Update README.md #117
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: | |
| - '**' | |
| - '!dependabot/**' | |
| - '!*-patch-*' | |
| pull_request: | |
| merge_group: | |
| workflow_dispatch: | |
| permissions: | |
| contents: read | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| tox: | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| env: [lint, filename_matching, mypy, individual_coverage, old-dependencies, test-offline] | |
| name: ${{ matrix.env }} | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: mhils/workflows/checkout@af886cbabab992a8e7db75c6af3516af2b1f5a1c | |
| - uses: mhils/workflows/setup-uv@af886cbabab992a8e7db75c6af3516af2b1f5a1c | |
| - uses: mhils/workflows/uv-sync@af886cbabab992a8e7db75c6af3516af2b1f5a1c | |
| with: | |
| args: --only-group tox | |
| - run: tox -e ${{ matrix.env }} | |
| test: | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - os: ubuntu-latest | |
| py: "3.14" | |
| - os: windows-latest | |
| py: "3.14" | |
| - os: macos-latest | |
| py: "3.14" | |
| - os: ubuntu-latest | |
| py: "3.13" | |
| - os: ubuntu-latest | |
| py: "3.12" | |
| runs-on: ${{ matrix.os }} | |
| steps: | |
| - uses: mhils/workflows/checkout@af886cbabab992a8e7db75c6af3516af2b1f5a1c | |
| - uses: mhils/workflows/setup-uv@af886cbabab992a8e7db75c6af3516af2b1f5a1c | |
| - uses: mhils/workflows/uv-sync@af886cbabab992a8e7db75c6af3516af2b1f5a1c | |
| with: | |
| args: --only-group tox | |
| - run: tox -e py${{ matrix.py }} | |
| - uses: codecov/codecov-action@v5 | |
| with: | |
| token: ${{ secrets.CODECOV_TOKEN }} | |
| files: ./coverage.xml | |
| build: | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - image: macos-15 | |
| platform: macos-arm64 | |
| - image: macos-15-intel | |
| platform: macos-x86_64 | |
| - image: windows-2025 | |
| platform: windows | |
| - image: ubuntu-latest | |
| platform: linux-x86_64 | |
| container: debian:11 # Old version so we get oldest glibc possible. | |
| - image: ubuntu-24.04-arm | |
| platform: linux-arm64 | |
| container: debian:11 # Old version so we get oldest glibc possible. | |
| runs-on: ${{ matrix.image }} | |
| container: | |
| image: ${{ matrix.container }} | |
| steps: | |
| - if: matrix.container | |
| run: | | |
| apt-get update | |
| apt-get install --no-install-recommends -y git ca-certificates binutils build-essential | |
| - uses: mhils/workflows/checkout@af886cbabab992a8e7db75c6af3516af2b1f5a1c | |
| - uses: mhils/workflows/setup-uv@af886cbabab992a8e7db75c6af3516af2b1f5a1c | |
| - uses: mhils/workflows/uv-sync@af886cbabab992a8e7db75c6af3516af2b1f5a1c | |
| - run: uv pip install . # pyinstaller 5.9 does not like pyproject.toml + editable installs. | |
| - if: runner.os == 'macOS' && github.repository == 'mitmproxy/mitmproxy' | |
| && (startsWith(github.ref, 'refs/heads/') || startsWith(github.ref, 'refs/tags/')) | |
| id: keychain | |
| uses: apple-actions/import-codesign-certs@b610f78488812c1e56b20e6df63ec42d833f2d14 | |
| with: | |
| keychain: ${{ runner.temp }}/temp | |
| p12-file-base64: ${{ secrets.APPLE_CERTIFICATE }} | |
| p12-password: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }} | |
| - if: runner.os == 'macOS' && github.repository == 'mitmproxy/mitmproxy' | |
| && (startsWith(github.ref, 'refs/heads/') || startsWith(github.ref, 'refs/tags/')) | |
| run: | | |
| python -u release/build.py macos-app \ | |
| --keychain "${{ runner.temp }}/temp.keychain" \ | |
| --team-id "S8XHQB96PW" \ | |
| --apple-id "${{ secrets.APPLE_ID }}" \ | |
| --password "${{ secrets.APPLE_APP_PASSWORD }}" | |
| # Linux | |
| - if: runner.os == 'Linux' | |
| run: python -u release/build.py standalone-binaries | |
| # Windows | |
| - if: runner.os == 'Windows' | |
| run: python -u release/build.py standalone-binaries | |
| - uses: actions/upload-artifact@v6 | |
| with: | |
| name: binaries.${{ matrix.platform }} | |
| path: release/dist | |
| build-wheel: | |
| uses: mhils/workflows/.github/workflows/python-build.yml@af886cbabab992a8e7db75c6af3516af2b1f5a1c | |
| with: | |
| artifact: binaries.wheel | |
| build-windows-installer: | |
| runs-on: windows-latest | |
| if: github.repository == 'mitmproxy/mitmproxy' && ( | |
| github.ref == 'refs/heads/main' || | |
| github.ref == 'refs/heads/citest' || | |
| startsWith(github.ref, 'refs/tags/') | |
| ) | |
| steps: | |
| - uses: mhils/workflows/checkout@af886cbabab992a8e7db75c6af3516af2b1f5a1c | |
| - uses: mhils/workflows/setup-uv@af886cbabab992a8e7db75c6af3516af2b1f5a1c | |
| - uses: mhils/workflows/uv-sync@af886cbabab992a8e7db75c6af3516af2b1f5a1c | |
| - run: uv pip install . # pyinstaller 5.9 does not like pyproject.toml + editable installs. | |
| - run: python -u release/build.py installbuilder-installer msix-installer | |
| env: | |
| CI_BUILD_KEY: ${{ secrets.CI_BUILD_KEY }} | |
| - uses: actions/upload-artifact@v6 | |
| with: | |
| name: binaries.windows-installer | |
| path: release/dist | |
| test-web-ui: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: mhils/workflows/checkout@af886cbabab992a8e7db75c6af3516af2b1f5a1c | |
| - uses: actions/setup-node@v6 | |
| with: | |
| node-version-file: .github/node-version.txt | |
| - name: Cache Node.js modules | |
| uses: actions/cache@v5 | |
| with: | |
| # npm cache files are stored in `~/.npm` on Linux/macOS | |
| path: ~/.npm | |
| key: ${{ runner.OS }}-node-${{ hashFiles('**/package-lock.json') }} | |
| restore-keys: | | |
| ${{ runner.OS }}-node- | |
| ${{ runner.OS }}- | |
| - working-directory: ./web | |
| run: npm ci | |
| - working-directory: ./web | |
| run: npm test | |
| - uses: codecov/codecov-action@v5 | |
| with: | |
| token: ${{ secrets.CODECOV_TOKEN }} | |
| files: ./web/coverage/coverage-final.json | |
| test-docker: | |
| runs-on: ubuntu-latest | |
| needs: build-wheel | |
| steps: | |
| - uses: mhils/workflows/checkout@af886cbabab992a8e7db75c6af3516af2b1f5a1c | |
| - uses: actions/download-artifact@v7 | |
| with: | |
| name: binaries.wheel | |
| path: release/docker | |
| - name: Build container | |
| run: docker build --tag localtesting release/docker | |
| - name: Test container | |
| run: docker run --rm -v $PWD/release:/release localtesting mitmdump -s /release/selftest.py | |
| docs: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: mhils/workflows/checkout@af886cbabab992a8e7db75c6af3516af2b1f5a1c | |
| - uses: mhils/workflows/setup-uv@af886cbabab992a8e7db75c6af3516af2b1f5a1c | |
| - uses: mhils/workflows/uv-sync@af886cbabab992a8e7db75c6af3516af2b1f5a1c | |
| - run: | | |
| wget -q https://github.com/gohugoio/hugo/releases/download/v0.139.3/hugo_extended_0.139.3_linux-amd64.deb | |
| echo "3e58800d1fee57269208d07d104ae1a6ab886615344099f2dca0c6ad5279bc11 hugo_extended_0.139.3_linux-amd64.deb" | sha256sum -c | |
| sudo dpkg -i hugo*.deb | |
| - run: ./docs/build.py | |
| - uses: actions/upload-artifact@v6 | |
| with: | |
| name: docs | |
| path: docs/public | |
| # For releases, also build the archive version of the docs. | |
| - run: ./docs/build.py | |
| env: | |
| DOCS_ARCHIVE: ${{ github.ref_name }} | |
| - if: startsWith(github.ref, 'refs/tags/') | |
| uses: actions/upload-artifact@v6 | |
| with: | |
| name: docs-archive | |
| path: docs/public | |
| check: | |
| if: always() | |
| needs: | |
| - tox | |
| - test | |
| - test-docker | |
| - test-web-ui | |
| - build | |
| - build-wheel | |
| - build-windows-installer | |
| - docs | |
| uses: mhils/workflows/.github/workflows/alls-green.yml@af886cbabab992a8e7db75c6af3516af2b1f5a1c | |
| with: | |
| jobs: ${{ toJSON(needs) }} | |
| allowed-skips: build-windows-installer | |
| # Separate from everything else because slow. | |
| deploy-docker: | |
| if: github.repository == 'mitmproxy/mitmproxy' && ( | |
| github.ref == 'refs/heads/main' || | |
| github.ref == 'refs/heads/citest' || | |
| startsWith(github.ref, 'refs/tags/') | |
| ) | |
| permissions: | |
| id-token: write | |
| attestations: write | |
| packages: write | |
| environment: deploy-docker | |
| needs: check | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: mhils/workflows/checkout@af886cbabab992a8e7db75c6af3516af2b1f5a1c | |
| - uses: actions/download-artifact@v7 | |
| with: | |
| name: binaries.wheel | |
| path: release/docker | |
| - uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3.7.0 | |
| - uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v1.6.0 | |
| - name: Login to Docker Hub | |
| uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 | |
| with: | |
| username: mitmbot | |
| password: ${{ secrets.DOCKER_PASSWORD }} | |
| - name: Login to GitHub Container Registry | |
| uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.repository_owner }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Docker meta | |
| id: meta | |
| uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 | |
| env: | |
| DOCKER_METADATA_ANNOTATIONS_LEVELS: index | |
| with: | |
| images: | | |
| mitmproxy/mitmproxy | |
| ghcr.io/mitmproxy/mitmproxy | |
| tags: | | |
| type=semver,pattern={{version}} | |
| type=semver,pattern={{major}}.{{minor}} | |
| type=semver,pattern={{major}} | |
| type=raw,value=dev,enable=${{ github.ref == 'refs/heads/main' }} | |
| type=raw,value=citest,enable=${{ github.ref == 'refs/heads/citest' }} | |
| - name: Build and push | |
| id: push | |
| uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 | |
| with: | |
| context: release/docker | |
| platforms: linux/amd64,linux/arm64 | |
| push: true | |
| provenance: false | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| annotations: ${{ steps.meta.outputs.annotations }} | |
| - uses: actions/attest-build-provenance@v3 | |
| with: | |
| subject-name: ghcr.io/${{ github.repository }} | |
| subject-digest: ${{ steps.push.outputs.digest }} | |
| deploy: | |
| # This action has access to our AWS keys, so we are extra careful here. | |
| # In particular, we don't blindly `pip install` anything to minimize the risk of supply chain attacks. | |
| if: github.repository == 'mitmproxy/mitmproxy' && (startsWith(github.ref, 'refs/heads/') || startsWith(github.ref, 'refs/tags/')) | |
| environment: ${{ (github.ref == 'refs/heads/citest' || startsWith(github.ref, 'refs/tags/')) && 'deploy-release' || 'deploy-snapshot' }} | |
| needs: check | |
| runs-on: ubuntu-latest | |
| permissions: | |
| id-token: write | |
| attestations: write | |
| env: | |
| # PyPI and MSFT keys are only available for the deploy-release environment | |
| # The AWS access key for snapshots is scoped to branches/* as well. | |
| TWINE_USERNAME: __token__ | |
| TWINE_PASSWORD: ${{ secrets.TWINE_PASSWORD }} | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| AWS_DEFAULT_REGION: us-west-2 | |
| MSFT_APP_ID: 9NWNDLQMNZD7 | |
| MSFT_TENANT_ID: ${{ secrets.MSFT_TENANT_ID }} | |
| MSFT_CLIENT_ID: ${{ secrets.MSFT_CLIENT_ID }} | |
| MSFT_CLIENT_SECRET: ${{ secrets.MSFT_CLIENT_SECRET }} | |
| R2_ACCOUNT_ID: ${{ secrets.R2_ACCOUNT_ID }} | |
| R2_ACCESS_KEY_ID: ${{ secrets.R2_ACCESS_KEY_ID }} | |
| R2_SECRET_ACCESS_KEY: ${{ secrets.R2_SECRET_ACCESS_KEY }} | |
| steps: | |
| - uses: mhils/workflows/checkout@af886cbabab992a8e7db75c6af3516af2b1f5a1c | |
| - uses: mhils/workflows/setup-uv@af886cbabab992a8e7db75c6af3516af2b1f5a1c | |
| - uses: mhils/workflows/uv-sync@af886cbabab992a8e7db75c6af3516af2b1f5a1c | |
| with: | |
| args: --only-group deploy | |
| - uses: actions/download-artifact@v7 | |
| with: | |
| name: docs | |
| path: docs/public | |
| - if: startsWith(github.ref, 'refs/tags/') | |
| uses: actions/download-artifact@v7 | |
| with: | |
| name: docs-archive | |
| path: docs/archive | |
| - uses: actions/download-artifact@v7 | |
| with: | |
| pattern: binaries.* | |
| merge-multiple: true | |
| path: release/dist | |
| - id: provenance | |
| uses: actions/attest-build-provenance@v3 | |
| with: | |
| subject-path: 'release/dist/*' | |
| - run: | | |
| REF=${{ github.ref_name }} | |
| mv ${{ steps.provenance.outputs.bundle-path }} release/dist/mitmproxy-${REF#v}.sigstore | |
| - run: ls docs/public | |
| - run: ls release/dist | |
| - run: ./release/deploy.py | |
| - name: Deploy to Microsoft Store (test flight) | |
| if: github.ref == 'refs/heads/citest' | |
| run: ./release/deploy-microsoft-store.py release/dist/*.msix | |
| env: | |
| MSFT_APP_FLIGHT: 174ca570-8cae-4444-9858-c07293f1f13a | |
| - name: Deploy to Microsoft Store | |
| if: startsWith(github.ref, 'refs/tags/') | |
| run: ./release/deploy-microsoft-store.py release/dist/*.msix |