Skip to content

Raise cryptography version and prepare the 24.3.0 release #1034

Raise cryptography version and prepare the 24.3.0 release

Raise cryptography version and prepare the 24.3.0 release #1034

Workflow file for this run

name: CI
on:
pull_request: {}
push: {}
jobs:
linux:
runs-on: ${{ matrix.PYTHON.OS || 'ubuntu-22.04' }}
strategy:
fail-fast: false
matrix:
PYTHON:
# Base builds
- {VERSION: "3.7", TOXENV: "py37"}
- {VERSION: "3.8", TOXENV: "py38"}
- {VERSION: "3.9", TOXENV: "py39"}
- {VERSION: "3.10", TOXENV: "py310"}
- {VERSION: "3.11", TOXENV: "py311"}
- {VERSION: "3.12", TOXENV: "py312"}
- {VERSION: "3.13-dev", TOXENV: "py313"}
- {VERSION: "pypy-3.9", TOXENV: "pypy3"}
- {VERSION: "pypy-3.10", TOXENV: "pypy3"}
- {VERSION: "3.11", TOXENV: "py311-useWheel", OS: "windows-2022" }
# -cryptographyMain
- {VERSION: "3.7", TOXENV: "py37-cryptographyMain"}
- {VERSION: "3.8", TOXENV: "py38-cryptographyMain"}
- {VERSION: "3.9", TOXENV: "py39-cryptographyMain"}
- {VERSION: "3.10", TOXENV: "py310-cryptographyMain"}
- {VERSION: "3.11", TOXENV: "py311-cryptographyMain"}
- {VERSION: "3.12", TOXENV: "py312-cryptographyMain"}
- {VERSION: "3.13-dev", TOXENV: "py313-cryptographyMain"}
- {VERSION: "pypy-3.9", TOXENV: "pypy3-cryptographyMain"}
- {VERSION: "pypy-3.10", TOXENV: "pypy3-cryptographyMain"}
# -cryptographyMinimum
- {VERSION: "3.7", TOXENV: "py37-cryptographyMinimum"}
- {VERSION: "3.8", TOXENV: "py38-cryptographyMinimum"}
- {VERSION: "3.9", TOXENV: "py39-cryptographyMinimum"}
- {VERSION: "3.10", TOXENV: "py310-cryptographyMinimum"}
- {VERSION: "3.11", TOXENV: "py311-cryptographyMinimum"}
- {VERSION: "3.12", TOXENV: "py312-cryptographyMinimum"}
- {VERSION: "3.13-dev", TOXENV: "py313-cryptographyMinimum"}
- {VERSION: "pypy-3.10", TOXENV: "pypy3-cryptographyMinimum"}
# Cryptography wheels
- {VERSION: "3.9", TOXENV: "py39-cryptographyMinimum-useWheel"}
- {VERSION: "3.9", TOXENV: "py39-useWheel"}
# Random order
- {VERSION: "3.9", TOXENV: "py39-randomorder"}
# Meta
- {VERSION: "3.9", TOXENV: "check-manifest"}
- {VERSION: "3.11", TOXENV: "lint"}
- {VERSION: "3.11", TOXENV: "py311-mypy"}
- {VERSION: "3.9", TOXENV: "docs"}
name: "${{ matrix.PYTHON.TOXENV }}${{ matrix.PYTHON.OS && format(' on {0}', matrix.PYTHON.OS) || '' }}"
steps:
- uses: actions/checkout@v4
- name: Setup python
uses: actions/setup-python@v5
with:
python-version: ${{ matrix.PYTHON.VERSION }}
- run: python -m pip install tox
- run: tox -v
env:
TOXENV: ${{ matrix.PYTHON.TOXENV }}
- uses: ./.github/actions/upload-coverage
linux-docker:
runs-on: ubuntu-latest
container: ghcr.io/pyca/cryptography-runner-${{ matrix.TEST.CONTAINER }}
strategy:
fail-fast: false
matrix:
TEST:
# cryptographyMain used since there's no wheel
- {CONTAINER: "ubuntu-rolling", TOXENV: "py312-cryptographyMain"}
name: "${{ matrix.TEST.TOXENV }} on ${{ matrix.TEST.CONTAINER }}"
steps:
- uses: actions/checkout@v4
- run: /venv/bin/pip install tox
- run: /venv/bin/tox -v
env:
TOXENV: ${{ matrix.TEST.TOXENV }}
RUSTUP_HOME: /root/.rustup
- uses: ./.github/actions/upload-coverage
linux-downstream:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
DOWNSTREAM:
- twisted
- certbot
- certbot-josepy
PYTHON:
- 3.12
name: "Downstream tests for ${{ matrix.DOWNSTREAM }}"
steps:
- uses: actions/checkout@v4
- name: Setup python
uses: actions/setup-python@v5
with:
python-version: ${{ matrix.PYTHON }}
- run: ./.github/downstream.d/${{ matrix.DOWNSTREAM }}.sh install
- run: pip install .
- run: ./.github/downstream.d/${{ matrix.DOWNSTREAM }}.sh run
all-green:
runs-on: ubuntu-latest
needs: [linux, linux-docker, linux-downstream]
if: ${{ always() }}
timeout-minutes: 3
steps:
- name: Decide whether the needed jobs succeeded or failed
uses: re-actors/alls-green@05ac9388f0aebcb5727afa17fcccfecd6f8ec5fe # v1.2.2
with:
jobs: ${{ toJSON(needs) }}
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
timeout-minutes: 3
with:
persist-credentials: false
- name: Setup python
uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f # v5.1.1
with:
python-version: '3.12'
timeout-minutes: 3
- run: pip install coverage[toml]
- name: Download coverage data
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
pattern: coverage-data-*
merge-multiple: true
- name: Combine coverage and fail if it's too low
id: combinecoverage
run: |
set +e
python -m coverage combine
echo "## Python Coverage" >> $GITHUB_STEP_SUMMARY
python -m coverage report -m --fail-under=98 > COV_REPORT
COV_EXIT_CODE=$?
cat COV_REPORT
if [ $COV_EXIT_CODE -ne 0 ]; then
echo "🚨 Python Coverage failed. Coverage too low." | tee -a $GITHUB_STEP_SUMMARY
fi
echo '```' >> $GITHUB_STEP_SUMMARY
cat COV_REPORT >> $GITHUB_STEP_SUMMARY
echo '```' >> $GITHUB_STEP_SUMMARY
exit $COV_EXIT_CODE
- name: Create coverage HTML
run: python -m coverage html
if: ${{ failure() && steps.combinecoverage.outcome == 'failure' }}
- name: Upload HTML report.
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
with:
name: _html-report
path: htmlcov
if-no-files-found: ignore