cryptography windows #12
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: cryptography win_arm64 | |
| permissions: | |
| contents: read | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| version: | |
| description: The version to build (leave empty for latest commit) | |
| required: false | |
| env: | |
| CRYPTOGRAPHY_REPO: https://github.com/pyca/cryptography.git | |
| CRYPTOGRAPHY_DIR: cryptography-repo | |
| BUILD_REQUIREMENTS_PATH: cryptography-repo/.github/requirements/build-requirements.txt | |
| UV_REQUIREMENTS_PATH: cryptography-repo/.github/requirements/uv-requirements.txt | |
| jobs: | |
| sdist: | |
| runs-on: ubuntu-latest | |
| name: sdists | |
| outputs: | |
| commit_sha: ${{ steps.clone-repo.outputs.commit_sha }} | |
| steps: | |
| - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| with: | |
| persist-credentials: false | |
| - name: Clone cryptography repository and get commit SHA | |
| id: clone-repo | |
| run: | | |
| git clone ${{ env.CRYPTOGRAPHY_REPO }} ${{ env.CRYPTOGRAPHY_DIR }} | |
| cd ${{ env.CRYPTOGRAPHY_DIR }} | |
| if [ -n "${{ github.event.inputs.version }}" ]; then | |
| git checkout ${{ github.event.inputs.version }} | |
| VERSION_INFO="${{ github.event.inputs.version }}-$(git rev-parse --short HEAD)" | |
| else | |
| git checkout main | |
| VERSION_INFO="$(git rev-parse --short HEAD)" | |
| fi | |
| COMMIT_SHA=$(git rev-parse --short HEAD) | |
| echo "COMMIT_SHA=${COMMIT_SHA}" >> $GITHUB_ENV | |
| echo "commit_sha=${VERSION_INFO}" >> $GITHUB_OUTPUT | |
| echo "Using commit: ${COMMIT_SHA}" | |
| echo "Using version info for artifacts: ${VERSION_INFO}" | |
| - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 | |
| with: | |
| python-version: "3.13" | |
| timeout-minutes: 3 | |
| - run: python -m pip install -r $UV_REQUIREMENTS_PATH | |
| - name: Make sdist (cryptography) | |
| run: | | |
| cd ${{ env.CRYPTOGRAPHY_DIR }} | |
| uv build --build-constraint=../$BUILD_REQUIREMENTS_PATH --require-hashes --sdist | |
| mkdir -p ../dist | |
| cp dist/* ../dist/ | |
| - name: Make sdist and wheel (vectors) | |
| run: | | |
| cd ${{ env.CRYPTOGRAPHY_DIR }} | |
| uv build --build-constraint=../$BUILD_REQUIREMENTS_PATH --require-hashes vectors/ | |
| mkdir -p ../vectors/dist | |
| cp vectors/dist/* ../vectors/dist/ | |
| - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 | |
| with: | |
| name: "cryptography-sdist" | |
| path: dist/cryptography* | |
| - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 | |
| with: | |
| name: "vectors-sdist-wheel" | |
| path: vectors/dist/cryptography* | |
| - name: Upload requirements files | |
| uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 | |
| with: | |
| name: "requirements-files" | |
| path: | | |
| ${{ env.CRYPTOGRAPHY_DIR }}/.github/requirements/ | |
| windows: | |
| needs: [sdist] | |
| runs-on: ${{ matrix.WINDOWS.RUNNER }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| WINDOWS: | |
| - {ARCH: 'arm64', WINDOWS: 'arm64', RUST_TRIPLE: 'aarch64-pc-windows-msvc', RUNNER: 'windows-11-arm'} | |
| PYTHON: | |
| # Build wheels with Python 3.14 using limited ABI for backward compatibility | |
| # - {VERSION: "3.14", "ABI_VERSION": "py38"} # Compatible with Python 3.8+ | |
| - {VERSION: "3.14", "ABI_VERSION": "py311"} # Compatible with Python 3.11+ | |
| # - {VERSION: "3.14t"} # Free-threaded Python, no limited ABI | |
| name: "${{ matrix.PYTHON.VERSION }} ${{ matrix.WINDOWS.WINDOWS }} ${{ matrix.PYTHON.ABI_VERSION || 'no-abi' }}" | |
| steps: | |
| - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| with: | |
| persist-credentials: false | |
| - name: Create directories for requirements | |
| run: | | |
| mkdir -p cryptography-repo/.github/requirements/ | |
| shell: bash | |
| - name: Download requirements files | |
| uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0 | |
| with: | |
| name: requirements-files | |
| path: cryptography-repo/.github/requirements/ | |
| - uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0 | |
| with: | |
| name: cryptography-sdist | |
| - name: Check if PyManager is installed | |
| id: check-pymanager | |
| shell: pwsh | |
| run: | | |
| $PSNativeCommandUseErrorActionPreference = $false | |
| py list 2>$null | Out-Null | |
| if ($LASTEXITCODE -eq 0) { | |
| echo "installed=true" >> $env:GITHUB_OUTPUT | |
| } else { | |
| echo "installed=false" >> $env:GITHUB_OUTPUT | |
| } | |
| - name: Install PyManager | |
| if: steps.check-pymanager.outputs.installed == 'false' | |
| shell: pwsh | |
| run: winget install 9NQ7512CXL7T --accept-package-agreements --accept-source-agreements | |
| - name: Install Python ${{ matrix.PYTHON.VERSION }} with PyManager | |
| shell: pwsh | |
| run: | | |
| py install ${{ matrix.PYTHON.VERSION }} | |
| if ($LASTEXITCODE -ne 0) { exit $LASTEXITCODE } | |
| - name: Set Python ${{ matrix.PYTHON.VERSION }} as default | |
| shell: pwsh | |
| run: | | |
| py default ${{ matrix.PYTHON.VERSION }} | |
| if ($LASTEXITCODE -ne 0) { exit $LASTEXITCODE } | |
| - uses: dtolnay/rust-toolchain@b3b07ba8b418998c39fb20f53e8b695cdcc8de1b | |
| with: | |
| toolchain: stable | |
| target: ${{ matrix.WINDOWS.RUST_TRIPLE }} | |
| - uses: dawidd6/action-download-artifact@ac66b43f0e6a346234dd65d4d0c8fbb31cb316e5 # v11 | |
| with: | |
| repo: pyca/infra | |
| workflow: build-windows-openssl.yml | |
| branch: main | |
| workflow_conclusion: success | |
| name: "openssl-${{ matrix.WINDOWS.WINDOWS }}" | |
| path: "C:/openssl-${{ matrix.WINDOWS.WINDOWS }}/" | |
| github_token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Configure OpenSSL | |
| run: | | |
| echo "OPENSSL_DIR=C:/openssl-${{ matrix.WINDOWS.WINDOWS }}" >> $GITHUB_ENV | |
| echo "OPENSSL_STATIC=1" >> $GITHUB_ENV | |
| shell: bash | |
| - run: | | |
| # Verify requirements files exist before using them | |
| ls -la ${UV_REQUIREMENTS_PATH} | |
| pip install -r "${UV_REQUIREMENTS_PATH}" | |
| shell: bash | |
| - run: mkdir wheelhouse | |
| - run: | | |
| if [ -n "${{ matrix.PYTHON.ABI_VERSION }}" ]; then | |
| PY_LIMITED_API="--config-settings=build-args=--features=pyo3/abi3-${{ matrix.PYTHON.ABI_VERSION }}" | |
| fi | |
| uv build --wheel --require-hashes --build-constraint=$BUILD_REQUIREMENTS_PATH cryptography*.tar.gz $PY_LIMITED_API -o wheelhouse/ | |
| shell: bash | |
| - run: uv venv | |
| - run: uv pip install --require-hashes -r "${BUILD_REQUIREMENTS_PATH}" | |
| shell: bash | |
| - run: uv pip install cryptography --no-index -f wheelhouse/ | |
| - name: Print the OpenSSL we built and linked against | |
| run: | | |
| echo "from cryptography.hazmat.backends.openssl.backend import backend;print('Loaded: ' + backend.openssl_version_text());print('Linked Against: ' + backend._ffi.string(backend._lib.OPENSSL_VERSION_TEXT).decode('ascii'))" | uv run - | |
| - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 | |
| with: | |
| name: "cryptography-${{ needs.sdist.outputs.commit_sha }}-${{ matrix.WINDOWS.WINDOWS }}-${{ matrix.PYTHON.VERSION }}-${{ matrix.PYTHON.ABI_VERSION || 'no-abi' }}" | |
| path: wheelhouse\ | |
| cleanup: | |
| needs: [windows] | |
| runs-on: ubuntu-latest | |
| if: always() | |
| steps: | |
| - name: Delete intermediate artifacts | |
| uses: geekyeggo/delete-artifact@v5 | |
| with: | |
| name: | | |
| cryptography-sdist | |
| requirements-files | |
| vectors-sdist-wheel | |
| failOnError: false |