Doing a release of cryptography requires a few steps.
The release process uses a static build for Windows and macOS wheels. Check that the Windows and macOS Jenkins builders have the latest version of OpenSSL installed before performing the release. If they do not:
Run the openssl-release-1.1 Jenkins job, then copy the resulting artifacts to the Windows builders and unzip them in the root of the file system.
Run the update-brew-openssl Jenkins job.
The next step in doing a release is bumping the version number in the software.
The commit that merged the version number bump is now the official release commit for this release. You will need to have gpg installed and a gpg key in order to do a release. Once this has happened:
The release should now be available on PyPI and a tag should be available in the repository.
You should verify that pip install cryptography works correctly:
>>> import cryptography
>>> cryptography.__version__
'...'
>>> import cryptography_vectors
>>> cryptography_vectors.__version__
'...'
Verify that this is the version you just released.
For the Windows wheels check the builds for the cryptography-wheel-builder job and verify that the final output for each build shows it loaded and linked the expected OpenSSL version.