From b13ad5697d9684231c1c20a83f960e384b337aec Mon Sep 17 00:00:00 2001
From: Alex Gaynor <alex.gaynor@gmail.com>
Date: Sun, 19 Apr 2020 13:11:49 -0400
Subject: Migrate the manylinux wheel builder to GHA (#5202)

---
 .azure-pipelines/wheel-builder.yml  | 77 -------------------------------------
 .github/workflows/wheel-builder.yml | 49 +++++++++++++++++++++++
 2 files changed, 49 insertions(+), 77 deletions(-)

diff --git a/.azure-pipelines/wheel-builder.yml b/.azure-pipelines/wheel-builder.yml
index f7683d45..ba30bd1f 100644
--- a/.azure-pipelines/wheel-builder.yml
+++ b/.azure-pipelines/wheel-builder.yml
@@ -73,80 +73,3 @@ jobs:
             inputs:
                 pathToPublish: wheelhouse/
                 artifactName: cryptography-macos-python$(python.version)
-
-    - job: 'manylinux'
-      pool:
-          vmImage: 'ubuntu-16.04'
-      container: $[variables.containerImage]
-      strategy:
-          matrix:
-              Python27m-manylinux1:
-                  containerImage: 'pyca/cryptography-manylinux1:x86_64'
-                  PYTHON_VERSION: 'cp27-cp27m'
-                  PLATFORM: 'manylinux1_x86_64'
-              Python27mu-manylinux1:
-                  containerImage: 'pyca/cryptography-manylinux1:x86_64'
-                  PYTHON_VERSION: 'cp27-cp27mu'
-                  PLATFORM: 'manylinux1_x86_64'
-              Python3m-manylinux1:
-                  containerImage: 'pyca/cryptography-manylinux1:x86_64'
-                  PYTHON_VERSION: 'cp35-cp35m'
-                  PLATFORM: 'manylinux1_x86_64'
-              Python27m-manylinux2010:
-                  containerImage: 'pyca/cryptography-manylinux2010:x86_64'
-                  PYTHON_VERSION: 'cp27-cp27m'
-                  PLATFORM: 'manylinux2010_x86_64'
-              Python27mu-manylinux2010:
-                  containerImage: 'pyca/cryptography-manylinux2010:x86_64'
-                  PYTHON_VERSION: 'cp27-cp27mu'
-                  PLATFORM: 'manylinux2010_x86_64'
-              Python3m-manylinux2010:
-                  containerImage: 'pyca/cryptography-manylinux2010:x86_64'
-                  PYTHON_VERSION: 'cp35-cp35m'
-                  PLATFORM: 'manylinux2010_x86_64'
-      steps:
-          - script: /opt/python/$PYTHON_VERSION/bin/python -m virtualenv .venv
-            displayName: Create virtualenv
-          - script: .venv/bin/pip install -U pip==10.0.1
-            displayName: Downgrade pip lol
-          - script: .venv/bin/pip install cffi six ipaddress "enum34; python_version < '3'"
-            displayName: Install our Python dependencies
-          - script: |
-              set -e
-              set -x
-
-              REGEX="cp3([0-9])*"
-              if [[ "$PYTHON_VERSION" =~ $REGEX ]]; then
-                  PY_LIMITED_API="--build-option --py-limited-api=cp3${BASH_REMATCH[1]}"
-              fi
-              LDFLAGS="-L/opt/pyca/cryptography/openssl/lib" \
-                  CFLAGS="-I/opt/pyca/cryptography/openssl/include -Wl,--exclude-libs,ALL" \
-                  .venv/bin/pip wheel cryptography==$BUILD_VERSION --no-binary cryptography --no-deps --wheel-dir=tmpwheelhouse $PY_LIMITED_API
-            displayName: Build the wheel
-          - script: auditwheel repair --plat $PLATFORM tmpwheelhouse/cryptograph*.whl -w wheelhouse/
-            displayName: Run auditwheel
-          - script: unzip wheelhouse/*.whl -d execstack.check
-            displayName: Unzip the wheel
-          - script: |
-              set -e
-              set -x
-
-              results=$(execstack execstack.check/cryptography/hazmat/bindings/*.so)
-              count=$(echo "$results" | grep -c '^X' || true)
-              if [ "$count" -ne 0 ]; then
-                exit 1
-              else
-                exit 0
-              fi
-            displayName: Run execstack on the wheel
-          - script: .venv/bin/pip install -U pip
-            displayName: Upgrade pip again so we can actually use manylinux2010
-          - script: .venv/bin/pip install cryptography==$BUILD_VERSION --no-index -f wheelhouse/
-            displayName: Test installing the wheel
-          - script: |
-              .venv/bin/python -c "from cryptography.hazmat.backends.openssl.backend import backend;print('Loaded: ' + backend.openssl_version_text());print('Linked Against: ' + backend._ffi.string(backend._lib.OPENSSL_VERSION_TEXT).decode('ascii'))"
-            displayName: Print the OpenSSL we built and linked against
-          - task: PublishBuildArtifacts@1
-            inputs:
-                pathToPublish: wheelhouse/
-                artifactName: cryptography-$(PLATFORM)-$(PYTHON_VERSION)
diff --git a/.github/workflows/wheel-builder.yml b/.github/workflows/wheel-builder.yml
index 67ea9929..455779c7 100644
--- a/.github/workflows/wheel-builder.yml
+++ b/.github/workflows/wheel-builder.yml
@@ -1,8 +1,57 @@
+name: Wheel Builder
 on:
   repository_dispatch:
     types: [wheel-builder]
 
 jobs:
+  manylinux:
+    runs-on: ubuntu-latest
+    container: ${{ matrix.MANYLINUX.CONTAINER }}
+    strategy:
+      matrix:
+        PYTHON: ["cp27-cp27m", "cp27-cp27mu", "cp35-cp35m"]
+        MANYLINUX:
+          - NAME: manylinux1_x86_64
+            CONTAINER: "pyca/cryptography-manylinux1:x86_64"
+          - NAME: manylinux2010_x86_64
+            CONTAINER: "pyca/cryptography-manylinux2010:x86_64"
+    name: "Python ${{ matrix.PYTHON }} for ${{ matrix.MANYLINUX.NAME }}"
+    steps:
+      - run: /opt/python/${{ matrix.PYTHON }}/bin/python -m virtualenv .venv
+      - name: Downgrade pip, can't remember why
+        run: .venv/bin/pip install -U pip==10.0.1
+      - name: Install Python dependencies
+        run: .venv/bin/pip install cffi six ipaddress "enum34; python_version < '3'"
+      - run: |
+          REGEX="cp3([0-9])*"
+          if [[ "${{ matrix.PYTHON }}" =~ $REGEX ]]; then
+              PY_LIMITED_API="--build-option --py-limited-api=cp3${BASH_REMATCH[1]}"
+          fi
+          LDFLAGS="-L/opt/pyca/cryptography/openssl/lib" \
+              CFLAGS="-I/opt/pyca/cryptography/openssl/include -Wl,--exclude-libs,ALL" \
+              .venv/bin/pip wheel cryptography==${{ github.event.client_payload.BUILD_VERSION }} --no-binary cryptography --no-deps --wheel-dir=tmpwheelhouse $PY_LIMITED_API
+      - run: auditwheel repair --plat ${{ matrix.MANYLINUX.NAME }} tmpwheelhouse/cryptograph*.whl -w wheelhouse/
+      - run: unzip wheelhouse/*.whl -d execstack.check
+      - run: |
+          results=$(execstack execstack.check/cryptography/hazmat/bindings/*.so)
+          count=$(echo "$results" | grep -c '^X' || true)
+          if [ "$count" -ne 0 ]; then
+            exit 1
+          else
+            exit 0
+          fi
+      - name: Upgrade pip again so we can actually use manylinux2010
+        run: .venv/bin/pip install -U pip
+      - run: .venv/bin/pip install cryptography --no-index -f wheelhouse/
+      - run: |
+          .venv/bin/python -c "from cryptography.hazmat.backends.openssl.backend import backend;print('Loaded: ' + backend.openssl_version_text());print('Linked Against: ' + backend._ffi.string(backend._lib.OPENSSL_VERSION_TEXT).decode('ascii'))"
+      - run: mkdir cryptography-wheelhouse
+      - run: mv wheelhouse/cryptography*.whl cryptography-wheelhouse/
+      - uses: actions/upload-artifact@v1
+        with:
+          name: "cryptography-${{ github.event.client_payload.BUILD_VERSION }}-${{ matrix.MANYLINUX.NAME }}-${{ matrix.PYTHON }}"
+          path: cryptography-wheelhouse/
+
   windows:
     runs-on: windows-latest
     strategy:
-- 
cgit v1.2.3