diff options
Diffstat (limited to '.travis')
| -rw-r--r-- | .travis/downstream.d/README.rst | 13 | ||||
| -rwxr-xr-x | .travis/downstream.d/aws-encryption-sdk.sh | 18 | ||||
| -rwxr-xr-x | .travis/downstream.d/certbot-josepy.sh | 17 | ||||
| -rwxr-xr-x | .travis/downstream.d/certbot.sh | 22 | ||||
| -rwxr-xr-x | .travis/downstream.d/dynamodb-encryption-sdk.sh | 18 | ||||
| -rwxr-xr-x | .travis/downstream.d/paramiko.sh | 18 | ||||
| -rwxr-xr-x | .travis/downstream.d/pyopenssl.sh | 17 | ||||
| -rwxr-xr-x | .travis/downstream.d/twisted.sh | 17 | ||||
| -rwxr-xr-x | .travis/downstream.d/urllib3.sh | 18 | ||||
| -rwxr-xr-x | .travis/install.sh | 104 | ||||
| -rwxr-xr-x | .travis/openssl_config.sh | 13 | ||||
| -rwxr-xr-x | .travis/run.sh | 63 | ||||
| -rwxr-xr-x | .travis/upload_coverage.sh | 21 |
13 files changed, 283 insertions, 76 deletions
diff --git a/.travis/downstream.d/README.rst b/.travis/downstream.d/README.rst new file mode 100644 index 00000000..1553448c --- /dev/null +++ b/.travis/downstream.d/README.rst @@ -0,0 +1,13 @@ +To add downstream tests to be run in CI: + +1. Create a test handler for the downstream consumer that you want to test. + + * The test handler should be a single file in the ``.travis/downstream.d/`` directory. + * The file name should be ``{downstream name}.sh`` where ``{downstream name}`` + is the name that you wish to use to identify the consumer. + * The test handler should accept a single argument that can be either ``install`` or ``run``. + These should be used to separate installation of the downstream consumer and + any dependencies from the actual running of the tests. + +2. Add an entry to the test matrix in ``.travis.yml`` that sets the ``DOWNSTREAM`` + environment variable to the downstream name that you selected. diff --git a/.travis/downstream.d/aws-encryption-sdk.sh b/.travis/downstream.d/aws-encryption-sdk.sh new file mode 100755 index 00000000..d986c749 --- /dev/null +++ b/.travis/downstream.d/aws-encryption-sdk.sh @@ -0,0 +1,18 @@ +#!/bin/bash -ex + +case "${1}" in + install) + git clone --depth=1 https://github.com/awslabs/aws-encryption-sdk-python + cd aws-encryption-sdk-python + git rev-parse HEAD + pip install -e . + pip install -r test/upstream-requirements-py27.txt + ;; + run) + cd aws-encryption-sdk-python + pytest -m local test/ + ;; + *) + exit 1 + ;; +esac diff --git a/.travis/downstream.d/certbot-josepy.sh b/.travis/downstream.d/certbot-josepy.sh new file mode 100755 index 00000000..2253edc1 --- /dev/null +++ b/.travis/downstream.d/certbot-josepy.sh @@ -0,0 +1,17 @@ +#!/bin/bash -ex + +case "${1}" in + install) + git clone --depth=1 https://github.com/certbot/josepy + cd josepy + git rev-parse HEAD + pip install -e ".[tests]" -c constraints.txt + ;; + run) + cd josepy + pytest src + ;; + *) + exit 1 + ;; +esac diff --git a/.travis/downstream.d/certbot.sh b/.travis/downstream.d/certbot.sh new file mode 100755 index 00000000..e2890a3a --- /dev/null +++ b/.travis/downstream.d/certbot.sh @@ -0,0 +1,22 @@ +#!/bin/bash -ex + +case "${1}" in + install) + git clone --depth=1 https://github.com/certbot/certbot + cd certbot + git rev-parse HEAD + tools/pip_install_editable.py ./acme[dev] + tools/pip_install_editable.py ./certbot[dev] + ;; + run) + cd certbot + # Ignore some warnings for now since they're now automatically promoted + # to errors. We can probably remove this when acme gets split into + # its own repo + pytest -Wignore certbot/tests + pytest acme + ;; + *) + exit 1 + ;; +esac diff --git a/.travis/downstream.d/dynamodb-encryption-sdk.sh b/.travis/downstream.d/dynamodb-encryption-sdk.sh new file mode 100755 index 00000000..7ceff16d --- /dev/null +++ b/.travis/downstream.d/dynamodb-encryption-sdk.sh @@ -0,0 +1,18 @@ +#!/bin/bash -ex + +case "${1}" in + install) + git clone --depth=1 https://github.com/awslabs/aws-dynamodb-encryption-python + cd aws-dynamodb-encryption-python + git rev-parse HEAD + pip install -e . + pip install -r test/upstream-requirements-py27.txt + ;; + run) + cd aws-dynamodb-encryption-python + pytest test/ -m "local and not slow and not veryslow and not nope" + ;; + *) + exit 1 + ;; +esac diff --git a/.travis/downstream.d/paramiko.sh b/.travis/downstream.d/paramiko.sh new file mode 100755 index 00000000..c994defb --- /dev/null +++ b/.travis/downstream.d/paramiko.sh @@ -0,0 +1,18 @@ +#!/bin/bash -ex + +case "${1}" in + install) + git clone --depth=1 https://github.com/paramiko/paramiko + cd paramiko + git rev-parse HEAD + pip install -e . + pip install -r dev-requirements.txt + ;; + run) + cd paramiko + inv test + ;; + *) + exit 1 + ;; +esac diff --git a/.travis/downstream.d/pyopenssl.sh b/.travis/downstream.d/pyopenssl.sh new file mode 100755 index 00000000..89e4e3e7 --- /dev/null +++ b/.travis/downstream.d/pyopenssl.sh @@ -0,0 +1,17 @@ +#!/bin/bash -ex + +case "${1}" in + install) + git clone --depth=1 https://github.com/pyca/pyopenssl + cd pyopenssl + git rev-parse HEAD + pip install -e ".[test]" + ;; + run) + cd pyopenssl + pytest tests + ;; + *) + exit 1 + ;; +esac diff --git a/.travis/downstream.d/twisted.sh b/.travis/downstream.d/twisted.sh new file mode 100755 index 00000000..3d45413b --- /dev/null +++ b/.travis/downstream.d/twisted.sh @@ -0,0 +1,17 @@ +#!/bin/bash -ex + +case "${1}" in + install) + git clone --depth=1 https://github.com/twisted/twisted + cd twisted + git rev-parse HEAD + pip install ".[tls,conch,http2]" + ;; + run) + cd twisted + python -m twisted.trial src/twisted + ;; + *) + exit 1 + ;; +esac diff --git a/.travis/downstream.d/urllib3.sh b/.travis/downstream.d/urllib3.sh new file mode 100755 index 00000000..dad06159 --- /dev/null +++ b/.travis/downstream.d/urllib3.sh @@ -0,0 +1,18 @@ +#!/bin/bash -ex + +case "${1}" in + install) + git clone --depth 1 https://github.com/shazow/urllib3 + cd urllib3 + git rev-parse HEAD + pip install -r ./dev-requirements.txt + pip install -e ".[socks]" + ;; + run) + cd urllib3 + pytest test + ;; + *) + exit 1 + ;; +esac diff --git a/.travis/install.sh b/.travis/install.sh index a046a5d8..599eee0d 100755 --- a/.travis/install.sh +++ b/.travis/install.sh @@ -3,66 +3,62 @@ set -e set -x -if [[ "$(uname -s)" == 'Darwin' ]]; then - brew update || brew update +SCRIPT_DIR=$(dirname "${BASH_SOURCE[0]}") - if [[ "${OPENSSL}" != "0.9.8" ]]; then - brew outdated openssl || brew upgrade openssl - fi +shlib_sed() { + # modify the shlib version to a unique one to make sure the dynamic + # linker doesn't load the system one. + sed -i "s/^SHLIB_MAJOR=.*/SHLIB_MAJOR=100/" Makefile + sed -i "s/^SHLIB_MINOR=.*/SHLIB_MINOR=0.0/" Makefile + sed -i "s/^SHLIB_VERSION_NUMBER=.*/SHLIB_VERSION_NUMBER=100.0.0/" Makefile +} - if which pyenv > /dev/null; then - eval "$(pyenv init -)" +# download, compile, and install if it's not already present via travis +# cache +if [ -n "${OPENSSL}" ]; then + . "$SCRIPT_DIR/openssl_config.sh" + if [[ ! -f "$HOME/$OPENSSL_DIR/bin/openssl" ]]; then + curl -O "https://www.openssl.org/source/openssl-${OPENSSL}.tar.gz" + tar zxf "openssl-${OPENSSL}.tar.gz" + pushd "openssl-${OPENSSL}" + ./config $OPENSSL_CONFIG_FLAGS -fPIC --prefix="$HOME/$OPENSSL_DIR" + shlib_sed + make depend + make -j"$(nproc)" + # avoid installing the docs + # https://github.com/openssl/openssl/issues/6685#issuecomment-403838728 + make install_sw install_ssldirs + popd + fi +elif [ -n "${LIBRESSL}" ]; then + LIBRESSL_DIR="ossl-2/${LIBRESSL}" + if [[ ! -f "$HOME/$LIBRESSL_DIR/bin/openssl" ]]; then + curl -O "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-${LIBRESSL}.tar.gz" + tar zxf "libressl-${LIBRESSL}.tar.gz" + pushd "libressl-${LIBRESSL}" + ./config -Wl -Wl,-Bsymbolic-functions -fPIC shared --prefix="$HOME/$LIBRESSL_DIR" + shlib_sed + make -j"$(nproc)" install + popd fi +fi - case "${TOXENV}" in - py26) - curl -O https://bootstrap.pypa.io/get-pip.py - python get-pip.py --user - ;; - py27) - curl -O https://bootstrap.pypa.io/get-pip.py - python get-pip.py --user - ;; - py33) - brew outdated pyenv || brew upgrade pyenv - pyenv install 3.3.6 - pyenv global 3.3.6 - ;; - py34) - brew outdated pyenv || brew upgrade pyenv - pyenv install 3.4.2 - pyenv global 3.4.2 - ;; - pypy) - brew outdated pyenv || brew upgrade pyenv - pyenv install pypy-2.6.0 - pyenv global pypy-2.6.0 - ;; - pypy3) - brew outdated pyenv || brew upgrade pyenv - pyenv install pypy3-2.4.0 - pyenv global pypy3-2.4.0 - ;; - docs) - curl -O https://bootstrap.pypa.io/get-pip.py - python get-pip.py --user - ;; - esac - pyenv rehash - python -m pip install --user virtualenv -else - # temporary pyenv installation to get pypy-2.6 before container infra upgrade - if [[ "${TOXENV}" == "pypy" ]]; then - git clone https://github.com/yyuu/pyenv.git ~/.pyenv - PYENV_ROOT="$HOME/.pyenv" - PATH="$PYENV_ROOT/bin:$PATH" - eval "$(pyenv init -)" - pyenv install pypy-2.6.0 - pyenv global pypy-2.6.0 +if [ -n "${DOCKER}" ]; then + if [ -n "${OPENSSL}" ] || [ -n "${LIBRESSL}" ]; then + echo "OPENSSL and LIBRESSL are not allowed when DOCKER is set." + exit 1 fi - pip install virtualenv + docker pull "$DOCKER" || docker pull "$DOCKER" || docker pull "$DOCKER" fi +if [ -z "${DOWNSTREAM}" ]; then + git clone --depth=1 https://github.com/google/wycheproof "$HOME/wycheproof" +fi + +pip install -U pip +pip install virtualenv + python -m virtualenv ~/.venv source ~/.venv/bin/activate -pip install tox coveralls +# If we pin coverage it must be kept in sync with tox.ini and .github/workflows/ci.yml +pip install tox coverage diff --git a/.travis/openssl_config.sh b/.travis/openssl_config.sh new file mode 100755 index 00000000..83f16d2b --- /dev/null +++ b/.travis/openssl_config.sh @@ -0,0 +1,13 @@ +#!/bin/bash + +set -e +set -x + +DEFAULT_CONFIG_FLAGS="shared no-ssl2 no-ssl3" +if [ -n "${OPENSSL_CONFIG_FLAGS}" ]; then + OPENSSL_CONFIG_FLAGS="$DEFAULT_CONFIG_FLAGS $OPENSSL_CONFIG_FLAGS" +else + OPENSSL_CONFIG_FLAGS=$DEFAULT_CONFIG_FLAGS +fi +CONFIG_HASH=$(echo "$OPENSSL_CONFIG_FLAGS" | sha1sum | sed 's/ .*$//') +OPENSSL_DIR="ossl-2/${OPENSSL}${CONFIG_HASH}" diff --git a/.travis/run.sh b/.travis/run.sh index 17358655..ab12ac3c 100755 --- a/.travis/run.sh +++ b/.travis/run.sh @@ -1,28 +1,47 @@ -#!/bin/bash +#!/bin/bash -ex -set -e -set -x +SCRIPT_DIR=$(dirname "${BASH_SOURCE[0]}") -if [[ "$(uname -s)" == "Darwin" ]]; then +if [[ "${TOXENV}" == "pypy" ]]; then + PYENV_ROOT="$HOME/.pyenv" + PATH="$PYENV_ROOT/bin:$PATH" eval "$(pyenv init -)" - if [[ "${OPENSSL}" != "0.9.8" ]]; then - # set our flags to use homebrew openssl - export ARCHFLAGS="-arch x86_64" - export LDFLAGS="-L/usr/local/opt/openssl/lib" - export CFLAGS="-I/usr/local/opt/openssl/include" - # The Travis OS X jobs are run for two versions - # of OpenSSL, but we only need to run the - # CommonCrypto backend tests once. Exclude - # CommonCrypto when we test against brew OpenSSL - export TOX_FLAGS="--backend=openssl" - fi +fi +if [ -n "${LIBRESSL}" ]; then + LIBRESSL_DIR="ossl-2/${LIBRESSL}" + export CFLAGS="-Werror -Wno-error=deprecated-declarations -Wno-error=discarded-qualifiers -Wno-error=unused-function -I$HOME/$LIBRESSL_DIR/include" + export PATH="$HOME/$LIBRESSL_DIR/bin:$PATH" + export LDFLAGS="-L$HOME/$LIBRESSL_DIR/lib -Wl,-rpath=$HOME/$LIBRESSL_DIR/lib" +fi + +if [ -n "${OPENSSL}" ]; then + . "$SCRIPT_DIR/openssl_config.sh" + export PATH="$HOME/$OPENSSL_DIR/bin:$PATH" + export CFLAGS="${CFLAGS} -I$HOME/$OPENSSL_DIR/include" + # rpath on linux will cause it to use an absolute path so we don't need to + # do LD_LIBRARY_PATH + export LDFLAGS="-L$HOME/$OPENSSL_DIR/lib -Wl,-rpath=$HOME/$OPENSSL_DIR/lib" +fi + +source ~/.venv/bin/activate + +if [ -n "${DOCKER}" ]; then + # We will be able to drop the -u once we switch the default container user in the + # dockerfiles. + docker run --rm -u 2000:2000 \ + -v "${TRAVIS_BUILD_DIR}":"${TRAVIS_BUILD_DIR}" \ + -v "${HOME}/wycheproof":/wycheproof \ + -w "${TRAVIS_BUILD_DIR}" \ + -e TOXENV "${DOCKER}" \ + /bin/sh -c "tox -- --wycheproof-root='/wycheproof'" +elif [ -n "${TOXENV}" ]; then + tox -- --wycheproof-root="$HOME/wycheproof" else - if [[ "${TOXENV}" == "pypy" ]]; then - PYENV_ROOT="$HOME/.pyenv" - PATH="$PYENV_ROOT/bin:$PATH" - eval "$(pyenv init -)" - pyenv global pypy-2.6.0 + downstream_script="${TRAVIS_BUILD_DIR}/.travis/downstream.d/${DOWNSTREAM}.sh" + if [ ! -x "$downstream_script" ]; then + exit 1 fi + $downstream_script install + pip install . + $downstream_script run fi -source ~/.venv/bin/activate -tox -- $TOX_FLAGS diff --git a/.travis/upload_coverage.sh b/.travis/upload_coverage.sh new file mode 100755 index 00000000..7be892e3 --- /dev/null +++ b/.travis/upload_coverage.sh @@ -0,0 +1,21 @@ +#!/bin/bash + +set -e +set -x + +if [ -n "${TOXENV}" ]; then + case "${TOXENV}" in + pypy-nocoverage);; + pypy3-nocoverage);; + pep8);; + py3pep8);; + docs);; + *) + source ~/.venv/bin/activate + curl -o codecov.sh -f https://codecov.io/bash || curl -o codecov.sh -f https://codecov.io/bash || curl -o codecov.sh -f https://codecov.io/bash + + bash codecov.sh -Z -e TRAVIS_OS_NAME,TOXENV,OPENSSL,DOCKER || \ + bash codecov.sh -Z -e TRAVIS_OS_NAME,TOXENV,OPENSSL,DOCKER + ;; + esac +fi |