Add support for HTTP proxying (#506)

* Add `--proxy` and `--no-proxy` CLI flags
* Add property `http` to `pkl:settings`
* Move `EvaluatorSettings` from `pkl:Project` to its own module and add property `http`
* Add support for proxying in server mode, and through Gradle
* Add `setProxy()` to `HttpClient`
* Add documentation

docs/modules/bindings-specification/pages/message-passing-api.adoc

@@ -121,6 +121,9 @@ outputFormat: String?
 /// The project dependency settings.
 project: Project?
 
+/// Configuration of outgoing HTTP requests.
+http: Http?
+
 class ClientResourceReader {
   /// The URI scheme this reader is responsible for reading.
   scheme: String
@@ -175,6 +178,54 @@ class Project {
   dependencies: Mapping<String, Project|RemoteDependency>
 }
 
+/// Settings that control how Pkl talks to HTTP(S) servers.
+class Http {
+  /// Configuration of the HTTP proxy to use.
+  ///
+  /// If [null], uses the operating system's proxy configuration.
+  proxy: Proxy?
+}
+
+/// Settings that control how Pkl talks to HTTP proxies.
+class Proxy {
+  /// The proxy to use for HTTP(S) connections.
+  ///
+  /// At the moment, only HTTP proxies are supported.
+  ///
+  /// Example:
+  /// ```
+  /// address = "http://my.proxy.example.com:5080"
+  /// ```
+  address: Uri(startsWith("http://"))?
+
+  /// Hosts to which all connections should bypass a proxy.
+  ///
+  /// Values can be either hostnames, or IP addresses.
+  /// IP addresses can optionally be provided using [CIDR notation](https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing#CIDR_notation).
+  ///
+  /// The only wildcard is `"*"`, which disables all proxying.
+  ///
+  /// A hostname matches all subdomains.
+  /// For example, `example.com` matches `foo.example.com`, but not `fooexample.com`.
+  /// A hostname that is prefixed with a dot matches the hostname itself,
+  /// so `.example.com` matches `example.com`.
+  ///
+  /// Optionally, a port can be specified.
+  /// If a port is omitted, all ports are matched.
+  ///
+  /// Example:
+  ///
+  /// ```
+  /// noProxy {
+  ///   "127.0.0.1"
+  ///   "169.254.0.0/16"
+  ///   "example.com"
+  ///   "localhost:5050"
+  /// }
+  /// ```
+  noProxy: Listing<String>(isDistinct)
+}
+
 class RemoteDependency {
   type: "remote"
 

docs/modules/pkl-cli/pages/index.adoc

@@ -829,3 +829,18 @@ These certificates can be overridden via either of the two options:
 Both these options will *replace* the default CA certificates bundled with Pkl. +
 The CLI option takes precedence over the certificates in `~/.pkl/cacerts/`. +
 Certificates need to be X.509 certificates in PEM format.
+
+[[http-proxy]]
+== HTTP Proxy
+
+When making HTTP(S) requests, Pkl can use a proxy.
+By default, no proxy is configured.
+A proxy can be configured as follows:
+
+- Using `--proxy <uri>`.
+  The URI must (currently) have scheme `http`, and may not contain anything other than a host and port.
+- Using `--no-proxy <hosts>`.
+  The given (comma separated list of) hosts bypass the proxy.
+  Hosts can be specified by domain name (in which case all subdomains also bypass the proxy), IP addresses, or IP ranges (using link:https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing#CIDR_notation[CIDR notation]).
+  For individual hosts (not CIDRs), ports can be specified.
+  When no port is specified for a given host, connections to all ports bypass the proxy.

docs/modules/pkl-cli/partials/cli-common-options.adoc

@@ -122,3 +122,21 @@ Certificates need to be X.509 certificates in PEM format.
 
 For other methods of configuring certificates, see xref:pkl-cli:index.adoc#ca-certs[CA Certificates].
 ====
+
+.--proxy
+[%collapsible]
+====
+Default: (none) +
+Example: `http://proxy.example.com:1234` +
+Configures HTTP connections to connect to the provided proxy address.
+The URI must have scheme `http`, and may not contain anything other than a host and port.
+====
+
+.--no-proxy
+[%collapsible]
+====
+Default: (none) +
+Example: `example.com,169.254.0.0/16` +
+Comma separated list of hosts to which all connections should bypass the proxy.
+Hosts can be specified by name, IP address, or IP range using https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing#CIDR_notation[CIDR notation].
+====

docs/modules/pkl-gradle/partials/gradle-common-properties.adoc

@@ -83,3 +83,21 @@ Example: `modulePath.from files("dir1", "zip1.zip", "jar1.jar")` +
 The directories, ZIP archives, or JAR archives to search when resolving `modulepath:` URIs.
 Relative paths are resolved against the project directory.
 ====
+
+.proxy: Property<URI>
+[%collapsible]
+====
+Default: `null` +
+Example: `http://proxy.example.com:1234` +
+Configures HTTP connections to connect to the provided proxy address.
+The URI must have scheme `http`, and may not contain anything other than a host and port.
+====
+
+.noProxy: ListProperty<String>
+[%collapsible]
+====
+Default: `null` +
+Example: `example.com,169.254.0.0/16` +
+Hosts to which all connections should bypass the proxy.
+Hosts can be specified by name, IP address, or IP range using https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing#CIDR_notation[CIDR notation].
+====