-
-
Notifications
You must be signed in to change notification settings - Fork 34
250 lines (225 loc) · 8.67 KB
/
ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
name: CI
on:
push:
branches:
- main
tags:
- 'v[0-9]+.[0-9]+.[0-9]+'
pull_request:
permissions:
contents: read
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
test:
runs-on: ${{ matrix.os }}
strategy:
matrix:
include:
- os: windows-latest
rust: "1.80" # MSRV - can't use variables here.
args: --exclude mitmproxy-linux-ebpf
- os: macos-latest
rust: "1.80" # MSRV - can't use variables here.
args: --exclude mitmproxy-linux-ebpf
- os: ubuntu-22.04
rust: "1.80" # MSRV - can't use variables here.
args: --exclude mitmproxy-linux-ebpf
- os: ubuntu-latest
rust: stable
args: --exclude mitmproxy-linux-ebpf
- os: ubuntu-latest # old Ubuntu to test eBPF verifier compatibility
rust: nightly
args: --package mitmproxy-linux-ebpf
env:
RUSTFLAGS: ${{ matrix.rust == 'nightly' && '-Zpanic_abort_tests -C panic=abort' || '' }}
steps:
- uses: mhils/workflows/checkout@v15
- uses: ./.github/actions/setup
with:
rust-version: ${{ matrix.rust }}
- name: Run "cargo check"
# the action-rs/cargo action adds inline annotations for "cargo check" output
uses: actions-rs/cargo@9e120dd99b0fbad1c065f686657e914e76bd7b72
with:
toolchain: ${{ matrix.rust }}
command: check
args: --workspace --verbose ${{ matrix.args }}
- if: matrix.rust != 'nightly' # XXX: weird errors here
name: Run "cargo test"
# the action-rs/cargo action adds inline annotations for "cargo test" output
uses: actions-rs/cargo@9e120dd99b0fbad1c065f686657e914e76bd7b72
with:
toolchain: ${{ matrix.rust }}
command: test
args: --workspace --verbose ${{ matrix.args }}
- if: matrix.os == 'ubuntu-22.04' # Test that eBPF loads
run: cargo test --features root-tests
working-directory: mitmproxy-linux
env:
CARGO_TARGET_X86_64_UNKNOWN_LINUX_GNU_RUNNER: sudo -E
build:
strategy:
matrix:
include:
- name: windows-x86_64
os: windows-latest
- name: linux-x86_64
os: ubuntu-latest
args: --compatibility manylinux2014 --zig --sdist
- name: linux-arm64
os: ubuntu-24.04-arm
args: --compatibility manylinux2014 --zig
- name: macos-universal
os: macos-latest
target: aarch64-apple-darwin x86_64-apple-darwin
args: --target universal2-apple-darwin
runs-on: ${{ matrix.os }}
name: build mitmproxy-rs (${{ matrix.name }})
steps:
- uses: mhils/workflows/checkout@v15
- uses: ./.github/actions/setup
with:
extra-targets: ${{ matrix.target }}
- if: runner.os == 'Linux'
name: Install maturin[zig] from PyPI
uses: install-pinned/maturin-with-zig@68c027568b7d08df7bc3c52476ae28d1d2d787f5
- if: runner.os != 'Linux'
name: Install maturin from PyPI
uses: install-pinned/maturin@b1e3f698dbd19f284d4363cb361f75b2fa04679c
- if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags')
run: python .github/scripts/pin-versions.py
- run: maturin build --release ${{ matrix.args }}
working-directory: ./mitmproxy-rs
# ensure that sdist is building.
# We do this here instead of a separate job because we don't want to wait for the entire matrix.
- if: contains(matrix.args, 'sdist')
run: pip install --no-dependencies target/wheels/*.tar.gz
- uses: actions/upload-artifact@v4
with:
name: wheels-${{ matrix.name }}
path: target/wheels
build-macos-app:
runs-on: macos-latest
steps:
- uses: mhils/workflows/checkout@v15
- if: ${{ !startsWith(github.ref, 'refs/tags/') }} # harden against cache poisoning
uses: actions/cache@v4
id: cache-app
with:
path: mitmproxy-macos/redirector/dist/
key: macos-${{ hashFiles('mitmproxy-macos/redirector/**', '.github/scripts/build-macos-redirector.sh') }}
- if: steps.cache-app.outputs.cache-hit != 'true' || hashFiles('mitmproxy-macos/redirector/dist/Mitmproxy Redirector.app.tar') == ''
run: $GITHUB_WORKSPACE/.github/scripts/build-macos-redirector.sh
working-directory: mitmproxy-macos/redirector
env:
APPLE_ID: ${{ secrets.APPLE_ID }}
APPLE_APP_PASSWORD: ${{ secrets.APPLE_APP_PASSWORD }}
APPLE_PROVISIONING_PROFILE_APP: ${{ secrets.APPLE_PROVISIONING_PROFILE_APP }}
APPLE_PROVISIONING_PROFILE_EXT: ${{ secrets.APPLE_PROVISIONING_PROFILE_EXT }}
APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }}
- uses: actions/upload-artifact@v4
with:
name: macos-app
path: mitmproxy-macos/redirector/dist/
build-windows-wheel:
runs-on: windows-latest
name: build mitmproxy-windows
steps:
- uses: mhils/workflows/checkout@v15
- uses: ./.github/actions/setup
- uses: install-pinned/build@aa7fb973fec4a5593736c5dc25b322120ca41a98
- run: cargo build --release --package windows-redirector
- run: python -m build --wheel ./mitmproxy-windows --outdir target/wheels/
- uses: actions/upload-artifact@v4
with:
name: wheels-os-windows
path: target/wheels
build-macos-wheel:
name: build mitmproxy-macos
needs: build-macos-app
runs-on: macos-latest
steps:
- uses: mhils/workflows/checkout@v15
- uses: ./.github/actions/setup
with:
extra-targets: aarch64-apple-darwin x86_64-apple-darwin
- uses: install-pinned/build@aa7fb973fec4a5593736c5dc25b322120ca41a98
- run: |
cargo build --release --package macos-certificate-truster --target x86_64-apple-darwin
cargo build --release --package macos-certificate-truster --target aarch64-apple-darwin
lipo -create -output target/release/macos-certificate-truster target/x86_64-apple-darwin/release/macos-certificate-truster target/aarch64-apple-darwin/release/macos-certificate-truster
- uses: actions/download-artifact@v4
with:
name: macos-app
path: mitmproxy-macos/redirector/dist/
- run: python -m build --wheel ./mitmproxy-macos --outdir target/wheels/
- uses: actions/upload-artifact@v4
with:
name: wheels-os-macos
path: target/wheels
build-linux-wheel:
name: build mitmproxy-${{ matrix.name }}
strategy:
matrix:
include:
- name: linux-x86_64
os: ubuntu-latest
args: --compatibility manylinux2014 --zig --sdist
- name: linux-arm64
os: ubuntu-24.04-arm
args: --compatibility manylinux2014 --zig
# FIXME: extra wheels because of https://github.com/PyO3/maturin/issues/2423
- name: linux-x86_64-py3.13
os: ubuntu-latest
args: --compatibility manylinux2014 --zig -i 3.13
- name: linux-arm64-py3.13
os: ubuntu-24.04-arm
args: --compatibility manylinux2014 --zig -i 3.13
runs-on: ${{ matrix.os }}
steps:
- uses: mhils/workflows/checkout@v15
- uses: ./.github/actions/setup
- name: Install maturin[zig] from PyPI
uses: install-pinned/maturin-with-zig@68c027568b7d08df7bc3c52476ae28d1d2d787f5
- run: maturin build --release ${{ matrix.args }}
working-directory: ./mitmproxy-linux
- uses: actions/upload-artifact@v4
with:
name: wheels-os-${{ matrix.name }}
path: target/wheels
test-linux-wheel-sdist:
needs: build-linux-wheel
runs-on: ubuntu-latest
steps:
- uses: mhils/workflows/checkout@v15
- uses: ./.github/actions/setup
- uses: actions/download-artifact@v4
with:
name: wheels-os-linux-x86_64
path: target/wheels
- run: pip install --no-dependencies target/wheels/*.tar.gz
check:
if: always()
needs:
- test
- test-linux-wheel-sdist
- build
- build-windows-wheel
- build-linux-wheel
- build-macos-wheel
uses: mhils/workflows/.github/workflows/alls-green.yml@v15
with:
jobs: ${{ toJSON(needs) }}
deploy:
uses: mhils/workflows/.github/workflows/python-deploy.yml@v15
needs: check
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags')
with:
artifact-pattern: wheels-*
artifact-merge-multiple: true
# repository: testpypi
# environment: deploy-testpypi
secrets:
password: ${{ secrets.PYPI_TOKEN }}