chore: pre-commit autoupdate
#1323
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Python testing | |
| on: [push, pull_request, workflow_dispatch] | |
| jobs: | |
| test: | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| os: [ubuntu-latest, windows-latest, macOS-13] | |
| defaults: | |
| run: | |
| shell: bash # For `source` | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.12" | |
| cache: 'pip' | |
| cache-dependency-path: requirements/*.txt | |
| - name: Python/tkinter version debug | |
| run: | | |
| python --version | |
| python -c "import sys, tkinter;tcl = tkinter.Tcl();print(f\"{tkinter.TkVersion=}\n{tkinter.TclVersion=}\n{tcl.call('info', 'patchlevel')=}\n{sys.executable=}\n{tkinter.__file__=}\")" | |
| - name: OS specific setup (windows) | |
| if: startswith(matrix.os, 'windows') | |
| run: | | |
| echo 'OS_NAME=windows' >> $GITHUB_ENV | |
| echo 'ACTIVATE_PATH=venv/Scripts/activate' >> $GITHUB_ENV | |
| echo 'RESULT_EXTENSION=.exe' >> $GITHUB_ENV | |
| echo 'PYINSTALLER_ARGS=--hide-console=minimize-early' >> $GITHUB_ENV | |
| echo 'INSTALL_CA_CERT=certutil.exe -addstore root local-ca.pem' >> $GITHUB_ENV | |
| - name: OS specific setup (linux) | |
| if: startswith(matrix.os, 'ubuntu') | |
| run: | | |
| echo 'OS_NAME=linux' >> $GITHUB_ENV | |
| echo 'ACTIVATE_PATH=venv/bin/activate' >> $GITHUB_ENV | |
| echo 'RESULT_EXTENSION=' >> $GITHUB_ENV | |
| echo 'PYINSTALLER_ARGS=' >> $GITHUB_ENV | |
| echo 'INSTALL_CA_CERT=sudo cp local-ca.pem /usr/local/share/ca-certificates/local-ca.crt; sudo update-ca-certificates' >> $GITHUB_ENV | |
| - name: OS specific setup (mac) | |
| if: startswith(matrix.os, 'macOS') | |
| run: | | |
| echo 'OS_NAME=mac' >> $GITHUB_ENV | |
| echo 'ACTIVATE_PATH=venv/bin/activate' >> $GITHUB_ENV | |
| # Upload the built .dmg app-installer | |
| echo 'RESULT_EXTENSION=.dmg' >> $GITHUB_ENV | |
| # Target universal2 so that the built binary can run on both intel and apple silicon | |
| # Pass --windowed to build a .app bundle | |
| echo 'PYINSTALLER_ARGS=--target-architecture universal2 --windowed' >> $GITHUB_ENV | |
| echo 'INSTALL_CA_CERT=sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain local-ca.pem' >> $GITHUB_ENV | |
| - name: Select dependency files | |
| run: | | |
| echo "REQUIREMENTS=requirements/${{ env.OS_NAME }}.txt" >> $GITHUB_ENV | |
| echo "DEV_REQUIREMENTS=requirements/${{ env.OS_NAME }}-dev.txt" >> $GITHUB_ENV | |
| - name: Install dependencies | |
| run: | | |
| python -m ensurepip | |
| python -m venv venv | |
| source ${{ env.ACTIVATE_PATH }} | |
| python -m pip install --upgrade pip | |
| python -m pip install -r ${{ env.REQUIREMENTS }} -r ${{ env.DEV_REQUIREMENTS }} | |
| python -m pip install --no-deps -e . | |
| VERSION_STRING="$(python -c 'from prism import VERSION_STRING; print(VERSION_STRING)')" | |
| echo "VERSION_STRING=$VERSION_STRING" >> $GITHUB_ENV | |
| echo "SIMPLE_NAME=prism-$VERSION_STRING" >> $GITHUB_ENV | |
| echo "BUILD_RESULT_NAME=prism-$VERSION_STRING-${{ env.OS_NAME }}${{ env.RESULT_EXTENSION }}" >> $GITHUB_ENV | |
| - name: Run typechecking | |
| run: | | |
| source ${{ env.ACTIVATE_PATH }} | |
| mypy --strict . | |
| - name: Run tests | |
| run: | | |
| source ${{ env.ACTIVATE_PATH }} | |
| coverage run | |
| coverage report | |
| - name: tee | stderr | |
| if: env.OS_NAME != 'windows' | |
| run: | |
| echo 'TEE_STDERR=| tee /dev/stderr' >> $GITHUB_ENV | |
| - name: Test ssl system certs | |
| run: | | |
| source ${{ env.ACTIVATE_PATH }} | |
| certifi_ca_certs="$(python -m certifi)" | |
| ( | |
| cd tests/system_certs | |
| echo 'Print certs' >&2 | |
| sh print.sh | |
| echo "Run local https server and ensure it's running" >&2 | |
| python server.py >/dev/null 2>&1 & | |
| sleep 1 | |
| echo 'Ensure request succeeds with local ca' >&2 | |
| curl --ssl-no-revoke --fail --silent https://localhost:12345 --cacert local-ca.pem ${{ env.TEE_STDERR }} | grep '^Hello world' >/dev/null 2>&1 | |
| echo 'Ensure request fails with certifi ca' >&2 | |
| ! curl --ssl-no-revoke --fail https://localhost:12345 --cacert "$certifi_ca_certs" 2>&1 ${{ env.TEE_STDERR }} | grep 'SSL certificate problem' >/dev/null 2>&1 | |
| echo 'Install certs' >&2 | |
| ${{ env.INSTALL_CA_CERT }} | |
| ) | |
| # Create placeholder logfile | |
| touch latest.log | |
| echo 'Ensure ssl error is caught when using included certs' >&2 | |
| echo 'use_included_certs = true' > included_certs_settings.toml | |
| # Don't open the settings prompt | |
| echo 'autowho = true' >> included_certs_settings.toml | |
| python prism_overlay.py --test-ssl --settings=included_certs_settings.toml --logfile=latest.log ${{ env.TEE_STDERR }} | grep '^Caught missing local issuer SSLError: ' >/dev/null 2>&1 | |
| echo 'Ensure request succeeds when using system certs' >&2 | |
| echo 'use_included_certs = false' > system_certs_settings.toml | |
| # Don't open the settings prompt | |
| echo 'autowho = true' >> system_certs_settings.toml | |
| python prism_overlay.py --test-ssl --settings=system_certs_settings.toml --logfile=latest.log ${{ env.TEE_STDERR }} | grep '^Got response: Hello world' >/dev/null 2>&1 | |
| - name: Build single file binary with pyinstaller | |
| run: | | |
| source ${{ env.ACTIVATE_PATH }} | |
| python add_version_to_icon.py # Create the icon file | |
| pyinstaller prism_overlay.py --noconfirm --onefile --icon=pyinstaller/who_with_version.ico --name "${{ env.SIMPLE_NAME }}" --additional-hooks-dir=pyinstaller ${{ env.PYINSTALLER_ARGS }} | |
| - name: Package app bundle to disk image (mac) | |
| if: env.OS_NAME == 'mac' | |
| run: | | |
| brew install imagemagick | |
| magick pyinstaller/who_with_version.ico pyinstaller/who_with_version.icns | |
| brew install create-dmg | |
| mkdir -p 'dist/app' | |
| mv "dist/${{ env.SIMPLE_NAME }}.app" "dist/app" | |
| # Inspired by: | |
| # https://www.pythonguis.com/tutorials/packaging-pyqt5-applications-pyinstaller-macos-dmg/ | |
| create-dmg \ | |
| --volname "Prism ${{ env.VERSION_STRING }} installer" \ | |
| --volicon 'pyinstaller/who_with_version.icns' \ | |
| --window-pos 200 120 \ | |
| --window-size 600 300 \ | |
| --icon-size 100 \ | |
| --icon "${{ env.SIMPLE_NAME }}.app" 175 120 \ | |
| --hide-extension "${{ env.SIMPLE_NAME }}.app" \ | |
| --app-drop-link 425 120 \ | |
| "${{ env.BUILD_RESULT_NAME }}" \ | |
| "dist/app/" | |
| - name: Store built binary (non-mac) | |
| if: env.OS_NAME != 'mac' | |
| run: | | |
| mv "dist/${{ env.SIMPLE_NAME }}${{ env.RESULT_EXTENSION }}" "${{ env.BUILD_RESULT_NAME }}" | |
| - name: Upload built binary/app .dmg | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: ${{ env.SIMPLE_NAME }}-${{ matrix.os }} | |
| path: "${{ env.BUILD_RESULT_NAME }}" | |
| if-no-files-found: error |