name: Wheel Builder on: repository_dispatch: types: [wheel-builder] jobs: manylinux: runs-on: ubuntu-latest container: ${{ matrix.MANYLINUX.CONTAINER }} strategy: matrix: PYTHON: ["cp27-cp27m", "cp27-cp27mu", "cp35-cp35m"] MANYLINUX: - NAME: manylinux1_x86_64 CONTAINER: "pyca/cryptography-manylinux1:x86_64" - NAME: manylinux2010_x86_64 CONTAINER: "pyca/cryptography-manylinux2010:x86_64" name: "Python ${{ matrix.PYTHON }} for ${{ matrix.MANYLINUX.NAME }}" steps: - run: /opt/python/${{ matrix.PYTHON }}/bin/python -m virtualenv .venv - name: Downgrade pip, can't remember why run: .venv/bin/pip install -U pip==10.0.1 - name: Install Python dependencies run: .venv/bin/pip install cffi six ipaddress "enum34; python_version < '3'" - run: | REGEX="cp3([0-9])*" if [[ "${{ matrix.PYTHON }}" =~ $REGEX ]]; then PY_LIMITED_API="--build-option --py-limited-api=cp3${BASH_REMATCH[1]}" fi LDFLAGS="-L/opt/pyca/cryptography/openssl/lib" \ CFLAGS="-I/opt/pyca/cryptography/openssl/include -Wl,--exclude-libs,ALL" \ .venv/bin/pip wheel cryptography==${{ github.event.client_payload.BUILD_VERSION }} --no-binary cryptography --no-deps --wheel-dir=tmpwheelhouse $PY_LIMITED_API - run: auditwheel repair --plat ${{ matrix.MANYLINUX.NAME }} tmpwheelhouse/cryptograph*.whl -w wheelhouse/ - run: unzip wheelhouse/*.whl -d execstack.check - run: | results=$(execstack execstack.check/cryptography/hazmat/bindings/*.so) count=$(echo "$results" | grep -c '^X' || true) if [ "$count" -ne 0 ]; then exit 1 else exit 0 fi - name: Upgrade pip again so we can actually use manylinux2010 run: .venv/bin/pip install -U pip - run: .venv/bin/pip install cryptography --no-index -f wheelhouse/ - run: | .venv/bin/python -c "from cryptography.hazmat.backends.openssl.backend import backend;print('Loaded: ' + backend.openssl_version_text());print('Linked Against: ' + backend._ffi.string(backend._lib.OPENSSL_VERSION_TEXT).decode('ascii'))" - run: mkdir cryptography-wheelhouse - run: mv wheelhouse/cryptography*.whl cryptography-wheelhouse/ - uses: actions/upload-artifact@v1 with: name: "cryptography-${{ github.event.client_payload.BUILD_VERSION }}-${{ matrix.MANYLINUX.NAME }}-${{ matrix.PYTHON }}" path: cryptography-wheelhouse/ macos: runs-on: macos-latest strategy: matrix: PYTHON: - VERSION: '2.7' ABI_VERSION: '2.7' DOWNLOAD_URL: 'https://www.python.org/ftp/python/2.7.17/python-2.7.17-macosx10.9.pkg' BIN_PATH: '/Library/Frameworks/Python.framework/Versions/2.7/bin/python' - VERSION: '3.8' ABI_VERSION: '3.5' DOWNLOAD_URL: 'https://www.python.org/ftp/python/3.8.2/python-3.8.2-macosx10.9.pkg' BIN_PATH: '/Library/Frameworks/Python.framework/Versions/3.8/bin/python3' name: "Python ${{ matrix.PYTHON.VERSION }} for ABI ${{ matrix.PYTHON.ABI_VERSION }} on macOS" steps: - run: | curl "$PYTHON_DOWNLOAD_URL" -o python.pkg sudo installer -pkg python.pkg -target / env: PYTHON_DOWNLOAD_URL: ${{ matrix.PYTHON.DOWNLOAD_URL }} - run: ${{ matrix.PYTHON.BIN_PATH }} -m pip install -U virtualenv requests - name: Download OpenSSL run: | ${{ matrix.PYTHON.BIN_PATH }} .github/workflows/download_openssl.py macos openssl-macos env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: ${{ matrix.PYTHON.BIN_PATH }} -m virtualenv venv # Downgrade pip, I can't remember why - run: venv/bin/pip install -U pip==10.0.1 - run: venv/bin/pip install -U wheel - run: venv/bin/pip install cffi six ipaddress "enum34; python_version < '3'" - name: Build the wheel run: | REGEX="3\.([0-9])*" if [[ "$PYTHON_VERSION" =~ $REGEX ]]; then PY_LIMITED_API="--build-option --py-limited-api=cp3${BASH_REMATCH[1]}" fi CRYPTOGRAPHY_SUPPRESS_LINK_FLAGS="1" \ LDFLAGS="${HOME}/openssl-macos/lib/libcrypto.a ${HOME}/openssl-macos/lib/libssl.a" \ CFLAGS="-I${HOME}/openssl-macos/include -mmacosx-version-min=10.9 -march=core2" \ venv/bin/pip wheel cryptography==${{ github.event.client_payload.BUILD_VERSION }} --wheel-dir=wheelhouse --no-binary cryptography --no-deps $PY_LIMITED_API env: PYTHON_VERSION: ${{ matrix.PYTHON.ABI_VERSION }} - run: venv/bin/pip install -f wheelhouse --no-index cryptography - run: | venv/bin/python -c "from cryptography.hazmat.backends.openssl.backend import backend;print('Loaded: ' + backend.openssl_version_text());print('Linked Against: ' + backend._ffi.string(backend._lib.OPENSSL_VERSION_TEXT).decode('ascii'))" - run: mkdir cryptography-wheelhouse - run: mv wheelhouse/cryptography*.whl cryptography-wheelhouse/ - uses: actions/upload-artifact@v1 with: name: "cryptography-${{ github.event.client_payload.BUILD_VERSION }}-macOS-${{ matrix.PYTHON.ABI_VERSION }}" path: cryptography-wheelhouse/ windows: runs-on: windows-latest strategy: matrix: WINDOWS: - {ARCH: 'x86', WINDOWS: 'win32'} - {ARCH: 'x64', WINDOWS: 'win64'} PYTHON: - {VERSION: "2.7", TOXENV: "py27", MSVC_VERSION: "2010"} - {VERSION: "3.5", TOXENV: "py35", MSVC_VERSION: "2019"} - {VERSION: "3.6", TOXENV: "py36", MSVC_VERSION: "2019"} - {VERSION: "3.7", TOXENV: "py37", MSVC_VERSION: "2019"} - {VERSION: "3.8", TOXENV: "py38", MSVC_VERSION: "2019"} name: "Python ${{ matrix.PYTHON.VERSION }} on ${{ matrix.WINDOWS.WINDOWS }}" steps: - uses: actions/checkout@master - name: Setup python uses: actions/setup-python@v1 with: python-version: ${{ matrix.PYTHON.VERSION }} architecture: ${{ matrix.WINDOWS.ARCH }} - name: Install MSVC for Python 2.7 run: | Invoke-WebRequest -Uri https://download.microsoft.com/download/7/9/6/796EF2E4-801B-4FC4-AB28-B59FBF6D907B/VCForPython27.msi -OutFile VCForPython27.msi Start-Process msiexec -Wait -ArgumentList @('/i', 'VCForPython27.msi', '/qn', 'ALLUSERS=1') Remove-Item VCForPython27.msi -Force shell: powershell if: matrix.PYTHON.VERSION == '2.7' - run: pip install requests - name: Download OpenSSL run: | python .github/workflows/download_openssl.py windows openssl-${{ matrix.WINDOWS.WINDOWS }}-${{ matrix.PYTHON.MSVC_VERSION }} echo "::set-env name=INCLUDE::C:/openssl-${{ matrix.WINDOWS.WINDOWS }}-${{ matrix.PYTHON.MSVC_VERSION }}/include;%INCLUDE%" echo "::set-env name=LIB::C:/openssl-${{ matrix.WINDOWS.WINDOWS }}-${{ matrix.PYTHON.MSVC_VERSION }}/lib;%LIB%" env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: pip install cffi six ipaddress "enum34; python_version < '3'" - run: pip wheel cryptography==${{ github.event.client_payload.BUILD_VERSION }} --wheel-dir=wheelhouse --no-binary cryptography - run: pip install -f wheelhouse --no-index cryptography - name: Print the OpenSSL we built and linked against run: | python -c "from cryptography.hazmat.backends.openssl.backend import backend;print('Loaded: ' + backend.openssl_version_text());print('Linked Against: ' + backend._ffi.string(backend._lib.OPENSSL_VERSION_TEXT).decode('ascii'))" - run: mkdir cryptography-wheelhouse - run: move wheelhouse\cryptography*.whl cryptography-wheelhouse\ - uses: actions/upload-artifact@v1 with: name: "cryptography-${{ github.event.client_payload.BUILD_VERSION }}-${{ matrix.WINDOWS.WINDOWS }}-${{ matrix.PYTHON.VERSION }}" path: cryptography-wheelhouse\