Upgrade to mitmproxy 10.1.5 #22
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
push: | |
branches: | |
- '**' | |
- '!dependabot/**' | |
pull_request: | |
merge_group: | |
workflow_dispatch: | |
permissions: | |
contents: read | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: true | |
jobs: | |
lint: | |
uses: mhils/workflows/.github/workflows/python-tox.yml@main | |
with: | |
cmd: tox -e lint | |
filename-matching: | |
uses: mhils/workflows/.github/workflows/python-tox.yml@main | |
with: | |
cmd: tox -e filename_matching | |
mypy: | |
uses: mhils/workflows/.github/workflows/python-tox.yml@main | |
with: | |
cmd: tox -e mypy | |
individual-coverage: | |
uses: mhils/workflows/.github/workflows/python-tox.yml@main | |
with: | |
cmd: tox -e individual_coverage | |
test: | |
strategy: | |
fail-fast: false | |
matrix: | |
include: | |
- os: ubuntu-latest | |
py: "3.11" | |
- os: windows-latest | |
py: "3.11" | |
- os: macos-latest | |
py: "3.11" | |
- os: ubuntu-latest | |
py: "3.10" | |
runs-on: ${{ matrix.os }} | |
steps: | |
- run: printenv | |
- uses: actions/checkout@v4 | |
with: | |
persist-credentials: false | |
fetch-depth: 0 | |
- uses: actions/setup-python@v4 | |
with: | |
python-version: ${{ matrix.py }} | |
- run: pip install tox | |
- run: tox -e py | |
if: matrix.os != 'ubuntu-latest' | |
- name: Run tox -e py (without internet) | |
run: | | |
# install dependencies (requires internet connectivity) | |
tox -e py --notest | |
# run tests with loopback only. We need to sudo for unshare, which means we need an absolute path for tox. | |
sudo unshare --net -- sh -c "ip link set lo up; $(which tox) -e py" | |
if: matrix.os == 'ubuntu-latest' | |
- uses: mhils/better-codecov-action@main | |
with: | |
arguments: '--file ./coverage.xml --name ${{ matrix.os }}' | |
build: | |
strategy: | |
fail-fast: false | |
matrix: | |
include: | |
- image: macos-12 | |
platform: macos | |
- image: windows-2019 | |
platform: windows | |
- image: ubuntu-20.04 # Oldest available version so we get oldest glibc possible. | |
platform: linux | |
runs-on: ${{ matrix.image }} | |
env: | |
CI_BUILD_KEY: ${{ secrets.CI_BUILD_KEY }} | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
persist-credentials: false | |
fetch-depth: 0 | |
- uses: actions/setup-python@v4 | |
with: | |
python-version-file: .github/python-version.txt | |
- if: matrix.platform == 'windows' | |
uses: actions/cache@v3 | |
with: | |
path: release/installbuilder/setup | |
key: installbuilder | |
- run: pip install .[dev] # pyinstaller 5.9 does not like pyproject.toml + editable installs. | |
# macOS x64. Due to GHA limitations, we are currently building the Apple Silicon app bundle outside of CI. | |
- if: matrix.platform == 'macos' && github.repository == 'mitmproxy/mitmproxy' | |
&& (startsWith(github.ref, 'refs/heads/') || startsWith(github.ref, 'refs/tags/')) | |
id: keychain | |
uses: apple-actions/import-codesign-certs@5565bb656f60c98c8fc515f3444dd8db73545dc2 | |
with: | |
keychain: ${{ runner.temp }}/temp | |
p12-file-base64: ${{ secrets.APPLE_CERTIFICATE }} | |
p12-password: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }} | |
- if: matrix.platform == 'macos' && github.repository == 'mitmproxy/mitmproxy' | |
&& (startsWith(github.ref, 'refs/heads/') || startsWith(github.ref, 'refs/tags/')) | |
run: | | |
python -u release/build.py macos-app \ | |
--keychain "${{ runner.temp }}/temp.keychain" \ | |
--team-id "S8XHQB96PW" \ | |
--apple-id "${{ secrets.APPLE_ID }}" \ | |
--password "${{ secrets.APPLE_APP_PASSWORD }}" | |
# Linux | |
- if: matrix.platform == 'linux' | |
run: python -u release/build.py standalone-binaries wheel | |
# Windows | |
- if: matrix.platform == 'windows' | |
run: python -u release/build.py standalone-binaries | |
- if: matrix.platform == 'windows' && github.repository == 'mitmproxy/mitmproxy' && | |
(github.ref == 'refs/heads/citest' || startsWith(github.ref, 'refs/tags/')) | |
run: python -u release/build.py --dirty installbuilder-installer msix-installer | |
- uses: actions/upload-artifact@v3 | |
with: | |
# artifacts must have different names, see https://github.com/actions/upload-artifact/issues/24 | |
name: binaries.${{ matrix.platform }} | |
path: | | |
release/dist | |
test-web-ui: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
persist-credentials: false | |
- uses: actions/setup-node@v4 | |
with: | |
node-version-file: .github/node-version.txt | |
- name: Cache Node.js modules | |
uses: actions/cache@v3 | |
with: | |
# npm cache files are stored in `~/.npm` on Linux/macOS | |
path: ~/.npm | |
key: ${{ runner.OS }}-node-${{ hashFiles('**/package-lock.json') }} | |
restore-keys: | | |
${{ runner.OS }}-node- | |
${{ runner.OS }}- | |
- working-directory: ./web | |
run: npm ci | |
- working-directory: ./web | |
run: npm test | |
- uses: mhils/better-codecov-action@main | |
with: | |
arguments: '--file ./web/coverage/coverage-final.json' | |
docs: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
persist-credentials: false | |
- uses: actions/setup-python@v4 | |
with: | |
python-version-file: .github/python-version.txt | |
- run: | | |
wget -q https://github.com/gohugoio/hugo/releases/download/v0.92.1/hugo_extended_0.92.1_Linux-64bit.deb | |
echo "a9440adfd3ecce40089def287dee4e42ffae252ba08c77d1ac575b880a079ce6 hugo_extended_0.92.1_Linux-64bit.deb" | sha256sum -c | |
sudo dpkg -i hugo*.deb | |
- run: pip install -e .[dev] | |
- run: ./docs/build.py | |
- uses: actions/upload-artifact@v3 | |
with: | |
name: docs | |
path: docs/public | |
# For releases, also build the archive version of the docs. | |
- if: startsWith(github.ref, 'refs/tags/') | |
run: ./docs/build.py | |
env: | |
DOCS_ARCHIVE: true | |
- if: startsWith(github.ref, 'refs/tags/') | |
uses: actions/upload-artifact@v3 | |
with: | |
name: docs-archive | |
path: docs/public | |
check: | |
if: always() | |
needs: | |
- lint | |
- filename-matching | |
- mypy | |
- individual-coverage | |
- test | |
- build | |
- test-web-ui | |
- docs | |
uses: mhils/workflows/.github/workflows/alls-green.yml@main | |
with: | |
jobs: ${{ toJSON(needs) }} | |
# Separate from everything else because slow. | |
build-and-deploy-docker: | |
if: github.repository == 'mitmproxy/mitmproxy' && ( | |
github.ref == 'refs/heads/main' | |
|| github.ref == 'refs/heads/citest' | |
|| startsWith(github.ref, 'refs/tags/') | |
) | |
environment: deploy-docker | |
needs: check | |
runs-on: ubuntu-latest | |
env: | |
DOCKER_USERNAME: mitmbot | |
DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
persist-credentials: false | |
- uses: actions/setup-python@v4 | |
with: | |
python-version-file: .github/python-version.txt | |
- uses: actions/download-artifact@v3 | |
with: | |
name: binaries.linux | |
path: release/dist | |
- uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0 | |
- uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v1.6.0 | |
- run: python release/build-and-deploy-docker.py | |
deploy: | |
# This action has access to our AWS keys, so we are extra careful here. | |
# In particular, we don't blindly `pip install` anything to minimize the risk of supply chain attacks. | |
if: github.repository == 'mitmproxy/mitmproxy' && (startsWith(github.ref, 'refs/heads/') || startsWith(github.ref, 'refs/tags/')) | |
environment: ${{ (github.ref == 'refs/heads/citest' || startsWith(github.ref, 'refs/tags/')) && 'deploy-release' || 'deploy-snapshot' }} | |
needs: check | |
runs-on: ubuntu-latest | |
env: | |
# PyPI and MSFT keys are only available for the deploy-release environment | |
# The AWS access key for snapshots is scoped to branches/* as well. | |
TWINE_USERNAME: __token__ | |
TWINE_PASSWORD: ${{ secrets.TWINE_PASSWORD }} | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
AWS_DEFAULT_REGION: us-west-2 | |
MSFT_APP_ID: 9NWNDLQMNZD7 | |
MSFT_TENANT_ID: ${{ secrets.MSFT_TENANT_ID }} | |
MSFT_CLIENT_ID: ${{ secrets.MSFT_CLIENT_ID }} | |
MSFT_CLIENT_SECRET: ${{ secrets.MSFT_CLIENT_SECRET }} | |
R2_ACCOUNT_ID: ${{ secrets.R2_ACCOUNT_ID }} | |
R2_ACCESS_KEY_ID: ${{ secrets.R2_ACCESS_KEY_ID }} | |
R2_SECRET_ACCESS_KEY: ${{ secrets.R2_SECRET_ACCESS_KEY }} | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
persist-credentials: false | |
- uses: actions/setup-python@v4 | |
with: | |
python-version-file: .github/python-version.txt | |
- run: sudo apt-get update | |
- run: sudo apt-get install -y awscli | |
- if: startsWith(github.ref, 'refs/tags/') | |
run: sudo apt-get install -y twine | |
- uses: actions/download-artifact@v3 | |
with: | |
name: docs | |
path: docs/public | |
- if: startsWith(github.ref, 'refs/tags/') | |
uses: actions/download-artifact@v3 | |
with: | |
name: docs-archive | |
path: docs/archive | |
- uses: actions/download-artifact@v3 | |
with: | |
name: binaries.windows | |
path: release/dist | |
- uses: actions/download-artifact@v3 | |
with: | |
name: binaries.linux | |
path: release/dist | |
- uses: actions/download-artifact@v3 | |
with: | |
name: binaries.macos | |
path: release/dist | |
- run: ls docs/public | |
- run: ls release/dist | |
- run: ./release/deploy.py | |
- name: Deploy to Microsoft Store (test flight) | |
if: github.ref == 'refs/heads/citest' | |
run: ./release/deploy-microsoft-store.py release/dist/*.msix | |
env: | |
MSFT_APP_FLIGHT: 174ca570-8cae-4444-9858-c07293f1f13a | |
- name: Deploy to Microsoft Store | |
if: startsWith(github.ref, 'refs/tags/') | |
run: ./release/deploy-microsoft-store.py release/dist/*.msix |