@@ -165,20 +165,71 @@ jobs:
165165 - {IMAGE: "ubuntu-noble", NOXSESSION: "tests", RUNNER: "ubuntu-latest"}
166166 - {IMAGE: "ubuntu-rolling", NOXSESSION: "tests", RUNNER: "ubuntu-latest"}
167167 - {IMAGE: "fedora", NOXSESSION: "tests", RUNNER: "ubuntu-latest"}
168- - {IMAGE: "alpine", NOXSESSION: "tests", RUNNER: "ubuntu-latest"}
169168 - {IMAGE: "centos-stream9", NOXSESSION: "tests", RUNNER: "ubuntu-latest"}
170169 - {IMAGE: "centos-stream9-fips", NOXSESSION: "tests", RUNNER: "ubuntu-latest", FIPS: true}
171170 - {IMAGE: "centos-stream10", NOXSESSION: "tests", RUNNER: "ubuntu-latest"}
172171 - {IMAGE: "centos-stream10-fips", NOXSESSION: "tests", RUNNER: "ubuntu-latest", FIPS: true}
173172
174173 - {IMAGE: "ubuntu-rolling:aarch64", NOXSESSION: "tests", RUNNER: "ubuntu-24.04-arm"}
175- - {IMAGE: "alpine:aarch64", NOXSESSION: "tests", RUNNER: "ubuntu-24.04-arm"}
176174
177175 - {IMAGE: "ubuntu-rolling:armv7l", NOXSESSION: "tests", RUNNER: "ubuntu-24.04-arm"}
178176 timeout-minutes : 15
179177 env :
180178 RUSTUP_HOME : /root/.rustup
181179 steps :
180+ - uses : actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
181+ timeout-minutes : 3
182+ with :
183+ persist-credentials : false
184+ - name : Cache rust and pip
185+ uses : ./.github/actions/cache
186+ timeout-minutes : 2
187+ with :
188+ key : ${{ matrix.IMAGE.IMAGE }}
189+ - name : Clone test vectors
190+ timeout-minutes : 2
191+ uses : ./.github/actions/fetch-vectors
192+ # When run in a docker container the home directory doesn't have the same owner as the
193+ # apparent user so pip refuses to create a cache dir
194+ - name : create pip cache dir
195+ run : mkdir -p "${HOME}/.cache/pip"
196+ - run : |
197+ echo "OPENSSL_FORCE_FIPS_MODE=1" >> $GITHUB_ENV
198+ if: matrix.IMAGE.FIPS
199+ run : /venv/bin/python -m pip install -c ci-constraints-requirements.txt 'nox[uv]' 'tomli; python_version < "3.11"'
200+ - run : ' /venv/bin/nox -v --install-only'
201+ env :
202+ # OPENSSL_ENABLE_SHA1_SIGNATURES is for CentOS 9 Stream
203+ OPENSSL_ENABLE_SHA1_SIGNATURES : 1
204+ NOXSESSION : ${{ matrix.IMAGE.NOXSESSION }}
205+ - run : ' /venv/bin/nox --no-install -- --color=yes --wycheproof-root="wycheproof" --x509-limbo-root="x509-limbo"'
206+ env :
207+ COLUMNS : 80
208+ # OPENSSL_ENABLE_SHA1_SIGNATURES is for CentOS 9 Stream
209+ OPENSSL_ENABLE_SHA1_SIGNATURES : 1
210+ NOXSESSION : ${{ matrix.IMAGE.NOXSESSION }}
211+ - uses : ./.github/actions/upload-coverage
212+
213+ alpine :
214+ runs-on : ${{ matrix.IMAGE.RUNNER }}
215+ container :
216+ image : ghcr.io/pyca/cryptography-runner-${{ matrix.IMAGE.IMAGE }}
217+ volumes :
218+ - /staticnodehost:/staticnodecontainer:rw,rshared
219+ - /staticnodehost:/__e/node20:ro,rshared
220+ strategy :
221+ fail-fast : false
222+ matrix :
223+ IMAGE :
224+ - {IMAGE: "alpine", NOXSESSION: "tests", RUNNER: "ubuntu-latest"}
225+ - {IMAGE: "alpine:aarch64", NOXSESSION: "tests", RUNNER: "ubuntu-24.04-arm"}
226+ timeout-minutes : 15
227+ env :
228+ RUSTUP_HOME : /root/.rustup
229+ steps :
230+ - name : Ridiculous-er workaround for static node20
231+ run : |
232+ cp -R /staticnode/* /staticnodecontainer/
182233name : Ridiculous alpine workaround for actions support on arm64
183234 run : |
184235 # This modifies /etc/os-release so the JS actions
@@ -413,7 +464,7 @@ jobs:
413464 all-green :
414465 # https://github.community/t/is-it-possible-to-require-all-github-actions-tasks-to-pass-without-enumerating-them/117957/4?u=graingert
415466 runs-on : ubuntu-latest
416- needs : [linux, distros, macos, windows, linux-downstream]
467+ needs : [linux, alpine, distros, macos, windows, linux-downstream]
417468 if : ${{ always() }}
418469 timeout-minutes : 3
419470 steps :
0 commit comments