mirror of
https://github.com/python/cpython.git
synced 2026-05-06 12:49:07 -04:00
gh-136728: Combine OpenSSL and AWS-LC CI configurations (#144805)
This commit is contained in:
Zachary Ware
+35
-81
@@ -253,8 +253,8 @@ jobs:
|
||||
os: ${{ matrix.os }}
|
||||
test-opts: ${{ matrix.test-opts || '' }}
|
||||
|
||||
build-ubuntu-ssltests-openssl:
|
||||
name: 'Ubuntu SSL tests with OpenSSL'
|
||||
build-ubuntu-ssltests:
|
||||
name: 'Ubuntu SSL tests'
|
||||
runs-on: ${{ matrix.os }}
|
||||
timeout-minutes: 60
|
||||
needs: build-context
|
||||
@@ -263,16 +263,25 @@ jobs:
|
||||
fail-fast: false
|
||||
matrix:
|
||||
os: [ubuntu-24.04]
|
||||
# Keep 1.1.1w in our list despite it being upstream EOL and otherwise
|
||||
# unsupported as it most resembles other 1.1.1-work-a-like ssl APIs
|
||||
# supported by important vendors such as AWS-LC.
|
||||
openssl_ver: [1.1.1w, 3.0.19, 3.3.6, 3.4.4, 3.5.5, 3.6.1]
|
||||
# See Tools/ssl/make_ssl_data.py for notes on adding a new version
|
||||
ssllib:
|
||||
# See Tools/ssl/make_ssl_data.py for notes on adding a new version
|
||||
## OpenSSL
|
||||
# Keep 1.1.1w in our list despite it being upstream EOL and otherwise
|
||||
# unsupported as it most resembles other 1.1.1-work-a-like ssl APIs
|
||||
# supported by important vendors such as AWS-LC.
|
||||
- { name: openssl, version: 1.1.1w }
|
||||
- { name: openssl, version: 3.0.19 }
|
||||
- { name: openssl, version: 3.3.6 }
|
||||
- { name: openssl, version: 3.4.4 }
|
||||
- { name: openssl, version: 3.5.5 }
|
||||
- { name: openssl, version: 3.6.1 }
|
||||
## AWS-LC
|
||||
- { name: aws-lc, version: 1.68.0 }
|
||||
env:
|
||||
OPENSSL_VER: ${{ matrix.openssl_ver }}
|
||||
SSLLIB_VER: ${{ matrix.ssllib.version }}
|
||||
MULTISSL_DIR: ${{ github.workspace }}/multissl
|
||||
OPENSSL_DIR: ${{ github.workspace }}/multissl/openssl/${{ matrix.openssl_ver }}
|
||||
LD_LIBRARY_PATH: ${{ github.workspace }}/multissl/openssl/${{ matrix.openssl_ver }}/lib
|
||||
SSLLIB_DIR: ${{ github.workspace }}/multissl/${{ matrix.ssllib.name }}/${{ matrix.ssllib.version }}
|
||||
LD_LIBRARY_PATH: ${{ github.workspace }}/multissl/${{ matrix.ssllib.name }}/${{ matrix.ssllib.version }}/lib
|
||||
steps:
|
||||
- uses: actions/checkout@v6
|
||||
with:
|
||||
@@ -283,73 +292,19 @@ jobs:
|
||||
run: echo "::add-matcher::.github/problem-matchers/gcc.json"
|
||||
- name: Install dependencies
|
||||
run: sudo ./.github/workflows/posix-deps-apt.sh
|
||||
- name: Configure OpenSSL env vars
|
||||
run: |
|
||||
echo "MULTISSL_DIR=${GITHUB_WORKSPACE}/multissl" >> "$GITHUB_ENV"
|
||||
echo "OPENSSL_DIR=${GITHUB_WORKSPACE}/multissl/openssl/${OPENSSL_VER}" >> "$GITHUB_ENV"
|
||||
echo "LD_LIBRARY_PATH=${GITHUB_WORKSPACE}/multissl/openssl/${OPENSSL_VER}/lib" >> "$GITHUB_ENV"
|
||||
- name: 'Restore OpenSSL build'
|
||||
id: cache-openssl
|
||||
- name: 'Restore SSL library build'
|
||||
id: cache-ssl-lib
|
||||
uses: actions/cache@v5
|
||||
with:
|
||||
path: ./multissl/openssl/${{ env.OPENSSL_VER }}
|
||||
key: ${{ matrix.os }}-multissl-openssl-${{ env.OPENSSL_VER }}
|
||||
- name: Install OpenSSL
|
||||
if: steps.cache-openssl.outputs.cache-hit != 'true'
|
||||
run: python3 Tools/ssl/multissltests.py --steps=library --base-directory "$MULTISSL_DIR" --openssl "$OPENSSL_VER" --system Linux
|
||||
- name: Configure CPython
|
||||
run: ./configure CFLAGS="-fdiagnostics-format=json" --config-cache --enable-slower-safety --with-pydebug --with-openssl="$OPENSSL_DIR"
|
||||
- name: Build CPython
|
||||
run: make -j4
|
||||
- name: Display build info
|
||||
run: make pythoninfo
|
||||
- name: SSL tests
|
||||
run: ./python Lib/test/ssltests.py
|
||||
|
||||
build-ubuntu-ssltests-awslc:
|
||||
name: 'Ubuntu SSL tests with AWS-LC'
|
||||
runs-on: ${{ matrix.os }}
|
||||
timeout-minutes: 60
|
||||
needs: build-context
|
||||
if: needs.build-context.outputs.run-ubuntu == 'true'
|
||||
strategy:
|
||||
fail-fast: false
|
||||
matrix:
|
||||
os: [ubuntu-24.04]
|
||||
awslc_ver: [1.55.0]
|
||||
env:
|
||||
AWSLC_VER: ${{ matrix.awslc_ver}}
|
||||
MULTISSL_DIR: ${{ github.workspace }}/multissl
|
||||
OPENSSL_DIR: ${{ github.workspace }}/multissl/aws-lc/${{ matrix.awslc_ver }}
|
||||
LD_LIBRARY_PATH: ${{ github.workspace }}/multissl/aws-lc/${{ matrix.awslc_ver }}/lib
|
||||
steps:
|
||||
- uses: actions/checkout@v6
|
||||
with:
|
||||
persist-credentials: false
|
||||
- name: Runner image version
|
||||
run: echo "IMAGE_OS_VERSION=${ImageOS}-${ImageVersion}" >> "$GITHUB_ENV"
|
||||
- name: Register gcc problem matcher
|
||||
run: echo "::add-matcher::.github/problem-matchers/gcc.json"
|
||||
- name: Install dependencies
|
||||
run: sudo ./.github/workflows/posix-deps-apt.sh
|
||||
- name: Configure SSL lib env vars
|
||||
run: |
|
||||
echo "MULTISSL_DIR=${GITHUB_WORKSPACE}/multissl" >> "$GITHUB_ENV"
|
||||
echo "OPENSSL_DIR=${GITHUB_WORKSPACE}/multissl/aws-lc/${AWSLC_VER}" >> "$GITHUB_ENV"
|
||||
echo "LD_LIBRARY_PATH=${GITHUB_WORKSPACE}/multissl/aws-lc/${AWSLC_VER}/lib" >> "$GITHUB_ENV"
|
||||
- name: 'Restore AWS-LC build'
|
||||
id: cache-aws-lc
|
||||
uses: actions/cache@v5
|
||||
with:
|
||||
path: ./multissl/aws-lc/${{ matrix.awslc_ver }}
|
||||
key: ${{ matrix.os }}-multissl-aws-lc-${{ matrix.awslc_ver }}
|
||||
- name: Install AWS-LC
|
||||
if: steps.cache-aws-lc.outputs.cache-hit != 'true'
|
||||
path: ./multissl/${{ matrix.ssllib.name }}/${{ matrix.ssllib.version }}
|
||||
key: ${{ matrix.os }}-multissl-${{ matrix.ssllib.name }}-${{ matrix.ssllib.version }}
|
||||
- name: Install SSL Library
|
||||
if: steps.cache-ssl-lib.outputs.cache-hit != 'true'
|
||||
run: |
|
||||
python3 Tools/ssl/multissltests.py \
|
||||
--steps=library \
|
||||
--base-directory "$MULTISSL_DIR" \
|
||||
--awslc ${{ matrix.awslc_ver }} \
|
||||
'--${{ matrix.ssllib.name }}' '${{ matrix.ssllib.version }}' \
|
||||
--system Linux
|
||||
- name: Configure CPython
|
||||
run: |
|
||||
@@ -357,15 +312,17 @@ jobs:
|
||||
--config-cache \
|
||||
--enable-slower-safety \
|
||||
--with-pydebug \
|
||||
--with-openssl="$OPENSSL_DIR" \
|
||||
--with-openssl="$SSLLIB_DIR" \
|
||||
--with-builtin-hashlib-hashes=blake2 \
|
||||
--with-ssl-default-suites=openssl
|
||||
- name: Build CPython
|
||||
run: make -j
|
||||
run: make -j4
|
||||
- name: Display build info
|
||||
run: make pythoninfo
|
||||
- name: Verify python is linked to AWS-LC
|
||||
run: ./python -c 'import ssl; print(ssl.OPENSSL_VERSION)' | grep AWS-LC
|
||||
- name: Verify python is linked to the right lib
|
||||
run: |
|
||||
./python -c 'import ssl; print(ssl.OPENSSL_VERSION)' \
|
||||
| grep -iE '${{ matrix.ssllib.name }}.*${{ matrix.ssllib.version }}'
|
||||
- name: SSL tests
|
||||
run: ./python Lib/test/ssltests.py
|
||||
|
||||
@@ -691,8 +648,7 @@ jobs:
|
||||
- build-windows-msi
|
||||
- build-macos
|
||||
- build-ubuntu
|
||||
- build-ubuntu-ssltests-awslc
|
||||
- build-ubuntu-ssltests-openssl
|
||||
- build-ubuntu-ssltests
|
||||
- build-ios
|
||||
- build-wasi
|
||||
- test-hypothesis
|
||||
@@ -709,8 +665,7 @@ jobs:
|
||||
allowed-failures: >-
|
||||
build-android,
|
||||
build-windows-msi,
|
||||
build-ubuntu-ssltests-awslc,
|
||||
build-ubuntu-ssltests-openssl,
|
||||
build-ubuntu-ssltests,
|
||||
test-hypothesis,
|
||||
cifuzz,
|
||||
allowed-skips: >-
|
||||
@@ -741,8 +696,7 @@ jobs:
|
||||
!fromJSON(needs.build-context.outputs.run-ubuntu)
|
||||
&& '
|
||||
build-ubuntu,
|
||||
build-ubuntu-ssltests-awslc,
|
||||
build-ubuntu-ssltests-openssl,
|
||||
build-ubuntu-ssltests,
|
||||
test-hypothesis,
|
||||
build-asan,
|
||||
build-san,
|
||||
|
||||
Reference in New Issue
Block a user