Commit Graph

298 Commits

Author SHA1 Message Date
Brett Cannon 481994078f
Restrict GITHUB_TOKEN permissions for the 'stale' workflow (GH-25564)
It should only need write-level permissions to pull requests.
2021-04-23 15:18:50 -07:00
Christian Heimes dcf658157d
bpo-38820: Test with OpenSSL 3.0.0-alpha15 (GH-25537)
Signed-off-by: Christian Heimes <christian@python.org>
2021-04-23 14:19:21 +02:00
Sviatoslav Sydorenko 077a2e7664
bpo-43888: Reduce coverage collection timeout to 1h40m in GHA (GH-25471)
Ref: 

Signed-off-by: Sviatoslav Sydorenko <webknjaz@redhat.com>
2021-04-20 10:22:26 -07:00
Christian Heimes 39258d3595
bpo-43669: PEP 644: Require OpenSSL 1.1.1 or newer (GH-23014)
- Remove HAVE_X509_VERIFY_PARAM_SET1_HOST check
- Update hashopenssl to require OpenSSL 1.1.1
- multissltests only OpenSSL > 1.1.0
- ALPN is always supported
- SNI is always supported
- Remove deprecated NPN code. Python wrappers are no-op.
- ECDH is always supported
- Remove OPENSSL_VERSION_1_1 macro
- Remove locking callbacks
- Drop PY_OPENSSL_1_1_API macro
- Drop HAVE_SSL_CTX_CLEAR_OPTIONS macro
- SSL_CTRL_GET_MAX_PROTO_VERSION is always defined now
- security level is always available now
- get_num_tickets is available with TLS 1.3
- X509_V_ERR MISMATCH is always available now
- Always set SSL_MODE_RELEASE_BUFFERS
- X509_V_FLAG_TRUSTED_FIRST is always available
- get_ciphers is always supported
- SSL_CTX_set_keylog_callback is always available
- Update Modules/Setup with static link example
- Mention PEP in whatsnew
- Drop 1.0.2 and 1.1.0 from GHA tests
2021-04-17 11:36:35 +02:00
Christian Heimes 8fa1489365
bpo-43811: Test multiple OpenSSL versions on GHA (GH-25360)
The new checks are only executed when one or more OpenSSL-related files are modified. The checks run a handful of networking and hashing test suites. All SSL checks are optional. This PR also introduces ccache to speed up compilation. In common cases it speeds up configure and compile time from about 90 seconds to less than 30 seconds.

Signed-off-by: Christian Heimes <christian@python.org>
2021-04-13 10:23:45 -07:00
Pablo Galindo 20ac34772a
Fix Sphinx errors in the documentation and re-activate the suspicious check (GH-25368)
The suspicious check is still executed as part of the release process and release managers have been
lately fixing some actual errors that the suspicious target can find. For this reason, reactivate the suspicious
until we decide what to do in a coordinated fashion.
2021-04-12 20:53:15 +01:00
Christian Heimes a54fc683f2
bpo-43631: Update to OpenSSL 1.1.1k (GH-25024)
- [x] Build OpenSSL 1.1.1k for macOS
- [x] Build OpenSSL 1.1.1k for Windows

I have also updated multissl tester and various CI configurations to use latest OpenSSL. The versions were all over the place.

Signed-off-by: Christian Heimes <christian@python.org>

Automerge-Triggered-By: GH:tiran
2021-03-29 17:00:34 -07:00
Christian Heimes f6c6b5821b
bpo-41561: Add workaround for Ubuntu's custom security level (GH-24915)
Ubuntu 20.04 comes with a patched OpenSSL 1.1.1. Default security level
2 blocks TLS 1.0 and 1.1 connections. Regular OpenSSL 1.1.1 builds allow
TLS 1.0 and 1.1 on security level 2.

See: 
See: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1899878
See: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1917625
Signed-off-by: Christian Heimes <christian@python.org>
2021-03-18 15:06:50 -07:00
Brandt Bucher 94894dd45e
Pin test runner to Ubuntu 18 to un-break CI (#24715) 2021-03-02 23:03:55 -08:00
dependabot[bot] 497b5649cf
build(deps): bump actions/cache from v2.1.3 to v2.1.4 (#24446)
Bumps [actions/cache](https://github.com/actions/cache) from v2.1.3 to v2.1.4.
- [Release notes](https://github.com/actions/cache/releases)
- [Commits](https://github.com/actions/cache/compare/v2.1.3...26968a09c0ea4f3e233fdddbafd1166051a095f6)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-02-04 12:57:10 -08:00
dependabot[bot] aa4caf9887
build(deps): bump actions/upload-artifact from v2.2.1 to v2.2.2 (GH-24411)
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from v2.2.1 to v2.2.2.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v2.2.1...e448a9b857ee2131e752b06002bf0e093c65e571)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-02-03 13:22:27 -08:00
Victor Stinner 9852cb3811
bpo-42955: Rename module_names to sys.stdlib_module_names (GH-24332)
* Rename _Py_module_names to _Py_stdlib_module_names.
* Rename Python/module_names.h to Python/stdlib_module_names.h.
2021-01-25 23:12:50 +01:00
Victor Stinner cad8020cb8
bpo-42955: Add Python/module_names.h (GH-24258)
Add a private list of all stdlib modules: _Py_module_names.

* Add Tools/scripts/generate_module_names.py script.
* Makefile: Add "make regen-module-names" command.
* setup.py: Add --list-module-names option.
* GitHub Action and Travis CI also runs "make regen-module-names",
  not ony "make regen-all", to ensure that the module names remains
  up to date.
2021-01-19 23:04:49 +01:00
Filipe Laíns 4ac923f275
bpo-42773: fix tests not being run on pushes (GH-24004)
There was a typo, we were checking if the "GITHUB_BASE_REF" string
literal was empty instead of the $GITHUB_BASE_REF value. When
$GITHUB_BASE_REF is empty, the action that triggered the run was not a
pull request, so we always run the full test suite.

Signed-off-by: Filipe Laíns <lains@riseup.net>
2020-12-30 06:53:58 -08:00
Ammar Askar 1031f23fc3
[workflow] Use MSVC problem matcher for Windows action build (GH-18532)
This makes warnings and errors from the compiler very prominent so this should help prevent warnings from sneaking into the code base and catch them in review. See https://discuss.python.org/t/using-github-problem-matchers-to-catch-warnings-early/4254 for more details

You can see a demo of this in action here: https://github.com/ammaraskar/cpython/pull/15/files#diff-9ba2eeca0f254ece0a9df4d7cb68e870

GCC and Sphinx matchers have previously been added in GH-18567 and GH-20325, respectively.
2020-12-28 12:28:40 -06:00
Mariatta 801165e1a9
Update Stale action message (GH-23791)
We don't close PRs after it becomes stale.
2020-12-15 18:36:33 -08:00
Mariatta 9cc8fa6ac8
Adding "stale" GitHub Action (GH-21247)
Adding "stale" GitHub Action

Added the "stale" GitHub action to the CPython repo.
PR's older than 30 days will be labeled as stale using the "stale-pr" label.

Closes https://github.com/python/core-workflow/issues/372

Co-authored-by: Brett Cannon <brett@python.org>
2020-12-15 11:58:43 -08:00
Pablo Galindo 85f1dedb8d
bpo-42545: Check that all symbols in the limited ABI are exported (GH-23616) 2020-12-04 22:05:58 +00:00
dependabot[bot] 8acd0e0d49
build(deps): bump actions/upload-artifact from v2.2.0 to v2.2.1 (GH-23583)
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from v2.2.0 to v2.2.1.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v2.2.0...726a6dcd0199f578459862705eed35cda05af50b)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2020-12-01 09:00:11 -06:00
dependabot[bot] a43fea8857
build(deps): bump actions/cache from v2.1.2 to v2.1.3 (23582)
Bumps [actions/cache](https://github.com/actions/cache) from v2.1.2 to v2.1.3.
- [Release notes](https://github.com/actions/cache/releases)
- [Commits](https://github.com/actions/cache/compare/v2.1.2...0781355a23dac32fd3bac414512f4b903437991a)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2020-12-01 08:59:12 -06:00
Julien Palard c9c6e9f89a
bpo-42238: Doc: Remove make suspicious from the CI and docs builds. (GH-23313)
It probably helped a lot a while back, but may not be as usefull
today.  We'll continue monitoring it before deletion, so true
positives can be migrated to rstlint.
2020-11-25 10:18:00 +01:00
Victor Stinner ac7d0169d2
bpo-42212: smelly.py also checks the dynamic library (GH-23423)
The smelly.py script now also checks the Python dynamic library and
extension modules, not only the Python static library. Make also the
script more verbose: explain what it does.

The GitHub Action job now builds Python with the libpython dynamic
library.
2020-11-24 13:38:08 +01:00
Filipe Laíns d20b7ed9c1
bpo-42212: Check if generated files are up-to-date in GitHub Actions (GH-23042)
See https: //github.com/python/core-workflow/issues/380

Signed-off-by: Filipe Laíns <lains@archlinux.org>
2020-11-20 15:14:16 +01:00
Steve Dower 2156d964a1
bpo-42336: Improve PCbuild batch files (GH-23275) 2020-11-18 17:24:36 +00:00
Victor Stinner 6e03c0ad15
GitHub Action: Add gdb to posix dependencies (GH-23043)
Sort also dependencies and remove duplicates (liblzma-dev).
2020-10-30 22:52:30 +01:00
dependabot[bot] a3c4ceffe6
build(deps): bump actions/upload-artifact from v1 to v2.2.0 (GH-22920)
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from v1 to v2.2.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/actions/upload-artifact/releases">actions/upload-artifact's releases</a>.</em></p>
<blockquote>
<h2>v2.2.0</h2>
<ul>
<li>Support for artifact retention</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="27bce4eee7"><code>27bce4e</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/actions/upload-artifact/issues/112">#112</a> from thboop/main</li>
<li><a href="f8b42f7ab4"><code>f8b42f7</code></a> update licensed files</li>
<li><a href="2106e8cf10"><code>2106e8c</code></a> update contributing.md</li>
<li><a href="db66798ebc"><code>db66798</code></a> Ignore Generated Files in Git PR's</li>
<li><a href="d359fd0772"><code>d359fd0</code></a> Manual Verification of licenses</li>
<li><a href="350822c32f"><code>350822c</code></a> Add Licensed Workflow and config</li>
<li><a href="abecf4abf4"><code>abecf4a</code></a> Updated README.md (<a href="https://github-redirect.dependabot.com/actions/upload-artifact/issues/118">#118</a>)</li>
<li><a href="604e071d21"><code>604e071</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/actions/upload-artifact/issues/126">#126</a> from yacaovsnc/main</li>
<li><a href="4560c23b39"><code>4560c23</code></a> Check for invalid retention-days input</li>
<li><a href="59018c2f85"><code>59018c2</code></a> Add an option to specify retention period</li>
<li>Additional commits viewable in <a href="https://github.com/actions/upload-artifact/compare/v1...27bce4eee761b5bc643f46a8dfb41b430c8d05f6">compare view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)


</details>

Automerge-Triggered-By: GH:Mariatta
2020-10-23 14:32:12 -07:00
dependabot[bot] cd0edbc716
build(deps): bump actions/cache from v1 to v2.1.2 (GH-22919)
Bumps [actions/cache](https://github.com/actions/cache) from v1 to v2.1.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/actions/cache/releases">actions/cache's releases</a>.</em></p>
<blockquote>
<h2>v2.1.2</h2>
<ul>
<li>Adds input to limit the chunk upload size, useful for self-hosted runners with slower upload speeds</li>
<li>No-op when executing on GHES</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="d1255ad936"><code>d1255ad</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/actions/cache/issues/424">#424</a> from actions/dhadka/upload-chunk-size</li>
<li><a href="68cfb2ccb7"><code>68cfb2c</code></a> Add units to description</li>
<li><a href="cce3c03a74"><code>cce3c03</code></a> Add new input to action.yml</li>
<li><a href="4bceb75b5b"><code>4bceb75</code></a> Use parseInt instead of Number to handle empty strings</li>
<li><a href="a6f1f4b32e"><code>a6f1f4b</code></a> Adds input for upload chunk size</li>
<li><a href="d606e039ae"><code>d606e03</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/actions/cache/issues/421">#421</a> from actions/dhadka/ghes</li>
<li><a href="d3e4f218f3"><code>d3e4f21</code></a> Use warning instead of info</li>
<li><a href="55a5894438"><code>55a5894</code></a> Update dist</li>
<li><a href="3f6dfcbcc4"><code>3f6dfcb</code></a> Merge branch 'main' of <a href="http://github.com/actions/cache">http://github.com/actions/cache</a> into dhadka/ghes</li>
<li><a href="0f71d4ac9a"><code>0f71d4a</code></a> Add tests for isGhes</li>
<li>Additional commits viewable in <a href="https://github.com/actions/cache/compare/v1...d1255ad9362389eac595a9ae406b8e8cb3331f16">compare view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)


</details>

Automerge-Triggered-By: GH:Mariatta
2020-10-23 14:29:41 -07:00
Victor Stinner eaa551702d
bpo-40548: Fix "Check for source changes (pull_request)" GH Action job (GH-21806)
On Git 2.28, "git diff master..." (3 dots) no longer works when
"fetch --depth=1" is used, whereas it works on Git 2.26.

Replace "..." (3 dots) with ".." (2 dots) in the "git diff" command
computing the list of modified files between the base branch and the
PR branch.
2020-08-10 18:36:59 +02:00
Ammar Askar 5552850f8e
[workflow] Use gcc problem matcher for Ubuntu action build (GH-18567) 2020-06-06 12:21:46 +01:00
lrjball d9c1f19919
bpo-40474: Updated coverage.yml to better report coverage stats (#19851)
Currently modules which are imported early are misreported in coverage. A fix is documented in the devguide, but the fix wasn't being used in CI.
2020-05-28 11:51:44 -07:00
Ammar Askar 2602d97a0a
[workflow] Use Sphinx problem matcher on GitHub docs builds (GH-20325) 2020-05-25 22:32:24 +01:00
Hugo van Kemenade 7fbe65dbc4
Use v2 of GitHub Actions where available (GH-20232)
Automerge-Triggered-By: @Mariatta
2020-05-20 09:38:41 -07:00
Hugo van Kemenade c105f7d895
Enable GitHub Actions for 3.9 branch (GH-20231) 2020-05-19 19:01:32 +02:00
Filipe Laíns c444108dd6
bpo-40548: Github Actions: update actions/checkout to v2 (GH-20164)
Signed-off-by: Filipe Laíns <lains@archlinux.org>
2020-05-18 14:52:45 +02:00
Paul Ganssle 62972d9d73
bpo-40503: PEP 615: Tests and implementation for zoneinfo (GH-19909)
This is the initial implementation of PEP 615, the zoneinfo module,
ported from the standalone reference implementation (see
https://www.python.org/dev/peps/pep-0615/#reference-implementation for a
link, which has a more detailed commit history).

This includes (hopefully) all functional elements described in the PEP,
but documentation is found in a separate PR. This includes:

1. A pure python implementation of the ZoneInfo class
2. A C accelerated implementation of the ZoneInfo class
3. Tests with 100% branch coverage for the Python code (though C code
   coverage is less than 100%).
4. A compile-time configuration option on Linux (though not on Windows)

Differences from the reference implementation:

- The module is arranged slightly differently: the accelerated module is
  `_zoneinfo` rather than `zoneinfo._czoneinfo`, which also necessitates
  some changes in the test support function. (Suggested by Victor
  Stinner and Steve Dower.)
- The tests are arranged slightly differently and do not include the
  property tests. The tests live at test/test_zoneinfo/test_zoneinfo.py
  rather than test/test_zoneinfo.py or test/test_zoneinfo/__init__.py
  because we may do some refactoring in the future that would likely
  require this separation anyway; we may:
        - include the property tests
        - automatically run all the tests against both pure Python and C,
          rather than manually constructing C and Python test classes (similar
          to the way this works with test_datetime.py, which generates C
          and Python test cases from datetimetester.py).
- This includes a compile-time configuration option on Linux (though not
  on Windows); added with much help from Thomas Wouters.
- Integration into the CPython build system is obviously different from
  building a standalone zoneinfo module wheel.
- This includes configuration to install the tzdata package as part of
  CI, though only on the coverage jobs. Introducing a PyPI dependency as
  part of the CI build was controversial, and this is seen as less of a
  major change, since the coverage jobs already depend on pip and PyPI.

Additional changes that were introduced as part of this PR, most / all of
which were backported to the reference implementation:

- Fixed reference and memory leaks

    With much debugging help from Pablo Galindo

- Added smoke tests ensuring that the C and Python modules are built

    The import machinery can be somewhat fragile, and the "seamlessly falls
    back to pure Python" nature of this module makes it so that a problem
    building the C extension or a failure to import the pure Python version
    might easily go unnoticed.

- Adjustments to zoneinfo.__dir__

    Suggested by Petr Viktorin.

- Slight refactorings as suggested by Steve Dower.

- Removed unnecessary if check on std_abbr

    Discovered this because of a missing line in branch coverage.
2020-05-16 10:20:06 +02:00
Filipe Laíns 6a78589b6b
bpo-40548: github actions: pass the changes check on no source changes (GH-20097)
Signed-off-by: Filipe Laíns <lains@archlinux.org>
2020-05-15 04:08:21 +02:00
Filipe Laíns 75d7257b20
bpo-40548: GitHub Action workflow: skip jobs on doc only PRs (GH-19983)
Signed-off-by: Filipe Laíns <lains@archlinux.org>
2020-05-15 00:11:40 +02:00
Victor Stinner 4e363761fc
bpo-40548: Always run GitHub action, even on doc PRs (GH-19981)
Always run GitHub action jobs, even on documentation-only pull
requests. So it will be possible to make a GitHub action job, like
the Windows (64-bit) job, mandatory.
2020-05-07 22:42:14 +02:00
Pablo Galindo 3f8a58b7ef
PEP 617: Only run the CI with the new parser (GH-19664) 2020-04-23 00:06:03 +01:00
Pablo Galindo c5fc156852
bpo-40334: PEP 617 implementation: New PEG parser for CPython (GH-19503)
Co-authored-by: Guido van Rossum <guido@python.org>
Co-authored-by: Lysandros Nikolaou <lisandrosnik@gmail.com>
2020-04-22 23:29:27 +01:00
Victor Stinner 1767a0490f
bpo-40146: Update OpenSSL to 1.1.1f in Azure Pipelines (GH-19320)
Update also OpenSSL version in Ubuntu and Coverage jobs.
2020-04-03 03:05:10 +02:00
Steve Dower 2dd41740c9
bpo-39930: Ensure vcruntime140.dll is included in all Windows packages (GH-18918)
Also adds GitHub CI test for Windows installer changes
2020-03-11 11:18:12 +00:00
Ammar Askar 766b7546a5
bpo-39704: Explicitly pass the path to codecov config (GH-18680) 2020-02-27 15:08:30 -08:00
Ammar Askar 6aa1f1ecf7
bpo-39699: Don't silence make on Azure and Github CIs (GH-18583) 2020-02-26 19:21:41 +00:00
Pablo Galindo 6aabb63d96
Run doctests in GitHub actions Docs targer (GH-18041) 2020-01-17 23:44:38 +00:00
Steve Dower b1ce22d086 bpo-39041: Fix coverage upload command for GitHub Actions (GH-17873)
https://bugs.python.org/issue39041



Automerge-Triggered-By: @zooba
2020-01-06 13:23:10 -08:00
Steve Dower 6a263cf1ad
bpo-39041: Add GitHub Actions badge to README.rst (GH-17628)
Also skip build for doc-only changes and enable on push
2019-12-16 11:15:08 -08:00
Steve Dower a76ba362c4
bpo-39041: Add GitHub Actions support (GH-17594) 2019-12-16 10:35:22 -08:00