Use native arm64 runners #1258
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
push: | |
branches: | |
- main | |
tags: | |
- 'v[0-9]+.[0-9]+.[0-9]+' | |
pull_request: | |
permissions: | |
contents: read | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: true | |
jobs: | |
test: | |
runs-on: ${{ matrix.os }} | |
strategy: | |
matrix: | |
include: | |
- os: windows-latest | |
rust: "1.80" # MSRV - can't use variables here. | |
args: --exclude mitmproxy-linux-ebpf | |
- os: macos-latest | |
rust: "1.80" # MSRV - can't use variables here. | |
args: --exclude mitmproxy-linux-ebpf | |
- os: ubuntu-22.04 | |
rust: "1.80" # MSRV - can't use variables here. | |
args: --exclude mitmproxy-linux-ebpf | |
- os: ubuntu-latest | |
rust: stable | |
args: --exclude mitmproxy-linux-ebpf | |
- os: ubuntu-latest # old Ubuntu to test eBPF verifier compatibility | |
rust: nightly | |
args: --package mitmproxy-linux-ebpf | |
env: | |
RUSTFLAGS: ${{ matrix.rust == 'nightly' && '-Zpanic_abort_tests -C panic=abort' || '' }} | |
steps: | |
- uses: mhils/workflows/checkout@v15 | |
- uses: ./.github/actions/setup | |
with: | |
rust-version: ${{ matrix.rust }} | |
- name: Run "cargo check" | |
# the action-rs/cargo action adds inline annotations for "cargo check" output | |
uses: actions-rs/cargo@9e120dd99b0fbad1c065f686657e914e76bd7b72 | |
with: | |
toolchain: ${{ matrix.rust }} | |
command: check | |
args: --workspace --verbose ${{ matrix.args }} | |
- if: matrix.rust != 'nightly' # XXX: weird errors here | |
name: Run "cargo test" | |
# the action-rs/cargo action adds inline annotations for "cargo test" output | |
uses: actions-rs/cargo@9e120dd99b0fbad1c065f686657e914e76bd7b72 | |
with: | |
toolchain: ${{ matrix.rust }} | |
command: test | |
args: --workspace --verbose ${{ matrix.args }} | |
- if: matrix.os == 'ubuntu-22.04' # Test that eBPF loads | |
run: cargo test --features root-tests | |
working-directory: mitmproxy-linux | |
env: | |
CARGO_TARGET_X86_64_UNKNOWN_LINUX_GNU_RUNNER: sudo -E | |
build: | |
strategy: | |
matrix: | |
include: | |
- name: windows-x86_64 | |
os: windows-latest | |
- name: linux-x86_64 | |
os: ubuntu-latest | |
args: --compatibility manylinux2014 --zig --sdist | |
- name: linux-arm64 | |
os: ubuntu-24.04-arm | |
args: --compatibility manylinux2014 --zig | |
- name: macos-universal | |
os: macos-latest | |
target: aarch64-apple-darwin x86_64-apple-darwin | |
args: --target universal2-apple-darwin | |
runs-on: ${{ matrix.os }} | |
name: build mitmproxy-rs (${{ matrix.name }}) | |
steps: | |
- uses: mhils/workflows/checkout@v15 | |
- uses: ./.github/actions/setup | |
with: | |
extra-targets: ${{ matrix.target }} | |
- if: runner.os == 'Linux' | |
name: Install maturin[zig] from PyPI | |
uses: install-pinned/maturin-with-zig@68c027568b7d08df7bc3c52476ae28d1d2d787f5 | |
- if: runner.os != 'Linux' | |
name: Install maturin from PyPI | |
uses: install-pinned/maturin@b1e3f698dbd19f284d4363cb361f75b2fa04679c | |
- if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags') | |
run: python .github/scripts/pin-versions.py | |
- run: maturin build --release ${{ matrix.args }} | |
working-directory: ./mitmproxy-rs | |
# ensure that sdist is building. | |
# We do this here instead of a separate job because we don't want to wait for the entire matrix. | |
- if: contains(matrix.args, 'sdist') | |
run: pip install --no-dependencies target/wheels/*.tar.gz | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: wheels-${{ matrix.name }} | |
path: target/wheels | |
build-macos-app: | |
runs-on: macos-latest | |
steps: | |
- uses: mhils/workflows/checkout@v15 | |
- if: ${{ !startsWith(github.ref, 'refs/tags/') }} # harden against cache poisoning | |
uses: actions/cache@v4 | |
id: cache-app | |
with: | |
path: mitmproxy-macos/redirector/dist/ | |
key: macos-${{ hashFiles('mitmproxy-macos/redirector/**', '.github/scripts/build-macos-redirector.sh') }} | |
- if: steps.cache-app.outputs.cache-hit != 'true' || hashFiles('mitmproxy-macos/redirector/dist/Mitmproxy Redirector.app.tar') == '' | |
run: $GITHUB_WORKSPACE/.github/scripts/build-macos-redirector.sh | |
working-directory: mitmproxy-macos/redirector | |
env: | |
APPLE_ID: ${{ secrets.APPLE_ID }} | |
APPLE_APP_PASSWORD: ${{ secrets.APPLE_APP_PASSWORD }} | |
APPLE_PROVISIONING_PROFILE_APP: ${{ secrets.APPLE_PROVISIONING_PROFILE_APP }} | |
APPLE_PROVISIONING_PROFILE_EXT: ${{ secrets.APPLE_PROVISIONING_PROFILE_EXT }} | |
APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }} | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: macos-app | |
path: mitmproxy-macos/redirector/dist/ | |
build-windows-wheel: | |
runs-on: windows-latest | |
name: build mitmproxy-windows | |
steps: | |
- uses: mhils/workflows/checkout@v15 | |
- uses: ./.github/actions/setup | |
- uses: install-pinned/build@aa7fb973fec4a5593736c5dc25b322120ca41a98 | |
- run: cargo build --release --package windows-redirector | |
- run: python -m build --wheel ./mitmproxy-windows --outdir target/wheels/ | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: wheels-os-windows | |
path: target/wheels | |
build-macos-wheel: | |
name: build mitmproxy-macos | |
needs: build-macos-app | |
runs-on: macos-latest | |
steps: | |
- uses: mhils/workflows/checkout@v15 | |
- uses: ./.github/actions/setup | |
with: | |
extra-targets: aarch64-apple-darwin x86_64-apple-darwin | |
- uses: install-pinned/build@aa7fb973fec4a5593736c5dc25b322120ca41a98 | |
- run: | | |
cargo build --release --package macos-certificate-truster --target x86_64-apple-darwin | |
cargo build --release --package macos-certificate-truster --target aarch64-apple-darwin | |
lipo -create -output target/release/macos-certificate-truster target/x86_64-apple-darwin/release/macos-certificate-truster target/aarch64-apple-darwin/release/macos-certificate-truster | |
- uses: actions/download-artifact@v4 | |
with: | |
name: macos-app | |
path: mitmproxy-macos/redirector/dist/ | |
- run: python -m build --wheel ./mitmproxy-macos --outdir target/wheels/ | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: wheels-os-macos | |
path: target/wheels | |
build-linux-wheel: | |
name: build mitmproxy-${{ matrix.name }} | |
strategy: | |
matrix: | |
include: | |
- name: linux-x86_64 | |
os: ubuntu-latest | |
args: --compatibility manylinux2014 --zig --sdist | |
- name: linux-arm64 | |
os: ubuntu-24.04-arm | |
args: --compatibility manylinux2014 --zig | |
# FIXME: extra wheels because of https://github.com/PyO3/maturin/issues/2423 | |
- name: linux-x86_64-py3.13 | |
os: ubuntu-latest | |
args: --compatibility manylinux2014 --zig -i 3.13 | |
- name: linux-arm64-py3.13 | |
os: ubuntu-24.04-arm | |
args: --compatibility manylinux2014 --zig -i 3.13 | |
runs-on: ${{ matrix.os }} | |
steps: | |
- uses: mhils/workflows/checkout@v15 | |
- uses: ./.github/actions/setup | |
- name: Install maturin[zig] from PyPI | |
uses: install-pinned/maturin-with-zig@68c027568b7d08df7bc3c52476ae28d1d2d787f5 | |
- run: maturin build --release ${{ matrix.args }} | |
working-directory: ./mitmproxy-linux | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: wheels-os-${{ matrix.name }} | |
path: target/wheels | |
test-linux-wheel-sdist: | |
needs: build-linux-wheel | |
runs-on: ubuntu-latest | |
steps: | |
- uses: mhils/workflows/checkout@v15 | |
- uses: ./.github/actions/setup | |
- uses: actions/download-artifact@v4 | |
with: | |
name: wheels-os-linux-x86_64 | |
path: target/wheels | |
- run: pip install --no-dependencies target/wheels/*.tar.gz | |
check: | |
if: always() | |
needs: | |
- test | |
- test-linux-wheel-sdist | |
- build | |
- build-windows-wheel | |
- build-linux-wheel | |
- build-macos-wheel | |
uses: mhils/workflows/.github/workflows/alls-green.yml@v15 | |
with: | |
jobs: ${{ toJSON(needs) }} | |
deploy: | |
uses: mhils/workflows/.github/workflows/python-deploy.yml@v15 | |
needs: check | |
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags') | |
with: | |
artifact-pattern: wheels-* | |
artifact-merge-multiple: true | |
# repository: testpypi | |
# environment: deploy-testpypi | |
secrets: | |
password: ${{ secrets.PYPI_TOKEN }} |