Import improvements from cryptography wheel building and release #174
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Wheel Builder | |
permissions: | |
contents: read | |
on: | |
workflow_dispatch: | |
inputs: | |
version: | |
description: The version to build | |
required: false | |
# Do not add any non-tag push events without updating pypi-publish.yml. If | |
# you do, it'll upload wheels to PyPI. | |
push: | |
tags: | |
- '*.*' | |
- '*.*.*' | |
pull_request: | |
paths: | |
- .github/workflows/wheel-builder.yml | |
- setup.py | |
- pyproject.toml | |
jobs: | |
sdist: | |
runs-on: ubuntu-latest | |
name: sdists | |
steps: | |
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
with: | |
# The tag to build or the tag received by the tag event | |
ref: ${{ github.event.inputs.version || github.ref }} | |
persist-credentials: false | |
- run: python -m venv .venv | |
- name: Install Python dependencies | |
run: .venv/bin/pip install -U pip build | |
- name: Make sdist | |
run: .venv/bin/python -m build --sdist | |
- uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 | |
with: | |
name: "bcrypt-sdist" | |
path: dist/bcrypt* | |
manylinux: | |
needs: [sdist] | |
runs-on: ${{ matrix.MANYLINUX.RUNNER }} | |
strategy: | |
fail-fast: false | |
matrix: | |
PYTHON: | |
- { VERSION: "cp37-cp37m", ABI_VERSION: 'cp37' } | |
- { VERSION: "cp39-cp39", ABI_VERSION: 'cp39' } | |
- { VERSION: "pp39-pypy39_pp73" } | |
- { VERSION: "pp310-pypy310_pp73" } | |
MANYLINUX: | |
- { NAME: "manylinux2014_x86_64", CONTAINER: "cryptography-manylinux2014:x86_64", RUNNER: "ubuntu-latest" } | |
- { NAME: "manylinux_2_28_x86_64", CONTAINER: "cryptography-manylinux_2_28:x86_64", RUNNER: "ubuntu-latest"} | |
- { NAME: "musllinux_1_1_x86_64", CONTAINER: "cryptography-musllinux_1_1:x86_64", RUNNER: "ubuntu-latest"} | |
- { NAME: "musllinux_1_2_x86_64", CONTAINER: "cryptography-musllinux_1_2:x86_64", RUNNER: "ubuntu-latest"} | |
- { NAME: "manylinux2014_aarch64", CONTAINER: "cryptography-manylinux2014_aarch64", RUNNER: [self-hosted, Linux, ARM64] } | |
- { NAME: "manylinux_2_28_aarch64", CONTAINER: "cryptography-manylinux_2_28:aarch64", RUNNER: [self-hosted, Linux, ARM64]} | |
- { NAME: "musllinux_1_1_aarch64", CONTAINER: "cryptography-musllinux_1_1:aarch64", RUNNER: [self-hosted, Linux, ARM64]} | |
- { NAME: "musllinux_1_2_aarch64", CONTAINER: "cryptography-musllinux_1_2:aarch64", RUNNER: [self-hosted, Linux, ARM64]} | |
exclude: | |
# There are no readily available musllinux PyPy distributions | |
- PYTHON: { VERSION: "pp39-pypy39_pp73" } | |
MANYLINUX: { NAME: "musllinux_1_1_x86_64", CONTAINER: "cryptography-musllinux_1_1:x86_64", RUNNER: "ubuntu-latest"} | |
- PYTHON: { VERSION: "pp310-pypy310_pp73" } | |
MANYLINUX: { NAME: "musllinux_1_1_x86_64", CONTAINER: "cryptography-musllinux_1_1:x86_64", RUNNER: "ubuntu-latest"} | |
- PYTHON: { VERSION: "pp39-pypy39_pp73" } | |
MANYLINUX: { NAME: "musllinux_1_1_aarch64", CONTAINER: "cryptography-musllinux_1_1:aarch64", RUNNER: [self-hosted, Linux, ARM64]} | |
- PYTHON: { VERSION: "pp310-pypy310_pp73" } | |
MANYLINUX: { NAME: "musllinux_1_1_aarch64", CONTAINER: "cryptography-musllinux_1_1:aarch64", RUNNER: [self-hosted, Linux, ARM64]} | |
- PYTHON: { VERSION: "pp39-pypy39_pp73" } | |
MANYLINUX: { NAME: "musllinux_1_2_x86_64", CONTAINER: "cryptography-musllinux_1_2:x86_64", RUNNER: "ubuntu-latest"} | |
- PYTHON: { VERSION: "pp310-pypy310_pp73" } | |
MANYLINUX: { NAME: "musllinux_1_2_x86_64", CONTAINER: "cryptography-musllinux_1_2:x86_64", RUNNER: "ubuntu-latest"} | |
- PYTHON: { VERSION: "pp39-pypy39_pp73" } | |
MANYLINUX: { NAME: "musllinux_1_2_aarch64", CONTAINER: "cryptography-musllinux_1_2:aarch64", RUNNER: [self-hosted, Linux, ARM64]} | |
- PYTHON: { VERSION: "pp310-pypy310_pp73" } | |
MANYLINUX: { NAME: "musllinux_1_2_aarch64", CONTAINER: "cryptography-musllinux_1_2:aarch64", RUNNER: [self-hosted, Linux, ARM64]} | |
# We also don't build pypy wheels for anything except the latest manylinux | |
- PYTHON: { VERSION: "pp39-pypy39_pp73" } | |
MANYLINUX: { NAME: "manylinux2014_x86_64", CONTAINER: "cryptography-manylinux2014:x86_64", RUNNER: "ubuntu-latest"} | |
- PYTHON: { VERSION: "pp310-pypy310_pp73" } | |
MANYLINUX: { NAME: "manylinux2014_x86_64", CONTAINER: "cryptography-manylinux2014:x86_64", RUNNER: "ubuntu-latest"} | |
- PYTHON: { VERSION: "pp39-pypy39_pp73" } | |
MANYLINUX: { NAME: "manylinux2014_aarch64", CONTAINER: "cryptography-manylinux2014_aarch64", RUNNER: [self-hosted, Linux, ARM64]} | |
- PYTHON: { VERSION: "pp310-pypy310_pp73" } | |
MANYLINUX: { NAME: "manylinux2014_aarch64", CONTAINER: "cryptography-manylinux2014_aarch64", RUNNER: [self-hosted, Linux, ARM64]} | |
name: "${{ matrix.PYTHON.VERSION }} for ${{ matrix.MANYLINUX.NAME }}" | |
container: | |
image: ghcr.io/pyca/${{ matrix.MANYLINUX.CONTAINER }} | |
volumes: | |
- /staticnodehost:/staticnodecontainer:rw,rshared | |
- /staticnodehost:/__e/node20:ro,rshared | |
steps: | |
- name: Ridiculous-er workaround for static node20 | |
run: | | |
cp -R /staticnode/* /staticnodecontainer/ | |
- name: Ridiculous alpine workaround for actions support on arm64 | |
run: | | |
# This modifies /etc/os-release so the JS actions | |
# from GH can't detect that it's on alpine:aarch64. It will | |
# then use a glibc nodejs, which works fine when gcompat | |
# is installed in the container (which it is) | |
sed -i "s:ID=alpine:ID=NotpineForGHA:" /etc/os-release | |
if: startsWith(matrix.MANYLINUX.NAME, 'musllinux') && endsWith(matrix.MANYLINUX.NAME, 'aarch64') | |
- run: /opt/python/${{ matrix.PYTHON.VERSION }}/bin/python -m venv .venv | |
- name: Install python dependencies | |
run: .venv/bin/pip install -U pip wheel setuptools-rust | |
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
with: | |
name: bcrypt-sdist | |
- run: mkdir tmpwheelhouse | |
- name: Build the wheel | |
run: | | |
if [ -n "${{ matrix.PYTHON.ABI_VERSION }}" ]; then | |
PY_LIMITED_API="--config-settings=--build-option=--py-limited-api=${{ matrix.PYTHON.ABI_VERSION }} --no-build-isolation" | |
fi | |
.venv/bin/python -m pip wheel -v $PY_LIMITED_API bcrypt*.tar.gz -w dist/ && mv dist/bcrypt*.whl tmpwheelhouse | |
env: | |
RUSTUP_HOME: /root/.rustup | |
- run: auditwheel repair tmpwheelhouse/bcrypt*.whl -w wheelhouse/ | |
- run: .venv/bin/pip install bcrypt --no-index -f wheelhouse/ | |
- run: | | |
.venv/bin/python -c "import bcrypt; password = b'super secret password';hashed = bcrypt.hashpw(password, bcrypt.gensalt());bcrypt.checkpw(password, hashed)" | |
- run: mkdir bcrypt-wheelhouse | |
- run: mv wheelhouse/bcrypt*.whl bcrypt-wheelhouse/ | |
- uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 | |
with: | |
name: "bcrypt-${{ github.event.inputs.version }}-${{ matrix.MANYLINUX.NAME }} -${{ matrix.PYTHON.VERSION }}" | |
path: bcrypt-wheelhouse/ | |
macos: | |
needs: [sdist] | |
runs-on: macos-13 | |
strategy: | |
fail-fast: false | |
matrix: | |
PYTHON: | |
- VERSION: '3.11' | |
ABI_VERSION: 'cp37' | |
DOWNLOAD_URL: 'https://www.python.org/ftp/python/3.11.3/python-3.11.3-macos11.pkg' | |
BIN_PATH: '/Library/Frameworks/Python.framework/Versions/3.11/bin/python3' | |
- VERSION: '3.11' | |
ABI_VERSION: 'cp39' | |
DOWNLOAD_URL: 'https://www.python.org/ftp/python/3.11.3/python-3.11.3-macos11.pkg' | |
BIN_PATH: '/Library/Frameworks/Python.framework/Versions/3.11/bin/python3' | |
name: "Python ${{ matrix.PYTHON.VERSION }} for ABI ${{ matrix.PYTHON.ABI_VERSION }} on macOS" | |
steps: | |
- run: | | |
curl "${{ matrix.PYTHON.DOWNLOAD_URL }}" -o python.pkg | |
sudo installer -pkg python.pkg -target / | |
- uses: dtolnay/rust-toolchain@1482605bfc5719782e1267fd0c0cc350fe7646b8 | |
with: | |
toolchain: stable | |
# Add the arm64 target in addition to the native arch (x86_64) | |
target: aarch64-apple-darwin | |
- run: ${{ matrix.PYTHON.BIN_PATH }} -m venv venv | |
- run: venv/bin/pip install -U pip wheel setuptools-rust | |
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
with: | |
name: bcrypt-sdist | |
- run: mkdir wheelhouse | |
- name: Build the wheel | |
run: | | |
if [ -n "${{ matrix.PYTHON.ABI_VERSION }}" ]; then | |
PY_LIMITED_API="--config-settings=--build-option=--py-limited-api=${{ matrix.PYTHON.ABI_VERSION }} --no-build-isolation" | |
fi | |
venv/bin/python -m pip wheel -v $PY_LIMITED_API bcrypt*.tar.gz -w dist/ && mv dist/bcrypt*.whl wheelhouse | |
env: | |
PYTHON_VERSION: ${{ matrix.PYTHON.ABI_VERSION }} | |
MACOSX_DEPLOYMENT_TARGET: '10.12' | |
ARCHFLAGS: '-arch arm64 -arch x86_64' | |
_PYTHON_HOST_PLATFORM: 'macosx-10.9-universal2' | |
- run: venv/bin/pip install -f wheelhouse --no-index bcrypt | |
- run: | | |
venv/bin/python -c "import bcrypt;password = b'super secret password';hashed = bcrypt.hashpw(password, bcrypt.gensalt());bcrypt.checkpw(password, hashed)" | |
- run: mkdir bcrypt-wheelhouse | |
- run: mv wheelhouse/bcrypt*.whl bcrypt-wheelhouse/ | |
- uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 | |
with: | |
name: "bcrypt-${{ github.event.inputs.version }}-macOS-${{ matrix.PYTHON.ABI_VERSION }}" | |
path: bcrypt-wheelhouse/ | |
windows: | |
needs: [sdist] | |
runs-on: windows-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
WINDOWS: | |
- {ARCH: 'x86', RUST_TRIPLE: 'i686-pc-windows-msvc'} | |
- {ARCH: 'x64', RUST_TRIPLE: 'x86_64-pc-windows-msvc'} | |
PYTHON: | |
- {VERSION: "3.11", ABI_VERSION: "cp37"} | |
- {VERSION: "3.11", ABI_VERSION: "cp39"} | |
name: "${{ matrix.PYTHON.VERSION }} ${{ matrix.PYTHON.ABI_VERSION }} ${{ matrix.WINDOWS.ARCH }}" | |
steps: | |
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
with: | |
name: bcrypt-sdist | |
- name: Setup python | |
uses: actions/setup-python@v5.1.1 | |
with: | |
python-version: ${{ matrix.PYTHON.VERSION }} | |
architecture: ${{ matrix.WINDOWS.ARCH }} | |
- uses: dtolnay/rust-toolchain@1482605bfc5719782e1267fd0c0cc350fe7646b8 | |
with: | |
toolchain: stable | |
target: ${{ matrix.WINDOWS.RUST_TRIPLE }} | |
- run: python -m pip install -U pip wheel setuptools-rust | |
- run: mkdir wheelhouse | |
shell: bash | |
- name: Build the wheel | |
run: | | |
if [ -n "${{ matrix.PYTHON.ABI_VERSION }}" ]; then | |
PY_LIMITED_API="--config-settings=--build-option=--py-limited-api=${{ matrix.PYTHON.ABI_VERSION }} --no-build-isolation" | |
fi | |
python -m pip wheel -v $PY_LIMITED_API bcrypt*.tar.gz -w dist/ && mv dist/bcrypt*.whl wheelhouse | |
shell: bash | |
- run: pip install -f wheelhouse --no-index bcrypt | |
- run: | | |
python -c "import bcrypt; password = b'super secret password';hashed = bcrypt.hashpw(password, bcrypt.gensalt());bcrypt.checkpw(password, hashed)" | |
# TODO: can we setup another python and test in the same job? this would catch bad linking problems (e.g. build and test on py36, but then install py38 and see if it works | |
- run: mkdir bcrypt-wheelhouse | |
- run: move wheelhouse\bcrypt*.whl bcrypt-wheelhouse\ | |
- uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4 | |
with: | |
name: "bcrypt-${{ github.event.inputs.version }}-${{ matrix.WINDOWS.ARCH }}-${{ matrix.PYTHON.ABI_VERSION }}" | |
path: bcrypt-wheelhouse\ |