TLS intercept self-signed servers using --insecure-tls-interception
#4182
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: lib | |
on: # yamllint disable-line rule:truthy | |
push: | |
branches: | |
- master | |
- develop | |
pull_request: | |
workflow_dispatch: | |
inputs: | |
release-version: | |
# github.event_name == 'workflow_dispatch' | |
# && github.event.inputs.release-version | |
description: >- | |
Target PEP440-compliant version to release. | |
Please, don't prepend `v`. | |
required: true | |
release-commitish: | |
# github.event_name == 'workflow_dispatch' | |
# && github.event.inputs.release-commitish | |
default: '' | |
description: >- | |
The commit to be released to PyPI and tagged | |
in Git as `release-version`. Normally, you | |
should keep this empty. | |
required: false | |
YOLO: | |
default: "false" | |
description: >- | |
Flag whether test results should block the | |
release (true/false). Only use this under | |
extraordinary circumstances to ignore the | |
test failures and cut the release regardless. | |
required: false | |
concurrency: | |
group: >- | |
${{ | |
github.workflow | |
}}-${{ | |
github.event.pull_request.number || github.sha | |
}} | |
cancel-in-progress: true | |
jobs: | |
pre-setup: | |
name: ⚙️ Pre-set global build settings | |
runs-on: ubuntu-20.04 | |
defaults: | |
run: | |
shell: python | |
outputs: | |
dist-version: >- | |
${{ | |
steps.request-check.outputs.release-requested == 'true' | |
&& github.event.inputs.release-version | |
|| steps.scm-version.outputs.dist-version | |
}} | |
is-untagged-devel: >- | |
${{ steps.untagged-check.outputs.is-untagged-devel || false }} | |
release-requested: >- | |
${{ | |
steps.request-check.outputs.release-requested || false | |
}} | |
cache-key-files: >- | |
${{ steps.calc-cache-key-files.outputs.files-hash-key }} | |
git-tag: ${{ steps.git-tag.outputs.tag }} | |
sdist-artifact-name: ${{ steps.artifact-name.outputs.sdist }} | |
wheel-artifact-name: ${{ steps.artifact-name.outputs.wheel }} | |
container-version: v${{ steps.container.outputs.version }} | |
container-platforms: ${{ steps.container.outputs.platforms }} | |
steps: | |
- name: Switch to using Python 3.9 by default | |
uses: actions/setup-python@v4 | |
with: | |
python-version: 3.9 | |
- name: >- | |
Mark the build as untagged '${{ | |
github.event.repository.default_branch | |
}}' branch build | |
id: untagged-check | |
if: >- | |
github.event_name == 'push' && | |
github.ref == format( | |
'refs/heads/{0}', github.event.repository.default_branch | |
) | |
run: >- | |
print('::set-output name=is-untagged-devel::true') | |
- name: Mark the build as "release request" | |
id: request-check | |
if: github.event_name == 'workflow_dispatch' | |
run: >- | |
print('::set-output name=release-requested::true') | |
- name: Check out src from Git | |
if: >- | |
steps.request-check.outputs.release-requested != 'true' | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
ref: ${{ github.event.inputs.release-commitish }} | |
- name: >- | |
Calculate Python interpreter version hash value | |
for use in the cache key | |
if: >- | |
steps.request-check.outputs.release-requested != 'true' | |
id: calc-cache-key-py | |
run: | | |
from hashlib import sha512 | |
from sys import version | |
hash = sha512(version.encode()).hexdigest() | |
print(f'::set-output name=py-hash-key::{hash}') | |
- name: >- | |
Calculate dependency files' combined hash value | |
for use in the cache key | |
if: >- | |
steps.request-check.outputs.release-requested != 'true' | |
id: calc-cache-key-files | |
run: | | |
print( | |
"::set-output name=files-hash-key::${{ | |
hashFiles( | |
'setup.cfg', 'tox.ini', 'pyproject.toml', | |
'.pre-commit-config.yaml', 'pytest.ini' | |
) | |
}}", | |
) | |
- name: Get pip cache dir | |
id: pip-cache-dir | |
if: >- | |
steps.request-check.outputs.release-requested != 'true' | |
run: >- | |
echo "::set-output name=dir::$(python -m pip cache dir)" | |
shell: bash | |
- name: Set up pip cache | |
if: >- | |
steps.request-check.outputs.release-requested != 'true' | |
uses: actions/[email protected] | |
with: | |
path: ${{ steps.pip-cache-dir.outputs.dir }} | |
key: >- | |
${{ runner.os }}-pip-${{ | |
steps.calc-cache-key-py.outputs.py-hash-key }}-${{ | |
steps.calc-cache-key-files.outputs.files-hash-key }} | |
restore-keys: | | |
${{ runner.os }}-pip-${{ | |
steps.calc-cache-key-py.outputs.py-hash-key | |
}}- | |
${{ runner.os }}-pip- | |
${{ runner.os }}- | |
- name: Drop Git tags from HEAD for non-release requests | |
if: >- | |
steps.request-check.outputs.release-requested != 'true' | |
run: >- | |
git tag --points-at HEAD | |
| | |
xargs git tag --delete | |
shell: bash | |
- name: Set up versioning prerequisites | |
if: >- | |
steps.request-check.outputs.release-requested != 'true' | |
run: >- | |
python -m | |
pip install | |
--user | |
setuptools-scm | |
shell: bash | |
- name: Set the current dist version from Git | |
if: steps.request-check.outputs.release-requested != 'true' | |
id: scm-version | |
run: | | |
import setuptools_scm | |
ver = setuptools_scm.get_version( | |
${{ | |
steps.untagged-check.outputs.is-untagged-devel == 'true' | |
&& 'local_scheme="no-local-version"' || '' | |
}} | |
) | |
print('::set-output name=dist-version::{ver}'.format(ver=ver)) | |
- name: Set the target Git tag | |
id: git-tag | |
run: >- | |
print('::set-output name=tag::v${{ | |
steps.request-check.outputs.release-requested == 'true' | |
&& github.event.inputs.release-version | |
|| steps.scm-version.outputs.dist-version | |
}}') | |
- name: Set the expected dist artifact names | |
id: artifact-name | |
run: | | |
print('::set-output name=sdist::proxy_py-${{ | |
steps.request-check.outputs.release-requested == 'true' | |
&& github.event.inputs.release-version | |
|| steps.scm-version.outputs.dist-version | |
}}.tar.gz') | |
print('::set-output name=wheel::proxy.py-${{ | |
steps.request-check.outputs.release-requested == 'true' | |
&& github.event.inputs.release-version | |
|| steps.scm-version.outputs.dist-version | |
}}-py3-none-any.whl') | |
- name: Calculate container attributes | |
id: container | |
shell: bash | |
run: >- | |
VER=$(echo '${{ | |
steps.request-check.outputs.release-requested == 'true' | |
&& github.event.inputs.release-version | |
|| steps.scm-version.outputs.dist-version | |
}}' | tr + .); | |
PLATFORMS="linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64/v8,linux/ppc64le,linux/s390x"; | |
echo "::set-output name=version::$VER"; | |
echo "::set-output name=platforms::$PLATFORMS" | |
build: | |
name: 👷 dists ${{ needs.pre-setup.outputs.git-tag }} | |
needs: | |
- pre-setup # transitive, for accessing settings | |
runs-on: ubuntu-20.04 | |
env: | |
PY_COLORS: 1 | |
TOX_PARALLEL_NO_SPINNER: 1 | |
TOXENV: cleanup-dists,build-dists | |
steps: | |
- name: Switch to using Python v3.10 | |
uses: actions/setup-python@v4 | |
with: | |
python-version: '3.10' | |
- name: >- | |
Calculate Python interpreter version hash value | |
for use in the cache key | |
id: calc-cache-key-py | |
run: | | |
from hashlib import sha512 | |
from sys import version | |
hash = sha512(version.encode()).hexdigest() | |
print(f'::set-output name=py-hash-key::{hash}') | |
shell: python | |
- name: Get pip cache dir | |
id: pip-cache | |
run: >- | |
echo "::set-output name=dir::$(pip cache dir)" | |
- name: Set up pip cache | |
uses: actions/[email protected] | |
with: | |
path: ${{ steps.pip-cache.outputs.dir }} | |
key: >- | |
${{ runner.os }}-pip-${{ | |
steps.calc-cache-key-py.outputs.py-hash-key | |
}}-${{ | |
hashFiles('tox.ini') | |
}} | |
restore-keys: | | |
${{ runner.os }}-pip-${{ | |
steps.calc-cache-key-py.outputs.py-hash-key | |
}}- | |
${{ runner.os }}-pip- | |
- name: Install tox | |
run: >- | |
python -m | |
pip install | |
--user | |
tox==3.28.0 | |
- name: Grab the source from Git | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
ref: ${{ github.event.inputs.release-commitish }} | |
- name: Pre-populate the tox env | |
run: >- | |
python -m | |
tox | |
--parallel auto | |
--parallel-live | |
--skip-missing-interpreters false | |
--notest | |
- name: Setup git user as [bot] | |
if: >- | |
fromJSON(needs.pre-setup.outputs.is-untagged-devel) | |
|| fromJSON(needs.pre-setup.outputs.release-requested) | |
uses: fregante/[email protected] | |
- name: >- | |
Tag the release in the local Git repo | |
as ${{ needs.pre-setup.outputs.git-tag }} | |
for setuptools-scm to set the desired version | |
if: >- | |
fromJSON(needs.pre-setup.outputs.is-untagged-devel) | |
|| fromJSON(needs.pre-setup.outputs.release-requested) | |
run: >- | |
git tag | |
-m '${{ needs.pre-setup.outputs.git-tag }}' | |
'${{ needs.pre-setup.outputs.git-tag }}' | |
-- | |
${{ github.event.inputs.release-commitish }} | |
- name: Build dists | |
run: >- | |
python -m | |
tox | |
--parallel auto | |
--parallel-live | |
--skip-missing-interpreters false | |
--skip-pkg-install | |
- name: Verify that the artifacts with expected names got created | |
run: >- | |
ls -1 | |
'dist/${{ needs.pre-setup.outputs.sdist-artifact-name }}' | |
'dist/${{ needs.pre-setup.outputs.wheel-artifact-name }}' | |
- name: Store the distribution packages | |
uses: actions/upload-artifact@v3 | |
with: | |
name: python-package-distributions | |
# NOTE: Exact expected file names are specified here | |
# NOTE: as a safety measure — if anything weird ends | |
# NOTE: up being in this dir or not all dists will be | |
# NOTE: produced, this will fail the workflow. | |
path: | | |
dist/${{ needs.pre-setup.outputs.sdist-artifact-name }} | |
dist/${{ needs.pre-setup.outputs.wheel-artifact-name }} | |
retention-days: 30 # Defaults to 90 | |
lint: | |
name: 🧹 ${{ matrix.toxenv }} | |
needs: | |
- build | |
- pre-setup # transitive, for accessing settings | |
runs-on: ubuntu-20.04 | |
strategy: | |
matrix: | |
toxenv: | |
- lint | |
- metadata-validation | |
- build-docs | |
- doctest-docs | |
- linkcheck-docs | |
- spellcheck-docs | |
fail-fast: false | |
env: | |
PY_COLORS: 1 | |
TOX_PARALLEL_NO_SPINNER: 1 | |
TOXENV: ${{ matrix.toxenv }} | |
steps: | |
- name: Switch to using Python v3.10 | |
uses: actions/setup-python@v4 | |
with: | |
python-version: '3.10' | |
- name: >- | |
Calculate Python interpreter version hash value | |
for use in the cache key | |
id: calc-cache-key-py | |
run: | | |
from hashlib import sha512 | |
from sys import version | |
hash = sha512(version.encode()).hexdigest() | |
print(f'::set-output name=py-hash-key::{hash}') | |
shell: python | |
- name: Get pip cache dir | |
id: pip-cache | |
run: >- | |
echo "::set-output name=dir::$(pip cache dir)" | |
- name: Set up pip cache | |
uses: actions/[email protected] | |
with: | |
path: ${{ steps.pip-cache.outputs.dir }} | |
key: >- | |
${{ runner.os }}-pip-${{ | |
steps.calc-cache-key-py.outputs.py-hash-key | |
}}-${{ | |
hashFiles('tox.ini') | |
}} | |
restore-keys: | | |
${{ runner.os }}-pip-${{ | |
steps.calc-cache-key-py.outputs.py-hash-key | |
}}- | |
${{ runner.os }}-pip- | |
- name: Install tox | |
run: >- | |
python -m | |
pip install | |
--user | |
tox==3.28.0 | |
- name: Grab the source from Git | |
uses: actions/checkout@v3 | |
with: | |
ref: ${{ github.event.inputs.release-commitish }} | |
- name: Make the env clean of non-test files | |
if: matrix.toxenv == 'metadata-validation' | |
run: | | |
shopt -s extglob | |
rm -rf !tox.ini | |
shell: bash | |
- name: Download all the dists | |
if: matrix.toxenv == 'metadata-validation' | |
uses: actions/download-artifact@v3 | |
with: | |
name: python-package-distributions | |
path: dist/ | |
- name: >- | |
Pre-populate tox envs: `${{ env.TOXENV }}` | |
run: >- | |
python -m | |
tox | |
--parallel auto | |
--parallel-live | |
--skip-missing-interpreters false | |
--notest | |
- name: >- | |
Run tox envs: `${{ env.TOXENV }}` | |
run: >- | |
python -m | |
tox | |
--parallel auto | |
--parallel-live | |
--skip-missing-interpreters false | |
--skip-pkg-install | |
test: | |
name: 🧪 🐍${{ matrix.python }} @ ${{ matrix.os }} | |
needs: | |
- build | |
- pre-setup # transitive, for accessing settings | |
runs-on: ${{ matrix.os }} | |
strategy: | |
fail-fast: false | |
# max-parallel: 4 | |
matrix: | |
os: | |
- macOS-12 | |
- Ubuntu-20.04 | |
- Windows-latest | |
python: | |
# NOTE: The latest and the lowest supported Pythons are prioritized | |
# NOTE: to improve the responsiveness. It's nice to see the most | |
# NOTE: important results first. | |
- '3.12' | |
- 3.6 | |
- '3.11' | |
- '3.10' | |
- 3.9 | |
- 3.8 | |
- 3.7 | |
continue-on-error: >- | |
${{ | |
( | |
needs.pre-setup.outputs.release-requested == 'true' && | |
!toJSON(github.event.inputs.YOLO) | |
) && true || false | |
}} | |
env: | |
PY_COLORS: 1 | |
TOX_PARALLEL_NO_SPINNER: 1 | |
TOXENV: py | |
steps: | |
- name: Switch to using Python v${{ matrix.python }} | |
uses: actions/setup-python@v4 | |
with: | |
python-version: ${{ matrix.python }} | |
- name: >- | |
Calculate Python interpreter version hash value | |
for use in the cache key | |
id: calc-cache-key-py | |
run: | | |
from hashlib import sha512 | |
from sys import version | |
hash = sha512(version.encode()).hexdigest() | |
print(f'::set-output name=py-hash-key::{hash}') | |
shell: python | |
- name: Get pip cache dir | |
id: pip-cache | |
run: >- | |
echo "::set-output name=dir::$(pip cache dir)" | |
- name: Set up pip cache | |
uses: actions/[email protected] | |
with: | |
path: ${{ steps.pip-cache.outputs.dir }} | |
key: >- | |
${{ runner.os }}-pip-${{ | |
steps.calc-cache-key-py.outputs.py-hash-key | |
}}-${{ | |
hashFiles('tox.ini', 'requirements**.txt') | |
}} | |
restore-keys: | | |
${{ runner.os }}-pip-${{ | |
steps.calc-cache-key-py.outputs.py-hash-key | |
}}- | |
${{ runner.os }}-pip- | |
- name: Install tox for >= 3.11 | |
if: matrix.python == '3.11' | |
run: >- | |
python -m | |
pip install | |
--user | |
tox==4.14.2 | |
- name: Install tox for < 3.11 | |
if: matrix.python != '3.11' | |
run: >- | |
python -m | |
pip install | |
--user | |
tox==3.28.0 | |
- name: Grab the source from Git | |
uses: actions/checkout@v3 | |
with: | |
ref: ${{ github.event.inputs.release-commitish }} | |
- name: Download all the dists | |
uses: actions/download-artifact@v3 | |
with: | |
name: python-package-distributions | |
path: dist/ | |
- name: Pre-populate the testing env | |
run: >- | |
python -m | |
tox | |
--parallel auto | |
--parallel-live | |
--skip-missing-interpreters false | |
--installpkg 'dist/${{ needs.pre-setup.outputs.wheel-artifact-name }}' | |
--notest | |
shell: bash | |
- name: Run the testing | |
run: >- | |
python -m | |
tox | |
--parallel auto | |
--parallel-live | |
--skip-missing-interpreters false | |
--skip-pkg-install | |
- name: Upload coverage to Codecov | |
uses: codecov/codecov-action@v4 | |
with: | |
flags: pytest, GHA, Python ${{ matrix.python }}, ${{ runner.os }} | |
verbose: true | |
env: | |
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} | |
test-container: | |
runs-on: ubuntu-20.04 | |
permissions: | |
packages: write | |
if: success() | |
needs: | |
- pre-setup # transitive, for accessing settings | |
- build | |
name: 🐳 Build & Test | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
with: | |
ref: ${{ github.event.inputs.release-commitish }} | |
- name: Download all the dists | |
uses: actions/download-artifact@v3 | |
with: | |
name: python-package-distributions | |
path: dist/ | |
- name: Set up Docker Buildx | |
id: buildx | |
uses: docker/setup-buildx-action@v2 | |
# See https://github.com/docker/buildx/issues/850#issuecomment-996408167 | |
with: | |
version: v0.7.0 | |
buildkitd-flags: --debug | |
config: .github/buildkitd.toml | |
install: true | |
- name: Enable Multiarch # This slows down arm build by 4-5x | |
run: | | |
docker run --rm --privileged multiarch/qemu-user-static --reset -p yes | |
- name: Create builder | |
run: | | |
docker buildx create --name proxypybuilder | |
docker buildx use proxypybuilder | |
docker buildx inspect | |
docker buildx ls | |
- name: Build, run & test container | |
run: >- | |
CONTAINER_TAG="abhinavsingh/proxy.py:${{ | |
needs.pre-setup.outputs.container-version | |
}}"; | |
docker buildx build | |
--load | |
--build-arg PROXYPY_PKG_PATH='dist/${{ | |
needs.pre-setup.outputs.wheel-artifact-name | |
}}' | |
-t $CONTAINER_TAG . | |
&& | |
docker run | |
-d | |
-p 8899:8899 | |
$CONTAINER_TAG | |
--hostname 0.0.0.0 | |
--enable-web-server | |
--enable-reverse-proxy | |
--plugin proxy.plugin.ReverseProxyPlugin | |
&& | |
./tests/integration/test_integration.sh 8899 | |
analyze: | |
runs-on: ubuntu-20.04 | |
name: 🛡️ Analyze | |
# schedule: | |
# - cron: '0 14 * * 1' | |
strategy: | |
fail-fast: false | |
matrix: | |
# Override automatic language detection by changing the below list | |
# Supported options are | |
# ['csharp', 'cpp', 'go', 'java', 'javascript', 'python'] | |
language: ['python', 'javascript'] | |
# Learn more... | |
# https://docs.github.com/en/github | |
# /finding-security-vulnerabilities-and-errors-in-your-code | |
# /configuring-code-scanning#overriding-automatic-language-detection | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v3 | |
with: | |
# We must fetch at least the immediate parents so that if this is | |
# a pull request then we can checkout the head. | |
fetch-depth: 2 | |
# Initializes the CodeQL tools for scanning. | |
- name: Initialize CodeQL | |
uses: github/codeql-action/init@v2 | |
with: | |
languages: ${{ matrix.language }} | |
# If you wish to specify custom queries, you can do so here or in a | |
# config file. By default, queries listed here will override any | |
# specified in a config file. Prefix the list here with "+" to use | |
# these queries and those in the config file. | |
# queries: ./path/to/local/query, your-org/your-repo/queries@main | |
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java). | |
# If this step fails, then you should remove it and run the build manually | |
# (see below) | |
# - name: Autobuild | |
# uses: github/codeql-action/autobuild@v1 | |
# ℹ️ Command-line programs to run using the OS shell. | |
# 📚 https://git.io/JvXDl | |
# ✏️ If the Autobuild fails above, remove it and uncomment the following | |
# three lines and modify them (or add more) to build your code if your | |
# project uses a compiled language | |
# - run: | | |
# make bootstrap | |
# make release | |
- name: Perform CodeQL Analysis | |
uses: github/codeql-action/analyze@v2 | |
# brew: | |
# runs-on: ${{ matrix.os }} | |
# name: 🍺 🐍${{ matrix.python }} @ ${{ matrix.os }} | |
# strategy: | |
# matrix: | |
# os: [macOS-latest] | |
# python: ['3.10'] | |
# # max-parallel: 1 | |
# fail-fast: false | |
# steps: | |
# - uses: actions/checkout@v3 | |
# - name: Setup Python | |
# uses: actions/setup-python@v4 | |
# with: | |
# python-version: ${{ matrix.python }} | |
# - name: Brew | |
# run: | | |
# brew install ./helper/homebrew/develop/proxy.rb | |
# - name: Verify | |
# run: | | |
# proxy -h | |
dashboard: | |
runs-on: ${{ matrix.os }} | |
name: 📊 Node ${{ matrix.node }} @ ${{ matrix.os }} | |
strategy: | |
matrix: | |
os: [ubuntu-20.04, windows-latest, macOS-12] | |
node: ['10.x', '11.x', '12.x'] | |
# max-parallel: 4 | |
fail-fast: false | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Setup Node | |
uses: actions/setup-node@v3 | |
with: | |
node-version: ${{ matrix.node }} | |
- name: Install Dependencies | |
run: | | |
cd dashboard | |
npm install | |
cd .. | |
- name: Build Dashboard | |
run: | | |
cd dashboard | |
npm run build | |
cd .. | |
- name: Build Devtools | |
run: | | |
cd dashboard | |
npm run devtools | |
cd .. | |
developer: | |
runs-on: ${{ matrix.os }} | |
name: 🧑💻 👩💻 👨💻 Developer setup ${{ matrix.node }} @ ${{ matrix.os }} | |
strategy: | |
matrix: | |
os: [ubuntu-20.04, macOS-latest] | |
python: ['3.10'] | |
fail-fast: false | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- name: Setup Python | |
uses: actions/setup-python@v4 | |
with: | |
python-version: ${{ matrix.python }} | |
- name: Install Pip Dependencies | |
run: | | |
make lib-dep | |
- name: Run essentials | |
run: | | |
./write-scm-version.sh | |
python3 check.py | |
make https-certificates | |
make sign-https-certificates | |
make ca-certificates | |
python3 -m proxy --version | |
ghcr-latest: | |
runs-on: ubuntu-20.04 | |
permissions: | |
packages: write | |
if: success() | |
needs: | |
- test-container | |
- pre-setup # transitive, for accessing settings | |
name: 🐳 ghcr:latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
with: | |
ref: ${{ github.event.inputs.release-commitish }} | |
- name: Download all the dists | |
uses: actions/download-artifact@v3 | |
with: | |
name: python-package-distributions | |
path: dist/ | |
- name: Login to GHCR | |
uses: docker/login-action@v2 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Set up Docker Buildx | |
id: buildx | |
uses: docker/setup-buildx-action@v2 | |
# See https://github.com/docker/buildx/issues/850#issuecomment-996408167 | |
with: | |
version: v0.7.0 | |
buildkitd-flags: --debug | |
config: .github/buildkitd.toml | |
install: true | |
- name: Enable Multiarch # This slows down arm build by 4-5x | |
run: | | |
docker run --rm --privileged multiarch/qemu-user-static --reset -p yes | |
- name: Create builder | |
run: | | |
docker buildx create --name proxypybuilder | |
docker buildx use proxypybuilder | |
docker buildx inspect | |
docker buildx ls | |
- name: Push to GHCR | |
run: >- | |
REGISTRY_URL="ghcr.io/abhinavsingh/proxy.py"; | |
CONTAINER_TAG=$REGISTRY_URL:${{ | |
needs.pre-setup.outputs.container-version | |
}}; | |
docker buildx build | |
--push | |
--platform ${{ | |
needs.pre-setup.outputs.container-platforms | |
}} | |
--build-arg SKIP_OPENSSL=1 | |
--build-arg PROXYPY_PKG_PATH='dist/${{ | |
needs.pre-setup.outputs.wheel-artifact-name | |
}}' | |
-t $CONTAINER_TAG . | |
- name: Tag latest on GHCR | |
if: >- | |
github.event_name == 'push' && | |
( | |
github.ref == format( | |
'refs/heads/{0}', github.event.repository.default_branch | |
) || | |
github.ref == 'refs/heads/master' | |
) | |
run: >- | |
REGISTRY_URL="ghcr.io/abhinavsingh/proxy.py"; | |
LATEST_TAG=$REGISTRY_URL:latest; | |
docker buildx build | |
--push | |
--platform ${{ | |
needs.pre-setup.outputs.container-platforms | |
}} | |
--build-arg SKIP_OPENSSL=1 | |
--build-arg PROXYPY_PKG_PATH='dist/${{ | |
needs.pre-setup.outputs.wheel-artifact-name | |
}}' | |
-t $LATEST_TAG . | |
ghcr-openssl: | |
runs-on: ubuntu-20.04 | |
permissions: | |
packages: write | |
if: success() | |
needs: | |
- test-container | |
- pre-setup # transitive, for accessing settings | |
name: 🐳 ghcr:openssl | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
with: | |
ref: ${{ github.event.inputs.release-commitish }} | |
- name: Download all the dists | |
uses: actions/download-artifact@v3 | |
with: | |
name: python-package-distributions | |
path: dist/ | |
- name: Login to GHCR | |
uses: docker/login-action@v2 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Set up Docker Buildx | |
id: buildx | |
uses: docker/setup-buildx-action@v2 | |
# See https://github.com/docker/buildx/issues/850#issuecomment-996408167 | |
with: | |
version: v0.7.0 | |
buildkitd-flags: --debug | |
config: .github/buildkitd.toml | |
install: true | |
- name: Enable Multiarch # This slows down arm build by 4-5x | |
run: | | |
docker run --rm --privileged multiarch/qemu-user-static --reset -p yes | |
- name: Create builder | |
run: | | |
docker buildx create --name proxypybuilder | |
docker buildx use proxypybuilder | |
docker buildx inspect | |
docker buildx ls | |
- name: Push openssl to GHCR | |
run: >- | |
REGISTRY_URL="ghcr.io/abhinavsingh/proxy.py"; | |
CONTAINER_TAG=$REGISTRY_URL:${{ | |
needs.pre-setup.outputs.container-version | |
}}-openssl; | |
docker buildx build | |
--push | |
--platform ${{ | |
needs.pre-setup.outputs.container-platforms | |
}} | |
--build-arg PROXYPY_PKG_PATH='dist/${{ | |
needs.pre-setup.outputs.wheel-artifact-name | |
}}' | |
-t $CONTAINER_TAG . | |
- name: Tag openssl on GHCR | |
if: >- | |
github.event_name == 'push' && | |
( | |
github.ref == format( | |
'refs/heads/{0}', github.event.repository.default_branch | |
) || | |
github.ref == 'refs/heads/master' | |
) | |
run: >- | |
REGISTRY_URL="ghcr.io/abhinavsingh/proxy.py"; | |
LATEST_TAG=$REGISTRY_URL:openssl; | |
docker buildx build | |
--push | |
--platform ${{ | |
needs.pre-setup.outputs.container-platforms | |
}} | |
--build-arg PROXYPY_PKG_PATH='dist/${{ | |
needs.pre-setup.outputs.wheel-artifact-name | |
}}' | |
-t $LATEST_TAG . | |
docker-latest: | |
runs-on: ubuntu-20.04 | |
permissions: | |
packages: write | |
if: success() | |
needs: | |
- test-container | |
- pre-setup # transitive, for accessing settings | |
name: 🐳 docker:latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
with: | |
ref: ${{ github.event.inputs.release-commitish }} | |
- name: Download all the dists | |
uses: actions/download-artifact@v3 | |
with: | |
name: python-package-distributions | |
path: dist/ | |
- name: Set up Docker Buildx | |
id: buildx | |
uses: docker/setup-buildx-action@v2 | |
# See https://github.com/docker/buildx/issues/850#issuecomment-996408167 | |
with: | |
version: v0.7.0 | |
buildkitd-flags: --debug | |
config: .github/buildkitd.toml | |
install: true | |
- name: Enable Multiarch # This slows down arm build by 4-5x | |
run: | | |
docker run --rm --privileged multiarch/qemu-user-static --reset -p yes | |
- name: Create builder | |
run: | | |
docker buildx create --name proxypybuilder | |
docker buildx use proxypybuilder | |
docker buildx inspect | |
docker buildx ls | |
- name: Login to DockerHub | |
uses: docker/login-action@v2 | |
with: | |
username: abhinavsingh | |
password: ${{ secrets.DOCKER_ACCESS_TOKEN }} | |
- name: Push to DockerHub | |
run: >- | |
REGISTRY_URL="abhinavsingh/proxy.py"; | |
CONTAINER_TAG=$REGISTRY_URL:${{ | |
needs.pre-setup.outputs.container-version | |
}}; | |
docker buildx build | |
--push | |
--platform ${{ | |
needs.pre-setup.outputs.container-platforms | |
}} | |
--build-arg PROXYPY_PKG_PATH='dist/${{ | |
needs.pre-setup.outputs.wheel-artifact-name | |
}}' | |
-t $CONTAINER_TAG . | |
check: # This job does nothing and is only used for the branch protection | |
if: always() | |
needs: | |
- analyze | |
- test | |
- lint | |
- dashboard | |
# - brew | |
- developer | |
- ghcr-latest | |
- ghcr-openssl | |
- docker-latest | |
runs-on: ubuntu-20.04 | |
steps: | |
- name: Decide whether the needed jobs succeeded or failed | |
uses: re-actors/alls-green@release/v1 | |
with: | |
jobs: ${{ toJSON(needs) }} | |
publish-pypi: | |
name: Publish 🐍📦 ${{ needs.pre-setup.outputs.git-tag }} to PyPI | |
needs: | |
- check | |
- pre-setup # transitive, for accessing settings | |
if: >- | |
fromJSON(needs.pre-setup.outputs.release-requested) | |
runs-on: ubuntu-20.04 | |
environment: | |
name: release | |
url: >- | |
https://pypi.org/project/proxy.py/${{ | |
needs.pre-setup.outputs.dist-version | |
}} | |
steps: | |
- name: Download all the dists | |
uses: actions/download-artifact@v3 | |
with: | |
name: python-package-distributions | |
path: dist/ | |
- name: >- | |
Publish 🐍📦 ${{ needs.pre-setup.outputs.git-tag }} to PyPI | |
uses: pypa/gh-action-pypi-publish@release/v1 | |
with: | |
password: ${{ secrets.PYPI_TOKEN }} | |
publish-testpypi: | |
name: Publish 🐍📦 ${{ needs.pre-setup.outputs.git-tag }} to TestPyPI | |
needs: | |
- check | |
- pre-setup # transitive, for accessing settings | |
if: >- | |
fromJSON(needs.pre-setup.outputs.is-untagged-devel) | |
|| fromJSON(needs.pre-setup.outputs.release-requested) | |
runs-on: ubuntu-20.04 | |
environment: | |
name: release-testpypi | |
url: >- | |
https://test.pypi.org/project/proxy.py/${{ | |
needs.pre-setup.outputs.dist-version | |
}} | |
steps: | |
- name: Download all the dists | |
uses: actions/download-artifact@v3 | |
with: | |
name: python-package-distributions | |
path: dist/ | |
- name: >- | |
Publish 🐍📦 ${{ needs.pre-setup.outputs.git-tag }} to TestPyPI | |
uses: pypa/gh-action-pypi-publish@release/v1 | |
with: | |
password: ${{ secrets.TESTPYPI_API_TOKEN }} | |
repository_url: https://test.pypi.org/legacy/ | |
post-release-repo-update: | |
name: >- | |
Publish post-release Git tag | |
for ${{ needs.pre-setup.outputs.git-tag }} | |
needs: | |
- publish-pypi | |
- pre-setup # transitive, for accessing settings | |
runs-on: ubuntu-20.04 | |
steps: | |
- name: Fetch the src snapshot | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 1 | |
ref: ${{ github.event.inputs.release-commitish }} | |
- name: Setup git user as [bot] | |
uses: fregante/[email protected] | |
- name: >- | |
Tag the release in the local Git repo | |
as v${{ needs.pre-setup.outputs.git-tag }} | |
run: >- | |
git tag | |
-m '${{ needs.pre-setup.outputs.git-tag }}' | |
'${{ needs.pre-setup.outputs.git-tag }}' | |
-- | |
${{ github.event.inputs.release-commitish }} | |
- name: >- | |
Push ${{ needs.pre-setup.outputs.git-tag }} tag corresponding | |
to the just published release back to GitHub | |
run: >- | |
git push --atomic origin '${{ needs.pre-setup.outputs.git-tag }}' | |
publish-github-release: | |
name: >- | |
Publish a GitHub Release for | |
${{ needs.pre-setup.outputs.git-tag }} | |
needs: | |
- post-release-repo-update | |
- pre-setup # transitive, for accessing settings | |
runs-on: ubuntu-20.04 | |
permissions: | |
contents: write | |
discussions: write | |
steps: | |
- name: Download all the dists | |
uses: actions/download-artifact@v3 | |
with: | |
name: python-package-distributions | |
path: dist/ | |
- name: >- | |
Publish a GitHub Release for | |
${{ needs.pre-setup.outputs.git-tag }} | |
uses: ncipollo/[email protected] | |
with: | |
allowUpdates: false | |
artifactErrorsFailBuild: false | |
artifacts: | | |
dist/${{ needs.pre-setup.outputs.sdist-artifact-name }} | |
dist/${{ needs.pre-setup.outputs.wheel-artifact-name }} | |
artifactContentType: raw # Because whl and tgz are of different types | |
# body/bodyFile: # FIXME: Use once Towncrier is integrated. | |
commit: ${{ github.event.inputs.release-commitish }} | |
discussionCategory: Announcements | |
draft: false | |
name: ${{ needs.pre-setup.outputs.git-tag }} | |
# omitBody: false | |
omitBodyDuringUpdate: true | |
omitName: false | |
omitNameDuringUpdate: true | |
omitPrereleaseDuringUpdate: true | |
prerelease: false | |
removeArtifacts: false | |
replacesArtifacts: false | |
tag: ${{ needs.pre-setup.outputs.git-tag }} | |
token: ${{ secrets.GITHUB_TOKEN }} | |
... |