kadmin: add key data support #312
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: Python CI | |
"on": | |
push: | |
branches: | |
- main | |
pull_request: | |
branches: | |
- main | |
release: | |
types: | |
- released | |
env: | |
DEBIAN_FRONTEND: noninteractive | |
CARGO_INCREMENTAL: "false" | |
SCCACHE_GHA_ENABLED: "on" | |
jobs: | |
lint: | |
strategy: | |
fail-fast: false | |
matrix: | |
job: | |
- black | |
- mypy | |
- ruff | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- run: pipx install poetry || true | |
- uses: actions/setup-python@v5 | |
with: | |
python-version-file: "pyproject.toml" | |
cache: "poetry" | |
- run: poetry install --only=dev | |
- uses: actions-rust-lang/setup-rust-toolchain@v1 | |
- uses: actions/github-script@v7 | |
with: | |
script: | | |
core.exportVariable('ACTIONS_CACHE_URL', process.env.ACTIONS_CACHE_URL || ''); | |
core.exportVariable('ACTIONS_RUNTIME_TOKEN', process.env.ACTIONS_RUNTIME_TOKEN || ''); | |
- uses: taiki-e/install-action@v2 | |
with: | |
tool: just,sccache | |
- run: poetry run just ci-lint-${{ matrix.job }} | |
build: | |
strategy: | |
fail-fast: false | |
matrix: | |
python-version: | |
- "3.9" | |
- "3.10" | |
- "3.11" | |
- "3.12" | |
- "3.13" | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- run: pipx install poetry || true | |
- uses: actions/setup-python@v5 | |
with: | |
python-version: ${{ matrix.python-version }} | |
cache: "poetry" | |
- run: poetry install --only=dev | |
- uses: actions-rust-lang/setup-rust-toolchain@v1 | |
- uses: actions/github-script@v7 | |
with: | |
script: | | |
core.exportVariable('ACTIONS_CACHE_URL', process.env.ACTIONS_CACHE_URL || ''); | |
core.exportVariable('ACTIONS_RUNTIME_TOKEN', process.env.ACTIONS_RUNTIME_TOKEN || ''); | |
- uses: taiki-e/install-action@v2 | |
with: | |
tool: just,sccache | |
- run: poetry run just ci-build-python | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: python-${{ matrix.python-version }}-build | |
path: dist | |
test: | |
needs: build | |
strategy: | |
fail-fast: false | |
matrix: | |
job: | |
- mit | |
# Several issues in k5test preventing us from running kadmind with it currently | |
# - h5l | |
python-version: | |
- "3.9" | |
- "3.10" | |
- "3.11" | |
- "3.12" | |
- "3.13" | |
runs-on: ubuntu-latest | |
env: | |
KRB5_TRACE: /dev/stderr | |
steps: | |
- uses: actions/checkout@v4 | |
- shell: bash | |
run: | | |
pipx install poetry || true | |
- uses: actions/setup-python@v5 | |
with: | |
python-version: ${{ matrix.python-version }} | |
cache: "poetry" | |
- run: poetry install --only=test | |
- uses: taiki-e/install-action@v2 | |
with: | |
tool: just | |
- uses: actions/download-artifact@v4 | |
with: | |
name: python-${{ matrix.python-version }}-build | |
path: dist | |
- run: | | |
PATH="/usr/lib/heimdal-servers:$PATH" poetry run just ci-test-python-${{ matrix.job }} | |
check-python: | |
if: always() | |
needs: | |
- lint | |
- build | |
- test | |
runs-on: ubuntu-latest | |
steps: | |
- uses: re-actors/alls-green@release/v1 | |
with: | |
jobs: ${{ toJSON(needs) }} | |
build-sdist: | |
needs: check-python | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- run: pipx install poetry || true | |
- uses: actions/setup-python@v5 | |
with: | |
python-version-file: pyproject.toml | |
cache: "poetry" | |
- run: poetry install --only=dev | |
- uses: taiki-e/install-action@v2 | |
with: | |
tool: just | |
- run: poetry run just ci-build-python-sdist | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: python-cibw-sdist | |
path: dist/*.tar.gz | |
build-wheels-matrix: | |
needs: check-python | |
runs-on: ubuntu-latest | |
outputs: | |
matrix: ${{ steps.set-matrix.outputs.matrix }} | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- run: pipx install poetry || true | |
- uses: actions/setup-python@v5 | |
with: | |
python-version-file: pyproject.toml | |
cache: "poetry" | |
- run: poetry install --only=dev | |
- id: set-matrix | |
name: compute matrix | |
run: | | |
MATRIX="$( | |
{ | |
poetry run cibuildwheel --print-build-identifiers --platform linux --archs x86_64,aarch64 \ | |
| sed 's/.*/{"cibw-only": "&", "os": "ubuntu-latest"}/' \ | |
&& poetry run cibuildwheel --print-build-identifiers --platform macos --archs x86_64 \ | |
| sed 's/.*/{"cibw-only": "&", "os": "macos-13" }/' \ | |
&& poetry run cibuildwheel --print-build-identifiers --platform macos --archs arm64 \ | |
| sed 's/.*/{"cibw-only": "&", "os": "macos-14" }/' | |
} | jq --slurp --compact-output '{"include": .}' | |
)" | |
echo matrix="$MATRIX" >> "$GITHUB_OUTPUT" | |
build-wheels: | |
needs: build-wheels-matrix | |
strategy: | |
fail-fast: false | |
matrix: ${{ fromJson(needs.build-wheels-matrix.outputs.matrix) }} | |
runs-on: ${{ matrix.os }} | |
timeout-minutes: 60 | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- uses: actions/github-script@v7 | |
with: | |
script: | | |
core.exportVariable('ACTIONS_CACHE_URL', process.env.ACTIONS_CACHE_URL || ''); | |
core.exportVariable('ACTIONS_RUNTIME_TOKEN', process.env.ACTIONS_RUNTIME_TOKEN || ''); | |
- uses: docker/setup-qemu-action@v3 | |
if: runner.os == 'Linux' | |
with: | |
platforms: all | |
- uses: pypa/[email protected] | |
with: | |
only: "${{ matrix.cibw-only }}" | |
env: | |
CIBW_BEFORE_ALL_LINUX: "set -e; curl -sSf https://sh.rustup.rs | sh -s -- -y; yum install -y krb5-devel clang-devel openssl-devel || apk add krb5-dev clang-dev sccache; which sccache && exit 0; curl -fsSL https://github.com/mozilla/sccache/releases/download/v0.8.2/sccache-v0.8.2-$(uname -m)-unknown-linux-musl.tar.gz | tar xvz -C /tmp/; mv /tmp/sccache-v0.8.2-$(uname -m)-unknown-linux-musl/sccache /usr/bin/sccache" | |
CIBW_BEFORE_ALL_MACOS: "set -e; curl -sSf https://sh.rustup.rs | sh -s -- -y; brew install llvm krb5 sccache" | |
CIBW_ENVIRONMENT_LINUX: "PATH=$HOME/.cargo/bin:$PATH" | |
CIBW_ENVIRONMENT_PASS_LINUX: "DEBIAN_FRONTEND CARGO_INCREMENTAL SCCACHE_GHA_ENABLED ACTIONS_CACHE_URL ACTIONS_RUNTIME_TOKEN" | |
CIBW_ENVIRONMENT_MACOS: "PKG_CONFIG_PATH=/opt/homebrew/opt/krb5/lib/pkgconfig:/usr/local/opt/krb5/lib/pkgconfig MACOSX_DEPLOYMENT_TARGET=14.0 PATH=$HOME/.cargo/bin:$PATH" | |
CIBW_MANYLINUX_X86_64_IMAGE: manylinux_2_28 | |
CIBW_MANYLINUX_PYPY_X86_64_IMAGE: manylinux_2_28 | |
CIBW_MANYLINUX_AARCH64_IMAGE: manylinux_2_28 | |
CIBW_MANYLINUX_PPC64LE_IMAGE: manylinux_2_28 | |
CIBW_MANYLINUX_S390X_IMAGE: manylinux_2_28 | |
CIBW_MANYLINUX_PYPY_AARCH64_IMAGE: manylinux_2_28 | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: python-cibw-wheels-${{ matrix.cibw-only }} | |
path: ./wheelhouse/*.whl | |
merge-dist-artifacts: | |
needs: | |
- build-sdist | |
- build-wheels | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/upload-artifact/merge@v4 | |
with: | |
name: python-dist | |
pattern: python-cibw-* | |
delete-merged: false | |
release: | |
needs: | |
- check-python | |
- merge-dist-artifacts | |
runs-on: ubuntu-latest | |
environment: pypi | |
permissions: | |
id-token: write | |
if: github.event_name == 'release' && startsWith(github.ref, 'refs/tags/kadmin/version/') | |
steps: | |
- uses: actions/download-artifact@v4 | |
with: | |
pattern: python-cibw-* | |
path: dist | |
merge-multiple: true | |
- uses: pypa/gh-action-pypi-publish@release/v1 |