This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Title: Run GHA CI with multiple OpenSSL versions
Type: behavior Stage: resolved
Components: SSL, Tests Versions: Python 3.10, Python 3.9, Python 3.8
Status: closed Resolution: fixed
Dependencies: Superseder:
Assigned To: christian.heimes Nosy List: christian.heimes, miss-islington
Priority: normal Keywords: patch

Created on 2021-04-12 08:38 by christian.heimes, last changed 2022-04-11 14:59 by admin. This issue is now closed.

Pull Requests
URL Status Linked Edit
PR 25360 merged christian.heimes, 2021-04-12 10:02
PR 25391 merged miss-islington, 2021-04-13 17:24
PR 25392 merged miss-islington, 2021-04-13 17:24
Messages (6)
msg390825 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2021-04-12 08:38
CI only tests one OpenSSL version, but Python supports multiple versions of OpenSSL. OpenSSL 1.0.2, 1.1.0, 1.1.1, and 3.0.0 have different APIs and behave differently. We should run minimal tests with all major OpenSSL versions to ensure that Python compiles and works with supported versions.

This will slow down CI a bit. I figured out how to include ccache to speed up compilation a lot. With populated ccache configure + make takes less than 30 seconds instead of 90 seconds.

I also noticed that GHA action configuration compiles Python with custom OpenSSL but fails to set rpath / LD_LIBRARY_PATH. I think this means that we compile with custom OpenSSL but actual tests use OSS' OpenSSL libraries.
msg390830 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2021-04-12 09:44
Github selects required actions based on the "name" attribute of a job. Therefore I decided to keep the default "Ubuntu" job and moved the additional OpenSSL tests to another job.

For future reference, my first approach was:

      fail-fast: false
        openssl_ver: [1.1.1k, 1.0.2u, 1.1.0l, 3.0.0-alpha14]
        - openssl_ver: 1.1.1k
          testmode: 'full'
    - name: Tests
      run: xvfb-run make buildbottest TESTOPTS="-j4 -uall,-cpu"
      if: ${{ matrix.testmode == 'full' }}
    - name: SSL tests
      run: ./python Lib/test/
      if: ${{ matrix.testmode != 'full' }}
msg390932 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2021-04-13 07:10
The new checks are only executed when one or more OpenSSL-related files are modified. The checks run a handful of networking and hashing test suites. All SSL checks are optional. This PR also introduces ccache to speed up compilation. In common cases it speeds up configure and compile time from about 90 seconds to less than 30 seconds.
msg390980 - (view) Author: miss-islington (miss-islington) Date: 2021-04-13 17:23
New changeset 8fa1489365e7af8b90286c97db55a2dc60a05cde by Christian Heimes in branch 'master':
bpo-43811: Test multiple OpenSSL versions on GHA (GH-25360)
msg390989 - (view) Author: miss-islington (miss-islington) Date: 2021-04-13 19:14
New changeset 5ce227f3a767e6e44e7c41e0c845a83cf7777ca4 by Miss Islington (bot) in branch '3.9':
[3.9] bpo-43811: Test multiple OpenSSL versions on GHA (GH-25360) (GH-25391)
msg390992 - (view) Author: miss-islington (miss-islington) Date: 2021-04-13 19:27
New changeset a607815eb07582deb3c5818be881a98abe25a100 by Miss Islington (bot) in branch '3.8':
[3.8] bpo-43811: Test multiple OpenSSL versions on GHA (GH-25360) (GH-25392)
Date User Action Args
2022-04-11 14:59:44adminsetgithub: 87977
2021-04-19 20:10:18christian.heimessetstatus: open -> closed
dependencies: - Run GHA CI with multiple OpenSSL versions
resolution: fixed
stage: patch review -> resolved
2021-04-19 20:10:18christian.heimesunlinkissue43811 dependencies
2021-04-13 19:27:10miss-islingtonsetmessages: + msg390992
2021-04-13 19:14:48miss-islingtonsetmessages: + msg390989
2021-04-13 17:24:23miss-islingtonsetpull_requests: + pull_request24125
2021-04-13 17:24:14miss-islingtonsetpull_requests: + pull_request24124
2021-04-13 17:23:58miss-islingtonsetnosy: + miss-islington
messages: + msg390980
2021-04-13 07:10:33christian.heimessetdependencies: + Run GHA CI with multiple OpenSSL versions
messages: + msg390932
2021-04-13 07:10:33christian.heimeslinkissue43811 dependencies
2021-04-13 07:08:55christian.heimeslinkissue38820 dependencies
2021-04-12 10:02:19christian.heimessetkeywords: + patch
stage: patch review
pull_requests: + pull_request24094
2021-04-12 09:44:26christian.heimessetmessages: + msg390830
2021-04-12 08:38:07christian.heimescreate