-
Notifications
You must be signed in to change notification settings - Fork 15
145 lines (117 loc) · 3.98 KB
/
build.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
name: build
on: [push, pull_request]
jobs:
test:
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [ubuntu-latest, windows-latest, macos-latest]
python: ['3.8', '3.9', '3.10', '3.11', '3.12', 'pypy3.9']
architecture: [x86, x64]
exclude:
- os: ubuntu-latest
architecture: x86
- os: macos-latest
architecture: x86
- os: windows-latest
python: pypy3.9
- os: macos-latest
python: pypy3.9
name: ${{ matrix.os }} Py ${{ matrix.python }} ${{ matrix.architecture }}
steps:
- uses: actions/checkout@v3
- name: Set up Python
uses: actions/setup-python@v4
with:
python-version: ${{ matrix.python }}
architecture: ${{ matrix.architecture }}
- name: Install python dependencies
run: |
python -m pip install --upgrade pip
pip install poetry
poetry install
- name: Run pre-commit
if: "!startsWith(matrix.python, 'pypy')"
run: |
python -m pip install pre-commit
pre-commit run --all-files --verbose
- name: Run unit tests
run: poetry run pytest -v -k "not device"
device_test:
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [ubuntu-latest, macos-latest]
name: Device tests ${{ matrix.os }}
steps:
- uses: actions/checkout@v3
- name: Set up Python
uses: actions/setup-python@v4
with:
python-version: 3.x
- name: Install python dependencies
run: |
python -m pip install --upgrade pip
python -m pip install poetry
poetry install -E http
- name: Set up tunnel
env:
tlspwd: ${{ secrets.TLSPWD }}
run: |
openssl aes-256-cbc -k "$tlspwd" -md sha256 -in ./.ci/client-combined.pem.enc -out ./.ci/client-combined.pem -d
echo "decrypted client cert"
export krnl="$(uname -s | tr '[:upper:]' '[:lower:]')"
wget https://github.com/square/ghostunnel/releases/download/v1.3.1/ghostunnel-v1.3.1-$krnl-amd64-with-pkcs11 -O ghostunnel
chmod +x ./ghostunnel
./ghostunnel client --listen localhost:12345 --target hsm-connector01.sthlm.in.yubico.org:8443 --keystore ./.ci/client-combined.pem --cacert ./.ci/server-crt.pem &
sleep 3
echo "started ghostunnel"
echo "BACKEND=$(curl http://localhost:12345/dispatcher/request)" >> $GITHUB_ENV
- name: Run device tests
if: ${{ env.BACKEND }}
run: |
echo Using backend $BACKEND
poetry run pytest -v --backend "$BACKEND" tests/device/
- name: Release HSM
if: ${{ always() && env.BACKEND }}
run: curl "http://localhost:12345/dispatcher/release?connector=$BACKEND"
sdist:
runs-on: ubuntu-latest
name: Build Python source .tar.gz
steps:
- uses: actions/checkout@v3
- name: Set up Python
uses: actions/setup-python@v4
with:
python-version: 3.x
- name: Build source package
run: |
python -m pip install --upgrade pip
python -m pip install poetry
poetry build
- name: Upload source package
uses: actions/upload-artifact@v1
with:
name: python-yubihsm-sdist
path: dist
docs:
runs-on: ubuntu-latest
name: Build sphinx documentation
steps:
- uses: actions/checkout@v3
- name: Set up Python
uses: actions/setup-python@v4
with:
python-version: 3.8
- name: Install python dependencies
run: |
python -m pip install --upgrade pip
python -m pip install poetry
poetry install -E http -E usb
- name: Build sphinx documentation
run: poetry run make -C docs/ html
- name: Upload documentation
uses: actions/upload-artifact@v1
with:
name: python-yubihsm-docs
path: docs/_build/html