First pass at moving windows CI to github actions (#5145)

* First pass at moving windows CI to github actions

* Install coverage

* Remove bonus http request

3 files changed, 103 insertions, 83 deletions

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
new file mode 100644
index 00000000..80fcc4f7
--- /dev/null
+++ b/.github/workflows/ci.yml
@@ -0,0 +1,57 @@
+on:
+  pull_request: {}
+  push:
+    branches:
+      - master
+      - '*.*.x'
+    tags:
+      - '*.*.*'
+
+jobs:
+  windows:
+    runs-on: windows-latest
+    strategy:
+      matrix:
+        WINDOWS:
+          - {ARCH: 'x86', WINDOWS: 'win32'}
+          - {ARCH: 'x64', WINDOWS: 'win64'}
+        PYTHON:
+          - {VERSION: "2.7", TOXENV: "py27", MSVC_VERSION: "2010"}
+          - {VERSION: "3.5", TOXENV: "py35", MSVC_VERSION: "2019"}
+          - {VERSION: "3.6", TOXENV: "py36", MSVC_VERSION: "2019"}
+          - {VERSION: "3.7", TOXENV: "py37", MSVC_VERSION: "2019"}
+          - {VERSION: "3.8", TOXENV: "py38", MSVC_VERSION: "2019"}
+    name: "Python ${{ matrix.PYTHON.VERSION }} on ${{ matrix.WINDOWS.WINDOWS }}"
+    steps:
+      - uses: actions/checkout@master
+      - name: Setup python
+        uses: actions/setup-python@v1
+        with:
+          python-version: ${{ matrix.PYTHON.VERSION }}
+          architecture: ${{ matrix.WINDOWS.ARCH }}
+
+      - name: Install MSVC for Python 2.7
+        run: |
+            Invoke-WebRequest -Uri https://download.microsoft.com/download/7/9/6/796EF2E4-801B-4FC4-AB28-B59FBF6D907B/VCForPython27.msi -OutFile VCForPython27.msi
+            Start-Process msiexec -Wait -ArgumentList @('/i', 'VCForPython27.msi', '/qn', 'ALLUSERS=1')
+            Remove-Item VCForPython27.msi -Force
+        shell: powershell
+        if: matrix.PYTHON.VERSION == '2.7'
+      - run: pip install tox requests coverage
+      - name: Download OpenSSL
+        run: |
+            python .github/workflows/download_openssl.py openssl-${{ matrix.WINDOWS.WINDOWS }}-${{ matrix.PYTHON.MSVC_VERSION }}
+            echo "::set-env name=INCLUDE::C:/openssl-${{ matrix.WINDOWS.WINDOWS }}-${{ matrix.PYTHON.MSVC_VERSION }}/include;%INCLUDE%"
+            echo "::set-env name=LIB::C:/openssl-${{ matrix.WINDOWS.WINDOWS }}-${{ matrix.PYTHON.MSVC_VERSION }}/lib;%LIB%"
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      - run: git clone https://github.com/google/wycheproof
+
+      - run: tox -r -- --color=yes --wycheproof-root=wycheproof
+        env:
+          TOXENV: ${{ matrix.PYTHON.TOXENV }}
+
+      - uses: codecov/codecov-action@v1
+        with:
+          name: "Python ${{ matrix.PYTHON.VERSION }} on ${{ matrix.WINDOWS.WINDOWS }}"
+          fail_ci_if_error: true
diff --git a/.github/workflows/download_openssl.py b/.github/workflows/download_openssl.py
new file mode 100644
index 00000000..64967cde
--- /dev/null
+++ b/.github/workflows/download_openssl.py
@@ -0,0 +1,46 @@
+import io
+import os
+import sys
+import zipfile
+
+import requests
+
+
+# TODO: Switch to master
+BRANCH = "openssl-windows-github-actions"
+RUNS_URL = (
+    "https://api.github.com/repos/pyca/infra/actions/workflows/"
+    "build-openssl.yml/runs?branch={}&status=success".format(BRANCH)
+)
+
+
+def get_response(url, token):
+    response = requests.get(url, headers={"Authorization": "token " + token})
+    if response.status_code != 200:
+        raise ValueError("Got HTTP {} fetching {}: ".format(
+            response.code, url, response.content
+        ))
+    return response
+
+
+def main(target):
+    token = os.environ["GITHUB_TOKEN"]
+    print("Looking for: {}".format(target))
+
+    response = get_response(RUNS_URL, token).json()
+    artifacts_url = response["workflow_runs"][0]["artifacts_url"]
+    response = get_response(artifacts_url, token).json()
+    for artifact in response["artifacts"]:
+        if artifact["name"] == target:
+            print("Found artifact")
+            response = get_response(
+                artifact["archive_download_url"], token
+            )
+            zipfile.ZipFile(io.BytesIO(response.content)).extractall(
+                "C:/{}".format(artifact["name"])
+            )
+            return
+
+
+if __name__ == "__main__":
+    main(sys.argv[1])
diff --git a/azure-pipelines.yml b/azure-pipelines.yml
index 749bc712..cd979e02 100644
--- a/azure-pipelines.yml
+++ b/azure-pipelines.yml
@@ -69,86 +69,3 @@ jobs:
   - script: codecov -e MACOS_VERSION,AGENT_OS,TOXENV
     displayName: 'Submit coverage'
     condition: succeeded()
-- job: 'win'
-  pool:
-    vmImage: 'windows-2019'
-  container: $[variables.containerImage]
-  strategy:
-    matrix:
-      Python27-x86:
-        TOXENV: py27
-        containerImage: 'pyca/cryptography-runner-windows:py27-x86'
-        OPENSSL_DIR: 'OpenSSL-Win32-2010'
-        PYTHON_DIR: 'Python27'
-        WINDOWS_ARCH: 'x86'
-      Python27-x86-64:
-        TOXENV: py27
-        containerImage: 'pyca/cryptography-runner-windows:py27-x86_64'
-        OPENSSL_DIR: 'OpenSSL-Win64-2010'
-        PYTHON_DIR: 'Python27'
-        WINDOWS_ARCH: 'x86_64'
-      Python35-x86:
-        TOXENV: py35
-        containerImage: 'pyca/cryptography-runner-windows:py35-x86'
-        OPENSSL_DIR: 'OpenSSL-Win32-2015'
-        PYTHON_DIR: 'Python35'
-        WINDOWS_ARCH: 'x86'
-      Python35-x86-64:
-        TOXENV: py35
-        containerImage: 'pyca/cryptography-runner-windows:py35-x86_64'
-        OPENSSL_DIR: 'OpenSSL-Win64-2015'
-        PYTHON_DIR: 'Python35'
-        WINDOWS_ARCH: 'x86_64'
-      Python36-x86:
-        TOXENV: py36
-        containerImage: 'pyca/cryptography-runner-windows:py3-x86'
-        OPENSSL_DIR: 'OpenSSL-Win32-2015'
-        PYTHON_DIR: 'Python36'
-        WINDOWS_ARCH: 'x86'
-      Python36-x86-64:
-        TOXENV: py36
-        containerImage: 'pyca/cryptography-runner-windows:py3-x86_64'
-        OPENSSL_DIR: 'OpenSSL-Win64-2015'
-        PYTHON_DIR: 'Python36'
-        WINDOWS_ARCH: 'x86_64'
-      Python37-x86:
-        TOXENV: py37
-        containerImage: 'pyca/cryptography-runner-windows:py3-x86'
-        OPENSSL_DIR: 'OpenSSL-Win32-2015'
-        PYTHON_DIR: 'Python37'
-        WINDOWS_ARCH: 'x86'
-      Python37-x86-64:
-        TOXENV: py37
-        containerImage: 'pyca/cryptography-runner-windows:py3-x86_64'
-        OPENSSL_DIR: 'OpenSSL-Win64-2015'
-        PYTHON_DIR: 'Python37'
-        WINDOWS_ARCH: 'x86_64'
-      Python38-x86:
-        TOXENV: py38
-        containerImage: 'pyca/cryptography-runner-windows:py3-x86'
-        OPENSSL_DIR: 'OpenSSL-Win32-2015'
-        PYTHON_DIR: 'Python38'
-        WINDOWS_ARCH: 'x86'
-      Python38-x86-64:
-        TOXENV: py38
-        containerImage: 'pyca/cryptography-runner-windows:py3-x86_64'
-        OPENSSL_DIR: 'OpenSSL-Win64-2015'
-        PYTHON_DIR: 'Python38'
-        WINDOWS_ARCH: 'x86_64'
-  steps:
-  - script: C:/%PYTHON_DIR%/Scripts/pip install codecov
-    displayName: 'Install codecov'
-
-  - script: git clone https://github.com/google/wycheproof
-    displayName: 'Clone wycheproof'
-
-  - script: |
-        set INCLUDE=C:/%OPENSSL_DIR%/include;%INCLUDE%
-        set LIB=C:/%OPENSSL_DIR%/lib;%LIB%
-        C:/%PYTHON_DIR%/Scripts/tox -r --  --color=yes --wycheproof-root=wycheproof
-        IF %ERRORLEVEL% NEQ 0 EXIT /B %ERRORLEVEL%
-    displayName: 'Run tests'
-
-  - script: set PATH=%PATH%;C:/%PYTHON_DIR%/Scripts; & codecov -e AGENT_OS,TOXENV,WINDOWS_ARCH
-    displayName: 'Submit coverage'
-    condition: succeeded()