diff options
-rw-r--r-- | .github/ISSUE_TEMPLATE/openssl-release.md | 4 | ||||
-rw-r--r-- | .jenkins/Jenkinsfile-OpenSSL-1.1 | 86 | ||||
-rw-r--r-- | .jenkins/Jenkinsfile-cryptography-wheel-builder | 95 | ||||
-rwxr-xr-x | .travis/install.sh | 2 | ||||
-rw-r--r-- | Jenkinsfile | 148 | ||||
-rw-r--r-- | dev-requirements.txt | 1 | ||||
-rw-r--r-- | docs/doing-a-release.rst | 2 | ||||
-rw-r--r-- | release.py | 82 | ||||
-rw-r--r-- | tox.ini | 2 |
9 files changed, 5 insertions, 417 deletions
diff --git a/.github/ISSUE_TEMPLATE/openssl-release.md b/.github/ISSUE_TEMPLATE/openssl-release.md index 6167739f..074d9fb0 100644 --- a/.github/ISSUE_TEMPLATE/openssl-release.md +++ b/.github/ISSUE_TEMPLATE/openssl-release.md @@ -1,9 +1,7 @@ - [ ] Windows - - [ ] Run the `openssl-release-1.1` Jenkins job - - [ ] Copy the resulting artifacts to the Windows builders and unzip them in the root of the file system + - [ ] Run the `windows-openssl` Azure Pipelines job - [ ] macOS - [ ] Send a pull request to `homebrew` upgrading the `openssl@1.1` formula - [ ] Wait for it to be merged - - [ ] Run the `update-brew-openssl` Jenkins job - [ ] manylinux1 - [ ] Send a pull request to `pyca/infra` updating the [version and hash](https://github.com/pyca/infra/blob/master/cryptography-manylinux1/install_openssl.sh#L5-L6) diff --git a/.jenkins/Jenkinsfile-OpenSSL-1.1 b/.jenkins/Jenkinsfile-OpenSSL-1.1 deleted file mode 100644 index 62ec9560..00000000 --- a/.jenkins/Jenkinsfile-OpenSSL-1.1 +++ /dev/null @@ -1,86 +0,0 @@ -def configs = [ - [ - label: "windows2012-openssl", arch: "x86", "vsversion": 2010 - ], - [ - label: "windows2012-openssl", arch: "x86_64", "vsversion": 2010 - ], - [ - label: "windows2012-openssl", arch: "x86", "vsversion": 2015 - ], - [ - label: "windows2012-openssl", arch: "x86_64", "vsversion": 2015 - ], -] - -script = """ - wmic qfe - powershell "[Net.ServicePointManager]::SecurityProtocol = 'tls12'; wget 'https://www.openssl.org/source/openssl-1.1.1-latest.tar.gz' -OutFile 'openssl-latest.tar.gz'" - REM Next decompress the tarball using winrar. INUL disables error msgs, which are GUI prompts and therefore undesirable - "C:\\Program Files\\WinRAR\\WinRAR.exe" -INUL x openssl-latest.tar.gz - cd openssl-1* - REM The next line determines the name of the current directory. Batch is great. - FOR %%I IN (.) DO @SET CURRENTDIR=%%~nI%%~xI - if "%BUILDARCH%" == "x86" ( - @SET BUILDARCHFLAG=x86 - @SET OPENSSLARCHFLAG="VC-WIN32" - ) else ( - @SET BUILDARCHFLAG=amd64 - @SET OPENSSLARCHFLAG="VC-WIN64A" - ) - if "%BUILDVSVERSION%" == "2010" ( - call "C:\\Program Files (x86)\\Microsoft Visual Studio 10.0\\VC\\vcvarsall.bat" %BUILDARCHFLAG% - echo "Building with VS 2010" - ) else ( - call "C:\\Program Files (x86)\\Microsoft Visual Studio 14.0\\VC\\vcvarsall.bat" %BUILDARCHFLAG% - echo "Building with VS 2015" - ) - SET - perl Configure no-comp no-shared %OPENSSLARCHFLAG% - nmake - nmake test - - if "%BUILDARCH%" == "x86" ( - @SET FINALDIR="openssl-win32-%BUILDVSVERSION%" - ) else ( - @SET FINALDIR="openssl-win64-%BUILDVSVERSION%" - ) - mkdir %FINALDIR% - mkdir %FINALDIR%\\lib - move include %FINALDIR%\\include - move libcrypto.lib %FINALDIR%\\lib\\ - move libssl.lib %FINALDIR%\\lib\\ - "C:\\Program Files\\WinRAR\\WinRAR.exe" -INUL a %CURRENTDIR%-%BUILDVSVERSION%-%BUILDARCH%.zip %FINALDIR%\\include %FINALDIR%\\lib\\libcrypto.lib %FINALDIR%\\lib\\libssl.lib -""" - -def build(label, vsversion, arch) { - node(label) { - try { - timeout(time: 30, unit: 'MINUTES') { - stage("Compile") { - withEnv(["BUILDARCH=$arch", "BUILDVSVERSION=$vsversion"]) { - bat script - } - } - stage("Archive") { - archiveArtifacts artifacts: "**/openssl-*.zip" - } - } - } finally { - deleteDir() - } - } -} - -def builders = [:] - -for (config in configs) { - def vsversion = config["vsversion"] - def arch = config["arch"] - def label = config["label"] - builders["${vsversion}-${arch}"] = { - build(label, vsversion, arch) - } -} - -parallel builders diff --git a/.jenkins/Jenkinsfile-cryptography-wheel-builder b/.jenkins/Jenkinsfile-cryptography-wheel-builder deleted file mode 100644 index 907f06e9..00000000 --- a/.jenkins/Jenkinsfile-cryptography-wheel-builder +++ /dev/null @@ -1,95 +0,0 @@ -properties([ - parameters([ - string(defaultValue: '', description: 'The version from PyPI to build', name: 'BUILD_VERSION') - ]), - pipelineTriggers([]) -]) - -def configs = [ - [ - label: 'windows', - versions: ['py27', 'py34', 'py35', 'py36', 'py37'], - ], - [ - label: 'windows64', - versions: ['py27', 'py34', 'py35', 'py36', 'py37'], - ], -] - - -def build(version, label, imageName) { - try { - timeout(time: 30, unit: 'MINUTES') { - if (label.contains("windows")) { - def pythonPath = [ - py27: "C:\\Python27\\python.exe", - py34: "C:\\Python34\\python.exe", - py35: "C:\\Python35\\python.exe", - py36: "C:\\Python36\\python.exe", - py37: "C:\\Python37\\python.exe" - ] - if (version == "py35" || version == "py36" || version == "py37") { - opensslPaths = [ - "windows": [ - "include": "C:\\OpenSSL-Win32-2015\\include", - "lib": "C:\\OpenSSL-Win32-2015\\lib" - ], - "windows64": [ - "include": "C:\\OpenSSL-Win64-2015\\include", - "lib": "C:\\OpenSSL-Win64-2015\\lib" - ] - ] - } else { - opensslPaths = [ - "windows": [ - "include": "C:\\OpenSSL-Win32-2010\\include", - "lib": "C:\\OpenSSL-Win32-2010\\lib" - ], - "windows64": [ - "include": "C:\\OpenSSL-Win64-2010\\include", - "lib": "C:\\OpenSSL-Win64-2010\\lib" - ] - ] - } - bat """ - wmic qfe - @set PATH="C:\\Python27";"C:\\Python27\\Scripts";%PATH% - @set PYTHON="${pythonPath[version]}" - - @set INCLUDE="${opensslPaths[label]['include']}";%INCLUDE% - @set LIB="${opensslPaths[label]['lib']}";%LIB% - virtualenv -p %PYTHON% .release - call .release\\Scripts\\activate - pip install wheel virtualenv - pip wheel cryptography==$BUILD_VERSION --no-use-pep517 --wheel-dir=wheelhouse --no-binary cryptography - pip install -f wheelhouse cryptography --no-index - python -c "from cryptography.hazmat.backends.openssl.backend import backend;print('Loaded: ' + backend.openssl_version_text());print('Linked Against: ' + backend._ffi.string(backend._lib.OPENSSL_VERSION_TEXT).decode('ascii'))" - """ - } - archiveArtifacts artifacts: "wheelhouse/cryptography*.whl" - } - } finally { - deleteDir() - } - -} - -def builders = [:] -for (config in configs) { - def label = config["label"] - def versions = config["versions"] - - for (_version in versions) { - def version = _version - def combinedName = "${label}-${version}" - builders[combinedName] = { - node(label) { - stage(combinedName) { - build(version, label, "") - } - } - } - } -} - -parallel builders diff --git a/.travis/install.sh b/.travis/install.sh index ed69e468..f49569ed 100755 --- a/.travis/install.sh +++ b/.travis/install.sh @@ -64,5 +64,5 @@ pip install virtualenv python -m virtualenv ~/.venv source ~/.venv/bin/activate -# If we pin coverage it must be kept in sync with tox.ini and Jenkinsfile +# If we pin coverage it must be kept in sync with tox.ini and azure-pipelines.yml pip install tox codecov coverage diff --git a/Jenkinsfile b/Jenkinsfile deleted file mode 100644 index 8a989bf1..00000000 --- a/Jenkinsfile +++ /dev/null @@ -1,148 +0,0 @@ -if (env.BRANCH_NAME == "master") { - properties([pipelineTriggers([cron('@daily')])]) -} - -def configs = [ - [ - label: 'windows', - toxenvs: ['py27', 'py34', 'py35', 'py36', 'py37'], - ], - [ - label: 'windows64', - toxenvs: ['py27', 'py34', 'py35', 'py36', 'py37'], - ], -] - -def checkout_git(label) { - retry(3) { - def script = "" - if (env.BRANCH_NAME.startsWith('PR-')) { - script = """ - git clone --depth=1 https://github.com/pyca/cryptography - cd cryptography - git fetch origin +refs/pull/${env.CHANGE_ID}/merge: - git checkout -qf FETCH_HEAD - """ - if (label.contains("windows")) { - bat script - } else { - sh """#!/bin/sh - set -xe - ${script} - """ - } - } else { - checkout([ - $class: 'GitSCM', - branches: [[name: "*/${env.BRANCH_NAME}"]], - doGenerateSubmoduleConfigurations: false, - extensions: [[ - $class: 'RelativeTargetDirectory', - relativeTargetDir: 'cryptography' - ]], - submoduleCfg: [], - userRemoteConfigs: [[ - 'url': 'https://github.com/pyca/cryptography' - ]] - ]) - } - } - bat """ - cd cryptography - git rev-parse HEAD - """ -} -def build(toxenv, label, imageName, artifacts, artifactExcludes) { - try { - timeout(time: 30, unit: 'MINUTES') { - - checkout_git(label) - checkout([ - $class: 'GitSCM', - extensions: [[ - $class: 'RelativeTargetDirectory', - relativeTargetDir: 'wycheproof', - ]], - userRemoteConfigs: [[ - 'url': 'https://github.com/google/wycheproof', - ]] - ]) - - withCredentials([string(credentialsId: 'cryptography-codecov-token', variable: 'CODECOV_TOKEN')]) { - withEnv(["LABEL=$label", "TOXENV=$toxenv", "IMAGE_NAME=$imageName"]) { - def pythonPath = [ - py27: "C:\\Python27\\python.exe", - py34: "C:\\Python34\\python.exe", - py35: "C:\\Python35\\python.exe", - py36: "C:\\Python36\\python.exe", - py37: "C:\\Python37\\python.exe" - ] - if (toxenv == "py35" || toxenv == "py36" || toxenv == "py37") { - opensslPaths = [ - "windows": [ - "include": "C:\\OpenSSL-Win32-2015\\include", - "lib": "C:\\OpenSSL-Win32-2015\\lib" - ], - "windows64": [ - "include": "C:\\OpenSSL-Win64-2015\\include", - "lib": "C:\\OpenSSL-Win64-2015\\lib" - ] - ] - } else { - opensslPaths = [ - "windows": [ - "include": "C:\\OpenSSL-Win32-2010\\include", - "lib": "C:\\OpenSSL-Win32-2010\\lib" - ], - "windows64": [ - "include": "C:\\OpenSSL-Win64-2010\\include", - "lib": "C:\\OpenSSL-Win64-2010\\lib" - ] - ] - } - bat """ - cd cryptography - @set PATH="C:\\Python27";"C:\\Python27\\Scripts";%PATH% - @set PYTHON="${pythonPath[toxenv]}" - - @set INCLUDE="${opensslPaths[label]['include']}";%INCLUDE% - @set LIB="${opensslPaths[label]['lib']}";%LIB% - tox -r -- --wycheproof-root=../wycheproof - IF %ERRORLEVEL% NEQ 0 EXIT /B %ERRORLEVEL% - virtualenv .codecov - call .codecov/Scripts/activate - REM this pin must be kept in sync with tox.ini - pip install coverage - pip install codecov - codecov -e JOB_BASE_NAME,LABEL,TOXENV - """ - } - } - } - } finally { - deleteDir() - } - -} - -def builders = [:] -for (config in configs) { - def label = config["label"] - def toxenvs = config["toxenvs"] - def artifacts = config["artifacts"] - def artifactExcludes = config["artifactExcludes"] - - for (_toxenv in toxenvs) { - def toxenv = _toxenv - def combinedName = "${label}-${toxenv}" - builders[combinedName] = { - node(label) { - stage(combinedName) { - build(toxenv, label, '', null, null) - } - } - } - } -} - -parallel builders diff --git a/dev-requirements.txt b/dev-requirements.txt index 60819739..6b7f482a 100644 --- a/dev-requirements.txt +++ b/dev-requirements.txt @@ -1,7 +1,6 @@ azure-devops click coverage -requests tox >= 2.4.1 twine >= 1.8.0 -e .[test,docs,docstest,pep8test] diff --git a/docs/doing-a-release.rst b/docs/doing-a-release.rst index e7ee88fa..6c309d35 100644 --- a/docs/doing-a-release.rst +++ b/docs/doing-a-release.rst @@ -21,7 +21,7 @@ Verifying OpenSSL version ------------------------- The release process creates wheels bundling OpenSSL for Windows, macOS, and -Linux. Check that the Windows and macOS Jenkins builders have the latest +Linux. Check that the Windows and macOS Azure Pipelines builders have the latest version of OpenSSL installed and verify that the latest version is present in the ``pyca/cryptography-manylinux1`` docker containers. If anything is out of date follow the instructions for upgrading OpenSSL. @@ -6,7 +6,6 @@ from __future__ import absolute_import, division, print_function import getpass import glob -import io import json import os import subprocess @@ -21,14 +20,6 @@ import click from msrest.authentication import BasicAuthentication -import requests - - -JENKINS_URL = ( - "https://ci.cryptography.io/job/cryptography-support-jobs/" - "job/wheel-builder" -) - def run(*args, **kwargs): print("[running] {0}".format(list(args))) @@ -91,76 +82,6 @@ def build_wheels_azure(version): return download_artifacts_azure(build_client, build.id) -def wait_for_build_completed_jenkins(session): - # Wait 20 seconds before actually checking if the build is complete, to - # ensure that it had time to really start. - time.sleep(20) - while True: - response = session.get( - "{0}/lastBuild/api/json/".format(JENKINS_URL), - headers={ - "Accept": "application/json", - } - ) - response.raise_for_status() - if not response.json()["building"]: - assert response.json()["result"] == "SUCCESS" - break - time.sleep(0.1) - - -def download_artifacts_jenkins(session): - response = session.get( - "{0}/lastBuild/api/json/".format(JENKINS_URL), - headers={ - "Accept": "application/json" - } - ) - response.raise_for_status() - json_response = response.json() - assert not json_response["building"] - assert json_response["result"] == "SUCCESS" - - paths = [] - - for artifact in json_response["artifacts"]: - response = session.get( - "{0}artifact/{1}".format( - json_response["url"], artifact["relativePath"] - ), stream=True - ) - assert response.headers["content-length"] - print("Downloading {0}".format(artifact["fileName"])) - content = io.BytesIO() - for data in response.iter_content(chunk_size=8192): - content.write(data) - out_path = os.path.join( - os.path.dirname(__file__), - "dist", - artifact["fileName"], - ) - with open(out_path, "wb") as f: - f.write(content.getvalue()) - paths.append(out_path) - return paths - - -def build_wheels_jenkins(version): - token = getpass.getpass("Input the Jenkins token: ") - session = requests.Session() - response = session.get( - "{0}/buildWithParameters".format(JENKINS_URL), - params={ - "token": token, - "BUILD_VERSION": version, - "cause": "Building wheels for {0}".format(version) - } - ) - response.raise_for_status() - wait_for_build_completed_jenkins(session) - return download_artifacts_jenkins(session) - - @click.command() @click.argument("version") def release(version): @@ -180,8 +101,7 @@ def release(version): run("twine", "upload", "-s", *packages) azure_wheel_paths = build_wheels_azure(version) - jenkins_wheel_paths = build_wheels_jenkins(version) - run("twine", "upload", *(azure_wheel_paths + jenkins_wheel_paths)) + run("twine", "upload", *azure_wheel_paths) if __name__ == "__main__": @@ -7,7 +7,7 @@ extras = test idna: idna deps = - # This must be kept in sync with Jenkinsfile and .travis/install.sh + # This must be kept in sync with .travis/install.sh and azure-pipelines.yml coverage ./vectors passenv = ARCHFLAGS LDFLAGS CFLAGS INCLUDE LIB LD_LIBRARY_PATH USERNAME PYTHONIOENCODING |