First pass at moving windows CI to github actions (#5145)

* First pass at moving windows CI to github actions

* Install coverage

* Remove bonus http request

2 files changed, 103 insertions, 0 deletions

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
new file mode 100644
index 00000000..80fcc4f7
--- /dev/null
+++ b/.github/workflows/ci.yml
@@ -0,0 +1,57 @@
+on:
+  pull_request: {}
+  push:
+    branches:
+      - master
+      - '*.*.x'
+    tags:
+      - '*.*.*'
+
+jobs:
+  windows:
+    runs-on: windows-latest
+    strategy:
+      matrix:
+        WINDOWS:
+          - {ARCH: 'x86', WINDOWS: 'win32'}
+          - {ARCH: 'x64', WINDOWS: 'win64'}
+        PYTHON:
+          - {VERSION: "2.7", TOXENV: "py27", MSVC_VERSION: "2010"}
+          - {VERSION: "3.5", TOXENV: "py35", MSVC_VERSION: "2019"}
+          - {VERSION: "3.6", TOXENV: "py36", MSVC_VERSION: "2019"}
+          - {VERSION: "3.7", TOXENV: "py37", MSVC_VERSION: "2019"}
+          - {VERSION: "3.8", TOXENV: "py38", MSVC_VERSION: "2019"}
+    name: "Python ${{ matrix.PYTHON.VERSION }} on ${{ matrix.WINDOWS.WINDOWS }}"
+    steps:
+      - uses: actions/checkout@master
+      - name: Setup python
+        uses: actions/setup-python@v1
+        with:
+          python-version: ${{ matrix.PYTHON.VERSION }}
+          architecture: ${{ matrix.WINDOWS.ARCH }}
+
+      - name: Install MSVC for Python 2.7
+        run: |
+            Invoke-WebRequest -Uri https://download.microsoft.com/download/7/9/6/796EF2E4-801B-4FC4-AB28-B59FBF6D907B/VCForPython27.msi -OutFile VCForPython27.msi
+            Start-Process msiexec -Wait -ArgumentList @('/i', 'VCForPython27.msi', '/qn', 'ALLUSERS=1')
+            Remove-Item VCForPython27.msi -Force
+        shell: powershell
+        if: matrix.PYTHON.VERSION == '2.7'
+      - run: pip install tox requests coverage
+      - name: Download OpenSSL
+        run: |
+            python .github/workflows/download_openssl.py openssl-${{ matrix.WINDOWS.WINDOWS }}-${{ matrix.PYTHON.MSVC_VERSION }}
+            echo "::set-env name=INCLUDE::C:/openssl-${{ matrix.WINDOWS.WINDOWS }}-${{ matrix.PYTHON.MSVC_VERSION }}/include;%INCLUDE%"
+            echo "::set-env name=LIB::C:/openssl-${{ matrix.WINDOWS.WINDOWS }}-${{ matrix.PYTHON.MSVC_VERSION }}/lib;%LIB%"
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      - run: git clone https://github.com/google/wycheproof
+
+      - run: tox -r -- --color=yes --wycheproof-root=wycheproof
+        env:
+          TOXENV: ${{ matrix.PYTHON.TOXENV }}
+
+      - uses: codecov/codecov-action@v1
+        with:
+          name: "Python ${{ matrix.PYTHON.VERSION }} on ${{ matrix.WINDOWS.WINDOWS }}"
+          fail_ci_if_error: true
diff --git a/.github/workflows/download_openssl.py b/.github/workflows/download_openssl.py
new file mode 100644
index 00000000..64967cde
--- /dev/null
+++ b/.github/workflows/download_openssl.py
@@ -0,0 +1,46 @@
+import io
+import os
+import sys
+import zipfile
+
+import requests
+
+
+# TODO: Switch to master
+BRANCH = "openssl-windows-github-actions"
+RUNS_URL = (
+    "https://api.github.com/repos/pyca/infra/actions/workflows/"
+    "build-openssl.yml/runs?branch={}&status=success".format(BRANCH)
+)
+
+
+def get_response(url, token):
+    response = requests.get(url, headers={"Authorization": "token " + token})
+    if response.status_code != 200:
+        raise ValueError("Got HTTP {} fetching {}: ".format(
+            response.code, url, response.content
+        ))
+    return response
+
+
+def main(target):
+    token = os.environ["GITHUB_TOKEN"]
+    print("Looking for: {}".format(target))
+
+    response = get_response(RUNS_URL, token).json()
+    artifacts_url = response["workflow_runs"][0]["artifacts_url"]
+    response = get_response(artifacts_url, token).json()
+    for artifact in response["artifacts"]:
+        if artifact["name"] == target:
+            print("Found artifact")
+            response = get_response(
+                artifact["archive_download_url"], token
+            )
+            zipfile.ZipFile(io.BytesIO(response.content)).extractall(
+                "C:/{}".format(artifact["name"])
+            )
+            return
+
+
+if __name__ == "__main__":
+    main(sys.argv[1])