Skip to content

TLS intercept self-signed servers using --insecure-tls-interception #4182

TLS intercept self-signed servers using --insecure-tls-interception

TLS intercept self-signed servers using --insecure-tls-interception #4182

Workflow file for this run

---
name: lib
on: # yamllint disable-line rule:truthy
push:
branches:
- master
- develop
pull_request:
workflow_dispatch:
inputs:
release-version:
# github.event_name == 'workflow_dispatch'
# && github.event.inputs.release-version
description: >-
Target PEP440-compliant version to release.
Please, don't prepend `v`.
required: true
release-commitish:
# github.event_name == 'workflow_dispatch'
# && github.event.inputs.release-commitish
default: ''
description: >-
The commit to be released to PyPI and tagged
in Git as `release-version`. Normally, you
should keep this empty.
required: false
YOLO:
default: "false"
description: >-
Flag whether test results should block the
release (true/false). Only use this under
extraordinary circumstances to ignore the
test failures and cut the release regardless.
required: false
concurrency:
group: >-
${{
github.workflow
}}-${{
github.event.pull_request.number || github.sha
}}
cancel-in-progress: true
jobs:
pre-setup:
name: ⚙️ Pre-set global build settings
runs-on: ubuntu-20.04
defaults:
run:
shell: python
outputs:
dist-version: >-
${{
steps.request-check.outputs.release-requested == 'true'
&& github.event.inputs.release-version
|| steps.scm-version.outputs.dist-version
}}
is-untagged-devel: >-
${{ steps.untagged-check.outputs.is-untagged-devel || false }}
release-requested: >-
${{
steps.request-check.outputs.release-requested || false
}}
cache-key-files: >-
${{ steps.calc-cache-key-files.outputs.files-hash-key }}
git-tag: ${{ steps.git-tag.outputs.tag }}
sdist-artifact-name: ${{ steps.artifact-name.outputs.sdist }}
wheel-artifact-name: ${{ steps.artifact-name.outputs.wheel }}
container-version: v${{ steps.container.outputs.version }}
container-platforms: ${{ steps.container.outputs.platforms }}
steps:
- name: Switch to using Python 3.9 by default
uses: actions/setup-python@v4
with:
python-version: 3.9
- name: >-
Mark the build as untagged '${{
github.event.repository.default_branch
}}' branch build
id: untagged-check
if: >-
github.event_name == 'push' &&
github.ref == format(
'refs/heads/{0}', github.event.repository.default_branch
)
run: >-
print('::set-output name=is-untagged-devel::true')
- name: Mark the build as "release request"
id: request-check
if: github.event_name == 'workflow_dispatch'
run: >-
print('::set-output name=release-requested::true')
- name: Check out src from Git
if: >-
steps.request-check.outputs.release-requested != 'true'
uses: actions/checkout@v3
with:
fetch-depth: 0
ref: ${{ github.event.inputs.release-commitish }}
- name: >-
Calculate Python interpreter version hash value
for use in the cache key
if: >-
steps.request-check.outputs.release-requested != 'true'
id: calc-cache-key-py
run: |
from hashlib import sha512
from sys import version
hash = sha512(version.encode()).hexdigest()
print(f'::set-output name=py-hash-key::{hash}')
- name: >-
Calculate dependency files' combined hash value
for use in the cache key
if: >-
steps.request-check.outputs.release-requested != 'true'
id: calc-cache-key-files
run: |
print(
"::set-output name=files-hash-key::${{
hashFiles(
'setup.cfg', 'tox.ini', 'pyproject.toml',
'.pre-commit-config.yaml', 'pytest.ini'
)
}}",
)
- name: Get pip cache dir
id: pip-cache-dir
if: >-
steps.request-check.outputs.release-requested != 'true'
run: >-
echo "::set-output name=dir::$(python -m pip cache dir)"
shell: bash
- name: Set up pip cache
if: >-
steps.request-check.outputs.release-requested != 'true'
uses: actions/[email protected]
with:
path: ${{ steps.pip-cache-dir.outputs.dir }}
key: >-
${{ runner.os }}-pip-${{
steps.calc-cache-key-py.outputs.py-hash-key }}-${{
steps.calc-cache-key-files.outputs.files-hash-key }}
restore-keys: |
${{ runner.os }}-pip-${{
steps.calc-cache-key-py.outputs.py-hash-key
}}-
${{ runner.os }}-pip-
${{ runner.os }}-
- name: Drop Git tags from HEAD for non-release requests
if: >-
steps.request-check.outputs.release-requested != 'true'
run: >-
git tag --points-at HEAD
|
xargs git tag --delete
shell: bash
- name: Set up versioning prerequisites
if: >-
steps.request-check.outputs.release-requested != 'true'
run: >-
python -m
pip install
--user
setuptools-scm
shell: bash
- name: Set the current dist version from Git
if: steps.request-check.outputs.release-requested != 'true'
id: scm-version
run: |
import setuptools_scm
ver = setuptools_scm.get_version(
${{
steps.untagged-check.outputs.is-untagged-devel == 'true'
&& 'local_scheme="no-local-version"' || ''
}}
)
print('::set-output name=dist-version::{ver}'.format(ver=ver))
- name: Set the target Git tag
id: git-tag
run: >-
print('::set-output name=tag::v${{
steps.request-check.outputs.release-requested == 'true'
&& github.event.inputs.release-version
|| steps.scm-version.outputs.dist-version
}}')
- name: Set the expected dist artifact names
id: artifact-name
run: |
print('::set-output name=sdist::proxy_py-${{
steps.request-check.outputs.release-requested == 'true'
&& github.event.inputs.release-version
|| steps.scm-version.outputs.dist-version
}}.tar.gz')
print('::set-output name=wheel::proxy.py-${{
steps.request-check.outputs.release-requested == 'true'
&& github.event.inputs.release-version
|| steps.scm-version.outputs.dist-version
}}-py3-none-any.whl')
- name: Calculate container attributes
id: container
shell: bash
run: >-
VER=$(echo '${{
steps.request-check.outputs.release-requested == 'true'
&& github.event.inputs.release-version
|| steps.scm-version.outputs.dist-version
}}' | tr + .);
PLATFORMS="linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64/v8,linux/ppc64le,linux/s390x";
echo "::set-output name=version::$VER";
echo "::set-output name=platforms::$PLATFORMS"
build:
name: 👷 dists ${{ needs.pre-setup.outputs.git-tag }}
needs:
- pre-setup # transitive, for accessing settings
runs-on: ubuntu-20.04
env:
PY_COLORS: 1
TOX_PARALLEL_NO_SPINNER: 1
TOXENV: cleanup-dists,build-dists
steps:
- name: Switch to using Python v3.10
uses: actions/setup-python@v4
with:
python-version: '3.10'
- name: >-
Calculate Python interpreter version hash value
for use in the cache key
id: calc-cache-key-py
run: |
from hashlib import sha512
from sys import version
hash = sha512(version.encode()).hexdigest()
print(f'::set-output name=py-hash-key::{hash}')
shell: python
- name: Get pip cache dir
id: pip-cache
run: >-
echo "::set-output name=dir::$(pip cache dir)"
- name: Set up pip cache
uses: actions/[email protected]
with:
path: ${{ steps.pip-cache.outputs.dir }}
key: >-
${{ runner.os }}-pip-${{
steps.calc-cache-key-py.outputs.py-hash-key
}}-${{
hashFiles('tox.ini')
}}
restore-keys: |
${{ runner.os }}-pip-${{
steps.calc-cache-key-py.outputs.py-hash-key
}}-
${{ runner.os }}-pip-
- name: Install tox
run: >-
python -m
pip install
--user
tox==3.28.0
- name: Grab the source from Git
uses: actions/checkout@v3
with:
fetch-depth: 0
ref: ${{ github.event.inputs.release-commitish }}
- name: Pre-populate the tox env
run: >-
python -m
tox
--parallel auto
--parallel-live
--skip-missing-interpreters false
--notest
- name: Setup git user as [bot]
if: >-
fromJSON(needs.pre-setup.outputs.is-untagged-devel)
|| fromJSON(needs.pre-setup.outputs.release-requested)
uses: fregante/[email protected]
- name: >-
Tag the release in the local Git repo
as ${{ needs.pre-setup.outputs.git-tag }}
for setuptools-scm to set the desired version
if: >-
fromJSON(needs.pre-setup.outputs.is-untagged-devel)
|| fromJSON(needs.pre-setup.outputs.release-requested)
run: >-
git tag
-m '${{ needs.pre-setup.outputs.git-tag }}'
'${{ needs.pre-setup.outputs.git-tag }}'
--
${{ github.event.inputs.release-commitish }}
- name: Build dists
run: >-
python -m
tox
--parallel auto
--parallel-live
--skip-missing-interpreters false
--skip-pkg-install
- name: Verify that the artifacts with expected names got created
run: >-
ls -1
'dist/${{ needs.pre-setup.outputs.sdist-artifact-name }}'
'dist/${{ needs.pre-setup.outputs.wheel-artifact-name }}'
- name: Store the distribution packages
uses: actions/upload-artifact@v3
with:
name: python-package-distributions
# NOTE: Exact expected file names are specified here
# NOTE: as a safety measure — if anything weird ends
# NOTE: up being in this dir or not all dists will be
# NOTE: produced, this will fail the workflow.
path: |
dist/${{ needs.pre-setup.outputs.sdist-artifact-name }}
dist/${{ needs.pre-setup.outputs.wheel-artifact-name }}
retention-days: 30 # Defaults to 90
lint:
name: 🧹 ${{ matrix.toxenv }}
needs:
- build
- pre-setup # transitive, for accessing settings
runs-on: ubuntu-20.04
strategy:
matrix:
toxenv:
- lint
- metadata-validation
- build-docs
- doctest-docs
- linkcheck-docs
- spellcheck-docs
fail-fast: false
env:
PY_COLORS: 1
TOX_PARALLEL_NO_SPINNER: 1
TOXENV: ${{ matrix.toxenv }}
steps:
- name: Switch to using Python v3.10
uses: actions/setup-python@v4
with:
python-version: '3.10'
- name: >-
Calculate Python interpreter version hash value
for use in the cache key
id: calc-cache-key-py
run: |
from hashlib import sha512
from sys import version
hash = sha512(version.encode()).hexdigest()
print(f'::set-output name=py-hash-key::{hash}')
shell: python
- name: Get pip cache dir
id: pip-cache
run: >-
echo "::set-output name=dir::$(pip cache dir)"
- name: Set up pip cache
uses: actions/[email protected]
with:
path: ${{ steps.pip-cache.outputs.dir }}
key: >-
${{ runner.os }}-pip-${{
steps.calc-cache-key-py.outputs.py-hash-key
}}-${{
hashFiles('tox.ini')
}}
restore-keys: |
${{ runner.os }}-pip-${{
steps.calc-cache-key-py.outputs.py-hash-key
}}-
${{ runner.os }}-pip-
- name: Install tox
run: >-
python -m
pip install
--user
tox==3.28.0
- name: Grab the source from Git
uses: actions/checkout@v3
with:
ref: ${{ github.event.inputs.release-commitish }}
- name: Make the env clean of non-test files
if: matrix.toxenv == 'metadata-validation'
run: |
shopt -s extglob
rm -rf !tox.ini
shell: bash
- name: Download all the dists
if: matrix.toxenv == 'metadata-validation'
uses: actions/download-artifact@v3
with:
name: python-package-distributions
path: dist/
- name: >-
Pre-populate tox envs: `${{ env.TOXENV }}`
run: >-
python -m
tox
--parallel auto
--parallel-live
--skip-missing-interpreters false
--notest
- name: >-
Run tox envs: `${{ env.TOXENV }}`
run: >-
python -m
tox
--parallel auto
--parallel-live
--skip-missing-interpreters false
--skip-pkg-install
test:
name: 🧪 🐍${{ matrix.python }} @ ${{ matrix.os }}
needs:
- build
- pre-setup # transitive, for accessing settings
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
# max-parallel: 4
matrix:
os:
- macOS-12
- Ubuntu-20.04
- Windows-latest
python:
# NOTE: The latest and the lowest supported Pythons are prioritized
# NOTE: to improve the responsiveness. It's nice to see the most
# NOTE: important results first.
- '3.12'
- 3.6
- '3.11'
- '3.10'
- 3.9
- 3.8
- 3.7
continue-on-error: >-
${{
(
needs.pre-setup.outputs.release-requested == 'true' &&
!toJSON(github.event.inputs.YOLO)
) && true || false
}}
env:
PY_COLORS: 1
TOX_PARALLEL_NO_SPINNER: 1
TOXENV: py
steps:
- name: Switch to using Python v${{ matrix.python }}
uses: actions/setup-python@v4
with:
python-version: ${{ matrix.python }}
- name: >-
Calculate Python interpreter version hash value
for use in the cache key
id: calc-cache-key-py
run: |
from hashlib import sha512
from sys import version
hash = sha512(version.encode()).hexdigest()
print(f'::set-output name=py-hash-key::{hash}')
shell: python
- name: Get pip cache dir
id: pip-cache
run: >-
echo "::set-output name=dir::$(pip cache dir)"
- name: Set up pip cache
uses: actions/[email protected]
with:
path: ${{ steps.pip-cache.outputs.dir }}
key: >-
${{ runner.os }}-pip-${{
steps.calc-cache-key-py.outputs.py-hash-key
}}-${{
hashFiles('tox.ini', 'requirements**.txt')
}}
restore-keys: |
${{ runner.os }}-pip-${{
steps.calc-cache-key-py.outputs.py-hash-key
}}-
${{ runner.os }}-pip-
- name: Install tox for >= 3.11
if: matrix.python == '3.11'
run: >-
python -m
pip install
--user
tox==4.14.2
- name: Install tox for < 3.11
if: matrix.python != '3.11'
run: >-
python -m
pip install
--user
tox==3.28.0
- name: Grab the source from Git
uses: actions/checkout@v3
with:
ref: ${{ github.event.inputs.release-commitish }}
- name: Download all the dists
uses: actions/download-artifact@v3
with:
name: python-package-distributions
path: dist/
- name: Pre-populate the testing env
run: >-
python -m
tox
--parallel auto
--parallel-live
--skip-missing-interpreters false
--installpkg 'dist/${{ needs.pre-setup.outputs.wheel-artifact-name }}'
--notest
shell: bash
- name: Run the testing
run: >-
python -m
tox
--parallel auto
--parallel-live
--skip-missing-interpreters false
--skip-pkg-install
- name: Upload coverage to Codecov
uses: codecov/codecov-action@v4
with:
flags: pytest, GHA, Python ${{ matrix.python }}, ${{ runner.os }}
verbose: true
env:
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
test-container:
runs-on: ubuntu-20.04
permissions:
packages: write
if: success()
needs:
- pre-setup # transitive, for accessing settings
- build
name: 🐳 Build & Test
steps:
- name: Checkout
uses: actions/checkout@v3
with:
ref: ${{ github.event.inputs.release-commitish }}
- name: Download all the dists
uses: actions/download-artifact@v3
with:
name: python-package-distributions
path: dist/
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v2
# See https://github.com/docker/buildx/issues/850#issuecomment-996408167
with:
version: v0.7.0
buildkitd-flags: --debug
config: .github/buildkitd.toml
install: true
- name: Enable Multiarch # This slows down arm build by 4-5x
run: |
docker run --rm --privileged multiarch/qemu-user-static --reset -p yes
- name: Create builder
run: |
docker buildx create --name proxypybuilder
docker buildx use proxypybuilder
docker buildx inspect
docker buildx ls
- name: Build, run & test container
run: >-
CONTAINER_TAG="abhinavsingh/proxy.py:${{
needs.pre-setup.outputs.container-version
}}";
docker buildx build
--load
--build-arg PROXYPY_PKG_PATH='dist/${{
needs.pre-setup.outputs.wheel-artifact-name
}}'
-t $CONTAINER_TAG .
&&
docker run
-d
-p 8899:8899
$CONTAINER_TAG
--hostname 0.0.0.0
--enable-web-server
--enable-reverse-proxy
--plugin proxy.plugin.ReverseProxyPlugin
&&
./tests/integration/test_integration.sh 8899
analyze:
runs-on: ubuntu-20.04
name: 🛡️ Analyze
# schedule:
# - cron: '0 14 * * 1'
strategy:
fail-fast: false
matrix:
# Override automatic language detection by changing the below list
# Supported options are
# ['csharp', 'cpp', 'go', 'java', 'javascript', 'python']
language: ['python', 'javascript']
# Learn more...
# https://docs.github.com/en/github
# /finding-security-vulnerabilities-and-errors-in-your-code
# /configuring-code-scanning#overriding-automatic-language-detection
steps:
- name: Checkout repository
uses: actions/checkout@v3
with:
# We must fetch at least the immediate parents so that if this is
# a pull request then we can checkout the head.
fetch-depth: 2
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v2
with:
languages: ${{ matrix.language }}
# If you wish to specify custom queries, you can do so here or in a
# config file. By default, queries listed here will override any
# specified in a config file. Prefix the list here with "+" to use
# these queries and those in the config file.
# queries: ./path/to/local/query, your-org/your-repo/queries@main
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
# If this step fails, then you should remove it and run the build manually
# (see below)
# - name: Autobuild
# uses: github/codeql-action/autobuild@v1
# ℹ️ Command-line programs to run using the OS shell.
# 📚 https://git.io/JvXDl
# ✏️ If the Autobuild fails above, remove it and uncomment the following
# three lines and modify them (or add more) to build your code if your
# project uses a compiled language
# - run: |
# make bootstrap
# make release
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2
# brew:
# runs-on: ${{ matrix.os }}
# name: 🍺 🐍${{ matrix.python }} @ ${{ matrix.os }}
# strategy:
# matrix:
# os: [macOS-latest]
# python: ['3.10']
# # max-parallel: 1
# fail-fast: false
# steps:
# - uses: actions/checkout@v3
# - name: Setup Python
# uses: actions/setup-python@v4
# with:
# python-version: ${{ matrix.python }}
# - name: Brew
# run: |
# brew install ./helper/homebrew/develop/proxy.rb
# - name: Verify
# run: |
# proxy -h
dashboard:
runs-on: ${{ matrix.os }}
name: 📊 Node ${{ matrix.node }} @ ${{ matrix.os }}
strategy:
matrix:
os: [ubuntu-20.04, windows-latest, macOS-12]
node: ['10.x', '11.x', '12.x']
# max-parallel: 4
fail-fast: false
steps:
- uses: actions/checkout@v3
- name: Setup Node
uses: actions/setup-node@v3
with:
node-version: ${{ matrix.node }}
- name: Install Dependencies
run: |
cd dashboard
npm install
cd ..
- name: Build Dashboard
run: |
cd dashboard
npm run build
cd ..
- name: Build Devtools
run: |
cd dashboard
npm run devtools
cd ..
developer:
runs-on: ${{ matrix.os }}
name: 🧑‍💻 👩‍💻 👨‍💻 Developer setup ${{ matrix.node }} @ ${{ matrix.os }}
strategy:
matrix:
os: [ubuntu-20.04, macOS-latest]
python: ['3.10']
fail-fast: false
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Setup Python
uses: actions/setup-python@v4
with:
python-version: ${{ matrix.python }}
- name: Install Pip Dependencies
run: |
make lib-dep
- name: Run essentials
run: |
./write-scm-version.sh
python3 check.py
make https-certificates
make sign-https-certificates
make ca-certificates
python3 -m proxy --version
ghcr-latest:
runs-on: ubuntu-20.04
permissions:
packages: write
if: success()
needs:
- test-container
- pre-setup # transitive, for accessing settings
name: 🐳 ghcr:latest
steps:
- name: Checkout
uses: actions/checkout@v3
with:
ref: ${{ github.event.inputs.release-commitish }}
- name: Download all the dists
uses: actions/download-artifact@v3
with:
name: python-package-distributions
path: dist/
- name: Login to GHCR
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v2
# See https://github.com/docker/buildx/issues/850#issuecomment-996408167
with:
version: v0.7.0
buildkitd-flags: --debug
config: .github/buildkitd.toml
install: true
- name: Enable Multiarch # This slows down arm build by 4-5x
run: |
docker run --rm --privileged multiarch/qemu-user-static --reset -p yes
- name: Create builder
run: |
docker buildx create --name proxypybuilder
docker buildx use proxypybuilder
docker buildx inspect
docker buildx ls
- name: Push to GHCR
run: >-
REGISTRY_URL="ghcr.io/abhinavsingh/proxy.py";
CONTAINER_TAG=$REGISTRY_URL:${{
needs.pre-setup.outputs.container-version
}};
docker buildx build
--push
--platform ${{
needs.pre-setup.outputs.container-platforms
}}
--build-arg SKIP_OPENSSL=1
--build-arg PROXYPY_PKG_PATH='dist/${{
needs.pre-setup.outputs.wheel-artifact-name
}}'
-t $CONTAINER_TAG .
- name: Tag latest on GHCR
if: >-
github.event_name == 'push' &&
(
github.ref == format(
'refs/heads/{0}', github.event.repository.default_branch
) ||
github.ref == 'refs/heads/master'
)
run: >-
REGISTRY_URL="ghcr.io/abhinavsingh/proxy.py";
LATEST_TAG=$REGISTRY_URL:latest;
docker buildx build
--push
--platform ${{
needs.pre-setup.outputs.container-platforms
}}
--build-arg SKIP_OPENSSL=1
--build-arg PROXYPY_PKG_PATH='dist/${{
needs.pre-setup.outputs.wheel-artifact-name
}}'
-t $LATEST_TAG .
ghcr-openssl:
runs-on: ubuntu-20.04
permissions:
packages: write
if: success()
needs:
- test-container
- pre-setup # transitive, for accessing settings
name: 🐳 ghcr:openssl
steps:
- name: Checkout
uses: actions/checkout@v3
with:
ref: ${{ github.event.inputs.release-commitish }}
- name: Download all the dists
uses: actions/download-artifact@v3
with:
name: python-package-distributions
path: dist/
- name: Login to GHCR
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v2
# See https://github.com/docker/buildx/issues/850#issuecomment-996408167
with:
version: v0.7.0
buildkitd-flags: --debug
config: .github/buildkitd.toml
install: true
- name: Enable Multiarch # This slows down arm build by 4-5x
run: |
docker run --rm --privileged multiarch/qemu-user-static --reset -p yes
- name: Create builder
run: |
docker buildx create --name proxypybuilder
docker buildx use proxypybuilder
docker buildx inspect
docker buildx ls
- name: Push openssl to GHCR
run: >-
REGISTRY_URL="ghcr.io/abhinavsingh/proxy.py";
CONTAINER_TAG=$REGISTRY_URL:${{
needs.pre-setup.outputs.container-version
}}-openssl;
docker buildx build
--push
--platform ${{
needs.pre-setup.outputs.container-platforms
}}
--build-arg PROXYPY_PKG_PATH='dist/${{
needs.pre-setup.outputs.wheel-artifact-name
}}'
-t $CONTAINER_TAG .
- name: Tag openssl on GHCR
if: >-
github.event_name == 'push' &&
(
github.ref == format(
'refs/heads/{0}', github.event.repository.default_branch
) ||
github.ref == 'refs/heads/master'
)
run: >-
REGISTRY_URL="ghcr.io/abhinavsingh/proxy.py";
LATEST_TAG=$REGISTRY_URL:openssl;
docker buildx build
--push
--platform ${{
needs.pre-setup.outputs.container-platforms
}}
--build-arg PROXYPY_PKG_PATH='dist/${{
needs.pre-setup.outputs.wheel-artifact-name
}}'
-t $LATEST_TAG .
docker-latest:
runs-on: ubuntu-20.04
permissions:
packages: write
if: success()
needs:
- test-container
- pre-setup # transitive, for accessing settings
name: 🐳 docker:latest
steps:
- name: Checkout
uses: actions/checkout@v3
with:
ref: ${{ github.event.inputs.release-commitish }}
- name: Download all the dists
uses: actions/download-artifact@v3
with:
name: python-package-distributions
path: dist/
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v2
# See https://github.com/docker/buildx/issues/850#issuecomment-996408167
with:
version: v0.7.0
buildkitd-flags: --debug
config: .github/buildkitd.toml
install: true
- name: Enable Multiarch # This slows down arm build by 4-5x
run: |
docker run --rm --privileged multiarch/qemu-user-static --reset -p yes
- name: Create builder
run: |
docker buildx create --name proxypybuilder
docker buildx use proxypybuilder
docker buildx inspect
docker buildx ls
- name: Login to DockerHub
uses: docker/login-action@v2
with:
username: abhinavsingh
password: ${{ secrets.DOCKER_ACCESS_TOKEN }}
- name: Push to DockerHub
run: >-
REGISTRY_URL="abhinavsingh/proxy.py";
CONTAINER_TAG=$REGISTRY_URL:${{
needs.pre-setup.outputs.container-version
}};
docker buildx build
--push
--platform ${{
needs.pre-setup.outputs.container-platforms
}}
--build-arg PROXYPY_PKG_PATH='dist/${{
needs.pre-setup.outputs.wheel-artifact-name
}}'
-t $CONTAINER_TAG .
check: # This job does nothing and is only used for the branch protection
if: always()
needs:
- analyze
- test
- lint
- dashboard
# - brew
- developer
- ghcr-latest
- ghcr-openssl
- docker-latest
runs-on: ubuntu-20.04
steps:
- name: Decide whether the needed jobs succeeded or failed
uses: re-actors/alls-green@release/v1
with:
jobs: ${{ toJSON(needs) }}
publish-pypi:
name: Publish 🐍📦 ${{ needs.pre-setup.outputs.git-tag }} to PyPI
needs:
- check
- pre-setup # transitive, for accessing settings
if: >-
fromJSON(needs.pre-setup.outputs.release-requested)
runs-on: ubuntu-20.04
environment:
name: release
url: >-
https://pypi.org/project/proxy.py/${{
needs.pre-setup.outputs.dist-version
}}
steps:
- name: Download all the dists
uses: actions/download-artifact@v3
with:
name: python-package-distributions
path: dist/
- name: >-
Publish 🐍📦 ${{ needs.pre-setup.outputs.git-tag }} to PyPI
uses: pypa/gh-action-pypi-publish@release/v1
with:
password: ${{ secrets.PYPI_TOKEN }}
publish-testpypi:
name: Publish 🐍📦 ${{ needs.pre-setup.outputs.git-tag }} to TestPyPI
needs:
- check
- pre-setup # transitive, for accessing settings
if: >-
fromJSON(needs.pre-setup.outputs.is-untagged-devel)
|| fromJSON(needs.pre-setup.outputs.release-requested)
runs-on: ubuntu-20.04
environment:
name: release-testpypi
url: >-
https://test.pypi.org/project/proxy.py/${{
needs.pre-setup.outputs.dist-version
}}
steps:
- name: Download all the dists
uses: actions/download-artifact@v3
with:
name: python-package-distributions
path: dist/
- name: >-
Publish 🐍📦 ${{ needs.pre-setup.outputs.git-tag }} to TestPyPI
uses: pypa/gh-action-pypi-publish@release/v1
with:
password: ${{ secrets.TESTPYPI_API_TOKEN }}
repository_url: https://test.pypi.org/legacy/
post-release-repo-update:
name: >-
Publish post-release Git tag
for ${{ needs.pre-setup.outputs.git-tag }}
needs:
- publish-pypi
- pre-setup # transitive, for accessing settings
runs-on: ubuntu-20.04
steps:
- name: Fetch the src snapshot
uses: actions/checkout@v3
with:
fetch-depth: 1
ref: ${{ github.event.inputs.release-commitish }}
- name: Setup git user as [bot]
uses: fregante/[email protected]
- name: >-
Tag the release in the local Git repo
as v${{ needs.pre-setup.outputs.git-tag }}
run: >-
git tag
-m '${{ needs.pre-setup.outputs.git-tag }}'
'${{ needs.pre-setup.outputs.git-tag }}'
--
${{ github.event.inputs.release-commitish }}
- name: >-
Push ${{ needs.pre-setup.outputs.git-tag }} tag corresponding
to the just published release back to GitHub
run: >-
git push --atomic origin '${{ needs.pre-setup.outputs.git-tag }}'
publish-github-release:
name: >-
Publish a GitHub Release for
${{ needs.pre-setup.outputs.git-tag }}
needs:
- post-release-repo-update
- pre-setup # transitive, for accessing settings
runs-on: ubuntu-20.04
permissions:
contents: write
discussions: write
steps:
- name: Download all the dists
uses: actions/download-artifact@v3
with:
name: python-package-distributions
path: dist/
- name: >-
Publish a GitHub Release for
${{ needs.pre-setup.outputs.git-tag }}
uses: ncipollo/[email protected]
with:
allowUpdates: false
artifactErrorsFailBuild: false
artifacts: |
dist/${{ needs.pre-setup.outputs.sdist-artifact-name }}
dist/${{ needs.pre-setup.outputs.wheel-artifact-name }}
artifactContentType: raw # Because whl and tgz are of different types
# body/bodyFile: # FIXME: Use once Towncrier is integrated.
commit: ${{ github.event.inputs.release-commitish }}
discussionCategory: Announcements
draft: false
name: ${{ needs.pre-setup.outputs.git-tag }}
# omitBody: false
omitBodyDuringUpdate: true
omitName: false
omitNameDuringUpdate: true
omitPrereleaseDuringUpdate: true
prerelease: false
removeArtifacts: false
replacesArtifacts: false
tag: ${{ needs.pre-setup.outputs.git-tag }}
token: ${{ secrets.GITHUB_TOKEN }}
...