Bump v1.0.6 #11
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release Phantom-WG Modern | |
| on: | |
| push: | |
| tags: | |
| - 'release-v*' | |
| permissions: | |
| contents: read | |
| actions: read | |
| jobs: | |
| # ── Run all tests via reusable workflow ────────────────────────── | |
| tests: | |
| name: Tests | |
| uses: ./.github/workflows/test-phantom-daemon.yml | |
| permissions: | |
| contents: read | |
| actions: read | |
| # ── Build, push to main, create release ───────────────────────── | |
| release: | |
| name: Package & Release | |
| needs: [tests] | |
| runs-on: ubuntu-latest | |
| if: success() | |
| permissions: | |
| contents: write | |
| steps: | |
| - name: Harden runner | |
| uses: step-security/harden-runner@58077d3c7e43986b6b15fba718e8ea69e387dfcc # v2.15.1 | |
| with: | |
| egress-policy: audit | |
| - name: Checkout | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| fetch-depth: 0 | |
| persist-credentials: false | |
| token: ${{ secrets.RELEASE_TOKEN }} | |
| - name: Extract version from tag | |
| id: version | |
| run: | | |
| TAG="${GITHUB_REF#refs/tags/release-v}" | |
| echo "number=${TAG}" >> "$GITHUB_OUTPUT" | |
| - name: Set up Node | |
| uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 | |
| with: | |
| node-version: '24' | |
| cache: '' | |
| - name: Install SPA dependencies | |
| run: npm ci | |
| working-directory: services/react-spa | |
| - name: Build SPA | |
| run: npm run build | |
| working-directory: services/react-spa | |
| - name: Run packager | |
| run: python3 tools/lib/helpers/packager.py --clean | |
| - name: Stash packager output | |
| run: | | |
| cp -r dist/phantom-wg-modern /tmp/phantom-release | |
| echo "Stashed to /tmp/phantom-release" | |
| ls -la /tmp/phantom-release/ | |
| - name: Push to main | |
| env: | |
| VERSION: ${{ steps.version.outputs.number }} | |
| RELEASE_TOKEN: ${{ secrets.RELEASE_TOKEN }} | |
| run: | | |
| git config user.name "github-actions[bot]" | |
| git config user.email "github-actions[bot]@users.noreply.github.com" | |
| # Configure remote with token (persist-credentials: false) | |
| git remote set-url origin "https://x-access-token:${RELEASE_TOKEN}@github.com/${GITHUB_REPOSITORY}.git" | |
| # Checkout main (create orphan if not exists) | |
| git checkout main 2>/dev/null || git checkout --orphan main | |
| # Preserve docs and assets already on main | |
| mkdir -p /tmp/main-preserve | |
| for item in *.md assets/; do | |
| [ -e "$item" ] && cp -r "$item" /tmp/main-preserve/ | |
| done | |
| # Remove everything except .git | |
| git rm -rf . 2>/dev/null || true | |
| git clean -fd 2>/dev/null || true | |
| # Copy from stash | |
| cp -r /tmp/phantom-release/* . | |
| cp /tmp/phantom-release/.env.* . 2>/dev/null || true | |
| # Restore preserved docs and assets | |
| cp -r /tmp/main-preserve/* . 2>/dev/null || true | |
| rm -rf /tmp/main-preserve | |
| # Stage all | |
| git add -A | |
| # Commit and tag | |
| git commit -m "Release: Phantom-WG Modern v${VERSION}" | |
| git tag "v${VERSION}" | |
| # Push | |
| git push origin main --force-with-lease | |
| git push origin "v${VERSION}" | |
| - name: Create release archive | |
| env: | |
| VERSION: ${{ steps.version.outputs.number }} | |
| run: | | |
| cd /tmp | |
| mv phantom-release phantom-wg-modern | |
| zip -r "${GITHUB_WORKSPACE}/phantom-wg-modern-v${VERSION}.zip" phantom-wg-modern/ | |
| echo "Archive created:" | |
| ls -lh "${GITHUB_WORKSPACE}/phantom-wg-modern-v${VERSION}.zip" | |
| - name: Create GitHub Release | |
| uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v1 | |
| with: | |
| tag_name: v${{ steps.version.outputs.number }} | |
| name: Phantom-WG Modern v${{ steps.version.outputs.number }} | |
| body: | | |
| ## Phantom-WG Modern v${{ steps.version.outputs.number }} | |
| ### Quick Start | |
| **Option 1 — Git (recommended):** | |
| ```bash | |
| curl -sSL get.phantom.tc | bash | |
| ``` | |
| **Option 2 — Download:** | |
| ```bash | |
| unzip phantom-wg-modern-v${{ steps.version.outputs.number }}.zip | |
| cd phantom-wg-modern | |
| ``` | |
| **Setup:** | |
| ```bash | |
| ./tools/prod.sh setup | |
| nano .env.daemon # set WIREGUARD_ENDPOINT_V4 | |
| ./tools/prod.sh up | |
| ``` | |
| - Dashboard: `https://<server-ip>` | |
| - WireGuard: UDP port `51820` | |
| - Documentation: https://www.phantom.tc/docs | |
| See `SETUP` for full guide. | |
| files: | | |
| phantom-wg-modern-v${{ steps.version.outputs.number }}.zip | |
| draft: false | |
| prerelease: false | |
| generate_release_notes: false |