diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml new file mode 100644 index 00000000..d47ef876 --- /dev/null +++ b/.github/workflows/publish.yml @@ -0,0 +1,59 @@ +name: Publish + +on: + push: + tags: + - 'v*' + +env: + CARGO_TERM_COLOR: always + +jobs: + # Run all tests first using the reusable workflow + tests: + uses: ./.github/workflows/tests.yml + + # Publish job that depends on tests passing + publish: + name: Publish to crates.io + needs: tests + runs-on: ubuntu-latest + environment: publish + + steps: + - uses: actions/checkout@v4 + + - name: Install Rust + uses: dtolnay/rust-toolchain@stable + with: + toolchain: stable + + - name: Setup Rust cache + uses: Swatinem/rust-cache@v2 + + - name: Verify version matches tag + run: | + # Extract version from Cargo.toml + CARGO_VERSION=$(grep -E '^version = ' Cargo.toml | head -1 | sed 's/version = "\(.*\)"/\1/') + + # Get the git tag without the 'v' prefix + TAG_VERSION=${GITHUB_REF_NAME#v} + + echo "Cargo.toml version: $CARGO_VERSION" + echo "Git tag version: $TAG_VERSION" + + if [ "$CARGO_VERSION" != "$TAG_VERSION" ]; then + echo "Error: Version mismatch!" + echo "Cargo.toml has version $CARGO_VERSION but git tag is $GITHUB_REF_NAME" + exit 1 + fi + + echo "Version check passed!" + + - name: Build release + run: cargo build --release --verbose + + - name: Publish to crates.io + run: cargo publish --token ${{ secrets.CARGO_REGISTRY_TOKEN }} + env: + CARGO_REGISTRY_TOKEN: ${{ secrets.CARGO_REGISTRY_TOKEN }} \ No newline at end of file diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index a4aac5bf..36afc671 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -5,6 +5,7 @@ on: branches: - main pull_request: + workflow_call: env: CARGO_TERM_COLOR: always diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 0a88c126..d1df5aef 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -163,6 +163,54 @@ sudo pfctl -a httpjail -sr sudo pfctl -a httpjail -F all ``` +## Release Process + +### Publishing a New Version + +Releases are automated through GitHub Actions when a version tag is pushed. The process: + +1. **Update version in Cargo.toml** + ```bash + # Edit Cargo.toml and update the version field + # Example: version = "0.2.0" + ``` + +2. **Commit the version change** + ```bash + git add Cargo.toml + git commit -m "Bump version to 0.2.0" + git push + ``` + +3. **Create and push a version tag** + ```bash + # Tag format must be v matching Cargo.toml version + git tag v0.2.0 + git push origin v0.2.0 + ``` + +4. **Automated release workflow** + - The GitHub Actions workflow will automatically: + - Run all tests (macOS, Linux, weak mode) + - Run clippy and format checks + - Verify the tag version matches Cargo.toml + - Build the release binary + - Publish to crates.io (only if all tests pass) + +### Prerequisites for Publishing + +- **GitHub Environment**: The `publish` environment must be configured in the repository settings +- **Cargo Token**: The `CARGO_REGISTRY_TOKEN` secret must be set in the `publish` environment +- **Version Match**: The git tag (without `v` prefix) must exactly match the version in Cargo.toml + +### Manual Publishing (if needed) + +If automated publishing fails, you can publish manually: + +```bash +cargo publish --token +``` + ## License By contributing to httpjail, you agree that your contributions will be licensed under the same license as the project. diff --git a/Cargo.lock b/Cargo.lock index c353760b..cfcf4f20 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -724,7 +724,7 @@ checksum = "df3b46402a9d5adb4c86a0cf463f42e19994e3ee891101b1841f30a545cb49a9" [[package]] name = "httpjail" -version = "0.1.0" +version = "0.1.1" dependencies = [ "anyhow", "assert_cmd", diff --git a/Cargo.toml b/Cargo.toml index 3178d5e8..5edd27e0 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "httpjail" -version = "0.1.0" +version = "0.1.1" edition = "2024" license = "CC0-1.0" description = "Monitor and restrict HTTP/HTTPS requests from processes" diff --git a/README.md b/README.md index ad537437..b8996741 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,32 @@ # httpjail +[![Crates.io](https://img.shields.io/crates/v/httpjail.svg)](https://crates.io/crates/httpjail) +[![CI](https://github.com/coder/httpjail/actions/workflows/tests.yml/badge.svg)](https://github.com/coder/httpjail/actions/workflows/tests.yml) + A cross-platform tool for monitoring and restricting HTTP/HTTPS requests from processes using network isolation and transparent proxy interception. +## Installation + +### Install via Cargo + +```bash +cargo install httpjail +``` + +### Install from source + +```bash +# Clone the repository +git clone https://github.com/coder/httpjail +cd httpjail + +# Build with Cargo +cargo build --release + +# Install to PATH +sudo cp target/release/httpjail /usr/local/bin/ +``` + ## Features - 🔒 **Process-level network isolation** - Isolate processes in restricted network environments @@ -96,44 +121,20 @@ httpjail creates an isolated network environment for the target process, interce | Sudo required | ⚠️ Yes | ✅ No | 🚧 | | Force all traffic | ✅ Yes | ❌ No (apps must cooperate) | 🚧 | -## Installation - -### Prerequisites +## Prerequisites -#### Linux +### Linux - Linux kernel 3.8+ (network namespace support) - nftables (nft command) - libssl-dev (for TLS) - sudo access (for namespace creation) -#### macOS +### macOS - macOS 10.15+ (Catalina or later) - No special permissions required (runs in weak mode) -### Install from source - -```bash -# Clone the repository -git clone https://github.com/yourusername/httpjail -cd httpjail - -# Build with Cargo -cargo build --release - -# Install to PATH -sudo cp target/release/httpjail /usr/local/bin/ - -# CA certificate is auto-generated on first run -``` - -### Install via Cargo - -```bash -cargo install httpjail -``` - ## Usage Examples ### Basic Usage