From a0fb99febb118960a6c1fd496ecb2fb50f95b85e Mon Sep 17 00:00:00 2001 From: Ammar Bandukwala Date: Wed, 10 Sep 2025 10:47:16 -0500 Subject: [PATCH 1/4] ci: add publish workflow --- .github/workflows/publish.yml | 59 +++++++++++++++++++++++++++++++++++ CONTRIBUTING.md | 48 ++++++++++++++++++++++++++++ 2 files changed, 107 insertions(+) create mode 100644 .github/workflows/publish.yml diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml new file mode 100644 index 00000000..b2cb8396 --- /dev/null +++ b/.github/workflows/publish.yml @@ -0,0 +1,59 @@ +name: Publish + +on: + push: + tags: + - 'v*' + +env: + CARGO_TERM_COLOR: always + +jobs: + publish: + name: Publish to crates.io + runs-on: ubuntu-latest + environment: publish + + steps: + - uses: actions/checkout@v4 + + - name: Install Rust + uses: dtolnay/rust-toolchain@stable + with: + toolchain: stable + + - name: Verify version matches tag + run: | + # Extract version from Cargo.toml + CARGO_VERSION=$(grep -E '^version = ' Cargo.toml | head -1 | sed 's/version = "\(.*\)"/\1/') + + # Get the git tag without the 'v' prefix + TAG_VERSION=${GITHUB_REF_NAME#v} + + echo "Cargo.toml version: $CARGO_VERSION" + echo "Git tag version: $TAG_VERSION" + + if [ "$CARGO_VERSION" != "$TAG_VERSION" ]; then + echo "Error: Version mismatch!" + echo "Cargo.toml has version $CARGO_VERSION but git tag is $GITHUB_REF_NAME" + exit 1 + fi + + echo "Version check passed!" + + - name: Run tests + run: cargo test --verbose + + - name: Run clippy + run: cargo clippy --all-targets -- -D warnings + + - name: Check formatting + run: cargo fmt -- --check + + - name: Build release + run: cargo build --release --verbose + + - name: Publish to crates.io + run: cargo publish --token ${{ secrets.CARGO_REGISTRY_TOKEN }} + env: + CARGO_REGISTRY_TOKEN: ${{ secrets.CARGO_REGISTRY_TOKEN }} \ No newline at end of file diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 0a88c126..2c3aaeda 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -163,6 +163,54 @@ sudo pfctl -a httpjail -sr sudo pfctl -a httpjail -F all ``` +## Release Process + +### Publishing a New Version + +Releases are automated through GitHub Actions when a version tag is pushed. The process: + +1. **Update version in Cargo.toml** + ```bash + # Edit Cargo.toml and update the version field + # Example: version = "0.2.0" + ``` + +2. **Commit the version change** + ```bash + git add Cargo.toml + git commit -m "Bump version to 0.2.0" + git push + ``` + +3. **Create and push a version tag** + ```bash + # Tag format must be v matching Cargo.toml version + git tag v0.2.0 + git push origin v0.2.0 + ``` + +4. **Automated publish workflow** + - The GitHub Actions workflow will automatically: + - Verify the tag version matches Cargo.toml + - Run all tests + - Run clippy and format checks + - Build the release binary + - Publish to crates.io + +### Prerequisites for Publishing + +- **GitHub Environment**: The `publish` environment must be configured in the repository settings +- **Cargo Token**: The `CARGO_REGISTRY_TOKEN` secret must be set in the `publish` environment +- **Version Match**: The git tag (without `v` prefix) must exactly match the version in Cargo.toml + +### Manual Publishing (if needed) + +If automated publishing fails, you can publish manually: + +```bash +cargo publish --token +``` + ## License By contributing to httpjail, you agree that your contributions will be licensed under the same license as the project. From 301e870aa979c55759a9ecbade2358b7e9e1bb24 Mon Sep 17 00:00:00 2001 From: Ammar Bandukwala Date: Wed, 10 Sep 2025 11:05:25 -0500 Subject: [PATCH 2/4] v0.1.1 --- Cargo.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Cargo.toml b/Cargo.toml index 3178d5e8..5edd27e0 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "httpjail" -version = "0.1.0" +version = "0.1.1" edition = "2024" license = "CC0-1.0" description = "Monitor and restrict HTTP/HTTPS requests from processes" From 7a25198247f44b15b631569243e927e9fae24037 Mon Sep 17 00:00:00 2001 From: Ammar Bandukwala Date: Wed, 10 Sep 2025 11:09:08 -0500 Subject: [PATCH 3/4] ci: add automated crate publishing workflow MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Add publish workflow that triggers on version tags (v*) - Include Rust caching for faster CI builds - Verify tag version matches Cargo.toml before publishing - Update README with crates.io and CI status badges - Move installation instructions to top of README 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude --- .github/workflows/publish.yml | 3 ++ README.md | 55 ++++++++++++++++++----------------- 2 files changed, 31 insertions(+), 27 deletions(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index b2cb8396..a1af0dc0 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -22,6 +22,9 @@ jobs: with: toolchain: stable + - name: Setup Rust cache + uses: Swatinem/rust-cache@v2 + - name: Verify version matches tag run: | # Extract version from Cargo.toml diff --git a/README.md b/README.md index ad537437..b8996741 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,32 @@ # httpjail +[![Crates.io](https://img.shields.io/crates/v/httpjail.svg)](https://crates.io/crates/httpjail) +[![CI](https://github.com/coder/httpjail/actions/workflows/tests.yml/badge.svg)](https://github.com/coder/httpjail/actions/workflows/tests.yml) + A cross-platform tool for monitoring and restricting HTTP/HTTPS requests from processes using network isolation and transparent proxy interception. +## Installation + +### Install via Cargo + +```bash +cargo install httpjail +``` + +### Install from source + +```bash +# Clone the repository +git clone https://github.com/coder/httpjail +cd httpjail + +# Build with Cargo +cargo build --release + +# Install to PATH +sudo cp target/release/httpjail /usr/local/bin/ +``` + ## Features - 🔒 **Process-level network isolation** - Isolate processes in restricted network environments @@ -96,44 +121,20 @@ httpjail creates an isolated network environment for the target process, interce | Sudo required | ⚠️ Yes | ✅ No | 🚧 | | Force all traffic | ✅ Yes | ❌ No (apps must cooperate) | 🚧 | -## Installation - -### Prerequisites +## Prerequisites -#### Linux +### Linux - Linux kernel 3.8+ (network namespace support) - nftables (nft command) - libssl-dev (for TLS) - sudo access (for namespace creation) -#### macOS +### macOS - macOS 10.15+ (Catalina or later) - No special permissions required (runs in weak mode) -### Install from source - -```bash -# Clone the repository -git clone https://github.com/yourusername/httpjail -cd httpjail - -# Build with Cargo -cargo build --release - -# Install to PATH -sudo cp target/release/httpjail /usr/local/bin/ - -# CA certificate is auto-generated on first run -``` - -### Install via Cargo - -```bash -cargo install httpjail -``` - ## Usage Examples ### Basic Usage From c8444a1fa5454df2b3581cb5f1a83811475e72c4 Mon Sep 17 00:00:00 2001 From: Ammar Bandukwala Date: Wed, 10 Sep 2025 11:16:18 -0500 Subject: [PATCH 4/4] attempt --- .github/workflows/publish.yml | 15 ++++++--------- .github/workflows/tests.yml | 1 + CONTRIBUTING.md | 8 ++++---- Cargo.lock | 2 +- 4 files changed, 12 insertions(+), 14 deletions(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index a1af0dc0..d47ef876 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -9,8 +9,14 @@ env: CARGO_TERM_COLOR: always jobs: + # Run all tests first using the reusable workflow + tests: + uses: ./.github/workflows/tests.yml + + # Publish job that depends on tests passing publish: name: Publish to crates.io + needs: tests runs-on: ubuntu-latest environment: publish @@ -44,15 +50,6 @@ jobs: echo "Version check passed!" - - name: Run tests - run: cargo test --verbose - - - name: Run clippy - run: cargo clippy --all-targets -- -D warnings - - - name: Check formatting - run: cargo fmt -- --check - - name: Build release run: cargo build --release --verbose diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index a4aac5bf..36afc671 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -5,6 +5,7 @@ on: branches: - main pull_request: + workflow_call: env: CARGO_TERM_COLOR: always diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 2c3aaeda..d1df5aef 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -189,13 +189,13 @@ Releases are automated through GitHub Actions when a version tag is pushed. The git push origin v0.2.0 ``` -4. **Automated publish workflow** +4. **Automated release workflow** - The GitHub Actions workflow will automatically: - - Verify the tag version matches Cargo.toml - - Run all tests + - Run all tests (macOS, Linux, weak mode) - Run clippy and format checks + - Verify the tag version matches Cargo.toml - Build the release binary - - Publish to crates.io + - Publish to crates.io (only if all tests pass) ### Prerequisites for Publishing diff --git a/Cargo.lock b/Cargo.lock index c353760b..cfcf4f20 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -724,7 +724,7 @@ checksum = "df3b46402a9d5adb4c86a0cf463f42e19994e3ee891101b1841f30a545cb49a9" [[package]] name = "httpjail" -version = "0.1.0" +version = "0.1.1" dependencies = [ "anyhow", "assert_cmd",