Improve shared ssl context #659
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
push: | |
branches: | |
- main | |
pull_request: | |
permissions: "read-all" | |
concurrency: | |
group: ci-${{ github.ref_name }} | |
cancel-in-progress: true | |
defaults: | |
run: | |
shell: bash | |
jobs: | |
package: | |
runs-on: ubuntu-latest | |
timeout-minutes: 10 | |
steps: | |
- name: "Checkout repository" | |
uses: "actions/checkout@d632683dd7b4114ad314bca15554477dd762a938" | |
- name: "Setup Python" | |
uses: "actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3" | |
with: | |
python-version: "3.x" | |
cache: "pip" | |
- name: "Check packages" | |
run: | | |
python -m pip install -U pip setuptools wheel build twine rstcheck | |
python -m build | |
rstcheck CHANGES.rst | |
python -m twine check dist/* | |
test: | |
strategy: | |
fail-fast: false | |
matrix: | |
python-version: ["3.7", "3.8", "3.9", "3.10", "3.11", "3.12", "3.13"] | |
os: | |
- macos-13 | |
- windows-2022 | |
- ubuntu-20.04 # OpenSSL 1.1.1 | |
- ubuntu-22.04 # OpenSSL 3.0 | |
nox-session: [''] | |
include: | |
- experimental: false | |
traefik-server: true | |
- traefik-server: false | |
nox-session: test_ssl_large_resources-3.7 | |
python-version: "3.7" | |
os: windows-2022 | |
experimental: false | |
- traefik-server: false | |
nox-session: test_ssl_large_resources-3.9 | |
python-version: "3.9" | |
os: windows-2022 | |
experimental: false | |
- traefik-server: false | |
nox-session: test_ssl_large_resources-3.13 | |
python-version: "3.13" | |
os: windows-2022 | |
experimental: false | |
- traefik-server: false | |
nox-session: test_ssl_large_resources-3.7 | |
python-version: "3.7" | |
os: ubuntu-20.04 | |
experimental: false | |
- traefik-server: false | |
nox-session: test_ssl_large_resources-3.9 | |
python-version: "3.9" | |
os: ubuntu-22.04 | |
experimental: false | |
- traefik-server: false | |
nox-session: test_ssl_large_resources-3.13 | |
python-version: "3.13" | |
os: ubuntu-22.04 | |
experimental: false | |
- experimental: true | |
python-version: "3.14" | |
os: ubuntu-22.04 | |
traefik-server: true | |
- experimental: true | |
python-version: "3.14" | |
os: macos-13 | |
traefik-server: true | |
- experimental: true | |
python-version: "3.14" | |
os: windows-2022 | |
traefik-server: true | |
- python-version: "pypy-3.7" | |
os: ubuntu-22.04 | |
experimental: false | |
nox-session: test-pypy | |
- python-version: "pypy-3.8" | |
os: ubuntu-22.04 | |
experimental: false | |
nox-session: test-pypy | |
traefik-server: true | |
- python-version: "pypy-3.9-v7.3.13" # urllib3#3308 | |
os: ubuntu-22.04 | |
experimental: false | |
nox-session: test-pypy | |
traefik-server: true | |
- python-version: "pypy-3.10" | |
os: ubuntu-22.04 | |
experimental: false | |
nox-session: test-pypy | |
traefik-server: true | |
- python-version: "3.x" | |
os: ubuntu-22.04 | |
experimental: false | |
nox-session: test_brotlipy | |
# Test CPython with a broken hostname_checks_common_name (the fix is in 3.9.3) | |
- python-version: "3.9.2" | |
os: ubuntu-20.04 # CPython 3.9.2 is not available for ubuntu-22.04. | |
experimental: false | |
nox-session: test-3.9 | |
exclude: | |
# Ubuntu 22.04 comes with OpenSSL 3.0, so only CPython 3.9+ is compatible with it | |
# https://github.com/python/cpython/issues/83001 | |
- python-version: "3.7" | |
os: ubuntu-22.04 | |
- python-version: "3.8" | |
os: ubuntu-22.04 | |
runs-on: ${{ matrix.os }} | |
name: ${{ fromJson('{"macos-13":"macOS","windows-2022":"Windows","ubuntu-20.04":"Ubuntu 20.04 (OpenSSL 1.1.1)","ubuntu-22.04":"Ubuntu 22 (OpenSSL 3+)"}')[matrix.os] }} ${{ matrix.python-version }} ${{ matrix.nox-session }} | |
continue-on-error: ${{ matrix.experimental }} | |
timeout-minutes: 60 | |
steps: | |
- name: "Checkout repository" | |
uses: "actions/checkout@d632683dd7b4114ad314bca15554477dd762a938" | |
- name: "Traefik: Prerequisites - Colima (MacOS)" | |
if: ${{ matrix.traefik-server && contains(matrix.os, 'mac') }} | |
uses: douglascamata/setup-docker-macos-action@4fe96839fcba8a2d746e020d00a89a37afbc7dc9 | |
with: | |
colima-network-address: true | |
- name: "Colima VM List (MacOS)" | |
if: ${{ matrix.traefik-server && contains(matrix.os, 'mac') }} | |
run: colima list | |
- name: "Setup Python ${{ matrix.python-version }}" | |
uses: "actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3" | |
with: | |
python-version: ${{ matrix.python-version }} | |
allow-prereleases: true | |
- name: "Install dependencies" | |
run: python -m pip install --upgrade pip setuptools nox | |
- name: "Run tests" | |
run: ./ci/run_tests.sh | |
env: | |
PYTHON_VERSION: ${{ matrix.python-version }} | |
NOX_SESSION: ${{ matrix.nox-session }} | |
TRAEFIK_HTTPBIN_ENABLE: ${{ matrix.traefik-server }} | |
# on MacOS, the Colima VM is located at "192.168.106.2" by default. | |
TRAEFIK_HTTPBIN_IPV4: ${{ contains(matrix.os, 'mac') && '192.168.65.2' || '127.0.0.1' }} | |
- name: "Upload artifact" | |
uses: "actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce" | |
with: | |
name: coverage-data | |
path: ".coverage.*" | |
if-no-files-found: error | |
coverage: | |
if: always() | |
runs-on: "ubuntu-latest" | |
needs: test | |
steps: | |
- name: "Checkout repository" | |
uses: "actions/checkout@d632683dd7b4114ad314bca15554477dd762a938" | |
- name: "Setup Python" | |
uses: "actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3" | |
with: | |
python-version: "3.x" | |
- name: "Install coverage" | |
run: "python -m pip install --upgrade coverage" | |
- name: "Download artifact" | |
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a | |
with: | |
name: coverage-data | |
- name: "Combine & check coverage" | |
run: | | |
python -m coverage combine | |
python -m coverage html --skip-covered --skip-empty | |
python -m coverage report --ignore-errors --show-missing --fail-under=86 | |
- name: "Upload report" | |
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce | |
with: | |
name: coverage-report | |
path: htmlcov |