bpo-43811: Test multiple OpenSSL versions on GHA #25360
Conversation
|
#25361 addresses the unrelated test failures. |
a741341 to
302c398
Compare
| strategy: | ||
| fail-fast: false | ||
| matrix: | ||
| openssl_ver: [1.0.2u, 1.1.0l, 1.1.1k, 3.0.0-alpha14] |
There was a problem hiding this comment.
Don't we have an accepted PEP which requires OpenSSL 1.1.1 or newer?
Each additional CI increases the error rate since we still have unstable tests in asyncio and multiprocessing tests. I would prefer to not add too many CIs. At least, don't make them mandatory (allow to merge a PR even if they fail).
Rather than pre-commit CI jobs run on every since PR and at every PR update, can't we use a post-commit CI, like a buildbot worker? Issues in pre-commit are way more annoying.
cc @pablogsal @zware
There was a problem hiding this comment.
Don't we have an accept PEP which requires OpenSSL 1.1.1 or newer?
Yes, but the PEP applies to 3.10 only. You want OpenSSL 3.0.0 compatibility in 3.8 and 3.9, don't you?
Rather than pre-commit CI jobs run on every since PR and at every PR update, can't we use a post-commit CI, like a buildbot worker? Issues in pre-commit are way more annoying.
I need an easy and reliable way to ensure that Python works with all supported OpenSSL versions. Post-commit CI is too late.
There was a problem hiding this comment.
You can add OpenSSL < 1.1.1 in the CI jobs when you backport this PR to 3.9 and older. But this PR targets master, so I expect not see OpenSSL < 1.1.1 in this branch.
There was a problem hiding this comment.
Master still supports OpenSSL 1.1.0 and 1.0.2. I have not finished and pushed the PEP 644 PR. I deliberately postponed PEP 644 changes until OpenSSL 3.0.0 support is done.
There was a problem hiding this comment.
Each additional CI increases the error rate since we still have unstable tests in asyncio and multiprocessing tests. I would prefer to not add too many CIs. At least, don't make them mandatory (allow to merge a PR even if they fail).
The additional SSL tests are now only executed when any OpenSSL or GHA related file is modified. The SSL tests only execute a couple of selected tests. Multiprocessing tests are skipped. The CI steps are not mandatory.
There was a problem hiding this comment.
"Master still supports OpenSSL 1.1.0 and 1.0.2. I have not finished and pushed the PEP 644 PR. I deliberately postponed PEP 644 changes until OpenSSL 3.0.0 support is done."
Ok.
This is a chicken and egg problem. #25329 needs this PR to verify that the code works. |
I'm spending a lot of time to fix every single warning in Python. I would prefer to not add new warnings, especially if you know that a lot of will be needed to fix them. Can't you run this CI job locally, fix warnings, and then automate checks on PRs? I would prefer not annoy contributors who don't work on OpenSSL support with these new deprecation warnings. |
I prefer to add CI first, so I have a stable baseline. Then I can fix deprecation warnings. |
|
I have added a new |
Signed-off-by: Christian Heimes <christian@python.org>
7e18dda to
3669c9f
Compare
|
@vstinner @pablogsal I have reworked the PR. Additional checks are optional and only executed when GHA detects a modification of an OpenSSL-related file or a file in |
| strategy: | ||
| fail-fast: false | ||
| matrix: | ||
| openssl_ver: [1.0.2u, 1.1.0l, 1.1.1k, 3.0.0-alpha14] |
There was a problem hiding this comment.
"Master still supports OpenSSL 1.1.0 and 1.0.2. I have not finished and pushed the PEP 644 PR. I deliberately postponed PEP 644 changes until OpenSSL 3.0.0 support is done."
Ok.
|
Thanks @tiran for the PR 🌮🎉.. I'm working now to backport this PR to: 3.8, 3.9. |
The new checks are only executed when one or more OpenSSL-related files are modified. The checks run a handful of networking and hashing test suites. All SSL checks are optional. This PR also introduces ccache to speed up compilation. In common cases it speeds up configure and compile time from about 90 seconds to less than 30 seconds. Signed-off-by: Christian Heimes <christian@python.org> (cherry picked from commit 8fa1489) Co-authored-by: Christian Heimes <christian@python.org>
|
GH-25391 is a backport of this pull request to the 3.9 branch. |
The new checks are only executed when one or more OpenSSL-related files are modified. The checks run a handful of networking and hashing test suites. All SSL checks are optional. This PR also introduces ccache to speed up compilation. In common cases it speeds up configure and compile time from about 90 seconds to less than 30 seconds. Signed-off-by: Christian Heimes <christian@python.org> (cherry picked from commit 8fa1489) Co-authored-by: Christian Heimes <christian@python.org>
|
GH-25392 is a backport of this pull request to the 3.8 branch. |
…-25391) The new checks are only executed when one or more OpenSSL-related files are modified. The checks run a handful of networking and hashing test suites. All SSL checks are optional. This PR also introduces ccache to speed up compilation. In common cases it speeds up configure and compile time from about 90 seconds to less than 30 seconds. Signed-off-by: Christian Heimes <christian@python.org> (cherry picked from commit 8fa1489) Co-authored-by: Christian Heimes <christian@python.org> Automerge-Triggered-By: GH:tiran
…-25392) The new checks are only executed when one or more OpenSSL-related files are modified. The checks run a handful of networking and hashing test suites. All SSL checks are optional. This PR also introduces ccache to speed up compilation. In common cases it speeds up configure and compile time from about 90 seconds to less than 30 seconds. Signed-off-by: Christian Heimes <christian@python.org> (cherry picked from commit 8fa1489) Co-authored-by: Christian Heimes <christian@python.org> Automerge-Triggered-By: GH:tiran
The new checks are only executed when one or more OpenSSL-related files are modified. The checks run a handful of networking and hashing test suites. All SSL checks are optional. This PR also introduces ccache to speed up compilation. In common cases it speeds up configure and compile time from about 90 seconds to less than 30 seconds.
Signed-off-by: Christian Heimes christian@python.org
https://bugs.python.org/issue43811
Automerge-Triggered-By: GH:tiran