sshbind 0.1.0

SSHBind is a Rust library that securely binds remote services behind multiple SSH jump hosts to a local socket, enabling seamless access with encrypted credential management, TOTP-based two-factor authentication, and automatic reconnection.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142

name: CI

on:
  push:
    branches: [ main ]
  pull_request:
    branches: [ main ]

concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true

jobs:
  # Build the main package once and cache it
  build:
    name: "Build Package"
    runs-on: ${{ matrix.os }}
    strategy:
      matrix:
        os: [ubuntu-latest]
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Install Nix
        uses: DeterminateSystems/nix-installer-action@main
        with:
          extra-conf: |
            system-features = nixos-test benchmark big-parallel kvm

      - name: Setup Magic Nix Cache
        uses: DeterminateSystems/magic-nix-cache-action@main

      - name: Build sshbind package
        run: nix build -L --show-trace

      - name: Build static checks (pre-build for integration tests)
        run: |
          # Determine the system based on OS
          if [ "${{ matrix.os }}" = "ubuntu-latest" ]; then
            SYSTEM="x86_64-linux"
          else
            SYSTEM="aarch64-darwin"
          fi

          # Build common dependencies that integration tests need
          nix build .#checks.$SYSTEM.sshbind -L --show-trace
          nix build .#checks.$SYSTEM.sshbind-clippy -L --show-trace
          nix build .#checks.$SYSTEM.sshbind-fmt -L --show-trace

  # Quick static checks
  static-checks:
    name: "${{ matrix.check }} on ${{ matrix.os }}"
    runs-on: ${{ matrix.os }}
    needs: build
    strategy:
      matrix:
        os: [ubuntu-latest]
        check: [sshbind-audit, sshbind-deny, sshbind-doc, pre-commit-check]
      fail-fast: false
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Install Nix
        uses: DeterminateSystems/nix-installer-action@main

      - name: Setup Magic Nix Cache
        uses: DeterminateSystems/magic-nix-cache-action@main

      - name: Run Check - ${{ matrix.check }}
        run: |
          # Determine the system based on OS
          if [ "${{ matrix.os }}" = "ubuntu-latest" ]; then
            SYSTEM="x86_64-linux"
          else
            SYSTEM="aarch64-darwin"
          fi

          echo "Running check on system: $SYSTEM"
          nix build .#checks.$SYSTEM.${{ matrix.check }} -L --show-trace

  # NixOS integration tests - depend on build to reuse cached binary
  nixos-integration-tests:
    name: "NixOS Integration Test - ${{ matrix.test }} on ${{ matrix.os }}"
    runs-on: ${{ matrix.os }}
    needs: build
    strategy:
      matrix:
        os: [ubuntu-latest]
        test: [simple, cli, performance]
      fail-fast: false
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Install Nix
        uses: DeterminateSystems/nix-installer-action@main
        with:
          extra-conf: |
            system-features = nixos-test benchmark big-parallel kvm

      - name: Setup Magic Nix Cache
        uses: DeterminateSystems/magic-nix-cache-action@main

      - name: Run NixOS Integration Test - ${{ matrix.test }}
        run: |
          # Determine the system based on OS
          if [ "${{ matrix.os }}" = "ubuntu-latest" ]; then
            SYSTEM="x86_64-linux"
          else
            SYSTEM="aarch64-darwin"
          fi

          echo "Running test on system: $SYSTEM"
          # The binary should already be cached from the build job
          nix build .#checks.$SYSTEM.${{ matrix.test }} -L --show-trace

  # Overall flake check (runs everything but benefits from cached builds)
  flake-check:
    name: "Flake Check"
    runs-on: ${{ matrix.os }}
    needs: [build, static-checks, nixos-integration-tests]
    strategy:
      matrix:
        os: [ubuntu-latest]
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Install Nix
        uses: DeterminateSystems/nix-installer-action@main
        with:
          extra-conf: |
            system-features = nixos-test benchmark big-parallel kvm

      - name: Setup Magic Nix Cache
        uses: DeterminateSystems/magic-nix-cache-action@main

      # This should be very fast since everything is already cached
      - name: Run flake check (should use cached builds)
        run: nix flake check -L --show-trace