Add ability to TLS 1.3 cipher suites on SSL Context (#1432) #1239
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| pull_request: {} | |
| push: {} | |
| jobs: | |
| linux: | |
| runs-on: ${{ matrix.PYTHON.OS || 'ubuntu-22.04' }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| PYTHON: | |
| # Base builds | |
| - {VERSION: "3.7", TOXENV: "py37"} | |
| - {VERSION: "3.8", TOXENV: "py38"} | |
| - {VERSION: "3.9", TOXENV: "py39"} | |
| - {VERSION: "3.10", TOXENV: "py310"} | |
| - {VERSION: "3.11", TOXENV: "py311"} | |
| - {VERSION: "3.12", TOXENV: "py312"} | |
| - {VERSION: "3.13-dev", TOXENV: "py313"} | |
| - {VERSION: "pypy-3.9", TOXENV: "pypy3"} | |
| - {VERSION: "pypy-3.10", TOXENV: "pypy3"} | |
| - {VERSION: "3.11", TOXENV: "py311-useWheel", OS: "windows-2022" } | |
| # -cryptographyMain | |
| - {VERSION: "3.8", TOXENV: "py38-cryptographyMain"} | |
| - {VERSION: "3.9", TOXENV: "py39-cryptographyMain"} | |
| - {VERSION: "3.10", TOXENV: "py310-cryptographyMain"} | |
| - {VERSION: "3.11", TOXENV: "py311-cryptographyMain"} | |
| - {VERSION: "3.12", TOXENV: "py312-cryptographyMain"} | |
| - {VERSION: "3.13-dev", TOXENV: "py313-cryptographyMain"} | |
| - {VERSION: "pypy-3.9", TOXENV: "pypy3-cryptographyMain"} | |
| - {VERSION: "pypy-3.10", TOXENV: "pypy3-cryptographyMain"} | |
| # -cryptographyMinimum | |
| - {VERSION: "3.7", TOXENV: "py37-cryptographyMinimum"} | |
| - {VERSION: "3.8", TOXENV: "py38-cryptographyMinimum"} | |
| - {VERSION: "3.9", TOXENV: "py39-cryptographyMinimum"} | |
| - {VERSION: "3.10", TOXENV: "py310-cryptographyMinimum"} | |
| - {VERSION: "3.11", TOXENV: "py311-cryptographyMinimum"} | |
| - {VERSION: "3.12", TOXENV: "py312-cryptographyMinimum"} | |
| - {VERSION: "3.13-dev", TOXENV: "py313-cryptographyMinimum"} | |
| - {VERSION: "pypy-3.10", TOXENV: "pypy3-cryptographyMinimum"} | |
| # Cryptography wheels | |
| - {VERSION: "3.9", TOXENV: "py39-cryptographyMinimum-useWheel"} | |
| - {VERSION: "3.9", TOXENV: "py39-useWheel"} | |
| # Random order | |
| - {VERSION: "3.9", TOXENV: "py39-randomorder"} | |
| # Meta | |
| - {VERSION: "3.9", TOXENV: "check-manifest"} | |
| - {VERSION: "3.11", TOXENV: "lint"} | |
| - {VERSION: "3.13", TOXENV: "py313-mypy"} | |
| - {VERSION: "3.9", TOXENV: "docs"} | |
| name: "${{ matrix.PYTHON.TOXENV }}${{ matrix.PYTHON.OS && format(' on {0}', matrix.PYTHON.OS) || '' }}" | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Setup python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: ${{ matrix.PYTHON.VERSION }} | |
| - run: python -m pip install tox | |
| - run: tox -v | |
| env: | |
| TOXENV: ${{ matrix.PYTHON.TOXENV }} | |
| - uses: ./.github/actions/upload-coverage | |
| linux-docker: | |
| runs-on: ubuntu-latest | |
| container: ghcr.io/pyca/cryptography-runner-${{ matrix.TEST.CONTAINER }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| TEST: | |
| # cryptographyMain used since there's no wheel | |
| - {CONTAINER: "ubuntu-rolling", TOXENV: "py313-cryptographyMain"} | |
| name: "${{ matrix.TEST.TOXENV }} on ${{ matrix.TEST.CONTAINER }}" | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - run: /venv/bin/pip install tox | |
| - run: /venv/bin/tox -v | |
| env: | |
| TOXENV: ${{ matrix.TEST.TOXENV }} | |
| RUSTUP_HOME: /root/.rustup | |
| - uses: ./.github/actions/upload-coverage | |
| linux-downstream: | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| DOWNSTREAM: | |
| - twisted | |
| - certbot | |
| - certbot-josepy | |
| PYTHON: | |
| - 3.12 | |
| name: "Downstream tests for ${{ matrix.DOWNSTREAM }}" | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Setup python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: ${{ matrix.PYTHON }} | |
| - run: ./.github/downstream.d/${{ matrix.DOWNSTREAM }}.sh install | |
| - run: pip install . | |
| - run: ./.github/downstream.d/${{ matrix.DOWNSTREAM }}.sh run | |
| all-green: | |
| runs-on: ubuntu-latest | |
| needs: [linux, linux-docker, linux-downstream] | |
| if: ${{ always() }} | |
| timeout-minutes: 3 | |
| steps: | |
| - name: Decide whether the needed jobs succeeded or failed | |
| uses: re-actors/alls-green@05ac9388f0aebcb5727afa17fcccfecd6f8ec5fe # v1.2.2 | |
| with: | |
| jobs: ${{ toJSON(needs) }} | |
| - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| timeout-minutes: 3 | |
| with: | |
| persist-credentials: false | |
| - name: Setup python | |
| uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f # v5.1.1 | |
| with: | |
| python-version: '3.12' | |
| timeout-minutes: 3 | |
| - run: pip install coverage[toml] | |
| - name: Download coverage data | |
| uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 | |
| with: | |
| pattern: coverage-data-* | |
| merge-multiple: true | |
| - name: Combine coverage and fail if it's too low | |
| id: combinecoverage | |
| run: | | |
| set +e | |
| python -m coverage combine | |
| echo "## Python Coverage" >> $GITHUB_STEP_SUMMARY | |
| python -m coverage report -m --fail-under=98 > COV_REPORT | |
| COV_EXIT_CODE=$? | |
| cat COV_REPORT | |
| if [ $COV_EXIT_CODE -ne 0 ]; then | |
| echo "🚨 Python Coverage failed. Coverage too low." | tee -a $GITHUB_STEP_SUMMARY | |
| fi | |
| echo '```' >> $GITHUB_STEP_SUMMARY | |
| cat COV_REPORT >> $GITHUB_STEP_SUMMARY | |
| echo '```' >> $GITHUB_STEP_SUMMARY | |
| exit $COV_EXIT_CODE | |
| - name: Create coverage HTML | |
| run: python -m coverage html | |
| if: ${{ failure() && steps.combinecoverage.outcome == 'failure' }} | |
| - name: Upload HTML report. | |
| uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 | |
| with: | |
| name: _html-report | |
| path: htmlcov | |
| if-no-files-found: ignore |