64]}
name: "${{ matrix.PYTHON.VERSION }} for ${{ matrix.MANYLINUX.NAME }}"
steps:
- name: Ridiculous alpine workaround for actions support on arm64
run: |
# This modifies /etc/os-release so the JS actions
# from GH can't detect that it's on alpine:aarch64. It will
# then use a glibc nodejs, which works fine when gcompat
# is installed in the container (which it is)
sed -i "s:ID=alpine:ID=NotpineForGHA:" /etc/os-release
if: matrix.MANYLINUX.NAME == 'musllinux_1_1_aarch64'
- uses: actions/download-artifact@v3.0.2
with:
name: cryptography-sdist
- run: /opt/python/${{ matrix.PYTHON.VERSION }}/bin/python -m venv .venv
- name: Install Python dependencies
run: .venv/bin/pip install -U pip wheel cffi setuptools-rust
- run: mkdir tmpwheelhouse
- name: Build the wheel
run: |
if [ -n "${{ matrix.PYTHON.ABI_VERSION }}" ]; then
PY_LIMITED_API="--config-settings=--build-option=--py-limited-api=${{ matrix.PYTHON.ABI_VERSION }} --no-build-isolation"
fi
OPENSSL_DIR="/opt/pyca/cryptography/openssl" \
OPENSSL_STATIC=1 \
.venv/bin/python -m pip wheel -v $PY_LIMITED_API cryptograph*.tar.gz -w dist/ && mv dist/cryptography*.whl tmpwheelhouse
env:
RUSTUP_HOME: /root/.rustup
- run: auditwheel repair --plat ${{ matrix.MANYLINUX.NAME }} tmpwheelhouse/cryptograph*.whl -w wheelhouse/
- run: unzip wheelhouse/*.whl -d execstack.check
- run: |
results=$(readelf -lW execstack.check/cryptography/hazmat/bindings/*.so)
count=$(echo "$results" | grep -c 'GNU_STACK.*[R ][W ]E' || true)
if [ "$count" -ne 0 ]; then
exit 1
else
exit 0
fi
- run: .venv/bin/pip install cryptography --no-index -f wheelhouse/
- run: |
.venv/bin/python -c "from cryptography.hazmat.backends.openssl.backend import backend;print('Loaded: ' + backend.openssl_version_text());print('Linked Against: ' + backend._ffi.string(backend._lib.OPENSSL_VERSION_TEXT).decode('ascii'))"
- run: mkdir cryptography-wheelhouse
- run: mv wheelhouse/cryptography*.whl cryptography-wheelhouse/
- uses: actions/upload-artifact@v3.1.2
with:
name: "cryptography-${{ github.event.inputs.version }}-${{ matrix.MANYLINUX.NAME }}-${{ matrix.PYTHON.VERSION }}"
path: cryptography-wheelhouse/
macos:
needs: [sdist]
runs-on: macos-12
strategy:
fail-fast: false
matrix:
PYTHON:
- VERSION: '3.11'
ABI_VERSION: 'cp37'
# Despite the name, this is built for the macOS 11 SDK on arm64 and 10.9+ on intel
DOWNLOAD_URL: 'https://www.python.org/ftp/python/3.11.3/python-3.11.3-macos11.pkg'
BIN_PATH: '/Library/Frameworks/Python.framework/Versions/3.11/bin/python3'
DEPLOYMENT_TARGET: '10.12'
# This archflags is default, but let's be explicit
ARCHFLAGS: '-arch x86_64 -arch arm64'
# See https://github.com/pypa/cibuildwheel/blob/c8876b5c54a6c6b08de5d4b1586906b56203bd9e/cibuildwheel/macos.py#L257-L269
# This will change in the future as we change the base Python we
# build against
_PYTHON_HOST_PLATFORM: 'macosx-10.9-universal2'
- VERSION: '3.11'
ABI_VERSION: 'cp37'
DOWNLOAD_URL: 'https://www.python.org/ftp/python/3.11.3/python-3.11.3-macos11.pkg'
BIN_PATH: '/Library/Frameworks/Python.framework/Versions/3.11/bin/python3'
DEPLOYMENT_TARGET: '10.12'
# We continue to build a non-universal2 for a bit to see metrics on
# download counts (this is a proxy for pip version since universal2
# requires a 21.x pip)
ARCHFLAGS: '-arch x86_64'
_PYTHON_HOST_PLATFORM: 'macosx-10.9-x86_64'
- VERSION: 'pypy-3.8'
BIN_PATH: 'pypy3'
DEPLOYMENT_TARGET: '10.12'
_PYTHON_HOST_PLATFORM: 'macosx-10.9-x86_64'
ARCHFLAGS: '-arch x86_64'
- VERSION: 'pypy-3.9'
BIN_PATH: 'pypy3'
DEPLOYMENT_TARGET: '10.12'
_PYTHON_HOST_PLATFORM: 'macosx-10.9-x86_64'
ARCHFLAGS: '-arch x86_64'
- VERSION: 'pypy-3.10'
BIN_PATH: 'pypy3'
DEPLOYMENT_TARGET: '10.12'
_PYTHON_HOST_PLATFORM: 'macosx-10.9-x86_64'
ARCHFLAGS: '-arch x86_64'
name: "${{ matrix.PYTHON.VERSION }} ABI ${{ matrix.PYTHON.ABI_VERSION }} macOS ${{ matrix.PYTHON.ARCHFLAGS }}"
steps:
- uses: actions/download-artifact@v3.0.2
with:
name: cryptography-sdist
- name: Setup python
run: |
curl "$PYTHON_DOWNLOAD_URL" -o python.pkg
sudo installer -pkg python.pkg -target /
env:
PYTHON_DOWNLOAD_URL: ${{ matrix.PYTHON.DOWNLOAD_URL }}
if: contains(matrix.PYTHON.VERSION, 'pypy') == false
- name: Setup pypy
uses: actions/setup-python@v4.6.1
with:
python-version: ${{ matrix.PYTHON.VERSION }}
if: contains(matrix.PYTHON.VERSION, 'pypy')
- uses: dawidd6/action-download-artifact@246dbf436b23d7c49e21a7ab8204ca9ecd1fe615
with:
repo: pyca/infra
workflow: build-macos-openssl.yml
branch: main
workflow_conclusion: success
name: openssl-macos-universal2
path: "../openssl-macos-universal2/"
github_token: ${{ secrets.GITHUB_TOKEN }}
- uses: dtolnay/rust-toolchain@52e69531e6f69a396bc9d1226284493a5db969ff
with:
toolchain: stable
# Add the arm64 target in addition to the native arch (x86_64)
target: aarch64-apple-darwin
- run: ${{ matrix.PYTHON.BIN_PATH }} -m venv venv
- run: venv/bin/pip install -U pip wheel cffi setuptools-rust
- run: mkdir wheelhouse
- name: Build the wheel
run: |
if [ -n "${{ matrix.PYTHON.ABI_VERSION }}" ]; then
PY_LIMITED_API="--config-settings=--build-option=--py-limited-api=${{ matrix.PYTHON.ABI_VERSION }} --no-build-isolation"
fi
OPENSSL_DIR="$(readlink -f ../openssl-macos-universal2/)" \
OPENSSL_STATIC=1 \
venv/bin/python -m pip wheel -v $PY_LIMITED_API cryptograph*.tar.gz -w dist/ && mv dist/cryptography*.whl wheelhouse
env:
MACOSX_DEPLOYMENT_TARGET: ${{ matrix.PYTHON.DEPLOYMENT_TARGET }}
ARCHFLAGS: ${{ matrix.PYTHON.ARCHFLAGS }}
_PYTHON_HOST_PLATFORM: ${{ matrix.PYTHON._PYTHON_HOST_PLATFORM }}
- run: venv/bin/pip install -f wheelhouse/ --no-index cryptography
- name: Show the wheel's minimum macOS SDK and architectures
run: |
find venv/lib/*/site-packages/cryptography/hazmat/bindings -name '*.so' -exec vtool -show {} \;
- run: |
venv/bin/python -c "from cryptography.hazmat.backends.openssl.backend import backend;print('Loaded: ' + backend.openssl_version_text());print('Linked Against: ' + backend._ffi.string(backend._lib.OPENSSL_VERSION_TEXT).decode('ascii'))"
- run: mkdir cryptography-wheelhouse
- run: mv wheelhouse/cryptography*.whl cryptography-wheelhouse/
- run: |
echo "CRYPTOGRAPHY_WHEEL_NAME=$(basename $(ls cryptography-wheelhouse/cryptography*.whl))" >> $GITHUB_ENV
- uses: actions/upload-artifact@v3.1.2
with:
name: "${{ env.CRYPTOGRAPHY_WHEEL_NAME }}"
path: cryptography-wheelhouse/
windows:
needs: [sdist]
runs-on: windows-latest
strategy:
fail-fast: false
matrix:
WINDOWS:
- {ARCH: 'x86', WINDOWS: 'win32', RUST_TRIPLE: 'i686-pc-windows-msvc'}
- {ARCH: 'x64', WINDOWS: 'win64', RUST_TRIPLE: 'x86_64-pc-windows-msvc'}
PYTHON:
- {VERSION: "3.11", "ABI_VERSION": "cp37"}
- {VERSION: "pypy-3.8"}
- {VERSION: "pypy-3.9"}
- {VERSION: "pypy-3.10"}
exclude:
# We need to exclude the below configuration because there is no 32-bit pypy3
- WINDOWS: {ARCH: 'x86', WINDOWS: 'win32', RUST_TRIPLE: 'i686-pc-windows-msvc'}
PYTHON: {VERSION: "pypy-3.8"}
- WINDOWS: {ARCH: 'x86', WINDOWS: 'win32', RUST_TRIPLE: 'i686-pc-windows-msvc'}
PYTHON: {VERSION: "pypy-3.9"}
- WINDOWS: {ARCH: 'x86', WINDOWS: 'win32', RUST_TRIPLE: 'i686-pc-windows-msvc'}
PYTHON: {VERSION: "pypy-3.10"}
name: "${{ matrix.PYTHON.VERSION }} ${{ matrix.WINDOWS.WINDOWS }} ${{ matrix.PYTHON.ABI_VERSION }}"
steps:
- uses: actions/download-artifact@v3.0.2
with:
name: cryptography-sdist
- name: Setup python
uses: actions/setup-python@v4.6.1
with:
python-version: ${{ matrix.PYTHON.VERSION }}
architecture: ${{ matrix.WINDOWS.ARCH }}
- uses: dtolnay/rust-toolchain@52e69531e6f69a396bc9d1226284493a5db969ff
with:
toolchain: stable
target: ${{ matrix.WINDOWS.RUST_TRIPLE }}
- uses: dawidd6/action-download-artifact@246dbf436b23d7c49e21a7ab8204ca9ecd1fe615
with:
repo: pyca/infra
workflow: build-windows-openssl.yml
branch: main
workflow_conclusion: success
name: "openssl-${{ matrix.WINDOWS.WINDOWS }}"
path: "C:/openssl-${{ matrix.WINDOWS.WINDOWS }}/"
github_token: ${{ secrets.GITHUB_TOKEN }}
- name: Configure OpenSSL
run: |
echo "OPENSSL_DIR=C:/openssl-${{ matrix.WINDOWS.WINDOWS }}" >> $GITHUB_ENV
echo "OPENSSL_STATIC=1" >> $GITHUB_ENV
shell: bash
- run: python -m pip install -U pip wheel
- run: python -m pip install cffi setuptools-rust
- run: mkdir wheelhouse
- run: |
if [ -n "${{ matrix.PYTHON.ABI_VERSION }}" ]; then
PY_LIMITED_API="--config-settings=--build-option=--py-limited-api=${{ matrix.PYTHON.ABI_VERSION }} --no-build-isolation"
fi
python -m pip wheel -v cryptography*.tar.gz $PY_LIMITED_API -w dist/ && mv dist/cryptography*.whl wheelhouse/
shell: bash
- run: pip install -f wheelhouse --no-index cryptography
- name: Print the OpenSSL we built and linked against
run: |
python -c "from cryptography.hazmat.backends.openssl.backend import backend;print('Loaded: ' + backend.openssl_version_text());print('Linked Against: ' + backend._ffi.string(backend._lib.OPENSSL_VERSION_TEXT).decode('ascii'))"
- run: mkdir cryptography-wheelhouse
- run: move wheelhouse\cryptography*.whl cryptography-wheelhouse\
- uses: actions/upload-artifact@v3.1.2
with:
name: "cryptography-${{ github.event.inputs.version }}-${{ matrix.WINDOWS.WINDOWS }}-${{ matrix.PYTHON.VERSION }}-${{ matrix.PYTHON.ABI_VERSION}}"
path: cryptography-wheelhouse\
Reference in a new issue View git blame Copy permalink