Skip to content

Use native arm64 runners #1262

Use native arm64 runners

Use native arm64 runners #1262

Workflow file for this run

name: CI
on:
push:
branches:
- main
tags:
- 'v[0-9]+.[0-9]+.[0-9]+'
pull_request:
permissions:
contents: read
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
test:
runs-on: ${{ matrix.os }}
strategy:
matrix:
include:
- os: windows-latest
rust: "1.80" # MSRV - can't use variables here.
args: --exclude mitmproxy-linux-ebpf
- os: macos-latest
rust: "1.80" # MSRV - can't use variables here.
args: --exclude mitmproxy-linux-ebpf
- os: ubuntu-22.04
rust: "1.80" # MSRV - can't use variables here.
args: --exclude mitmproxy-linux-ebpf
- os: ubuntu-latest
rust: stable
args: --exclude mitmproxy-linux-ebpf
- os: ubuntu-latest # old Ubuntu to test eBPF verifier compatibility
rust: nightly
args: --package mitmproxy-linux-ebpf
env:
RUSTFLAGS: ${{ matrix.rust == 'nightly' && '-Zpanic_abort_tests -C panic=abort' || '' }}
steps:
- uses: mhils/workflows/checkout@v15
- uses: ./.github/actions/setup
with:
rust-version: ${{ matrix.rust }}
- name: Run "cargo check"
# the action-rs/cargo action adds inline annotations for "cargo check" output
uses: actions-rs/cargo@9e120dd99b0fbad1c065f686657e914e76bd7b72
with:
toolchain: ${{ matrix.rust }}
command: check
args: --workspace --verbose ${{ matrix.args }}
- if: matrix.rust != 'nightly' # XXX: weird errors here
name: Run "cargo test"
# the action-rs/cargo action adds inline annotations for "cargo test" output
uses: actions-rs/cargo@9e120dd99b0fbad1c065f686657e914e76bd7b72
with:
toolchain: ${{ matrix.rust }}
command: test
args: --workspace --verbose ${{ matrix.args }}
- if: matrix.os == 'ubuntu-22.04' # Test that eBPF loads
run: cargo test --features root-tests
working-directory: mitmproxy-linux
env:
CARGO_TARGET_X86_64_UNKNOWN_LINUX_GNU_RUNNER: sudo -E
build:
strategy:
matrix:
include:
- name: windows-x86_64
os: windows-latest
- name: linux-x86_64
os: ubuntu-latest
args: --compatibility manylinux2014 --zig --sdist
- name: linux-arm64
os: ubuntu-24.04-arm
args: --compatibility manylinux2014 --zig
- name: macos-universal
os: macos-latest
target: aarch64-apple-darwin x86_64-apple-darwin
args: --target universal2-apple-darwin
runs-on: ${{ matrix.os }}
name: build mitmproxy-rs (${{ matrix.name }})
steps:
- uses: mhils/workflows/checkout@v15
- uses: ./.github/actions/setup
with:
extra-targets: ${{ matrix.target }}
- if: runner.os == 'Linux'
name: Install maturin[zig] from PyPI
uses: install-pinned/maturin-with-zig@68c027568b7d08df7bc3c52476ae28d1d2d787f5
- if: runner.os != 'Linux'
name: Install maturin from PyPI
uses: install-pinned/maturin@b1e3f698dbd19f284d4363cb361f75b2fa04679c
- if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags')
run: python .github/scripts/pin-versions.py
- run: maturin build --release ${{ matrix.args }}
working-directory: ./mitmproxy-rs
# ensure that sdist is building.
# We do this here instead of a separate job because we don't want to wait for the entire matrix.
- if: contains(matrix.args, 'sdist')
run: pip install --no-dependencies target/wheels/*.tar.gz
- uses: actions/upload-artifact@v4
with:
name: wheels-${{ matrix.name }}
path: target/wheels
build-macos-app:
runs-on: macos-latest
steps:
- uses: mhils/workflows/checkout@v15
- if: ${{ !startsWith(github.ref, 'refs/tags/') }} # harden against cache poisoning
uses: actions/cache@v4
id: cache-app
with:
path: mitmproxy-macos/redirector/dist/
key: macos-${{ hashFiles('mitmproxy-macos/redirector/**', '.github/scripts/build-macos-redirector.sh') }}
- if: steps.cache-app.outputs.cache-hit != 'true' || hashFiles('mitmproxy-macos/redirector/dist/Mitmproxy Redirector.app.tar') == ''
run: $GITHUB_WORKSPACE/.github/scripts/build-macos-redirector.sh
working-directory: mitmproxy-macos/redirector
env:
APPLE_ID: ${{ secrets.APPLE_ID }}
APPLE_APP_PASSWORD: ${{ secrets.APPLE_APP_PASSWORD }}
APPLE_PROVISIONING_PROFILE_APP: ${{ secrets.APPLE_PROVISIONING_PROFILE_APP }}
APPLE_PROVISIONING_PROFILE_EXT: ${{ secrets.APPLE_PROVISIONING_PROFILE_EXT }}
APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }}
- uses: actions/upload-artifact@v4
with:
name: macos-app
path: mitmproxy-macos/redirector/dist/
build-windows-wheel:
runs-on: windows-latest
name: build mitmproxy-windows
steps:
- uses: mhils/workflows/checkout@v15
- uses: ./.github/actions/setup
- uses: install-pinned/build@aa7fb973fec4a5593736c5dc25b322120ca41a98
- run: cargo build --release --package windows-redirector
- run: python -m build --wheel ./mitmproxy-windows --outdir target/wheels/
- uses: actions/upload-artifact@v4
with:
name: wheels-os-windows
path: target/wheels
build-macos-wheel:
name: build mitmproxy-macos
needs: build-macos-app
runs-on: macos-latest
steps:
- uses: mhils/workflows/checkout@v15
- uses: ./.github/actions/setup
with:
extra-targets: aarch64-apple-darwin x86_64-apple-darwin
- uses: install-pinned/build@aa7fb973fec4a5593736c5dc25b322120ca41a98
- run: |
cargo build --release --package macos-certificate-truster --target x86_64-apple-darwin
cargo build --release --package macos-certificate-truster --target aarch64-apple-darwin
lipo -create -output target/release/macos-certificate-truster target/x86_64-apple-darwin/release/macos-certificate-truster target/aarch64-apple-darwin/release/macos-certificate-truster
- uses: actions/download-artifact@v4
with:
name: macos-app
path: mitmproxy-macos/redirector/dist/
- run: python -m build --wheel ./mitmproxy-macos --outdir target/wheels/
- uses: actions/upload-artifact@v4
with:
name: wheels-os-macos
path: target/wheels
build-linux-wheel:
name: build mitmproxy-${{ matrix.name }}
strategy:
matrix:
include:
- name: linux-x86_64
os: ubuntu-latest
args: --compatibility manylinux2014 --zig --sdist
- name: linux-arm64
os: ubuntu-24.04-arm
args: --compatibility manylinux2014 --zig
# FIXME: extra wheels because of https://github.com/PyO3/maturin/issues/2423
- name: linux-x86_64-py3.13
os: ubuntu-latest
args: --compatibility manylinux2014 --zig -i 3.13
- name: linux-arm64-py3.13
os: ubuntu-24.04-arm
args: --compatibility manylinux2014 --zig -i 3.13
runs-on: ${{ matrix.os }}
steps:
- uses: mhils/workflows/checkout@v15
- uses: ./.github/actions/setup
- name: Install maturin[zig] from PyPI
uses: install-pinned/maturin-with-zig@68c027568b7d08df7bc3c52476ae28d1d2d787f5
- run: maturin build --release ${{ matrix.args }}
working-directory: ./mitmproxy-linux
env:
XDG_CONFIG_HOME: ~/.config # https://github.com/actions/partner-runner-images/issues/27
- uses: actions/upload-artifact@v4
with:
name: wheels-os-${{ matrix.name }}
path: target/wheels
test-linux-wheel-sdist:
needs: build-linux-wheel
runs-on: ubuntu-latest
steps:
- uses: mhils/workflows/checkout@v15
- uses: ./.github/actions/setup
- uses: actions/download-artifact@v4
with:
name: wheels-os-linux-x86_64
path: target/wheels
- run: pip install --no-dependencies target/wheels/*.tar.gz
check:
if: always()
needs:
- test
- test-linux-wheel-sdist
- build
- build-windows-wheel
- build-linux-wheel
- build-macos-wheel
uses: mhils/workflows/.github/workflows/alls-green.yml@v15
with:
jobs: ${{ toJSON(needs) }}
deploy:
uses: mhils/workflows/.github/workflows/python-deploy.yml@v15
needs: check
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags')
with:
artifact-pattern: wheels-*
artifact-merge-multiple: true
# repository: testpypi
# environment: deploy-testpypi
secrets:
password: ${{ secrets.PYPI_TOKEN }}