From 46960fa080c63b912c76321f790573fe4995ed49 Mon Sep 17 00:00:00 2001 From: Thomas Kriechbaumer Date: Fri, 18 May 2018 10:37:56 +0200 Subject: add docker to the main repository --- .appveyor.yml | 2 +- .travis.yml | 22 +-- docker/Dockerfile | 41 ++++++ docker/README.md | 38 ++++++ docker/docker-entrypoint.sh | 13 ++ release/README.md | 20 +-- release/ci.py | 271 ------------------------------------- release/cibuild.py | 321 ++++++++++++++++++++++++++++++++++++++++++++ tox.ini | 6 +- 9 files changed, 432 insertions(+), 302 deletions(-) create mode 100644 docker/Dockerfile create mode 100644 docker/README.md create mode 100755 docker/docker-entrypoint.sh delete mode 100755 release/ci.py create mode 100755 release/cibuild.py diff --git a/.appveyor.yml b/.appveyor.yml index 90364823..5a504a28 100644 --- a/.appveyor.yml +++ b/.appveyor.yml @@ -11,6 +11,7 @@ environment: matrix: - PYTHON: "C:\\Python36" TOXENV: "py36" + PYINSTALLER: "1" install: - "SET PATH=%PYTHON%;%PYTHON%\\Scripts;%PATH%" @@ -21,7 +22,6 @@ test_script: - ps: "tox -- --verbose --cov-report=term" - ps: | $Env:VERSION = $(python -m mitmproxy.version) - $Env:SKIP_MITMPROXY = "python -c `"print('skip mitmproxy')`"" tox -e cibuild -- build - ps: | if($Env:RTOOL_KEY) { diff --git a/.travis.yml b/.travis.yml index c601955d..7ec2e789 100644 --- a/.travis.yml +++ b/.travis.yml @@ -21,9 +21,12 @@ matrix: - os: osx osx_image: xcode7.3 language: generic - env: TOXENV=py36 BDIST=1 + env: TOXENV=py36 CIBUILD=1 PYINSTALLER=1 - python: 3.6 - env: TOXENV=py36 BDIST=1 WHEEL=1 + env: TOXENV=py36 CIBUILD=1 PYINSTALLER=1 WHEEL=1 DOCKER=1 + sudo: required + services: + - docker - python: 3.6 env: TOXENV=individual_coverage - python: "3.7-dev" @@ -67,19 +70,16 @@ install: - pip install tox virtualenv setuptools script: + # All these steps MUST succeed for the job to be successful! + # Using the after_success block DOES NOT capture errors. + # Pull requests might break our build - we need to check this. + # Pull requests are not allowed to upload build artifacts - enforced by cibuild script. - tox -- --verbose --cov-report=term - | - if [[ $BDIST == "1" ]] + if [[ $CIBUILD == "1" ]] then git fetch --unshallow --tags - tox -e cibuild -- build - fi - -after_success: - - | - if [[ $BDIST == "1" ]] - then - tox -e cibuild -- upload + tox -e cibuild -- build && tox -e cibuild -- upload fi notifications: diff --git a/docker/Dockerfile b/docker/Dockerfile new file mode 100644 index 00000000..bbe88c9d --- /dev/null +++ b/docker/Dockerfile @@ -0,0 +1,41 @@ +FROM alpine:3.7 + +ENV LANG=en_US.UTF-8 + +ARG WHEEL_MITMPROXY +ARG WHEEL_BASENAME_MITMPROXY + +COPY $WHEEL_MITMPROXY /home/mitmproxy/ + +# Add our user first to make sure the ID get assigned consistently, +# regardless of whatever dependencies get added. +RUN addgroup -S mitmproxy && adduser -S -G mitmproxy mitmproxy \ + && apk add --no-cache \ + su-exec \ + git \ + g++ \ + libffi \ + libffi-dev \ + libstdc++ \ + openssl \ + openssl-dev \ + python3 \ + python3-dev \ + && python3 -m ensurepip \ + && LDFLAGS=-L/lib pip3 install -U /home/mitmproxy/${WHEEL_BASENAME_MITMPROXY} \ + && apk del --purge \ + git \ + g++ \ + libffi-dev \ + openssl-dev \ + python3-dev \ + && rm -rf ~/.cache/pip /home/mitmproxy/${WHEEL_BASENAME_MITMPROXY} + +VOLUME /home/mitmproxy/.mitmproxy + +COPY docker/docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +EXPOSE 8080 8081 + +CMD ["mitmproxy"] diff --git a/docker/README.md b/docker/README.md new file mode 100644 index 00000000..6693de45 --- /dev/null +++ b/docker/README.md @@ -0,0 +1,38 @@ +# mitmproxy + +Containerized version of [mitmproxy](https://mitmproxy.org/), an interactive SSL-capable intercepting HTTP proxy. + +# Usage + +```sh +$ docker run --rm -it [-v ~/.mitmproxy:/home/mitmproxy/.mitmproxy] -p 8080:8080 mitmproxy/mitmproxy +``` +The *volume mount* is optional: It's to store the generated CA certificates. + +Once started, mitmproxy listens as a HTTP proxy on `localhost:8080`: +```sh +$ http_proxy=http://localhost:8080/ curl http://example.com/ +$ https_proxy=http://localhost:8080/ curl -k https://example.com/ +``` + +You can also start `mitmdump` by just adding that to the end of the command-line: +```sh +$ docker run --rm -it -p 8080:8080 mitmproxy/mitmproxy mitmdump +``` + +For `mitmweb`, you also need to expose port 8081: +```sh +# this makes :8081 accessible to the local machine only +$ docker run --rm -it -p 8080:8080 -p 127.0.0.1:8081:8081 mitmproxy/mitmproxy mitmweb --web-iface 0.0.0.0 +``` + +You can also pass options directly via the CLI: +```sh +$ docker run --rm -it -p 8080:8080 mitmproxy/mitmproxy mitmdump --set ssl_insecure=true +``` + +For further details, please consult the mitmproxy [documentation](http://docs.mitmproxy.org/en/stable/). + +# Tags + +The available release tags can be seen [here](https://hub.docker.com/r/mitmproxy/mitmproxy/tags/). diff --git a/docker/docker-entrypoint.sh b/docker/docker-entrypoint.sh new file mode 100755 index 00000000..a4abe4ce --- /dev/null +++ b/docker/docker-entrypoint.sh @@ -0,0 +1,13 @@ +#!/bin/sh +set -e + +MITMPROXY_PATH="/home/mitmproxy/.mitmproxy" + +if [[ "$1" = "mitmdump" || "$1" = "mitmproxy" || "$1" = "mitmweb" ]]; then + mkdir -p "$MITMPROXY_PATH" + chown -R mitmproxy:mitmproxy "$MITMPROXY_PATH" + + su-exec mitmproxy "$@" +else + exec "$@" +fi diff --git a/release/README.md b/release/README.md index 08972076..f07357f9 100644 --- a/release/README.md +++ b/release/README.md @@ -37,22 +37,10 @@ release for! The command examples assume that you have a git remote called `brew bump-formula-pr --url https://github.com/mitmproxy/mitmproxy/archive/v` ## Docker -- Update docker-releases repo - - Create a new branch based of master for major versions. - - Update the dependencies in [alpine/requirements.txt](https://github.com/mitmproxy/docker-releases/commit/3d6a9989fde068ad0aea257823ac3d7986ff1613#diff-9b7e0eea8ae74688b1ac13ea080549ba) - * Creating a fresh venv, pip-installing the new wheel in there, and then export all packages: - * `virtualenv -ppython3.6 venv && source venv/bin/activate && pip install mitmproxy && pip freeze` - - Tag the commit with the correct version - * `v2.0.0` for new major versions - * `v2.0.2` for new patch versions -- Update `latest` tag [here](https://hub.docker.com/r/mitmproxy/mitmproxy/~/settings/automated-builds/) -- Check that the build for this tag succeeds [https://hub.docker.com/r/mitmproxy/mitmproxy/builds/](here) -- If build failed: - - Fix it and commit - - `git tag 3.0.2` the new commit - - `git push origin :refs/tags/3.0.2` to delete the old remote tag - - `git push --tags` to push the new tag - - Check the build details page again +- The docker image is built on Travis and pushed to Docker Hub automatically. +- Please check https://hub.docker.com/r/mitmproxy/mitmproxy/tags/ about the latest version +- Update `latest` tag: TODO write instructions + ## Website - Update version here: diff --git a/release/ci.py b/release/ci.py deleted file mode 100755 index a5000879..00000000 --- a/release/ci.py +++ /dev/null @@ -1,271 +0,0 @@ -#!/usr/bin/env python3 - -import glob -import re -import contextlib -import os -import platform -import sys -import shutil -import subprocess -import tarfile -import zipfile -from os.path import join, abspath, dirname, exists, basename - -import click - -# https://virtualenv.pypa.io/en/latest/userguide.html#windows-notes -# scripts and executables on Windows go in ENV\Scripts\ instead of ENV/bin/ -if platform.system() == "Windows": - VENV_BIN = "Scripts" - PYINSTALLER_ARGS = [ - # PyInstaller < 3.2 does not handle Python 3.5's ucrt correctly. - "-p", r"C:\Program Files (x86)\Windows Kits\10\Redist\ucrt\DLLs\x86", - ] -else: - VENV_BIN = "bin" - PYINSTALLER_ARGS = [] - -# ZipFile and tarfile have slightly different APIs. Fix that. -if platform.system() == "Windows": - def Archive(name): - a = zipfile.ZipFile(name, "w") - a.add = a.write - return a -else: - def Archive(name): - return tarfile.open(name, "w:gz") - -PLATFORM_TAG = { - "Darwin": "osx", - "Windows": "windows", - "Linux": "linux", -}.get(platform.system(), platform.system()) - -ROOT_DIR = abspath(join(dirname(__file__), "..")) -RELEASE_DIR = join(ROOT_DIR, "release") - -BUILD_DIR = join(RELEASE_DIR, "build") -DIST_DIR = join(RELEASE_DIR, "dist") - -PYINSTALLER_SPEC = join(RELEASE_DIR, "specs") -# PyInstaller 3.2 does not bundle pydivert's Windivert binaries -PYINSTALLER_HOOKS = join(RELEASE_DIR, "hooks") -PYINSTALLER_TEMP = join(BUILD_DIR, "pyinstaller") -PYINSTALLER_DIST = join(BUILD_DIR, "binaries", PLATFORM_TAG) - -VENV_DIR = join(BUILD_DIR, "venv") - -# Project Configuration -VERSION_FILE = join(ROOT_DIR, "mitmproxy", "version.py") -BDISTS = { - "mitmproxy": ["mitmproxy", "mitmdump", "mitmweb"], - "pathod": ["pathoc", "pathod"] -} -if platform.system() == "Windows": - BDISTS["mitmproxy"].remove("mitmproxy") - -TOOLS = [ - tool - for tools in sorted(BDISTS.values()) - for tool in tools -] - -TAG = os.environ.get("TRAVIS_TAG", os.environ.get("APPVEYOR_REPO_TAG_NAME", None)) -BRANCH = os.environ.get("TRAVIS_BRANCH", os.environ.get("APPVEYOR_REPO_BRANCH", None)) -if TAG: - VERSION = re.sub('^v', '', TAG) - UPLOAD_DIR = VERSION -elif BRANCH: - VERSION = re.sub('^v', '', BRANCH) - UPLOAD_DIR = "branches/%s" % VERSION -else: - print("Could not establish build name - exiting." % BRANCH) - sys.exit(0) - -print("BUILD VERSION=%s" % VERSION) -print("BUILD UPLOAD_DIR=%s" % UPLOAD_DIR) - - -def archive_name(bdist: str) -> str: - if platform.system() == "Windows": - ext = "zip" - else: - ext = "tar.gz" - return "{project}-{version}-{platform}.{ext}".format( - project=bdist, - version=VERSION, - platform=PLATFORM_TAG, - ext=ext - ) - - -@contextlib.contextmanager -def chdir(path: str): - old_dir = os.getcwd() - os.chdir(path) - yield - os.chdir(old_dir) - - -@click.group(chain=True) -def cli(): - """ - mitmproxy build tool - """ - pass - - -@cli.command("info") -def info(): - click.echo("Version: %s" % VERSION) - - -@cli.command("build") -def build(): - """ - Build a binary distribution - """ - os.makedirs(DIST_DIR, exist_ok=True) - if "WHEEL" in os.environ: - build_wheel() - else: - click.echo("Not building wheels.") - build_pyinstaller() - - -def build_wheel(): - click.echo("Building wheel...") - subprocess.check_call([ - "python", - "setup.py", - "-q", - "bdist_wheel", - "--dist-dir", DIST_DIR, - ]) - - whl = glob.glob(join(DIST_DIR, 'mitmproxy-*-py3-none-any.whl'))[0] - click.echo("Found wheel package: {}".format(whl)) - - subprocess.check_call([ - "tox", - "-e", "wheeltest", - "--", - whl - ]) - - -def build_pyinstaller(): - if exists(PYINSTALLER_TEMP): - shutil.rmtree(PYINSTALLER_TEMP) - if exists(PYINSTALLER_DIST): - shutil.rmtree(PYINSTALLER_DIST) - - for bdist, tools in sorted(BDISTS.items()): - with Archive(join(DIST_DIR, archive_name(bdist))) as archive: - for tool in tools: - # We can't have a folder and a file with the same name. - if tool == "mitmproxy": - tool = "mitmproxy_main" - # This is PyInstaller, so it messes up paths. - # We need to make sure that we are in the spec folder. - with chdir(PYINSTALLER_SPEC): - click.echo("Building %s binary..." % tool) - excludes = [] - if tool != "mitmweb": - excludes.append("mitmproxy.tools.web") - if tool != "mitmproxy_main": - excludes.append("mitmproxy.tools.console") - - subprocess.check_call( - [ - "pyinstaller", - "--clean", - "--workpath", PYINSTALLER_TEMP, - "--distpath", PYINSTALLER_DIST, - "--additional-hooks-dir", PYINSTALLER_HOOKS, - "--onefile", - "--console", - "--icon", "icon.ico", - # This is PyInstaller, so setting a - # different log level obviously breaks it :-) - # "--log-level", "WARN", - ] - + [x for e in excludes for x in ["--exclude-module", e]] - + PYINSTALLER_ARGS - + [tool] - ) - # Delete the spec file - we're good without. - os.remove("{}.spec".format(tool)) - - # Test if it works at all O:-) - executable = join(PYINSTALLER_DIST, tool) - if platform.system() == "Windows": - executable += ".exe" - - # Remove _main suffix from mitmproxy executable - if "_main" in executable: - shutil.move( - executable, - executable.replace("_main", "") - ) - executable = executable.replace("_main", "") - - click.echo("> %s --version" % executable) - click.echo(subprocess.check_output([executable, "--version"]).decode()) - - archive.add(executable, basename(executable)) - click.echo("Packed {}.".format(archive_name(bdist))) - - -def is_pr(): - if "TRAVIS_PULL_REQUEST" in os.environ: - if os.environ["TRAVIS_PULL_REQUEST"] == "false": - return False - return True - elif os.environ.get("APPVEYOR_PULL_REQUEST_NUMBER"): - return True - return False - - -@cli.command("upload") -def upload(): - """ - Upload build artifacts to snapshot server and - upload wheel package to PyPi - """ - # This requires some explanation. The AWS access keys are only exposed to - # privileged builds - that is, they are not available to PRs from forks. - # However, they ARE exposed to PRs from a branch within the main repo. This - # check catches that corner case, and prevents an inadvertent upload. - if is_pr(): - click.echo("Refusing to upload a pull request") - return - - if "AWS_ACCESS_KEY_ID" in os.environ: - subprocess.check_call([ - "aws", "s3", "cp", - "--acl", "public-read", - DIST_DIR + "/", - "s3://snapshots.mitmproxy.org/%s/" % UPLOAD_DIR, - "--recursive", - ]) - - upload_pypi = ( - TAG and - "WHEEL" in os.environ and - "TWINE_USERNAME" in os.environ and - "TWINE_PASSWORD" in os.environ - ) - if upload_pypi: - filename = "mitmproxy-{version}-py3-none-any.whl".format(version=VERSION) - click.echo("Uploading {} to PyPi...".format(filename)) - subprocess.check_call([ - "twine", - "upload", - join(DIST_DIR, filename) - ]) - - -if __name__ == "__main__": - cli() diff --git a/release/cibuild.py b/release/cibuild.py new file mode 100755 index 00000000..3a79affe --- /dev/null +++ b/release/cibuild.py @@ -0,0 +1,321 @@ +#!/usr/bin/env python3 + +import glob +import re +import contextlib +import os +import platform +import sys +import shutil +import subprocess +import tarfile +import zipfile +from os.path import join, abspath, dirname, exists, basename + +import click +import cryptography.fernet + +# ZipFile and tarfile have slightly different APIs. Fix that. +if platform.system() == "Windows": + def Archive(name): + a = zipfile.ZipFile(name, "w") + a.add = a.write + return a +else: + def Archive(name): + return tarfile.open(name, "w:gz") + +PLATFORM_TAG = { + "Darwin": "osx", + "Windows": "windows", + "Linux": "linux", +}.get(platform.system(), platform.system()) + +ROOT_DIR = abspath(join(dirname(__file__), "..")) +RELEASE_DIR = join(ROOT_DIR, "release") +BUILD_DIR = join(RELEASE_DIR, "build") +DIST_DIR = join(RELEASE_DIR, "dist") + +BDISTS = { + "mitmproxy": ["mitmproxy", "mitmdump", "mitmweb"], + "pathod": ["pathoc", "pathod"] +} +if platform.system() == "Windows": + BDISTS["mitmproxy"].remove("mitmproxy") + +TOOLS = [ + tool + for tools in sorted(BDISTS.values()) + for tool in tools +] + +TAG = os.environ.get("TRAVIS_TAG", os.environ.get("APPVEYOR_REPO_TAG_NAME", None)) +BRANCH = os.environ.get("TRAVIS_BRANCH", os.environ.get("APPVEYOR_REPO_BRANCH", None)) +if TAG: + VERSION = re.sub('^v', '', TAG) + UPLOAD_DIR = VERSION +elif BRANCH: + VERSION = re.sub('^v', '', BRANCH) + UPLOAD_DIR = "branches/%s" % VERSION +else: + print("Could not establish build name - exiting." % BRANCH) + sys.exit(0) + +print("BUILD PLATFORM_TAG=%s" % PLATFORM_TAG) +print("BUILD ROOT_DIR=%s" % ROOT_DIR) +print("BUILD RELEASE_DIR=%s" % RELEASE_DIR) +print("BUILD BUILD_DIR=%s" % BUILD_DIR) +print("BUILD DIST_DIR=%s" % DIST_DIR) +print("BUILD BDISTS=%s" % BDISTS) +print("BUILD TAG=%s" % TAG) +print("BUILD BRANCH=%s" % BRANCH) +print("BUILD VERSION=%s" % VERSION) +print("BUILD UPLOAD_DIR=%s" % UPLOAD_DIR) + + +def archive_name(bdist: str) -> str: + if platform.system() == "Windows": + ext = "zip" + else: + ext = "tar.gz" + return "{project}-{version}-{platform}.{ext}".format( + project=bdist, + version=VERSION, + platform=PLATFORM_TAG, + ext=ext + ) + + +@contextlib.contextmanager +def chdir(path: str): + old_dir = os.getcwd() + os.chdir(path) + yield + os.chdir(old_dir) + + +@click.group(chain=True) +def cli(): + """ + mitmproxy build tool + """ + pass + + +@cli.command("build") +def build(): + """ + Build a binary distribution + """ + os.makedirs(DIST_DIR, exist_ok=True) + + if "WHEEL" in os.environ: + whl = build_wheel() + else: + click.echo("Not building wheels.") + + if "WHEEL" in os.environ and "DOCKER" in os.environ: + # Docker image requires wheels + build_docker_image(whl) + else: + click.echo("Not building Docker image.") + + if "PYINSTALLER" in os.environ: + build_pyinstaller() + else: + click.echo("Not building PyInstaller packages.") + + +def build_wheel(): + click.echo("Building wheel...") + subprocess.check_call([ + "python", + "setup.py", + "-q", + "bdist_wheel", + "--dist-dir", DIST_DIR, + ]) + + whl = glob.glob(join(DIST_DIR, 'mitmproxy-*-py3-none-any.whl'))[0] + click.echo("Found wheel package: {}".format(whl)) + + subprocess.check_call([ + "tox", + "-e", "wheeltest", + "--", + whl + ]) + + return whl + + +def build_docker_image(whl): + click.echo("Building Docker image...") + subprocess.check_call([ + "docker", + "build", + "--build-arg", "WHEEL_MITMPROXY={}".format(os.path.relpath(whl, ROOT_DIR)), + "--build-arg", "WHEEL_BASENAME_MITMPROXY={}".format(basename(whl)), + "--file", "docker/Dockerfile", + "." + ]) + + +def build_pyinstaller(): + PYINSTALLER_SPEC = join(RELEASE_DIR, "specs") + # PyInstaller 3.2 does not bundle pydivert's Windivert binaries + PYINSTALLER_HOOKS = join(RELEASE_DIR, "hooks") + PYINSTALLER_TEMP = join(BUILD_DIR, "pyinstaller") + PYINSTALLER_DIST = join(BUILD_DIR, "binaries", PLATFORM_TAG) + + # https://virtualenv.pypa.io/en/latest/userguide.html#windows-notes + # scripts and executables on Windows go in ENV\Scripts\ instead of ENV/bin/ + if platform.system() == "Windows": + PYINSTALLER_ARGS = [ + # PyInstaller < 3.2 does not handle Python 3.5's ucrt correctly. + "-p", r"C:\Program Files (x86)\Windows Kits\10\Redist\ucrt\DLLs\x86", + ] + else: + PYINSTALLER_ARGS = [] + + if exists(PYINSTALLER_TEMP): + shutil.rmtree(PYINSTALLER_TEMP) + if exists(PYINSTALLER_DIST): + shutil.rmtree(PYINSTALLER_DIST) + + for bdist, tools in sorted(BDISTS.items()): + with Archive(join(DIST_DIR, archive_name(bdist))) as archive: + for tool in tools: + # We can't have a folder and a file with the same name. + if tool == "mitmproxy": + tool = "mitmproxy_main" + # This is PyInstaller, so it messes up paths. + # We need to make sure that we are in the spec folder. + with chdir(PYINSTALLER_SPEC): + click.echo("Building PyInstaller %s binary..." % tool) + excludes = [] + if tool != "mitmweb": + excludes.append("mitmproxy.tools.web") + if tool != "mitmproxy_main": + excludes.append("mitmproxy.tools.console") + + subprocess.check_call( + [ + "pyinstaller", + "--clean", + "--workpath", PYINSTALLER_TEMP, + "--distpath", PYINSTALLER_DIST, + "--additional-hooks-dir", PYINSTALLER_HOOKS, + "--onefile", + "--console", + "--icon", "icon.ico", + # This is PyInstaller, so setting a + # different log level obviously breaks it :-) + # "--log-level", "WARN", + ] + + [x for e in excludes for x in ["--exclude-module", e]] + + PYINSTALLER_ARGS + + [tool] + ) + # Delete the spec file - we're good without. + os.remove("{}.spec".format(tool)) + + # Test if it works at all O:-) + executable = join(PYINSTALLER_DIST, tool) + if platform.system() == "Windows": + executable += ".exe" + + # Remove _main suffix from mitmproxy executable + if "_main" in executable: + shutil.move( + executable, + executable.replace("_main", "") + ) + executable = executable.replace("_main", "") + + click.echo("> %s --version" % executable) + click.echo(subprocess.check_output([executable, "--version"]).decode()) + + archive.add(executable, basename(executable)) + click.echo("Packed {}.".format(archive_name(bdist))) + + +@cli.command("upload") +def upload(): + """ + Upload build artifacts + + Uploads the wheels package to PyPi. + Uploads the Pyinstaller and wheels packages to the snapshot server. + Pushes the Docker image to Docker Hub. + """ + + # Our credentials are only available from within the main repository and not forks. + # We need to prevent uploads from all BUT the branches in the main repository. + # Pull requests and master-branches of forks are not allowed to upload. + is_pull_request = ( + ("TRAVIS_PULL_REQUEST" in os.environ and os.environ["TRAVIS_PULL_REQUEST"] != "false") or + "APPVEYOR_PULL_REQUEST_NUMBER" in os.environ + ) + if is_pull_request: + click.echo("Refusing to upload artifacts from a pull request!") + return + + if "AWS_ACCESS_KEY_ID" in os.environ: + subprocess.check_call([ + "aws", "s3", "cp", + "--acl", "public-read", + DIST_DIR + "/", + "s3://snapshots.mitmproxy.org/{}/".format(UPLOAD_DIR), + "--recursive", + ]) + + upload_pypi = ( + TAG and + "WHEEL" in os.environ and + "TWINE_USERNAME" in os.environ and + "TWINE_PASSWORD" in os.environ + ) + if upload_pypi: + whl = glob.glob(join(DIST_DIR, 'mitmproxy-*-py3-none-any.whl'))[0] + click.echo("Uploading {} to PyPi...".format(whl)) + subprocess.check_call([ + "twine", + "upload", + whl + ]) + + upload_docker = ( + (TAG or BRANCH == "master") and + "DOCKER" in os.environ and + "DOCKER_USERNAME" in os.environ and + "DOCKER_PASSWORD" in os.environ + ) + if upload_docker: + docker_tag = "dev" if BRANCH == "master" else VERSION + + click.echo("Uploading Docker image to tag={}...".format(docker_tag)) + subprocess.check_call([ + "docker", + "login", + "-u", os.environ["DOCKER_USERNAME"], + "-p", os.environ["DOCKER_PASSWORD"], + ]) + subprocess.check_call([ + "docker", + "push", + "mitmproxy/mitmproxy:{}".format(docker_tag), + ]) + + +@cli.command("decrypt") +@click.argument('infile', type=click.File('rb')) +@click.argument('outfile', type=click.File('wb')) +@click.argument('key', envvar='RTOOL_KEY') +def decrypt(infile, outfile, key): + f = cryptography.fernet.Fernet(key.encode()) + outfile.write(f.decrypt(infile.read())) + + +if __name__ == "__main__": + cli() diff --git a/tox.ini b/tox.ini index 3ec5a387..64dfa78e 100644 --- a/tox.ini +++ b/tox.ini @@ -33,7 +33,7 @@ commands = python ./test/individual_coverage.py [testenv:cibuild] -passenv = TRAVIS_* AWS_* APPVEYOR_* TWINE_* RTOOL_KEY WHEEL +passenv = TRAVIS_* APPVEYOR_* AWS_* TWINE_* DOCKER_* RTOOL_KEY WHEEL DOCKER PYINSTALLER deps = -rrequirements.txt pyinstaller==3.3.1 @@ -41,7 +41,7 @@ deps = awscli commands = mitmdump --version - python ./release/ci.py {posargs} + python ./release/cibuild.py {posargs} [testenv:wheeltest] recreate = True @@ -55,7 +55,7 @@ commands = pathoc --version [testenv:docs] -passenv = TRAVIS_* AWS_* APPVEYOR_* RTOOL_KEY WHEEL +passenv = TRAVIS_* APPVEYOR_* AWS_* deps = -rrequirements.txt awscli -- cgit v1.2.3