Commit Graph

165 Commits

Author SHA1 Message Date
Christian Heimes cc7c680194
bpo-38820: Test with OpenSSL 3.0.0 final (GH-28205)
Signed-off-by: Christian Heimes <christian@python.org>
2021-09-07 19:04:55 +02:00
Pablo Galindo Salgado 6beaf2ffae
Check that 'configure' is generated by GNU Autoconf 2.69 (GH-28152) 2021-09-04 15:20:38 +01:00
Eric Snow 044e8d866f
bpo-45019: Add a tool to generate list of modules to include for frozen modules (gh-27980)
Frozen modules must be added to several files in order to work properly. Before this change this had to be done manually. Here we add a tool to generate the relevant lines in those files instead. This helps us avoid mistakes and omissions.

https://bugs.python.org/issue45019
2021-08-30 17:25:11 -06:00
Steve Dower d3bdbbf9a4
bpo-45007: Update to OpenSSL 1.1.1l in Windows build and CI (GH-28009) 2021-08-29 16:18:57 +02:00
Serhiy Storchaka 058fb35b57
bpo-44854: Remove trailing whitespaces (GH-27689) 2021-08-09 21:32:54 +03:00
dependabot[bot] db3774d063
build(deps): bump actions/stale from 3 to 4 (#27526)
Bumps [actions/stale](https://github.com/actions/stale) from 3 to 4.
- [Release notes](https://github.com/actions/stale/releases)
- [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/stale/compare/v3...v4)

Signed-off-by: dependabot[bot] <support@github.com>
2021-08-02 18:04:18 +02:00
Pablo Galindo Salgado 7cad0bee80
Fail the CI if an optional module fails to compile (GH-27466) 2021-07-30 16:21:09 +02:00
Pablo Galindo Salgado 851cca8c22
Add missing gdbm dependencies to the UNIX CI (GH-27467) 2021-07-29 22:42:21 +01:00
Ken Jin d61b69f02d
Add windows build.bat counterpart for 'make regen-all' in error message (GH-26770) 2021-07-26 23:09:30 -04:00
Łukasz Langa 311ee83adb
Replace @ilevkivskyi with @Fidget-Spinner as typing code owner (#27210) 2021-07-17 11:21:31 +02:00
dependabot[bot] 171d529a95
build(deps): bump actions/upload-artifact from 2.2.3 to 2.2.4 (#26979)
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 2.2.3 to 2.2.4.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v2.2.3...v2.2.4)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-07-12 13:29:13 +02:00
Christian Heimes 44fb551499
bpo-38820: Test with OpenSSL 3.0.0-beta1 (GH-26769)
Signed-off-by: Christian Heimes <christian@python.org>
2021-06-19 11:08:41 +02:00
Pablo Galindo f82262b186
Run address sanitiser in the GitHub CI (GH-26640) 2021-06-10 18:47:53 +01:00
Julien Palard 227a09325e
bpo-42238: Doc CI: Disable suspicious checks. (GH-26575)
They are slow and raise too many false positive, I'm in the slow
process to try to change this.
2021-06-08 09:22:58 +02:00
Christian Heimes 6ab65c670d
Removing myself from ssl code ownership (GH-26529)
I'm taking a break.

Signed-off-by: Christian Heimes <christian@python.org>
2021-06-04 15:01:31 +02:00
dependabot[bot] 8916633b76
build(deps): bump actions/cache from 2.1.5 to 2.1.6 (GH-26476)
Bumps [actions/cache](https://github.com/actions/cache) from 2.1.5 to 2.1.6.
- [Release notes](https://github.com/actions/cache/releases)
- [Commits](https://github.com/actions/cache/compare/v2.1.5...v2.1.6)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-06-02 14:34:45 -03:00
Christian Heimes 7109624d45
bpo-38820: Test with OpenSSL 3.0.0-alpha17 (#26266) 2021-05-20 16:46:38 +02:00
Marcono1234 4d396e7d79
Update link in SECURITY.md (GH-21320) 2021-05-19 21:52:25 -04:00
Hugo van Kemenade 24ccc89547
Enable GitHub Actions on the 3.10 branch (GH-26242) 2021-05-19 16:14:37 +01:00
Christian Heimes e8525567dd
bpo-38820: Test with OpenSSL 3.0.0-alpha16 (GH-25942)
Also use new make target to install FIPS provider.
2021-05-06 16:30:12 +02:00
dependabot[bot] d783ce789d
build(deps): bump actions/cache from v2.1.4 to v2.1.5 (#25773)
Bumps [actions/cache](https://github.com/actions/cache) from v2.1.4 to v2.1.5.
- [Release notes](https://github.com/actions/cache/releases)
- [Commits](https://github.com/actions/cache/compare/v2.1.4...1a9e2138d905efd099035b49d8b7a3888c653ca8)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-05-04 03:09:51 +02:00
dependabot[bot] e68e3b7e53
build(deps): bump actions/upload-artifact from v2.2.2 to v2.2.3 (#25772)
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from v2.2.2 to v2.2.3.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v2.2.2...ee69f02b3dfdecd58bb31b4d133da38ba6fe3700)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-05-04 03:09:34 +02:00
Pablo Galindo 2fc857a572
Update CI files to account for the master -> main rename (GH-25860) 2021-05-03 23:36:55 +01:00
Brandt Bucher 29282b2825
Fix broken name in build.yml (GH-25759) 2021-05-01 15:02:30 -07:00
Ammar Askar 726c931b38
bpo-43888: Remove coverage builds from CI (GH-25679)
The coverage builds were consistently timing out in CI, suggesting that people were not reviewing the uploaded reports.
2021-04-30 14:04:40 -07:00
Brett Cannon 481994078f
Restrict GITHUB_TOKEN permissions for the 'stale' workflow (GH-25564)
It should only need write-level permissions to pull requests.
2021-04-23 15:18:50 -07:00
Christian Heimes dcf658157d
bpo-38820: Test with OpenSSL 3.0.0-alpha15 (GH-25537)
Signed-off-by: Christian Heimes <christian@python.org>
2021-04-23 14:19:21 +02:00
Sviatoslav Sydorenko 077a2e7664
bpo-43888: Reduce coverage collection timeout to 1h40m in GHA (GH-25471)
Ref: 

Signed-off-by: Sviatoslav Sydorenko <webknjaz@redhat.com>
2021-04-20 10:22:26 -07:00
Christian Heimes 39258d3595
bpo-43669: PEP 644: Require OpenSSL 1.1.1 or newer (GH-23014)
- Remove HAVE_X509_VERIFY_PARAM_SET1_HOST check
- Update hashopenssl to require OpenSSL 1.1.1
- multissltests only OpenSSL > 1.1.0
- ALPN is always supported
- SNI is always supported
- Remove deprecated NPN code. Python wrappers are no-op.
- ECDH is always supported
- Remove OPENSSL_VERSION_1_1 macro
- Remove locking callbacks
- Drop PY_OPENSSL_1_1_API macro
- Drop HAVE_SSL_CTX_CLEAR_OPTIONS macro
- SSL_CTRL_GET_MAX_PROTO_VERSION is always defined now
- security level is always available now
- get_num_tickets is available with TLS 1.3
- X509_V_ERR MISMATCH is always available now
- Always set SSL_MODE_RELEASE_BUFFERS
- X509_V_FLAG_TRUSTED_FIRST is always available
- get_ciphers is always supported
- SSL_CTX_set_keylog_callback is always available
- Update Modules/Setup with static link example
- Mention PEP in whatsnew
- Drop 1.0.2 and 1.1.0 from GHA tests
2021-04-17 11:36:35 +02:00
Christian Heimes 8fa1489365
bpo-43811: Test multiple OpenSSL versions on GHA (GH-25360)
The new checks are only executed when one or more OpenSSL-related files are modified. The checks run a handful of networking and hashing test suites. All SSL checks are optional. This PR also introduces ccache to speed up compilation. In common cases it speeds up configure and compile time from about 90 seconds to less than 30 seconds.

Signed-off-by: Christian Heimes <christian@python.org>
2021-04-13 10:23:45 -07:00
Pablo Galindo 20ac34772a
Fix Sphinx errors in the documentation and re-activate the suspicious check (GH-25368)
The suspicious check is still executed as part of the release process and release managers have been
lately fixing some actual errors that the suspicious target can find. For this reason, reactivate the suspicious
until we decide what to do in a coordinated fashion.
2021-04-12 20:53:15 +01:00
Chris Withers 06e971fc0e
try and get a peak at mock-related PRs before they land (#25356) 2021-04-12 10:44:42 +01:00
Christian Heimes a54fc683f2
bpo-43631: Update to OpenSSL 1.1.1k (GH-25024)
- [x] Build OpenSSL 1.1.1k for macOS
- [x] Build OpenSSL 1.1.1k for Windows

I have also updated multissl tester and various CI configurations to use latest OpenSSL. The versions were all over the place.

Signed-off-by: Christian Heimes <christian@python.org>

Automerge-Triggered-By: GH:tiran
2021-03-29 17:00:34 -07:00
Christian Heimes f6c6b5821b
bpo-41561: Add workaround for Ubuntu's custom security level (GH-24915)
Ubuntu 20.04 comes with a patched OpenSSL 1.1.1. Default security level
2 blocks TLS 1.0 and 1.1 connections. Regular OpenSSL 1.1.1 builds allow
TLS 1.0 and 1.1 on security level 2.

See: 
See: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1899878
See: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1917625
Signed-off-by: Christian Heimes <christian@python.org>
2021-03-18 15:06:50 -07:00
Brandt Bucher 94894dd45e
Pin test runner to Ubuntu 18 to un-break CI (#24715) 2021-03-02 23:03:55 -08:00
dependabot[bot] 497b5649cf
build(deps): bump actions/cache from v2.1.3 to v2.1.4 (#24446)
Bumps [actions/cache](https://github.com/actions/cache) from v2.1.3 to v2.1.4.
- [Release notes](https://github.com/actions/cache/releases)
- [Commits](https://github.com/actions/cache/compare/v2.1.3...26968a09c0ea4f3e233fdddbafd1166051a095f6)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-02-04 12:57:10 -08:00
Mariatta Wijaya d30951d4ff
Fix dependabot.yml file (GH-24443)
The `target-branch` field doesn't seem to support array.
Since it defaults to the default branch anyway, we should just remove the `target-branch` field from the config.
2021-02-04 11:22:34 -08:00
dependabot[bot] aa4caf9887
build(deps): bump actions/upload-artifact from v2.2.1 to v2.2.2 (GH-24411)
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from v2.2.1 to v2.2.2.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v2.2.1...e448a9b857ee2131e752b06002bf0e093c65e571)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-02-03 13:22:27 -08:00
Victor Stinner 9852cb3811
bpo-42955: Rename module_names to sys.stdlib_module_names (GH-24332)
* Rename _Py_module_names to _Py_stdlib_module_names.
* Rename Python/module_names.h to Python/stdlib_module_names.h.
2021-01-25 23:12:50 +01:00
Victor Stinner cad8020cb8
bpo-42955: Add Python/module_names.h (GH-24258)
Add a private list of all stdlib modules: _Py_module_names.

* Add Tools/scripts/generate_module_names.py script.
* Makefile: Add "make regen-module-names" command.
* setup.py: Add --list-module-names option.
* GitHub Action and Travis CI also runs "make regen-module-names",
  not ony "make regen-all", to ensure that the module names remains
  up to date.
2021-01-19 23:04:49 +01:00
Filipe Laíns 4ac923f275
bpo-42773: fix tests not being run on pushes (GH-24004)
There was a typo, we were checking if the "GITHUB_BASE_REF" string
literal was empty instead of the $GITHUB_BASE_REF value. When
$GITHUB_BASE_REF is empty, the action that triggered the run was not a
pull request, so we always run the full test suite.

Signed-off-by: Filipe Laíns <lains@riseup.net>
2020-12-30 06:53:58 -08:00
Ammar Askar 1031f23fc3
[workflow] Use MSVC problem matcher for Windows action build (GH-18532)
This makes warnings and errors from the compiler very prominent so this should help prevent warnings from sneaking into the code base and catch them in review. See https://discuss.python.org/t/using-github-problem-matchers-to-catch-warnings-early/4254 for more details

You can see a demo of this in action here: https://github.com/ammaraskar/cpython/pull/15/files#diff-9ba2eeca0f254ece0a9df4d7cb68e870

GCC and Sphinx matchers have previously been added in GH-18567 and GH-20325, respectively.
2020-12-28 12:28:40 -06:00
Batuhan Taskaya a9ef95b811
GH: Add isidentical to the CODEOWNERS (GH-23923) 2020-12-24 14:30:46 +03:00
Mariatta 801165e1a9
Update Stale action message (GH-23791)
We don't close PRs after it becomes stale.
2020-12-15 18:36:33 -08:00
Mariatta 9cc8fa6ac8
Adding "stale" GitHub Action (GH-21247)
Adding "stale" GitHub Action

Added the "stale" GitHub action to the CPython repo.
PR's older than 30 days will be labeled as stale using the "stale-pr" label.

Closes https://github.com/python/core-workflow/issues/372

Co-authored-by: Brett Cannon <brett@python.org>
2020-12-15 11:58:43 -08:00
Mariatta 0603f8087a
Let dependabot create PRs against the maintenance branches (GH-22992)
With this, we don't have to manually trigger backport whenever there is update to GitHub Actions dependencies.
2020-12-15 11:04:55 -08:00
Pablo Galindo 85f1dedb8d
bpo-42545: Check that all symbols in the limited ABI are exported (GH-23616) 2020-12-04 22:05:58 +00:00
dependabot[bot] 8acd0e0d49
build(deps): bump actions/upload-artifact from v2.2.0 to v2.2.1 (GH-23583)
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from v2.2.0 to v2.2.1.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v2.2.0...726a6dcd0199f578459862705eed35cda05af50b)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2020-12-01 09:00:11 -06:00
dependabot[bot] a43fea8857
build(deps): bump actions/cache from v2.1.2 to v2.1.3 (23582)
Bumps [actions/cache](https://github.com/actions/cache) from v2.1.2 to v2.1.3.
- [Release notes](https://github.com/actions/cache/releases)
- [Commits](https://github.com/actions/cache/compare/v2.1.2...0781355a23dac32fd3bac414512f4b903437991a)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2020-12-01 08:59:12 -06:00
Julien Palard c9c6e9f89a
bpo-42238: Doc: Remove make suspicious from the CI and docs builds. (GH-23313)
It probably helped a lot a while back, but may not be as usefull
today.  We'll continue monitoring it before deletion, so true
positives can be migrated to rstlint.
2020-11-25 10:18:00 +01:00