ci: add publish workflow

.github/workflows/publish.yml

@@ -0,0 +1,59 @@
+name: Publish
+
+on:
+  push:
+    tags:
+      - 'v*'
+
+env:
+  CARGO_TERM_COLOR: always
+
+jobs:
+  # Run all tests first using the reusable workflow
+  tests:
+    uses: ./.github/workflows/tests.yml
+
+  # Publish job that depends on tests passing
+  publish:
+    name: Publish to crates.io
+    needs: tests
+    runs-on: ubuntu-latest
+    environment: publish
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install Rust
+        uses: dtolnay/rust-toolchain@stable
+        with:
+          toolchain: stable
+
+      - name: Setup Rust cache
+        uses: Swatinem/rust-cache@v2
+
+      - name: Verify version matches tag
+        run: |
+          # Extract version from Cargo.toml
+          CARGO_VERSION=$(grep -E '^version = ' Cargo.toml | head -1 | sed 's/version = "\(.*\)"/\1/')
+
+          # Get the git tag without the 'v' prefix
+          TAG_VERSION=${GITHUB_REF_NAME#v}
+
+          echo "Cargo.toml version: $CARGO_VERSION"
+          echo "Git tag version: $TAG_VERSION"
+
+          if [ "$CARGO_VERSION" != "$TAG_VERSION" ]; then
+            echo "Error: Version mismatch!"
+            echo "Cargo.toml has version $CARGO_VERSION but git tag is $GITHUB_REF_NAME"
+            exit 1
+          fi
+
+          echo "Version check passed!"
+
+      - name: Build release
+        run: cargo build --release --verbose
+
+      - name: Publish to crates.io
+        run: cargo publish --token ${{ secrets.CARGO_REGISTRY_TOKEN }}
+        env:
+          CARGO_REGISTRY_TOKEN: ${{ secrets.CARGO_REGISTRY_TOKEN }}

.github/workflows/tests.yml

@@ -5,6 +5,7 @@ on:
     branches:
       - main
   pull_request:
+  workflow_call:
 
 env:
   CARGO_TERM_COLOR: always

CONTRIBUTING.md

@@ -163,6 +163,54 @@ sudo pfctl -a httpjail -sr
 sudo pfctl -a httpjail -F all
 ```
 
+## Release Process
+
+### Publishing a New Version
+
+Releases are automated through GitHub Actions when a version tag is pushed. The process:
+
+1. **Update version in Cargo.toml**
+   ```bash
+   # Edit Cargo.toml and update the version field
+   # Example: version = "0.2.0"
+   ```
+
+2. **Commit the version change**
+   ```bash
+   git add Cargo.toml
+   git commit -m "Bump version to 0.2.0"
+   git push
+   ```
+
+3. **Create and push a version tag**
+   ```bash
+   # Tag format must be v<version> matching Cargo.toml version
+   git tag v0.2.0
+   git push origin v0.2.0
+   ```
+
+4. **Automated release workflow**
+   - The GitHub Actions workflow will automatically:
+     - Run all tests (macOS, Linux, weak mode)
+     - Run clippy and format checks
+     - Verify the tag version matches Cargo.toml
+     - Build the release binary
+     - Publish to crates.io (only if all tests pass)
+
+### Prerequisites for Publishing
+
+- **GitHub Environment**: The `publish` environment must be configured in the repository settings
+- **Cargo Token**: The `CARGO_REGISTRY_TOKEN` secret must be set in the `publish` environment
+- **Version Match**: The git tag (without `v` prefix) must exactly match the version in Cargo.toml
+
+### Manual Publishing (if needed)
+
+If automated publishing fails, you can publish manually:
+
+```bash
+cargo publish --token <your-token>
+```
+
 ## License
 
 By contributing to httpjail, you agree that your contributions will be licensed under the same license as the project.

Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "httpjail"
-version = "0.1.0"
+version = "0.1.1"
 edition = "2024"
 license = "CC0-1.0"
 description = "Monitor and restrict HTTP/HTTPS requests from processes"

README.md

@@ -1,7 +1,32 @@
 # httpjail
 
+[![Crates.io](https://img.shields.io/crates/v/httpjail.svg)](https://crates.io/crates/httpjail)
+[![CI](https://github.com/coder/httpjail/actions/workflows/tests.yml/badge.svg)](https://github.com/coder/httpjail/actions/workflows/tests.yml)
+
 A cross-platform tool for monitoring and restricting HTTP/HTTPS requests from processes using network isolation and transparent proxy interception.
 
+## Installation
+
+### Install via Cargo
+
+```bash
+cargo install httpjail
+```
+
+### Install from source
+
+```bash
+# Clone the repository
+git clone https://github.com/coder/httpjail
+cd httpjail
+
+# Build with Cargo
+cargo build --release
+
+# Install to PATH
+sudo cp target/release/httpjail /usr/local/bin/
+```
+
 ## Features
 
 - 🔒 **Process-level network isolation** - Isolate processes in restricted network environments
@@ -96,44 +121,20 @@ httpjail creates an isolated network environment for the target process, interce
 | Sudo required     | ⚠️ Yes                   | ✅ No                       | 🚧            |
 | Force all traffic | ✅ Yes                   | ❌ No (apps must cooperate) | 🚧            |
 
-## Installation
-
-### Prerequisites
+## Prerequisites
 
-#### Linux
+### Linux
 
 - Linux kernel 3.8+ (network namespace support)
 - nftables (nft command)
 - libssl-dev (for TLS)
 - sudo access (for namespace creation)
 
-#### macOS
+### macOS
 
 - macOS 10.15+ (Catalina or later)
 - No special permissions required (runs in weak mode)
 
-### Install from source
-
-```bash
-# Clone the repository
-git clone https://github.com/yourusername/httpjail
-cd httpjail
-
-# Build with Cargo
-cargo build --release
-
-# Install to PATH
-sudo cp target/release/httpjail /usr/local/bin/
-
-# CA certificate is auto-generated on first run
-```
-
-### Install via Cargo
-
-```bash
-cargo install httpjail
-```
-
 ## Usage Examples
 
 ### Basic Usage