diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index e86f702c8..fc59185cf 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -1,99 +1,10 @@ name: CI -on: [ push, pull_request ] - -permissions: - contents: read - +on: + workflow_dispatch: + push: + pull_request: jobs: - lint-pr: - if: github.event_name == 'pull_request' - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - with: - persist-credentials: false - - uses: TrueBrain/actions-flake8@c2deca24d388aa5aedd6478332aa9df4600b5eac # v2.1 - # mirrored at https://github.com/mitmproxy/mitmproxy/settings/actions - lint-local: - if: github.event_name == 'push' - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - with: - persist-credentials: false - - uses: actions/setup-python@v2 - with: - python-version: '3.10' - - run: pip install tox - - run: tox -e flake8 - filename-matching: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - with: - persist-credentials: false - - uses: actions/setup-python@v2 - with: - python-version: '3.10' - - run: pip install tox - - run: tox -e filename_matching - mypy: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - with: - persist-credentials: false - - uses: actions/setup-python@v2 - with: - python-version: '3.10' - - run: pip install tox - - run: tox -e mypy - individual-coverage: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - with: - persist-credentials: false - fetch-depth: 0 - - uses: actions/setup-python@v2 - with: - python-version: '3.9' # there's a weird bug on 3.10 where some lines are not counted as covered. - - run: pip install tox - - run: tox -e individual_coverage - test: - strategy: - fail-fast: false - matrix: - include: - - os: ubuntu-latest - py: "3.10" - - os: windows-latest - py: "3.10" - - os: macos-latest - py: "3.10" - - os: ubuntu-latest - py: 3.9 - - os: ubuntu-latest - py: 3.8 - runs-on: ${{ matrix.os }} - steps: - - run: printenv - - uses: actions/checkout@v2 - with: - persist-credentials: false - fetch-depth: 0 - - uses: actions/setup-python@v2 - with: - python-version: ${{ matrix.py }} - - run: pip install tox - - run: tox -e py - - uses: codecov/codecov-action@a1ed4b322b4b38cb846afb5a0ebfa17086917d27 - # mirrored below and at https://github.com/mitmproxy/mitmproxy/settings/actions - with: - file: ./coverage.xml - name: ${{ matrix.os }} - build: strategy: fail-fast: false @@ -131,124 +42,3 @@ jobs: with: name: binaries.${{ matrix.platform }} path: release/dist - - test-web-ui: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - with: - persist-credentials: false - - run: git rev-parse --abbrev-ref HEAD - - uses: actions/setup-node@v2 - with: - node-version: '14' - - name: Cache Node.js modules - uses: actions/cache@v2 - with: - # npm cache files are stored in `~/.npm` on Linux/macOS - path: ~/.npm - key: ${{ runner.OS }}-node-${{ hashFiles('**/package-lock.json') }} - restore-keys: | - ${{ runner.OS }}-node- - ${{ runner.OS }}- - - working-directory: ./web - run: npm ci - - working-directory: ./web - run: npm test - - uses: codecov/codecov-action@a1ed4b322b4b38cb846afb5a0ebfa17086917d27 - # mirrored above and at https://github.com/mitmproxy/mitmproxy/settings/actions - with: - file: ./web/coverage/coverage-final.json - name: web - - docs: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - with: - persist-credentials: false - - uses: actions/setup-python@v2 - with: - python-version: '3.10' - - run: | - wget -q https://github.com/gohugoio/hugo/releases/download/v0.92.1/hugo_extended_0.92.1_Linux-64bit.deb - echo "a9440adfd3ecce40089def287dee4e42ffae252ba08c77d1ac575b880a079ce6 hugo_extended_0.92.1_Linux-64bit.deb" | sha256sum -c - sudo dpkg -i hugo*.deb - - run: pip install -e .[dev] - - run: ./docs/build.py - - uses: actions/upload-artifact@v2 - with: - name: docs - path: docs/public - - # Separate from everything else because slow. - build-and-deploy-docker: - if: github.repository == 'mitmproxy/mitmproxy' && ( - github.ref == 'refs/heads/main' || - github.ref == 'refs/heads/dockertest' || - startsWith(github.ref, 'refs/tags/') - ) - environment: deploy-docker - needs: - - test - - test-web-ui - - build - - docs - runs-on: ubuntu-latest - env: - CI_BUILD_DOCKER: 1 - DOCKER_USERNAME: mitmbot - DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} - steps: - - uses: actions/checkout@v2 - with: - persist-credentials: false - - uses: actions/setup-python@v2 - with: - python-version: '3.10' - - uses: actions/download-artifact@v2 - with: - name: binaries.linux - path: release/dist - - uses: docker/setup-qemu-action@27d0a4f181a40b142cce983c5393082c365d1480 # v1.2.0 - - uses: docker/setup-buildx-action@b1f1f719c7cd5364be7c82e366366da322d01f7c # v1.6.0 - - run: pip install -e .[dev] - - run: python release/cibuild.py build - - run: python release/cibuild.py upload - - deploy: - # This action has access to our AWS keys, so we are extra careful here. - # In particular, we don't blindly `pip install` anything to minimize the risk of supply chain attacks. - if: github.repository == 'mitmproxy/mitmproxy' && github.event_name == 'push' - environment: deploy - needs: - - test - - test-web-ui - - build - - docs - runs-on: ubuntu-latest - env: - TWINE_USERNAME: mitmproxy - TWINE_PASSWORD: ${{ secrets.TWINE_PASSWORD }} - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - AWS_DEFAULT_REGION: us-west-2 - steps: - - uses: actions/checkout@v2 - with: - persist-credentials: false - - uses: actions/setup-python@v2 - with: - python-version: '3.10' - - run: sudo apt-get update - - run: sudo apt-get install -y twine awscli - - uses: actions/download-artifact@v2 - with: - path: release/dist - - run: mv release/dist/docs docs/public - # move artifacts from their subfolders into release/dist - - run: find release/dist -mindepth 2 -type f -exec mv {} release/dist \; - # and then delete the empty folders - - run: find release/dist -type d -empty -delete - - run: ls release/dist - - run: ./release/deploy.py