v2.4.0rc3

.flake8

@@ -73,7 +73,9 @@ extend-ignore =
   Q003    # FIXME: avoid escaping in-string quotes
   RST201  # FIXME: missing trailing blank line in docstring
   RST203  # FIXME: no trailing blank line in docstring
+  RST299  # FIXME: Cannot extract compound bibliographic field "copyright"
   RST301  # FIXME: unexpected indent in docstring
+  RST499  # FIXME: Missing matching underline for section title overline
   S101    # FIXME: assertions are thrown away in optimized mode, needs audit
   S104    # FIXME: bind-all interface listen
   S105    # FIXME: hardcoded password?

.github/buildkitd.toml

@@ -1,4 +1,4 @@
 [worker.oci]
   max-parallelism = 4
 [registry."docker.io"]
-  mirrors = ["mirror.gcr.io"]
+  mirrors = ["ghcr.io"]

.github/workflows/test-library.yml

@@ -1,5 +1,4 @@
 ---
-# yamllint disable rule:line-length
 name: lib
 
 on:   # yamllint disable-line rule:truthy
@@ -67,6 +66,7 @@ jobs:
       git-tag: ${{ steps.git-tag.outputs.tag }}
       sdist-artifact-name: ${{ steps.artifact-name.outputs.sdist }}
       wheel-artifact-name: ${{ steps.artifact-name.outputs.wheel }}
+      container-version: v${{ steps.container.outputs.version }}
     steps:
     - name: Switch to using Python 3.9 by default
       uses: actions/setup-python@v2
@@ -195,6 +195,16 @@ jobs:
             && github.event.inputs.release-version
             || steps.scm-version.outputs.dist-version
         }}-py3-none-any.whl')
+    - name: Calculate container attributes
+      id: container
+      shell: bash
+      run: >-
+        VER=$(echo '${{
+            steps.request-check.outputs.release-requested == 'true'
+            && github.event.inputs.release-version
+            || steps.scm-version.outputs.dist-version
+        }}' | tr + .);
+        echo "::set-output name=version::$VER"
 
   build:
     name: 👷 dists ${{ needs.pre-setup.outputs.git-tag }}
@@ -547,11 +557,6 @@ jobs:
         # a pull request then we can checkout the head.
         fetch-depth: 2
 
-    # If this run was triggered by a pull request event, then checkout
-    # the head of the pull request instead of the merge commit.
-    - run: git checkout HEAD^2
-      if: ${{ github.event_name == 'pull_request' }}
-
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
       uses: github/codeql-action/init@v1
@@ -631,45 +636,67 @@ jobs:
         npm run build
         cd ..
 
-  docker:
-    # TODO: To build our docker container, we must wait for check,
-    # so that we can use the same distribution available.
+  developer:
     runs-on: ${{ matrix.os }}-latest
+    name: 🧑‍💻 👩‍💻 👨‍💻 Developer setup ${{ matrix.node }} @ ${{ matrix.os }}
+    strategy:
+      matrix:
+        os: [ubuntu, macOS]
+        python: ['3.10']
+      fail-fast: false
+    steps:
+    - uses: actions/checkout@v2
+      with:
+        fetch-depth: 0
+    - name: Setup Python
+      uses: actions/setup-python@v2
+      with:
+        python-version: ${{ matrix.python }}
+    - name: Install Pip Dependencies
+      run: |
+        make lib-dep
+    - name: Run essentials
+      run: |
+        ./write-scm-version.sh
+        python3 check.py
+        make https-certificates
+        make sign-https-certificates
+        make ca-certificates
+        python3 -m proxy --version
+
+  docker:
+    runs-on: Ubuntu-latest
+    permissions:
+      packages: write
     needs:
     - build
     - pre-setup  # transitive, for accessing settings
-    name: 🐳 🐍${{ matrix.python }} @ ${{ matrix.targetplatform }}
+    name: 🐳 containerize
     strategy:
-      matrix:
-        os:
-        - Ubuntu
-        python:
-        - '3.10'
-        targetplatform:
-        - 'linux/386'
-        - 'linux/amd64'
-        - 'linux/arm/v6'
-        - 'linux/arm/v7'
-        - 'linux/arm64/v8'
-        - 'linux/ppc64le'
-        - 'linux/s390x'
-      # max-parallel: 1
       fail-fast: false
     steps:
     - name: Checkout
       uses: actions/checkout@v2
+    - name: Download all the dists
+      uses: actions/download-artifact@v2
+      with:
+        name: python-package-distributions
+        path: dist/
+    - name: Login to GHCR
+      uses: docker/login-action@v1
+      with:
+        registry: ghcr.io
+        username: ${{ github.actor }}
+        password: ${{ secrets.GITHUB_TOKEN }}
     - name: Set up Docker Buildx
       id: buildx
       uses: docker/setup-buildx-action@v1
+      # See https://github.com/docker/buildx/issues/850#issuecomment-996408167
       with:
+        version: v0.7.0
         buildkitd-flags: --debug
         config: .github/buildkitd.toml
         install: true
-    - name: Download all the dists
-      uses: actions/download-artifact@v2
-      with:
-        name: python-package-distributions
-        path: dist/
     - name: Enable Multiarch    # This slows down arm build by 4-5x
       run: |
         docker run --rm --privileged multiarch/qemu-user-static --reset -p yes
@@ -679,32 +706,80 @@ jobs:
         docker buildx use proxypybuilder
         docker buildx inspect
         docker buildx ls
-    - name: Set PROXYPY_CONTAINER_VERSION
-      run: |
-        echo "PROXYPY_CONTAINER_VERSION=$(echo '${{ needs.pre-setup.outputs.dist-version }}' | tr + .)" > $GITHUB_ENV
-    - name: Build container
-      run: |
-        make container-buildx \
-          -e PROXYPY_PKG_PATH='dist/${{ needs.pre-setup.outputs.wheel-artifact-name }}' \
-          -e BUILDX_TARGET_PLATFORM='${{ matrix.targetplatform }}' \
-          -e PROXYPY_CONTAINER_VERSION='${{ env.PROXYPY_CONTAINER_VERSION }}'
+    - name: Build, run & test container
+      run: >-
+        CONTAINER_TAG="abhinavsingh/proxy.py:${{
+          needs.pre-setup.outputs.container-version
+        }}";
+        docker buildx build
+        --load
+        --build-arg PROXYPY_PKG_PATH='dist/${{
+          needs.pre-setup.outputs.wheel-artifact-name
+        }}'
+        -t $CONTAINER_TAG .
+        &&
+        docker run
+        -d
+        -p 8899:8899
+        $CONTAINER_TAG
+        --hostname 0.0.0.0
+        --enable-web-server
+        --local-executor && ./tests/integration/test_integration.sh 8899
+    - name: Push to GHCR
+      run: >-
+        PLATFORMS=linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64/v8,linux/ppc64le,linux/s390x;
+        REGISTRY_URL="ghcr.io/abhinavsingh/proxy.py";
+        CONTAINER_TAG=$REGISTRY_URL:${{
+          needs.pre-setup.outputs.container-version
+        }};
+        LATEST_TAG=$REGISTRY_URL:latest;
+        docker buildx build
+        --push
+        --platform $PLATFORMS
+        --build-arg PROXYPY_PKG_PATH='dist/${{
+          needs.pre-setup.outputs.wheel-artifact-name
+        }}'
+        -t $CONTAINER_TAG
+        -t $LATEST_TAG .
+    - name: Login to DockerHub
+      uses: docker/login-action@v1
+      with:
+        username: abhinavsingh
+        password: ${{ secrets.DOCKER_ACCESS_TOKEN }}
+    - name: Push to DockerHub
+      run: >-
+        PLATFORMS=linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64/v8,linux/ppc64le,linux/s390x;
+        REGISTRY_URL="abhinavsingh/proxy.py";
+        CONTAINER_TAG=$REGISTRY_URL:${{
+          needs.pre-setup.outputs.container-version
+        }};
+        docker buildx build
+        --push
+        --platform $PLATFORMS
+        --build-arg PROXYPY_PKG_PATH='dist/${{
+          needs.pre-setup.outputs.wheel-artifact-name
+        }}'
+        -t $CONTAINER_TAG .
 
   check:  # This job does nothing and is only used for the branch protection
+    if: always()
+
     needs:
     - analyze
     - test
     - lint
     - docker
     - dashboard
     - brew
+    - developer
 
-    runs-on: ubuntu-latest
+    runs-on: Ubuntu-latest
 
     steps:
-    - name: Report success of the test matrix
-      run: >-
-        print("All's good")
-      shell: python
+    - name: Decide whether the needed jobs succeeded or failed
+      uses: re-actors/alls-green@release/v1
+      with:
+        jobs: ${{ toJSON(needs) }}
 
   publish-pypi:
     name: Publish 🐍📦 ${{ needs.pre-setup.outputs.git-tag }} to PyPI
@@ -729,13 +804,13 @@ jobs:
         name: python-package-distributions
         path: dist/
     - name: >-
-        Publish 🐍📦 v${{ needs.pre-setup.outputs.git-tag }} to PyPI
+        Publish 🐍📦 ${{ needs.pre-setup.outputs.git-tag }} to PyPI
       uses: pypa/gh-action-pypi-publish@release/v1
       with:
         password: ${{ secrets.PYPI_TOKEN }}
 
   publish-testpypi:
-    name: Publish 🐍📦 to TestPyPI
+    name: Publish 🐍📦 ${{ needs.pre-setup.outputs.git-tag }} to TestPyPI
     needs:
     - check
     - pre-setup  # transitive, for accessing settings
@@ -758,12 +833,41 @@ jobs:
         name: python-package-distributions
         path: dist/
     - name: >-
-        Publish 🐍📦  v${{ needs.pre-setup.outputs.git-tag }} to TestPyPI
+        Publish 🐍📦 ${{ needs.pre-setup.outputs.git-tag }} to TestPyPI
       uses: pypa/gh-action-pypi-publish@release/v1
       with:
         password: ${{ secrets.TESTPYPI_API_TOKEN }}
         repository_url: https://test.pypi.org/legacy/
 
+  # publish-docker:
+  #   name: Publish 🐳 📦 ${{ needs.pre-setup.outputs.git-tag }} to Docker Hub
+  #   needs:
+  #   - check
+  #   - pre-setup  # transitive, for accessing settings
+  #   if: >-
+  #     fromJSON(needs.pre-setup.outputs.release-requested)
+  #   runs-on: Ubuntu-latest
+
+  #   environment:
+  #     name: release-docker
+  #     url: >-
+  #       https://test.pypi.org/project/proxy.py/${{
+  #         needs.pre-setup.outputs.dist-version
+  #       }}
+
+  #   steps:
+  #   - name: Download all the dists
+  #     uses: actions/download-artifact@v2
+  #     with:
+  #       name: python-package-distributions
+  #       path: dist/
+  #   - name: >-
+  #       Publish 🐳 📦 ${{ needs.pre-setup.outputs.git-tag }} to Docker Hub
+  #     uses: pypa/gh-action-pypi-publish@release/v1
+  #     with:
+  #       password: ${{ secrets.TESTPYPI_API_TOKEN }}
+  #       repository_url: https://test.pypi.org/legacy/
+
   post-release-repo-update:
     name: >-
       Publish post-release Git tag

CHANGELOG.md

@@ -1,10 +1,23 @@
-<!-- markdownlint-disable no-duplicate-heading -->
+<!-- markdownlint-disable no-duplicate-heading no-multiple-blanks -->
 # Changelog
 
 All notable changes to this project will be documented in this file.
 
-The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
-and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+[//]: # (DO-NOT-REMOVE-versioning-promise-START)
+
+```{note}
+The change notes follow [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
+except for the title formatting, and this project adheres to [Semantic
+Versioning](https://semver.org/spec/v2.0.0.html).
+```
+
+<!--
+Do *NOT* manually add changelog entries here!
+This changelog is managed by Towncrier and is built at release time.
+See https://proxypy.rtfd.io/en/latest/contributing/guidelines#adding-change-notes-with-your-prs
+for details. Or read
+https://github.com/ansible/ansible-language-server/tree/main/docs/changelog-fragments.d#adding-change-notes-with-your-prs
+-->
 
 <!-- towncrier release notes start -->
 

Dockerfile

@@ -6,7 +6,8 @@ LABEL com.abhinavsingh.name="abhinavsingh/proxy.py" \
   👷 \"Work\" acceptor & executor framework" \
   com.abhinavsingh.url="https://github.com/abhinavsingh/proxy.py" \
   com.abhinavsingh.vcs-url="https://github.com/abhinavsingh/proxy.py" \
-  com.abhinavsingh.docker.cmd="docker run -it --rm -p 8899:8899 abhinavsingh/proxy.py"
+  com.abhinavsingh.docker.cmd="docker run -it --rm -p 8899:8899 abhinavsingh/proxy.py" \
+  org.opencontainers.image.source="https://github.com/abhinavsingh/proxy.py"
 ENV PYTHONUNBUFFERED 1
 ARG PROXYPY_PKG_PATH
 
@@ -25,4 +26,7 @@ RUN apk update && apk add openssl
 
 EXPOSE 8899/tcp
 ENTRYPOINT [ "proxy" ]
-CMD [ "--hostname=0.0.0.0" ]
+CMD [ \
+  "--hostname=0.0.0.0" \
+  "--local-executor" \
+  ]