Merge branch 'main' into build

simonrob · Nov 1, 2023 · 3f2623d · 3f2623d
2 parents d8d95f4 + 3a96ab1
commit 3f2623d
Show file tree

Hide file tree

Showing 8 changed files with 443 additions and 197 deletions.
diff --git a/.github/workflows/pyinstaller.yml b/.github/workflows/pyinstaller.yml
@@ -15,7 +15,7 @@ jobs:
       output: ${{ steps.latest_tag.outputs.tag }}
 
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - id: latest_tag
         run: |
           git fetch -a
@@ -31,44 +31,44 @@ jobs:
         os: [macos-latest, windows-latest]
 
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - uses: actions/setup-python@v4
         with:
-          python-version: '3.11.2'
+          python-version: '3.x'
 
       # install requirements and build
       # - note: `--hidden-import` is required for GUI mode until https://github.com/hustcc/timeago/issues/40 is fixed
       - run: |
           python -m pip install --upgrade pip
           python -m pip install wheel
-          python -m pip install -r requirements.txt pyinstaller
+          python -m pip install -r requirements-core.txt -r requirements-gui.txt pyinstaller
           python -m PyInstaller --clean --noconsole --onefile --hidden-import timeago.locales.en_short --icon icon.png emailproxy.py
-      
+
       # add license, documentation, configuration file sample and disclaimer
       # - note: `move [...] alias move=mv [...]` is to support using the same commands on all platforms
       - run: |
-          move LICENSE . 2> nul || { shopt -s expand_aliases; alias move=mv; } 
+          move LICENSE . 2> nul || { shopt -s expand_aliases; alias move=mv; }
           move LICENSE dist/
           move README.md dist/
           move emailproxy.config dist/
           echo 'This binary distribution is automatically created for each Email OAuth 2.0 Proxy release, ' >> _.txt
           echo 'but is not tested, and is not officially supported. Using the main emailproxy.py script ' >> _.txt
           echo 'directly is recommended for best results: https://github.com/simonrob/email-oauth2-proxy/' >> _.txt
           move _.txt dist/GettingStarted.txt
-      
+
       # on macOS `--onefile` creates bundle *and* binary; we don't need both (and the .app also contains the binary)
       - if: runner.os == 'macOS'
         run: rm dist/emailproxy
 
       # zip the built output, naming according to tag and OS
-      - uses: thedoctor0/[email protected].1
+      - uses: thedoctor0/[email protected].6
         with:
           type: zip
           directory: dist/
           filename: emailproxy-${{ needs.get_tag.outputs.output }}_pyinstaller-${{ runner.os }}.zip
 
       # append the zip to the latest release
-      - uses: xresloader/upload-to-github-release@v1
+      - uses: xresloader/upload-to-github-release@v1.3.12
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:

diff --git a/.github/workflows/pypi.yml b/.github/workflows/pypi.yml
@@ -0,0 +1,65 @@
+name: Deploy to PyPI and add to latest release
+
+on:
+  push:
+
+permissions:
+  contents: write
+  id-token: write
+
+# see: https://packaging.python.org/en/latest/guides/publishing-package-distribution-releases-using-github-actions-ci-cd-workflows/
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v4
+        with:
+          python-version: '3.x'
+
+      # set up build environment and package the proxy
+      - run: |
+          python -m pip install --upgrade pip
+          python -m pip install build
+          python -m build
+
+      - uses: actions/upload-artifact@v3
+        with:
+          name: python-package-distributions
+          path: dist/
+
+  publish-to-pypi:
+    needs: build
+
+    runs-on: ubuntu-latest
+    environment:
+      name: pypi
+      url: https://pypi.org/p/emailproxy
+
+    steps:
+      - uses: actions/download-artifact@v3
+        with:
+          name: python-package-distributions
+          path: dist/
+
+      # upload the built packages to PyPI (we use a token rather than trusted publishing due to our unconventional build branch method)
+      - uses: pypa/gh-action-pypi-publish@release/v1
+        with:
+          password: ${{ secrets.PYPI }}
+          skip-existing: true  # avoid failing when repeating this action
+
+      # sign the built packages
+      - uses: sigstore/[email protected]
+        with:
+          inputs: >-
+            ./dist/*.tar.gz
+            ./dist/*.whl
+
+      # append the built packages to the latest release
+      - uses: xresloader/[email protected]
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          file: dist/*.whl;dist/*.tar.gz
+          update_latest_release: true
diff --git a/README.md b/README.md
diff --git a/emailproxy.config b/emailproxy.config
@@ -26,7 +26,7 @@ documentation = Local servers are specified as demonstrated below where, for exa
 	behalf (i.e., do not enable STARTTLS in your client). IMAP STARTTLS and POP STARTTLS are not currently supported.
 
 	- The `local_address` property can be used to set an IP address or hostname for the proxy to listen on. Both IPv4
-	and IPv6 are supported. If not specified, this value is set to `::` (i.e., dual-stack IPv4 and IPv6 `localhost`).
+	and IPv6 are supported. If not specified, this value is set to `::` (i.e., dual-stack IPv4/IPv6 on all interfaces).
 	When a hostname is set the proxy will first resolve this to an IP address, preferring IPv6 over IPv4 if both are
 	available. When running in an IPv6 environment with dual-stack support, the proxy will attempt to listen on both
 	IPv4 and IPv6 hosts simultaneously. Note that tools such as `netstat` do not always accurately show dual-stack mode;
@@ -42,27 +42,33 @@ documentation = Local servers are specified as demonstrated below where, for exa
 [IMAP-1993]
 server_address = outlook.office365.com
 server_port = 993
+local_address = 127.0.0.1
 
 [POP-1995]
 server_address = outlook.office365.com
 server_port = 995
+local_address = 127.0.0.1
 
 [SMTP-1587]
 server_address = smtp.office365.com
 server_port = 587
 starttls = True
+local_address = 127.0.0.1
 
 [IMAP-2993]
 server_address = imap.gmail.com
 server_port = 993
+local_address = 127.0.0.1
 
 [POP-2995]
 server_address = pop.gmail.com
 server_port = 995
+local_address = 127.0.0.1
 
 [SMTP-2465]
 server_address = smtp.gmail.com
 server_port = 465
+local_address = 127.0.0.1
 
 
 [Account setup]
@@ -196,7 +202,9 @@ documentation = The parameters below control advanced options for the proxy. In
 	password typo does not give the false impression that the proxy has somehow made the account inaccessible. However,
 	if the proxy is used in a headless (often also public-facing) context, where authentication flows are more likely to
 	be laborious or need administrator intervention, this can potentially result in a denial-of-service issue, whether
-	malicious or not. Set to False and the proxy will instead return an error when an incorrect password is provided.
+	malicious or not. It can also be the source of confusion if using a client (such as Firefox) that stores a separate
+	password per protocol for each account, but does not make this clear when changing account passwords. Set this
+	option to False and the proxy will instead return an error when an incorrect password is provided.
 
 	- encrypt_client_secret_on_first_use (default = False): The proxy encrypts sensitive configuration values (e.g.,
 	cached access tokens) using the password that is given when accessing an account via IMAP/POP/SMTP. It does not do