forked from urllib3/urllib3
-
-
Notifications
You must be signed in to change notification settings - Fork 2
295 lines (266 loc) · 10.8 KB
/
ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
name: CI
on:
push:
branches:
- main
pull_request:
permissions: "read-all"
concurrency:
group: ci-${{ github.ref_name }}
cancel-in-progress: true
defaults:
run:
shell: bash
jobs:
package:
runs-on: ubuntu-latest
timeout-minutes: 10
steps:
- name: "Checkout repository"
uses: "actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608"
- name: "Setup Python"
uses: "actions/setup-python@61a6322f88396a6271a6ee3565807d608ecaddd1"
with:
python-version: "3.x"
cache: "pip"
- name: "Check packages"
run: |
python -m pip install -U pip setuptools wheel build twine rstcheck
python -m build
rstcheck CHANGES.rst
python -m twine check dist/*
test:
strategy:
fail-fast: false
matrix:
python-version: ["3.7", "3.8", "3.9", "3.10", "3.11", "3.12"]
os:
- macos-latest
- windows-latest
- ubuntu-20.04 # OpenSSL 1.1.1
- ubuntu-latest # OpenSSL 3.0
nox-session: ['']
include:
- experimental: false
traefik-server: true
- python-version: "pypy-3.7"
os: ubuntu-latest
experimental: false
nox-session: test-pypy
- python-version: "pypy-3.8"
os: ubuntu-latest
experimental: false
nox-session: test-pypy
traefik-server: true
- python-version: "pypy-3.9"
os: ubuntu-latest
experimental: false
nox-session: test-pypy
traefik-server: true
- python-version: "pypy-3.10"
os: ubuntu-latest
experimental: false
nox-session: test-pypy
traefik-server: true
- python-version: "3.x"
os: ubuntu-latest
experimental: false
nox-session: test_brotlipy
# Test CPython with a broken hostname_checks_common_name (the fix is in 3.9.3)
- python-version: "3.9.2"
os: ubuntu-20.04 # CPython 3.9.2 is not available for ubuntu-22.04.
experimental: false
nox-session: test-3.9
exclude:
# Ubuntu 22.04 comes with OpenSSL 3.0, so only CPython 3.9+ is compatible with it
# https://github.com/python/cpython/issues/83001
- python-version: "3.7"
os: ubuntu-22.04
- python-version: "3.8"
os: ubuntu-22.04
runs-on: ${{ matrix.os }}
name: ${{ fromJson('{"macos-latest":"macOS","windows-latest":"Windows","ubuntu-latest":"Ubuntu","ubuntu-20.04":"Ubuntu 20.04 (OpenSSL 1.1.1)","ubuntu-latest":"Ubuntu Latest (OpenSSL 3+)"}')[matrix.os] }} ${{ matrix.python-version }} ${{ matrix.nox-session }}
continue-on-error: ${{ matrix.experimental }}
timeout-minutes: 40
steps:
- name: "Checkout repository"
uses: "actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608"
- name: "Traefik: Prerequisites - CA, Host, Tools (Linux)"
if: ${{ matrix.traefik-server && contains(matrix.os, 'ubuntu') }}
run: |
mkdir ./certs
pip install trustme
python -m trustme -i httpbin.local alt.httpbin.local -d ./certs
mv ./certs/server.pem ./certs/httpbin.local.pem
mv ./certs/server.key ./certs/httpbin.local.key
mv ./certs/client.pem ./rootCA.pem
echo "127.0.0.1 httpbin.local alt.httpbin.local" | sudo tee -a /etc/hosts
# - name: "Traefik: Prerequisites - CA, Host, Tools (Windows)"
# if: ${{ matrix.traefik-server && contains(matrix.os, 'windows') }}
# run: |
# mkdir ./certs
# pip install trustme
# python -m trustme -i httpbin.local alt.httpbin.local -d ./certs
# mv ./certs/server.pem ./certs/httpbin.local.pem
# mv ./certs/server.key ./certs/httpbin.local.key
# mv ./certs/client.pem ./rootCA.pem
# echo 127.0.0.1 httpbin.local alt.httpbin.local >> %WinDir%\system32\drivers\etc\hosts
# choco install -y curl
- name: "Traefik: Prerequisites - CA, Host, Tools (MacOS)"
if: ${{ matrix.traefik-server && contains(matrix.os, 'mac') }}
run: |
sudo security authorizationdb write com.apple.trust-settings.admin allow
mkdir ./certs
pip install trustme
python -m trustme -i httpbin.local alt.httpbin.local -d ./certs
mv ./certs/server.pem ./certs/httpbin.local.pem
mv ./certs/server.key ./certs/httpbin.local.key
mv ./certs/client.pem ./rootCA.pem
brew install curl
brew install docker
brew install docker-compose
colima start --network-address
colima list
echo "192.168.106.2 httpbin.local alt.httpbin.local" | sudo tee -a /etc/hosts
- name: "Traefik: Produce Compose & Config"
if: ${{ matrix.traefik-server && !contains(matrix.os, 'windows') }}
env:
TRAEFIK_CERTIFICATE_TOML: |
[[tls.certificates]]
certFile = "/certs/httpbin.local.pem"
keyFile = "/certs/httpbin.local.key"
TRAEFIK_COMPOSE_SCHEMA: |
services:
proxy:
image: traefik:v2.10.4
restart: unless-stopped
healthcheck:
test: [ "CMD", "traefik" ,"healthcheck", "--ping" ]
interval: 3s
timeout: 3s
retries: 10
ports:
- target: 8888
published: 8888
protocol: tcp
mode: host
- target: 4443
published: 4443
protocol: tcp
mode: host
- target: 4443
published: 4443
protocol: udp
mode: host
- target: 9999
published: 9999
protocol: tcp
mode: host
- target: 8754
published: 8754
protocol: tcp
mode: host
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./certs:/certs
command:
# Enable Docker in Traefik, so that it reads labels from Docker services
- --providers.docker
# TLS providers
- --providers.file.directory=/certs/
# Auto discovery
- --providers.file.watch=true
# Do not expose all Docker services, only the ones explicitly exposed
- --providers.docker.exposedbydefault=false
# Create an entrypoint "http" listening on port 8080
- --entrypoints.http.address=:8888
# Create an entrypoint "https" listening on port 4443
- --entrypoints.https.address=:4443
# Create alt-no-quic entrypoints
- --entrypoints.alt-http.address=:9999
- --entrypoints.alt-https.address=:8754
# QUIC Related Configuration
- --experimental.http3=true
- --entrypoints.https.http3=true
- --entrypoints.alt-https.http3=false
# Enable the access log, with HTTP requests
- --accesslog
# Enable the Traefik log, for configurations and errors
- --log
# Disable the Dashboard and API
- --api.dashboard=false
# Enable healthcheck
- --ping
- --log.level=INFO
httpbin:
image: mccutchen/go-httpbin:v2.11.1
restart: unless-stopped
depends_on:
proxy:
condition: service_healthy
labels:
- traefik.enable=true
- traefik.http.routers.httpbin-http.rule=Host(`httpbin.local`) || Host(`alt.httpbin.local`)
- traefik.http.routers.httpbin-http.entrypoints=http,alt-http
- traefik.http.routers.httpbin-https.rule=Host(`httpbin.local`) || Host(`alt.httpbin.local`)
- traefik.http.routers.httpbin-https.entrypoints=https,alt-https
- traefik.http.routers.httpbin-https.tls=true
- traefik.http.services.httpbin.loadbalancer.server.port=8080
run: |
echo "$TRAEFIK_COMPOSE_SCHEMA" > ./docker-compose.yaml
echo "$TRAEFIK_CERTIFICATE_TOML" > ./certs/certificate.toml
- name: "Traefik: Start stack"
if: ${{ matrix.traefik-server && !contains(matrix.os, 'windows') }}
run: docker-compose up -d
- name: "Traefik: Wait for service"
uses: nick-fields/retry@v2
if: ${{ matrix.traefik-server && !contains(matrix.os, 'windows') }}
with:
timeout_minutes: 3
max_attempts: 30
command: curl --fail http://httpbin.local:8888/get
- name: "Setup Python ${{ matrix.python-version }}"
uses: "actions/setup-python@61a6322f88396a6271a6ee3565807d608ecaddd1"
with:
python-version: ${{ matrix.python-version }}
- name: "Install dependencies"
run: python -m pip install --upgrade pip setuptools nox
- name: "Run tests"
run: ./ci/run_tests.sh
env:
PYTHON_VERSION: ${{ matrix.python-version }}
NOX_SESSION: ${{ matrix.nox-session }}
- name: "Upload artifact"
uses: "actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce"
with:
name: coverage-data
path: ".coverage.*"
if-no-files-found: error
coverage:
if: always()
runs-on: "ubuntu-latest"
needs: test
steps:
- name: "Checkout repository"
uses: "actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608"
- name: "Setup Python"
uses: "actions/setup-python@61a6322f88396a6271a6ee3565807d608ecaddd1"
with:
python-version: "3.x"
- name: "Install coverage"
run: "python -m pip install --upgrade coverage"
- name: "Download artifact"
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a
with:
name: coverage-data
- name: "Combine & check coverage"
run: |
python -m coverage combine
python -m coverage html --skip-covered --skip-empty
python -m coverage report --ignore-errors --show-missing --fail-under=90
- if: ${{ failure() }}
name: "Upload report if check failed"
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce
with:
name: coverage-report
path: htmlcov