From 59dd431da2dfc4ab7cc7bc425e688850f465e987 Mon Sep 17 00:00:00 2001
From: jakub-tldr <78603704+jakub-tldr@users.noreply.github.com>
Date: Sun, 23 Nov 2025 22:37:39 +0100
Subject: [PATCH 01/18] update aur repo to 1.5.2
---
.github/workflows/release.yaml | 798 +++++++++++++++++----------------
1 file changed, 401 insertions(+), 397 deletions(-)
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 577a0b99..22afea4a 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -1,337 +1,339 @@
name: "Build app and create release"
on:
push:
- tags:
- - v*.*.*
+ # tags:
+ # - v*.*.*
+ branches:
+ - update_aur
jobs:
- create-release:
- name: create-release
- runs-on: self-hosted
- outputs:
- upload_url: ${{ steps.release.outputs.upload_url }}
- steps:
- - name: Create GitHub release
- id: release
- uses: softprops/action-gh-release@v2
- with:
- draft: true
- generate_release_notes: true
+ # create-release:
+ # name: create-release
+ # runs-on: self-hosted
+ # outputs:
+ # upload_url: ${{ steps.release.outputs.upload_url }}
+ # steps:
+ # - name: Create GitHub release
+ # id: release
+ # uses: softprops/action-gh-release@v2
+ # with:
+ # draft: true
+ # generate_release_notes: true
- create-sbom:
- needs: [create-release]
- uses: ./.github/workflows/sbom.yml
- with:
- upload_url: ${{ needs.create-release.outputs.upload_url }}
- ubuntu-22-04-build:
- needs:
- - create-release
- runs-on:
- - self-hosted
- - Linux
- - ${{ matrix.architecture }}
- strategy:
- fail-fast: false
- matrix:
- architecture: [ARM64, X64]
- include:
- - architecture: ARM64
- deb_arch: arm64
- binary_arch: aarch64
- - architecture: X64
- deb_arch: amd64
- binary_arch: x86_64
- container:
- image: ubuntu:22.04
- env:
- DEBIAN_FRONTEND: noninteractive
- HOME: /root
- RUSTUP_HOME: /root/.rustup
- CARGO_HOME: /root/.cargo
- steps:
- - name: git install
- run: |
- apt-get update
- apt-get install -y git curl ca-certificates
- git config --global --add safe.directory '*'
- - uses: actions/checkout@v5
- with:
- submodules: "recursive"
- - uses: pnpm/action-setup@v4
- with:
- version: 10.17
- run_install: false
- - uses: actions/setup-node@v5
- with:
- node-version: "24"
- - name: Get pnpm store directory
- run: |
- echo "STORE_PATH=$(pnpm store path --silent)" >> ${GITHUB_ENV}
- - name: Write release version
- run: |
- VERSION=$(echo ${GITHUB_REF_NAME#v} | cut -d '-' -f1)
- echo Version: $VERSION
- echo "VERSION=$VERSION" >> ${GITHUB_ENV}
- - uses: actions/cache@v4
- name: Setup pnpm cache
- with:
- path: ${{ env.STORE_PATH }}
- key: ${{ runner.os }}-pnpm-build-store-${{ hashFiles('**/pnpm-lock.yaml') }}
- restore-keys: |
- ${{ runner.os }}-pnpm-build-store-
- - name: Install Node dependencies
- run: pnpm install --frozen-lockfile
- - uses: dtolnay/rust-toolchain@stable
- - name: Install dependencies
- run: |
- apt-get install -y build-essential libgtk-3-dev libwebkit2gtk-4.1-dev libayatana-appindicator3-dev librsvg2-dev patchelf libssl-dev libxdo-dev unzip protobuf-compiler libprotobuf-dev rpm
- - name: Build packages
- uses: tauri-apps/tauri-action@v0.5.23
- env:
- GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- with:
- args: "--bundles deb"
- - name: Upload DEB
- uses: actions/upload-release-asset@v1
- env:
- GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- with:
- upload_url: ${{ needs.create-release.outputs.upload_url }}
- asset_path: src-tauri/target/release/bundle/deb/defguard-client_${{ env.VERSION }}_${{ matrix.deb_arch }}.deb
- asset_name: defguard-client_${{ env.VERSION }}_${{ matrix.deb_arch }}_ubuntu-22-04-lts.deb
- asset_content_type: application/octet-stream
- - name: Install ruby with deb-s3
- if: matrix.build != 'freebsd'
- run: |
- apt-get install -y ruby
- gem install deb-s3
- echo "$(ruby -r rubygems -e 'puts Gem.user_dir')/bin" >> $GITHUB_PATH
- - name: Upload DEB to APT repository
- run: |
- COMPONENT=$([[ "${{ github.ref_name }}" == *"-"* ]] && echo "pre-release" || echo "release") # if tag contain "-" assume it's pre-release.
+ # create-sbom:
+ # needs: [create-release]
+ # uses: ./.github/workflows/sbom.yml
+ # with:
+ # upload_url: ${{ needs.create-release.outputs.upload_url }}
+ # ubuntu-22-04-build:
+ # needs:
+ # - create-release
+ # runs-on:
+ # - self-hosted
+ # - Linux
+ # - ${{ matrix.architecture }}
+ # strategy:
+ # fail-fast: false
+ # matrix:
+ # architecture: [ARM64, X64]
+ # include:
+ # - architecture: ARM64
+ # deb_arch: arm64
+ # binary_arch: aarch64
+ # - architecture: X64
+ # deb_arch: amd64
+ # binary_arch: x86_64
+ # container:
+ # image: ubuntu:22.04
+ # env:
+ # DEBIAN_FRONTEND: noninteractive
+ # HOME: /root
+ # RUSTUP_HOME: /root/.rustup
+ # CARGO_HOME: /root/.cargo
+ # steps:
+ # - name: git install
+ # run: |
+ # apt-get update
+ # apt-get install -y git curl ca-certificates
+ # git config --global --add safe.directory '*'
+ # - uses: actions/checkout@v5
+ # with:
+ # submodules: "recursive"
+ # - uses: pnpm/action-setup@v4
+ # with:
+ # version: 10.17
+ # run_install: false
+ # - uses: actions/setup-node@v5
+ # with:
+ # node-version: "24"
+ # - name: Get pnpm store directory
+ # run: |
+ # echo "STORE_PATH=$(pnpm store path --silent)" >> ${GITHUB_ENV}
+ # - name: Write release version
+ # run: |
+ # VERSION=$(echo ${GITHUB_REF_NAME#v} | cut -d '-' -f1)
+ # echo Version: $VERSION
+ # echo "VERSION=$VERSION" >> ${GITHUB_ENV}
+ # - uses: actions/cache@v4
+ # name: Setup pnpm cache
+ # with:
+ # path: ${{ env.STORE_PATH }}
+ # key: ${{ runner.os }}-pnpm-build-store-${{ hashFiles('**/pnpm-lock.yaml') }}
+ # restore-keys: |
+ # ${{ runner.os }}-pnpm-build-store-
+ # - name: Install Node dependencies
+ # run: pnpm install --frozen-lockfile
+ # - uses: dtolnay/rust-toolchain@stable
+ # - name: Install dependencies
+ # run: |
+ # apt-get install -y build-essential libgtk-3-dev libwebkit2gtk-4.1-dev libayatana-appindicator3-dev librsvg2-dev patchelf libssl-dev libxdo-dev unzip protobuf-compiler libprotobuf-dev rpm
+ # - name: Build packages
+ # uses: tauri-apps/tauri-action@v0.5.23
+ # env:
+ # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ # with:
+ # args: "--bundles deb"
+ # - name: Upload DEB
+ # uses: actions/upload-release-asset@v1
+ # env:
+ # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ # with:
+ # upload_url: ${{ needs.create-release.outputs.upload_url }}
+ # asset_path: src-tauri/target/release/bundle/deb/defguard-client_${{ env.VERSION }}_${{ matrix.deb_arch }}.deb
+ # asset_name: defguard-client_${{ env.VERSION }}_${{ matrix.deb_arch }}_ubuntu-22-04-lts.deb
+ # asset_content_type: application/octet-stream
+ # - name: Install ruby with deb-s3
+ # if: matrix.build != 'freebsd'
+ # run: |
+ # apt-get install -y ruby
+ # gem install deb-s3
+ # echo "$(ruby -r rubygems -e 'puts Gem.user_dir')/bin" >> $GITHUB_PATH
+ # - name: Upload DEB to APT repository
+ # run: |
+ # COMPONENT=$([[ "${{ github.ref_name }}" == *"-"* ]] && echo "pre-release" || echo "release") # if tag contain "-" assume it's pre-release.
- deb-s3 upload -l --bucket=apt.defguard.net --access-key-id=${{ secrets.AWS_ACCESS_KEY_APT }} --secret-access-key=${{ secrets.AWS_SECRET_KEY_APT }} --s3-region=eu-north-1 --no-fail-if-exists --codename=bookworm --component="$COMPONENT" src-tauri/target/release/bundle/deb/defguard-client_${{ env.VERSION }}_${{ matrix.deb_arch }}.deb
+ # deb-s3 upload -l --bucket=apt.defguard.net --access-key-id=${{ secrets.AWS_ACCESS_KEY_APT }} --secret-access-key=${{ secrets.AWS_SECRET_KEY_APT }} --s3-region=eu-north-1 --no-fail-if-exists --codename=bookworm --component="$COMPONENT" src-tauri/target/release/bundle/deb/defguard-client_${{ env.VERSION }}_${{ matrix.deb_arch }}.deb
- build-linux:
- needs:
- - create-release
- outputs:
- deb_sha256_amd64: ${{ steps.calculate-sha256.outputs.deb_sha256_amd64 }}
- runs-on:
- - self-hosted
- - Linux
- - ${{ matrix.architecture }}
- strategy:
- fail-fast: false
- matrix:
- architecture: [ARM64, X64]
- include:
- - architecture: ARM64
- deb_arch: arm64
- binary_arch: aarch64
- - architecture: X64
- deb_arch: amd64
- binary_arch: x86_64
- steps:
- - uses: actions/checkout@v5
- with:
- submodules: "recursive"
- - name: Write release version
- run: |
- VERSION=$(echo ${GITHUB_REF_NAME#v} | cut -d '-' -f1)
- echo Version: $VERSION
- echo "VERSION=$VERSION" >> ${GITHUB_ENV}
- - uses: actions/setup-node@v5
- with:
- node-version: "24"
- - uses: pnpm/action-setup@v4
- with:
- version: 10.17
- run_install: false
- - name: Get pnpm store directory
- shell: bash
- run: |
- echo "STORE_PATH=$(pnpm store path --silent)" >> ${GITHUB_ENV}
- - uses: actions/cache@v4
- name: Setup pnpm cache
- with:
- path: ${{ env.STORE_PATH }}
- key: ${{ runner.os }}-pnpm-build-store-${{ hashFiles('**/pnpm-lock.yaml') }}
- restore-keys: |
- ${{ runner.os }}-pnpm-build-store-
- - name: Install Node dependencies
- run: pnpm install --frozen-lockfile
- - uses: dtolnay/rust-toolchain@stable
- - name: Install Linux dependencies
- run: |
- sudo apt-get update
- sudo apt-get install -y libgtk-3-dev libwebkit2gtk-4.1-dev libayatana-appindicator3-dev librsvg2-dev patchelf libssl-dev libxdo-dev unzip protobuf-compiler libprotobuf-dev rpm
- - name: Build packages
- uses: tauri-apps/tauri-action@v0.5.23 # .24 seems broken, TODO: update when fixed
- env:
- GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- with:
- args: "--bundles deb,rpm"
- - name: Calculate DEB SHA256
- id: calculate-sha256
- if: matrix.deb_arch == 'amd64'
- run: |
- DEB_FILE="src-tauri/target/release/bundle/deb/defguard-client_${{ env.VERSION }}_${{ matrix.deb_arch }}.deb"
- DEB_SHA256=$(sha256sum "$DEB_FILE" | cut -d ' ' -f1)
- echo "DEB SHA256: $DEB_SHA256"
- echo "DEB_SHA256=$DEB_SHA256" >> ${GITHUB_ENV}
- echo "deb_sha256_${{ matrix.deb_arch }}=$DEB_SHA256" >> ${GITHUB_OUTPUT}
- - name: Upload RPM
- uses: actions/upload-release-asset@v1
- env:
- GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- with:
- upload_url: ${{ needs.create-release.outputs.upload_url }}
- asset_path: src-tauri/target/release/bundle/rpm/defguard-client-${{ env.VERSION }}-1.${{ matrix.binary_arch }}.rpm
- asset_name: defguard-client-${{ env.VERSION }}-1.${{ matrix.binary_arch }}.rpm
- asset_content_type: application/octet-stream
- - name: Upload DEB
- uses: actions/upload-release-asset@v1
- env:
- GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- with:
- upload_url: ${{ needs.create-release.outputs.upload_url }}
- asset_path: src-tauri/target/release/bundle/deb/defguard-client_${{ env.VERSION }}_${{ matrix.deb_arch }}.deb
- asset_name: defguard-client_${{ env.VERSION }}_${{ matrix.deb_arch }}.deb
- asset_content_type: application/octet-stream
- - name: Install ruby with deb-s3
- if: matrix.build != 'freebsd'
- run: |
- sudo apt-get install -y ruby
- gem install deb-s3
- echo "$(ruby -r rubygems -e 'puts Gem.user_dir')/bin" >> $GITHUB_PATH
- - name: Upload DEB to APT repository #Add this to ubuntu 22.04 job (on merge dev -> main) with --codename=bookworm
- run: |
- COMPONENT=$([[ "${{ github.ref_name }}" == *"-"* ]] && echo "pre-release" || echo "release") # if tag contain "-" assume it's pre-release.
- deb-s3 upload -l --bucket=apt.defguard.net --access-key-id=${{ secrets.AWS_ACCESS_KEY_APT }} --secret-access-key=${{ secrets.AWS_SECRET_KEY_APT }} --s3-region=eu-north-1 --no-fail-if-exists --codename=trixie --component="$COMPONENT" src-tauri/target/release/bundle/deb/defguard-client_${{ env.VERSION }}_${{ matrix.deb_arch }}.deb
- - name: Rename client binary
- run: mv src-tauri/target/release/defguard-client defguard-client-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}
- - name: Tar client binary
- uses: a7ul/tar-action@v1.2.0
- with:
- command: c
- files: |
- defguard-client-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}
- outPath: defguard-client-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.tar.gz
- - name: Upload client archive
- uses: actions/upload-release-asset@v1
- env:
- GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- with:
- upload_url: ${{ needs.create-release.outputs.upload_url }}
- asset_path: defguard-client-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.tar.gz
- asset_name: defguard-client-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.tar.gz
- asset_content_type: application/octet-stream
- - name: Rename daemon binary
- run: mv src-tauri/target/release/defguard-service defguard-service-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}
- - name: Tar daemon binary
- uses: a7ul/tar-action@v1.2.0
- with:
- command: c
- files: |
- defguard-service-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}
- outPath: defguard-service-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.tar.gz
- - name: Upload daemon archive
- uses: actions/upload-release-asset@v1
- env:
- GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- with:
- upload_url: ${{ needs.create-release.outputs.upload_url }}
- asset_path: defguard-service-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.tar.gz
- asset_name: defguard-service-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.tar.gz
- asset_content_type: application/octet-stream
+ # build-linux:
+ # needs:
+ # - create-release
+ # outputs:
+ # deb_sha256_amd64: ${{ steps.calculate-sha256.outputs.deb_sha256_amd64 }}
+ # runs-on:
+ # - self-hosted
+ # - Linux
+ # - ${{ matrix.architecture }}
+ # strategy:
+ # fail-fast: false
+ # matrix:
+ # architecture: [ARM64, X64]
+ # include:
+ # - architecture: ARM64
+ # deb_arch: arm64
+ # binary_arch: aarch64
+ # - architecture: X64
+ # deb_arch: amd64
+ # binary_arch: x86_64
+ # steps:
+ # - uses: actions/checkout@v5
+ # with:
+ # submodules: "recursive"
+ # - name: Write release version
+ # run: |
+ # VERSION=$(echo ${GITHUB_REF_NAME#v} | cut -d '-' -f1)
+ # echo Version: $VERSION
+ # echo "VERSION=$VERSION" >> ${GITHUB_ENV}
+ # - uses: actions/setup-node@v5
+ # with:
+ # node-version: "24"
+ # - uses: pnpm/action-setup@v4
+ # with:
+ # version: 10.17
+ # run_install: false
+ # - name: Get pnpm store directory
+ # shell: bash
+ # run: |
+ # echo "STORE_PATH=$(pnpm store path --silent)" >> ${GITHUB_ENV}
+ # - uses: actions/cache@v4
+ # name: Setup pnpm cache
+ # with:
+ # path: ${{ env.STORE_PATH }}
+ # key: ${{ runner.os }}-pnpm-build-store-${{ hashFiles('**/pnpm-lock.yaml') }}
+ # restore-keys: |
+ # ${{ runner.os }}-pnpm-build-store-
+ # - name: Install Node dependencies
+ # run: pnpm install --frozen-lockfile
+ # - uses: dtolnay/rust-toolchain@stable
+ # - name: Install Linux dependencies
+ # run: |
+ # sudo apt-get update
+ # sudo apt-get install -y libgtk-3-dev libwebkit2gtk-4.1-dev libayatana-appindicator3-dev librsvg2-dev patchelf libssl-dev libxdo-dev unzip protobuf-compiler libprotobuf-dev rpm
+ # - name: Build packages
+ # uses: tauri-apps/tauri-action@v0.5.23 # .24 seems broken, TODO: update when fixed
+ # env:
+ # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ # with:
+ # args: "--bundles deb,rpm"
+ # - name: Calculate DEB SHA256
+ # id: calculate-sha256
+ # if: matrix.deb_arch == 'amd64'
+ # run: |
+ # DEB_FILE="src-tauri/target/release/bundle/deb/defguard-client_${{ env.VERSION }}_${{ matrix.deb_arch }}.deb"
+ # DEB_SHA256=$(sha256sum "$DEB_FILE" | cut -d ' ' -f1)
+ # echo "DEB SHA256: $DEB_SHA256"
+ # echo "DEB_SHA256=$DEB_SHA256" >> ${GITHUB_ENV}
+ # echo "deb_sha256_${{ matrix.deb_arch }}=$DEB_SHA256" >> ${GITHUB_OUTPUT}
+ # - name: Upload RPM
+ # uses: actions/upload-release-asset@v1
+ # env:
+ # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ # with:
+ # upload_url: ${{ needs.create-release.outputs.upload_url }}
+ # asset_path: src-tauri/target/release/bundle/rpm/defguard-client-${{ env.VERSION }}-1.${{ matrix.binary_arch }}.rpm
+ # asset_name: defguard-client-${{ env.VERSION }}-1.${{ matrix.binary_arch }}.rpm
+ # asset_content_type: application/octet-stream
+ # - name: Upload DEB
+ # uses: actions/upload-release-asset@v1
+ # env:
+ # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ # with:
+ # upload_url: ${{ needs.create-release.outputs.upload_url }}
+ # asset_path: src-tauri/target/release/bundle/deb/defguard-client_${{ env.VERSION }}_${{ matrix.deb_arch }}.deb
+ # asset_name: defguard-client_${{ env.VERSION }}_${{ matrix.deb_arch }}.deb
+ # asset_content_type: application/octet-stream
+ # - name: Install ruby with deb-s3
+ # if: matrix.build != 'freebsd'
+ # run: |
+ # sudo apt-get install -y ruby
+ # gem install deb-s3
+ # echo "$(ruby -r rubygems -e 'puts Gem.user_dir')/bin" >> $GITHUB_PATH
+ # - name: Upload DEB to APT repository #Add this to ubuntu 22.04 job (on merge dev -> main) with --codename=bookworm
+ # run: |
+ # COMPONENT=$([[ "${{ github.ref_name }}" == *"-"* ]] && echo "pre-release" || echo "release") # if tag contain "-" assume it's pre-release.
+ # deb-s3 upload -l --bucket=apt.defguard.net --access-key-id=${{ secrets.AWS_ACCESS_KEY_APT }} --secret-access-key=${{ secrets.AWS_SECRET_KEY_APT }} --s3-region=eu-north-1 --no-fail-if-exists --codename=trixie --component="$COMPONENT" src-tauri/target/release/bundle/deb/defguard-client_${{ env.VERSION }}_${{ matrix.deb_arch }}.deb
+ # - name: Rename client binary
+ # run: mv src-tauri/target/release/defguard-client defguard-client-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}
+ # - name: Tar client binary
+ # uses: a7ul/tar-action@v1.2.0
+ # with:
+ # command: c
+ # files: |
+ # defguard-client-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}
+ # outPath: defguard-client-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.tar.gz
+ # - name: Upload client archive
+ # uses: actions/upload-release-asset@v1
+ # env:
+ # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ # with:
+ # upload_url: ${{ needs.create-release.outputs.upload_url }}
+ # asset_path: defguard-client-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.tar.gz
+ # asset_name: defguard-client-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.tar.gz
+ # asset_content_type: application/octet-stream
+ # - name: Rename daemon binary
+ # run: mv src-tauri/target/release/defguard-service defguard-service-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}
+ # - name: Tar daemon binary
+ # uses: a7ul/tar-action@v1.2.0
+ # with:
+ # command: c
+ # files: |
+ # defguard-service-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}
+ # outPath: defguard-service-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.tar.gz
+ # - name: Upload daemon archive
+ # uses: actions/upload-release-asset@v1
+ # env:
+ # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ # with:
+ # upload_url: ${{ needs.create-release.outputs.upload_url }}
+ # asset_path: defguard-service-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.tar.gz
+ # asset_name: defguard-service-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.tar.gz
+ # asset_content_type: application/octet-stream
- - name: Rename dg binary
- run: mv src-tauri/target/release/dg dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}
- - name: Tar dg binary
- uses: a7ul/tar-action@v1.2.0
- with:
- command: c
- files: |
- dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}
- outPath: dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.tar.gz
- - name: Upload dg archive
- uses: actions/upload-release-asset@v1
- env:
- GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- with:
- upload_url: ${{ needs.create-release.outputs.upload_url }}
- asset_path: dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.tar.gz
- asset_name: dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.tar.gz
- asset_content_type: application/octet-stream
- - name: Build dg deb
- uses: defGuard/fpm-action@main
- with:
- fpm_args: "dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}=/usr/sbin/dg dg.service=/usr/lib/systemd/system/dg.service src-tauri/cli/.env=/etc/defguard/dg.conf"
- fpm_opts: "--architecture ${{ matrix.binary_arch }} --debug --output-type deb --version ${{ env.VERSION }} --package dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.deb"
- - name: Upload DEB
- uses: actions/upload-release-asset@v1.0.2
- env:
- GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- with:
- upload_url: ${{ needs.create-release.outputs.upload_url }}
- asset_path: dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.deb
- asset_name: dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.deb
- asset_content_type: application/octet-stream
- - name: Build dg rpm
- uses: defGuard/fpm-action@main
- with:
- fpm_args: "dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}=/usr/sbin/dg dg.service=/usr/lib/systemd/system/dg.service src-tauri/cli/.env=/etc/defguard/dg.conf"
- fpm_opts: "--architecture ${{ matrix.binary_arch }} --debug --output-type rpm --version ${{ env.VERSION }} --package dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.rpm"
- - name: Upload RPM
- uses: actions/upload-release-asset@v1.0.2
- env:
- GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- with:
- upload_url: ${{ needs.create-release.outputs.upload_url }}
- asset_path: dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.rpm
- asset_name: dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.rpm
- asset_content_type: application/octet-stream
+ # - name: Rename dg binary
+ # run: mv src-tauri/target/release/dg dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}
+ # - name: Tar dg binary
+ # uses: a7ul/tar-action@v1.2.0
+ # with:
+ # command: c
+ # files: |
+ # dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}
+ # outPath: dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.tar.gz
+ # - name: Upload dg archive
+ # uses: actions/upload-release-asset@v1
+ # env:
+ # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ # with:
+ # upload_url: ${{ needs.create-release.outputs.upload_url }}
+ # asset_path: dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.tar.gz
+ # asset_name: dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.tar.gz
+ # asset_content_type: application/octet-stream
+ # - name: Build dg deb
+ # uses: defGuard/fpm-action@main
+ # with:
+ # fpm_args: "dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}=/usr/sbin/dg dg.service=/usr/lib/systemd/system/dg.service src-tauri/cli/.env=/etc/defguard/dg.conf"
+ # fpm_opts: "--architecture ${{ matrix.binary_arch }} --debug --output-type deb --version ${{ env.VERSION }} --package dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.deb"
+ # - name: Upload DEB
+ # uses: actions/upload-release-asset@v1.0.2
+ # env:
+ # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ # with:
+ # upload_url: ${{ needs.create-release.outputs.upload_url }}
+ # asset_path: dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.deb
+ # asset_name: dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.deb
+ # asset_content_type: application/octet-stream
+ # - name: Build dg rpm
+ # uses: defGuard/fpm-action@main
+ # with:
+ # fpm_args: "dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}=/usr/sbin/dg dg.service=/usr/lib/systemd/system/dg.service src-tauri/cli/.env=/etc/defguard/dg.conf"
+ # fpm_opts: "--architecture ${{ matrix.binary_arch }} --debug --output-type rpm --version ${{ env.VERSION }} --package dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.rpm"
+ # - name: Upload RPM
+ # uses: actions/upload-release-asset@v1.0.2
+ # env:
+ # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ # with:
+ # upload_url: ${{ needs.create-release.outputs.upload_url }}
+ # asset_path: dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.rpm
+ # asset_name: dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.rpm
+ # asset_content_type: application/octet-stream
- apt-sign:
- needs: #Add needs: -ubuntu-22-04-build (on merge dev -> main)
- - build-linux
- runs-on:
- - self-hosted
- - Linux
- - X64
- steps:
- - name: Sign APT repository
- run: |
- export AWS_ACCESS_KEY_ID=${{ secrets.AWS_ACCESS_KEY_APT }}
- export AWS_SECRET_ACCESS_KEY=${{ secrets.AWS_SECRET_KEY_APT }}
- export AWS_REGION=eu-north-1
- sudo apt update -y
- sudo apt install -y awscli curl jq
+ # apt-sign:
+ # needs: #Add needs: -ubuntu-22-04-build (on merge dev -> main)
+ # - build-linux
+ # runs-on:
+ # - self-hosted
+ # - Linux
+ # - X64
+ # steps:
+ # - name: Sign APT repository
+ # run: |
+ # export AWS_ACCESS_KEY_ID=${{ secrets.AWS_ACCESS_KEY_APT }}
+ # export AWS_SECRET_ACCESS_KEY=${{ secrets.AWS_SECRET_KEY_APT }}
+ # export AWS_REGION=eu-north-1
+ # sudo apt update -y
+ # sudo apt install -y awscli curl jq
- for DIST in trixie bookworm; do
- aws s3 cp s3://apt.defguard.net/dists/${DIST}/Release .
+ # for DIST in trixie bookworm; do
+ # aws s3 cp s3://apt.defguard.net/dists/${DIST}/Release .
- curl -X POST "${{ secrets.DEFGUARD_SIGNING_URL }}?signature_type=both" \
- -H "Authorization: Bearer ${{ secrets.DEFGUARD_SIGNING_API_KEY }}" \
- -F "file=@Release" \
- -o response.json
+ # curl -X POST "${{ secrets.DEFGUARD_SIGNING_URL }}?signature_type=both" \
+ # -H "Authorization: Bearer ${{ secrets.DEFGUARD_SIGNING_API_KEY }}" \
+ # -F "file=@Release" \
+ # -o response.json
- cat response.json | jq -r '.files["Release.gpg"].content' | base64 --decode > Release.gpg
- cat response.json | jq -r '.files.Release.content' | base64 --decode > InRelease
+ # cat response.json | jq -r '.files["Release.gpg"].content' | base64 --decode > Release.gpg
+ # cat response.json | jq -r '.files.Release.content' | base64 --decode > InRelease
- aws s3 cp Release.gpg s3://apt.defguard.net/dists/${DIST}/ --acl public-read
- aws s3 cp InRelease s3://apt.defguard.net/dists/${DIST}/ --acl public-read
+ # aws s3 cp Release.gpg s3://apt.defguard.net/dists/${DIST}/ --acl public-read
+ # aws s3 cp InRelease s3://apt.defguard.net/dists/${DIST}/ --acl public-read
- done
- (aws s3 ls s3://apt.defguard.net/dists/ --recursive; aws s3 ls s3://apt.defguard.net/pool/ --recursive) | awk '{print ""$4"
"}' > index.html
- aws s3 cp index.html s3://apt.defguard.net/ --acl public-read
+ # done
+ # (aws s3 ls s3://apt.defguard.net/dists/ --recursive; aws s3 ls s3://apt.defguard.net/pool/ --recursive) | awk '{print ""$4"
"}' > index.html
+ # aws s3 cp index.html s3://apt.defguard.net/ --acl public-read
update-aur:
needs:
- - create-release
- - build-linux
- if: "!contains(github.ref_name, '-')"
+ # - create-release
+ # - build-linux
+ # if: "!contains(github.ref_name, '-')"
runs-on:
- self-hosted
- Linux
@@ -370,12 +372,14 @@ jobs:
- name: Update PKGBUILD version
run: |
cd aur-repo
- VERSION=$(echo ${GITHUB_REF_NAME#v} | cut -d '-' -f1)
+ # VERSION=$(echo ${GITHUB_REF_NAME#v} | cut -d '-' -f1)
+ VERSION="1.5.2"
echo "Updating to version: $VERSION"
sed -i "s/^pkgver=.*/pkgver=$VERSION/" PKGBUILD
- AMD64_SHA="${{ needs.build-linux.outputs.deb_sha256_amd64 }}"
+ # AMD64_SHA="${{ needs.build-linux.outputs.deb_sha256_amd64 }}"
+ AMD64_SHA="7d9bc8974e6d9f0946167267cd9f84589b9766a706d50a77777fdfe013011269"
echo "AMD64 DEB SHA256: $AMD64_SHA"
sed -i "s/^sha256sums_x86_64=.*/sha256sums_x86_64=('$AMD64_SHA')/" PKGBUILD
@@ -396,83 +400,83 @@ jobs:
cat .SRCINFO
# Builds Windows MSI and uploads it as artifact
- build-windows:
- needs:
- - create-release
- runs-on: windows-latest
- steps:
- - uses: actions/checkout@v5
- with:
- submodules: "recursive"
- - name: Write release version
- run: |
- $env:VERSION=echo ($env:GITHUB_REF_NAME.Substring(1) -Split "-")[0]
- echo Version: $env:VERSION
- echo "VERSION=$env:VERSION" >> $env:GITHUB_ENV
- - uses: actions/setup-node@v6
- with:
- node-version: "22"
- - uses: pnpm/action-setup@v4
- with:
- version: 10
- run_install: false
- - name: Get pnpm store directory
- shell: bash
- run: echo "STORE_PATH=$(pnpm store path --silent)" >> ${GITHUB_ENV}
- - uses: actions/cache@v4
- name: Setup pnpm cache
- with:
- path: ${{ env.STORE_PATH }}
- key: ${{ runner.os }}-pnpm-build-store-${{ hashFiles('**/pnpm-lock.yaml') }}
- restore-keys: |
- ${{ runner.os }}-pnpm-build-store-
- - name: Install deps
- run: pnpm install --frozen-lockfile
- - uses: dtolnay/rust-toolchain@stable
- - name: Install Protoc
- uses: arduino/setup-protoc@v3
- with:
- repo-token: ${{ secrets.GITHUB_TOKEN }}
- - name: Remove "default-run" line from Cargo.toml
- run: |
- Set-Content -Path ".\src-tauri\Cargo.toml" -Value (get-content -Path ".\src-tauri\Cargo.toml" | Select-String -Pattern 'default-run =' -NotMatch)
- - name: Build packages
- uses: tauri-apps/tauri-action@v0.5.23 # .24 seems broken, TODO: update when fixed
- env:
- GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- - name: Upload unsigned bundle
- uses: actions/upload-artifact@v4
- with:
- name: unsigned-bundle
- path: src-tauri/target/release/bundle/msi/defguard-client_${{ env.VERSION }}_x64_en-US.msi
+ # build-windows:
+ # needs:
+ # - create-release
+ # runs-on: windows-latest
+ # steps:
+ # - uses: actions/checkout@v5
+ # with:
+ # submodules: "recursive"
+ # - name: Write release version
+ # run: |
+ # $env:VERSION=echo ($env:GITHUB_REF_NAME.Substring(1) -Split "-")[0]
+ # echo Version: $env:VERSION
+ # echo "VERSION=$env:VERSION" >> $env:GITHUB_ENV
+ # - uses: actions/setup-node@v6
+ # with:
+ # node-version: "22"
+ # - uses: pnpm/action-setup@v4
+ # with:
+ # version: 10
+ # run_install: false
+ # - name: Get pnpm store directory
+ # shell: bash
+ # run: echo "STORE_PATH=$(pnpm store path --silent)" >> ${GITHUB_ENV}
+ # - uses: actions/cache@v4
+ # name: Setup pnpm cache
+ # with:
+ # path: ${{ env.STORE_PATH }}
+ # key: ${{ runner.os }}-pnpm-build-store-${{ hashFiles('**/pnpm-lock.yaml') }}
+ # restore-keys: |
+ # ${{ runner.os }}-pnpm-build-store-
+ # - name: Install deps
+ # run: pnpm install --frozen-lockfile
+ # - uses: dtolnay/rust-toolchain@stable
+ # - name: Install Protoc
+ # uses: arduino/setup-protoc@v3
+ # with:
+ # repo-token: ${{ secrets.GITHUB_TOKEN }}
+ # - name: Remove "default-run" line from Cargo.toml
+ # run: |
+ # Set-Content -Path ".\src-tauri\Cargo.toml" -Value (get-content -Path ".\src-tauri\Cargo.toml" | Select-String -Pattern 'default-run =' -NotMatch)
+ # - name: Build packages
+ # uses: tauri-apps/tauri-action@v0.5.23 # .24 seems broken, TODO: update when fixed
+ # env:
+ # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ # - name: Upload unsigned bundle
+ # uses: actions/upload-artifact@v4
+ # with:
+ # name: unsigned-bundle
+ # path: src-tauri/target/release/bundle/msi/defguard-client_${{ env.VERSION }}_x64_en-US.msi
- # Signs the MSI and uploads it as release asset
- sign-bundle:
- needs:
- - create-release
- - build-windows
- runs-on:
- - self-hosted
- - Linux
- - X64
- steps:
- - name: Write release version
- run: |
- VERSION=$(echo ${GITHUB_REF_NAME#v} | cut -d '-' -f1)
- echo Version: $VERSION
- echo "VERSION=$VERSION" >> ${GITHUB_ENV}
- - name: Download unsigned bundle
- uses: actions/download-artifact@v4
- with:
- name: unsigned-bundle
- - name: Sign bundle
- run: osslsigncode sign -pkcs11module /srv/codesign/certum/sc30pkcs11-3.0.6.71-MS.so -pkcs11cert ${{ secrets.CODESIGN_KEYID }} -key ${{ secrets.CODESIGN_KEYID }} -pass ${{ secrets.CODESIGN_PIN }} -h sha256 -t http://time.certum.pl/ -in defguard-client_${{ env.VERSION }}_x64_en-US.msi -out defguard-client-signed.msi
- - name: Upload installer asset
- uses: actions/upload-release-asset@v1
- env:
- GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- with:
- upload_url: ${{ needs.create-release.outputs.upload_url }}
- asset_path: defguard-client-signed.msi
- asset_name: defguard-client_${{ env.VERSION }}_x64_en-US.msi
- asset_content_type: application/octet-stream
+ # # Signs the MSI and uploads it as release asset
+ # sign-bundle:
+ # needs:
+ # - create-release
+ # - build-windows
+ # runs-on:
+ # - self-hosted
+ # - Linux
+ # - X64
+ # steps:
+ # - name: Write release version
+ # run: |
+ # VERSION=$(echo ${GITHUB_REF_NAME#v} | cut -d '-' -f1)
+ # echo Version: $VERSION
+ # echo "VERSION=$VERSION" >> ${GITHUB_ENV}
+ # - name: Download unsigned bundle
+ # uses: actions/download-artifact@v4
+ # with:
+ # name: unsigned-bundle
+ # - name: Sign bundle
+ # run: osslsigncode sign -pkcs11module /srv/codesign/certum/sc30pkcs11-3.0.6.71-MS.so -pkcs11cert ${{ secrets.CODESIGN_KEYID }} -key ${{ secrets.CODESIGN_KEYID }} -pass ${{ secrets.CODESIGN_PIN }} -h sha256 -t http://time.certum.pl/ -in defguard-client_${{ env.VERSION }}_x64_en-US.msi -out defguard-client-signed.msi
+ # - name: Upload installer asset
+ # uses: actions/upload-release-asset@v1
+ # env:
+ # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ # with:
+ # upload_url: ${{ needs.create-release.outputs.upload_url }}
+ # asset_path: defguard-client-signed.msi
+ # asset_name: defguard-client_${{ env.VERSION }}_x64_en-US.msi
+ # asset_content_type: application/octet-stream
From f11e448d5ccfece88328277c95b5d48cc3caad4e Mon Sep 17 00:00:00 2001
From: jakub-tldr <78603704+jakub-tldr@users.noreply.github.com>
Date: Sun, 23 Nov 2025 22:41:26 +0100
Subject: [PATCH 02/18] delete needs
---
.github/workflows/release.yaml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 22afea4a..cb74dfab 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -330,7 +330,7 @@ jobs:
# aws s3 cp index.html s3://apt.defguard.net/ --acl public-read
update-aur:
- needs:
+ # needs:
# - create-release
# - build-linux
# if: "!contains(github.ref_name, '-')"
From a874cecd750145beb4e7721f3fb3b90b352a5793 Mon Sep 17 00:00:00 2001
From: jakub-tldr <78603704+jakub-tldr@users.noreply.github.com>
Date: Wed, 26 Nov 2025 15:23:38 +0100
Subject: [PATCH 03/18] change ssh setup step
---
.github/workflows/release.yaml | 16 ++++++++++++----
1 file changed, 12 insertions(+), 4 deletions(-)
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index cb74dfab..6cd8c592 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -356,10 +356,18 @@ jobs:
run: |
useradd -m -G wheel -s /bin/bash builduser
echo 'builduser ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers
- - name: Setup SSH
- uses: webfactory/ssh-agent@v0.9.0
- with:
- ssh-private-key: ${{ secrets.AUR_SSH_KEY }}
+ - name: Set up SSH for AUR
+ run: |
+ mkdir -p ~/.ssh
+ echo "${{ secrets.AUR_SSH_KEY }}" > ~/.ssh/id_rsa
+ chmod 600 ~/.ssh/id_rsa
+
+ # AUR host key
+ ssh-keyscan aur.archlinux.org >> ~/.ssh/known_hosts
+
+ eval $(ssh-agent)
+ ssh-add ~/.ssh/id_rsa
+
- name: Checkout AUR repository
run: |
mkdir -p ~/.ssh
From 3a00d41d6e38f57c671b431183c881137fc79bfd Mon Sep 17 00:00:00 2001
From: jakub-tldr <78603704+jakub-tldr@users.noreply.github.com>
Date: Wed, 26 Nov 2025 15:32:00 +0100
Subject: [PATCH 04/18] fix job
---
.github/workflows/release.yaml | 5 -----
1 file changed, 5 deletions(-)
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 6cd8c592..384d771f 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -361,17 +361,12 @@ jobs:
mkdir -p ~/.ssh
echo "${{ secrets.AUR_SSH_KEY }}" > ~/.ssh/id_rsa
chmod 600 ~/.ssh/id_rsa
-
- # AUR host key
ssh-keyscan aur.archlinux.org >> ~/.ssh/known_hosts
-
eval $(ssh-agent)
ssh-add ~/.ssh/id_rsa
- name: Checkout AUR repository
run: |
- mkdir -p ~/.ssh
- ssh-keyscan -H aur.archlinux.org >> ~/.ssh/known_hosts
chmod 644 ~/.ssh/known_hosts
export GIT_SSH_COMMAND="ssh -o StrictHostKeyChecking=accept-new"
rm -rf aur-repo
From 6bc21314c16eb2f39c44d0745753cf4cea4588dc Mon Sep 17 00:00:00 2001
From: jakub-tldr <78603704+jakub-tldr@users.noreply.github.com>
Date: Wed, 26 Nov 2025 15:44:37 +0100
Subject: [PATCH 05/18] test 2
---
.github/workflows/release.yaml | 13 +++++--------
1 file changed, 5 insertions(+), 8 deletions(-)
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 384d771f..be7d90ba 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -356,19 +356,16 @@ jobs:
run: |
useradd -m -G wheel -s /bin/bash builduser
echo 'builduser ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers
- - name: Set up SSH for AUR
+ - name: Checkout AUR repository
run: |
mkdir -p ~/.ssh
echo "${{ secrets.AUR_SSH_KEY }}" > ~/.ssh/id_rsa
chmod 600 ~/.ssh/id_rsa
- ssh-keyscan aur.archlinux.org >> ~/.ssh/known_hosts
- eval $(ssh-agent)
- ssh-add ~/.ssh/id_rsa
-
- - name: Checkout AUR repository
- run: |
+ echo "Host aur.archlinux.org" > ~/.ssh/config
+ echo " StrictHostKeyChecking no" >> ~/.ssh/config
+
+ ssh-keyscan -H aur.archlinux.org >> ~/.ssh/known_hosts
chmod 644 ~/.ssh/known_hosts
- export GIT_SSH_COMMAND="ssh -o StrictHostKeyChecking=accept-new"
rm -rf aur-repo
git clone ssh://aur@aur.archlinux.org/defguard-client.git aur-repo
chown -R builduser:builduser aur-repo
From 5dd3ac7f37d635604890bc2bb818c637cae63a89 Mon Sep 17 00:00:00 2001
From: jakub-tldr <78603704+jakub-tldr@users.noreply.github.com>
Date: Wed, 26 Nov 2025 15:54:59 +0100
Subject: [PATCH 06/18] change job
---
.github/workflows/release.yaml | 16 ++++++++++++----
1 file changed, 12 insertions(+), 4 deletions(-)
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index be7d90ba..56c0bf32 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -361,13 +361,21 @@ jobs:
mkdir -p ~/.ssh
echo "${{ secrets.AUR_SSH_KEY }}" > ~/.ssh/id_rsa
chmod 600 ~/.ssh/id_rsa
- echo "Host aur.archlinux.org" > ~/.ssh/config
- echo " StrictHostKeyChecking no" >> ~/.ssh/config
+ # Create SSH config file
+ cat > ~/.ssh/config << EOF
+ Host aur.archlinux.org
+ IdentityFile ~/.ssh/id_rsa
+ User aur
+ StrictHostKeyChecking accept-new
+ EOF
+ chmod 600 ~/.ssh/config
+
ssh-keyscan -H aur.archlinux.org >> ~/.ssh/known_hosts
chmod 644 ~/.ssh/known_hosts
- rm -rf aur-repo
- git clone ssh://aur@aur.archlinux.org/defguard-client.git aur-repo
+ GIT_SSH_COMMAND="ssh -v -i ~/.ssh/id_rsa -o StrictHostKeyChecking=accept-new" \
+ git clone "ssh://aur@aur.archlinux.org/defguard-client.git" aur-repo
+
chown -R builduser:builduser aur-repo
- name: Update PKGBUILD version
run: |
From 436fc278ea5f33437c13576b8e13c7803b00361c Mon Sep 17 00:00:00 2001
From: jakub-tldr <78603704+jakub-tldr@users.noreply.github.com>
Date: Wed, 26 Nov 2025 15:57:38 +0100
Subject: [PATCH 07/18] merge steps into one
---
.github/workflows/release.yaml | 9 ++-------
1 file changed, 2 insertions(+), 7 deletions(-)
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 56c0bf32..f0c7fe52 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -356,7 +356,7 @@ jobs:
run: |
useradd -m -G wheel -s /bin/bash builduser
echo 'builduser ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers
- - name: Checkout AUR repository
+ - name: Update AUR Package
run: |
mkdir -p ~/.ssh
echo "${{ secrets.AUR_SSH_KEY }}" > ~/.ssh/id_rsa
@@ -377,8 +377,7 @@ jobs:
git clone "ssh://aur@aur.archlinux.org/defguard-client.git" aur-repo
chown -R builduser:builduser aur-repo
- - name: Update PKGBUILD version
- run: |
+
cd aur-repo
# VERSION=$(echo ${GITHUB_REF_NAME#v} | cut -d '-' -f1)
VERSION="1.5.2"
@@ -391,12 +390,8 @@ jobs:
echo "AMD64 DEB SHA256: $AMD64_SHA"
sed -i "s/^sha256sums_x86_64=.*/sha256sums_x86_64=('$AMD64_SHA')/" PKGBUILD
- - name: Update .SRCINFO
- run: |
cd aur-repo
sudo -u builduser makepkg --printsrcinfo > .SRCINFO
- - name: Commit and push changes
- run: |
cd aur-repo
chown -R builduser:builduser .
sudo -u builduser git config user.name "Defguard Build System"
From 5057541427af401bcacfdcbf132e0610096b8bb4 Mon Sep 17 00:00:00 2001
From: jakub-tldr <78603704+jakub-tldr@users.noreply.github.com>
Date: Wed, 26 Nov 2025 15:59:21 +0100
Subject: [PATCH 08/18] remove unnecessary "cd"
---
.github/workflows/release.yaml | 2 --
1 file changed, 2 deletions(-)
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index f0c7fe52..18bd4a14 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -390,9 +390,7 @@ jobs:
echo "AMD64 DEB SHA256: $AMD64_SHA"
sed -i "s/^sha256sums_x86_64=.*/sha256sums_x86_64=('$AMD64_SHA')/" PKGBUILD
- cd aur-repo
sudo -u builduser makepkg --printsrcinfo > .SRCINFO
- cd aur-repo
chown -R builduser:builduser .
sudo -u builduser git config user.name "Defguard Build System"
sudo -u builduser git config user.email "community@defguard.net"
From dae454469de6cf7e4757da704f6b79eb977dd29c Mon Sep 17 00:00:00 2001
From: jakub-tldr <78603704+jakub-tldr@users.noreply.github.com>
Date: Wed, 26 Nov 2025 16:04:22 +0100
Subject: [PATCH 09/18] add rm
---
.github/workflows/release.yaml | 1 +
1 file changed, 1 insertion(+)
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 18bd4a14..bd7c6bfd 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -373,6 +373,7 @@ jobs:
ssh-keyscan -H aur.archlinux.org >> ~/.ssh/known_hosts
chmod 644 ~/.ssh/known_hosts
+ rm -rf aur-repo || true
GIT_SSH_COMMAND="ssh -v -i ~/.ssh/id_rsa -o StrictHostKeyChecking=accept-new" \
git clone "ssh://aur@aur.archlinux.org/defguard-client.git" aur-repo
From c9536b65d248da4a2aa96d9a9b3a582cbab85647 Mon Sep 17 00:00:00 2001
From: jakub-tldr <78603704+jakub-tldr@users.noreply.github.com>
Date: Wed, 26 Nov 2025 16:19:13 +0100
Subject: [PATCH 10/18] change job
---
.github/workflows/release.yaml | 40 +++++++++++++++++++---------------
1 file changed, 23 insertions(+), 17 deletions(-)
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index bd7c6bfd..1a4c9f1b 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -352,15 +352,17 @@ jobs:
run: |
pacman -Syu --noconfirm
pacman -S --noconfirm git openssh base-devel
- - name: Create non-root user
- run: |
- useradd -m -G wheel -s /bin/bash builduser
- echo 'builduser ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers
- - name: Update AUR Package
+ # - name: Create non-root user
+ # run: |
+ # useradd -m -G wheel -s /bin/bash builduser
+ # echo 'builduser ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers
+ - name: Setup SSH for AUR
run: |
mkdir -p ~/.ssh
echo "${{ secrets.AUR_SSH_KEY }}" > ~/.ssh/id_rsa
chmod 600 ~/.ssh/id_rsa
+ ssh-keyscan aur.archlinux.org >> ~/.ssh/known_hosts
+ chmod 600 ~/.ssh/known_hosts
# Create SSH config file
cat > ~/.ssh/config << EOF
Host aur.archlinux.org
@@ -369,17 +371,18 @@ jobs:
StrictHostKeyChecking accept-new
EOF
chmod 600 ~/.ssh/config
-
+ - name: Update AUR Package
+ run: |
+
+ git config --global user.name "Defguard Build System"
+ git config --global user.email "community@defguard.net"
+ git config --global --add safe.directory '*'
- ssh-keyscan -H aur.archlinux.org >> ~/.ssh/known_hosts
- chmod 644 ~/.ssh/known_hosts
rm -rf aur-repo || true
GIT_SSH_COMMAND="ssh -v -i ~/.ssh/id_rsa -o StrictHostKeyChecking=accept-new" \
git clone "ssh://aur@aur.archlinux.org/defguard-client.git" aur-repo
-
- chown -R builduser:builduser aur-repo
-
cd aur-repo
+ git config --global --add safe.directory "$(pwd)"
# VERSION=$(echo ${GITHUB_REF_NAME#v} | cut -d '-' -f1)
VERSION="1.5.2"
@@ -391,13 +394,16 @@ jobs:
echo "AMD64 DEB SHA256: $AMD64_SHA"
sed -i "s/^sha256sums_x86_64=.*/sha256sums_x86_64=('$AMD64_SHA')/" PKGBUILD
- sudo -u builduser makepkg --printsrcinfo > .SRCINFO
+
+ useradd -m builduser
+ chown -R builder:builder .
+
+ sh builduser -c "makepkg --printsrcinfo" > .SRCINFO
chown -R builduser:builduser .
- sudo -u builduser git config user.name "Defguard Build System"
- sudo -u builduser git config user.email "community@defguard.net"
- sudo -u builduser git add PKGBUILD .SRCINFO
- sudo -u builduser git commit -m "Updated to $VERSION"
- sudo -u builduser git push
+
+ git add PKGBUILD .SRCINFO
+ git commit -m "Updated to $VERSION"
+ git push
cat PKGBUILD
cat .SRCINFO
From 7f3958730fa94fb1ed067a56ad72c5a49512e659 Mon Sep 17 00:00:00 2001
From: jakub-tldr <78603704+jakub-tldr@users.noreply.github.com>
Date: Wed, 26 Nov 2025 16:20:27 +0100
Subject: [PATCH 11/18] typo
---
.github/workflows/release.yaml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 1a4c9f1b..603c1824 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -396,7 +396,7 @@ jobs:
sed -i "s/^sha256sums_x86_64=.*/sha256sums_x86_64=('$AMD64_SHA')/" PKGBUILD
useradd -m builduser
- chown -R builder:builder .
+ chown -R builduser:builduser .
sh builduser -c "makepkg --printsrcinfo" > .SRCINFO
chown -R builduser:builduser .
From 1a27ac23dae9aa70417affd5f46ce309df5b4da6 Mon Sep 17 00:00:00 2001
From: jakub-tldr <78603704+jakub-tldr@users.noreply.github.com>
Date: Wed, 26 Nov 2025 16:23:28 +0100
Subject: [PATCH 12/18] remove chown
---
.github/workflows/release.yaml | 1 -
1 file changed, 1 deletion(-)
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 603c1824..ab3e29a4 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -399,7 +399,6 @@ jobs:
chown -R builduser:builduser .
sh builduser -c "makepkg --printsrcinfo" > .SRCINFO
- chown -R builduser:builduser .
git add PKGBUILD .SRCINFO
git commit -m "Updated to $VERSION"
From 29906ac157090891958a037edb1c6037912347a3 Mon Sep 17 00:00:00 2001
From: jakub-tldr <78603704+jakub-tldr@users.noreply.github.com>
Date: Wed, 26 Nov 2025 16:25:11 +0100
Subject: [PATCH 13/18] sh --> su
---
.github/workflows/release.yaml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index ab3e29a4..0b750ed2 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -398,7 +398,7 @@ jobs:
useradd -m builduser
chown -R builduser:builduser .
- sh builduser -c "makepkg --printsrcinfo" > .SRCINFO
+ su builduser -c "makepkg --printsrcinfo" > .SRCINFO
git add PKGBUILD .SRCINFO
git commit -m "Updated to $VERSION"
From 97c97a973dfd7221f982fad40ee02787c1b10c1b Mon Sep 17 00:00:00 2001
From: jakub-tldr <78603704+jakub-tldr@users.noreply.github.com>
Date: Wed, 26 Nov 2025 16:30:47 +0100
Subject: [PATCH 14/18] add git env before push
---
.github/workflows/release.yaml | 32 +++++++++++++++++++++++++++++++-
1 file changed, 31 insertions(+), 1 deletion(-)
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 0b750ed2..378a2dd9 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -399,7 +399,7 @@ jobs:
chown -R builduser:builduser .
su builduser -c "makepkg --printsrcinfo" > .SRCINFO
-
+ GIT_SSH_COMMAND="ssh -v -i ~/.ssh/id_rsa -o StrictHostKeyChecking=accept-new"
git add PKGBUILD .SRCINFO
git commit -m "Updated to $VERSION"
git push
@@ -487,3 +487,33 @@ jobs:
# asset_path: defguard-client-signed.msi
# asset_name: defguard-client_${{ env.VERSION }}_x64_en-US.msi
# asset_content_type: application/octet-stream
+client-reattached.exe
+ sign-bundle:
+ needs:
+ - create-release
+ - reattach-burn-engine
+ runs-on:
+ - self-hosted
+ - Linux
+ - X64
+ steps:
+ - name: Write release version
+ run: |
+ VERSION=$(echo ${GITHUB_REF_NAME#v} | cut -d '-' -f1)
+ echo Version: $VERSION
+ echo "VERSION=$VERSION" >> ${GITHUB_ENV}
+ - name: Download unsigned bundle & signed burn-engine
+ uses: actions/download-artifact@v4
+ with:
+ name: unsigned-bundle-with-reattached-signed-burn-engine
+ - name: Sign bundle
+ run: osslsigncode sign -pkcs11module /srv/codesign/certum/sc30pkcs11-3.0.6.71-MS.so -pkcs11cert ${{ secrets.CODESIGN_KEYID }} -key ${{ secrets.CODESIGN_KEYID }} -pass ${{ secrets.CODESIGN_PIN }} -h sha256 -t http://time.certum.pl/ -in defguard-client-reattached.exe -out defguard-client-signed.exe
+ - name: Upload installer asset
+ uses: actions/upload-release-asset@v1
+ env:
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ with:
+ upload_url: ${{ needs.create-release.outputs.upload_url }}
+ asset_path: defguard-client-signed.exe
+ asset_name: defguard-client_${{ env.VERSION }}_x64_en-US.exe
+ asset_content_type: application/octet-stream
From 3e80500c1fe566351e3abc9879e13a3bf9e71ce2 Mon Sep 17 00:00:00 2001
From: jakub-tldr <78603704+jakub-tldr@users.noreply.github.com>
Date: Wed, 26 Nov 2025 16:34:05 +0100
Subject: [PATCH 15/18] remove step
---
.github/workflows/release.yaml | 30 ------------------------------
1 file changed, 30 deletions(-)
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 378a2dd9..e557f6b1 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -487,33 +487,3 @@ jobs:
# asset_path: defguard-client-signed.msi
# asset_name: defguard-client_${{ env.VERSION }}_x64_en-US.msi
# asset_content_type: application/octet-stream
-client-reattached.exe
- sign-bundle:
- needs:
- - create-release
- - reattach-burn-engine
- runs-on:
- - self-hosted
- - Linux
- - X64
- steps:
- - name: Write release version
- run: |
- VERSION=$(echo ${GITHUB_REF_NAME#v} | cut -d '-' -f1)
- echo Version: $VERSION
- echo "VERSION=$VERSION" >> ${GITHUB_ENV}
- - name: Download unsigned bundle & signed burn-engine
- uses: actions/download-artifact@v4
- with:
- name: unsigned-bundle-with-reattached-signed-burn-engine
- - name: Sign bundle
- run: osslsigncode sign -pkcs11module /srv/codesign/certum/sc30pkcs11-3.0.6.71-MS.so -pkcs11cert ${{ secrets.CODESIGN_KEYID }} -key ${{ secrets.CODESIGN_KEYID }} -pass ${{ secrets.CODESIGN_PIN }} -h sha256 -t http://time.certum.pl/ -in defguard-client-reattached.exe -out defguard-client-signed.exe
- - name: Upload installer asset
- uses: actions/upload-release-asset@v1
- env:
- GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- with:
- upload_url: ${{ needs.create-release.outputs.upload_url }}
- asset_path: defguard-client-signed.exe
- asset_name: defguard-client_${{ env.VERSION }}_x64_en-US.exe
- asset_content_type: application/octet-stream
From e1bc33c2f67d8eeb0b00c44dd93d22209880c276 Mon Sep 17 00:00:00 2001
From: jakub-tldr <78603704+jakub-tldr@users.noreply.github.com>
Date: Wed, 26 Nov 2025 16:36:14 +0100
Subject: [PATCH 16/18] change order
---
.github/workflows/release.yaml | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index e557f6b1..3fcba815 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -399,10 +399,9 @@ jobs:
chown -R builduser:builduser .
su builduser -c "makepkg --printsrcinfo" > .SRCINFO
- GIT_SSH_COMMAND="ssh -v -i ~/.ssh/id_rsa -o StrictHostKeyChecking=accept-new"
git add PKGBUILD .SRCINFO
git commit -m "Updated to $VERSION"
- git push
+ GIT_SSH_COMMAND="ssh -v -i ~/.ssh/id_rsa -o StrictHostKeyChecking=accept-new" git push
cat PKGBUILD
cat .SRCINFO
From 1531299ec0c7845b0ffacfe4ce523f0d68cebaa2 Mon Sep 17 00:00:00 2001
From: jakub-tldr <78603704+jakub-tldr@users.noreply.github.com>
Date: Wed, 26 Nov 2025 16:40:35 +0100
Subject: [PATCH 17/18] ready to merge
---
.github/workflows/release.yaml | 808 ++++++++++++++++-----------------
1 file changed, 399 insertions(+), 409 deletions(-)
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 3fcba815..5d272b04 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -1,339 +1,337 @@
name: "Build app and create release"
on:
push:
- # tags:
- # - v*.*.*
- branches:
- - update_aur
+ tags:
+ - v*.*.*
jobs:
- # create-release:
- # name: create-release
- # runs-on: self-hosted
- # outputs:
- # upload_url: ${{ steps.release.outputs.upload_url }}
- # steps:
- # - name: Create GitHub release
- # id: release
- # uses: softprops/action-gh-release@v2
- # with:
- # draft: true
- # generate_release_notes: true
+ create-release:
+ name: create-release
+ runs-on: self-hosted
+ outputs:
+ upload_url: ${{ steps.release.outputs.upload_url }}
+ steps:
+ - name: Create GitHub release
+ id: release
+ uses: softprops/action-gh-release@v2
+ with:
+ draft: true
+ generate_release_notes: true
- # create-sbom:
- # needs: [create-release]
- # uses: ./.github/workflows/sbom.yml
- # with:
- # upload_url: ${{ needs.create-release.outputs.upload_url }}
- # ubuntu-22-04-build:
- # needs:
- # - create-release
- # runs-on:
- # - self-hosted
- # - Linux
- # - ${{ matrix.architecture }}
- # strategy:
- # fail-fast: false
- # matrix:
- # architecture: [ARM64, X64]
- # include:
- # - architecture: ARM64
- # deb_arch: arm64
- # binary_arch: aarch64
- # - architecture: X64
- # deb_arch: amd64
- # binary_arch: x86_64
- # container:
- # image: ubuntu:22.04
- # env:
- # DEBIAN_FRONTEND: noninteractive
- # HOME: /root
- # RUSTUP_HOME: /root/.rustup
- # CARGO_HOME: /root/.cargo
- # steps:
- # - name: git install
- # run: |
- # apt-get update
- # apt-get install -y git curl ca-certificates
- # git config --global --add safe.directory '*'
- # - uses: actions/checkout@v5
- # with:
- # submodules: "recursive"
- # - uses: pnpm/action-setup@v4
- # with:
- # version: 10.17
- # run_install: false
- # - uses: actions/setup-node@v5
- # with:
- # node-version: "24"
- # - name: Get pnpm store directory
- # run: |
- # echo "STORE_PATH=$(pnpm store path --silent)" >> ${GITHUB_ENV}
- # - name: Write release version
- # run: |
- # VERSION=$(echo ${GITHUB_REF_NAME#v} | cut -d '-' -f1)
- # echo Version: $VERSION
- # echo "VERSION=$VERSION" >> ${GITHUB_ENV}
- # - uses: actions/cache@v4
- # name: Setup pnpm cache
- # with:
- # path: ${{ env.STORE_PATH }}
- # key: ${{ runner.os }}-pnpm-build-store-${{ hashFiles('**/pnpm-lock.yaml') }}
- # restore-keys: |
- # ${{ runner.os }}-pnpm-build-store-
- # - name: Install Node dependencies
- # run: pnpm install --frozen-lockfile
- # - uses: dtolnay/rust-toolchain@stable
- # - name: Install dependencies
- # run: |
- # apt-get install -y build-essential libgtk-3-dev libwebkit2gtk-4.1-dev libayatana-appindicator3-dev librsvg2-dev patchelf libssl-dev libxdo-dev unzip protobuf-compiler libprotobuf-dev rpm
- # - name: Build packages
- # uses: tauri-apps/tauri-action@v0.5.23
- # env:
- # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- # with:
- # args: "--bundles deb"
- # - name: Upload DEB
- # uses: actions/upload-release-asset@v1
- # env:
- # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- # with:
- # upload_url: ${{ needs.create-release.outputs.upload_url }}
- # asset_path: src-tauri/target/release/bundle/deb/defguard-client_${{ env.VERSION }}_${{ matrix.deb_arch }}.deb
- # asset_name: defguard-client_${{ env.VERSION }}_${{ matrix.deb_arch }}_ubuntu-22-04-lts.deb
- # asset_content_type: application/octet-stream
- # - name: Install ruby with deb-s3
- # if: matrix.build != 'freebsd'
- # run: |
- # apt-get install -y ruby
- # gem install deb-s3
- # echo "$(ruby -r rubygems -e 'puts Gem.user_dir')/bin" >> $GITHUB_PATH
- # - name: Upload DEB to APT repository
- # run: |
- # COMPONENT=$([[ "${{ github.ref_name }}" == *"-"* ]] && echo "pre-release" || echo "release") # if tag contain "-" assume it's pre-release.
+ create-sbom:
+ needs: [create-release]
+ uses: ./.github/workflows/sbom.yml
+ with:
+ upload_url: ${{ needs.create-release.outputs.upload_url }}
+ ubuntu-22-04-build:
+ needs:
+ - create-release
+ runs-on:
+ - self-hosted
+ - Linux
+ - ${{ matrix.architecture }}
+ strategy:
+ fail-fast: false
+ matrix:
+ architecture: [ARM64, X64]
+ include:
+ - architecture: ARM64
+ deb_arch: arm64
+ binary_arch: aarch64
+ - architecture: X64
+ deb_arch: amd64
+ binary_arch: x86_64
+ container:
+ image: ubuntu:22.04
+ env:
+ DEBIAN_FRONTEND: noninteractive
+ HOME: /root
+ RUSTUP_HOME: /root/.rustup
+ CARGO_HOME: /root/.cargo
+ steps:
+ - name: git install
+ run: |
+ apt-get update
+ apt-get install -y git curl ca-certificates
+ git config --global --add safe.directory '*'
+ - uses: actions/checkout@v5
+ with:
+ submodules: "recursive"
+ - uses: pnpm/action-setup@v4
+ with:
+ version: 10.17
+ run_install: false
+ - uses: actions/setup-node@v5
+ with:
+ node-version: "24"
+ - name: Get pnpm store directory
+ run: |
+ echo "STORE_PATH=$(pnpm store path --silent)" >> ${GITHUB_ENV}
+ - name: Write release version
+ run: |
+ VERSION=$(echo ${GITHUB_REF_NAME#v} | cut -d '-' -f1)
+ echo Version: $VERSION
+ echo "VERSION=$VERSION" >> ${GITHUB_ENV}
+ - uses: actions/cache@v4
+ name: Setup pnpm cache
+ with:
+ path: ${{ env.STORE_PATH }}
+ key: ${{ runner.os }}-pnpm-build-store-${{ hashFiles('**/pnpm-lock.yaml') }}
+ restore-keys: |
+ ${{ runner.os }}-pnpm-build-store-
+ - name: Install Node dependencies
+ run: pnpm install --frozen-lockfile
+ - uses: dtolnay/rust-toolchain@stable
+ - name: Install dependencies
+ run: |
+ apt-get install -y build-essential libgtk-3-dev libwebkit2gtk-4.1-dev libayatana-appindicator3-dev librsvg2-dev patchelf libssl-dev libxdo-dev unzip protobuf-compiler libprotobuf-dev rpm
+ - name: Build packages
+ uses: tauri-apps/tauri-action@v0.5.23
+ env:
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ with:
+ args: "--bundles deb"
+ - name: Upload DEB
+ uses: actions/upload-release-asset@v1
+ env:
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ with:
+ upload_url: ${{ needs.create-release.outputs.upload_url }}
+ asset_path: src-tauri/target/release/bundle/deb/defguard-client_${{ env.VERSION }}_${{ matrix.deb_arch }}.deb
+ asset_name: defguard-client_${{ env.VERSION }}_${{ matrix.deb_arch }}_ubuntu-22-04-lts.deb
+ asset_content_type: application/octet-stream
+ - name: Install ruby with deb-s3
+ if: matrix.build != 'freebsd'
+ run: |
+ apt-get install -y ruby
+ gem install deb-s3
+ echo "$(ruby -r rubygems -e 'puts Gem.user_dir')/bin" >> $GITHUB_PATH
+ - name: Upload DEB to APT repository
+ run: |
+ COMPONENT=$([[ "${{ github.ref_name }}" == *"-"* ]] && echo "pre-release" || echo "release") # if tag contain "-" assume it's pre-release.
- # deb-s3 upload -l --bucket=apt.defguard.net --access-key-id=${{ secrets.AWS_ACCESS_KEY_APT }} --secret-access-key=${{ secrets.AWS_SECRET_KEY_APT }} --s3-region=eu-north-1 --no-fail-if-exists --codename=bookworm --component="$COMPONENT" src-tauri/target/release/bundle/deb/defguard-client_${{ env.VERSION }}_${{ matrix.deb_arch }}.deb
+ deb-s3 upload -l --bucket=apt.defguard.net --access-key-id=${{ secrets.AWS_ACCESS_KEY_APT }} --secret-access-key=${{ secrets.AWS_SECRET_KEY_APT }} --s3-region=eu-north-1 --no-fail-if-exists --codename=bookworm --component="$COMPONENT" src-tauri/target/release/bundle/deb/defguard-client_${{ env.VERSION }}_${{ matrix.deb_arch }}.deb
- # build-linux:
- # needs:
- # - create-release
- # outputs:
- # deb_sha256_amd64: ${{ steps.calculate-sha256.outputs.deb_sha256_amd64 }}
- # runs-on:
- # - self-hosted
- # - Linux
- # - ${{ matrix.architecture }}
- # strategy:
- # fail-fast: false
- # matrix:
- # architecture: [ARM64, X64]
- # include:
- # - architecture: ARM64
- # deb_arch: arm64
- # binary_arch: aarch64
- # - architecture: X64
- # deb_arch: amd64
- # binary_arch: x86_64
- # steps:
- # - uses: actions/checkout@v5
- # with:
- # submodules: "recursive"
- # - name: Write release version
- # run: |
- # VERSION=$(echo ${GITHUB_REF_NAME#v} | cut -d '-' -f1)
- # echo Version: $VERSION
- # echo "VERSION=$VERSION" >> ${GITHUB_ENV}
- # - uses: actions/setup-node@v5
- # with:
- # node-version: "24"
- # - uses: pnpm/action-setup@v4
- # with:
- # version: 10.17
- # run_install: false
- # - name: Get pnpm store directory
- # shell: bash
- # run: |
- # echo "STORE_PATH=$(pnpm store path --silent)" >> ${GITHUB_ENV}
- # - uses: actions/cache@v4
- # name: Setup pnpm cache
- # with:
- # path: ${{ env.STORE_PATH }}
- # key: ${{ runner.os }}-pnpm-build-store-${{ hashFiles('**/pnpm-lock.yaml') }}
- # restore-keys: |
- # ${{ runner.os }}-pnpm-build-store-
- # - name: Install Node dependencies
- # run: pnpm install --frozen-lockfile
- # - uses: dtolnay/rust-toolchain@stable
- # - name: Install Linux dependencies
- # run: |
- # sudo apt-get update
- # sudo apt-get install -y libgtk-3-dev libwebkit2gtk-4.1-dev libayatana-appindicator3-dev librsvg2-dev patchelf libssl-dev libxdo-dev unzip protobuf-compiler libprotobuf-dev rpm
- # - name: Build packages
- # uses: tauri-apps/tauri-action@v0.5.23 # .24 seems broken, TODO: update when fixed
- # env:
- # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- # with:
- # args: "--bundles deb,rpm"
- # - name: Calculate DEB SHA256
- # id: calculate-sha256
- # if: matrix.deb_arch == 'amd64'
- # run: |
- # DEB_FILE="src-tauri/target/release/bundle/deb/defguard-client_${{ env.VERSION }}_${{ matrix.deb_arch }}.deb"
- # DEB_SHA256=$(sha256sum "$DEB_FILE" | cut -d ' ' -f1)
- # echo "DEB SHA256: $DEB_SHA256"
- # echo "DEB_SHA256=$DEB_SHA256" >> ${GITHUB_ENV}
- # echo "deb_sha256_${{ matrix.deb_arch }}=$DEB_SHA256" >> ${GITHUB_OUTPUT}
- # - name: Upload RPM
- # uses: actions/upload-release-asset@v1
- # env:
- # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- # with:
- # upload_url: ${{ needs.create-release.outputs.upload_url }}
- # asset_path: src-tauri/target/release/bundle/rpm/defguard-client-${{ env.VERSION }}-1.${{ matrix.binary_arch }}.rpm
- # asset_name: defguard-client-${{ env.VERSION }}-1.${{ matrix.binary_arch }}.rpm
- # asset_content_type: application/octet-stream
- # - name: Upload DEB
- # uses: actions/upload-release-asset@v1
- # env:
- # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- # with:
- # upload_url: ${{ needs.create-release.outputs.upload_url }}
- # asset_path: src-tauri/target/release/bundle/deb/defguard-client_${{ env.VERSION }}_${{ matrix.deb_arch }}.deb
- # asset_name: defguard-client_${{ env.VERSION }}_${{ matrix.deb_arch }}.deb
- # asset_content_type: application/octet-stream
- # - name: Install ruby with deb-s3
- # if: matrix.build != 'freebsd'
- # run: |
- # sudo apt-get install -y ruby
- # gem install deb-s3
- # echo "$(ruby -r rubygems -e 'puts Gem.user_dir')/bin" >> $GITHUB_PATH
- # - name: Upload DEB to APT repository #Add this to ubuntu 22.04 job (on merge dev -> main) with --codename=bookworm
- # run: |
- # COMPONENT=$([[ "${{ github.ref_name }}" == *"-"* ]] && echo "pre-release" || echo "release") # if tag contain "-" assume it's pre-release.
- # deb-s3 upload -l --bucket=apt.defguard.net --access-key-id=${{ secrets.AWS_ACCESS_KEY_APT }} --secret-access-key=${{ secrets.AWS_SECRET_KEY_APT }} --s3-region=eu-north-1 --no-fail-if-exists --codename=trixie --component="$COMPONENT" src-tauri/target/release/bundle/deb/defguard-client_${{ env.VERSION }}_${{ matrix.deb_arch }}.deb
- # - name: Rename client binary
- # run: mv src-tauri/target/release/defguard-client defguard-client-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}
- # - name: Tar client binary
- # uses: a7ul/tar-action@v1.2.0
- # with:
- # command: c
- # files: |
- # defguard-client-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}
- # outPath: defguard-client-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.tar.gz
- # - name: Upload client archive
- # uses: actions/upload-release-asset@v1
- # env:
- # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- # with:
- # upload_url: ${{ needs.create-release.outputs.upload_url }}
- # asset_path: defguard-client-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.tar.gz
- # asset_name: defguard-client-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.tar.gz
- # asset_content_type: application/octet-stream
- # - name: Rename daemon binary
- # run: mv src-tauri/target/release/defguard-service defguard-service-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}
- # - name: Tar daemon binary
- # uses: a7ul/tar-action@v1.2.0
- # with:
- # command: c
- # files: |
- # defguard-service-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}
- # outPath: defguard-service-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.tar.gz
- # - name: Upload daemon archive
- # uses: actions/upload-release-asset@v1
- # env:
- # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- # with:
- # upload_url: ${{ needs.create-release.outputs.upload_url }}
- # asset_path: defguard-service-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.tar.gz
- # asset_name: defguard-service-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.tar.gz
- # asset_content_type: application/octet-stream
+ build-linux:
+ needs:
+ - create-release
+ outputs:
+ deb_sha256_amd64: ${{ steps.calculate-sha256.outputs.deb_sha256_amd64 }}
+ runs-on:
+ - self-hosted
+ - Linux
+ - ${{ matrix.architecture }}
+ strategy:
+ fail-fast: false
+ matrix:
+ architecture: [ARM64, X64]
+ include:
+ - architecture: ARM64
+ deb_arch: arm64
+ binary_arch: aarch64
+ - architecture: X64
+ deb_arch: amd64
+ binary_arch: x86_64
+ steps:
+ - uses: actions/checkout@v5
+ with:
+ submodules: "recursive"
+ - name: Write release version
+ run: |
+ VERSION=$(echo ${GITHUB_REF_NAME#v} | cut -d '-' -f1)
+ echo Version: $VERSION
+ echo "VERSION=$VERSION" >> ${GITHUB_ENV}
+ - uses: actions/setup-node@v5
+ with:
+ node-version: "24"
+ - uses: pnpm/action-setup@v4
+ with:
+ version: 10.17
+ run_install: false
+ - name: Get pnpm store directory
+ shell: bash
+ run: |
+ echo "STORE_PATH=$(pnpm store path --silent)" >> ${GITHUB_ENV}
+ - uses: actions/cache@v4
+ name: Setup pnpm cache
+ with:
+ path: ${{ env.STORE_PATH }}
+ key: ${{ runner.os }}-pnpm-build-store-${{ hashFiles('**/pnpm-lock.yaml') }}
+ restore-keys: |
+ ${{ runner.os }}-pnpm-build-store-
+ - name: Install Node dependencies
+ run: pnpm install --frozen-lockfile
+ - uses: dtolnay/rust-toolchain@stable
+ - name: Install Linux dependencies
+ run: |
+ sudo apt-get update
+ sudo apt-get install -y libgtk-3-dev libwebkit2gtk-4.1-dev libayatana-appindicator3-dev librsvg2-dev patchelf libssl-dev libxdo-dev unzip protobuf-compiler libprotobuf-dev rpm
+ - name: Build packages
+ uses: tauri-apps/tauri-action@v0.5.23 # .24 seems broken, TODO: update when fixed
+ env:
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ with:
+ args: "--bundles deb,rpm"
+ - name: Calculate DEB SHA256
+ id: calculate-sha256
+ if: matrix.deb_arch == 'amd64'
+ run: |
+ DEB_FILE="src-tauri/target/release/bundle/deb/defguard-client_${{ env.VERSION }}_${{ matrix.deb_arch }}.deb"
+ DEB_SHA256=$(sha256sum "$DEB_FILE" | cut -d ' ' -f1)
+ echo "DEB SHA256: $DEB_SHA256"
+ echo "DEB_SHA256=$DEB_SHA256" >> ${GITHUB_ENV}
+ echo "deb_sha256_${{ matrix.deb_arch }}=$DEB_SHA256" >> ${GITHUB_OUTPUT}
+ - name: Upload RPM
+ uses: actions/upload-release-asset@v1
+ env:
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ with:
+ upload_url: ${{ needs.create-release.outputs.upload_url }}
+ asset_path: src-tauri/target/release/bundle/rpm/defguard-client-${{ env.VERSION }}-1.${{ matrix.binary_arch }}.rpm
+ asset_name: defguard-client-${{ env.VERSION }}-1.${{ matrix.binary_arch }}.rpm
+ asset_content_type: application/octet-stream
+ - name: Upload DEB
+ uses: actions/upload-release-asset@v1
+ env:
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ with:
+ upload_url: ${{ needs.create-release.outputs.upload_url }}
+ asset_path: src-tauri/target/release/bundle/deb/defguard-client_${{ env.VERSION }}_${{ matrix.deb_arch }}.deb
+ asset_name: defguard-client_${{ env.VERSION }}_${{ matrix.deb_arch }}.deb
+ asset_content_type: application/octet-stream
+ - name: Install ruby with deb-s3
+ if: matrix.build != 'freebsd'
+ run: |
+ sudo apt-get install -y ruby
+ gem install deb-s3
+ echo "$(ruby -r rubygems -e 'puts Gem.user_dir')/bin" >> $GITHUB_PATH
+ - name: Upload DEB to APT repository #Add this to ubuntu 22.04 job (on merge dev -> main) with --codename=bookworm
+ run: |
+ COMPONENT=$([[ "${{ github.ref_name }}" == *"-"* ]] && echo "pre-release" || echo "release") # if tag contain "-" assume it's pre-release.
+ deb-s3 upload -l --bucket=apt.defguard.net --access-key-id=${{ secrets.AWS_ACCESS_KEY_APT }} --secret-access-key=${{ secrets.AWS_SECRET_KEY_APT }} --s3-region=eu-north-1 --no-fail-if-exists --codename=trixie --component="$COMPONENT" src-tauri/target/release/bundle/deb/defguard-client_${{ env.VERSION }}_${{ matrix.deb_arch }}.deb
+ - name: Rename client binary
+ run: mv src-tauri/target/release/defguard-client defguard-client-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}
+ - name: Tar client binary
+ uses: a7ul/tar-action@v1.2.0
+ with:
+ command: c
+ files: |
+ defguard-client-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}
+ outPath: defguard-client-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.tar.gz
+ - name: Upload client archive
+ uses: actions/upload-release-asset@v1
+ env:
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ with:
+ upload_url: ${{ needs.create-release.outputs.upload_url }}
+ asset_path: defguard-client-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.tar.gz
+ asset_name: defguard-client-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.tar.gz
+ asset_content_type: application/octet-stream
+ - name: Rename daemon binary
+ run: mv src-tauri/target/release/defguard-service defguard-service-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}
+ - name: Tar daemon binary
+ uses: a7ul/tar-action@v1.2.0
+ with:
+ command: c
+ files: |
+ defguard-service-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}
+ outPath: defguard-service-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.tar.gz
+ - name: Upload daemon archive
+ uses: actions/upload-release-asset@v1
+ env:
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ with:
+ upload_url: ${{ needs.create-release.outputs.upload_url }}
+ asset_path: defguard-service-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.tar.gz
+ asset_name: defguard-service-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.tar.gz
+ asset_content_type: application/octet-stream
- # - name: Rename dg binary
- # run: mv src-tauri/target/release/dg dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}
- # - name: Tar dg binary
- # uses: a7ul/tar-action@v1.2.0
- # with:
- # command: c
- # files: |
- # dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}
- # outPath: dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.tar.gz
- # - name: Upload dg archive
- # uses: actions/upload-release-asset@v1
- # env:
- # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- # with:
- # upload_url: ${{ needs.create-release.outputs.upload_url }}
- # asset_path: dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.tar.gz
- # asset_name: dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.tar.gz
- # asset_content_type: application/octet-stream
- # - name: Build dg deb
- # uses: defGuard/fpm-action@main
- # with:
- # fpm_args: "dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}=/usr/sbin/dg dg.service=/usr/lib/systemd/system/dg.service src-tauri/cli/.env=/etc/defguard/dg.conf"
- # fpm_opts: "--architecture ${{ matrix.binary_arch }} --debug --output-type deb --version ${{ env.VERSION }} --package dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.deb"
- # - name: Upload DEB
- # uses: actions/upload-release-asset@v1.0.2
- # env:
- # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- # with:
- # upload_url: ${{ needs.create-release.outputs.upload_url }}
- # asset_path: dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.deb
- # asset_name: dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.deb
- # asset_content_type: application/octet-stream
- # - name: Build dg rpm
- # uses: defGuard/fpm-action@main
- # with:
- # fpm_args: "dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}=/usr/sbin/dg dg.service=/usr/lib/systemd/system/dg.service src-tauri/cli/.env=/etc/defguard/dg.conf"
- # fpm_opts: "--architecture ${{ matrix.binary_arch }} --debug --output-type rpm --version ${{ env.VERSION }} --package dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.rpm"
- # - name: Upload RPM
- # uses: actions/upload-release-asset@v1.0.2
- # env:
- # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- # with:
- # upload_url: ${{ needs.create-release.outputs.upload_url }}
- # asset_path: dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.rpm
- # asset_name: dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.rpm
- # asset_content_type: application/octet-stream
+ - name: Rename dg binary
+ run: mv src-tauri/target/release/dg dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}
+ - name: Tar dg binary
+ uses: a7ul/tar-action@v1.2.0
+ with:
+ command: c
+ files: |
+ dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}
+ outPath: dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.tar.gz
+ - name: Upload dg archive
+ uses: actions/upload-release-asset@v1
+ env:
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ with:
+ upload_url: ${{ needs.create-release.outputs.upload_url }}
+ asset_path: dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.tar.gz
+ asset_name: dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.tar.gz
+ asset_content_type: application/octet-stream
+ - name: Build dg deb
+ uses: defGuard/fpm-action@main
+ with:
+ fpm_args: "dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}=/usr/sbin/dg dg.service=/usr/lib/systemd/system/dg.service src-tauri/cli/.env=/etc/defguard/dg.conf"
+ fpm_opts: "--architecture ${{ matrix.binary_arch }} --debug --output-type deb --version ${{ env.VERSION }} --package dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.deb"
+ - name: Upload DEB
+ uses: actions/upload-release-asset@v1.0.2
+ env:
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ with:
+ upload_url: ${{ needs.create-release.outputs.upload_url }}
+ asset_path: dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.deb
+ asset_name: dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.deb
+ asset_content_type: application/octet-stream
+ - name: Build dg rpm
+ uses: defGuard/fpm-action@main
+ with:
+ fpm_args: "dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}=/usr/sbin/dg dg.service=/usr/lib/systemd/system/dg.service src-tauri/cli/.env=/etc/defguard/dg.conf"
+ fpm_opts: "--architecture ${{ matrix.binary_arch }} --debug --output-type rpm --version ${{ env.VERSION }} --package dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.rpm"
+ - name: Upload RPM
+ uses: actions/upload-release-asset@v1.0.2
+ env:
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ with:
+ upload_url: ${{ needs.create-release.outputs.upload_url }}
+ asset_path: dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.rpm
+ asset_name: dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.rpm
+ asset_content_type: application/octet-stream
- # apt-sign:
- # needs: #Add needs: -ubuntu-22-04-build (on merge dev -> main)
- # - build-linux
- # runs-on:
- # - self-hosted
- # - Linux
- # - X64
- # steps:
- # - name: Sign APT repository
- # run: |
- # export AWS_ACCESS_KEY_ID=${{ secrets.AWS_ACCESS_KEY_APT }}
- # export AWS_SECRET_ACCESS_KEY=${{ secrets.AWS_SECRET_KEY_APT }}
- # export AWS_REGION=eu-north-1
- # sudo apt update -y
- # sudo apt install -y awscli curl jq
+ apt-sign:
+ needs: #Add needs: -ubuntu-22-04-build (on merge dev -> main)
+ - build-linux
+ runs-on:
+ - self-hosted
+ - Linux
+ - X64
+ steps:
+ - name: Sign APT repository
+ run: |
+ export AWS_ACCESS_KEY_ID=${{ secrets.AWS_ACCESS_KEY_APT }}
+ export AWS_SECRET_ACCESS_KEY=${{ secrets.AWS_SECRET_KEY_APT }}
+ export AWS_REGION=eu-north-1
+ sudo apt update -y
+ sudo apt install -y awscli curl jq
- # for DIST in trixie bookworm; do
- # aws s3 cp s3://apt.defguard.net/dists/${DIST}/Release .
+ for DIST in trixie bookworm; do
+ aws s3 cp s3://apt.defguard.net/dists/${DIST}/Release .
- # curl -X POST "${{ secrets.DEFGUARD_SIGNING_URL }}?signature_type=both" \
- # -H "Authorization: Bearer ${{ secrets.DEFGUARD_SIGNING_API_KEY }}" \
- # -F "file=@Release" \
- # -o response.json
+ curl -X POST "${{ secrets.DEFGUARD_SIGNING_URL }}?signature_type=both" \
+ -H "Authorization: Bearer ${{ secrets.DEFGUARD_SIGNING_API_KEY }}" \
+ -F "file=@Release" \
+ -o response.json
- # cat response.json | jq -r '.files["Release.gpg"].content' | base64 --decode > Release.gpg
- # cat response.json | jq -r '.files.Release.content' | base64 --decode > InRelease
+ cat response.json | jq -r '.files["Release.gpg"].content' | base64 --decode > Release.gpg
+ cat response.json | jq -r '.files.Release.content' | base64 --decode > InRelease
- # aws s3 cp Release.gpg s3://apt.defguard.net/dists/${DIST}/ --acl public-read
- # aws s3 cp InRelease s3://apt.defguard.net/dists/${DIST}/ --acl public-read
+ aws s3 cp Release.gpg s3://apt.defguard.net/dists/${DIST}/ --acl public-read
+ aws s3 cp InRelease s3://apt.defguard.net/dists/${DIST}/ --acl public-read
- # done
- # (aws s3 ls s3://apt.defguard.net/dists/ --recursive; aws s3 ls s3://apt.defguard.net/pool/ --recursive) | awk '{print ""$4"
"}' > index.html
- # aws s3 cp index.html s3://apt.defguard.net/ --acl public-read
+ done
+ (aws s3 ls s3://apt.defguard.net/dists/ --recursive; aws s3 ls s3://apt.defguard.net/pool/ --recursive) | awk '{print ""$4"
"}' > index.html
+ aws s3 cp index.html s3://apt.defguard.net/ --acl public-read
update-aur:
- # needs:
- # - create-release
- # - build-linux
- # if: "!contains(github.ref_name, '-')"
+ needs:
+ - create-release
+ - build-linux
+ if: "!contains(github.ref_name, '-')"
runs-on:
- self-hosted
- Linux
@@ -352,10 +350,6 @@ jobs:
run: |
pacman -Syu --noconfirm
pacman -S --noconfirm git openssh base-devel
- # - name: Create non-root user
- # run: |
- # useradd -m -G wheel -s /bin/bash builduser
- # echo 'builduser ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers
- name: Setup SSH for AUR
run: |
mkdir -p ~/.ssh
@@ -383,15 +377,11 @@ jobs:
git clone "ssh://aur@aur.archlinux.org/defguard-client.git" aur-repo
cd aur-repo
git config --global --add safe.directory "$(pwd)"
- # VERSION=$(echo ${GITHUB_REF_NAME#v} | cut -d '-' -f1)
- VERSION="1.5.2"
-
+ VERSION=$(echo ${GITHUB_REF_NAME#v} | cut -d '-' -f1)
echo "Updating to version: $VERSION"
sed -i "s/^pkgver=.*/pkgver=$VERSION/" PKGBUILD
- # AMD64_SHA="${{ needs.build-linux.outputs.deb_sha256_amd64 }}"
- AMD64_SHA="7d9bc8974e6d9f0946167267cd9f84589b9766a706d50a77777fdfe013011269"
-
+ AMD64_SHA="${{ needs.build-linux.outputs.deb_sha256_amd64 }}"
echo "AMD64 DEB SHA256: $AMD64_SHA"
sed -i "s/^sha256sums_x86_64=.*/sha256sums_x86_64=('$AMD64_SHA')/" PKGBUILD
@@ -405,84 +395,84 @@ jobs:
cat PKGBUILD
cat .SRCINFO
- # Builds Windows MSI and uploads it as artifact
- # build-windows:
- # needs:
- # - create-release
- # runs-on: windows-latest
- # steps:
- # - uses: actions/checkout@v5
- # with:
- # submodules: "recursive"
- # - name: Write release version
- # run: |
- # $env:VERSION=echo ($env:GITHUB_REF_NAME.Substring(1) -Split "-")[0]
- # echo Version: $env:VERSION
- # echo "VERSION=$env:VERSION" >> $env:GITHUB_ENV
- # - uses: actions/setup-node@v6
- # with:
- # node-version: "22"
- # - uses: pnpm/action-setup@v4
- # with:
- # version: 10
- # run_install: false
- # - name: Get pnpm store directory
- # shell: bash
- # run: echo "STORE_PATH=$(pnpm store path --silent)" >> ${GITHUB_ENV}
- # - uses: actions/cache@v4
- # name: Setup pnpm cache
- # with:
- # path: ${{ env.STORE_PATH }}
- # key: ${{ runner.os }}-pnpm-build-store-${{ hashFiles('**/pnpm-lock.yaml') }}
- # restore-keys: |
- # ${{ runner.os }}-pnpm-build-store-
- # - name: Install deps
- # run: pnpm install --frozen-lockfile
- # - uses: dtolnay/rust-toolchain@stable
- # - name: Install Protoc
- # uses: arduino/setup-protoc@v3
- # with:
- # repo-token: ${{ secrets.GITHUB_TOKEN }}
- # - name: Remove "default-run" line from Cargo.toml
- # run: |
- # Set-Content -Path ".\src-tauri\Cargo.toml" -Value (get-content -Path ".\src-tauri\Cargo.toml" | Select-String -Pattern 'default-run =' -NotMatch)
- # - name: Build packages
- # uses: tauri-apps/tauri-action@v0.5.23 # .24 seems broken, TODO: update when fixed
- # env:
- # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- # - name: Upload unsigned bundle
- # uses: actions/upload-artifact@v4
- # with:
- # name: unsigned-bundle
- # path: src-tauri/target/release/bundle/msi/defguard-client_${{ env.VERSION }}_x64_en-US.msi
+ Builds Windows MSI and uploads it as artifact
+ build-windows:
+ needs:
+ - create-release
+ runs-on: windows-latest
+ steps:
+ - uses: actions/checkout@v5
+ with:
+ submodules: "recursive"
+ - name: Write release version
+ run: |
+ $env:VERSION=echo ($env:GITHUB_REF_NAME.Substring(1) -Split "-")[0]
+ echo Version: $env:VERSION
+ echo "VERSION=$env:VERSION" >> $env:GITHUB_ENV
+ - uses: actions/setup-node@v6
+ with:
+ node-version: "22"
+ - uses: pnpm/action-setup@v4
+ with:
+ version: 10
+ run_install: false
+ - name: Get pnpm store directory
+ shell: bash
+ run: echo "STORE_PATH=$(pnpm store path --silent)" >> ${GITHUB_ENV}
+ - uses: actions/cache@v4
+ name: Setup pnpm cache
+ with:
+ path: ${{ env.STORE_PATH }}
+ key: ${{ runner.os }}-pnpm-build-store-${{ hashFiles('**/pnpm-lock.yaml') }}
+ restore-keys: |
+ ${{ runner.os }}-pnpm-build-store-
+ - name: Install deps
+ run: pnpm install --frozen-lockfile
+ - uses: dtolnay/rust-toolchain@stable
+ - name: Install Protoc
+ uses: arduino/setup-protoc@v3
+ with:
+ repo-token: ${{ secrets.GITHUB_TOKEN }}
+ - name: Remove "default-run" line from Cargo.toml
+ run: |
+ Set-Content -Path ".\src-tauri\Cargo.toml" -Value (get-content -Path ".\src-tauri\Cargo.toml" | Select-String -Pattern 'default-run =' -NotMatch)
+ - name: Build packages
+ uses: tauri-apps/tauri-action@v0.5.23 # .24 seems broken, TODO: update when fixed
+ env:
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ - name: Upload unsigned bundle
+ uses: actions/upload-artifact@v4
+ with:
+ name: unsigned-bundle
+ path: src-tauri/target/release/bundle/msi/defguard-client_${{ env.VERSION }}_x64_en-US.msi
- # # Signs the MSI and uploads it as release asset
- # sign-bundle:
- # needs:
- # - create-release
- # - build-windows
- # runs-on:
- # - self-hosted
- # - Linux
- # - X64
- # steps:
- # - name: Write release version
- # run: |
- # VERSION=$(echo ${GITHUB_REF_NAME#v} | cut -d '-' -f1)
- # echo Version: $VERSION
- # echo "VERSION=$VERSION" >> ${GITHUB_ENV}
- # - name: Download unsigned bundle
- # uses: actions/download-artifact@v4
- # with:
- # name: unsigned-bundle
- # - name: Sign bundle
- # run: osslsigncode sign -pkcs11module /srv/codesign/certum/sc30pkcs11-3.0.6.71-MS.so -pkcs11cert ${{ secrets.CODESIGN_KEYID }} -key ${{ secrets.CODESIGN_KEYID }} -pass ${{ secrets.CODESIGN_PIN }} -h sha256 -t http://time.certum.pl/ -in defguard-client_${{ env.VERSION }}_x64_en-US.msi -out defguard-client-signed.msi
- # - name: Upload installer asset
- # uses: actions/upload-release-asset@v1
- # env:
- # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- # with:
- # upload_url: ${{ needs.create-release.outputs.upload_url }}
- # asset_path: defguard-client-signed.msi
- # asset_name: defguard-client_${{ env.VERSION }}_x64_en-US.msi
- # asset_content_type: application/octet-stream
+ # Signs the MSI and uploads it as release asset
+ sign-bundle:
+ needs:
+ - create-release
+ - build-windows
+ runs-on:
+ - self-hosted
+ - Linux
+ - X64
+ steps:
+ - name: Write release version
+ run: |
+ VERSION=$(echo ${GITHUB_REF_NAME#v} | cut -d '-' -f1)
+ echo Version: $VERSION
+ echo "VERSION=$VERSION" >> ${GITHUB_ENV}
+ - name: Download unsigned bundle
+ uses: actions/download-artifact@v4
+ with:
+ name: unsigned-bundle
+ - name: Sign bundle
+ run: osslsigncode sign -pkcs11module /srv/codesign/certum/sc30pkcs11-3.0.6.71-MS.so -pkcs11cert ${{ secrets.CODESIGN_KEYID }} -key ${{ secrets.CODESIGN_KEYID }} -pass ${{ secrets.CODESIGN_PIN }} -h sha256 -t http://time.certum.pl/ -in defguard-client_${{ env.VERSION }}_x64_en-US.msi -out defguard-client-signed.msi
+ - name: Upload installer asset
+ uses: actions/upload-release-asset@v1
+ env:
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ with:
+ upload_url: ${{ needs.create-release.outputs.upload_url }}
+ asset_path: defguard-client-signed.msi
+ asset_name: defguard-client_${{ env.VERSION }}_x64_en-US.msi
+ asset_content_type: application/octet-stream
From 3c46ea8def95b9070b8e112ba70450173515cc4c Mon Sep 17 00:00:00 2001
From: jakub-tldr <78603704+jakub-tldr@users.noreply.github.com>
Date: Wed, 26 Nov 2025 16:42:32 +0100
Subject: [PATCH 18/18] add comment
---
.github/workflows/release.yaml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 5d272b04..0bcee8ad 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -395,7 +395,7 @@ jobs:
cat PKGBUILD
cat .SRCINFO
- Builds Windows MSI and uploads it as artifact
+ # Builds Windows MSI and uploads it as artifact
build-windows:
needs:
- create-release