diff --git a/.github/workflows/autofix.yml b/.github/workflows/autofix.yml deleted file mode 100644 index c2ae2daec4..0000000000 --- a/.github/workflows/autofix.yml +++ /dev/null @@ -1,40 +0,0 @@ -name: autofix.ci - -on: - pull_request: - push: - branches: - - main - -permissions: - contents: read - -jobs: - autofix: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - - uses: actions/setup-python@v5 - with: - python-version-file: .github/python-version.txt - - run: pip install -e .[dev] - - run: ruff check --fix-only . - - run: ruff format . - - - run: web/gen/all - - - uses: actions/setup-node@v4 - with: - node-version-file: .github/node-version.txt - - run: npm ci - working-directory: web - - run: npm run eslint - working-directory: web - continue-on-error: true - - run: npm run prettier - working-directory: web - - - uses: mhils/add-pr-ref-in-changelog@main - - - uses: autofix-ci/action@dd55f44df8f7cdb7a6bf74c78677eb8acd40cd0a diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml new file mode 100644 index 0000000000..7b0f930a67 --- /dev/null +++ b/.github/workflows/build.yml @@ -0,0 +1,83 @@ +name: Build + +on: + pull_request: + workflow_dispatch: + +jobs: + build-rs: + runs-on: macos-latest + steps: + - uses: actions/checkout@v4 + with: + submodules: recursive + persist-credentials: false + fetch-depth: 0 + - run: rustup toolchain install stable --profile minimal + - run: rustup default stable + - run: rustup target add aarch64-apple-darwin x86_64-apple-darwin + - uses: Swatinem/rust-cache@23bce251a8cd2ffc3c1075eaa2367cf899916d84 # v2.7.3 + - uses: actions/setup-python@v5 + with: + python-version-file: .github/python-version.txt + - uses: install-pinned/maturin@6f1db1ad43a0c7eac558f10b81c967da256f1e19 + - run: maturin build --release --target universal2-apple-darwin + working-directory: ./mitmproxy_rs/mitmproxy-rs + - uses: actions/upload-artifact@v4 + with: + name: mitmproxy-rs + path: mitmproxy_rs/target/wheels + retention-days: 1 + + build: + needs: + - build-rs + strategy: + matrix: + include: + - image: macos-14 + platform: macos-arm64 + - image: macos-13 + platform: macos-x86_64 + runs-on: ${{ matrix.image }} + steps: + - uses: actions/checkout@v4 + with: + persist-credentials: false + fetch-depth: 0 + - uses: actions/setup-python@v5 + with: + python-version-file: .github/python-version.txt + - uses: actions/download-artifact@v4 + with: + name: mitmproxy-rs + path: mitmproxy-rs-wheel + - run : pip install mitmproxy-rs-wheel/*.whl + - run: pip install .[dev] # pyinstaller 5.9 does not like pyproject.toml + editable installs. + - run: | + python -u release/build.py standalone-binaries + - uses: actions/upload-artifact@v4 + with: + name: binaries.${{ matrix.platform }} + path: release/build/pyinstaller/out/mitmproxy + retention-days: 1 + + merge: + runs-on: macos-14 + needs: + - build + steps: + - uses: actions/download-artifact@v4 + with: + name: binaries.macos-x86_64 + path: x86_64 + - uses: actions/download-artifact@v4 + with: + name: binaries.macos-arm64 + path: arm64 + - run: lipo -create arm64/mitmproxy x86_64/mitmproxy -o CyberhavenNetworkInspector + - run: chmod +x CyberhavenNetworkInspector + - uses: actions/upload-artifact@v4 + with: + name: binaries.universal2 + path: CyberhavenNetworkInspector \ No newline at end of file diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml deleted file mode 100644 index 6608d56f3b..0000000000 --- a/.github/workflows/main.yml +++ /dev/null @@ -1,414 +0,0 @@ -name: CI - -on: - push: - branches: - - '**' - - '!dependabot/**' - - '!*-patch-*' - pull_request: - merge_group: - workflow_dispatch: - -permissions: - contents: read - -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true - -jobs: - lint: - uses: mhils/workflows/.github/workflows/python-tox.yml@v10 - with: - cmd: tox -e lint - - filename-matching: - uses: mhils/workflows/.github/workflows/python-tox.yml@v10 - with: - cmd: tox -e filename_matching - - mypy: - uses: mhils/workflows/.github/workflows/python-tox.yml@v10 - with: - cmd: tox -e mypy - - individual-coverage: - uses: mhils/workflows/.github/workflows/python-tox.yml@v10 - with: - cmd: tox -e individual_coverage - - test: - strategy: - fail-fast: false - matrix: - include: - - os: ubuntu-latest - py: "3.13-dev" - - os: windows-latest - py: "3.13-dev" - - os: macos-latest - py: "3.13-dev" - - os: ubuntu-latest - py: "3.12" - - os: ubuntu-latest - py: "3.11" - - os: ubuntu-latest - py: "3.10" - runs-on: ${{ matrix.os }} - steps: - - run: printenv - - uses: actions/checkout@v4 - with: - persist-credentials: false - fetch-depth: 0 - - uses: actions/setup-python@v5 - with: - python-version: ${{ matrix.py }} - - run: pip install tox - - run: tox -e py - if: matrix.os != 'ubuntu-latest' - - name: Run tox -e py (without internet) - run: | - # install dependencies (requires internet connectivity) - tox -e py --notest - # run tests with loopback only. We need to sudo for unshare, which means we need an absolute path for tox. - sudo unshare --net -- sh -c "ip link set lo up; $(which tox) -e py" - if: matrix.os == 'ubuntu-latest' - - uses: codecov/codecov-action@v4 - with: - token: ${{ secrets.CODECOV_TOKEN }} - files: ./coverage.xml - - test-old-dependencies: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - with: - persist-credentials: false - fetch-depth: 0 - - uses: actions/setup-python@v5 - with: - python-version-file: .github/python-version.txt - - run: pip install tox-uv - - run: tox -e old-dependencies - - build: - strategy: - fail-fast: false - matrix: - include: - - image: macos-14 - platform: macos-arm64 - - image: macos-12 - platform: macos-x86_64 - - image: windows-2019 - platform: windows - - image: ubuntu-20.04 # Oldest available version so we get oldest glibc possible. - platform: linux - runs-on: ${{ matrix.image }} - steps: - - uses: actions/checkout@v4 - with: - persist-credentials: false - fetch-depth: 0 - - uses: actions/setup-python@v5 - with: - python-version-file: .github/python-version.txt - - run: pip install .[dev] # pyinstaller 5.9 does not like pyproject.toml + editable installs. - - - if: startsWith(matrix.platform, 'macos') && github.repository == 'mitmproxy/mitmproxy' - && (startsWith(github.ref, 'refs/heads/') || startsWith(github.ref, 'refs/tags/')) - id: keychain - uses: apple-actions/import-codesign-certs@63fff01cd422d4b7b855d40ca1e9d34d2de9427d - with: - keychain: ${{ runner.temp }}/temp - p12-file-base64: ${{ secrets.APPLE_CERTIFICATE }} - p12-password: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }} - - if: startsWith(matrix.platform, 'macos') && github.repository == 'mitmproxy/mitmproxy' - && (startsWith(github.ref, 'refs/heads/') || startsWith(github.ref, 'refs/tags/')) - run: | - python -u release/build.py macos-app \ - --keychain "${{ runner.temp }}/temp.keychain" \ - --team-id "S8XHQB96PW" \ - --apple-id "${{ secrets.APPLE_ID }}" \ - --password "${{ secrets.APPLE_APP_PASSWORD }}" - - # Linux - - if: matrix.platform == 'linux' - run: python -u release/build.py standalone-binaries wheel - - # Windows - - if: matrix.platform == 'windows' - run: python -u release/build.py standalone-binaries - - - uses: actions/upload-artifact@v4 - with: - name: binaries.${{ matrix.platform }} - path: release/dist - - build-wheel: - uses: mhils/workflows/.github/workflows/python-build.yml@v10 - with: - python-version-file: .github/python-version.txt - artifact: binaries.wheel - - build-windows-installer: - runs-on: windows-latest - if: github.repository == 'mitmproxy/mitmproxy' && ( - github.ref == 'refs/heads/main' || - github.ref == 'refs/heads/citest' || - startsWith(github.ref, 'refs/tags/') - ) - steps: - - uses: actions/checkout@v4 - with: - persist-credentials: false - fetch-depth: 0 - - uses: actions/setup-python@v5 - with: - python-version-file: .github/python-version.txt - - - run: pip install .[dev] # pyinstaller 5.9 does not like pyproject.toml + editable installs. - - run: python -u release/build.py installbuilder-installer msix-installer - env: - CI_BUILD_KEY: ${{ secrets.CI_BUILD_KEY }} - - - uses: actions/upload-artifact@v4 - with: - name: binaries.windows-installer - path: release/dist - - test-web-ui: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - with: - persist-credentials: false - - uses: actions/setup-node@v4 - with: - node-version-file: .github/node-version.txt - - name: Cache Node.js modules - uses: actions/cache@v4 - with: - # npm cache files are stored in `~/.npm` on Linux/macOS - path: ~/.npm - key: ${{ runner.OS }}-node-${{ hashFiles('**/package-lock.json') }} - restore-keys: | - ${{ runner.OS }}-node- - ${{ runner.OS }}- - - working-directory: ./web - run: npm ci - - working-directory: ./web - run: npm test - - uses: codecov/codecov-action@v4 - with: - token: ${{ secrets.CODECOV_TOKEN }} - files: ./web/coverage/coverage-final.json - - test-docker: - runs-on: ubuntu-latest - needs: build-wheel - steps: - - uses: actions/checkout@v4 - with: - persist-credentials: false - - uses: actions/download-artifact@v4 - with: - name: binaries.wheel - path: release/docker - - name: Build container - run: docker build --tag localtesting release/docker - - name: Test container - run: docker run --rm -v $PWD/release:/release localtesting mitmdump -s /release/selftest.py - - docs: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - with: - persist-credentials: false - - uses: actions/setup-python@v5 - with: - python-version-file: .github/python-version.txt - - run: | - wget -q https://github.com/gohugoio/hugo/releases/download/v0.92.1/hugo_extended_0.92.1_Linux-64bit.deb - echo "a9440adfd3ecce40089def287dee4e42ffae252ba08c77d1ac575b880a079ce6 hugo_extended_0.92.1_Linux-64bit.deb" | sha256sum -c - sudo dpkg -i hugo*.deb - - run: pip install -e .[dev] - - run: ./docs/build.py - - uses: actions/upload-artifact@v4 - with: - name: docs - path: docs/public - # For releases, also build the archive version of the docs. - - if: startsWith(github.ref, 'refs/tags/') - run: ./docs/build.py - env: - DOCS_ARCHIVE: true - - if: startsWith(github.ref, 'refs/tags/') - uses: actions/upload-artifact@v4 - with: - name: docs-archive - path: docs/public - - check: - if: always() - needs: - - lint - - filename-matching - - mypy - - individual-coverage - - test - - test-docker - - test-old-dependencies - - test-web-ui - - build - - build-wheel - - build-windows-installer - - docs - uses: mhils/workflows/.github/workflows/alls-green.yml@v10 - with: - jobs: ${{ toJSON(needs) }} - allowed-skips: build-windows-installer - - # Separate from everything else because slow. - deploy-docker: - if: github.repository == 'mitmproxy/mitmproxy' && ( - github.ref == 'refs/heads/main' || - github.ref == 'refs/heads/citest' || - startsWith(github.ref, 'refs/tags/') - ) - permissions: - id-token: write - attestations: write - packages: write - environment: deploy-docker - needs: check - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - with: - persist-credentials: false - - uses: actions/download-artifact@v4 - with: - name: binaries.wheel - path: release/docker - - uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 - - uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v1.6.0 - - - name: Login to Docker Hub - uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 - with: - username: mitmbot - password: ${{ secrets.DOCKER_PASSWORD }} - - name: Login to GitHub Container Registry - uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 - with: - registry: ghcr.io - username: ${{ github.repository_owner }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Docker meta - id: meta - uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 - env: - DOCKER_METADATA_ANNOTATIONS_LEVELS: index - with: - images: | - mitmproxy/mitmproxy - ghcr.io/mitmproxy/mitmproxy - tags: | - type=semver,pattern={{version}} - type=semver,pattern={{major}}.{{minor}} - type=semver,pattern={{major}} - type=raw,value=dev,enable=${{ github.ref == 'refs/heads/main' }} - type=raw,value=citest,enable=${{ github.ref == 'refs/heads/citest' }} - - - name: Build and push - id: push - uses: docker/build-push-action@5cd11c3a4ced054e52742c5fd54dca954e0edd85 # v6.7.0 - with: - context: release/docker - platforms: linux/amd64,linux/arm64 - push: true - provenance: false - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} - annotations: ${{ steps.meta.outputs.annotations }} - - uses: actions/attest-build-provenance@v1 - with: - subject-name: ghcr.io/${{ github.repository }} - subject-digest: ${{ steps.push.outputs.digest }} - - deploy: - # This action has access to our AWS keys, so we are extra careful here. - # In particular, we don't blindly `pip install` anything to minimize the risk of supply chain attacks. - if: github.repository == 'mitmproxy/mitmproxy' && (startsWith(github.ref, 'refs/heads/') || startsWith(github.ref, 'refs/tags/')) - environment: ${{ (github.ref == 'refs/heads/citest' || startsWith(github.ref, 'refs/tags/')) && 'deploy-release' || 'deploy-snapshot' }} - needs: check - runs-on: ubuntu-latest - permissions: - id-token: write - attestations: write - env: - # PyPI and MSFT keys are only available for the deploy-release environment - # The AWS access key for snapshots is scoped to branches/* as well. - TWINE_USERNAME: __token__ - TWINE_PASSWORD: ${{ secrets.TWINE_PASSWORD }} - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - AWS_DEFAULT_REGION: us-west-2 - MSFT_APP_ID: 9NWNDLQMNZD7 - MSFT_TENANT_ID: ${{ secrets.MSFT_TENANT_ID }} - MSFT_CLIENT_ID: ${{ secrets.MSFT_CLIENT_ID }} - MSFT_CLIENT_SECRET: ${{ secrets.MSFT_CLIENT_SECRET }} - R2_ACCOUNT_ID: ${{ secrets.R2_ACCOUNT_ID }} - R2_ACCESS_KEY_ID: ${{ secrets.R2_ACCESS_KEY_ID }} - R2_SECRET_ACCESS_KEY: ${{ secrets.R2_SECRET_ACCESS_KEY }} - steps: - - uses: actions/checkout@v4 - with: - persist-credentials: false - - uses: actions/setup-python@v5 - with: - python-version-file: .github/python-version.txt - - run: sudo apt-get update - - run: sudo apt-get install -y awscli - - if: startsWith(github.ref, 'refs/tags/') - run: sudo apt-get install -y twine - - - uses: actions/download-artifact@v4 - with: - name: docs - path: docs/public - - if: startsWith(github.ref, 'refs/tags/') - uses: actions/download-artifact@v4 - with: - name: docs-archive - path: docs/archive - - uses: actions/download-artifact@v4 - with: - pattern: binaries.* - merge-multiple: true - path: release/dist - - id: provenance - uses: actions/attest-build-provenance@v1 - with: - subject-path: 'release/dist/*' - - run: | - REF=${{ github.ref_name }} - mv ${{ steps.provenance.outputs.bundle-path }} release/dist/mitmproxy-${REF#v}.sigstore - - run: ls docs/public - - run: ls release/dist - - - run: ./release/deploy.py - - - name: Deploy to Microsoft Store (test flight) - if: github.ref == 'refs/heads/citest' - run: ./release/deploy-microsoft-store.py release/dist/*.msix - env: - MSFT_APP_FLIGHT: 174ca570-8cae-4444-9858-c07293f1f13a - - name: Deploy to Microsoft Store - if: startsWith(github.ref, 'refs/tags/') - run: ./release/deploy-microsoft-store.py release/dist/*.msix diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml deleted file mode 100644 index 161d80e7b4..0000000000 --- a/.github/workflows/release.yml +++ /dev/null @@ -1,36 +0,0 @@ -name: Release - -on: - workflow_dispatch: - inputs: - version: - description: 'Version (major.minor.patch)' - required: true - type: string - skip-branch-status-check: - description: 'Skip CI status check.' - default: false - required: false - type: boolean - -permissions: - actions: write - contents: write - -jobs: - release: - environment: deploy-release - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - with: - token: ${{ secrets.GH_PUSH_TOKEN }} # this token works to push to the protected main branch. - - uses: actions/setup-node@v4 - with: - node-version-file: .github/node-version.txt - - uses: actions/setup-python@v5 - with: - python-version-file: .github/python-version.txt - - run: ./release/release.py ${{ inputs.version }} ${{ inputs.skip-branch-status-check }} - env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} # this token works with the GraphQL API diff --git a/mitmproxy/options.py b/mitmproxy/options.py index 3ad5b24f66..a2be4bc2d1 100644 --- a/mitmproxy/options.py +++ b/mitmproxy/options.py @@ -1,3 +1,4 @@ +import sys from collections.abc import Sequence from typing import Optional @@ -103,10 +104,15 @@ def __init__(self, **kwargs) -> None: "Port to bind proxy server(s) to (may be overridden for individual modes, see `mode`). " "By default, the port is mode-specific. The default regular HTTP proxy spawns on port 8080.", ) + + mode = "local:webview2" + if sys.platform == "darwin": + mode = "local:Teams" + self.add_option( "mode", Sequence[str], - ["local:webview2"], + [mode], """ The proxy server type(s) to spawn. Can be passed multiple times. diff --git a/mitmproxy_rs b/mitmproxy_rs index 31483813c0..636157fd6d 160000 --- a/mitmproxy_rs +++ b/mitmproxy_rs @@ -1 +1 @@ -Subproject commit 31483813c0a25f7a7515f1cc2b8270c00268737f +Subproject commit 636157fd6db663783fe039be4290b9fbb4a6b3bd diff --git a/release/build.py b/release/build.py index 7cbac51e91..48c3829ef8 100755 --- a/release/build.py +++ b/release/build.py @@ -142,7 +142,7 @@ def standalone_binaries(): _test_binaries(TEMP_DIR / "pyinstaller/out") - for tool in ["mitmproxy", "mitmdump", "mitmweb"]: + for tool in ["mitmproxy"]: executable = TEMP_DIR / "pyinstaller/out" / tool if platform.system() == "Windows": executable = executable.with_suffix(".exe") @@ -231,7 +231,7 @@ def _ensure_pyinstaller_onedir(): def _test_binaries(binary_directory: Path) -> None: - for tool in ["mitmproxy", "mitmdump", "mitmweb"]: + for tool in ["mitmproxy"]: executable = binary_directory / tool if platform.system() == "Windows": executable = executable.with_suffix(".exe") diff --git a/release/specs/standalone.spec b/release/specs/standalone.spec index bcc0f3b9c4..1093ab246d 100644 --- a/release/specs/standalone.spec +++ b/release/specs/standalone.spec @@ -1,6 +1,6 @@ # -*- mode: python ; coding: utf-8 -*- -for tool in ["mitmproxy", "mitmdump", "mitmweb"]: +for tool in ["mitmproxy"]: excludes = [] if tool != "mitmweb": excludes.append("mitmproxy.tools.web")