node20 test #988
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Wheel Builder | |
| permissions: | |
| contents: read | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| version: | |
| description: The version to build | |
| # Do not add any non-tag push events without updating pypi-publish.yml. If | |
| # you do, it'll upload wheels to PyPI. | |
| push: | |
| branches: | |
| - node20 | |
| tags: | |
| - '*.*' | |
| - '*.*.*' | |
| pull_request: | |
| paths: | |
| - .github/workflows/wheel-builder.yml | |
| - .github/requirements/** | |
| - pyproject.toml | |
| - vectors/pyproject.toml | |
| env: | |
| BUILD_REQUIREMENTS_PATH: .github/requirements/build-requirements.txt | |
| jobs: | |
| sdist: | |
| runs-on: ubuntu-latest | |
| name: sdists | |
| steps: | |
| - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 | |
| with: | |
| # The tag to build or the tag received by the tag event | |
| ref: ${{ github.event.inputs.version || github.ref }} | |
| persist-credentials: false | |
| - run: python -m venv .venv | |
| - name: Install Python dependencies | |
| run: .venv/bin/pip install -U pip build | |
| - name: Make sdist (cryptography) | |
| run: .venv/bin/python -m build --sdist | |
| - name: Make sdist and wheel (vectors) | |
| run: cd vectors/ && ../.venv/bin/python -m build | |
| - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 | |
| with: | |
| name: "cryptography-sdist" | |
| path: dist/cryptography* | |
| - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 | |
| with: | |
| name: "vectors-sdist-wheel" | |
| path: vectors/dist/cryptography* | |
| manylinux: | |
| needs: [sdist] | |
| runs-on: ${{ matrix.MANYLINUX.RUNNER }} | |
| container: ghcr.io/pyca/${{ matrix.MANYLINUX.CONTAINER }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| PYTHON: | |
| - { VERSION: "cp311-cp311", ABI_VERSION: 'cp37' } | |
| - { VERSION: "cp311-cp311", ABI_VERSION: 'cp39' } | |
| - { VERSION: "pp39-pypy39_pp73" } | |
| - { VERSION: "pp310-pypy310_pp73" } | |
| MANYLINUX: | |
| - { NAME: "manylinux2014_x86_64", CONTAINER: "cryptography-manylinux2014:x86_64", RUNNER: "ubuntu-latest" } | |
| - { NAME: "manylinux_2_28_x86_64", CONTAINER: "cryptography-manylinux_2_28:x86_64", RUNNER: "ubuntu-latest"} | |
| - { NAME: "musllinux_1_1_x86_64", CONTAINER: "cryptography-musllinux_1_1:x86_64", RUNNER: "ubuntu-latest"} | |
| - { NAME: "musllinux_1_2_x86_64", CONTAINER: "cryptography-musllinux_1_2:x86_64", RUNNER: "ubuntu-latest"} | |
| - { NAME: "manylinux2014_aarch64", CONTAINER: "cryptography-manylinux2014_aarch64", RUNNER: [self-hosted, Linux, ARM64] } | |
| - { NAME: "manylinux_2_28_aarch64", CONTAINER: "cryptography-manylinux_2_28:aarch64", RUNNER: [self-hosted, Linux, ARM64]} | |
| - { NAME: "musllinux_1_1_aarch64", CONTAINER: "cryptography-musllinux_1_1:aarch64", RUNNER: [self-hosted, Linux, ARM64]} | |
| - { NAME: "musllinux_1_2_aarch64", CONTAINER: "cryptography-musllinux_1_2:aarch64", RUNNER: [self-hosted, Linux, ARM64]} | |
| exclude: | |
| # There are no readily available musllinux PyPy distributions | |
| - PYTHON: { VERSION: "pp39-pypy39_pp73" } | |
| MANYLINUX: { NAME: "musllinux_1_1_x86_64", CONTAINER: "cryptography-musllinux_1_1:x86_64", RUNNER: "ubuntu-latest"} | |
| - PYTHON: { VERSION: "pp310-pypy310_pp73" } | |
| MANYLINUX: { NAME: "musllinux_1_1_x86_64", CONTAINER: "cryptography-musllinux_1_1:x86_64", RUNNER: "ubuntu-latest"} | |
| - PYTHON: { VERSION: "pp39-pypy39_pp73" } | |
| MANYLINUX: { NAME: "musllinux_1_1_aarch64", CONTAINER: "cryptography-musllinux_1_1:aarch64", RUNNER: [self-hosted, Linux, ARM64]} | |
| - PYTHON: { VERSION: "pp310-pypy310_pp73" } | |
| MANYLINUX: { NAME: "musllinux_1_1_aarch64", CONTAINER: "cryptography-musllinux_1_1:aarch64", RUNNER: [self-hosted, Linux, ARM64]} | |
| - PYTHON: { VERSION: "pp39-pypy39_pp73" } | |
| MANYLINUX: { NAME: "musllinux_1_2_x86_64", CONTAINER: "cryptography-musllinux_1_2:x86_64", RUNNER: "ubuntu-latest"} | |
| - PYTHON: { VERSION: "pp310-pypy310_pp73" } | |
| MANYLINUX: { NAME: "musllinux_1_2_x86_64", CONTAINER: "cryptography-musllinux_1_2:x86_64", RUNNER: "ubuntu-latest"} | |
| - PYTHON: { VERSION: "pp39-pypy39_pp73" } | |
| MANYLINUX: { NAME: "musllinux_1_2_aarch64", CONTAINER: "cryptography-musllinux_1_2:aarch64", RUNNER: [self-hosted, Linux, ARM64]} | |
| - PYTHON: { VERSION: "pp310-pypy310_pp73" } | |
| MANYLINUX: { NAME: "musllinux_1_2_aarch64", CONTAINER: "cryptography-musllinux_1_2:aarch64", RUNNER: [self-hosted, Linux, ARM64]} | |
| # We also don't build pypy wheels for anything except the latest manylinux | |
| - PYTHON: { VERSION: "pp39-pypy39_pp73" } | |
| MANYLINUX: { NAME: "manylinux2014_x86_64", CONTAINER: "cryptography-manylinux2014:x86_64", RUNNER: "ubuntu-latest"} | |
| - PYTHON: { VERSION: "pp310-pypy310_pp73" } | |
| MANYLINUX: { NAME: "manylinux2014_x86_64", CONTAINER: "cryptography-manylinux2014:x86_64", RUNNER: "ubuntu-latest"} | |
| - PYTHON: { VERSION: "pp39-pypy39_pp73" } | |
| MANYLINUX: { NAME: "manylinux2014_aarch64", CONTAINER: "cryptography-manylinux2014_aarch64", RUNNER: [self-hosted, Linux, ARM64]} | |
| - PYTHON: { VERSION: "pp310-pypy310_pp73" } | |
| MANYLINUX: { NAME: "manylinux2014_aarch64", CONTAINER: "cryptography-manylinux2014_aarch64", RUNNER: [self-hosted, Linux, ARM64]} | |
| name: "${{ matrix.PYTHON.VERSION }} for ${{ matrix.MANYLINUX.NAME }}" | |
| steps: | |
| - name: Ridiculous alpine workaround for actions support on arm64 | |
| run: | | |
| # This modifies /etc/os-release so the JS actions | |
| # from GH can't detect that it's on alpine:aarch64. It will | |
| # then use a glibc nodejs, which works fine when gcompat | |
| # is installed in the container (which it is) | |
| sed -i "s:ID=alpine:ID=NotpineForGHA:" /etc/os-release | |
| if: startsWith(matrix.MANYLINUX.NAME, 'musllinux') && endsWith(matrix.MANYLINUX.NAME, 'aarch64') | |
| - name: Get build-requirements.txt from repository | |
| uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 | |
| with: | |
| # The tag to build or the tag received by the tag event | |
| ref: ${{ github.event.inputs.version || github.ref }} | |
| persist-credentials: false | |
| sparse-checkout: | | |
| ${{ env.BUILD_REQUIREMENTS_PATH }} | |
| sparse-checkout-cone-mode: false | |
| - run: /opt/python/${{ matrix.PYTHON.VERSION }}/bin/python -m venv .venv | |
| - name: Install Python dependencies | |
| run: .venv/bin/pip install --require-hashes -r ${{ env.BUILD_REQUIREMENTS_PATH }} | |
| - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 | |
| with: | |
| name: cryptography-sdist | |
| - run: mkdir tmpwheelhouse | |
| - name: Build the wheel | |
| run: | | |
| if [ -n "${{ matrix.PYTHON.ABI_VERSION }}" ]; then | |
| PY_LIMITED_API="--config-settings=--build-option=--py-limited-api=${{ matrix.PYTHON.ABI_VERSION }} --no-build-isolation" | |
| fi | |
| OPENSSL_DIR="/opt/pyca/cryptography/openssl" \ | |
| OPENSSL_STATIC=1 \ | |
| .venv/bin/python -m pip wheel -v --no-deps $PY_LIMITED_API cryptograph*.tar.gz -w dist/ && mv dist/cryptography*.whl tmpwheelhouse | |
| env: | |
| RUSTUP_HOME: /root/.rustup | |
| - run: auditwheel repair --plat ${{ matrix.MANYLINUX.NAME }} tmpwheelhouse/cryptograph*.whl -w wheelhouse/ | |
| - run: unzip wheelhouse/*.whl -d execstack.check | |
| - run: | | |
| results=$(readelf -lW execstack.check/cryptography/hazmat/bindings/*.so) | |
| count=$(echo "$results" | grep -c 'GNU_STACK.*[R ][W ]E' || true) | |
| if [ "$count" -ne 0 ]; then | |
| exit 1 | |
| else | |
| exit 0 | |
| fi | |
| - run: .venv/bin/pip install cryptography --no-index -f wheelhouse/ | |
| - run: | | |
| .venv/bin/python -c "from cryptography.hazmat.backends.openssl.backend import backend;print('Loaded: ' + backend.openssl_version_text());print('Linked Against: ' + backend._ffi.string(backend._lib.OPENSSL_VERSION_TEXT).decode('ascii'))" | |
| - run: mkdir cryptography-wheelhouse | |
| - run: mv wheelhouse/cryptography*.whl cryptography-wheelhouse/ | |
| - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 | |
| with: | |
| name: "cryptography-${{ github.event.inputs.version }}-${{ matrix.MANYLINUX.NAME }}-${{ matrix.PYTHON.VERSION }}-${{ matrix.PYTHON.ABI_VERSION }}" | |
| path: cryptography-wheelhouse/ | |
| manylinux2014: | |
| needs: [sdist] | |
| runs-on: ${{ matrix.MANYLINUX.RUNNER }} | |
| container: | |
| image: ghcr.io/pyca/${{ matrix.MANYLINUX.CONTAINER }} | |
| volumes: | |
| - /node20217:/node20217:rw,rshared | |
| - /node20217:/__e/node20:ro,rshared | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| PYTHON: | |
| - { VERSION: "cp312-cp312", ABI_VERSION: 'cp37' } | |
| - { VERSION: "cp312-cp312", ABI_VERSION: 'cp39' } | |
| MANYLINUX: | |
| - { NAME: "manylinux2014_x86_64", CONTAINER: "cryptography-manylinux2014:x86_64", RUNNER: "ubuntu-latest" } | |
| #- { NAME: "manylinux2014_aarch64", CONTAINER: "cryptography-manylinux2014_aarch64", RUNNER: [self-hosted, Linux, ARM64] } | |
| name: "${{ matrix.PYTHON.VERSION }} for ${{ matrix.MANYLINUX.NAME }}" | |
| steps: | |
| - name: absurd node workaround | |
| run: | | |
| curl -LO https://unofficial-builds.nodejs.org/download/release/v20.9.0/node-v20.9.0-linux-x64-glibc-217.tar.xz | |
| tar -xf node-v20.9.0-linux-x64-glibc-217.tar.xz --strip-components 1 -C /node20217 | |
| ldd /__e/node20/bin/node | |
| - name: Get build-requirements.txt from repository | |
| uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 | |
| with: | |
| # The tag to build or the tag received by the tag event | |
| ref: ${{ github.event.inputs.version || github.ref }} | |
| persist-credentials: false | |
| sparse-checkout: | | |
| ${{ env.BUILD_REQUIREMENTS_PATH }} | |
| sparse-checkout-cone-mode: false | |
| - run: /opt/python/${{ matrix.PYTHON.VERSION }}/bin/python -m venv .venv | |
| - name: Install Python dependencies | |
| run: .venv/bin/pip install --require-hashes -r ${{ env.BUILD_REQUIREMENTS_PATH }} | |
| - uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 | |
| with: | |
| name: cryptography-sdist | |
| - run: mkdir tmpwheelhouse | |
| - name: Build the wheel | |
| run: | | |
| if [ -n "${{ matrix.PYTHON.ABI_VERSION }}" ]; then | |
| PY_LIMITED_API="--config-settings=--build-option=--py-limited-api=${{ matrix.PYTHON.ABI_VERSION }} --no-build-isolation" | |
| fi | |
| OPENSSL_DIR="/opt/pyca/cryptography/openssl" \ | |
| OPENSSL_STATIC=1 \ | |
| .venv/bin/python -m pip wheel -v --no-deps $PY_LIMITED_API cryptograph*.tar.gz -w dist/ && mv dist/cryptography*.whl tmpwheelhouse | |
| env: | |
| RUSTUP_HOME: /root/.rustup | |
| - run: auditwheel repair --plat ${{ matrix.MANYLINUX.NAME }} tmpwheelhouse/cryptograph*.whl -w wheelhouse/ | |
| - run: unzip wheelhouse/*.whl -d execstack.check | |
| - run: | | |
| results=$(readelf -lW execstack.check/cryptography/hazmat/bindings/*.so) | |
| count=$(echo "$results" | grep -c 'GNU_STACK.*[R ][W ]E' || true) | |
| if [ "$count" -ne 0 ]; then | |
| exit 1 | |
| else | |
| exit 0 | |
| fi | |
| - run: .venv/bin/pip install cryptography --no-index -f wheelhouse/ | |
| - run: | | |
| .venv/bin/python -c "from cryptography.hazmat.backends.openssl.backend import backend;print('Loaded: ' + backend.openssl_version_text());print('Linked Against: ' + backend._ffi.string(backend._lib.OPENSSL_VERSION_TEXT).decode('ascii'))" | |
| - run: mkdir cryptography-wheelhouse | |
| - run: mv wheelhouse/cryptography*.whl cryptography-wheelhouse/ | |
| - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 | |
| with: | |
| name: "cryptography-${{ github.event.inputs.version }}-${{ matrix.MANYLINUX.NAME }}-${{ matrix.PYTHON.VERSION }}-${{ matrix.PYTHON.ABI_VERSION }}" | |
| path: cryptography-wheelhouse/ | |