diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index a9073548..e3d914b6 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -1,309 +1,455 @@ name: "Build app and create release" on: push: - tags: - - v*.*.* - + branches: + - apt_repository + # tags: + # - v*.*.* jobs: - build-wireguard-go: - strategy: - fail-fast: false - matrix: - architecture: [arm64, amd64] - runs-on: [self-hosted, macOS] - steps: - - uses: actions/checkout@v5 - with: - repository: WireGuard/wireguard-go - ref: master - fetch-depth: 0 - - name: Set up Go - uses: actions/setup-go@v5 - with: - go-version: "1.24" - - name: Build wireguard-go binary - run: make - env: - GOOS: darwin - GOARCH: ${{ matrix.architecture }} - - name: Upload binary artifact arm64 - if: matrix.architecture == 'arm64' - uses: actions/upload-artifact@v4 - with: - name: wireguard-go-aarch64-apple-darwin - path: wireguard-go - - name: Upload binary artifact amd64 - if: matrix.architecture == 'amd64' - uses: actions/upload-artifact@v4 - with: - name: wireguard-go-x86_64-apple-darwin - path: wireguard-go + # build-wireguard-go: + # strategy: + # fail-fast: false + # matrix: + # architecture: [arm64, amd64] + # runs-on: [self-hosted, macOS] + # steps: + # - uses: actions/checkout@v5 + # with: + # repository: WireGuard/wireguard-go + # ref: master + # fetch-depth: 0 + # - name: Set up Go + # uses: actions/setup-go@v5 + # with: + # go-version: "1.24" + # - name: Build wireguard-go binary + # run: make + # env: + # GOOS: darwin + # GOARCH: ${{ matrix.architecture }} + # - name: Upload binary artifact arm64 + # if: matrix.architecture == 'arm64' + # uses: actions/upload-artifact@v4 + # with: + # name: wireguard-go-aarch64-apple-darwin + # path: wireguard-go + # - name: Upload binary artifact amd64 + # if: matrix.architecture == 'amd64' + # uses: actions/upload-artifact@v4 + # with: + # name: wireguard-go-x86_64-apple-darwin + # path: wireguard-go - create-release: - name: create-release - runs-on: self-hosted - outputs: - upload_url: ${{ steps.release.outputs.upload_url }} - steps: - - name: Create GitHub release - id: release - uses: softprops/action-gh-release@v2 - with: - draft: true - generate_release_notes: true + # create-release: + # name: create-release + # runs-on: self-hosted + # outputs: + # upload_url: ${{ steps.release.outputs.upload_url }} + # steps: + # - name: Create GitHub release + # id: release + # uses: softprops/action-gh-release@v2 + # with: + # draft: true + # generate_release_notes: true - create-sbom: - needs: [create-release] - uses: ./.github/workflows/sbom.yml - with: - upload_url: ${{ needs.create-release.outputs.upload_url }} + # # create-sbom: + # # needs: [create-release] + # # uses: ./.github/workflows/sbom.yml + # # with: + # # upload_url: ${{ needs.create-release.outputs.upload_url }} + # ubuntu-22-04-build: + # needs: + # - create-release + # runs-on: + # - self-hosted + # - Linux + # - ${{ matrix.architecture }} + # strategy: + # fail-fast: false + # matrix: + # architecture: [ARM64, X64] + # include: + # - architecture: ARM64 + # deb_arch: arm64 + # binary_arch: aarch64 + # - architecture: X64 + # deb_arch: amd64 + # binary_arch: x86_64 + # container: + # image: ubuntu:22.04 + # env: + # DEBIAN_FRONTEND: noninteractive + # HOME: /root + # RUSTUP_HOME: /root/.rustup + # CARGO_HOME: /root/.cargo + # steps: + # - name: git install + # run: | + # apt-get update + # apt-get install -y git curl ca-certificates + # git config --global --add safe.directory '*' + # - uses: actions/checkout@v5 + # with: + # submodules: "recursive" + # - uses: pnpm/action-setup@v4 + # with: + # version: 10.17 + # run_install: false + # - uses: actions/setup-node@v5 + # with: + # node-version: "24" + # - name: Get pnpm store directory + # run: | + # echo "STORE_PATH=$(pnpm store path --silent)" >> ${GITHUB_ENV} + # # - name: Write release version + # # run: | + # # VERSION=$(echo ${GITHUB_REF_NAME#v} | cut -d '-' -f1) + # # echo Version: $VERSION + # # echo "VERSION=$VERSION" >> ${GITHUB_ENV} + # - name: Write release version + # run: | + # VERSION=$(echo ${GITHUB_REF_NAME#v} | cut -d '-' -f1) + # echo Version: $VERSION + # echo "VERSION=1.5.2" >> ${GITHUB_ENV} + # - uses: actions/cache@v4 + # name: Setup pnpm cache + # with: + # path: ${{ env.STORE_PATH }} + # key: ${{ runner.os }}-pnpm-build-store-${{ hashFiles('**/pnpm-lock.yaml') }} + # restore-keys: | + # ${{ runner.os }}-pnpm-build-store- + # - name: Install Node dependencies + # run: pnpm install --frozen-lockfile + # - uses: dtolnay/rust-toolchain@stable + # - name: Install dependencies + # run: | + # apt-get install -y build-essential libgtk-3-dev libwebkit2gtk-4.1-dev libayatana-appindicator3-dev librsvg2-dev patchelf libssl-dev libxdo-dev unzip protobuf-compiler libprotobuf-dev rpm ruby + # export PATH="/srv/github/defguard/.local/share/gem/ruby/3.3.0/bin:$PATH" + # gem install deb-s3 + # - name: Build packages + # uses: tauri-apps/tauri-action@v0 + # env: + # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + # with: + # args: "--bundles deb" + # - name: Upload DEB + # uses: actions/upload-release-asset@v1 + # env: + # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + # with: + # upload_url: ${{ needs.create-release.outputs.upload_url }} + # asset_path: src-tauri/target/release/bundle/deb/defguard-client_${{ env.VERSION }}_${{ matrix.deb_arch }}.deb + # asset_name: defguard-client_${{ env.VERSION }}_${{ matrix.deb_arch }}_ubuntu-22-04-lts.deb + # asset_content_type: application/octet-stream + # - name: Upload DEB to apt repository on s3 + # run: | + # export PATH="/srv/github/defguard/.local/share/gem/ruby/3.3.0/bin:$PATH" + # COMPONENT=$([[ "${{ github.ref_name }}" == *"-"* ]] && echo "pre-release" || echo "release") # if tag contain "-" assume it's pre-release. - build-linux: - needs: - - create-release + # deb-s3 upload -l --bucket=apt.defguard.net --access-key-id=${{ secrets.AWS_ACCESS_KEY }} --secret-access-key=${{ secrets.AWS_SECRET_KEY }} --s3-region=eu-north-1 --no-fail-if-exists --codename=bookworm --component="$COMPONENT" src-tauri/target/release/bundle/deb/defguard-client_${{ env.VERSION }}_${{ matrix.deb_arch }}.deb + + apt-sign: + # needs: + # - ubuntu-22-04-build + # - build-linux runs-on: - self-hosted - Linux - - ${{ matrix.architecture }} + - X64 strategy: fail-fast: false - matrix: - architecture: [ARM64, X64] - include: - - architecture: ARM64 - deb_arch: arm64 - binary_arch: aarch64 - - architecture: X64 - deb_arch: amd64 - binary_arch: x86_64 steps: - - uses: actions/checkout@v5 - with: - submodules: "recursive" - - name: Write release version - run: | - VERSION=$(echo ${GITHUB_REF_NAME#v} | cut -d '-' -f1) - echo Version: $VERSION - echo "VERSION=$VERSION" >> ${GITHUB_ENV} - - uses: actions/setup-node@v4 - with: - node-version: "22" - - uses: pnpm/action-setup@v4 - with: - version: 10 - run_install: false - - name: Get pnpm store directory - shell: bash + - name: Sign APT repository on trixie run: | - echo "STORE_PATH=$(pnpm store path --silent)" >> ${GITHUB_ENV} - - uses: actions/cache@v4 - name: Setup pnpm cache - with: - path: ${{ env.STORE_PATH }} - key: ${{ runner.os }}-pnpm-build-store-${{ hashFiles('**/pnpm-lock.yaml') }} - restore-keys: | - ${{ runner.os }}-pnpm-build-store- - - name: Install Node dependencies - run: pnpm install --frozen-lockfile - - uses: dtolnay/rust-toolchain@stable - - name: Install Linux dependencies - run: | - sudo apt-get update - sudo apt-get install -y libgtk-3-dev libwebkit2gtk-4.1-dev libayatana-appindicator3-dev librsvg2-dev patchelf libssl-dev libxdo-dev unzip protobuf-compiler libprotobuf-dev rpm - - name: Build packages - uses: tauri-apps/tauri-action@v0 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - args: "--bundles deb,rpm" - - name: Upload RPM - uses: actions/upload-release-asset@v1 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - upload_url: ${{ needs.create-release.outputs.upload_url }} - asset_path: src-tauri/target/release/bundle/rpm/defguard-client-${{ env.VERSION }}-1.${{ matrix.binary_arch }}.rpm - asset_name: defguard-client-${{ env.VERSION }}-1.${{ matrix.binary_arch }}.rpm - asset_content_type: application/octet-stream - - name: Upload DEB - uses: actions/upload-release-asset@v1 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - upload_url: ${{ needs.create-release.outputs.upload_url }} - asset_path: src-tauri/target/release/bundle/deb/defguard-client_${{ env.VERSION }}_${{ matrix.deb_arch }}.deb - asset_name: defguard-client_${{ env.VERSION }}_${{ matrix.deb_arch }}.deb - asset_content_type: application/octet-stream - - name: Rename client binary - run: mv src-tauri/target/release/defguard-client defguard-client-linux-${{ matrix.binary_arch }}-${{ github.ref_name }} - - name: Tar client binary - uses: a7ul/tar-action@v1.2.0 - with: - command: c - files: | - defguard-client-linux-${{ matrix.binary_arch }}-${{ github.ref_name }} - outPath: defguard-client-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.tar.gz - - name: Upload client archive - uses: actions/upload-release-asset@v1 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - upload_url: ${{ needs.create-release.outputs.upload_url }} - asset_path: defguard-client-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.tar.gz - asset_name: defguard-client-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.tar.gz - asset_content_type: application/octet-stream - - name: Rename daemon binary - run: mv src-tauri/target/release/defguard-service defguard-service-linux-${{ matrix.binary_arch }}-${{ github.ref_name }} - - name: Tar daemon binary - uses: a7ul/tar-action@v1.2.0 - with: - command: c - files: | - defguard-service-linux-${{ matrix.binary_arch }}-${{ github.ref_name }} - outPath: defguard-service-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.tar.gz - - name: Upload daemon archive - uses: actions/upload-release-asset@v1 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - upload_url: ${{ needs.create-release.outputs.upload_url }} - asset_path: defguard-service-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.tar.gz - asset_name: defguard-service-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.tar.gz - asset_content_type: application/octet-stream + export AWS_ACCESS_KEY_ID=${{ secrets.AWS_ACCESS_KEY }} + export AWS_SECRET_ACCESS_KEY=${{ secrets.AWS_SECRET_KEY }} + export AWS_REGION=eu-north-1 + sudo apt update -y + sudo apt install -y awscli curl jq - - name: Rename dg binary - run: mv src-tauri/target/release/dg dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }} - - name: Tar dg binary - uses: a7ul/tar-action@v1.2.0 - with: - command: c - files: | - dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }} - outPath: dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.tar.gz - - name: Upload dg archive - uses: actions/upload-release-asset@v1 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - upload_url: ${{ needs.create-release.outputs.upload_url }} - asset_path: dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.tar.gz - asset_name: dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.tar.gz - asset_content_type: application/octet-stream - - name: Build dg deb - uses: defGuard/fpm-action@main - with: - fpm_args: "dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}=/usr/sbin/dg dg.service=/usr/lib/systemd/system/dg.service src-tauri/cli/.env=/etc/defguard/dg.conf" - fpm_opts: "--architecture ${{ matrix.binary_arch }} --debug --output-type deb --version ${{ env.VERSION }} --package dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.deb" - - name: Upload DEB - uses: actions/upload-release-asset@v1.0.2 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - upload_url: ${{ needs.create-release.outputs.upload_url }} - asset_path: dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.deb - asset_name: dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.deb - asset_content_type: application/octet-stream - - name: Build dg rpm - uses: defGuard/fpm-action@main - with: - fpm_args: "dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}=/usr/sbin/dg dg.service=/usr/lib/systemd/system/dg.service src-tauri/cli/.env=/etc/defguard/dg.conf" - fpm_opts: "--architecture ${{ matrix.binary_arch }} --debug --output-type rpm --version ${{ env.VERSION }} --package dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.rpm" - - name: Upload RPM - uses: actions/upload-release-asset@v1.0.2 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - upload_url: ${{ needs.create-release.outputs.upload_url }} - asset_path: dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.rpm - asset_name: dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.rpm - asset_content_type: application/octet-stream + #For trixie + aws s3 cp s3://apt.defguard.net/dists/trixie/Release . + curl -X POST "${{ secrets.DEFGUARD_SIGNING_URL }}?signature_type=both" \ + -H "Authorization: Bearer ${{ secrets.DEFGUARD_SIGNING_API_KEY }}" \ + -F "file=@Release" \ + -o response.json + cat response.json | jq -r '.files["Release.gpg"].content' | base64 --decode > Release.gpg + cat response.json | jq -r '.files.Release.content' | base64 --decode > InRelease + aws s3 cp Release.gpg s3://apt.defguard.net/dists/trixie/ --acl public-read + aws s3 cp InRelease s3://apt.defguard.net/dists/trixie/ --acl public-read - build-macos: - needs: - - create-release - - build-wireguard-go - strategy: - fail-fast: false - matrix: - target: [aarch64-apple-darwin, x86_64-apple-darwin] - runs-on: - - self-hosted - - macOS - env: - APPLE_SIGNING_IDENTITY_APPLICATION: "Developer ID Application: defguard sp. z o.o. (82GZ7KN29J)" - APPLE_SIGNING_IDENTITY_INSTALLER: "Developer ID Installer: defguard sp. z o.o. (82GZ7KN29J)" - APPLE_ID: "kamil@defguard.net" - APPLE_TEAM_ID: "82GZ7KN29J" - steps: - - uses: actions/checkout@v5 - with: - submodules: "recursive" - - name: Write release version - run: | - VERSION=$(echo ${GITHUB_REF_NAME#v} | cut -d '-' -f1) - echo Version: $VERSION - echo "VERSION=$VERSION" >> ${GITHUB_ENV} - - uses: actions/setup-node@v4 - with: - node-version: "22" - - uses: pnpm/action-setup@v4 - with: - version: 10 - run_install: false - - name: Get pnpm store directory - shell: bash - run: echo "STORE_PATH=$(pnpm store path --silent)" >> ${GITHUB_ENV} - - uses: actions/cache@v4 - name: Setup pnpm cache - with: - path: ${{ env.STORE_PATH }} - key: ${{ runner.os }}-pnpm-build-store-${{ hashFiles('**/pnpm-lock.yaml') }} - restore-keys: | - ${{ runner.os }}-pnpm-build-store- - - name: Install deps - run: pnpm install --frozen-lockfile - - uses: dtolnay/rust-toolchain@stable - - name: Install protobuf compiler - run: brew install protobuf - - name: Install ARM target - run: rustup target add aarch64-apple-darwin - - name: Download wireguard-go binary - uses: actions/download-artifact@v4 - with: - name: wireguard-go-${{ matrix.target }} - path: src-tauri/resources-macos/binaries - - name: Rename wireguard-go binary - run: | - ls -l src-tauri/resources-macos/binaries - mv src-tauri/resources-macos/binaries/wireguard-go src-tauri/resources-macos/binaries/wireguard-go-${{ matrix.target }} - - name: Unlock keychain - run: security -v unlock-keychain -p "${{ secrets.KEYCHAIN_PASSWORD }}" /Users/admin/Library/Keychains/login.keychain - - name: Build app - uses: tauri-apps/tauri-action@v0 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - APPLE_SIGNING_IDENTITY: ${{ env.APPLE_SIGNING_IDENTITY_APPLICATION }} - APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }} - APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }} - APPLE_ID: ${{ env.APPLE_ID }} - APPLE_PASSWORD: ${{ secrets.NOTARYTOOL_APP_SPECIFIC_PASSWORD }} - APPLE_TEAM_ID: ${{ env.APPLE_TEAM_ID }} - with: - args: --target ${{ matrix.target }} -v - - name: Build installation package - run: | - bash build-macos-package.sh src-tauri/target/${{ matrix.target }} src-tauri/resources-macos/scripts '${{ env.APPLE_SIGNING_IDENTITY_INSTALLER }}' /Users/admin/Library/Keychains/login.keychain - xcrun notarytool submit --wait --apple-id ${{ env.APPLE_ID }} --password ${{ secrets.NOTARYTOOL_APP_SPECIFIC_PASSWORD }} --team-id ${{ env.APPLE_TEAM_ID }} src-tauri/target/${{ matrix.target }}/product-signed/defguard.pkg - xcrun stapler staple src-tauri/target/${{ matrix.target }}/product-signed/defguard.pkg - - name: Upload installation package - uses: actions/upload-release-asset@v1 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - upload_url: ${{ needs.create-release.outputs.upload_url }} - asset_path: src-tauri/target/${{ matrix.target }}/product-signed/defguard.pkg - asset_name: defguard-${{ matrix.target }}-${{ env.VERSION }}.pkg - asset_content_type: application/octet-stream + #For bookworm + aws s3 cp s3://apt.defguard.net/dists/bookworm/Release . + curl -X POST "${{ secrets.DEFGUARD_SIGNING_URL }}?signature_type=both" \ + -H "Authorization: Bearer ${{ secrets.DEFGUARD_SIGNING_API_KEY }}" \ + -F "file=@Release" \ + -o response.json + cat response.json | jq -r '.files["Release.gpg"].content' | base64 --decode > Release.gpg + cat response.json | jq -r '.files.Release.content' | base64 --decode > InRelease + aws s3 cp Release.gpg s3://apt.defguard.net/dists/bookworm/ --acl public-read + aws s3 cp InRelease s3://apt.defguard.net/dists/bookworm/ --acl public-read + + # build-linux: + # needs: + # - create-release + # runs-on: + # - self-hosted + # - Linux + # - ${{ matrix.architecture }} + # strategy: + # fail-fast: false + # matrix: + # architecture: [ARM64, X64] + # include: + # - architecture: ARM64 + # deb_arch: arm64 + # binary_arch: aarch64 + # - architecture: X64 + # deb_arch: amd64 + # binary_arch: x86_64 + # steps: + # - uses: actions/checkout@v5 + # with: + # submodules: "recursive" + # # - name: Write release version + # # run: | + # # VERSION=$(echo ${GITHUB_REF_NAME#v} | cut -d '-' -f1) + # # echo Version: $VERSION + # # echo "VERSION=$VERSION" >> ${GITHUB_ENV} + # - name: Write release version + # run: | + # VERSION=$(echo ${GITHUB_REF_NAME#v} | cut -d '-' -f1) + # echo Version: $VERSION + # echo "VERSION=1.5.2" >> ${GITHUB_ENV} + # - uses: actions/setup-node@v5 + # with: + # node-version: "24" + # - uses: pnpm/action-setup@v4 + # with: + # version: 10.17 + # run_install: false + # - name: Get pnpm store directory + # shell: bash + # run: | + # echo "STORE_PATH=$(pnpm store path --silent)" >> ${GITHUB_ENV} + # - uses: actions/cache@v4 + # name: Setup pnpm cache + # with: + # path: ${{ env.STORE_PATH }} + # key: ${{ runner.os }}-pnpm-build-store-${{ hashFiles('**/pnpm-lock.yaml') }} + # restore-keys: | + # ${{ runner.os }}-pnpm-build-store- + # - name: Install Node dependencies + # run: pnpm install --frozen-lockfile + # - uses: dtolnay/rust-toolchain@stable + # - name: Install Linux dependencies + # run: | + # sudo apt-get update + # sudo apt-get install -y libgtk-3-dev libwebkit2gtk-4.1-dev libayatana-appindicator3-dev librsvg2-dev patchelf libssl-dev libxdo-dev unzip protobuf-compiler libprotobuf-dev rpm ruby + # export PATH="/srv/github/defguard/.local/share/gem/ruby/3.3.0/bin:$PATH" + # gem install deb-s3 + # - name: Build packages + # uses: tauri-apps/tauri-action@v0 + # env: + # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + # with: + # args: "--bundles deb" #,rpm" + # # - name: Upload RPM + # # uses: actions/upload-release-asset@v1 + # # env: + # # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + # # with: + # # upload_url: ${{ needs.create-release.outputs.upload_url }} + # # asset_path: src-tauri/target/release/bundle/rpm/defguard-client-${{ env.VERSION }}-1.${{ matrix.binary_arch }}.rpm + # # asset_name: defguard-client-${{ env.VERSION }}-1.${{ matrix.binary_arch }}.rpm + # # asset_content_type: application/octet-stream + # - name: Upload DEB + # uses: actions/upload-release-asset@v1 + # env: + # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + # with: + # upload_url: ${{ needs.create-release.outputs.upload_url }} + # asset_path: src-tauri/target/release/bundle/deb/defguard-client_${{ env.VERSION }}_${{ matrix.deb_arch }}.deb + # asset_name: defguard-client_${{ env.VERSION }}_${{ matrix.deb_arch }}.deb + # asset_content_type: application/octet-stream + # - name: Upload DEB to apt repository on s3 + # run: | + # export PATH="/srv/github/defguard/.local/share/gem/ruby/3.3.0/bin:$PATH" + # COMPONENT=$([[ "${{ github.ref_name }}" == *"-"* ]] && echo "pre-release" || echo "release") # if tag contain "-" assume it's pre-release. + + # deb-s3 upload -l --bucket=apt.defguard.net --access-key-id=${{ secrets.AWS_ACCESS_KEY }} --secret-access-key=${{ secrets.AWS_SECRET_KEY }} --s3-region=eu-north-1 --no-fail-if-exists --codename=trixie --component="$COMPONENT" src-tauri/target/release/bundle/deb/defguard-client_${{ env.VERSION }}_${{ matrix.deb_arch }}.deb + + # # - name: Rename client binary + # # run: mv src-tauri/target/release/defguard-client defguard-client-linux-${{ matrix.binary_arch }}-${{ github.ref_name }} + # # - name: Tar client binary + # # uses: a7ul/tar-action@v1.2.0 + # # with: + # # command: c + # # files: | + # # defguard-client-linux-${{ matrix.binary_arch }}-${{ github.ref_name }} + # # outPath: defguard-client-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.tar.gz + # # - name: Upload client archive + # # uses: actions/upload-release-asset@v1 + # # env: + # # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + # # with: + # # upload_url: ${{ needs.create-release.outputs.upload_url }} + # # asset_path: defguard-client-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.tar.gz + # # asset_name: defguard-client-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.tar.gz + # # asset_content_type: application/octet-stream + # # - name: Rename daemon binary + # # run: mv src-tauri/target/release/defguard-service defguard-service-linux-${{ matrix.binary_arch }}-${{ github.ref_name }} + # # - name: Tar daemon binary + # # uses: a7ul/tar-action@v1.2.0 + # # with: + # # command: c + # # files: | + # # defguard-service-linux-${{ matrix.binary_arch }}-${{ github.ref_name }} + # # outPath: defguard-service-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.tar.gz + # # - name: Upload daemon archive + # # uses: actions/upload-release-asset@v1 + # # env: + # # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + # # with: + # # upload_url: ${{ needs.create-release.outputs.upload_url }} + # # asset_path: defguard-service-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.tar.gz + # # asset_name: defguard-service-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.tar.gz + # # asset_content_type: application/octet-stream + + # # - name: Rename dg binary + # # run: mv src-tauri/target/release/dg dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }} + # # - name: Tar dg binary + # # uses: a7ul/tar-action@v1.2.0 + # # with: + # # command: c + # # files: | + # # dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }} + # # outPath: dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.tar.gz + # # - name: Upload dg archive + # # uses: actions/upload-release-asset@v1 + # # env: + # # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + # # with: + # # upload_url: ${{ needs.create-release.outputs.upload_url }} + # # asset_path: dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.tar.gz + # # asset_name: dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.tar.gz + # # asset_content_type: application/octet-stream + # # - name: Build dg deb + # # uses: defGuard/fpm-action@main + # # with: + # # fpm_args: "dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}=/usr/sbin/dg dg.service=/usr/lib/systemd/system/dg.service src-tauri/cli/.env=/etc/defguard/dg.conf" + # # fpm_opts: "--architecture ${{ matrix.binary_arch }} --debug --output-type deb --version ${{ env.VERSION }} --package dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.deb" + # # - name: Upload DEB + # # uses: actions/upload-release-asset@v1.0.2 + # # env: + # # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + # # with: + # # upload_url: ${{ needs.create-release.outputs.upload_url }} + # # asset_path: dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.deb + # # asset_name: dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.deb + # # asset_content_type: application/octet-stream + # # - name: Build dg rpm + # # uses: defGuard/fpm-action@main + # # with: + # # fpm_args: "dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}=/usr/sbin/dg dg.service=/usr/lib/systemd/system/dg.service src-tauri/cli/.env=/etc/defguard/dg.conf" + # # fpm_opts: "--architecture ${{ matrix.binary_arch }} --debug --output-type rpm --version ${{ env.VERSION }} --package dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.rpm" + # # - name: Upload RPM + # # uses: actions/upload-release-asset@v1.0.2 + # # env: + # # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + # # with: + # # upload_url: ${{ needs.create-release.outputs.upload_url }} + # # asset_path: dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.rpm + # # asset_name: dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.rpm + # # asset_content_type: application/octet-stream + + # build-macos: + # needs: + # - create-release + # - build-wireguard-go + # strategy: + # fail-fast: false + # matrix: + # target: [aarch64-apple-darwin, x86_64-apple-darwin] + # runs-on: + # - self-hosted + # - macOS + # env: + # APPLE_SIGNING_IDENTITY_APPLICATION: "Developer ID Application: defguard sp. z o.o. (82GZ7KN29J)" + # APPLE_SIGNING_IDENTITY_INSTALLER: "Developer ID Installer: defguard sp. z o.o. (82GZ7KN29J)" + # APPLE_ID: "kamil@defguard.net" + # APPLE_TEAM_ID: "82GZ7KN29J" + # steps: + # - uses: actions/checkout@v5 + # with: + # submodules: "recursive" + # - name: Write release version + # run: | + # VERSION=$(echo ${GITHUB_REF_NAME#v} | cut -d '-' -f1) + # echo Version: $VERSION + # echo "VERSION=$VERSION" >> ${GITHUB_ENV} + # - uses: actions/setup-node@v4 + # with: + # node-version: "22" + # - uses: pnpm/action-setup@v4 + # with: + # version: 10 + # run_install: false + # - name: Get pnpm store directory + # shell: bash + # run: echo "STORE_PATH=$(pnpm store path --silent)" >> ${GITHUB_ENV} + # - uses: actions/cache@v4 + # name: Setup pnpm cache + # with: + # path: ${{ env.STORE_PATH }} + # key: ${{ runner.os }}-pnpm-build-store-${{ hashFiles('**/pnpm-lock.yaml') }} + # restore-keys: | + # ${{ runner.os }}-pnpm-build-store- + # - name: Install deps + # run: pnpm install --frozen-lockfile + # - uses: dtolnay/rust-toolchain@stable + # - name: Install protobuf compiler + # run: brew install protobuf + # - name: Install ARM target + # run: rustup target add aarch64-apple-darwin + # - name: Download wireguard-go binary + # uses: actions/download-artifact@v4 + # with: + # name: wireguard-go-${{ matrix.target }} + # path: src-tauri/resources-macos/binaries + # - name: Rename wireguard-go binary + # run: | + # ls -l src-tauri/resources-macos/binaries + # mv src-tauri/resources-macos/binaries/wireguard-go src-tauri/resources-macos/binaries/wireguard-go-${{ matrix.target }} + # - name: Unlock keychain + # run: security -v unlock-keychain -p "${{ secrets.KEYCHAIN_PASSWORD }}" /Users/admin/Library/Keychains/login.keychain + # - name: Build app + # uses: tauri-apps/tauri-action@v0 + # env: + # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + # APPLE_SIGNING_IDENTITY: ${{ env.APPLE_SIGNING_IDENTITY_APPLICATION }} + # APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }} + # APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }} + # APPLE_ID: ${{ env.APPLE_ID }} + # APPLE_PASSWORD: ${{ secrets.NOTARYTOOL_APP_SPECIFIC_PASSWORD }} + # APPLE_TEAM_ID: ${{ env.APPLE_TEAM_ID }} + # with: + # args: --target ${{ matrix.target }} -v + # - name: Build installation package + # run: | + # bash build-macos-package.sh src-tauri/target/${{ matrix.target }} src-tauri/resources-macos/scripts '${{ env.APPLE_SIGNING_IDENTITY_INSTALLER }}' /Users/admin/Library/Keychains/login.keychain + # xcrun notarytool submit --wait --apple-id ${{ env.APPLE_ID }} --password ${{ secrets.NOTARYTOOL_APP_SPECIFIC_PASSWORD }} --team-id ${{ env.APPLE_TEAM_ID }} src-tauri/target/${{ matrix.target }}/product-signed/defguard.pkg + # xcrun stapler staple src-tauri/target/${{ matrix.target }}/product-signed/defguard.pkg + # - name: Upload installation package + # uses: actions/upload-release-asset@v1 + # env: + # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + # with: + # upload_url: ${{ needs.create-release.outputs.upload_url }} + # asset_path: src-tauri/target/${{ matrix.target }}/product-signed/defguard.pkg + # asset_name: defguard-${{ matrix.target }}-${{ env.VERSION }}.pkg + # asset_content_type: application/octet-stream # Building signed Windows bundle involves a few steps as described here: # https://wixtoolset.org/docs/tools/signing/#signing-bundles-at-the-command-line @@ -312,134 +458,134 @@ jobs: # 3. Sign the burn engine (Linux) # 4. Reattach the burn engine back to the bundle (Windows again) # 5. Sign the whole bundle (Linux) - build-windows: - needs: - - create-release - runs-on: windows-latest - steps: - - uses: actions/checkout@v5 - with: - submodules: "recursive" - - name: Write release version - run: | - $env:VERSION=echo ($env:GITHUB_REF_NAME.Substring(1) -Split "-")[0] - echo Version: $env:VERSION - echo "VERSION=$env:VERSION" >> $env:GITHUB_ENV - - uses: actions/setup-node@v4 - with: - node-version: "22" - - uses: pnpm/action-setup@v4 - with: - version: 10 - run_install: false - - name: Get pnpm store directory - shell: bash - run: echo "STORE_PATH=$(pnpm store path --silent)" >> ${GITHUB_ENV} - - uses: actions/cache@v4 - name: Setup pnpm cache - with: - path: ${{ env.STORE_PATH }} - key: ${{ runner.os }}-pnpm-build-store-${{ hashFiles('**/pnpm-lock.yaml') }} - restore-keys: | - ${{ runner.os }}-pnpm-build-store- - - name: Install deps - run: pnpm install --frozen-lockfile - - uses: dtolnay/rust-toolchain@stable - - name: Install Protoc - uses: arduino/setup-protoc@v2 - with: - repo-token: ${{ secrets.GITHUB_TOKEN }} - - name: Remove "default-run" line from Cargo.toml - run: | - Set-Content -Path ".\src-tauri\Cargo.toml" -Value (get-content -Path ".\src-tauri\Cargo.toml" | Select-String -Pattern 'default-run =' -NotMatch) - - name: Build packages - uses: tauri-apps/tauri-action@v0 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - name: Bundle application - run: | - dotnet tool install --global wix --version 4.0.5 - wix extension add WixToolset.Bal.wixext/4 - wix build .\src-tauri\resources-windows\defguard-client.wxs -ext .\.wix\extensions\WixToolset.Bal.wixext\4\wixext4\WixToolset.Bal.wixext.dll - wix burn detach .\src-tauri\resources-windows\defguard-client.exe -engine .\src-tauri\resources-windows\burnengine.exe - - name: Upload unsigned bundle and burn-engine - uses: actions/upload-artifact@v4 - with: - name: unsigned-bundle-and-burnengine - path: | - src-tauri/resources-windows/defguard-client.exe - src-tauri/resources-windows/burnengine.exe - sign-burn-engine: - needs: - - build-windows - runs-on: - - self-hosted - - Linux - - X64 - steps: - - name: Write release version - run: | - VERSION=$(echo ${GITHUB_REF_NAME#v} | cut -d '-' -f1) - echo Version: $VERSION - echo "VERSION=$VERSION" >> ${GITHUB_ENV} - - name: Download unsigned bundle & burn-engine - uses: actions/download-artifact@v4 - with: - name: unsigned-bundle-and-burnengine - - name: Sign burn-engine - run: osslsigncode sign -pkcs11module /srv/codesign/certum/sc30pkcs11-3.0.6.71-MS.so -pkcs11cert ${{ secrets.CODESIGN_KEYID }} -key ${{ secrets.CODESIGN_KEYID }} -pass ${{ secrets.CODESIGN_PIN }} -h sha256 -t http://time.certum.pl/ -in burnengine.exe -out burnengine-signed.exe - - name: Upload bundle and burn-engine artifact - uses: actions/upload-artifact@v4 - with: - name: unsigned-bundle-and-signed-burnengine - path: | - defguard-client.exe - burnengine-signed.exe - reattach-burn-engine: - needs: - - sign-burn-engine - runs-on: windows-latest - steps: - - name: Download unsigned bundle and signed burn-engine - uses: actions/download-artifact@v4 - with: - name: unsigned-bundle-and-signed-burnengine - - name: Reattach burn-engine - run: | - dotnet tool install --global wix --version 4.0.5 - wix extension add WixToolset.Bal.wixext/4 - wix burn reattach defguard-client.exe -engine burnengine-signed.exe -o defguard-client-reattached.exe - - name: Upload bundle with reattached burn-engine - uses: actions/upload-artifact@v4 - with: - name: unsigned-bundle-with-reattached-signed-burn-engine - path: defguard-client-reattached.exe - sign-bundle: - needs: - - create-release - - reattach-burn-engine - runs-on: - - self-hosted - - Linux - - X64 - steps: - - name: Write release version - run: | - VERSION=$(echo ${GITHUB_REF_NAME#v} | cut -d '-' -f1) - echo Version: $VERSION - echo "VERSION=$VERSION" >> ${GITHUB_ENV} - - name: Download unsigned bundle & signed burn-engine - uses: actions/download-artifact@v4 - with: - name: unsigned-bundle-with-reattached-signed-burn-engine - - name: Sign bundle - run: osslsigncode sign -pkcs11module /srv/codesign/certum/sc30pkcs11-3.0.6.71-MS.so -pkcs11cert ${{ secrets.CODESIGN_KEYID }} -key ${{ secrets.CODESIGN_KEYID }} -pass ${{ secrets.CODESIGN_PIN }} -h sha256 -t http://time.certum.pl/ -in defguard-client-reattached.exe -out defguard-client-signed.exe - - name: Upload installer asset - uses: actions/upload-release-asset@v1 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - upload_url: ${{ needs.create-release.outputs.upload_url }} - asset_path: defguard-client-signed.exe - asset_name: defguard-client_${{ env.VERSION }}_x64_en-US.exe - asset_content_type: application/octet-stream + # build-windows: + # needs: + # - create-release + # runs-on: windows-latest + # steps: + # - uses: actions/checkout@v5 + # with: + # submodules: "recursive" + # - name: Write release version + # run: | + # $env:VERSION=echo ($env:GITHUB_REF_NAME.Substring(1) -Split "-")[0] + # echo Version: $env:VERSION + # echo "VERSION=$env:VERSION" >> $env:GITHUB_ENV + # - uses: actions/setup-node@v4 + # with: + # node-version: "22" + # - uses: pnpm/action-setup@v4 + # with: + # version: 10 + # run_install: false + # - name: Get pnpm store directory + # shell: bash + # run: echo "STORE_PATH=$(pnpm store path --silent)" >> ${GITHUB_ENV} + # - uses: actions/cache@v4 + # name: Setup pnpm cache + # with: + # path: ${{ env.STORE_PATH }} + # key: ${{ runner.os }}-pnpm-build-store-${{ hashFiles('**/pnpm-lock.yaml') }} + # restore-keys: | + # ${{ runner.os }}-pnpm-build-store- + # - name: Install deps + # run: pnpm install --frozen-lockfile + # - uses: dtolnay/rust-toolchain@stable + # - name: Install Protoc + # uses: arduino/setup-protoc@v2 + # with: + # repo-token: ${{ secrets.GITHUB_TOKEN }} + # - name: Remove "default-run" line from Cargo.toml + # run: | + # Set-Content -Path ".\src-tauri\Cargo.toml" -Value (get-content -Path ".\src-tauri\Cargo.toml" | Select-String -Pattern 'default-run =' -NotMatch) + # - name: Build packages + # uses: tauri-apps/tauri-action@v0 + # env: + # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + # - name: Bundle application + # run: | + # dotnet tool install --global wix --version 4.0.5 + # wix extension add WixToolset.Bal.wixext/4 + # wix build .\src-tauri\resources-windows\defguard-client.wxs -ext .\.wix\extensions\WixToolset.Bal.wixext\4\wixext4\WixToolset.Bal.wixext.dll + # wix burn detach .\src-tauri\resources-windows\defguard-client.exe -engine .\src-tauri\resources-windows\burnengine.exe + # - name: Upload unsigned bundle and burn-engine + # uses: actions/upload-artifact@v4 + # with: + # name: unsigned-bundle-and-burnengine + # path: | + # src-tauri/resources-windows/defguard-client.exe + # src-tauri/resources-windows/burnengine.exe + # sign-burn-engine: + # needs: + # - build-windows + # runs-on: + # - self-hosted + # - Linux + # - X64 + # steps: + # - name: Write release version + # run: | + # VERSION=$(echo ${GITHUB_REF_NAME#v} | cut -d '-' -f1) + # echo Version: $VERSION + # echo "VERSION=$VERSION" >> ${GITHUB_ENV} + # - name: Download unsigned bundle & burn-engine + # uses: actions/download-artifact@v4 + # with: + # name: unsigned-bundle-and-burnengine + # - name: Sign burn-engine + # run: osslsigncode sign -pkcs11module /srv/codesign/certum/sc30pkcs11-3.0.6.71-MS.so -pkcs11cert ${{ secrets.CODESIGN_KEYID }} -key ${{ secrets.CODESIGN_KEYID }} -pass ${{ secrets.CODESIGN_PIN }} -h sha256 -t http://time.certum.pl/ -in burnengine.exe -out burnengine-signed.exe + # - name: Upload bundle and burn-engine artifact + # uses: actions/upload-artifact@v4 + # with: + # name: unsigned-bundle-and-signed-burnengine + # path: | + # defguard-client.exe + # burnengine-signed.exe + # reattach-burn-engine: + # needs: + # - sign-burn-engine + # runs-on: windows-latest + # steps: + # - name: Download unsigned bundle and signed burn-engine + # uses: actions/download-artifact@v4 + # with: + # name: unsigned-bundle-and-signed-burnengine + # - name: Reattach burn-engine + # run: | + # dotnet tool install --global wix --version 4.0.5 + # wix extension add WixToolset.Bal.wixext/4 + # wix burn reattach defguard-client.exe -engine burnengine-signed.exe -o defguard-client-reattached.exe + # - name: Upload bundle with reattached burn-engine + # uses: actions/upload-artifact@v4 + # with: + # name: unsigned-bundle-with-reattached-signed-burn-engine + # path: defguard-client-reattached.exe + # sign-bundle: + # needs: + # - create-release + # - reattach-burn-engine + # runs-on: + # - self-hosted + # - Linux + # - X64 + # steps: + # - name: Write release version + # run: | + # VERSION=$(echo ${GITHUB_REF_NAME#v} | cut -d '-' -f1) + # echo Version: $VERSION + # echo "VERSION=$VERSION" >> ${GITHUB_ENV} + # - name: Download unsigned bundle & signed burn-engine + # uses: actions/download-artifact@v4 + # with: + # name: unsigned-bundle-with-reattached-signed-burn-engine + # - name: Sign bundle + # run: osslsigncode sign -pkcs11module /srv/codesign/certum/sc30pkcs11-3.0.6.71-MS.so -pkcs11cert ${{ secrets.CODESIGN_KEYID }} -key ${{ secrets.CODESIGN_KEYID }} -pass ${{ secrets.CODESIGN_PIN }} -h sha256 -t http://time.certum.pl/ -in defguard-client-reattached.exe -out defguard-client-signed.exe + # - name: Upload installer asset + # uses: actions/upload-release-asset@v1 + # env: + # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + # with: + # upload_url: ${{ needs.create-release.outputs.upload_url }} + # asset_path: defguard-client-signed.exe + # asset_name: defguard-client_${{ env.VERSION }}_x64_en-US.exe + # asset_content_type: application/octet-stream diff --git a/.github/workflows/sbom-regenerate.yml b/.github/workflows/sbom-regenerate.yml index d3c7522c..3ecb2e6e 100644 --- a/.github/workflows/sbom-regenerate.yml +++ b/.github/workflows/sbom-regenerate.yml @@ -17,7 +17,9 @@ jobs: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | RELEASES_JSON=$(gh api repos/${{ github.repository }}/releases \ - --jq '[.[] | select(.draft == false) | {tagName: .tag_name, uploadUrl: .upload_url}][:1]') + --jq '[.[] + | select(.draft == false and (.tag_name | test("^v[0-9]+\\.[0-9]+\\.[0-9]+$"))) + | {tagName: .tag_name, uploadUrl: .upload_url}][:1]') echo "releases=$RELEASES_JSON" >> $GITHUB_OUTPUT regenerate-for-release: name: Regenerate SBOM for release diff --git a/README.md b/README.md index 3d94ae36..64c52278 100644 --- a/README.md +++ b/README.md @@ -72,12 +72,6 @@ Built packages are available after in `src-tauri/target/release/bundle`. Remove `default-run` line from `[package]` section in `Cargo.toml` to build the project. -# Built and sponsored by - -

- build by teonite -

- # Legal WireGuard® is [registered trademarks](https://www.wireguard.com/trademark-policy/) of Jason A. Donenfeld. diff --git a/nix/package.nix b/nix/package.nix index cad9c48b..0ec4456a 100644 --- a/nix/package.nix +++ b/nix/package.nix @@ -6,7 +6,7 @@ makeDesktopItem, }: let pname = "defguard-client"; - version = "1.5.1"; # TODO: Get this from Cargo.toml or git + version = "1.5.2"; # TODO: Get this from Cargo.toml or git desktopItem = makeDesktopItem { name = pname; diff --git a/package.json b/package.json index ee8a6109..f3cd54b6 100644 --- a/package.json +++ b/package.json @@ -1,7 +1,7 @@ { "name": "defguard-client", "private": false, - "version": "1.5.1", + "version": "1.5.2", "type": "module", "scripts": { "dev": "npm-run-all --parallel vite typesafe-i18n", @@ -132,4 +132,4 @@ "volta": { "node": "20.5.1" } -} +} \ No newline at end of file diff --git a/src-tauri/Cargo.lock b/src-tauri/Cargo.lock index 778c9e01..3c7eba8d 100644 --- a/src-tauri/Cargo.lock +++ b/src-tauri/Cargo.lock @@ -909,7 +909,7 @@ dependencies = [ [[package]] name = "common" -version = "1.5.1" +version = "1.5.2" dependencies = [ "nix", ] @@ -1263,7 +1263,7 @@ checksum = "be1e0bca6c3637f992fc1cc7cbc52a78c1ef6db076dbf1059c4323d6a2048376" [[package]] name = "defguard-client" -version = "1.5.1" +version = "1.5.2" dependencies = [ "anyhow", "base64 0.22.1", @@ -1293,6 +1293,7 @@ dependencies = [ "tauri-plugin-deep-link", "tauri-plugin-dialog", "tauri-plugin-fs", + "tauri-plugin-global-shortcut", "tauri-plugin-http", "tauri-plugin-log", "tauri-plugin-notification", @@ -1321,7 +1322,7 @@ dependencies = [ [[package]] name = "defguard-dg" -version = "1.5.1" +version = "1.5.2" dependencies = [ "clap", "common", @@ -2298,6 +2299,24 @@ version = "0.3.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0cc23270f6e1808e30a928bdc84dea0b9b4136a8bc82338574f23baf47bbd280" +[[package]] +name = "global-hotkey" +version = "0.7.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b9247516746aa8e53411a0db9b62b0e24efbcf6a76e0ba73e5a91b512ddabed7" +dependencies = [ + "crossbeam-channel", + "keyboard-types", + "objc2 0.6.2", + "objc2-app-kit", + "once_cell", + "serde", + "thiserror 2.0.16", + "windows-sys 0.59.0", + "x11rb", + "xkeysym", +] + [[package]] name = "gloo-timers" version = "0.3.0" @@ -2428,12 +2447,6 @@ dependencies = [ "foldhash", ] -[[package]] -name = "hashbrown" -version = "0.16.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5419bdc4f6a9207fbeba6d11b604d481addf78ecd10c11ad51e76c2f6482748d" - [[package]] name = "hashlink" version = "0.10.0" @@ -2826,7 +2839,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "4b0f83760fb341a774ed326568e19f5a863af4a952def8c39f9ab92fd95b88e5" dependencies = [ "equivalent", - "hashbrown 0.16.0", + "hashbrown 0.15.5", "serde", "serde_core", ] @@ -6297,6 +6310,21 @@ dependencies = [ "url", ] +[[package]] +name = "tauri-plugin-global-shortcut" +version = "2.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6df9f0f7bf2fe768b85fee4951c2505a35b72c44df1f6403e74e110bc13c5f58" +dependencies = [ + "global-hotkey", + "log", + "serde", + "serde_json", + "tauri", + "tauri-plugin", + "thiserror 2.0.16", +] + [[package]] name = "tauri-plugin-http" version = "2.5.2" @@ -8437,6 +8465,12 @@ dependencies = [ "zeroize", ] +[[package]] +name = "xkeysym" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b9cc00251562a284751c9973bace760d86c0276c471b4be569fe6b068ee97a56" + [[package]] name = "yoke" version = "0.8.0" diff --git a/src-tauri/Cargo.toml b/src-tauri/Cargo.toml index e7ec0f43..85b570e7 100644 --- a/src-tauri/Cargo.toml +++ b/src-tauri/Cargo.toml @@ -31,7 +31,7 @@ edition = "2021" homepage = "https://github.com/DefGuard/client" license-file = "../LICENSE.md" rust-version = "1.80" -version = "1.5.1" +version = "1.5.2" [package] name = "defguard-client" @@ -110,6 +110,7 @@ x25519-dalek = { version = "2", features = [ "serde", "static_secrets", ] } +tauri-plugin-global-shortcut = "2.3.0" [target.'cfg(unix)'.dependencies] hyper-util = "0.1" diff --git a/src-tauri/src/bin/defguard-client.rs b/src-tauri/src/bin/defguard-client.rs index c9a337d3..76514a4a 100644 --- a/src-tauri/src/bin/defguard-client.rs +++ b/src-tauri/src/bin/defguard-client.rs @@ -28,6 +28,7 @@ use log::{Level, LevelFilter}; #[cfg(target_os = "macos")] use tauri::{process, Env}; use tauri::{AppHandle, Builder, Manager, RunEvent, WindowEvent}; +use tauri_plugin_global_shortcut::{Code, GlobalShortcutExt, Modifiers, Shortcut, ShortcutState}; use tauri_plugin_log::{Target, TargetKind}; #[macro_use] @@ -263,6 +264,20 @@ fn main() { .build(), )?; + // Setup ctrl-q keyboard shortcut + let ctrl_q_shortcut = Shortcut::new(Some(Modifiers::CONTROL), Code::KeyQ); + app_handle.plugin( + tauri_plugin_global_shortcut::Builder::new() + .with_handler(move |app, shortcut, event| { + if shortcut == &ctrl_q_shortcut && event.state() == ShortcutState::Pressed { + info!("Ctrl-Q pressed, closing active connections and exiting"); + app.exit(0); + } + }) + .build(), + )?; + app.global_shortcut().register(ctrl_q_shortcut)?; + let state = AppState::new(config); app.manage(state); diff --git a/src-tauri/tauri.conf.json b/src-tauri/tauri.conf.json index a9a3ed85..8c9b8904 100644 --- a/src-tauri/tauri.conf.json +++ b/src-tauri/tauri.conf.json @@ -72,7 +72,7 @@ "productName": "defguard-client", "mainBinaryName": "defguard-client", "identifier": "net.defguard", - "version": "1.5.1", + "version": "1.5.2", "app": { "security": { "capabilities": [ @@ -107,4 +107,4 @@ } } } -} +} \ No newline at end of file