properties([
    parameters([
        string(defaultValue: '', description: 'The version from PyPI to build', name: 'BUILD_VERSION')
    ]),
    pipelineTriggers([])
])

def configs = [
    [
        label: 'windows',
        versions: ['py27', 'py34', 'py35', 'py36', 'py37'],
    ],
    [
        label: 'windows64',
        versions: ['py27', 'py34', 'py35', 'py36', 'py37'],
    ],
    [
        label: 'sierra',
        // The py3x version listed here corresponds to the minimum ABI version
        // the wheels will support. e.g. py34 supports py34+
        versions: ['py27', 'py34'],
    ],
    [
        label: 'docker',
        imageName: 'pyca/cryptography-manylinux1:i686',
        // The py3x version listed here corresponds to the minimum ABI version
        // the wheels will support. e.g. cp34-cp34m supports py34+
        versions: [
            'cp27-cp27m', 'cp27-cp27mu', 'cp34-cp34m',
        ],
    ],
    [
        label: 'docker',
        imageName: 'pyca/cryptography-manylinux1:x86_64',
        // The py3x version listed here corresponds to the minimum ABI version
        // the wheels will support. e.g. cp34-cp34m supports py34+
        versions: [
            'cp27-cp27m', 'cp27-cp27mu', 'cp34-cp34m',
        ],
    ],
]


def build(version, label, imageName) {
    try {
        timeout(time: 30, unit: 'MINUTES') {
            if (label.contains("windows")) {
                def pythonPath = [
                    py27: "C:\\Python27\\python.exe",
                    py34: "C:\\Python34\\python.exe",
                    py35: "C:\\Python35\\python.exe",
                    py36: "C:\\Python36\\python.exe",
                    py37: "C:\\Python37\\python.exe"
                ]
                if (version == "py35" || version == "py36" || version == "py37") {
                    opensslPaths = [
                        "windows": [
                            "include": "C:\\OpenSSL-Win32-2015\\include",
                            "lib": "C:\\OpenSSL-Win32-2015\\lib"
                        ],
                        "windows64": [
                            "include": "C:\\OpenSSL-Win64-2015\\include",
                            "lib": "C:\\OpenSSL-Win64-2015\\lib"
                        ]
                    ]
                } else {
                    opensslPaths = [
                        "windows": [
                            "include": "C:\\OpenSSL-Win32-2010\\include",
                            "lib": "C:\\OpenSSL-Win32-2010\\lib"
                        ],
                        "windows64": [
                            "include": "C:\\OpenSSL-Win64-2010\\include",
                            "lib": "C:\\OpenSSL-Win64-2010\\lib"
                        ]
                    ]
                }
                bat """
                    wmic qfe
                    @set PATH="C:\\Python27";"C:\\Python27\\Scripts";%PATH%
                    @set PYTHON="${pythonPath[version]}"

                    @set INCLUDE="${opensslPaths[label]['include']}";%INCLUDE%
                    @set LIB="${opensslPaths[label]['lib']}";%LIB%
                    virtualenv -p %PYTHON% .release
                    call .release\\Scripts\\activate
                    pip install wheel virtualenv
                    pip wheel cryptography==$BUILD_VERSION --wheel-dir=wheelhouse --no-binary cryptography
                    pip install -f wheelhouse cryptography --no-index
                    python -c "from cryptography.hazmat.backends.openssl.backend import backend;print('Loaded: ' + backend.openssl_version_text());print('Linked Against: ' + backend._ffi.string(backend._lib.OPENSSL_VERSION_TEXT).decode('ascii'))"
                """
            } else if (label.contains("sierra")) {
                def pythonPath = [
                    py27: "/Library/Frameworks/Python.framework/Versions/2.7/bin/python2.7",
                    py34: "/Library/Frameworks/Python.framework/Versions/3.4/bin/python3.4",
                ]
                ansiColor {
                    sh """#!/usr/bin/env bash
                        set -xe
                        # output the list of things we've installed as a point in time check of how up
                        # to date the builder is
                        /usr/sbin/system_profiler SPInstallHistoryDataType

                        # Jenkins logs in as a non-interactive shell, so we don't even have /usr/local/bin in PATH
                        export PATH="/usr/local/bin:\${PATH}"
                        export PATH="/Users/jenkins/.pyenv/shims:\${PATH}"

                        printenv

                        virtualenv .venv -p ${pythonPath[version]}
                        source .venv/bin/activate
                        pip install -U wheel # upgrade wheel to latest before we use it to build the wheel
                        pip install cffi six idna asn1crypto ipaddress enum34
                        REGEX="py3([0-9])*"
                        if [[ "${version}" =~ \$REGEX ]]; then
                            PY_LIMITED_API="--build-option --py-limited-api=cp3\${BASH_REMATCH[1]}"
                        fi
                        CRYPTOGRAPHY_SUPPRESS_LINK_FLAGS="1" \
                            LDFLAGS="/usr/local/opt/openssl@1.1/lib/libcrypto.a /usr/local/opt/openssl@1.1/lib/libssl.a" \
                            CFLAGS="-I/usr/local/opt/openssl@1.1/include -mmacosx-version-min=10.9" \
                            pip wheel cryptography==$BUILD_VERSION --wheel-dir=wheelhouse --no-binary cryptography --no-deps \$PY_LIMITED_API
                        pip install -f wheelhouse cryptography --no-index
                        python -c "from cryptography.hazmat.backends.openssl.backend import backend;print('Loaded: ' + backend.openssl_version_text());print('Linked Against: ' + backend._ffi.string(backend._lib.OPENSSL_VERSION_TEXT).decode('ascii'))"
                        otool -L `find .venv -name '_openssl*.so'`
                        lipo -info `find .venv -name '*.so'`
                        otool -L `find .venv -name '_openssl*.so'` | grep -vG "libcrypto\\|libssl"
                    """
                }
            } else if (label.contains("docker")) {
                linux32 = ""
                if (imageName.contains("i686")) {
                    linux32 = "linux32"
                }
                sh """#!/usr/bin/env bash
                    set -x -e

                    $linux32 /opt/python/$version/bin/pip install cffi six idna asn1crypto ipaddress enum34
                    # Because we are doing this as root in the container, but we write to a mounted dir that is outside the container
                    # we need to make sure we set these files writable such that the jenkins user can delete them afterwards
                    mkdir -p tmpwheelhouse
                    mkdir -p wheelhouse
                    chmod -R 777 tmpwheelhouse
                    chmod -R 777 wheelhouse

                    REGEX="cp3([0-9])*"
                    if [[ "${version}" =~ \$REGEX ]]; then
                        PY_LIMITED_API="--build-option --py-limited-api=cp3\${BASH_REMATCH[1]}"
                    fi
                    LDFLAGS="-L/opt/pyca/cryptography/openssl/lib" \
                        CFLAGS="-I/opt/pyca/cryptography/openssl/include -Wl,--exclude-libs,ALL" \
                        $linux32 /opt/python/$version/bin/pip wheel cryptography==$BUILD_VERSION --no-binary cryptography --no-deps --wheel-dir=tmpwheelhouse \$PY_LIMITED_API
                    $linux32 auditwheel repair tmpwheelhouse/cryptography*.whl -w wheelhouse/
                    unzip wheelhouse/*.whl -d execstack.check
                    chmod -R 777 execstack.check
                    (execstack execstack.check/cryptography/hazmat/bindings/*.so | grep '^X') && exit 1
                    $linux32 /opt/python/$version/bin/pip install cryptography==$BUILD_VERSION --no-index -f wheelhouse/
                    $linux32 /opt/python/$version/bin/python -c "from cryptography.hazmat.backends.openssl.backend import backend;print('Loaded: ' + backend.openssl_version_text());print('Linked Against: ' + backend._ffi.string(backend._lib.OPENSSL_VERSION_TEXT).decode('ascii'))"
                """
            }
            archiveArtifacts artifacts: "wheelhouse/cryptography*.whl"
        }
    } finally {
        deleteDir()
    }

}

def builders = [:]
for (config in configs) {
    def label = config["label"]
    def versions = config["versions"]

    for (_version in versions) {
        def version = _version

        if (label.contains("docker")) {
            def imageName = config["imageName"]
            def combinedName = "${imageName}-${version}"
            builders[combinedName] = {
                node(label) {
                    stage(combinedName) {
                        def buildImage = docker.image(imageName)
                        buildImage.pull()
                        buildImage.inside("-u root") {
                            build(version, label, imageName)
                        }
                    }
                }
            }
        } else {
            def combinedName = "${label}-${version}"
            builders[combinedName] = {
                node(label) {
                    stage(combinedName) {
                        build(version, label, "")
                    }
                }
            }
        }
    }
}

parallel builders
