Skip to content

Commit

Permalink
node20 test
Browse files Browse the repository at this point in the history
  • Loading branch information
@reaperhulk
reaperhulk committed May 14, 2024
1 parent 1167f0c commit 4089679
Showing 1 changed file with 46 additions and 178 deletions.
224 changes: 46 additions & 178 deletions .github/workflows/wheel-builder.yml
View file
Expand Up @@ -9,6 +9,8 @@ on:
# Do not add any non-tag push events without updating pypi-publish.yml. If
# you do, it'll upload wheels to PyPI.
push:
branches:
- node20
tags:
- '*.*'
- '*.*.*'
Expand All @@ -27,7 +29,7 @@ jobs:
runs-on: ubuntu-latest
name: sdists
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
with:
# The tag to build or the tag received by the tag event
ref: ${{ github.event.inputs.version || github.ref }}
Expand All @@ -40,11 +42,11 @@ jobs:
run: .venv/bin/python -m build --sdist
- name: Make sdist and wheel (vectors)
run: cd vectors/ && ../.venv/bin/python -m build
- uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
- uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
with:
name: "cryptography-sdist"
path: dist/cryptography*
- uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
- uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
with:
name: "vectors-sdist-wheel"
path: vectors/dist/cryptography*
Expand Down Expand Up @@ -158,209 +160,75 @@ jobs:
name: "cryptography-${{ github.event.inputs.version }}-${{ matrix.MANYLINUX.NAME }}-${{ matrix.PYTHON.VERSION }}-${{ matrix.PYTHON.ABI_VERSION }}"
path: cryptography-wheelhouse/

macos:
manylinux2014:
needs: [sdist]
runs-on: macos-13
runs-on: ${{ matrix.MANYLINUX.RUNNER }}
container:
image: ghcr.io/pyca/${{ matrix.MANYLINUX.CONTAINER }}
volumes:
- /node20217:/node20217:rw,rshared
- /node20217:/__e/node20:ro,rshared
strategy:
fail-fast: false
matrix:
PYTHON:
- VERSION: '3.11'
ABI_VERSION: 'cp37'
# Despite the name, this is built for the macOS 11 SDK on arm64 and 10.9+ on intel
DOWNLOAD_URL: 'https://www.python.org/ftp/python/3.11.3/python-3.11.3-macos11.pkg'
BIN_PATH: '/Library/Frameworks/Python.framework/Versions/3.11/bin/python3'
DEPLOYMENT_TARGET: '10.12'
# This archflags is default, but let's be explicit
ARCHFLAGS: '-arch x86_64 -arch arm64'
# See https://github.com/pypa/cibuildwheel/blob/c8876b5c54a6c6b08de5d4b1586906b56203bd9e/cibuildwheel/macos.py#L257-L269
# This will change in the future as we change the base Python we
# build against
_PYTHON_HOST_PLATFORM: 'macosx-10.9-universal2'
- VERSION: '3.11'
ABI_VERSION: 'cp39'
# Despite the name, this is built for the macOS 11 SDK on arm64 and 10.9+ on intel
DOWNLOAD_URL: 'https://www.python.org/ftp/python/3.11.3/python-3.11.3-macos11.pkg'
BIN_PATH: '/Library/Frameworks/Python.framework/Versions/3.11/bin/python3'
DEPLOYMENT_TARGET: '10.12'
# This archflags is default, but let's be explicit
ARCHFLAGS: '-arch x86_64 -arch arm64'
# See https://github.com/pypa/cibuildwheel/blob/c8876b5c54a6c6b08de5d4b1586906b56203bd9e/cibuildwheel/macos.py#L257-L269
# This will change in the future as we change the base Python we
# build against
_PYTHON_HOST_PLATFORM: 'macosx-10.9-universal2'
- VERSION: '3.11'
ABI_VERSION: 'cp37'
DOWNLOAD_URL: 'https://www.python.org/ftp/python/3.11.3/python-3.11.3-macos11.pkg'
BIN_PATH: '/Library/Frameworks/Python.framework/Versions/3.11/bin/python3'
DEPLOYMENT_TARGET: '10.12'
# We continue to build a non-universal2 for a bit to see metrics on
# download counts (this is a proxy for pip version since universal2
# requires a 21.x pip)
ARCHFLAGS: '-arch x86_64'
_PYTHON_HOST_PLATFORM: 'macosx-10.9-x86_64'
- VERSION: 'pypy-3.9'
BIN_PATH: 'pypy3'
DEPLOYMENT_TARGET: '10.12'
_PYTHON_HOST_PLATFORM: 'macosx-10.9-x86_64'
ARCHFLAGS: '-arch x86_64'
- VERSION: 'pypy-3.10'
BIN_PATH: 'pypy3'
DEPLOYMENT_TARGET: '10.12'
_PYTHON_HOST_PLATFORM: 'macosx-10.9-x86_64'
ARCHFLAGS: '-arch x86_64'
name: "${{ matrix.PYTHON.VERSION }} ABI ${{ matrix.PYTHON.ABI_VERSION }} macOS ${{ matrix.PYTHON.ARCHFLAGS }}"
- { VERSION: "cp312-cp312", ABI_VERSION: 'cp37' }
- { VERSION: "cp312-cp312", ABI_VERSION: 'cp39' }
MANYLINUX:
- { NAME: "manylinux2014_x86_64", CONTAINER: "cryptography-manylinux2014:x86_64", RUNNER: "ubuntu-latest" }
#- { NAME: "manylinux2014_aarch64", CONTAINER: "cryptography-manylinux2014_aarch64", RUNNER: [self-hosted, Linux, ARM64] }
name: "${{ matrix.PYTHON.VERSION }} for ${{ matrix.MANYLINUX.NAME }}"
steps:
- name: absurd node workaround
run: |
curl -LO https://unofficial-builds.nodejs.org/download/release/v20.9.0/node-v20.9.0-linux-x64-glibc-217.tar.xz
tar -xf node-v20.9.0-linux-x64-glibc-217.tar.xz --strip-components 1 -C /node20217
ldd /__e/node20/bin/node
- name: Get build-requirements.txt from repository
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
with:
# The tag to build or the tag received by the tag event
ref: ${{ github.event.inputs.version || github.ref }}
persist-credentials: false
sparse-checkout: |
${{ env.BUILD_REQUIREMENTS_PATH }}
sparse-checkout-cone-mode: false
- name: Setup python
run: |
curl "$PYTHON_DOWNLOAD_URL" -o python.pkg
sudo installer -pkg python.pkg -target /
env:
PYTHON_DOWNLOAD_URL: ${{ matrix.PYTHON.DOWNLOAD_URL }}
if: contains(matrix.PYTHON.VERSION, 'pypy') == false
- name: Setup pypy
uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
with:
python-version: ${{ matrix.PYTHON.VERSION }}
if: contains(matrix.PYTHON.VERSION, 'pypy')
- uses: dawidd6/action-download-artifact@09f2f74827fd3a8607589e5ad7f9398816f540fe # v3.1.4
with:
repo: pyca/infra
workflow: build-macos-openssl.yml
branch: main
workflow_conclusion: success
name: openssl-macos-universal2
path: "../openssl-macos-universal2/"
github_token: ${{ secrets.GITHUB_TOKEN }}
- uses: dtolnay/rust-toolchain@1482605bfc5719782e1267fd0c0cc350fe7646b8
with:
toolchain: stable
# Add the arm64 target in addition to the native arch (x86_64)
target: aarch64-apple-darwin
- run: ${{ matrix.PYTHON.BIN_PATH }} -m venv venv
- run: /opt/python/${{ matrix.PYTHON.VERSION }}/bin/python -m venv .venv
- name: Install Python dependencies
run: venv/bin/pip install --require-hashes -r ${{ env.BUILD_REQUIREMENTS_PATH }}
run: .venv/bin/pip install --require-hashes -r ${{ env.BUILD_REQUIREMENTS_PATH }}

- uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
- uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
with:
name: cryptography-sdist
- run: mkdir wheelhouse
- run: mkdir tmpwheelhouse
- name: Build the wheel
run: |
if [ -n "${{ matrix.PYTHON.ABI_VERSION }}" ]; then
PY_LIMITED_API="--config-settings=--build-option=--py-limited-api=${{ matrix.PYTHON.ABI_VERSION }} --no-build-isolation"
fi
OPENSSL_DIR="$(readlink -f ../openssl-macos-universal2/)" \
OPENSSL_DIR="/opt/pyca/cryptography/openssl" \
OPENSSL_STATIC=1 \
venv/bin/python -m pip wheel -v --no-deps $PY_LIMITED_API cryptograph*.tar.gz -w dist/ && mv dist/cryptography*.whl wheelhouse
.venv/bin/python -m pip wheel -v --no-deps $PY_LIMITED_API cryptograph*.tar.gz -w dist/ && mv dist/cryptography*.whl tmpwheelhouse
env:
MACOSX_DEPLOYMENT_TARGET: ${{ matrix.PYTHON.DEPLOYMENT_TARGET }}
ARCHFLAGS: ${{ matrix.PYTHON.ARCHFLAGS }}
_PYTHON_HOST_PLATFORM: ${{ matrix.PYTHON._PYTHON_HOST_PLATFORM }}
- run: venv/bin/pip install -f wheelhouse/ --no-index cryptography
- name: Show the wheel's minimum macOS SDK and architectures
run: |
find venv/lib/*/site-packages/cryptography/hazmat/bindings -name '*.so' -exec vtool -show {} \;
RUSTUP_HOME: /root/.rustup
- run: auditwheel repair --plat ${{ matrix.MANYLINUX.NAME }} tmpwheelhouse/cryptograph*.whl -w wheelhouse/
- run: unzip wheelhouse/*.whl -d execstack.check
- run: |
venv/bin/python -c "from cryptography.hazmat.backends.openssl.backend import backend;print('Loaded: ' + backend.openssl_version_text());print('Linked Against: ' + backend._ffi.string(backend._lib.OPENSSL_VERSION_TEXT).decode('ascii'))"
results=$(readelf -lW execstack.check/cryptography/hazmat/bindings/*.so)
count=$(echo "$results" | grep -c 'GNU_STACK.*[R ][W ]E' || true)
if [ "$count" -ne 0 ]; then
exit 1
else
exit 0
fi
- run: .venv/bin/pip install cryptography --no-index -f wheelhouse/
- run: |
.venv/bin/python -c "from cryptography.hazmat.backends.openssl.backend import backend;print('Loaded: ' + backend.openssl_version_text());print('Linked Against: ' + backend._ffi.string(backend._lib.OPENSSL_VERSION_TEXT).decode('ascii'))"
- run: mkdir cryptography-wheelhouse
- run: mv wheelhouse/cryptography*.whl cryptography-wheelhouse/
- run: |
echo "CRYPTOGRAPHY_WHEEL_NAME=$(basename $(ls cryptography-wheelhouse/cryptography*.whl))" >> $GITHUB_ENV
- uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
- uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
with:
name: "${{ env.CRYPTOGRAPHY_WHEEL_NAME }}"
name: "cryptography-${{ github.event.inputs.version }}-${{ matrix.MANYLINUX.NAME }}-${{ matrix.PYTHON.VERSION }}-${{ matrix.PYTHON.ABI_VERSION }}"
path: cryptography-wheelhouse/

windows:
needs: [sdist]
runs-on: windows-latest
strategy:
fail-fast: false
matrix:
WINDOWS:
- {ARCH: 'x86', WINDOWS: 'win32', RUST_TRIPLE: 'i686-pc-windows-msvc'}
- {ARCH: 'x64', WINDOWS: 'win64', RUST_TRIPLE: 'x86_64-pc-windows-msvc'}
PYTHON:
- {VERSION: "3.11", "ABI_VERSION": "cp37"}
- {VERSION: "3.11", "ABI_VERSION": "cp39"}
- {VERSION: "pypy-3.9"}
- {VERSION: "pypy-3.10"}
exclude:
# We need to exclude the below configuration because there is no 32-bit pypy3
- WINDOWS: {ARCH: 'x86', WINDOWS: 'win32', RUST_TRIPLE: 'i686-pc-windows-msvc'}
PYTHON: {VERSION: "pypy-3.9"}
- WINDOWS: {ARCH: 'x86', WINDOWS: 'win32', RUST_TRIPLE: 'i686-pc-windows-msvc'}
PYTHON: {VERSION: "pypy-3.10"}
name: "${{ matrix.PYTHON.VERSION }} ${{ matrix.WINDOWS.WINDOWS }} ${{ matrix.PYTHON.ABI_VERSION }}"
steps:
- name: Get build-requirements.txt from repository
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
# The tag to build or the tag received by the tag event
ref: ${{ github.event.inputs.version || github.ref }}
persist-credentials: false
sparse-checkout: |
${{ env.BUILD_REQUIREMENTS_PATH }}
sparse-checkout-cone-mode: false

- uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
with:
name: cryptography-sdist

- name: Setup python
uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
with:
python-version: ${{ matrix.PYTHON.VERSION }}
architecture: ${{ matrix.WINDOWS.ARCH }}
- uses: dtolnay/rust-toolchain@1482605bfc5719782e1267fd0c0cc350fe7646b8
with:
toolchain: stable
target: ${{ matrix.WINDOWS.RUST_TRIPLE }}

- uses: dawidd6/action-download-artifact@09f2f74827fd3a8607589e5ad7f9398816f540fe # v3.1.4
with:
repo: pyca/infra
workflow: build-windows-openssl.yml
branch: main
workflow_conclusion: success
name: "openssl-${{ matrix.WINDOWS.WINDOWS }}"
path: "C:/openssl-${{ matrix.WINDOWS.WINDOWS }}/"
github_token: ${{ secrets.GITHUB_TOKEN }}
- name: Configure OpenSSL
run: |
echo "OPENSSL_DIR=C:/openssl-${{ matrix.WINDOWS.WINDOWS }}" >> $GITHUB_ENV
echo "OPENSSL_STATIC=1" >> $GITHUB_ENV
shell: bash
- name: Install Python dependencies
run: python -m pip install --require-hashes -r ${{ env.BUILD_REQUIREMENTS_PATH }}
- run: mkdir wheelhouse
- run: |
if [ -n "${{ matrix.PYTHON.ABI_VERSION }}" ]; then
PY_LIMITED_API="--config-settings=--build-option=--py-limited-api=${{ matrix.PYTHON.ABI_VERSION }} --no-build-isolation"
fi
python -m pip wheel -v --no-deps cryptography*.tar.gz $PY_LIMITED_API -w dist/ && mv dist/cryptography*.whl wheelhouse/
shell: bash
- run: pip install -f wheelhouse --no-index cryptography
- name: Print the OpenSSL we built and linked against
run: |
python -c "from cryptography.hazmat.backends.openssl.backend import backend;print('Loaded: ' + backend.openssl_version_text());print('Linked Against: ' + backend._ffi.string(backend._lib.OPENSSL_VERSION_TEXT).decode('ascii'))"
- run: mkdir cryptography-wheelhouse
- run: move wheelhouse\cryptography*.whl cryptography-wheelhouse\
- uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
with:
name: "cryptography-${{ github.event.inputs.version }}-${{ matrix.WINDOWS.WINDOWS }}-${{ matrix.PYTHON.VERSION }}-${{ matrix.PYTHON.ABI_VERSION }}"
path: cryptography-wheelhouse\

0 comments on commit 4089679

Please sign in to comment.