Merge branch 'develop' into feature/self-singed-cert-interception

abhinavsingh · Aug 10, 2024 · ec87033 · ec87033
2 parents 387d05f + 39854e1
commit ec87033
Show file tree

Hide file tree

Showing 23 changed files with 621 additions and 115 deletions.
diff --git a/.github/workflows/dockerfile-base.yml b/.github/workflows/dockerfile-base.yml
@@ -0,0 +1,79 @@
+---
+name: base
+
+on:   # yamllint disable-line rule:truthy
+  workflow_dispatch:
+
+concurrency:
+  group: >-
+    ${{
+        github.workflow
+    }}-${{
+        github.event.pull_request.number || github.sha
+    }}
+  cancel-in-progress: true
+
+jobs:
+  pre-setup:
+    name: ⚙️ Pre-set global build settings
+    runs-on: ubuntu-20.04
+    defaults:
+      run:
+        shell: bash
+    outputs:
+      container-platforms: ${{ steps.container.outputs.platforms }}
+    steps:
+    - name: Calculate container attributes
+      id: container
+      shell: bash
+      run: >-
+        PLATFORMS="linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64/v8,linux/ppc64le,linux/s390x";
+        echo "::set-output name=platforms::$PLATFORMS"
+
+  ghcr-base:
+    runs-on: ubuntu-20.04
+    permissions:
+      packages: write
+    if: success()
+    needs:
+    - pre-setup  # transitive, for accessing settings
+    name: 🐳 ghcr:base
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v3
+      with:
+        ref: ${{ github.event.inputs.release-commitish }}
+    - name: Login to GHCR
+      uses: docker/login-action@v2
+      with:
+        registry: ghcr.io
+        username: ${{ github.actor }}
+        password: ${{ secrets.GITHUB_TOKEN }}
+    - name: Set up Docker Buildx
+      id: buildx
+      uses: docker/setup-buildx-action@v2
+      # See https://github.com/docker/buildx/issues/850#issuecomment-996408167
+      with:
+        version: v0.7.0
+        buildkitd-flags: --debug
+        config: .github/buildkitd.toml
+        install: true
+    - name: Enable Multiarch    # This slows down arm build by 4-5x
+      run: |
+        docker run --rm --privileged multiarch/qemu-user-static --reset -p yes
+    - name: Create builder
+      run: |
+        docker buildx create --name proxypybuilder
+        docker buildx use proxypybuilder
+        docker buildx inspect
+        docker buildx ls
+    - name: Push base to GHCR
+      run: >-
+        docker buildx build
+        --push
+        --platform ${{
+          needs.pre-setup.outputs.container-platforms
+        }}
+        -t ghcr.io/abhinavsingh/proxy.py:base
+        -f DockerfileBase .
+...
diff --git a/.github/workflows/test-library.yml b/.github/workflows/test-library.yml
@@ -446,8 +446,9 @@ jobs:
         # NOTE: The latest and the lowest supported Pythons are prioritized
         # NOTE: to improve the responsiveness. It's nice to see the most
         # NOTE: important results first.
-        - '3.11'
+        - '3.12'
         - 3.6
+        - '3.11'
         - '3.10'
         - 3.9
         - 3.8
@@ -546,11 +547,12 @@ jobs:
         --skip-missing-interpreters false
         --skip-pkg-install
     - name: Upload coverage to Codecov
-      uses: codecov/codecov-action@v3
+      uses: codecov/codecov-action@v4
       with:
         flags: pytest, GHA, Python ${{ matrix.python }}, ${{ runner.os }}
         verbose: true
-
+      env:
+        CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
   test-container:
     runs-on: ubuntu-20.04
     permissions:
@@ -952,7 +954,6 @@ jobs:
       with:
         username: abhinavsingh
         password: ${{ secrets.DOCKER_ACCESS_TOKEN }}
-    # TODO: openssl image is not published on DockerHub
     - name: Push to DockerHub
       run: >-
         REGISTRY_URL="abhinavsingh/proxy.py";
@@ -964,7 +965,6 @@ jobs:
         --platform ${{
           needs.pre-setup.outputs.container-platforms
         }}
-        --build-arg SKIP_OPENSSL=1
         --build-arg PROXYPY_PKG_PATH='dist/${{
           needs.pre-setup.outputs.wheel-artifact-name
         }}'

diff --git a/Dockerfile b/Dockerfile
@@ -1,33 +1,56 @@
-FROM python:3.11-alpine as base
+FROM ghcr.io/abhinavsingh/proxy.py:base as builder
 
-LABEL com.abhinavsingh.name="abhinavsingh/proxy.py" \
-  com.abhinavsingh.description="⚡ Fast • 🪶 Lightweight • 0️⃣ Dependency • 🔌 Pluggable • \
+LABEL org.opencontainers.image.title="proxy.py" \
+  org.opencontainers.image.description="💫 Ngrok FRP Alternative • ⚡ Fast • 🪶 Lightweight • 0️⃣ Dependency • 🔌 Pluggable • \
   😈 TLS interception • 🔒 DNS-over-HTTPS • 🔥 Poor Man's VPN • ⏪ Reverse & ⏩ Forward • \
   👮🏿 \"Proxy Server\" framework • 🌐 \"Web Server\" framework • ➵ ➶ ➷ ➠ \"PubSub\" framework • \
   👷 \"Work\" acceptor & executor framework" \
-  com.abhinavsingh.url="https://github.com/abhinavsingh/proxy.py" \
-  com.abhinavsingh.vcs-url="https://github.com/abhinavsingh/proxy.py" \
-  com.abhinavsingh.docker.cmd="docker run -it --rm -p 8899:8899 abhinavsingh/proxy.py" \
-  org.opencontainers.image.source="https://github.com/abhinavsingh/proxy.py"
+  org.opencontainers.image.url="https://github.com/abhinavsingh/proxy.py" \
+  org.opencontainers.image.source="https://github.com/abhinavsingh/proxy.py" \
+  org.opencontainers.image.licenses="BSD-3-Clause" \
+  org.opencontainers.image.authors="Abhinav Singh <[email protected]>" \
+  org.opencontainers.image.vendor="Abhinav Singh" \
+  org.opencontainers.image.created="$(date -u +'%Y-%m-%dT%H:%M:%SZ')" \
+  org.opencontainers.image.documentation="https://github.com/abhinavsingh/proxy.py#readme" \
+  org.opencontainers.image.ref.name="abhinavsingh/proxy.py" \
+  com.abhinavsingh.docker.cmd="docker run -it --rm -p 8899:8899 abhinavsingh/proxy.py"
 
 ENV PYTHONUNBUFFERED 1
+ENV PYTHONDONTWRITEBYTECODE 1
 
 ARG SKIP_OPENSSL
 ARG PROXYPY_PKG_PATH
 
 COPY README.md /
 COPY $PROXYPY_PKG_PATH /
 
-RUN pip install --upgrade pip && \
-  pip install \
+# proxy.py itself needs no external dependencies
+# Optionally, include openssl to allow
+# users to use TLS interception features using Docker
+# Use `--build-arg SKIP_OPENSSL=1` to disable openssl installation
+RUN /proxy/venv/bin/pip install --no-compile --no-cache-dir \
+  -U pip && \
+  /proxy/venv/bin/pip install --no-compile --no-cache-dir \
   --no-index \
   --find-links file:/// \
   proxy.py && \
-  rm *.whl
-
-# Use `--build-arg SKIP_OPENSSL=1` to disable openssl installation
-RUN if [[ -z "$SKIP_OPENSSL" ]]; then apk update && apk add openssl; fi
+  rm *.whl && \
+  find . -type d -name '__pycache__' | xargs rm -rf && \
+  rm -rf /var/cache/apk/* && \
+  rm -rf /root/.cache/ && \
+  /proxy/venv/bin/pip uninstall -y wheel setuptools pip && \
+  /usr/local/bin/pip uninstall -y wheel setuptools pip
 
+FROM python:3.11-alpine
+COPY --from=builder /README.md /README.md
+COPY --from=builder /proxy /proxy
+RUN if [[ -z "$SKIP_OPENSSL" ]]; then \
+  apk update && \
+  apk --no-cache add openssl && \
+  rm -rf /var/cache/apk/* && \
+  rm -rf /root/.cache/; \
+  fi
+ENV PATH="/proxy/venv/bin:${PATH}"
 EXPOSE 8899/tcp
 ENTRYPOINT [ "proxy" ]
 CMD [ \

diff --git a/DockerfileBase b/DockerfileBase
@@ -0,0 +1,43 @@
+FROM python:3.12-alpine
+
+LABEL org.opencontainers.image.title="proxy.py" \
+    org.opencontainers.image.description="💫 Ngrok FRP Alternative • ⚡ Fast • 🪶 Lightweight • 0️⃣ Dependency • 🔌 Pluggable • \
+    😈 TLS interception • 🔒 DNS-over-HTTPS • 🔥 Poor Man's VPN • ⏪ Reverse & ⏩ Forward • \
+    👮🏿 \"Proxy Server\" framework • 🌐 \"Web Server\" framework • ➵ ➶ ➷ ➠ \"PubSub\" framework • \
+    👷 \"Work\" acceptor & executor framework" \
+    org.opencontainers.image.url="https://github.com/abhinavsingh/proxy.py" \
+    org.opencontainers.image.source="https://github.com/abhinavsingh/proxy.py" \
+    org.opencontainers.image.licenses="BSD-3-Clause" \
+    org.opencontainers.image.authors="Abhinav Singh <[email protected]>" \
+    org.opencontainers.image.vendor="Abhinav Singh" \
+    org.opencontainers.image.created="$(date -u +'%Y-%m-%dT%H:%M:%SZ')" \
+    org.opencontainers.image.documentation="https://github.com/abhinavsingh/proxy.py#readme" \
+    org.opencontainers.image.ref.name="abhinavsingh/proxy.py" \
+    com.abhinavsingh.docker.cmd="docker run -it --rm -p 8899:8899 abhinavsingh/proxy.py"
+
+ENV PYTHONUNBUFFERED 1
+ENV PYTHONDONTWRITEBYTECODE 1
+
+# Install paramiko and cryptography to allow
+# users to use tunneling features using Docker
+RUN apk update && apk --no-cache add \
+    --virtual .builddeps \
+    gcc \
+    musl-dev \
+    libffi-dev \
+    openssl-dev \
+    python3-dev \
+    cargo \
+    rust \
+    make
+RUN python -m venv /proxy/venv && \
+    /proxy/venv/bin/pip install --no-compile --no-cache-dir \
+    -U pip wheel && \
+    /proxy/venv/bin/pip install --no-compile --no-cache-dir \
+    paramiko==3.4.0 \
+    cryptography==42.0.4 \
+    --prefer-binary && \
+    apk del .builddeps && \
+    find . -type d -name '__pycache__' | xargs rm -rf && \
+    rm -rf /var/cache/apk/* && \
+    rm -rf /root/.cache/