mirror of
https://github.com/Grasscutters/mitmproxy.git
synced 2024-11-25 18:03:50 +00:00
ec9bc455c0
it turns out pull requests from trusted contributors do have access to secrets, so we can't do that check. Checking for the repo only doesn't make much sense.
511 lines
16 KiB
Python
Executable File
511 lines
16 KiB
Python
Executable File
#!/usr/bin/env python3
|
|
|
|
import contextlib
|
|
import os
|
|
import platform
|
|
import re
|
|
import shutil
|
|
import subprocess
|
|
import sys
|
|
import tarfile
|
|
import urllib.request
|
|
import zipfile
|
|
from dataclasses import dataclass
|
|
from pathlib import Path
|
|
from typing import Optional, Union
|
|
|
|
import click
|
|
import cryptography.fernet
|
|
import parver
|
|
|
|
|
|
@contextlib.contextmanager
|
|
def chdir(path: Path): # pragma: no cover
|
|
old_dir = os.getcwd()
|
|
os.chdir(path)
|
|
yield
|
|
os.chdir(old_dir)
|
|
|
|
|
|
class BuildError(Exception):
|
|
pass
|
|
|
|
|
|
def bool_from_env(envvar: str) -> bool:
|
|
val = os.environ.get(envvar, "")
|
|
if not val or val.lower() in ("0", "false"):
|
|
return False
|
|
else:
|
|
return True
|
|
|
|
|
|
class ZipFile2(zipfile.ZipFile):
|
|
# ZipFile and tarfile have slightly different APIs. Let's fix that.
|
|
def add(self, name: str, arcname: str) -> None:
|
|
return self.write(name, arcname)
|
|
|
|
def __enter__(self) -> "ZipFile2":
|
|
return self
|
|
|
|
|
|
@dataclass(frozen=True, repr=False)
|
|
class BuildEnviron:
|
|
PLATFORM_TAGS = {
|
|
"Darwin": "osx",
|
|
"Windows": "windows",
|
|
"Linux": "linux",
|
|
}
|
|
|
|
system: str
|
|
root_dir: Path
|
|
branch: Optional[str] = None
|
|
tag: Optional[str] = None
|
|
is_pull_request: bool = True
|
|
should_build_wheel: bool = False
|
|
should_build_docker: bool = False
|
|
should_build_pyinstaller: bool = False
|
|
should_build_wininstaller: bool = False
|
|
has_aws_creds: bool = False
|
|
has_twine_creds: bool = False
|
|
docker_username: Optional[str] = None
|
|
docker_password: Optional[str] = None
|
|
build_key: Optional[str] = None
|
|
|
|
@classmethod
|
|
def from_env(cls) -> "BuildEnviron":
|
|
branch = None
|
|
tag = None
|
|
|
|
if ref := os.environ.get("GITHUB_REF", ""):
|
|
if ref.startswith("refs/heads/"):
|
|
branch = ref.replace("refs/heads/", "")
|
|
if ref.startswith("refs/pull/"):
|
|
branch = "pr-" + ref.split("/")[2]
|
|
if ref.startswith("refs/tags/"):
|
|
tag = ref.replace("refs/tags/", "")
|
|
|
|
is_pull_request = os.environ.get("GITHUB_EVENT_NAME", "pull_request") == "pull_request"
|
|
|
|
return cls(
|
|
system=platform.system(),
|
|
root_dir=Path(__file__).parent.parent,
|
|
branch=branch,
|
|
tag=tag,
|
|
is_pull_request=is_pull_request,
|
|
should_build_wheel=bool_from_env("CI_BUILD_WHEEL"),
|
|
should_build_pyinstaller=bool_from_env("CI_BUILD_PYINSTALLER"),
|
|
should_build_wininstaller=bool_from_env("CI_BUILD_WININSTALLER"),
|
|
should_build_docker=bool_from_env("CI_BUILD_DOCKER"),
|
|
has_aws_creds=bool_from_env("AWS_ACCESS_KEY_ID"),
|
|
has_twine_creds=bool_from_env("TWINE_USERNAME") and bool_from_env("TWINE_PASSWORD"),
|
|
docker_username=os.environ.get("DOCKER_USERNAME", None),
|
|
docker_password=os.environ.get("DOCKER_PASSWORD", None),
|
|
build_key=os.environ.get("CI_BUILD_KEY", None),
|
|
)
|
|
|
|
def archive(self, path: Path) -> Union[tarfile.TarFile, ZipFile2]:
|
|
if self.system == "Windows":
|
|
return ZipFile2(path, "w")
|
|
else:
|
|
return tarfile.open(path, "w:gz")
|
|
|
|
@property
|
|
def archive_path(self) -> Path:
|
|
if self.system == "Windows":
|
|
ext = "zip"
|
|
else:
|
|
ext = "tar.gz"
|
|
return self.dist_dir / f"mitmproxy-{self.version}-{self.platform_tag}.{ext}"
|
|
|
|
@property
|
|
def build_dir(self) -> Path:
|
|
return self.release_dir / "build"
|
|
|
|
@property
|
|
def dist_dir(self) -> Path:
|
|
return self.release_dir / "dist"
|
|
|
|
@property
|
|
def docker_tag(self) -> str:
|
|
if self.branch == "master":
|
|
t = "dev"
|
|
else:
|
|
t = self.version
|
|
return f"mitmproxy/mitmproxy:{t}"
|
|
|
|
def dump_info(self, fp=sys.stdout) -> None:
|
|
lst = [
|
|
"version",
|
|
"tag",
|
|
"branch",
|
|
"platform_tag",
|
|
"root_dir",
|
|
"release_dir",
|
|
"build_dir",
|
|
"dist_dir",
|
|
"upload_dir",
|
|
"should_build_wheel",
|
|
"should_build_pyinstaller",
|
|
"should_build_wininstaller",
|
|
"should_build_docker",
|
|
"should_upload_aws",
|
|
"should_upload_docker",
|
|
"should_upload_pypi",
|
|
]
|
|
for attr in lst:
|
|
print(f"cibuild.{attr}={getattr(self, attr)}", file=fp)
|
|
|
|
def check_version(self) -> None:
|
|
"""
|
|
Check that version numbers match our conventions.
|
|
Raises a ValueError if there is a mismatch.
|
|
"""
|
|
contents = (self.root_dir / "mitmproxy" / "version.py").read_text("utf8")
|
|
match = re.search(r'^VERSION = "(.+?)"', contents, re.M)
|
|
assert match
|
|
version = match.group(1)
|
|
|
|
if self.is_prod_release:
|
|
# For production releases, we require strict version equality
|
|
if self.version != version:
|
|
raise ValueError(f"Tag is {self.tag}, but mitmproxy/version.py is {version}.")
|
|
elif not self.is_maintenance_branch:
|
|
# Commits on maintenance branches don't need the dev suffix. This
|
|
# allows us to incorporate and test commits between tagged releases.
|
|
# For snapshots, we only ensure that mitmproxy/version.py contains a
|
|
# dev release.
|
|
version_info = parver.Version.parse(version)
|
|
if not version_info.is_devrelease:
|
|
raise ValueError(f"Non-production releases must have dev suffix: {version}")
|
|
|
|
@property
|
|
def is_maintenance_branch(self) -> bool:
|
|
"""
|
|
Is this an untagged commit on a maintenance branch?
|
|
"""
|
|
if not self.tag and self.branch and re.match(r"v\d+\.x", self.branch):
|
|
return True
|
|
return False
|
|
|
|
@property
|
|
def has_docker_creds(self) -> bool:
|
|
return bool(self.docker_username and self.docker_password)
|
|
|
|
@property
|
|
def is_prod_release(self) -> bool:
|
|
if not self.tag or not self.tag.startswith("v"):
|
|
return False
|
|
try:
|
|
v = parver.Version.parse(self.version, strict=True)
|
|
except (parver.ParseError, BuildError):
|
|
return False
|
|
return not v.is_prerelease
|
|
|
|
@property
|
|
def platform_tag(self) -> str:
|
|
if self.system in self.PLATFORM_TAGS:
|
|
return self.PLATFORM_TAGS[self.system]
|
|
raise BuildError(f"Unsupported platform: {self.system}")
|
|
|
|
@property
|
|
def release_dir(self) -> Path:
|
|
return self.root_dir / "release"
|
|
|
|
@property
|
|
def should_upload_docker(self) -> bool:
|
|
return all([
|
|
(self.is_prod_release or self.branch == "master"),
|
|
self.should_build_docker,
|
|
self.has_docker_creds,
|
|
])
|
|
|
|
@property
|
|
def should_upload_aws(self) -> bool:
|
|
return all([
|
|
self.has_aws_creds,
|
|
(self.should_build_wheel or self.should_build_pyinstaller or self.should_build_wininstaller),
|
|
])
|
|
|
|
@property
|
|
def should_upload_pypi(self) -> bool:
|
|
return all([
|
|
self.is_prod_release,
|
|
self.should_build_wheel,
|
|
self.has_twine_creds,
|
|
])
|
|
|
|
@property
|
|
def upload_dir(self) -> str:
|
|
if self.tag:
|
|
return self.version
|
|
else:
|
|
return f"branches/{self.version}"
|
|
|
|
@property
|
|
def version(self) -> str:
|
|
if self.tag:
|
|
if self.tag.startswith("v"):
|
|
try:
|
|
parver.Version.parse(self.tag[1:], strict=True)
|
|
except parver.ParseError:
|
|
return self.tag
|
|
return self.tag[1:]
|
|
return self.tag
|
|
elif self.branch:
|
|
return self.branch
|
|
else:
|
|
raise BuildError("We're on neither a tag nor a branch - could not establish version")
|
|
|
|
|
|
def build_wheel(be: BuildEnviron) -> None: # pragma: no cover
|
|
click.echo("Building wheel...")
|
|
subprocess.check_call([
|
|
"python",
|
|
"setup.py",
|
|
"-q",
|
|
"bdist_wheel",
|
|
"--dist-dir", be.dist_dir,
|
|
])
|
|
whl, = be.dist_dir.glob('mitmproxy-*-py3-none-any.whl')
|
|
click.echo(f"Found wheel package: {whl}")
|
|
subprocess.check_call(["tox", "-e", "wheeltest", "--", whl])
|
|
|
|
|
|
def build_docker_image(be: BuildEnviron) -> None: # pragma: no cover
|
|
whl, = be.dist_dir.glob('mitmproxy-*-py3-none-any.whl')
|
|
whl = whl.relative_to(Path(".").absolute())
|
|
click.echo("Building Docker images...")
|
|
subprocess.check_call([
|
|
"docker",
|
|
"build",
|
|
"--tag", be.docker_tag,
|
|
"--build-arg", f"WHEEL_MITMPROXY={whl}",
|
|
"--build-arg", f"WHEEL_BASENAME_MITMPROXY={whl.name}",
|
|
"--file", "release/docker/Dockerfile",
|
|
"."
|
|
])
|
|
# smoke-test the newly built docker image
|
|
r = subprocess.run([
|
|
"docker",
|
|
"run",
|
|
"--rm",
|
|
be.docker_tag,
|
|
"mitmdump",
|
|
"--version",
|
|
], check=True, capture_output=True)
|
|
print(r.stdout.decode())
|
|
assert "Mitmproxy: " in r.stdout.decode()
|
|
|
|
|
|
def build_pyinstaller(be: BuildEnviron) -> None: # pragma: no cover
|
|
click.echo("Building pyinstaller package...")
|
|
|
|
PYINSTALLER_SPEC = be.release_dir / "specs"
|
|
PYINSTALLER_HOOKS = be.release_dir / "hooks"
|
|
PYINSTALLER_TEMP = be.build_dir / "pyinstaller"
|
|
PYINSTALLER_DIST = be.build_dir / "binaries" / be.platform_tag
|
|
|
|
if PYINSTALLER_TEMP.exists():
|
|
shutil.rmtree(PYINSTALLER_TEMP)
|
|
if PYINSTALLER_DIST.exists():
|
|
shutil.rmtree(PYINSTALLER_DIST)
|
|
|
|
if be.platform_tag == "windows":
|
|
with chdir(PYINSTALLER_SPEC):
|
|
click.echo("Building PyInstaller binaries in directory mode...")
|
|
subprocess.check_call(
|
|
[
|
|
"pyinstaller",
|
|
"--clean",
|
|
"--workpath", PYINSTALLER_TEMP,
|
|
"--distpath", PYINSTALLER_DIST,
|
|
"./windows-dir.spec"
|
|
]
|
|
)
|
|
for tool in ["mitmproxy", "mitmdump", "mitmweb"]:
|
|
click.echo(f"> {tool} --version")
|
|
executable = (PYINSTALLER_DIST / "onedir" / tool).with_suffix(".exe")
|
|
click.echo(subprocess.check_output([executable, "--version"]).decode())
|
|
|
|
with be.archive(be.archive_path) as archive:
|
|
for tool in ["mitmproxy", "mitmdump", "mitmweb"]:
|
|
# We can't have a folder and a file with the same name.
|
|
if tool == "mitmproxy":
|
|
tool = "mitmproxy_main"
|
|
# Make sure that we are in the spec folder.
|
|
with chdir(PYINSTALLER_SPEC):
|
|
click.echo(f"Building PyInstaller {tool} binary...")
|
|
excludes = []
|
|
if tool != "mitmweb":
|
|
excludes.append("mitmproxy.tools.web")
|
|
if tool != "mitmproxy_main":
|
|
excludes.append("mitmproxy.tools.console")
|
|
|
|
subprocess.check_call(
|
|
[ # type: ignore
|
|
"pyinstaller",
|
|
"--clean",
|
|
"--workpath", PYINSTALLER_TEMP,
|
|
"--distpath", PYINSTALLER_DIST,
|
|
"--additional-hooks-dir", PYINSTALLER_HOOKS,
|
|
"--onefile",
|
|
"--console",
|
|
"--icon", "icon.ico",
|
|
]
|
|
+ [x for e in excludes for x in ["--exclude-module", e]]
|
|
+ [tool]
|
|
)
|
|
# Delete the spec file - we're good without.
|
|
os.remove(f"{tool}.spec")
|
|
|
|
executable = PYINSTALLER_DIST / tool
|
|
if be.platform_tag == "windows":
|
|
executable = executable.with_suffix(".exe")
|
|
|
|
# Remove _main suffix from mitmproxy executable
|
|
if "_main" in executable.name:
|
|
executable = executable.rename(
|
|
executable.with_name(executable.name.replace("_main", ""))
|
|
)
|
|
|
|
# Test if it works at all O:-)
|
|
click.echo(f"> {executable} --version")
|
|
click.echo(subprocess.check_output([executable, "--version"]).decode())
|
|
|
|
archive.add(str(executable), str(executable.name))
|
|
click.echo("Packed {}.".format(be.archive_path.name))
|
|
|
|
|
|
def build_wininstaller(be: BuildEnviron) -> None: # pragma: no cover
|
|
click.echo("Building wininstaller package...")
|
|
|
|
IB_VERSION = "20.12.0"
|
|
IB_DIR = be.release_dir / "installbuilder"
|
|
IB_SETUP = IB_DIR / "setup" / f"{IB_VERSION}-installer.exe"
|
|
IB_CLI = Path(fr"C:\Program Files\VMware InstallBuilder Enterprise {IB_VERSION}\bin\builder-cli.exe")
|
|
IB_LICENSE = IB_DIR / "license.xml"
|
|
|
|
if not IB_LICENSE.exists() and not be.build_key:
|
|
click.echo("Cannot build windows installer without secret key.")
|
|
return
|
|
|
|
if not IB_CLI.exists():
|
|
if not IB_SETUP.exists():
|
|
click.echo("Downloading InstallBuilder...")
|
|
|
|
def report(block, blocksize, total):
|
|
done = block * blocksize
|
|
if round(100 * done / total) != round(100 * (done - blocksize) / total):
|
|
click.secho(f"Downloading... {round(100 * done / total)}%")
|
|
|
|
tmp = IB_SETUP.with_suffix(".tmp")
|
|
urllib.request.urlretrieve(
|
|
f"https://clients.bitrock.com/installbuilder/installbuilder-enterprise-{IB_VERSION}-windows-x64-installer.exe",
|
|
tmp,
|
|
reporthook=report
|
|
)
|
|
tmp.rename(IB_SETUP)
|
|
|
|
click.echo("Install InstallBuilder...")
|
|
subprocess.run([IB_SETUP, "--mode", "unattended", "--unattendedmodeui", "none"], check=True)
|
|
assert IB_CLI.is_file()
|
|
|
|
if not IB_LICENSE.exists():
|
|
assert be.build_key
|
|
click.echo("Decrypt InstallBuilder license...")
|
|
f = cryptography.fernet.Fernet(be.build_key.encode())
|
|
with open(IB_LICENSE.with_suffix(".xml.enc"), "rb") as infile, \
|
|
open(IB_LICENSE, "wb") as outfile:
|
|
outfile.write(f.decrypt(infile.read()))
|
|
|
|
click.echo("Run InstallBuilder...")
|
|
subprocess.run([
|
|
IB_CLI,
|
|
"build",
|
|
str(IB_DIR / "mitmproxy.xml"),
|
|
"windows",
|
|
"--license", str(IB_LICENSE),
|
|
"--setvars", f"project.version={be.version}",
|
|
"--verbose"
|
|
], check=True)
|
|
assert (be.dist_dir / f"mitmproxy-{be.version}-windows-installer.exe").exists()
|
|
|
|
|
|
@click.group(chain=True)
|
|
def cli(): # pragma: no cover
|
|
"""
|
|
mitmproxy build tool
|
|
"""
|
|
pass
|
|
|
|
|
|
@cli.command("build")
|
|
def build(): # pragma: no cover
|
|
"""
|
|
Build a binary distribution
|
|
"""
|
|
be = BuildEnviron.from_env()
|
|
be.dump_info()
|
|
|
|
be.check_version()
|
|
os.makedirs(be.dist_dir, exist_ok=True)
|
|
|
|
if be.should_build_wheel:
|
|
build_wheel(be)
|
|
if be.should_build_docker:
|
|
build_docker_image(be)
|
|
if be.should_build_pyinstaller:
|
|
build_pyinstaller(be)
|
|
if be.should_build_wininstaller:
|
|
build_wininstaller(be)
|
|
|
|
|
|
@cli.command("upload")
|
|
def upload(): # pragma: no cover
|
|
"""
|
|
Upload build artifacts
|
|
|
|
Uploads the wheels package to PyPi.
|
|
Uploads the Pyinstaller and wheels packages to the snapshot server.
|
|
Pushes the Docker image to Docker Hub.
|
|
"""
|
|
be = BuildEnviron.from_env()
|
|
be.dump_info()
|
|
|
|
if be.is_pull_request:
|
|
click.echo("Refusing to upload artifacts from a pull request!")
|
|
return
|
|
|
|
if be.should_upload_aws:
|
|
num_files = len([name for name in be.dist_dir.iterdir() if name.is_file()])
|
|
click.echo(f"Uploading {num_files} files to AWS dir {be.upload_dir}...")
|
|
subprocess.check_call([
|
|
"aws", "s3", "cp",
|
|
"--acl", "public-read",
|
|
f"{be.dist_dir}/",
|
|
f"s3://snapshots.mitmproxy.org/{be.upload_dir}/",
|
|
"--recursive",
|
|
])
|
|
|
|
if be.should_upload_pypi:
|
|
whl, = be.dist_dir.glob('mitmproxy-*-py3-none-any.whl')
|
|
click.echo(f"Uploading {whl} to PyPi...")
|
|
subprocess.check_call(["twine", "upload", whl])
|
|
|
|
if be.should_upload_docker:
|
|
click.echo(f"Uploading Docker image to tag={be.docker_tag}...")
|
|
subprocess.check_call([
|
|
"docker",
|
|
"login",
|
|
"-u", be.docker_username,
|
|
"-p", be.docker_password,
|
|
])
|
|
subprocess.check_call(["docker", "push", be.docker_tag])
|
|
if be.is_prod_release:
|
|
subprocess.check_call(["docker", "tag", be.docker_tag, "mitmproxy/mitmproxy:latest"])
|
|
subprocess.check_call(["docker", "push", "mitmproxy/mitmproxy:latest"])
|
|
|
|
|
|
if __name__ == "__main__": # pragma: no cover
|
|
cli()
|