Merge branch 'develop' into no-more-ssl-wrap-socket

abhinavsingh · Aug 9, 2024 · 4234f70 · 4234f70
2 parents b1a16e7 + 6ac5aed
commit 4234f70
Show file tree

Hide file tree

Showing 56 changed files with 1,428 additions and 320 deletions.
diff --git a/.github/workflows/dockerfile-base.yml b/.github/workflows/dockerfile-base.yml
@@ -0,0 +1,79 @@
+---
+name: base
+
+on:   # yamllint disable-line rule:truthy
+  workflow_dispatch:
+
+concurrency:
+  group: >-
+    ${{
+        github.workflow
+    }}-${{
+        github.event.pull_request.number || github.sha
+    }}
+  cancel-in-progress: true
+
+jobs:
+  pre-setup:
+    name: ⚙️ Pre-set global build settings
+    runs-on: ubuntu-20.04
+    defaults:
+      run:
+        shell: bash
+    outputs:
+      container-platforms: ${{ steps.container.outputs.platforms }}
+    steps:
+    - name: Calculate container attributes
+      id: container
+      shell: bash
+      run: >-
+        PLATFORMS="linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64/v8,linux/ppc64le,linux/s390x";
+        echo "::set-output name=platforms::$PLATFORMS"
+
+  ghcr-base:
+    runs-on: ubuntu-20.04
+    permissions:
+      packages: write
+    if: success()
+    needs:
+    - pre-setup  # transitive, for accessing settings
+    name: 🐳 ghcr:base
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v3
+      with:
+        ref: ${{ github.event.inputs.release-commitish }}
+    - name: Login to GHCR
+      uses: docker/login-action@v2
+      with:
+        registry: ghcr.io
+        username: ${{ github.actor }}
+        password: ${{ secrets.GITHUB_TOKEN }}
+    - name: Set up Docker Buildx
+      id: buildx
+      uses: docker/setup-buildx-action@v2
+      # See https://github.com/docker/buildx/issues/850#issuecomment-996408167
+      with:
+        version: v0.7.0
+        buildkitd-flags: --debug
+        config: .github/buildkitd.toml
+        install: true
+    - name: Enable Multiarch    # This slows down arm build by 4-5x
+      run: |
+        docker run --rm --privileged multiarch/qemu-user-static --reset -p yes
+    - name: Create builder
+      run: |
+        docker buildx create --name proxypybuilder
+        docker buildx use proxypybuilder
+        docker buildx inspect
+        docker buildx ls
+    - name: Push base to GHCR
+      run: >-
+        docker buildx build
+        --push
+        --platform ${{
+          needs.pre-setup.outputs.container-platforms
+        }}
+        -t ghcr.io/abhinavsingh/proxy.py:base
+        -f DockerfileBase .
+...
diff --git a/.github/workflows/test-library.yml b/.github/workflows/test-library.yml
@@ -188,7 +188,7 @@ jobs:
     - name: Set the expected dist artifact names
       id: artifact-name
       run: |
-        print('::set-output name=sdist::proxy.py-${{
+        print('::set-output name=sdist::proxy_py-${{
             steps.request-check.outputs.release-requested == 'true'
             && github.event.inputs.release-version
             || steps.scm-version.outputs.dist-version
@@ -439,15 +439,16 @@ jobs:
       # max-parallel: 4
       matrix:
         os:
-        - macOS-latest
+        - macOS-12
         - Ubuntu-20.04
         - Windows-latest
         python:
         # NOTE: The latest and the lowest supported Pythons are prioritized
         # NOTE: to improve the responsiveness. It's nice to see the most
         # NOTE: important results first.
-        - '3.10'
+        - '3.11'
         - 3.6
+        - '3.10'
         - 3.9
         - 3.8
         - 3.7
@@ -463,7 +464,7 @@ jobs:
     env:
       PY_COLORS: 1
       TOX_PARALLEL_NO_SPINNER: 1
-      TOXENV: python
+      TOXENV: py
 
     steps:
     - name: Switch to using Python v${{ matrix.python }}
@@ -500,7 +501,15 @@ jobs:
             steps.calc-cache-key-py.outputs.py-hash-key
           }}-
           ${{ runner.os }}-pip-
-    - name: Install tox
+    - name: Install tox for >= 3.11
+      if: matrix.python == '3.11'
+      run: >-
+        python -m
+        pip install
+        --user
+        tox==4.14.2
+    - name: Install tox for < 3.11
+      if: matrix.python != '3.11'
       run: >-
         python -m
         pip install
@@ -537,11 +546,12 @@ jobs:
         --skip-missing-interpreters false
         --skip-pkg-install
     - name: Upload coverage to Codecov
-      uses: codecov/codecov-action@v3
+      uses: codecov/codecov-action@v4
       with:
         flags: pytest, GHA, Python ${{ matrix.python }}, ${{ runner.os }}
         verbose: true
-
+      env:
+        CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
   test-container:
     runs-on: ubuntu-20.04
     permissions:
@@ -685,7 +695,7 @@ jobs:
     name: 📊 Node ${{ matrix.node }} @ ${{ matrix.os }}
     strategy:
       matrix:
-        os: [ubuntu-20.04, windows-latest, macOS-latest]
+        os: [ubuntu-20.04, windows-latest, macOS-12]
         node: ['10.x', '11.x', '12.x']
       # max-parallel: 4
       fail-fast: false
@@ -943,7 +953,6 @@ jobs:
       with:
         username: abhinavsingh
         password: ${{ secrets.DOCKER_ACCESS_TOKEN }}
-    # TODO: openssl image is not published on DockerHub
     - name: Push to DockerHub
       run: >-
         REGISTRY_URL="abhinavsingh/proxy.py";
@@ -955,7 +964,6 @@ jobs:
         --platform ${{
           needs.pre-setup.outputs.container-platforms
         }}
-        --build-arg SKIP_OPENSSL=1
         --build-arg PROXYPY_PKG_PATH='dist/${{
           needs.pre-setup.outputs.wheel-artifact-name
         }}'

diff --git a/.gitignore b/.gitignore
@@ -36,3 +36,5 @@ build
 
 pyreverse.png
 profile.svg
+*-pre-push
+jaxl-api-credentials*.json
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -144,7 +144,7 @@ repos:
   rev: 3.9.2
   hooks:
   - id: flake8
-    language_version: python3
+    language_version: python3.10
     additional_dependencies:
     - flake8-2020 >= 1.6.0
     - flake8-docstrings >= 1.5.0

diff --git a/.pylintrc b/.pylintrc
@@ -131,6 +131,10 @@ disable=raw-checker-failed,
         useless-return,
         useless-super-delegation,
         wrong-import-order,
+        # Required because to support 3.11
+        # we added unnecessary-dunder-call which is not supported for <=3.11
+        # see https://github.com/abhinavsingh/proxy.py/actions/runs/8671404475/job/23780537848?pr=1384
+        bad-option-value
 
 # Enable the message, report, category or checker with the given id(s). You can
 # either give multiple identifier separated by comma (,) or put this option
@@ -419,7 +423,7 @@ contextmanager-decorators=contextlib.contextmanager
 # List of members which are set dynamically and missed by pylint inference
 # system, and so shouldn't trigger E1101 when accessed. Python regular
 # expressions are accepted.
-generated-members=
+generated-members=os,io
 
 # Tells whether missing members accessed in mixin class should be ignored. A
 # mixin class is detected if its name ends with "mixin" (case insensitive).
@@ -446,7 +450,7 @@ ignored-classes=optparse.Values,thread._local,_thread._local
 # (useful for modules/projects where namespaces are manipulated during runtime
 # and thus existing member attributes cannot be deduced by static analysis). It
 # supports qualified module names, as well as Unix pattern matching.
-ignored-modules=
+ignored-modules=abc
 
 # Show a hint with possible names when a member name was not found. The aspect
 # of finding the hint is based on edit distance.
@@ -605,5 +609,5 @@ preferred-modules=
 
 # Exceptions that will emit a warning when being caught. Defaults to
 # "BaseException, Exception".
-overgeneral-exceptions=BaseException,
-                       Exception
+overgeneral-exceptions=builtins.BaseException,
+                       builtins.Exception
diff --git a/.vscode/settings.json b/.vscode/settings.json
@@ -19,7 +19,7 @@
   "typescript.preferences.quoteStyle": "single",
   "[python]": {
     "editor.wordBasedSuggestions": "matchingDocuments",
-    "editor.defaultFormatter": null
+    "editor.defaultFormatter": "ms-python.black-formatter"
   },
   "python.testing.unittestEnabled": false,
   "python.testing.autoTestDiscoverOnSaveEnabled": true,
@@ -41,5 +41,19 @@
   "python.linting.flake8Args": ["--config", ".flake8"],
   "python.linting.mypyEnabled": true,
   "python.formatting.provider": "autopep8",
-  "autoDocstring.docstringFormat": "sphinx"
+  "autoDocstring.docstringFormat": "sphinx",
+  "emeraldwalk.runonsave": {
+    "commands": [
+      {
+        "match": "\\.py$",
+        "isAsync": false,
+        "cmd": "./.venv/bin/autoflake --in-place --remove-all-unused-imports \"${file}\""
+      },
+      {
+        "match": "\\.py$",
+        "isAsync": false,
+        "cmd": "./.venv/bin/isort \"${file}\""
+      }
+    ]
+  }
 }
diff --git a/Dockerfile b/Dockerfile
@@ -1,33 +1,54 @@
-FROM python:3.10-alpine as base
+FROM ghcr.io/abhinavsingh/proxy.py:base as builder
 
 LABEL com.abhinavsingh.name="abhinavsingh/proxy.py" \
-  com.abhinavsingh.description="⚡ Fast • 🪶 Lightweight • 0️⃣ Dependency • 🔌 Pluggable • \
+  org.opencontainers.image.title="proxy.py" \
+  org.opencontainers.image.description="⚡ Fast • 🪶 Lightweight • 0️⃣ Dependency • 🔌 Pluggable • \
   😈 TLS interception • 🔒 DNS-over-HTTPS • 🔥 Poor Man's VPN • ⏪ Reverse & ⏩ Forward • \
   👮🏿 \"Proxy Server\" framework • 🌐 \"Web Server\" framework • ➵ ➶ ➷ ➠ \"PubSub\" framework • \
   👷 \"Work\" acceptor & executor framework" \
-  com.abhinavsingh.url="https://github.com/abhinavsingh/proxy.py" \
-  com.abhinavsingh.vcs-url="https://github.com/abhinavsingh/proxy.py" \
+  org.opencontainers.url="https://github.com/abhinavsingh/proxy.py" \
+  org.opencontainers.image.source="https://github.com/abhinavsingh/proxy.py" \
   com.abhinavsingh.docker.cmd="docker run -it --rm -p 8899:8899 abhinavsingh/proxy.py" \
-  org.opencontainers.image.source="https://github.com/abhinavsingh/proxy.py"
+  org.opencontainers.image.licenses="BSD-3-Clause" \
+  org.opencontainers.image.authors="Abhinav Singh <[email protected]>" \
+  org.opencontainers.image.vendor="Abhinav Singh"
 
 ENV PYTHONUNBUFFERED 1
+ENV PYTHONDONTWRITEBYTECODE 1
 
 ARG SKIP_OPENSSL
 ARG PROXYPY_PKG_PATH
 
 COPY README.md /
 COPY $PROXYPY_PKG_PATH /
 
-RUN pip install --upgrade pip && \
-  pip install \
+# proxy.py itself needs no external dependencies
+# Optionally, include openssl to allow
+# users to use TLS interception features using Docker
+# Use `--build-arg SKIP_OPENSSL=1` to disable openssl installation
+RUN /proxy/venv/bin/pip install --no-compile --no-cache-dir \
+  -U pip && \
+  /proxy/venv/bin/pip install --no-compile --no-cache-dir \
   --no-index \
   --find-links file:/// \
   proxy.py && \
-  rm *.whl
-
-# Use `--build-arg SKIP_OPENSSL=1` to disable openssl installation
-RUN if [[ -z "$SKIP_OPENSSL" ]]; then apk update && apk add openssl; fi
+  rm *.whl && \
+  find . -type d -name '__pycache__' | xargs rm -rf && \
+  rm -rf /var/cache/apk/* && \
+  rm -rf /root/.cache/ && \
+  /proxy/venv/bin/pip uninstall -y wheel setuptools pip && \
+  /usr/local/bin/pip uninstall -y wheel setuptools pip
 
+FROM python:3.11-alpine
+COPY --from=builder /README.md /README.md
+COPY --from=builder /proxy /proxy
+RUN if [[ -z "$SKIP_OPENSSL" ]]; then \
+  apk update && \
+  apk --no-cache add openssl && \
+  rm -rf /var/cache/apk/* && \
+  rm -rf /root/.cache/; \
+  fi
+ENV PATH="/proxy/venv/bin:${PATH}"
 EXPOSE 8899/tcp
 ENTRYPOINT [ "proxy" ]
 CMD [ \

diff --git a/DockerfileBase b/DockerfileBase
@@ -0,0 +1,41 @@
+FROM python:3.11-alpine
+
+LABEL com.abhinavsingh.name="abhinavsingh/proxy.py" \
+    org.opencontainers.image.title="proxy.py" \
+    org.opencontainers.image.description="⚡ Fast • 🪶 Lightweight • 0️⃣ Dependency • 🔌 Pluggable • \
+    😈 TLS interception • 🔒 DNS-over-HTTPS • 🔥 Poor Man's VPN • ⏪ Reverse & ⏩ Forward • \
+    👮🏿 \"Proxy Server\" framework • 🌐 \"Web Server\" framework • ➵ ➶ ➷ ➠ \"PubSub\" framework • \
+    👷 \"Work\" acceptor & executor framework" \
+    org.opencontainers.url="https://github.com/abhinavsingh/proxy.py" \
+    org.opencontainers.image.source="https://github.com/abhinavsingh/proxy.py" \
+    com.abhinavsingh.docker.cmd="docker run -it --rm -p 8899:8899 abhinavsingh/proxy.py" \
+    org.opencontainers.image.licenses="BSD-3-Clause" \
+    org.opencontainers.image.authors="Abhinav Singh <[email protected]>" \
+    org.opencontainers.image.vendor="Abhinav Singh"
+
+ENV PYTHONUNBUFFERED 1
+ENV PYTHONDONTWRITEBYTECODE 1
+
+# Install paramiko and cryptography to allow
+# users to use tunneling features using Docker
+RUN apk update && apk --no-cache add \
+    --virtual .builddeps \
+    gcc \
+    musl-dev \
+    libffi-dev \
+    openssl-dev \
+    python3-dev \
+    cargo \
+    rust \
+    make
+RUN python -m venv /proxy/venv && \
+    /proxy/venv/bin/pip install --no-compile --no-cache-dir \
+    -U pip wheel && \
+    /proxy/venv/bin/pip install --no-compile --no-cache-dir \
+    paramiko==3.4.0 \
+    cryptography==42.0.4 \
+    --prefer-binary && \
+    apk del .builddeps && \
+    find . -type d -name '__pycache__' | xargs rm -rf && \
+    rm -rf /var/cache/apk/* && \
+    rm -rf /root/.cache/
diff --git a/Makefile b/Makefile
@@ -31,7 +31,7 @@ OPEN=$(shell which xdg-open)
 endif
 
 .PHONY: all https-certificates sign-https-certificates ca-certificates
-.PHONY: lib-check lib-clean lib-test lib-package lib-coverage lib-lint lib-pytest
+.PHONY: lib-check lib-clean lib-test lib-package lib-coverage lib-lint lib-pytest lib-build
 .PHONY: lib-release-test lib-release lib-profile lib-doc lib-pre-commit
 .PHONY: lib-dep lib-flake8 lib-mypy lib-speedscope container-buildx-all-platforms
 .PHONY: container container-run container-release container-build container-buildx
@@ -120,13 +120,15 @@ lib-mypy:
 	tox -e lint -- mypy --all-files
 
 lib-pytest:
-	$(PYTHON) -m tox -e python -- -v
+	$(PYTHON) -m tox -e py -- -v
 
 lib-test: lib-clean lib-check lib-lint lib-pytest
 
-lib-package: lib-clean lib-check
+lib-build:
 	$(PYTHON) -m tox -e cleanup-dists,build-dists,metadata-validation
 
+lib-package: lib-clean lib-check lib-build
+
 lib-release-test: lib-package
 	twine upload --verbose --repository-url https://test.pypi.org/legacy/ dist/*