pathrs 0.2.4

C-friendly API to make path resolution safer on Linux.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172

# SPDX-License-Identifier: MPL-2.0
#
# libpathrs: safe path resolution on Linux
# Copyright (C) 2019-2025 SUSE LLC
# Copyright (C) 2026 Aleksa Sarai <cyphar@cyphar.com>
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at https://mozilla.org/MPL/2.0/.

on:
  push:
    branches: [ main ]
    tags:
      - 'v*'
  pull_request:
    branches: [ main ]
  release:
    types: [ published ]
  schedule:
    - cron: '0 0 * * *'

env:
  PYTHON_DIST: ${{ github.workspace }}/.tmp/python3-pathrs-${{ github.run_id }}-${{ github.run_attempt }}

name: bindings-python

jobs:
  ruff:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v6
      - uses: astral-sh/ruff-action@v3
        with:
          args: "--version"
      - run: ruff check
      - run: ruff format --check --diff

  mypy:
    permissions:
      contents: read
      pull-requests: read
      checks: write # allow the action to annotate code
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v6
      # Set up python venv.
      - uses: actions/setup-python@v6
      - name: install mypy
        run: >-
          python3 -m pip install --user mypy
      - uses: tsuyoshicho/action-mypy@v5
        with:
          github_token: ${{ secrets.github_token }}
          reporter: github-check
          workdir: contrib/bindings/python/pathrs
          fail_on_error: true

  build-pyproject:
    strategy:
      fail-fast: false
      matrix:
        python-version: ["3.9", "3.10", "3.11", "3.12", "3.13", "3.x"]
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v6
      # Build and install libpathrs.so.
      - uses: dtolnay/rust-toolchain@stable
      - name: build libpathrs
        run: make release
      - name: install libpathrs
        run: sudo ./install.sh --libdir=/usr/lib
      # Set up python venv.
      - uses: actions/setup-python@v6
        with:
          python-version: ${{ matrix.python-version }}
      - name: install pypa/build
        run: >-
          python3 -m pip install --user build twine
      # Build and install our bindings.
      - name: build python-pathrs bindings
        run: make -C contrib/bindings/python dist
      - run: twine check contrib/bindings/python/dist/*
      - name: install python-pathrs bindings
        run: make -C contrib/bindings/python install
      # Verify that the crate and python bindings have the same version.
      # TODO: Move this to a "make check" we can run locally as well.
      - name: check crate and python binding versions match
        run: |
          CRATE_VERSION="$(cargo metadata --no-deps --format-version=1 | jq -rM '.packages[] | select(.name == "pathrs") | "\(.name)-\(.version)"')"
          PY_VERSION="$(python3 -c 'import importlib.metadata; print("pathrs-" + importlib.metadata.version("pathrs"))')"

          echo "rust crate version: $CRATE_VERSION";
          echo "python module version: $PY_VERSION";

          [[ "$CRATE_VERSION" == "$PY_VERSION" ]] || exit 1
      # Include the dist/ in our artefacts.
      - name: upload python-pathrs bindings dist/
        uses: actions/upload-artifact@v7
        with:
          name: python-${{ matrix.python-version }}-pathrs-dist
          path: contrib/bindings/python/dist/

  smoke-test:
    strategy:
      fail-fast: false
      matrix:
        python-version: ["3.9", "3.10", "3.11", "3.12", "3.13", "3.x"]
    needs:
      - build-pyproject
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v6
      # Build and install libpathrs.so.
      - uses: dtolnay/rust-toolchain@stable
      - name: build libpathrs
        run: make release
      - name: install libpathrs
        run: sudo ./install.sh --libdir=/usr/lib
      # Set up python venv.
      - uses: actions/setup-python@v6
        with:
          python-version: ${{ matrix.python-version }}
      # Download the pre-built python dist.
      - name: download built python-pathrs
        uses: actions/download-artifact@v8
        with:
          name: python-${{ matrix.python-version }}-pathrs-dist
          path: ${{ env.PYTHON_DIST }}
      - name: install python-pathrs
        run: |-
          python3 -m pip install ${{ env.PYTHON_DIST }}/*.whl
      # Run smoke-tests.
      - run: make -C examples/python smoke-test

  python-complete:
    needs:
      - ruff
      - mypy
      - build-pyproject
      - smoke-test
    runs-on: ubuntu-latest
    steps:
      - run: echo "Python CI jobs completed successfully."

  # TODO: Should we move this to a separate workflow?
  release-pypi:
    if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v')
    needs:
      - build-pyproject
      - python-complete
    runs-on: ubuntu-latest
    environment:
      name: release-pypi
      url: "https://pypi.org/p/pathrs"
    permissions:
      id-token: write
    steps:
      - name: download built python-pathrs
        uses: actions/download-artifact@v8
        with:
          name: python-3.x-pathrs-dist
          path: ${{ env.PYTHON_DIST }}
      # PyPI doesn't let us upload our native wheel because we aren't building
      # using the restrictive manylinux set of libraries (because we depend on
      # libpathrs.so).
      - name: remove wheel from python-pathrs
        run: rm -fv ${{ env.PYTHON_DIST }}/*.whl
      - name: upload python-pathrs to pypi
        uses: pypa/gh-action-pypi-publish@release/v1
        with:
          packages-dir: ${{ env.PYTHON_DIST }}