diff --git a/.github/workflows/ci_tests.yaml b/.github/workflows/ci_tests.yaml index 5208a7eeb..607b5c9e1 100644 --- a/.github/workflows/ci_tests.yaml +++ b/.github/workflows/ci_tests.yaml @@ -67,6 +67,19 @@ jobs: - os: macos-latest architecture: x86 + # `cryptography` no longer publishes 32-bit Windows wheels for + # any CPython version, so pip falls back to building from sdist. + # That build is Rust/maturin-based and fails on the hosted + # windows-latest runner because only the x86_64 Rust target is + # installed while the interpreter reports platform `win32` + # (i686), so maturin refuses to use it. Drop x86 on Windows + # entirely; the only path back would be host-side toolchain + # provisioning (i686 Rust target + 32-bit OpenSSL) per cell, + # which isn't worth it for a configuration upstream no longer + # supports. + - os: windows-latest + architecture: x86 + # MPL is not supported on <3.11 - python: 3.7 optional_mpl_dependency: -mpl diff --git a/decrypt_oracle/tox.ini b/decrypt_oracle/tox.ini index e13916b1d..0efc4e7fa 100644 --- a/decrypt_oracle/tox.ini +++ b/decrypt_oracle/tox.ini @@ -89,18 +89,18 @@ commands = pytest --basetemp={envtmpdir} -l --cov aws_encryption_sdk_decrypt_ora [testenv] passenv = # Pass through AWS credentials - AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN \ + AWS_ACCESS_KEY_ID + AWS_SECRET_ACCESS_KEY + AWS_SESSION_TOKEN # Pass through AWS profile name (useful for local testing) - AWS_PROFILE \ - AWS_DEFAULT_REGION \ - # Pass through AWS credentials pointer in ECS/CodeBuild - AWS_CONTAINER_CREDENTIALS_RELATIVE_URI \ - # AWS Role access in CodeBuild is via the contaner URI - AWS_CONTAINER_CREDENTIALS_RELATIVE_URI \ + AWS_PROFILE + AWS_DEFAULT_REGION + # AWS Role access in CodeBuild is via the container URI + AWS_CONTAINER_CREDENTIALS_RELATIVE_URI # Used to manage test generators - AWS_ENCRYPTION_SDK_PYTHON_DECRYPT_ORACLE_GENERATE_TEST_VECTORS \ - AWS_ENCRYPTION_SDK_PYTHON_DECRYPT_ORACLE_REGION \ - AWS_ENCRYPTION_SDK_PYTHON_DECRYPT_ORACLE_API_DEPLOYMENT_ID \ + AWS_ENCRYPTION_SDK_PYTHON_DECRYPT_ORACLE_GENERATE_TEST_VECTORS + AWS_ENCRYPTION_SDK_PYTHON_DECRYPT_ORACLE_REGION + AWS_ENCRYPTION_SDK_PYTHON_DECRYPT_ORACLE_API_DEPLOYMENT_ID # Used by Chalice APP_S3_BUCKET sitepackages = False diff --git a/dev_requirements/ci-requirements.txt b/dev_requirements/ci-requirements.txt index 4335988fd..e62af185e 100644 --- a/dev_requirements/ci-requirements.txt +++ b/dev_requirements/ci-requirements.txt @@ -1,2 +1,2 @@ setuptools -tox==3.27.1 +tox==4.25.0 diff --git a/performance_tests/tox.ini b/performance_tests/tox.ini index 5c5cfd99c..e01ca4c7b 100644 --- a/performance_tests/tox.ini +++ b/performance_tests/tox.ini @@ -41,9 +41,11 @@ deps = [testenv] passenv = # Pass through AWS credentials - AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN \ + AWS_ACCESS_KEY_ID + AWS_SECRET_ACCESS_KEY + AWS_SESSION_TOKEN # AWS Role access in CodeBuild is via the contaner URI - AWS_CONTAINER_CREDENTIALS_RELATIVE_URI \ + AWS_CONTAINER_CREDENTIALS_RELATIVE_URI # Pass through AWS profile name (useful for local testing) AWS_PROFILE sitepackages = False diff --git a/test_vector_handlers/tox.ini b/test_vector_handlers/tox.ini index 41a208a3f..49d45cb3f 100644 --- a/test_vector_handlers/tox.ini +++ b/test_vector_handlers/tox.ini @@ -41,9 +41,11 @@ commands = pytest --basetemp={envtmpdir} -l --cov awses_test_vectors test/ --ign [testenv] passenv = # Pass through AWS credentials - AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN \ + AWS_ACCESS_KEY_ID + AWS_SECRET_ACCESS_KEY + AWS_SESSION_TOKEN # AWS Role access in CodeBuild is via the contaner URI - AWS_CONTAINER_CREDENTIALS_RELATIVE_URI \ + AWS_CONTAINER_CREDENTIALS_RELATIVE_URI # Pass through AWS profile name (useful for local testing) AWS_PROFILE sitepackages = False diff --git a/tox.ini b/tox.ini index 130737f86..a6666e3b1 100644 --- a/tox.ini +++ b/tox.ini @@ -63,19 +63,21 @@ commands = pytest --basetemp={envtmpdir} -l {posargs} [testenv] passenv = # Identifies AWS KMS key id to use in integration tests - AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID \ + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID # Identifies a second AWS KMS key id to use in integration tests - AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2 \ + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_KEY_ID_2 # Identifies AWS KMS MRK key id to use in integration tests - AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_1 \ + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_1 # Identifies a related AWS KMS MRK key id to use in integration tests - AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_2 \ + AWS_ENCRYPTION_SDK_PYTHON_INTEGRATION_TEST_AWS_KMS_MRK_KEY_ID_2 # Pass through AWS credentials - AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_SESSION_TOKEN \ + AWS_ACCESS_KEY_ID + AWS_SECRET_ACCESS_KEY + AWS_SESSION_TOKEN # AWS Role access in CodeBuild is via the contaner URI - AWS_CONTAINER_CREDENTIALS_RELATIVE_URI \ + AWS_CONTAINER_CREDENTIALS_RELATIVE_URI # Pass through AWS profile name (useful for local testing) - AWS_PROFILE \ + AWS_PROFILE # Pass through custom pip config file settings PIP_CONFIG_FILE sitepackages = False @@ -186,8 +188,8 @@ commands = pylint \ --rcfile=src/pylintrc \ --max-module-lines=1500 \ - src/aws_encryption_sdk/ \ - setup.py + src/aws_encryption_sdk/ \ + setup.py \ --ignore-paths=src/aws_encryption_sdk/internal/mpl/ [testenv:pylint-examples] @@ -352,8 +354,8 @@ passenv = # Intentionally omit TWINE_REPOSITORY_URL from the passenv list, # as this overrides other ways of setting the repository and could # unexpectedly result in releasing to the wrong repo - {[testenv]passenv} \ - TWINE_USERNAME \ + {[testenv]passenv} + TWINE_USERNAME TWINE_PASSWORD commands = {[testenv:build]commands} @@ -363,7 +365,7 @@ basepython = python3 skip_install = true deps = {[testenv:release-base]deps} passenv = - {[testenv:release-base]passenv} \ + {[testenv:release-base]passenv} TWINE_REPOSITORY_URL setenv = # Explicitly set the URL as the env variable value, which will cause us to