-
Notifications
You must be signed in to change notification settings - Fork 30
238 lines (230 loc) · 7.9 KB
/
Copy pathvalidate-install.yml
File metadata and controls
238 lines (230 loc) · 7.9 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
name: validate-install
on:
pull_request:
branches: [main, dev]
push:
branches: [main, dev]
workflow_dispatch:
concurrency:
group: validate-install-${{ github.ref }}
cancel-in-progress: true
jobs:
unit-tests:
name: unit tests (Python 3.13)
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v4
- uses: astral-sh/setup-uv@v4
with:
enable-cache: true
- name: Pin Python 3.13
run: uv python install 3.13
- name: Sync environment
run: uv sync
- name: Run test suite (coverage gate from pyproject addopts)
run: uv run pytest
quality:
name: lint + typecheck
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v4
- uses: astral-sh/setup-uv@v4
with:
enable-cache: true
- name: Pin Python 3.13
run: uv python install 3.13
- name: Sync environment
run: uv sync
- name: Ruff
run: uv run ruff check .
- name: Mypy
run: uv run mypy src/ccproxy
nix-check:
name: nix flake check
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v4
- uses: cachix/install-nix-action@v30
with:
extra_nix_config: |
experimental-features = nix-command flakes
accept-flake-config = true
- name: Evaluate flake outputs
run: nix flake check --no-build --show-trace
build-wheel:
name: build wheel (uv)
runs-on: ubuntu-24.04
outputs:
wheel-name: ${{ steps.build.outputs.wheel-name }}
steps:
- uses: actions/checkout@v4
- uses: astral-sh/setup-uv@v4
with:
enable-cache: true
- name: Pin Python 3.13
run: uv python install 3.13
- name: Build wheel
id: build
run: |
uv build --wheel
name="$(ls dist/*.whl | head -1 | xargs basename)"
echo "wheel-name=$name" >> "$GITHUB_OUTPUT"
echo "built: $name"
- uses: actions/upload-artifact@v4
with:
name: wheel
path: dist/*.whl
retention-days: 7
if-no-files-found: error
validate-install:
name: pip install / ${{ matrix.distro.id }}
needs: build-wheel
runs-on: ubuntu-24.04
strategy:
fail-fast: false
matrix:
distro:
- id: debian-12
image: debian:12
install_deps: |
apt-get update
apt-get install -y --no-install-recommends \
slirp4netns wireguard-tools iproute2 iptables \
ca-certificates curl xz-utils
- id: ubuntu-24.04
image: ubuntu:24.04
install_deps: |
apt-get update
apt-get install -y --no-install-recommends \
slirp4netns wireguard-tools iproute2 iptables \
ca-certificates curl xz-utils
- id: fedora-44
image: fedora:44
install_deps: |
dnf install -y \
slirp4netns wireguard-tools iproute iptables-nft \
ca-certificates curl xz which
- id: archlinux
image: archlinux:latest
install_deps: |
pacman -Sy --noconfirm \
slirp4netns wireguard-tools iproute2 iptables \
ca-certificates curl xz which
container:
image: ${{ matrix.distro.image }}
steps:
- name: Install system packages
run: ${{ matrix.distro.install_deps }}
- name: Install uv
run: |
curl -LsSf https://astral.sh/uv/install.sh | sh
echo "$HOME/.local/bin" >> "$GITHUB_PATH"
- name: Provision Python 3.13
run: uv python install 3.13
- name: Download wheel artifact
uses: actions/download-artifact@v4
with:
name: wheel
path: dist
- name: Create venv + install wheel
run: |
uv venv --python 3.13 /tmp/ccproxy-venv
source /tmp/ccproxy-venv/bin/activate
uv pip install ./dist/*.whl
- name: Verify console scripts on PATH
run: |
source /tmp/ccproxy-venv/bin/activate
command -v ccproxy
- name: Smoke test - ccproxy --help (entry point + tyro dispatch)
run: |
source /tmp/ccproxy-venv/bin/activate
ccproxy --help > /dev/null
- name: Smoke test - ccproxy init
run: |
source /tmp/ccproxy-venv/bin/activate
mkdir -p /tmp/ccproxy-config
CCPROXY_CONFIG_DIR=/tmp/ccproxy-config ccproxy init
test -f /tmp/ccproxy-config/ccproxy.yaml
- name: Verify system tools discoverable
run: |
# iptables/ip/sysctl live in /usr/sbin on Debian/Ubuntu, not in non-root PATH by default.
export PATH="$PATH:/usr/sbin:/sbin"
for tool in slirp4netns wg unshare nsenter ip iptables sysctl; do
command -v "$tool" || { echo "missing: $tool"; exit 1; }
done
- name: Smoke test - ccproxy status (expects bitmask 3, nothing running)
run: |
source /tmp/ccproxy-venv/bin/activate
rc=0
CCPROXY_CONFIG_DIR=/tmp/ccproxy-config ccproxy status --proxy --inspect || rc=$?
test "$rc" = "3" || { echo "unexpected status rc=$rc (expected 3 = proxy|inspect both down)"; exit 1; }
- name: Smoke test - python -m import
run: |
source /tmp/ccproxy-venv/bin/activate
python -c "import ccproxy; import ccproxy.cli; import ccproxy.mcp.server; print('imports ok')"
validate-install-macos:
if: false # disabled — macOS bills at 10x
name: pip install / macos
needs: build-wheel
runs-on: macos-latest
steps:
- uses: astral-sh/setup-uv@v4
with:
enable-cache: true
- name: Provision Python 3.13
run: uv python install 3.13
- name: Download wheel artifact
uses: actions/download-artifact@v4
with:
name: wheel
path: dist
- name: Create venv + install wheel
run: |
uv venv --python 3.13 /tmp/ccproxy-venv
source /tmp/ccproxy-venv/bin/activate
uv pip install ./dist/*.whl
- name: Verify console scripts on PATH
run: |
source /tmp/ccproxy-venv/bin/activate
command -v ccproxy
- name: Smoke test - ccproxy --help (entry point + tyro dispatch)
run: |
source /tmp/ccproxy-venv/bin/activate
ccproxy --help > /dev/null
- name: Smoke test - ccproxy init
run: |
source /tmp/ccproxy-venv/bin/activate
mkdir -p /tmp/ccproxy-config
CCPROXY_CONFIG_DIR=/tmp/ccproxy-config ccproxy init
test -f /tmp/ccproxy-config/ccproxy.yaml
- name: Smoke test - ccproxy status (no daemon, bitmask 3 = proxy|inspect down)
run: |
source /tmp/ccproxy-venv/bin/activate
rc=0
CCPROXY_CONFIG_DIR=/tmp/ccproxy-config ccproxy status --proxy --inspect || rc=$?
test "$rc" = "3" || { echo "unexpected status rc=$rc (expected 3)"; exit 1; }
- name: Smoke test - python -m import
run: |
source /tmp/ccproxy-venv/bin/activate
python -c "import ccproxy; import ccproxy.cli; import ccproxy.mcp.server; print('imports ok')"
- name: Smoke test - daemon start binds :4000 (reverse-proxy mode, no namespace jail)
run: |
source /tmp/ccproxy-venv/bin/activate
export CCPROXY_CONFIG_DIR=/tmp/ccproxy-config
nohup ccproxy start > /tmp/ccproxy.log 2>&1 &
CCPROXY_PID=$!
ready=0
for i in $(seq 1 30); do
if nc -z 127.0.0.1 4000 2>/dev/null; then
echo "proxy bound :4000 (attempt $i)"
ready=1
break
fi
sleep 1
done
kill $CCPROXY_PID 2>/dev/null || true
if [[ $ready -eq 0 ]]; then
echo "proxy never bound :4000"
tail -100 /tmp/ccproxy.log
exit 1
fi