Skip to content

Build manylinux 2.34 images #92

Build manylinux 2.34 images

Build manylinux 2.34 images #92

Workflow file for this run

name: Wheel Builder
permissions:
contents: read
on:
workflow_dispatch:
inputs:
version:
description: The version to build
required: true
push:
tags:
- '*.*.*'
pull_request:
paths:
- .github/workflows/wheel-builder.yml
- pyproject.toml
- setup.cfg
- setup.py
jobs:
manylinux:
runs-on: ${{ matrix.MANYLINUX.RUNNER }}
container:
image: ghcr.io/pyca/${{ matrix.MANYLINUX.CONTAINER }}
volumes:
- /staticnodehost:/staticnodecontainer:rw,rshared
- /staticnodehost:/__e/node20:ro,rshared
strategy:
matrix:
PYTHON:
- { VERSION: "cp37-cp37m", PATH: "/opt/python/cp311-cp311/bin/python", ABI_VERSION: 'cp37' }
MANYLINUX:
- { NAME: "manylinux2014_x86_64", CONTAINER: "cryptography-manylinux2014:x86_64", RUNNER: "ubuntu-latest" }
- { name: "manylinux_2_28_x86_64", CONTAINER: "cryptography-manylinux_2_28:x86_64", RUNNER: "ubuntu-latest" }
- { name: "manylinux_2_34_x86_64", CONTAINER: "cryptography-manylinux_2_34:x86_64", RUNNER: "ubuntu-latest" }
- { name: "musllinux_1_1_x86_64", CONTAINER: "cryptography-musllinux_1_1:x86_64", RUNNER: "ubuntu-latest" }
- { NAME: "manylinux2014_aarch64", CONTAINER: "cryptography-manylinux2014_aarch64", RUNNER: [self-hosted, Linux, ARM64] }
- { name: "manylinux_2_28_aarch64", CONTAINER: "cryptography-manylinux_2_28:aarch64", RUNNER: [self-hosted, Linux, ARM64] }
- { name: "manylinux_2_34_aarch64", CONTAINER: "cryptography-manylinux_2_34:aarch64", RUNNER: [self-hosted, Linux, ARM64] }
- { name: "musllinux_1_1_aarch64", CONTAINER: "cryptography-musllinux_1_1:aarch64", RUNNER: [self-hosted, Linux, ARM64] }
name: "${{ matrix.PYTHON.VERSION }} for ${{ matrix.MANYLINUX.NAME }}"
steps:
- name: Ridiculous-er workaround for static node20
run: |
cp -R /staticnode/* /staticnodecontainer/
- name: Ridiculous alpine workaround for actions support on arm64
run: |
# This modifies /etc/os-release so the JS actions
# from GH can't detect that it's on alpine:aarch64. It will
# then use a glibc nodejs, which works fine when gcompat
# is installed in the container (which it is)
sed -i "s:ID=alpine:ID=NotpineForGHA:" /etc/os-release
if: startsWith(matrix.MANYLINUX.NAME, 'musllinux') && endsWith(matrix.MANYLINUX.NAME, 'aarch64')
- uses: actions/checkout@v4.2.2
with:
# The tag to build or the tag received by the tag event
ref: ${{ github.event.inputs.version || github.ref }}
persist-credentials: false
- run: ${{ matrix.PYTHON.PATH }} -m venv .venv
- name: Install python dependencies
run: .venv/bin/pip install -U pip cffi wheel build
- run: |
mkdir tmpwheelhouse
LIBSODIUM_MAKE_ARGS="-j$(nproc)" .venv/bin/python -m build --wheel --config-setting=--build-option=--py-limited-api=${{ matrix.PYTHON.ABI_VERSION }}
mv dist/PyNaCl*.whl tmpwheelhouse/
- run: auditwheel repair --plat ${{ matrix.MANYLINUX.NAME }} tmpwheelhouse/PyNaCl*.whl -w wheelhouse/
- run: .venv/bin/pip install pynacl --no-index -f wheelhouse/
- run: |
.venv/bin/python -c "import nacl.signing; key = nacl.signing.SigningKey.generate();signature = key.sign(b'test'); key.verify_key.verify(signature)"
- run: mkdir pynacl-wheelhouse
- run: mv wheelhouse/PyNaCl*.whl pynacl-wheelhouse/
- uses: actions/upload-artifact@v4
with:
name: "pynacl-${{ github.event.inputs.version }}-${{ matrix.MANYLINUX.NAME }}-${{ matrix.PYTHON.VERSION }}"
path: pynacl-wheelhouse/
macos:
runs-on: macos-13
strategy:
matrix:
PYTHON:
- VERSION: '3.10'
ABI_VERSION: 'cp37'
DOWNLOAD_URL: 'https://www.python.org/ftp/python/3.10.1/python-3.10.1-macos11.pkg'
BIN_PATH: '/Library/Frameworks/Python.framework/Versions/3.10/bin/python3'
name: "Python ${{ matrix.PYTHON.VERSION }} for ABI ${{ matrix.PYTHON.ABI_VERSION }} on macOS"
steps:
- uses: actions/checkout@v4.2.2
with:
# The tag to build or the tag received by the tag event
ref: ${{ github.event.inputs.version || github.ref }}
persist-credentials: false
- run: |
curl "$PYTHON_DOWNLOAD_URL" -o python.pkg
sudo installer -pkg python.pkg -target /
env:
PYTHON_DOWNLOAD_URL: ${{ matrix.PYTHON.DOWNLOAD_URL }}
- run: ${{ matrix.PYTHON.BIN_PATH }} -m pip install -U virtualenv
- run: ${{ matrix.PYTHON.BIN_PATH }} -m virtualenv venv
- run: venv/bin/pip install -U pip wheel cffi build
- name: Build the wheel
run: |
mkdir wheelhouse
LIBSODIUM_MAKE_ARGS="-j$(sysctl -n hw.ncpu)" \
venv/bin/python -m build --wheel --config-setting=--build-option=--py-limited-api=${{ matrix.PYTHON.ABI_VERSION }}
mv dist/PyNaCl*.whl wheelhouse/
env:
PYTHON_VERSION: ${{ matrix.PYTHON.ABI_VERSION }}
MACOSX_DEPLOYMENT_TARGET: '10.10'
CFLAGS: '-arch arm64 -arch x86_64'
ARCHFLAGS: '-arch arm64 -arch x86_64'
_PYTHON_HOST_PLATFORM: 'macosx-10.9-universal2'
- run: venv/bin/pip install -f wheelhouse --no-index pynacl
- run: |
venv/bin/python -c "import nacl.signing; key = nacl.signing.SigningKey.generate();signature = key.sign(b'test'); key.verify_key.verify(signature)"
- run: mkdir pynacl-wheelhouse
- run: mv wheelhouse/PyNaCl*.whl pynacl-wheelhouse/
- uses: actions/upload-artifact@v4
with:
name: "pynacl-${{ github.event.inputs.version }}-macOS-${{ matrix.PYTHON.VERSION }}"
path: pynacl-wheelhouse/
windows:
runs-on: windows-latest
strategy:
matrix:
WINDOWS:
- {ARCH: 'x86', SODIUM_ARCH: 'Win32', VS_ARCH: 'x86'}
- {ARCH: 'x64', SODIUM_ARCH: 'x64', VS_ARCH: 'amd64'}
PYTHON:
- {VERSION: "3.9", SODIUM_MSVC_VERSION: "v142", "ABI_VERSION": "cp37"}
name: "${{ matrix.PYTHON.VERSION }} ${{ matrix.WINDOWS.ARCH }} ${{ matrix.PYTHON.ABI_VERSION }}"
steps:
- uses: actions/checkout@v4.2.2
with:
# The tag to build or the tag received by the tag event
ref: ${{ github.event.inputs.version || github.ref }}
persist-credentials: false
- name: Setup python
uses: actions/setup-python@v5
with:
python-version: ${{ matrix.PYTHON.VERSION }}
architecture: ${{ matrix.WINDOWS.ARCH }}
- name: Extract libsodium libraries
run: |
Expand-Archive src/libsodium-1.0.20-stable-msvc.zip -DestinationPath c:\
shell: powershell
- name: Add sodium to paths
run: |
echo "INCLUDE=C:/libsodium/include;$INCLUDE" >> $GITHUB_ENV
echo "LIB=C:/libsodium/${{ matrix.WINDOWS.SODIUM_ARCH }}/release/${{ matrix.PYTHON.SODIUM_MSVC_VERSION }}/static;$LIB" >> $GITHUB_ENV
shell: bash
- name: Install wheel and our Python dependencies
run: python -m pip install -U pip wheel cffi build
- name: Build the wheel
run: |
mkdir wheelhouse
call "C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\Common7\Tools\VsDevCmd.bat" -no_logo -arch=${{ matrix.WINDOWS.VS_ARCH }}
python -m build --wheel --config-setting=--build-option=--py-limited-api=${{ matrix.PYTHON.ABI_VERSION }}
mv dist/PyNaCl*.whl wheelhouse/
shell: cmd
env:
PYNACL_SODIUM_LIBRARY_NAME: sodium
PYNACL_SODIUM_STATIC: 1
SODIUM_INSTALL: system
- name: Test installing the wheel
run: pip install -f wheelhouse pynacl --no-index
- name: Test the installed wheel
run: |
python -c "import nacl.signing; key = nacl.signing.SigningKey.generate();signature = key.sign(b'test'); key.verify_key.verify(signature)"
- run: mkdir pynacl-wheelhouse
- run: move wheelhouse\PyNaCl*.whl pynacl-wheelhouse\
- uses: actions/upload-artifact@v4
with:
name: "pynacl-${{ github.event.inputs.version }}-win-${{ matrix.WINDOWS.ARCH }}-${{ matrix.PYTHON.VERSION }}"
path: pynacl-wheelhouse\