Skip to content

gh-136728: Combine OpenSSL and AWS-LC CI configurations#144805

Merged
hugovk merged 9 commits intopython:mainfrom
zware:bump_multissl_awslc
Mar 1, 2026
Merged

gh-136728: Combine OpenSSL and AWS-LC CI configurations#144805
hugovk merged 9 commits intopython:mainfrom
zware:bump_multissl_awslc

Conversation

@zware
Copy link
Member

@zware zware commented Feb 13, 2026
edited by bedevere-app bot
Loading

I accidentally started this before finding GH-143940, but given the somewhat different approach I figured it was worth sharing anyway. If we prefer the GH-143940 approach, this can just be closed.

@zware zware added tests Tests in the Lib/test dir topic-SSL infra CI, GitHub Actions, buildbots, Dependabot, etc. type-refactor Code refactoring (with no changes in behavior) labels Feb 13, 2026
@bedevere-app bedevere-app bot mentioned this pull request Feb 13, 2026
Open
zware
zware commented Feb 13, 2026
View reviewed changes
hugovk
hugovk reviewed Feb 13, 2026
View reviewed changes
Copy link
Member

@hugovk hugovk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, this approach also looks fine by me :)

zware added 3 commits February 13, 2026 16:44
@zware
fixup! pythongh-136728: Combine OpenSSL and AWS-LC CI configurations
402c06d 
Collapse matrix entries into more concise one line each.
@zware
fixup! pythongh-136728: Combine OpenSSL and AWS-LC CI configurations
4676575 
Remove obsolete OpenSSL 1.1.1w; AWS-LC is roughly 1.1.1-shaped and
exercises the relevant APIs.
@zware
fixup! pythongh-136728: Combine OpenSSL and AWS-LC CI configurations
2543718 
Remove AWS-LC 1.55.0; just test the single latest version.
hugovk
hugovk approved these changes Feb 17, 2026
View reviewed changes
Copy link
Member

@hugovk hugovk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks both!

@zware zware marked this pull request as ready for review February 17, 2026 15:13
webknjaz
webknjaz reviewed Feb 17, 2026
View reviewed changes
.github/workflows/build.yml
ssllib:
# See Tools/ssl/make_ssl_data.py for notes on adding a new version
## OpenSSL
- { name: openssl, version: 3.0.19 }
Copy link
Member

@webknjaz webknjaz Feb 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nested objects in the matrix generally cause difficulties. So yes, that other PR solves this bit better. I understand the desire to couple libs with their versions and it might be reasonable to just use strings like openssl == 3.0.19 and split them where necessary.

Copy link
Member Author

@zware zware Feb 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What difficulties?

webknjaz
webknjaz reviewed Feb 17, 2026
View reviewed changes
picnixz
picnixz approved these changes Feb 28, 2026
View reviewed changes
Copy link
Member

@picnixz picnixz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok for thoses changes. I don't know about the changes for GHA.

@hugovk hugovk merged commit c9b96b1 into python:main Mar 1, 2026
91 of 92 checks passed
@hugovk hugovk mentioned this pull request Mar 1, 2026
Closed
@hugovk
Copy link
Member

hugovk commented Mar 1, 2026

Can we backport this, if it's not too difficult? Will make future maintenance easier.

@bedevere-bot

This comment was marked as off-topic.

Sign in to view
@zware zware deleted the bump_multissl_awslc branch March 1, 2026 17:52
@zware zware added the needs backport to 3.14 bugs and security fixes label Mar 1, 2026
@miss-islington-app
Copy link

miss-islington-app bot commented Mar 1, 2026

Thanks @zware for the PR, and @hugovk for merging it 🌮🎉.. I'm working now to backport this PR to: 3.14.
🐍🍒⛏🤖

@miss-islington-app
Copy link

miss-islington-app bot commented Mar 1, 2026

Sorry, @zware and @hugovk, I could not cleanly backport this to 3.14 due to a conflict.
Please backport using cherry_picker on command line.

cherry_picker c9b96b1e6fea13dc2879dcc626015c06dc0056ac 3.14

@zware
Copy link
Member Author

zware commented Mar 1, 2026

It's apparently not that easy to backport :). I'll give it a try.

@zware zware assigned zware and unassigned hugovk Mar 1, 2026
zware added a commit to zware/cpython that referenced this pull request Mar 1, 2026
@zware
[3.14] pythongh-136728: Combine OpenSSL and AWS-LC CI configurations (p…
48c09f4 
…ythonGH-144805)

(cherry picked from commit c9b96b1)

Co-authored-by: Zachary Ware <zach@python.org>
@bedevere-app
Copy link

bedevere-app bot commented Mar 1, 2026

GH-145397 is a backport of this pull request to the 3.14 branch.

@bedevere-app bedevere-app bot removed the needs backport to 3.14 bugs and security fixes label Mar 1, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@webknjaz webknjaz webknjaz left review comments

@hugovk hugovk hugovk approved these changes

@picnixz picnixz picnixz approved these changes

@gpshead gpshead Awaiting requested review from gpshead gpshead is a code owner

@ezio-melotti ezio-melotti Awaiting requested review from ezio-melotti ezio-melotti is a code owner

@AA-Turner AA-Turner Awaiting requested review from AA-Turner AA-Turner is a code owner

+1 more reviewer

@WillChilds-Klein WillChilds-Klein WillChilds-Klein left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@zware zware

Labels

infra CI, GitHub Actions, buildbots, Dependabot, etc. skip news tests Tests in the Lib/test dir topic-SSL type-refactor Code refactoring (with no changes in behavior)

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@zware @hugovk @bedevere-bot @webknjaz @WillChilds-Klein @picnixz