From b6ff7bf0e15c5678241ca4e159bca100707d6fe7 Mon Sep 17 00:00:00 2001 From: Alex Gaynor Date: Sat, 7 Sep 2024 17:09:16 -0400 Subject: [PATCH] Pin uv hashes in wheel builder (#11566) --- .github/requirements/uv-requirements.txt | 21 +++++++++++++++++++++ .github/workflows/wheel-builder.yml | 13 ++++++++----- 2 files changed, 29 insertions(+), 5 deletions(-) create mode 100644 .github/requirements/uv-requirements.txt diff --git a/.github/requirements/uv-requirements.txt b/.github/requirements/uv-requirements.txt new file mode 100644 index 000000000000..1c52eda4f7e7 --- /dev/null +++ b/.github/requirements/uv-requirements.txt @@ -0,0 +1,21 @@ +# This file was autogenerated by uv via the following command: +# uv pip compile --universal -p 3.8 --generate-hashes - +uv==0.4.7 \ + --hash=sha256:00aa7299edefcc4069d73b988a7331d590e3fedd29f5695b1680905af1ccba04 \ + --hash=sha256:0fef80011c96dc8e284f4895b7ca92945e450fb517872115a557e72789c0e2c5 \ + --hash=sha256:106fc5449a63137da6b3c4fd25775e3eeda3b11c8cea12439d95201237a95484 \ + --hash=sha256:1357fb27047cff94422bb82cf9a82d7285ce8341a204fc1925b0b89c8d108249 \ + --hash=sha256:23283699e6035ef536b204f9094e7297093a527f958b86d4ce26613c603f564c \ + --hash=sha256:2ab5f6701046b373cdedca7334e20a8dc7726eb4c3e2f6e18297dbbda09afba9 \ + --hash=sha256:319a585f53c0b63b989526206383716e1d7c0f3483425058b94bf47402a81841 \ + --hash=sha256:54c3dde3c01d96fba484c2728e020c7c867e05a88de143ddb6df1091d1ffdfb7 \ + --hash=sha256:63b59e0cfa303a97ce5ba19fa8fc27a6339516561bc4b821cca52ed15721cbdb \ + --hash=sha256:904763380be165f5213dcbacb8d6c17d5cf138ea4bd24b4a37a1b6046b5650a1 \ + --hash=sha256:9356449439d4fa42419d17736d775cd1701b1b4a054ab445faf1477a6920a505 \ + --hash=sha256:a1850d93f78eeb6d0ace3dc0335e1bf141a4b6a26844ab75f00055de2a4817cd \ + --hash=sha256:ab7308c0604268f21b1a5bce4e1b61bcf56831f4aef59bee93c2b5815f4bc6a8 \ + --hash=sha256:bfbd6e28b0543b774db7d97d61963c384c70284e95056004c8f74252e69616c7 \ + --hash=sha256:d6c8e43bbdfa2f7910245335acb93fcb5a4e34995b7ce60de4e814071690b3c5 \ + --hash=sha256:e1f3285bebfeab6e076e651ec47f6adf7a83a4f014dd9d7e73efc034e77d42cd \ + --hash=sha256:e8bc35e30f2bb03f0e1812f1c0dce0e73d8ab01e90392d39f334da9d75e522b0 \ + --hash=sha256:ec49a00317799226d33135bf40e8da44262f44e3980a5bb9e6dae7250523c963 diff --git a/.github/workflows/wheel-builder.yml b/.github/workflows/wheel-builder.yml index e7b22014735d..1643b22b26a6 100644 --- a/.github/workflows/wheel-builder.yml +++ b/.github/workflows/wheel-builder.yml @@ -21,6 +21,7 @@ on: env: BUILD_REQUIREMENTS_PATH: .github/requirements/build-requirements.txt + UV_REQUIREMENTS_PATH: .github/requirements/uv-requirements.txt jobs: sdist: @@ -33,7 +34,7 @@ jobs: ref: ${{ github.event.inputs.version || github.ref }} persist-credentials: false - - run: python -m pip install uv + - run: python -m pip install -r $UV_REQUIREMENTS_PATH - name: Make sdist (cryptography) run: uv build --build-constraint=$BUILD_REQUIREMENTS_PATH --require-hashes --sdist @@ -195,6 +196,7 @@ jobs: persist-credentials: false sparse-checkout: | ${{ env.BUILD_REQUIREMENTS_PATH }} + ${{ env.UV_REQUIREMENTS_PATH }} sparse-checkout-cone-mode: false - name: Setup python run: | @@ -226,7 +228,7 @@ jobs: with: name: cryptography-sdist - - run: ${{ matrix.PYTHON.BIN_PATH }} -m pip install uv + - run: ${{ matrix.PYTHON.BIN_PATH }} -m pip install -r ${{ env.UV_REQUIREMENTS_PATH }} - run: mkdir wheelhouse - name: Build the wheel run: | @@ -249,7 +251,7 @@ jobs: run: | find .venv/lib/*/site-packages/cryptography/hazmat/bindings -name '*.so' -exec vtool -show {} \; - run: | - .venv/bin/python -c "from cryptography.hazmat.backends.openssl.backend import backend;print('Loaded: ' + backend.openssl_version_text());print('Linked Against: ' + backend._ffi.string(backend._lib.OPENSSL_VERSION_TEXT).decode('ascii'))" + echo "from cryptography.hazmat.backends.openssl.backend import backend;print('Loaded: ' + backend.openssl_version_text());print('Linked Against: ' + backend._ffi.string(backend._lib.OPENSSL_VERSION_TEXT).decode('ascii'))" | uv run - - run: | echo "CRYPTOGRAPHY_WHEEL_NAME=$(basename $(ls wheelhouse/cryptography*.whl))" >> $GITHUB_ENV @@ -285,6 +287,7 @@ jobs: persist-credentials: false sparse-checkout: | ${{ env.BUILD_REQUIREMENTS_PATH }} + ${{ env.UV_REQUIREMENTS_PATH }} sparse-checkout-cone-mode: false - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 @@ -316,7 +319,7 @@ jobs: echo "OPENSSL_STATIC=1" >> $GITHUB_ENV shell: bash - - run: pip install uv + - run: pip install -r ${{ env.UV_REQUIREMENTS_PATH }} - run: mkdir wheelhouse - run: | if [ -n "${{ matrix.PYTHON.ABI_VERSION }}" ]; then @@ -331,7 +334,7 @@ jobs: - run: uv pip install cryptography --no-index -f wheelhouse/ - name: Print the OpenSSL we built and linked against run: | - .venv/Scripts/python -c "from cryptography.hazmat.backends.openssl.backend import backend;print('Loaded: ' + backend.openssl_version_text());print('Linked Against: ' + backend._ffi.string(backend._lib.OPENSSL_VERSION_TEXT).decode('ascii'))" + echo "from cryptography.hazmat.backends.openssl.backend import backend;print('Loaded: ' + backend.openssl_version_text());print('Linked Against: ' + backend._ffi.string(backend._lib.OPENSSL_VERSION_TEXT).decode('ascii'))" | uv run - - uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 with: