🔖 Release 2.2.900 #146
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
push: | |
branches: | |
- main | |
pull_request: | |
permissions: "read-all" | |
concurrency: | |
group: ci-${{ github.ref_name }} | |
cancel-in-progress: true | |
defaults: | |
run: | |
shell: bash | |
jobs: | |
package: | |
runs-on: ubuntu-latest | |
timeout-minutes: 10 | |
steps: | |
- name: "Checkout repository" | |
uses: "actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608" | |
- name: "Setup Python" | |
uses: "actions/setup-python@61a6322f88396a6271a6ee3565807d608ecaddd1" | |
with: | |
python-version: "3.x" | |
cache: "pip" | |
- name: "Check packages" | |
run: | | |
python -m pip install -U pip setuptools wheel build twine rstcheck | |
python -m build | |
rstcheck CHANGES.rst | |
python -m twine check dist/* | |
test: | |
strategy: | |
fail-fast: false | |
matrix: | |
python-version: ["3.7", "3.8", "3.9", "3.10", "3.11", "3.12"] | |
os: | |
- macos-latest | |
- windows-latest | |
- ubuntu-20.04 # OpenSSL 1.1.1 | |
- ubuntu-latest # OpenSSL 3.0 | |
nox-session: [''] | |
include: | |
- experimental: false | |
traefik-server: true | |
- python-version: "pypy-3.7" | |
os: ubuntu-latest | |
experimental: false | |
nox-session: test-pypy | |
- python-version: "pypy-3.8" | |
os: ubuntu-latest | |
experimental: false | |
nox-session: test-pypy | |
traefik-server: true | |
- python-version: "pypy-3.9" | |
os: ubuntu-latest | |
experimental: false | |
nox-session: test-pypy | |
traefik-server: true | |
- python-version: "pypy-3.10" | |
os: ubuntu-latest | |
experimental: false | |
nox-session: test-pypy | |
traefik-server: true | |
- python-version: "3.x" | |
os: ubuntu-latest | |
experimental: false | |
nox-session: test_brotlipy | |
# Test CPython with a broken hostname_checks_common_name (the fix is in 3.9.3) | |
- python-version: "3.9.2" | |
os: ubuntu-20.04 # CPython 3.9.2 is not available for ubuntu-22.04. | |
experimental: false | |
nox-session: test-3.9 | |
exclude: | |
# Ubuntu 22.04 comes with OpenSSL 3.0, so only CPython 3.9+ is compatible with it | |
# https://github.com/python/cpython/issues/83001 | |
- python-version: "3.7" | |
os: ubuntu-22.04 | |
- python-version: "3.8" | |
os: ubuntu-22.04 | |
runs-on: ${{ matrix.os }} | |
name: ${{ fromJson('{"macos-latest":"macOS","windows-latest":"Windows","ubuntu-latest":"Ubuntu","ubuntu-20.04":"Ubuntu 20.04 (OpenSSL 1.1.1)","ubuntu-latest":"Ubuntu Latest (OpenSSL 3+)"}')[matrix.os] }} ${{ matrix.python-version }} ${{ matrix.nox-session }} | |
continue-on-error: ${{ matrix.experimental }} | |
timeout-minutes: 40 | |
steps: | |
- name: "Checkout repository" | |
uses: "actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608" | |
- name: "Traefik: Prerequisites - CA, Host, Tools (Linux)" | |
if: ${{ matrix.traefik-server && contains(matrix.os, 'ubuntu') }} | |
run: | | |
mkdir ./certs | |
pip install trustme | |
python -m trustme -i httpbin.local alt.httpbin.local -d ./certs | |
mv ./certs/server.pem ./certs/httpbin.local.pem | |
mv ./certs/server.key ./certs/httpbin.local.key | |
mv ./certs/client.pem ./rootCA.pem | |
echo "127.0.0.1 httpbin.local alt.httpbin.local" | sudo tee -a /etc/hosts | |
# - name: "Traefik: Prerequisites - CA, Host, Tools (Windows)" | |
# if: ${{ matrix.traefik-server && contains(matrix.os, 'windows') }} | |
# run: | | |
# mkdir ./certs | |
# pip install trustme | |
# python -m trustme -i httpbin.local alt.httpbin.local -d ./certs | |
# mv ./certs/server.pem ./certs/httpbin.local.pem | |
# mv ./certs/server.key ./certs/httpbin.local.key | |
# mv ./certs/client.pem ./rootCA.pem | |
# echo 127.0.0.1 httpbin.local alt.httpbin.local >> %WinDir%\system32\drivers\etc\hosts | |
# choco install -y curl | |
- name: "Traefik: Prerequisites - CA, Host, Tools (MacOS)" | |
if: ${{ matrix.traefik-server && contains(matrix.os, 'mac') }} | |
run: | | |
sudo security authorizationdb write com.apple.trust-settings.admin allow | |
mkdir ./certs | |
pip install trustme | |
python -m trustme -i httpbin.local alt.httpbin.local -d ./certs | |
mv ./certs/server.pem ./certs/httpbin.local.pem | |
mv ./certs/server.key ./certs/httpbin.local.key | |
mv ./certs/client.pem ./rootCA.pem | |
brew install curl | |
brew install docker | |
brew install docker-compose | |
colima start --network-address | |
colima list | |
echo "192.168.106.2 httpbin.local alt.httpbin.local" | sudo tee -a /etc/hosts | |
- name: "Traefik: Produce Compose & Config" | |
if: ${{ matrix.traefik-server && !contains(matrix.os, 'windows') }} | |
env: | |
TRAEFIK_CERTIFICATE_TOML: | | |
[[tls.certificates]] | |
certFile = "/certs/httpbin.local.pem" | |
keyFile = "/certs/httpbin.local.key" | |
TRAEFIK_COMPOSE_SCHEMA: | | |
services: | |
proxy: | |
image: traefik:v2.10.4 | |
restart: unless-stopped | |
healthcheck: | |
test: [ "CMD", "traefik" ,"healthcheck", "--ping" ] | |
interval: 3s | |
timeout: 3s | |
retries: 10 | |
ports: | |
- target: 8888 | |
published: 8888 | |
protocol: tcp | |
mode: host | |
- target: 4443 | |
published: 4443 | |
protocol: tcp | |
mode: host | |
- target: 4443 | |
published: 4443 | |
protocol: udp | |
mode: host | |
- target: 9999 | |
published: 9999 | |
protocol: tcp | |
mode: host | |
- target: 8754 | |
published: 8754 | |
protocol: tcp | |
mode: host | |
volumes: | |
- /var/run/docker.sock:/var/run/docker.sock | |
- ./certs:/certs | |
command: | |
# Enable Docker in Traefik, so that it reads labels from Docker services | |
- --providers.docker | |
# TLS providers | |
- --providers.file.directory=/certs/ | |
# Auto discovery | |
- --providers.file.watch=true | |
# Do not expose all Docker services, only the ones explicitly exposed | |
- --providers.docker.exposedbydefault=false | |
# Create an entrypoint "http" listening on port 8080 | |
- --entrypoints.http.address=:8888 | |
# Create an entrypoint "https" listening on port 4443 | |
- --entrypoints.https.address=:4443 | |
# Create alt-no-quic entrypoints | |
- --entrypoints.alt-http.address=:9999 | |
- --entrypoints.alt-https.address=:8754 | |
# QUIC Related Configuration | |
- --experimental.http3=true | |
- --entrypoints.https.http3=true | |
- --entrypoints.alt-https.http3=false | |
# Enable the access log, with HTTP requests | |
- --accesslog | |
# Enable the Traefik log, for configurations and errors | |
- --log | |
# Disable the Dashboard and API | |
- --api.dashboard=false | |
# Enable healthcheck | |
- --ping | |
- --log.level=INFO | |
httpbin: | |
image: mccutchen/go-httpbin:v2.11.1 | |
restart: unless-stopped | |
depends_on: | |
proxy: | |
condition: service_healthy | |
labels: | |
- traefik.enable=true | |
- traefik.http.routers.httpbin-http.rule=Host(`httpbin.local`) || Host(`alt.httpbin.local`) | |
- traefik.http.routers.httpbin-http.entrypoints=http,alt-http | |
- traefik.http.routers.httpbin-https.rule=Host(`httpbin.local`) || Host(`alt.httpbin.local`) | |
- traefik.http.routers.httpbin-https.entrypoints=https,alt-https | |
- traefik.http.routers.httpbin-https.tls=true | |
- traefik.http.services.httpbin.loadbalancer.server.port=8080 | |
run: | | |
echo "$TRAEFIK_COMPOSE_SCHEMA" > ./docker-compose.yaml | |
echo "$TRAEFIK_CERTIFICATE_TOML" > ./certs/certificate.toml | |
- name: "Traefik: Start stack" | |
if: ${{ matrix.traefik-server && !contains(matrix.os, 'windows') }} | |
run: docker-compose up -d | |
- name: "Traefik: Wait for service" | |
uses: nick-fields/retry@v2 | |
if: ${{ matrix.traefik-server && !contains(matrix.os, 'windows') }} | |
with: | |
timeout_minutes: 3 | |
max_attempts: 30 | |
command: curl --fail http://httpbin.local:8888/get | |
- name: "Setup Python ${{ matrix.python-version }}" | |
uses: "actions/setup-python@61a6322f88396a6271a6ee3565807d608ecaddd1" | |
with: | |
python-version: ${{ matrix.python-version }} | |
- name: "Install dependencies" | |
run: python -m pip install --upgrade pip setuptools nox | |
- name: "Run tests" | |
run: ./ci/run_tests.sh | |
env: | |
PYTHON_VERSION: ${{ matrix.python-version }} | |
NOX_SESSION: ${{ matrix.nox-session }} | |
- name: "Upload artifact" | |
uses: "actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce" | |
with: | |
name: coverage-data | |
path: ".coverage.*" | |
if-no-files-found: error | |
coverage: | |
if: always() | |
runs-on: "ubuntu-latest" | |
needs: test | |
steps: | |
- name: "Checkout repository" | |
uses: "actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608" | |
- name: "Setup Python" | |
uses: "actions/setup-python@61a6322f88396a6271a6ee3565807d608ecaddd1" | |
with: | |
python-version: "3.x" | |
- name: "Install coverage" | |
run: "python -m pip install --upgrade coverage" | |
- name: "Download artifact" | |
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a | |
with: | |
name: coverage-data | |
- name: "Combine & check coverage" | |
run: | | |
python -m coverage combine | |
python -m coverage html --skip-covered --skip-empty | |
python -m coverage report --ignore-errors --show-missing --fail-under=90 | |
- if: ${{ failure() }} | |
name: "Upload report if check failed" | |
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce | |
with: | |
name: coverage-report | |
path: htmlcov |