544 lines
18 KiB
Python
Executable File
544 lines
18 KiB
Python
Executable File
#!/usr/bin/env python3
|
|
|
|
import contextlib
|
|
import glob
|
|
import os
|
|
import pathlib
|
|
import platform
|
|
import re
|
|
import shutil
|
|
import subprocess
|
|
import sys
|
|
import tarfile
|
|
import urllib.request
|
|
import zipfile
|
|
|
|
import click
|
|
import parver
|
|
|
|
import cryptography.fernet
|
|
|
|
|
|
@contextlib.contextmanager
|
|
def chdir(path: str): # pragma: no cover
|
|
old_dir = os.getcwd()
|
|
os.chdir(path)
|
|
yield
|
|
os.chdir(old_dir)
|
|
|
|
|
|
class BuildError(Exception):
|
|
pass
|
|
|
|
|
|
def bool_from_env(envvar: str) -> bool:
|
|
val = os.environ.get(envvar, "")
|
|
if not val or val.lower() in ("0", "false"):
|
|
return False
|
|
else:
|
|
return True
|
|
|
|
|
|
class BuildEnviron:
|
|
PLATFORM_TAGS = {
|
|
"Darwin": "osx",
|
|
"Windows": "windows",
|
|
"Linux": "linux",
|
|
}
|
|
|
|
def __init__(
|
|
self,
|
|
*,
|
|
system="",
|
|
root_dir="",
|
|
github_ref="",
|
|
github_event_name="",
|
|
should_build_wheel=False,
|
|
should_build_docker=False,
|
|
should_build_pyinstaller=False,
|
|
should_build_wininstaller=False,
|
|
has_aws_creds=False,
|
|
has_twine_creds=False,
|
|
docker_username="",
|
|
docker_password="",
|
|
build_key="",
|
|
):
|
|
self.system = system
|
|
self.root_dir = root_dir
|
|
|
|
self.should_build_wheel = should_build_wheel
|
|
self.should_build_docker = should_build_docker
|
|
self.should_build_pyinstaller = should_build_pyinstaller
|
|
self.should_build_wininstaller = should_build_wininstaller
|
|
|
|
self.github_ref = github_ref
|
|
self.github_event_name = github_event_name
|
|
|
|
self.has_aws_creds = has_aws_creds
|
|
self.has_twine_creds = has_twine_creds
|
|
self.docker_username = docker_username
|
|
self.docker_password = docker_password
|
|
self.build_key = build_key
|
|
|
|
@classmethod
|
|
def from_env(cls):
|
|
return cls(
|
|
system=platform.system(),
|
|
root_dir=os.path.normpath(os.path.join(os.path.dirname(__file__), "..")),
|
|
github_ref=os.environ.get("GITHUB_REF", ""),
|
|
github_event_name=os.environ.get("GITHUB_EVENT_NAME", ""),
|
|
should_build_wheel=bool_from_env("CI_BUILD_WHEEL"),
|
|
should_build_pyinstaller=bool_from_env("CI_BUILD_PYINSTALLER"),
|
|
should_build_wininstaller=bool_from_env("CI_BUILD_WININSTALLER"),
|
|
should_build_docker=bool_from_env("CI_BUILD_DOCKER"),
|
|
has_aws_creds=bool_from_env("AWS_ACCESS_KEY_ID"),
|
|
has_twine_creds=bool_from_env("TWINE_USERNAME") and bool_from_env("TWINE_PASSWORD"),
|
|
docker_username=os.environ.get("DOCKER_USERNAME", ""),
|
|
docker_password=os.environ.get("DOCKER_PASSWORD", ""),
|
|
build_key=os.environ.get("CI_BUILD_KEY", ""),
|
|
)
|
|
|
|
def archive(self, path):
|
|
# ZipFile and tarfile have slightly different APIs. Fix that.
|
|
if self.system == "Windows":
|
|
a = zipfile.ZipFile(path, "w")
|
|
a.add = a.write
|
|
return a
|
|
else:
|
|
return tarfile.open(path, "w:gz")
|
|
|
|
def archive_name(self, bdist: str) -> str:
|
|
if self.system == "Windows":
|
|
ext = "zip"
|
|
else:
|
|
ext = "tar.gz"
|
|
return "{project}-{version}-{platform}.{ext}".format(
|
|
project=bdist,
|
|
version=self.version,
|
|
platform=self.platform_tag,
|
|
ext=ext
|
|
)
|
|
|
|
@property
|
|
def bdists(self):
|
|
ret = {
|
|
"mitmproxy": ["mitmproxy", "mitmdump", "mitmweb"],
|
|
}
|
|
if self.system == "Windows":
|
|
ret["mitmproxy"].remove("mitmproxy")
|
|
return ret
|
|
|
|
@property
|
|
def branch(self) -> str:
|
|
if self.github_ref and self.github_ref.startswith("refs/heads/"):
|
|
return self.github_ref.replace("refs/heads/", "")
|
|
if self.github_ref and self.github_ref.startswith("refs/pull/"):
|
|
return "pr-" + self.github_ref.split("/")[2]
|
|
return ""
|
|
|
|
@property
|
|
def build_dir(self) -> str:
|
|
return os.path.join(self.release_dir, "build")
|
|
|
|
@property
|
|
def dist_dir(self) -> str:
|
|
return os.path.join(self.release_dir, "dist")
|
|
|
|
@property
|
|
def docker_tag(self) -> str:
|
|
if self.branch == "master":
|
|
t = "dev"
|
|
else:
|
|
t = self.version
|
|
return f"mitmproxy/mitmproxy:{t}"
|
|
|
|
def dump_info(self, fp=sys.stdout) -> None:
|
|
lst = [
|
|
"version",
|
|
"tag",
|
|
"branch",
|
|
"platform_tag",
|
|
"root_dir",
|
|
"release_dir",
|
|
"build_dir",
|
|
"dist_dir",
|
|
"bdists",
|
|
"upload_dir",
|
|
"should_build_wheel",
|
|
"should_build_pyinstaller",
|
|
"should_build_wininstaller",
|
|
"should_build_docker",
|
|
"should_upload_aws",
|
|
"should_upload_docker",
|
|
"should_upload_pypi",
|
|
]
|
|
for attr in lst:
|
|
print(f"cibuild.{attr}={getattr(self, attr)}", file=fp)
|
|
|
|
def check_version(self) -> None:
|
|
"""
|
|
Check that version numbers match our conventions.
|
|
Raises a ValueError if there is a mismatch.
|
|
"""
|
|
with open(pathlib.Path(self.root_dir) / "mitmproxy" / "version.py") as f:
|
|
contents = f.read()
|
|
match = re.search(r'^VERSION = "(.+?)"', contents, re.M)
|
|
assert match
|
|
version = match.group(1)
|
|
|
|
if self.is_prod_release:
|
|
# For production releases, we require strict version equality
|
|
if self.version != version:
|
|
raise ValueError(f"Tag is {self.tag}, but mitmproxy/version.py is {version}.")
|
|
elif not self.is_maintenance_branch:
|
|
# Commits on maintenance branches don't need the dev suffix. This
|
|
# allows us to incorporate and test commits between tagged releases.
|
|
# For snapshots, we only ensure that mitmproxy/version.py contains a
|
|
# dev release.
|
|
version_info = parver.Version.parse(version)
|
|
if not version_info.is_devrelease:
|
|
raise ValueError(f"Non-production releases must have dev suffix: {version}")
|
|
|
|
@property
|
|
def is_maintenance_branch(self) -> bool:
|
|
"""
|
|
Is this an untagged commit on a maintenance branch?
|
|
"""
|
|
if not self.tag and self.branch and re.match(r"v\d+\.x", self.branch):
|
|
return True
|
|
return False
|
|
|
|
@property
|
|
def has_docker_creds(self) -> bool:
|
|
return bool(self.docker_username and self.docker_password)
|
|
|
|
@property
|
|
def is_prod_release(self) -> bool:
|
|
if not (self.tag and self.tag.startswith("v")):
|
|
return False
|
|
try:
|
|
v = parver.Version.parse(self.version, strict=True)
|
|
except (parver.ParseError, BuildError):
|
|
return False
|
|
return not v.is_prerelease
|
|
|
|
@property
|
|
def is_pull_request(self) -> bool:
|
|
if self.github_event_name == "pull_request":
|
|
return True
|
|
return False
|
|
|
|
@property
|
|
def platform_tag(self) -> str:
|
|
if self.system in self.PLATFORM_TAGS:
|
|
return self.PLATFORM_TAGS[self.system]
|
|
raise BuildError("Unsupported platform: %s" % self.system)
|
|
|
|
@property
|
|
def release_dir(self) -> str:
|
|
return os.path.join(self.root_dir, "release")
|
|
|
|
@property
|
|
def should_upload_docker(self) -> bool:
|
|
return all([
|
|
(self.is_prod_release or self.branch == "master"),
|
|
self.should_build_docker,
|
|
self.has_docker_creds,
|
|
])
|
|
|
|
@property
|
|
def should_upload_aws(self) -> bool:
|
|
return all([
|
|
self.has_aws_creds,
|
|
(self.should_build_wheel or self.should_build_pyinstaller or self.should_build_wininstaller),
|
|
])
|
|
|
|
@property
|
|
def should_upload_pypi(self) -> bool:
|
|
return all([
|
|
self.is_prod_release,
|
|
self.should_build_wheel,
|
|
self.has_twine_creds,
|
|
])
|
|
|
|
@property
|
|
def tag(self) -> str:
|
|
if self.github_ref and self.github_ref.startswith("refs/tags/"):
|
|
return self.github_ref.replace("refs/tags/", "")
|
|
return ""
|
|
|
|
@property
|
|
def upload_dir(self) -> str:
|
|
if self.tag:
|
|
return self.version
|
|
else:
|
|
return "branches/%s" % self.version
|
|
|
|
@property
|
|
def version(self) -> str:
|
|
if self.tag:
|
|
if self.tag.startswith("v"):
|
|
try:
|
|
parver.Version.parse(self.tag[1:], strict=True)
|
|
except parver.ParseError:
|
|
return self.tag
|
|
return self.tag[1:]
|
|
return self.tag
|
|
elif self.branch:
|
|
return self.branch
|
|
else:
|
|
raise BuildError("We're on neither a tag nor a branch - could not establish version")
|
|
|
|
|
|
def build_wheel(be: BuildEnviron): # pragma: no cover
|
|
click.echo("Building wheel...")
|
|
subprocess.check_call([
|
|
"python",
|
|
"setup.py",
|
|
"-q",
|
|
"bdist_wheel",
|
|
"--dist-dir", be.dist_dir,
|
|
])
|
|
whl, = glob.glob(os.path.join(be.dist_dir, 'mitmproxy-*-py3-none-any.whl'))
|
|
click.echo(f"Found wheel package: {whl}")
|
|
subprocess.check_call(["tox", "-e", "wheeltest", "--", whl])
|
|
return whl
|
|
|
|
|
|
def build_docker_image(be: BuildEnviron): # pragma: no cover
|
|
whl, = glob.glob(os.path.join(be.dist_dir, 'mitmproxy-*-py3-none-any.whl'))
|
|
whl = str(pathlib.Path(whl).relative_to(pathlib.Path(".").absolute()))
|
|
click.echo("Building Docker images...")
|
|
subprocess.check_call([
|
|
"docker",
|
|
"build",
|
|
"--tag", be.docker_tag,
|
|
"--build-arg", f"WHEEL_MITMPROXY={whl}",
|
|
"--build-arg", "WHEEL_BASENAME_MITMPROXY={}".format(os.path.basename(whl)),
|
|
"--file", "release/docker/Dockerfile",
|
|
"."
|
|
])
|
|
# smoke-test the newly built docker image
|
|
r = subprocess.run([
|
|
"docker",
|
|
"run",
|
|
"--rm",
|
|
be.docker_tag,
|
|
"mitmdump",
|
|
"--version",
|
|
], check=True, capture_output=True)
|
|
print(r.stdout.decode())
|
|
assert "Mitmproxy: " in r.stdout.decode()
|
|
|
|
|
|
def build_pyinstaller(be: BuildEnviron): # pragma: no cover
|
|
click.echo("Building pyinstaller package...")
|
|
|
|
PYINSTALLER_SPEC = os.path.join(be.release_dir, "specs")
|
|
# PyInstaller 3.2 does not bundle pydivert's Windivert binaries
|
|
PYINSTALLER_HOOKS = os.path.abspath(os.path.join(be.release_dir, "hooks"))
|
|
PYINSTALLER_TEMP = os.path.abspath(os.path.join(be.build_dir, "pyinstaller"))
|
|
PYINSTALLER_DIST = os.path.abspath(os.path.join(be.build_dir, "binaries", be.platform_tag))
|
|
|
|
# https://virtualenv.pypa.io/en/latest/userguide.html#windows-notes
|
|
# scripts and executables on Windows go in ENV\Scripts\ instead of ENV/bin/
|
|
if platform.system() == "Windows":
|
|
PYINSTALLER_ARGS = [
|
|
# PyInstaller < 3.2 does not handle Python 3.5's ucrt correctly.
|
|
"-p", r"C:\Program Files (x86)\Windows Kits\10\Redist\ucrt\DLLs\x86",
|
|
]
|
|
else:
|
|
PYINSTALLER_ARGS = []
|
|
|
|
if os.path.exists(PYINSTALLER_TEMP):
|
|
shutil.rmtree(PYINSTALLER_TEMP)
|
|
if os.path.exists(PYINSTALLER_DIST):
|
|
shutil.rmtree(PYINSTALLER_DIST)
|
|
|
|
for bdist, tools in sorted(be.bdists.items()):
|
|
with be.archive(os.path.join(be.dist_dir, be.archive_name(bdist))) as archive:
|
|
for tool in tools:
|
|
# We can't have a folder and a file with the same name.
|
|
if tool == "mitmproxy":
|
|
tool = "mitmproxy_main"
|
|
# This is PyInstaller, so it messes up paths.
|
|
# We need to make sure that we are in the spec folder.
|
|
with chdir(PYINSTALLER_SPEC):
|
|
click.echo("Building PyInstaller %s binary..." % tool)
|
|
excludes = []
|
|
if tool != "mitmweb":
|
|
excludes.append("mitmproxy.tools.web")
|
|
if tool != "mitmproxy_main":
|
|
excludes.append("mitmproxy.tools.console")
|
|
|
|
subprocess.check_call(
|
|
[
|
|
"pyinstaller",
|
|
"--clean",
|
|
"--workpath", PYINSTALLER_TEMP,
|
|
"--distpath", PYINSTALLER_DIST,
|
|
"--additional-hooks-dir", PYINSTALLER_HOOKS,
|
|
"--onefile",
|
|
"--console",
|
|
"--icon", "icon.ico",
|
|
# This is PyInstaller, so setting a
|
|
# different log level obviously breaks it :-)
|
|
# "--log-level", "WARN",
|
|
]
|
|
+ [x for e in excludes for x in ["--exclude-module", e]]
|
|
+ PYINSTALLER_ARGS
|
|
+ [tool]
|
|
)
|
|
# Delete the spec file - we're good without.
|
|
os.remove(f"{tool}.spec")
|
|
|
|
# Test if it works at all O:-)
|
|
executable = os.path.join(PYINSTALLER_DIST, tool)
|
|
if platform.system() == "Windows":
|
|
executable += ".exe"
|
|
|
|
# Remove _main suffix from mitmproxy executable
|
|
if "_main" in executable:
|
|
shutil.move(
|
|
executable,
|
|
executable.replace("_main", "")
|
|
)
|
|
executable = executable.replace("_main", "")
|
|
|
|
click.echo("> %s --version" % executable)
|
|
click.echo(subprocess.check_output([executable, "--version"]).decode())
|
|
|
|
archive.add(executable, os.path.basename(executable))
|
|
click.echo("Packed {}.".format(be.archive_name(bdist)))
|
|
|
|
|
|
def build_wininstaller(be: BuildEnviron): # pragma: no cover
|
|
if not be.build_key:
|
|
click.echo("Cannot build windows installer without secret key.")
|
|
return
|
|
click.echo("Building wininstaller package...")
|
|
|
|
IB_VERSION = "20.9.0"
|
|
IB_DIR = pathlib.Path(be.release_dir) / "installbuilder"
|
|
IB_SETUP = IB_DIR / "setup" / f"{IB_VERSION}-installer.exe"
|
|
IB_CLI = fr"C:\Program Files (x86)\VMware InstallBuilder Enterprise {IB_VERSION}\bin\builder-cli.exe"
|
|
IB_LICENSE = IB_DIR / "license.xml"
|
|
|
|
if not os.path.isfile(IB_CLI):
|
|
if not os.path.isfile(IB_SETUP):
|
|
click.echo("Downloading InstallBuilder...")
|
|
|
|
def report(block, blocksize, total):
|
|
done = block * blocksize
|
|
if round(100 * done / total) != round(100 * (done - blocksize) / total):
|
|
click.secho(f"Downloading... {round(100 * done / total)}%")
|
|
|
|
urllib.request.urlretrieve(
|
|
f"https://clients.bitrock.com/installbuilder/installbuilder-enterprise-{IB_VERSION}-windows-installer.exe",
|
|
IB_SETUP.with_suffix(".tmp"),
|
|
reporthook=report
|
|
)
|
|
shutil.move(str(IB_SETUP.with_suffix(".tmp")), str(IB_SETUP))
|
|
|
|
click.echo("Install InstallBuilder...")
|
|
subprocess.run([str(IB_SETUP), "--mode", "unattended", "--unattendedmodeui", "none"], check=True)
|
|
assert os.path.isfile(IB_CLI)
|
|
|
|
click.echo("Decrypt InstallBuilder license...")
|
|
f = cryptography.fernet.Fernet(be.build_key.encode())
|
|
with open(IB_LICENSE.with_suffix(".xml.enc"), "rb") as infile, \
|
|
open(IB_LICENSE, "wb") as outfile:
|
|
outfile.write(f.decrypt(infile.read()))
|
|
|
|
click.echo("Run InstallBuilder...")
|
|
subprocess.run([
|
|
IB_CLI,
|
|
"build",
|
|
str(IB_DIR / "mitmproxy.xml"),
|
|
"windows",
|
|
"--license", str(IB_LICENSE),
|
|
"--setvars", f"project.version={be.version}",
|
|
"--verbose"
|
|
], check=True)
|
|
assert os.path.isfile(
|
|
os.path.join(be.dist_dir, f"mitmproxy-{be.version}-windows-installer.exe"))
|
|
|
|
|
|
@click.group(chain=True)
|
|
def cli(): # pragma: no cover
|
|
"""
|
|
mitmproxy build tool
|
|
"""
|
|
pass
|
|
|
|
|
|
@cli.command("build")
|
|
def build(): # pragma: no cover
|
|
"""
|
|
Build a binary distribution
|
|
"""
|
|
be = BuildEnviron.from_env()
|
|
be.dump_info()
|
|
|
|
be.check_version()
|
|
os.makedirs(be.dist_dir, exist_ok=True)
|
|
|
|
if be.should_build_wheel:
|
|
build_wheel(be)
|
|
if be.should_build_docker:
|
|
build_docker_image(be)
|
|
if be.should_build_pyinstaller:
|
|
build_pyinstaller(be)
|
|
if be.should_build_wininstaller:
|
|
build_wininstaller(be)
|
|
|
|
|
|
@cli.command("upload")
|
|
def upload(): # pragma: no cover
|
|
"""
|
|
Upload build artifacts
|
|
|
|
Uploads the wheels package to PyPi.
|
|
Uploads the Pyinstaller and wheels packages to the snapshot server.
|
|
Pushes the Docker image to Docker Hub.
|
|
"""
|
|
be = BuildEnviron.from_env()
|
|
be.dump_info()
|
|
|
|
if be.is_pull_request:
|
|
click.echo("Refusing to upload artifacts from a pull request!")
|
|
return
|
|
|
|
if be.should_upload_aws:
|
|
num_files = len([name for name in os.listdir(be.dist_dir) if os.path.isfile(name)])
|
|
click.echo(f"Uploading {num_files} files to AWS dir {be.upload_dir}...")
|
|
subprocess.check_call([
|
|
"aws", "s3", "cp",
|
|
"--acl", "public-read",
|
|
be.dist_dir + "/",
|
|
f"s3://snapshots.mitmproxy.org/{be.upload_dir}/",
|
|
"--recursive",
|
|
])
|
|
|
|
if be.should_upload_pypi:
|
|
whl = glob.glob(os.path.join(be.dist_dir, 'mitmproxy-*-py3-none-any.whl'))[0]
|
|
click.echo(f"Uploading {whl} to PyPi...")
|
|
subprocess.check_call(["twine", "upload", whl])
|
|
|
|
if be.should_upload_docker:
|
|
click.echo(f"Uploading Docker image to tag={be.docker_tag}...")
|
|
subprocess.check_call([
|
|
"docker",
|
|
"login",
|
|
"-u", be.docker_username,
|
|
"-p", be.docker_password,
|
|
])
|
|
subprocess.check_call(["docker", "push", be.docker_tag])
|
|
if be.is_prod_release:
|
|
subprocess.check_call(["docker", "tag", be.docker_tag, "mitmproxy/mitmproxy:latest"])
|
|
subprocess.check_call(["docker", "push", "mitmproxy/mitmproxy:latest"])
|
|
|
|
|
|
if __name__ == "__main__": # pragma: no cover
|
|
cli()
|