Skip to content

Merge PR #62

Merge PR #62 #268

Workflow file for this run

name: build
on: [push, pull_request]
jobs:
test:
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [ubuntu-latest, windows-latest, macos-latest]
python: ['3.8', '3.9', '3.10', '3.11', '3.12', 'pypy3.9']
architecture: [x86, x64, arm64]
exclude:
- os: ubuntu-latest
architecture: x86
- os: ubuntu-latest
architecture: arm64
- os: macos-latest
architecture: x86
- os: macos-latest
architecture: x64
- os: windows-latest
architecture: arm64
- os: windows-latest
python: pypy3.9
- os: macos-latest
python: pypy3.9
name: ${{ matrix.os }} Py ${{ matrix.python }} ${{ matrix.architecture }}
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: ${{ matrix.python }}
architecture: ${{ matrix.architecture }}
- name: Install python dependencies
run: |
python -m pip install --upgrade pip
pip install poetry
poetry install
- name: Run pre-commit
if: "!startsWith(matrix.python, 'pypy')"
run: |
python -m pip install pre-commit
pre-commit run --all-files --verbose
- name: Run unit tests
run: poetry run pytest -v -k "not device"
device_test:
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [ubuntu-latest, macos-latest]
name: Device tests ${{ matrix.os }}
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: 3.x
- name: Install python dependencies
run: |
python -m pip install --upgrade pip
python -m pip install poetry
poetry install -E http
- name: Set up tunnel
env:
tlspwd: ${{ secrets.TLSPWD }}
run: |
openssl aes-256-cbc -k "$tlspwd" -md sha256 -in ./.ci/client-combined.pem.enc -out ./.ci/client-combined.pem -d
export krnl="$(uname -s | tr '[:upper:]' '[:lower:]')"
wget https://github.com/square/ghostunnel/releases/download/v1.3.1/ghostunnel-v1.3.1-$krnl-amd64-with-pkcs11 -O ghostunnel
chmod +x ./ghostunnel
./ghostunnel client --listen localhost:12345 --target hsm-connector01.sthlm.in.yubico.org:8443 --keystore ./.ci/client-combined.pem --cacert ./.ci/server-crt.pem 2>/dev/null &
sleep 3
echo "BACKEND=$(curl http://localhost:12345/dispatcher/request)" >> $GITHUB_ENV
- name: Run device tests
if: ${{ env.BACKEND }}
run: |
echo Using backend $BACKEND
poetry run pytest -v --backend "$BACKEND" tests/device/
- name: Release HSM
if: ${{ always() && env.BACKEND }}
run: curl "http://localhost:12345/dispatcher/release?connector=$BACKEND"
sdist:
runs-on: ubuntu-latest
name: Build Python source .tar.gz
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: 3.x
- name: Build source package
run: |
python -m pip install --upgrade pip
python -m pip install poetry
poetry build
- name: Upload source package
uses: actions/upload-artifact@v4
with:
name: python-yubihsm-sdist
path: dist
docs:
runs-on: ubuntu-latest
name: Build sphinx documentation
steps:
- uses: actions/checkout@v4
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: 3.8
- name: Install python dependencies
run: |
python -m pip install --upgrade pip
python -m pip install poetry
poetry install -E http -E usb
- name: Build sphinx documentation
run: poetry run make -C docs/ html
- name: Upload documentation
uses: actions/upload-artifact@v4
with:
name: python-yubihsm-docs
path: docs/_build/html