gh-136728: Refactor build.yml CI config and multissltests.py#143940
gh-136728: Refactor build.yml CI config and multissltests.py#143940hugovk wants to merge 23 commits intopython:mainfrom
Conversation
This reverts commit 1fcb49f.
Co-authored-by: Adam Turner <9087854+AA-Turner@users.noreply.github.com>
| CMD=(./configure CFLAGS="-fdiagnostics-format=json" --config-cache --enable-slower-safety --with-pydebug --with-openssl="$SSL_DIR") | ||
| if [ "${{ matrix.ssl }}" = "openssl" ]; then | ||
| "${CMD[@]}" | ||
| else | ||
| "${CMD[@]}" --with-builtin-hashlib-hashes=blake2 --with-ssl-default-suites=openssl | ||
| fi |
There was a problem hiding this comment.
| CMD=(./configure CFLAGS="-fdiagnostics-format=json" --config-cache --enable-slower-safety --with-pydebug --with-openssl="$SSL_DIR") | |
| if [ "${{ matrix.ssl }}" = "openssl" ]; then | |
| "${CMD[@]}" | |
| else | |
| "${CMD[@]}" --with-builtin-hashlib-hashes=blake2 --with-ssl-default-suites=openssl | |
| fi | |
| ./configure | |
| CFLAGS="-fdiagnostics-format=json" | |
| --config-cache | |
| --enable-slower-safety | |
| --with-pydebug | |
| --with-openssl="$SSL_DIR" | |
| ${CONFIGURE_TRAILING_ARGS} |
There was a problem hiding this comment.
I prefer the if/else approach. I do not like the notion of 'trailing' args.
There was a problem hiding this comment.
Then the steps would need to be separate so the logs are usable/inspectable and it's surfaced.
|
|
||
| @property | ||
| @abstractmethod | ||
| def library(self=None): |
There was a problem hiding this comment.
So as I said previously, we should just have annotated properties. It will complain at runtime if we are missing one.
There was a problem hiding this comment.
Please could you make GH suggestions here, or a PR to my branch?
There was a problem hiding this comment.
I am sorry I am on mobile only (I am travelling) so I cannot do it easily :(
Co-authored-by: Bénédikt Tran <10796600+picnixz@users.noreply.github.com>
|
There was a new round of OpenSSL updates on 2026-01-27. |
|
I've opened #144551 to track updates to the January 2026 OpenSSL releases. |
|
Bumped patch versions following #144794. |
| - name: Install OpenSSL | ||
| if: steps.cache-openssl.outputs.cache-hit != 'true' | ||
| run: python3 Tools/ssl/multissltests.py --steps=library --base-directory "$MULTISSL_DIR" --openssl "$OPENSSL_VER" --system Linux | ||
| run: python3 Tools/ssl/multissltests.py --steps=library --base-directory "$MULTISSL_DIR" --ssl openssl --ssl-versions "$OPENSSL_VER" --system Linux |
There was a problem hiding this comment.
I think a better UX would be something like
| run: python3 Tools/ssl/multissltests.py --steps=library --base-directory "$MULTISSL_DIR" --ssl openssl --ssl-versions "$OPENSSL_VER" --system Linux | |
| run: python3 Tools/ssl/multissltests.py --steps=library --base-directory "$MULTISSL_DIR" --ssl-targets='openssl:${OPENSSL_VER}" --system Linux |
since the project and its version are coupled (maybe use == instead of :, I suppose)
| --with-builtin-hashlib-hashes=blake2 \ | ||
| --with-ssl-default-suites=openssl | ||
| CMD=(./configure CFLAGS="-fdiagnostics-format=json" --config-cache --enable-slower-safety --with-pydebug --with-openssl="$SSL_DIR") | ||
| if [ "${{ matrix.ssl }}" = "openssl" ]; then |
There was a problem hiding this comment.
Remember that interpolation in GHA is dangerous and Zizmor will be unhappy — such things must go into env vars.
There was a problem hiding this comment.
Hmm, Zizmor was happy with this: https://github.com/python/cpython/actions/runs/22004982988/job/63586538110?pr=143940#step:3:151
Perhaps this is a feature request for Zizmor?
5 participants
Continuation of #136729.
Original description:
Notes
Please see #136728. Changes to
build.ymlare directly adapted from @hugovk's proof-of-concept here.Testing