Bump actions/checkout from 2 to 4 #28

Workflow file for this run

	name: CI
	on:
	pull_request: {}
	push:
	branches:
	- master
	- '..x'
	tags:
	- '.'
	- '..*'

	jobs:
	linux:
	runs-on: ubuntu-latest
	strategy:
	matrix:
	PYTHON:
	- {VERSION: "3.9", TOXENV: "pep8,packaging,docs", COVERAGE: "false"}
	- {VERSION: "pypy2", TOXENV: "pypy-nocoverage", COVERAGE: "false"}
	- {VERSION: "pypy3", TOXENV: "pypy3-nocoverage", COVERAGE: "false"}
	- {VERSION: "2.7", TOXENV: "py27", OPENSSL: {TYPE: "openssl", VERSION: "1.1.0l"}}
	- {VERSION: "2.7", TOXENV: "py27-ssh", OPENSSL: {TYPE: "openssl", VERSION: "1.1.0l"}}
	- {VERSION: "3.9", TOXENV: "py39", OPENSSL: {TYPE: "openssl", VERSION: "1.1.0l"}}
	- {VERSION: "2.7", TOXENV: "py27", OPENSSL: {TYPE: "openssl", VERSION: "1.1.1h"}}
	- {VERSION: "3.9", TOXENV: "py39", OPENSSL: {TYPE: "openssl", VERSION: "1.1.1h"}}
	- {VERSION: "3.9", TOXENV: "py39-ssh", OPENSSL: {TYPE: "openssl", VERSION: "1.1.1h"}}
	- {VERSION: "3.9", TOXENV: "py39", OPENSSL: {TYPE: "openssl", VERSION: "1.1.1h", CONFIG_FLAGS: "no-engine no-rc2 no-srtp no-ct"}}
	- {VERSION: "3.9", TOXENV: "py39", OPENSSL: {TYPE: "libressl", VERSION: "2.9.2"}}
	- {VERSION: "3.9", TOXENV: "py39", OPENSSL: {TYPE: "libressl", VERSION: "3.0.2"}}
	- {VERSION: "3.9", TOXENV: "py39", OPENSSL: {TYPE: "libressl", VERSION: "3.1.4"}}
	- {VERSION: "3.9", TOXENV: "py39", OPENSSL: {TYPE: "libressl", VERSION: "3.2.2"}}
	name: "${{ matrix.PYTHON.TOXENV }} ${{ matrix.PYTHON.OPENSSL.TYPE }} ${{ matrix.PYTHON.OPENSSL.VERSION }} ${{ matrix.PYTHON.OPENSSL.CONFIG_FLAGS }}"
	steps:
	- uses: actions/checkout@v4
	- name: Setup python
	uses: actions/setup-python@v2
	with:
	python-version: ${{ matrix.PYTHON.VERSION }}
	- run: git clone --depth=1 https://github.com/google/wycheproof
	- run: python -m pip install tox requests coverage
	- name: Compute config hash and set config vars
	run: \|
	DEFAULT_CONFIG_FLAGS="shared no-ssl2 no-ssl3"
	CONFIG_FLAGS="$DEFAULT_CONFIG_FLAGS $CONFIG_FLAGS"
	CONFIG_HASH=$(echo "$CONFIG_FLAGS" \| sha1sum \| sed 's/ .*$//')
	echo "CONFIG_FLAGS=${CONFIG_FLAGS}" >> $GITHUB_ENV
	echo "CONFIG_HASH=${CONFIG_HASH}" >> $GITHUB_ENV
	echo "OSSL_INFO=${{ matrix.PYTHON.OPENSSL.TYPE }}-${{ matrix.PYTHON.OPENSSL.VERSION }}-${CONFIG_FLAGS}" >> $GITHUB_ENV
	echo "OSSL_PATH=${{ github.workspace }}/osslcache/${{ matrix.PYTHON.OPENSSL.TYPE }}-${{ matrix.PYTHON.OPENSSL.VERSION }}-${CONFIG_HASH}" >> $GITHUB_ENV
	env:
	CONFIG_FLAGS: ${{ matrix.PYTHON.OPENSSL.CONFIG_FLAGS }}
	if: matrix.PYTHON.OPENSSL
	- name: Load cache
	uses: actions/cache@v2
	id: ossl-cache
	with:
	path: ${{ github.workspace }}/osslcache
	# When altering the openssl build process you may need to increment the value on the end of this cache key
	# so that you can prevent it from fetching the cache and skipping the build step.
	key: ${{ matrix.PYTHON.OPENSSL.TYPE }}-${{ matrix.PYTHON.OPENSSL.VERSION }}-${{ env.CONFIG_HASH }}-1
	if: matrix.PYTHON.OPENSSL
	- name: Build custom OpenSSL/LibreSSL
	run: .github/workflows/build_openssl.sh
	env:
	TYPE: ${{ matrix.PYTHON.OPENSSL.TYPE }}
	VERSION: ${{ matrix.PYTHON.OPENSSL.VERSION }}
	if: matrix.PYTHON.OPENSSL && steps.ossl-cache.outputs.cache-hit != 'true'
	- name: Set CFLAGS/LDFLAGS
	run: \|
	echo "CFLAGS=${CFLAGS} -I${OSSL_PATH}/include" >> $GITHUB_ENV
	echo "LDFLAGS=${LDFLAGS} -L${OSSL_PATH}/lib -Wl,-rpath=${OSSL_PATH}/lib" >> $GITHUB_ENV
	if: matrix.PYTHON.OPENSSL
	- name: Tests
	run: \|
	tox -r -- --color=yes --wycheproof-root=wycheproof
	env:
	TOXENV: ${{ matrix.PYTHON.TOXENV }}
	- uses: ./.github/actions/upload-coverage
	with:
	name: "tox -e ${{ matrix.PYTHON.TOXENV }} ${{ env.OSSL_INFO }}"
	if: matrix.PYTHON.COVERAGE != 'false'

	linux-distros:
	runs-on: ubuntu-latest
	container: ${{ matrix.IMAGE.IMAGE }}
	strategy:
	matrix:
	IMAGE:
	- {IMAGE: "pyca/cryptography-runner-centos8", TOXENV: "py27"}
	- {IMAGE: "pyca/cryptography-runner-centos8", TOXENV: "py36"}
	- {IMAGE: "pyca/cryptography-runner-centos8-fips", TOXENV: "py36", ENV: "OPENSSL_FORCE_FIPS_MODE=1"}
	- {IMAGE: "pyca/cryptography-runner-stretch", TOXENV: "py27"}
	- {IMAGE: "pyca/cryptography-runner-buster", TOXENV: "py37"}
	- {IMAGE: "pyca/cryptography-runner-bullseye", TOXENV: "py38"}
	- {IMAGE: "pyca/cryptography-runner-sid", TOXENV: "py39"}
	- {IMAGE: "pyca/cryptography-runner-ubuntu-bionic", TOXENV: "py36"}
	- {IMAGE: "pyca/cryptography-runner-ubuntu-focal", TOXENV: "py38"}
	- {IMAGE: "pyca/cryptography-runner-ubuntu-rolling", TOXENV: "py27"}
	- {IMAGE: "pyca/cryptography-runner-ubuntu-rolling", TOXENV: "py38"}
	- {IMAGE: "pyca/cryptography-runner-ubuntu-rolling", TOXENV: "py38-randomorder"}
	- {IMAGE: "pyca/cryptography-runner-fedora", TOXENV: "py39"}
	- {IMAGE: "pyca/cryptography-runner-alpine", TOXENV: "py38"}
	name: "tox -e ${{ matrix.IMAGE.TOXENV }} on ${{ matrix.IMAGE.IMAGE }} ${{ matrix.IMAGE.ENV }}"
	steps:
	- uses: actions/checkout@v4
	- run: 'git clone --depth=1 https://github.com/google/wycheproof "$HOME/wycheproof"'
	- run: 'echo "$ENV_VAR" >> $GITHUB_ENV'
	if: matrix.IMAGE.ENV
	env:
	ENV_VAR: ${{ matrix.IMAGE.ENV }}
	- run: 'tox -- --wycheproof-root="$HOME/wycheproof"'
	env:
	TOXENV: ${{ matrix.IMAGE.TOXENV }}
	- uses: ./.github/actions/upload-coverage
	with:
	name: "tox -e ${{ matrix.IMAGE.TOXENV }} on ${{ matrix.IMAGE.IMAGE }} ${{ matrix.IMAGE.ENV }}"

	macos:
	runs-on: macos-latest
	strategy:
	matrix:
	PYTHON:
	- {VERSION: "2.7", TOXENV: "py27", EXTRA_CFLAGS: ""}
	- {VERSION: "3.6", TOXENV: "py36", EXTRA_CFLAGS: ""}
	- {VERSION: "3.9", TOXENV: "py39", EXTRA_CFLAGS: "-DUSE_OSRANDOM_RNG_FOR_TESTING"}
	name: "Python ${{ matrix.PYTHON.VERSION }} on macOS"
	steps:
	- uses: actions/checkout@v4
	- name: Setup python
	uses: actions/setup-python@v2
	with:
	python-version: ${{ matrix.PYTHON.VERSION }}

	- run: python -m pip install tox requests coverage

	- run: git clone https://github.com/google/wycheproof

	- name: Download OpenSSL
	run: \|
	python .github/workflows/download_openssl.py macos openssl-macos-x86-64
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	- name: Tests
	run: \|
	CRYPTOGRAPHY_SUPPRESS_LINK_FLAGS=1 \
	LDFLAGS="${HOME}/openssl-macos-x86-64/lib/libcrypto.a ${HOME}/openssl-macos-x86-64/lib/libssl.a" \
	CFLAGS="-I${HOME}/openssl-macos-x86-64/include -Werror -Wno-error=deprecated-declarations -Wno-error=incompatible-pointer-types-discards-qualifiers -Wno-error=unused-function -Wno-error=unused-command-line-argument -mmacosx-version-min=10.10 -march=core2 $EXTRA_CFLAGS" \
	tox -r -- --color=yes --wycheproof-root=wycheproof
	env:
	TOXENV: ${{ matrix.PYTHON.TOXENV }}
	EXTRA_CFLAGS: ${{ matrix.PYTHON.EXTRA_CFLAGS }}

	- uses: ./.github/actions/upload-coverage
	with:
	name: "Python ${{ matrix.PYTHON.VERSION }} on macOS"

	windows:
	runs-on: windows-latest
	strategy:
	matrix:
	WINDOWS:
	- {ARCH: 'x86', WINDOWS: 'win32'}
	- {ARCH: 'x64', WINDOWS: 'win64'}
	PYTHON:
	- {VERSION: "2.7", TOXENV: "py27", MSVC_VERSION: "2010", CL_FLAGS: ""}
	- {VERSION: "3.6", TOXENV: "py36", MSVC_VERSION: "2019", CL_FLAGS: ""}
	- {VERSION: "3.7", TOXENV: "py37", MSVC_VERSION: "2019", CL_FLAGS: ""}
	- {VERSION: "3.8", TOXENV: "py38", MSVC_VERSION: "2019", CL_FLAGS: ""}
	- {VERSION: "3.9", TOXENV: "py39", MSVC_VERSION: "2019", CL_FLAGS: "/D USE_OSRANDOM_RNG_FOR_TESTING"}
	name: "Python ${{ matrix.PYTHON.VERSION }} on ${{ matrix.WINDOWS.WINDOWS }}"
	steps:
	- uses: actions/checkout@v4
	- name: Setup python
	uses: actions/setup-python@v2
	with:
	python-version: ${{ matrix.PYTHON.VERSION }}
	architecture: ${{ matrix.WINDOWS.ARCH }}

	- name: Install MSVC for Python 2.7
	run: \|
	Invoke-WebRequest -Uri https://download.microsoft.com/download/7/9/6/796EF2E4-801B-4FC4-AB28-B59FBF6D907B/VCForPython27.msi -OutFile VCForPython27.msi
	Start-Process msiexec -Wait -ArgumentList @('/i', 'VCForPython27.msi', '/qn', 'ALLUSERS=1')
	Remove-Item VCForPython27.msi -Force
	shell: powershell
	if: matrix.PYTHON.VERSION == '2.7'
	- run: python -m pip install tox requests coverage
	- name: Download OpenSSL
	run: \|
	python .github/workflows/download_openssl.py windows openssl-${{ matrix.WINDOWS.WINDOWS }}-${{ matrix.PYTHON.MSVC_VERSION }}
	echo "INCLUDE=C:/openssl-${{ matrix.WINDOWS.WINDOWS }}-${{ matrix.PYTHON.MSVC_VERSION }}/include;$INCLUDE" >> $GITHUB_ENV
	echo "LIB=C:/openssl-${{ matrix.WINDOWS.WINDOWS }}-${{ matrix.PYTHON.MSVC_VERSION }}/lib;$LIB" >> $GITHUB_ENV
	echo "CL=${{ matrix.PYTHON.CL_FLAGS }}" >> $GITHUB_ENV
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	shell: bash
	- run: git clone https://github.com/google/wycheproof

	- run: tox -r -- --color=yes --wycheproof-root=wycheproof
	env:
	TOXENV: ${{ matrix.PYTHON.TOXENV }}

	- uses: ./.github/actions/upload-coverage
	with:
	name: "Python ${{ matrix.PYTHON.VERSION }} on ${{ matrix.WINDOWS.WINDOWS }}"

	linux-downstream:
	runs-on: ubuntu-latest
	strategy:
	matrix:
	DOWNSTREAM:
	- paramiko
	- pyopenssl
	- twisted
	- aws-encryption-sdk
	- dynamodb-encryption-sdk
	- certbot
	- certbot-josepy
	name: "Downstream tests for ${{ matrix.DOWNSTREAM }}"
	steps:
	- uses: actions/checkout@v4
	- name: Setup python
	uses: actions/setup-python@v2
	with:
	python-version: 3.7
	- run: python -m pip install -U pip wheel
	- run: ./.github/downstream.d/${{ matrix.DOWNSTREAM }}.sh install
	- run: pip uninstall -y enum34
	- run: pip install .
	- run: ./.github/downstream.d/${{ matrix.DOWNSTREAM }}.sh run

	docs-linkcheck:
	if: github.event_name == 'push' && github.ref == 'refs/heads/master'
	runs-on: ubuntu-latest
	name: "linkcheck"
	steps:
	- uses: actions/checkout@v4
	- name: Setup python
	uses: actions/setup-python@v2
	with:
	python-version: 3.9
	- run: python -m pip install -U tox
	- run: tox -r -- --color=yes
	env:
	TOXENV: docs-linkcheck

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump actions/checkout from 2 to 4 #28

Workflow file

Bump actions/checkout from 2 to 4 #28

Jobs

Run details

Workflow file for this run