aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--.github/ISSUE_TEMPLATE/openssl-release.md4
-rw-r--r--.jenkins/Jenkinsfile-OpenSSL-1.186
-rw-r--r--.jenkins/Jenkinsfile-cryptography-wheel-builder95
-rwxr-xr-x.travis/install.sh2
-rw-r--r--Jenkinsfile148
-rw-r--r--dev-requirements.txt1
-rw-r--r--docs/doing-a-release.rst2
-rw-r--r--release.py82
-rw-r--r--tox.ini2
9 files changed, 5 insertions, 417 deletions
diff --git a/.github/ISSUE_TEMPLATE/openssl-release.md b/.github/ISSUE_TEMPLATE/openssl-release.md
index 6167739f..074d9fb0 100644
--- a/.github/ISSUE_TEMPLATE/openssl-release.md
+++ b/.github/ISSUE_TEMPLATE/openssl-release.md
@@ -1,9 +1,7 @@
- [ ] Windows
- - [ ] Run the `openssl-release-1.1` Jenkins job
- - [ ] Copy the resulting artifacts to the Windows builders and unzip them in the root of the file system
+ - [ ] Run the `windows-openssl` Azure Pipelines job
- [ ] macOS
- [ ] Send a pull request to `homebrew` upgrading the `openssl@1.1` formula
- [ ] Wait for it to be merged
- - [ ] Run the `update-brew-openssl` Jenkins job
- [ ] manylinux1
- [ ] Send a pull request to `pyca/infra` updating the [version and hash](https://github.com/pyca/infra/blob/master/cryptography-manylinux1/install_openssl.sh#L5-L6)
diff --git a/.jenkins/Jenkinsfile-OpenSSL-1.1 b/.jenkins/Jenkinsfile-OpenSSL-1.1
deleted file mode 100644
index 62ec9560..00000000
--- a/.jenkins/Jenkinsfile-OpenSSL-1.1
+++ /dev/null
@@ -1,86 +0,0 @@
-def configs = [
- [
- label: "windows2012-openssl", arch: "x86", "vsversion": 2010
- ],
- [
- label: "windows2012-openssl", arch: "x86_64", "vsversion": 2010
- ],
- [
- label: "windows2012-openssl", arch: "x86", "vsversion": 2015
- ],
- [
- label: "windows2012-openssl", arch: "x86_64", "vsversion": 2015
- ],
-]
-
-script = """
- wmic qfe
- powershell "[Net.ServicePointManager]::SecurityProtocol = 'tls12'; wget 'https://www.openssl.org/source/openssl-1.1.1-latest.tar.gz' -OutFile 'openssl-latest.tar.gz'"
- REM Next decompress the tarball using winrar. INUL disables error msgs, which are GUI prompts and therefore undesirable
- "C:\\Program Files\\WinRAR\\WinRAR.exe" -INUL x openssl-latest.tar.gz
- cd openssl-1*
- REM The next line determines the name of the current directory. Batch is great.
- FOR %%I IN (.) DO @SET CURRENTDIR=%%~nI%%~xI
- if "%BUILDARCH%" == "x86" (
- @SET BUILDARCHFLAG=x86
- @SET OPENSSLARCHFLAG="VC-WIN32"
- ) else (
- @SET BUILDARCHFLAG=amd64
- @SET OPENSSLARCHFLAG="VC-WIN64A"
- )
- if "%BUILDVSVERSION%" == "2010" (
- call "C:\\Program Files (x86)\\Microsoft Visual Studio 10.0\\VC\\vcvarsall.bat" %BUILDARCHFLAG%
- echo "Building with VS 2010"
- ) else (
- call "C:\\Program Files (x86)\\Microsoft Visual Studio 14.0\\VC\\vcvarsall.bat" %BUILDARCHFLAG%
- echo "Building with VS 2015"
- )
- SET
- perl Configure no-comp no-shared %OPENSSLARCHFLAG%
- nmake
- nmake test
-
- if "%BUILDARCH%" == "x86" (
- @SET FINALDIR="openssl-win32-%BUILDVSVERSION%"
- ) else (
- @SET FINALDIR="openssl-win64-%BUILDVSVERSION%"
- )
- mkdir %FINALDIR%
- mkdir %FINALDIR%\\lib
- move include %FINALDIR%\\include
- move libcrypto.lib %FINALDIR%\\lib\\
- move libssl.lib %FINALDIR%\\lib\\
- "C:\\Program Files\\WinRAR\\WinRAR.exe" -INUL a %CURRENTDIR%-%BUILDVSVERSION%-%BUILDARCH%.zip %FINALDIR%\\include %FINALDIR%\\lib\\libcrypto.lib %FINALDIR%\\lib\\libssl.lib
-"""
-
-def build(label, vsversion, arch) {
- node(label) {
- try {
- timeout(time: 30, unit: 'MINUTES') {
- stage("Compile") {
- withEnv(["BUILDARCH=$arch", "BUILDVSVERSION=$vsversion"]) {
- bat script
- }
- }
- stage("Archive") {
- archiveArtifacts artifacts: "**/openssl-*.zip"
- }
- }
- } finally {
- deleteDir()
- }
- }
-}
-
-def builders = [:]
-
-for (config in configs) {
- def vsversion = config["vsversion"]
- def arch = config["arch"]
- def label = config["label"]
- builders["${vsversion}-${arch}"] = {
- build(label, vsversion, arch)
- }
-}
-
-parallel builders
diff --git a/.jenkins/Jenkinsfile-cryptography-wheel-builder b/.jenkins/Jenkinsfile-cryptography-wheel-builder
deleted file mode 100644
index 907f06e9..00000000
--- a/.jenkins/Jenkinsfile-cryptography-wheel-builder
+++ /dev/null
@@ -1,95 +0,0 @@
-properties([
- parameters([
- string(defaultValue: '', description: 'The version from PyPI to build', name: 'BUILD_VERSION')
- ]),
- pipelineTriggers([])
-])
-
-def configs = [
- [
- label: 'windows',
- versions: ['py27', 'py34', 'py35', 'py36', 'py37'],
- ],
- [
- label: 'windows64',
- versions: ['py27', 'py34', 'py35', 'py36', 'py37'],
- ],
-]
-
-
-def build(version, label, imageName) {
- try {
- timeout(time: 30, unit: 'MINUTES') {
- if (label.contains("windows")) {
- def pythonPath = [
- py27: "C:\\Python27\\python.exe",
- py34: "C:\\Python34\\python.exe",
- py35: "C:\\Python35\\python.exe",
- py36: "C:\\Python36\\python.exe",
- py37: "C:\\Python37\\python.exe"
- ]
- if (version == "py35" || version == "py36" || version == "py37") {
- opensslPaths = [
- "windows": [
- "include": "C:\\OpenSSL-Win32-2015\\include",
- "lib": "C:\\OpenSSL-Win32-2015\\lib"
- ],
- "windows64": [
- "include": "C:\\OpenSSL-Win64-2015\\include",
- "lib": "C:\\OpenSSL-Win64-2015\\lib"
- ]
- ]
- } else {
- opensslPaths = [
- "windows": [
- "include": "C:\\OpenSSL-Win32-2010\\include",
- "lib": "C:\\OpenSSL-Win32-2010\\lib"
- ],
- "windows64": [
- "include": "C:\\OpenSSL-Win64-2010\\include",
- "lib": "C:\\OpenSSL-Win64-2010\\lib"
- ]
- ]
- }
- bat """
- wmic qfe
- @set PATH="C:\\Python27";"C:\\Python27\\Scripts";%PATH%
- @set PYTHON="${pythonPath[version]}"
-
- @set INCLUDE="${opensslPaths[label]['include']}";%INCLUDE%
- @set LIB="${opensslPaths[label]['lib']}";%LIB%
- virtualenv -p %PYTHON% .release
- call .release\\Scripts\\activate
- pip install wheel virtualenv
- pip wheel cryptography==$BUILD_VERSION --no-use-pep517 --wheel-dir=wheelhouse --no-binary cryptography
- pip install -f wheelhouse cryptography --no-index
- python -c "from cryptography.hazmat.backends.openssl.backend import backend;print('Loaded: ' + backend.openssl_version_text());print('Linked Against: ' + backend._ffi.string(backend._lib.OPENSSL_VERSION_TEXT).decode('ascii'))"
- """
- }
- archiveArtifacts artifacts: "wheelhouse/cryptography*.whl"
- }
- } finally {
- deleteDir()
- }
-
-}
-
-def builders = [:]
-for (config in configs) {
- def label = config["label"]
- def versions = config["versions"]
-
- for (_version in versions) {
- def version = _version
- def combinedName = "${label}-${version}"
- builders[combinedName] = {
- node(label) {
- stage(combinedName) {
- build(version, label, "")
- }
- }
- }
- }
-}
-
-parallel builders
diff --git a/.travis/install.sh b/.travis/install.sh
index ed69e468..f49569ed 100755
--- a/.travis/install.sh
+++ b/.travis/install.sh
@@ -64,5 +64,5 @@ pip install virtualenv
python -m virtualenv ~/.venv
source ~/.venv/bin/activate
-# If we pin coverage it must be kept in sync with tox.ini and Jenkinsfile
+# If we pin coverage it must be kept in sync with tox.ini and azure-pipelines.yml
pip install tox codecov coverage
diff --git a/Jenkinsfile b/Jenkinsfile
deleted file mode 100644
index 8a989bf1..00000000
--- a/Jenkinsfile
+++ /dev/null
@@ -1,148 +0,0 @@
-if (env.BRANCH_NAME == "master") {
- properties([pipelineTriggers([cron('@daily')])])
-}
-
-def configs = [
- [
- label: 'windows',
- toxenvs: ['py27', 'py34', 'py35', 'py36', 'py37'],
- ],
- [
- label: 'windows64',
- toxenvs: ['py27', 'py34', 'py35', 'py36', 'py37'],
- ],
-]
-
-def checkout_git(label) {
- retry(3) {
- def script = ""
- if (env.BRANCH_NAME.startsWith('PR-')) {
- script = """
- git clone --depth=1 https://github.com/pyca/cryptography
- cd cryptography
- git fetch origin +refs/pull/${env.CHANGE_ID}/merge:
- git checkout -qf FETCH_HEAD
- """
- if (label.contains("windows")) {
- bat script
- } else {
- sh """#!/bin/sh
- set -xe
- ${script}
- """
- }
- } else {
- checkout([
- $class: 'GitSCM',
- branches: [[name: "*/${env.BRANCH_NAME}"]],
- doGenerateSubmoduleConfigurations: false,
- extensions: [[
- $class: 'RelativeTargetDirectory',
- relativeTargetDir: 'cryptography'
- ]],
- submoduleCfg: [],
- userRemoteConfigs: [[
- 'url': 'https://github.com/pyca/cryptography'
- ]]
- ])
- }
- }
- bat """
- cd cryptography
- git rev-parse HEAD
- """
-}
-def build(toxenv, label, imageName, artifacts, artifactExcludes) {
- try {
- timeout(time: 30, unit: 'MINUTES') {
-
- checkout_git(label)
- checkout([
- $class: 'GitSCM',
- extensions: [[
- $class: 'RelativeTargetDirectory',
- relativeTargetDir: 'wycheproof',
- ]],
- userRemoteConfigs: [[
- 'url': 'https://github.com/google/wycheproof',
- ]]
- ])
-
- withCredentials([string(credentialsId: 'cryptography-codecov-token', variable: 'CODECOV_TOKEN')]) {
- withEnv(["LABEL=$label", "TOXENV=$toxenv", "IMAGE_NAME=$imageName"]) {
- def pythonPath = [
- py27: "C:\\Python27\\python.exe",
- py34: "C:\\Python34\\python.exe",
- py35: "C:\\Python35\\python.exe",
- py36: "C:\\Python36\\python.exe",
- py37: "C:\\Python37\\python.exe"
- ]
- if (toxenv == "py35" || toxenv == "py36" || toxenv == "py37") {
- opensslPaths = [
- "windows": [
- "include": "C:\\OpenSSL-Win32-2015\\include",
- "lib": "C:\\OpenSSL-Win32-2015\\lib"
- ],
- "windows64": [
- "include": "C:\\OpenSSL-Win64-2015\\include",
- "lib": "C:\\OpenSSL-Win64-2015\\lib"
- ]
- ]
- } else {
- opensslPaths = [
- "windows": [
- "include": "C:\\OpenSSL-Win32-2010\\include",
- "lib": "C:\\OpenSSL-Win32-2010\\lib"
- ],
- "windows64": [
- "include": "C:\\OpenSSL-Win64-2010\\include",
- "lib": "C:\\OpenSSL-Win64-2010\\lib"
- ]
- ]
- }
- bat """
- cd cryptography
- @set PATH="C:\\Python27";"C:\\Python27\\Scripts";%PATH%
- @set PYTHON="${pythonPath[toxenv]}"
-
- @set INCLUDE="${opensslPaths[label]['include']}";%INCLUDE%
- @set LIB="${opensslPaths[label]['lib']}";%LIB%
- tox -r -- --wycheproof-root=../wycheproof
- IF %ERRORLEVEL% NEQ 0 EXIT /B %ERRORLEVEL%
- virtualenv .codecov
- call .codecov/Scripts/activate
- REM this pin must be kept in sync with tox.ini
- pip install coverage
- pip install codecov
- codecov -e JOB_BASE_NAME,LABEL,TOXENV
- """
- }
- }
- }
- } finally {
- deleteDir()
- }
-
-}
-
-def builders = [:]
-for (config in configs) {
- def label = config["label"]
- def toxenvs = config["toxenvs"]
- def artifacts = config["artifacts"]
- def artifactExcludes = config["artifactExcludes"]
-
- for (_toxenv in toxenvs) {
- def toxenv = _toxenv
- def combinedName = "${label}-${toxenv}"
- builders[combinedName] = {
- node(label) {
- stage(combinedName) {
- build(toxenv, label, '', null, null)
- }
- }
- }
- }
-}
-
-parallel builders
diff --git a/dev-requirements.txt b/dev-requirements.txt
index 60819739..6b7f482a 100644
--- a/dev-requirements.txt
+++ b/dev-requirements.txt
@@ -1,7 +1,6 @@
azure-devops
click
coverage
-requests
tox >= 2.4.1
twine >= 1.8.0
-e .[test,docs,docstest,pep8test]
diff --git a/docs/doing-a-release.rst b/docs/doing-a-release.rst
index e7ee88fa..6c309d35 100644
--- a/docs/doing-a-release.rst
+++ b/docs/doing-a-release.rst
@@ -21,7 +21,7 @@ Verifying OpenSSL version
-------------------------
The release process creates wheels bundling OpenSSL for Windows, macOS, and
-Linux. Check that the Windows and macOS Jenkins builders have the latest
+Linux. Check that the Windows and macOS Azure Pipelines builders have the latest
version of OpenSSL installed and verify that the latest version is present in
the ``pyca/cryptography-manylinux1`` docker containers. If anything is out
of date follow the instructions for upgrading OpenSSL.
diff --git a/release.py b/release.py
index b8269114..c03d22d5 100644
--- a/release.py
+++ b/release.py
@@ -6,7 +6,6 @@ from __future__ import absolute_import, division, print_function
import getpass
import glob
-import io
import json
import os
import subprocess
@@ -21,14 +20,6 @@ import click
from msrest.authentication import BasicAuthentication
-import requests
-
-
-JENKINS_URL = (
- "https://ci.cryptography.io/job/cryptography-support-jobs/"
- "job/wheel-builder"
-)
-
def run(*args, **kwargs):
print("[running] {0}".format(list(args)))
@@ -91,76 +82,6 @@ def build_wheels_azure(version):
return download_artifacts_azure(build_client, build.id)
-def wait_for_build_completed_jenkins(session):
- # Wait 20 seconds before actually checking if the build is complete, to
- # ensure that it had time to really start.
- time.sleep(20)
- while True:
- response = session.get(
- "{0}/lastBuild/api/json/".format(JENKINS_URL),
- headers={
- "Accept": "application/json",
- }
- )
- response.raise_for_status()
- if not response.json()["building"]:
- assert response.json()["result"] == "SUCCESS"
- break
- time.sleep(0.1)
-
-
-def download_artifacts_jenkins(session):
- response = session.get(
- "{0}/lastBuild/api/json/".format(JENKINS_URL),
- headers={
- "Accept": "application/json"
- }
- )
- response.raise_for_status()
- json_response = response.json()
- assert not json_response["building"]
- assert json_response["result"] == "SUCCESS"
-
- paths = []
-
- for artifact in json_response["artifacts"]:
- response = session.get(
- "{0}artifact/{1}".format(
- json_response["url"], artifact["relativePath"]
- ), stream=True
- )
- assert response.headers["content-length"]
- print("Downloading {0}".format(artifact["fileName"]))
- content = io.BytesIO()
- for data in response.iter_content(chunk_size=8192):
- content.write(data)
- out_path = os.path.join(
- os.path.dirname(__file__),
- "dist",
- artifact["fileName"],
- )
- with open(out_path, "wb") as f:
- f.write(content.getvalue())
- paths.append(out_path)
- return paths
-
-
-def build_wheels_jenkins(version):
- token = getpass.getpass("Input the Jenkins token: ")
- session = requests.Session()
- response = session.get(
- "{0}/buildWithParameters".format(JENKINS_URL),
- params={
- "token": token,
- "BUILD_VERSION": version,
- "cause": "Building wheels for {0}".format(version)
- }
- )
- response.raise_for_status()
- wait_for_build_completed_jenkins(session)
- return download_artifacts_jenkins(session)
-
-
@click.command()
@click.argument("version")
def release(version):
@@ -180,8 +101,7 @@ def release(version):
run("twine", "upload", "-s", *packages)
azure_wheel_paths = build_wheels_azure(version)
- jenkins_wheel_paths = build_wheels_jenkins(version)
- run("twine", "upload", *(azure_wheel_paths + jenkins_wheel_paths))
+ run("twine", "upload", *azure_wheel_paths)
if __name__ == "__main__":
diff --git a/tox.ini b/tox.ini
index 45df8722..ba9e0833 100644
--- a/tox.ini
+++ b/tox.ini
@@ -7,7 +7,7 @@ extras =
test
idna: idna
deps =
- # This must be kept in sync with Jenkinsfile and .travis/install.sh
+ # This must be kept in sync with .travis/install.sh and azure-pipelines.yml
coverage
./vectors
passenv = ARCHFLAGS LDFLAGS CFLAGS INCLUDE LIB LD_LIBRARY_PATH USERNAME PYTHONIOENCODING