blob: 94d24c5e38101828e591796b1f414fcd1400c07f [file] [log] [blame]
name: Wheel Builder
on:
workflow_dispatch:
inputs:
version:
required: true
jobs:
manylinux:
runs-on: ubuntu-latest
container: ghcr.io/${{ matrix.MANYLINUX.CONTAINER }}
strategy:
matrix:
PYTHON: ["cp27-cp27m", "cp27-cp27mu", "cp36-cp36m"]
MANYLINUX:
- NAME: manylinux1_x86_64
CONTAINER: "pyca/cryptography-manylinux1:x86_64"
- NAME: manylinux2010_x86_64
CONTAINER: "pyca/cryptography-manylinux2010:x86_64"
name: "${{ matrix.PYTHON }} for ${{ matrix.MANYLINUX.NAME }}"
steps:
- run: /opt/python/${{ matrix.PYTHON }}/bin/python -m virtualenv .venv
- name: Install Python dependencies
run: .venv/bin/pip install -U pip wheel cffi six ipaddress "enum34; python_version < '3'"
- run: .venv/bin/pip download cryptography==${{ github.event.inputs.version }} --no-deps --no-binary cryptography && tar zxvf cryptography*.tar.gz && mkdir tmpwheelhouse
- run: |
REGEX="cp3([0-9])*"
if [[ "${{ matrix.PYTHON }}" =~ $REGEX ]]; then
PY_LIMITED_API="--py-limited-api=cp3${BASH_REMATCH[1]}"
fi
cd cryptography*
LDFLAGS="-L/opt/pyca/cryptography/openssl/lib" \
CFLAGS="-I/opt/pyca/cryptography/openssl/include -Wl,--exclude-libs,ALL" \
../.venv/bin/python setup.py bdist_wheel $PY_LIMITED_API && mv dist/cryptography*.whl ../tmpwheelhouse
- run: auditwheel repair --plat ${{ matrix.MANYLINUX.NAME }} tmpwheelhouse/cryptograph*.whl -w wheelhouse/
- run: unzip wheelhouse/*.whl -d execstack.check
- run: |
results=$(execstack execstack.check/cryptography/hazmat/bindings/*.so)
count=$(echo "$results" | grep -c '^X' || true)
if [ "$count" -ne 0 ]; then
exit 1
else
exit 0
fi
- run: .venv/bin/pip install cryptography --no-index -f wheelhouse/
- run: |
.venv/bin/python -c "from cryptography.hazmat.backends.openssl.backend import backend;print('Loaded: ' + backend.openssl_version_text());print('Linked Against: ' + backend._ffi.string(backend._lib.OPENSSL_VERSION_TEXT).decode('ascii'))"
- run: mkdir cryptography-wheelhouse
- run: mv wheelhouse/cryptography*.whl cryptography-wheelhouse/
- uses: actions/upload-artifact@v1
with:
name: "cryptography-${{ github.event.inputs.version }}-${{ matrix.MANYLINUX.NAME }}-${{ matrix.PYTHON }}"
path: cryptography-wheelhouse/
macos:
runs-on: macos-latest
strategy:
matrix:
PYTHON:
- VERSION: '2.7'
ABI_VERSION: '2.7'
DOWNLOAD_URL: 'https://www.python.org/ftp/python/2.7.17/python-2.7.17-macosx10.9.pkg'
BIN_PATH: '/Library/Frameworks/Python.framework/Versions/2.7/bin/python'
- VERSION: '3.8'
ABI_VERSION: '3.6'
DOWNLOAD_URL: 'https://www.python.org/ftp/python/3.8.2/python-3.8.2-macosx10.9.pkg'
BIN_PATH: '/Library/Frameworks/Python.framework/Versions/3.8/bin/python3'
name: "${{ matrix.PYTHON.VERSION }} ABI ${{ matrix.PYTHON.ABI_VERSION }} macOS"
steps:
- uses: actions/checkout@v2
- run: |
curl "$PYTHON_DOWNLOAD_URL" -o python.pkg
sudo installer -pkg python.pkg -target /
env:
PYTHON_DOWNLOAD_URL: ${{ matrix.PYTHON.DOWNLOAD_URL }}
- run: ${{ matrix.PYTHON.BIN_PATH }} -m pip install -U virtualenv requests
- name: Download OpenSSL
run: |
${{ matrix.PYTHON.BIN_PATH }} .github/workflows/download_openssl.py macos openssl-macos-x86-64
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- run: ${{ matrix.PYTHON.BIN_PATH }} -m virtualenv venv
- run: venv/bin/pip install -U pip wheel cffi six ipaddress "enum34; python_version < '3'"
- run: venv/bin/pip download cryptography==${{ github.event.inputs.version }} --no-deps --no-binary cryptography && tar zxvf cryptography*.tar.gz && mkdir wheelhouse
- name: Build the wheel
run: |
REGEX="3\.([0-9])*"
if [[ "${{ matrix.PYTHON.ABI_VERSION }}" =~ $REGEX ]]; then
PY_LIMITED_API="--py-limited-api=cp3${BASH_REMATCH[1]}"
fi
cd cryptography*
CRYPTOGRAPHY_SUPPRESS_LINK_FLAGS="1" \
LDFLAGS="${HOME}/openssl-macos-x86-64/lib/libcrypto.a ${HOME}/openssl-macos-x86-64/lib/libssl.a" \
CFLAGS="-I${HOME}/openssl-macos-x86-64/include -mmacosx-version-min=10.10 -march=core2" \
../venv/bin/python setup.py bdist_wheel $PY_LIMITED_API && mv dist/cryptography*.whl ../wheelhouse
- run: venv/bin/pip install -f wheelhouse --no-index cryptography
- run: |
venv/bin/python -c "from cryptography.hazmat.backends.openssl.backend import backend;print('Loaded: ' + backend.openssl_version_text());print('Linked Against: ' + backend._ffi.string(backend._lib.OPENSSL_VERSION_TEXT).decode('ascii'))"
- run: mkdir cryptography-wheelhouse
- run: mv wheelhouse/cryptography*.whl cryptography-wheelhouse/
- uses: actions/upload-artifact@v2.2.0
with:
name: "cryptography-${{ github.event.inputs.version }}-macOS-${{ matrix.PYTHON.ABI_VERSION }}"
path: cryptography-wheelhouse/
windows:
runs-on: windows-latest
strategy:
matrix:
WINDOWS:
- {ARCH: 'x86', WINDOWS: 'win32'}
- {ARCH: 'x64', WINDOWS: 'win64'}
PYTHON:
- {VERSION: "2.7", MSVC_VERSION: "2010"}
- {VERSION: "3.8", MSVC_VERSION: "2019", "USE_ABI3": "true", "ABI_VERSION": "cp36"}
name: "${{ matrix.PYTHON.VERSION }} ${{ matrix.WINDOWS.WINDOWS }} ${{ matrix.PYTHON.ABI_VERSION }}"
steps:
- uses: actions/checkout@v2
- name: Setup python
uses: actions/setup-python@v2
with:
python-version: ${{ matrix.PYTHON.VERSION }}
architecture: ${{ matrix.WINDOWS.ARCH }}
- name: Install MSVC for Python 2.7
run: |
Invoke-WebRequest -Uri https://download.microsoft.com/download/7/9/6/796EF2E4-801B-4FC4-AB28-B59FBF6D907B/VCForPython27.msi -OutFile VCForPython27.msi
Start-Process msiexec -Wait -ArgumentList @('/i', 'VCForPython27.msi', '/qn', 'ALLUSERS=1')
Remove-Item VCForPython27.msi -Force
shell: powershell
if: matrix.PYTHON.VERSION == '2.7'
- run: pip install requests
- name: Download OpenSSL
run: |
python .github/workflows/download_openssl.py windows openssl-${{ matrix.WINDOWS.WINDOWS }}-${{ matrix.PYTHON.MSVC_VERSION }}
echo "INCLUDE=C:/openssl-${{ matrix.WINDOWS.WINDOWS }}-${{ matrix.PYTHON.MSVC_VERSION }}/include;$INCLUDE" >> $GITHUB_ENV
echo "LIB=C:/openssl-${{ matrix.WINDOWS.WINDOWS }}-${{ matrix.PYTHON.MSVC_VERSION }}/lib;$LIB" >> $GITHUB_ENV
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
shell: bash
- run: python -m pip install -U pip wheel cffi six ipaddress "enum34; python_version < '3'"
- run: pip download cryptography==${{ github.event.inputs.version }} --no-deps --no-binary cryptography && tar zxvf cryptography*.tar.gz && mkdir wheelhouse
shell: bash
- run: cd cryptography* && python setup.py bdist_wheel && mv dist/cryptography*.whl ../wheelhouse
if: matrix.PYTHON.USE_ABI3 != 'true'
- run: cd cryptography* && python setup.py bdist_wheel --py-limited-api=${{ matrix.PYTHON.ABI_VERSION }} && mv dist/cryptography*.whl ../wheelhouse
if: matrix.PYTHON.USE_ABI3 == 'true'
- run: pip install -f wheelhouse --no-index cryptography
- name: Print the OpenSSL we built and linked against
run: |
python -c "from cryptography.hazmat.backends.openssl.backend import backend;print('Loaded: ' + backend.openssl_version_text());print('Linked Against: ' + backend._ffi.string(backend._lib.OPENSSL_VERSION_TEXT).decode('ascii'))"
- run: mkdir cryptography-wheelhouse
- run: move wheelhouse\cryptography*.whl cryptography-wheelhouse\
- uses: actions/upload-artifact@v2.2.0
with:
name: "cryptography-${{ github.event.inputs.version }}-${{ matrix.WINDOWS.WINDOWS }}-${{ matrix.PYTHON.VERSION }}-${{ matrix.PYTHON.ABI_VERSION}}"
path: cryptography-wheelhouse\