proc_jail 0.1.0

name: CI

on:
  push:
    branches: [main]
  pull_request:
    branches: [main]

permissions:
  contents: read

env:
  CARGO_TERM_COLOR: always

jobs:
  test:
    name: Test (${{ matrix.os }}, Rust ${{ matrix.rust }})
    runs-on: ${{ matrix.os }}
    strategy:
      fail-fast: false
      matrix:
        os: [ubuntu-latest, macos-latest]
        rust: [stable, "1.75"]  # stable + MSRV
    steps:
      - uses: actions/checkout@v4
      - uses: dtolnay/rust-toolchain@master
        with:
          toolchain: ${{ matrix.rust }}
      - uses: Swatinem/rust-cache@v2
      - name: Generate Cargo.lock
        run: cargo generate-lockfile
      - run: cargo test --features tracing

  clippy:
    name: Clippy
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: dtolnay/rust-toolchain@stable
        with:
          components: clippy
      - uses: Swatinem/rust-cache@v2
      - run: cargo clippy --features tracing -- -D warnings

  fmt:
    name: Format
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: dtolnay/rust-toolchain@stable
        with:
          components: rustfmt
      - run: cargo fmt --check

  docs:
    name: Documentation
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: dtolnay/rust-toolchain@stable
      - uses: Swatinem/rust-cache@v2
      - run: cargo doc --no-deps
        env:
          RUSTDOCFLAGS: -D warnings

  python:
    name: Python Bindings
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: dtolnay/rust-toolchain@stable
      - uses: actions/setup-python@v5
        with:
          python-version: "3.11"
      - name: Install maturin
        run: pip install maturin
      - name: Build Python wheel
        working-directory: python
        run: maturin build
      - name: Test imports
        run: |
          WHEEL=$(ls target/wheels/*.whl | head -1)
          pip install "$WHEEL"
          python -c "
          from proc_jail import (
              ProcPolicyBuilder, ProcRequest, ArgRules,
              InjectDoubleDash, RiskyBinPolicy, RiskCategory,
              PreparedCommand, Output, ProcPolicy
          )
          print('All imports OK')
          "

  python-tests:
    name: Python Tests (${{ matrix.os }})
    runs-on: ${{ matrix.os }}
    strategy:
      matrix:
        os: [ubuntu-latest, macos-latest]
    steps:
      - uses: actions/checkout@v4
      - uses: dtolnay/rust-toolchain@stable
      - uses: actions/setup-python@v5
        with:
          python-version: "3.11"
      - name: Install dependencies
        run: pip install maturin pytest
      - name: Build and install
        run: |
          cd python && maturin build
          WHEEL=$(ls ../target/wheels/*.whl | head -1)
          pip install "$WHEEL"
      - name: Run Python tests
        working-directory: python
        run: pytest tests/ -v --tb=short