From 888f42d69d7522a697cde4d6eaabab098c0e0c78 Mon Sep 17 00:00:00 2001
From: jakub-tldr <78603704+jakub-tldr@users.noreply.github.com>
Date: Wed, 17 Dec 2025 17:10:43 +0100
Subject: [PATCH 01/11] workflow test
---
.github/workflows/release.yaml | 724 +++++++++++++++++----------------
1 file changed, 379 insertions(+), 345 deletions(-)
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 0bcee8ad..6050300f 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -1,8 +1,10 @@
-name: "Build app and create release"
+name: 'Build app and create release'
on:
push:
tags:
- v*.*.*
+ branches:
+ - ubuntu2204_dg_fix
jobs:
create-release:
@@ -18,11 +20,11 @@ jobs:
draft: true
generate_release_notes: true
- create-sbom:
- needs: [create-release]
- uses: ./.github/workflows/sbom.yml
- with:
- upload_url: ${{ needs.create-release.outputs.upload_url }}
+ # create-sbom:
+ # needs: [create-release]
+ # uses: ./.github/workflows/sbom.yml
+ # with:
+ # upload_url: ${{ needs.create-release.outputs.upload_url }}
ubuntu-22-04-build:
needs:
- create-release
@@ -56,14 +58,14 @@ jobs:
git config --global --add safe.directory '*'
- uses: actions/checkout@v5
with:
- submodules: "recursive"
+ submodules: 'recursive'
- uses: pnpm/action-setup@v4
with:
version: 10.17
run_install: false
- uses: actions/setup-node@v5
with:
- node-version: "24"
+ node-version: '24'
- name: Get pnpm store directory
run: |
echo "STORE_PATH=$(pnpm store path --silent)" >> ${GITHUB_ENV}
@@ -90,7 +92,7 @@ jobs:
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
- args: "--bundles deb"
+ args: '--bundles deb'
- name: Upload DEB
uses: actions/upload-release-asset@v1
env:
@@ -100,152 +102,6 @@ jobs:
asset_path: src-tauri/target/release/bundle/deb/defguard-client_${{ env.VERSION }}_${{ matrix.deb_arch }}.deb
asset_name: defguard-client_${{ env.VERSION }}_${{ matrix.deb_arch }}_ubuntu-22-04-lts.deb
asset_content_type: application/octet-stream
- - name: Install ruby with deb-s3
- if: matrix.build != 'freebsd'
- run: |
- apt-get install -y ruby
- gem install deb-s3
- echo "$(ruby -r rubygems -e 'puts Gem.user_dir')/bin" >> $GITHUB_PATH
- - name: Upload DEB to APT repository
- run: |
- COMPONENT=$([[ "${{ github.ref_name }}" == *"-"* ]] && echo "pre-release" || echo "release") # if tag contain "-" assume it's pre-release.
-
- deb-s3 upload -l --bucket=apt.defguard.net --access-key-id=${{ secrets.AWS_ACCESS_KEY_APT }} --secret-access-key=${{ secrets.AWS_SECRET_KEY_APT }} --s3-region=eu-north-1 --no-fail-if-exists --codename=bookworm --component="$COMPONENT" src-tauri/target/release/bundle/deb/defguard-client_${{ env.VERSION }}_${{ matrix.deb_arch }}.deb
-
- build-linux:
- needs:
- - create-release
- outputs:
- deb_sha256_amd64: ${{ steps.calculate-sha256.outputs.deb_sha256_amd64 }}
- runs-on:
- - self-hosted
- - Linux
- - ${{ matrix.architecture }}
- strategy:
- fail-fast: false
- matrix:
- architecture: [ARM64, X64]
- include:
- - architecture: ARM64
- deb_arch: arm64
- binary_arch: aarch64
- - architecture: X64
- deb_arch: amd64
- binary_arch: x86_64
- steps:
- - uses: actions/checkout@v5
- with:
- submodules: "recursive"
- - name: Write release version
- run: |
- VERSION=$(echo ${GITHUB_REF_NAME#v} | cut -d '-' -f1)
- echo Version: $VERSION
- echo "VERSION=$VERSION" >> ${GITHUB_ENV}
- - uses: actions/setup-node@v5
- with:
- node-version: "24"
- - uses: pnpm/action-setup@v4
- with:
- version: 10.17
- run_install: false
- - name: Get pnpm store directory
- shell: bash
- run: |
- echo "STORE_PATH=$(pnpm store path --silent)" >> ${GITHUB_ENV}
- - uses: actions/cache@v4
- name: Setup pnpm cache
- with:
- path: ${{ env.STORE_PATH }}
- key: ${{ runner.os }}-pnpm-build-store-${{ hashFiles('**/pnpm-lock.yaml') }}
- restore-keys: |
- ${{ runner.os }}-pnpm-build-store-
- - name: Install Node dependencies
- run: pnpm install --frozen-lockfile
- - uses: dtolnay/rust-toolchain@stable
- - name: Install Linux dependencies
- run: |
- sudo apt-get update
- sudo apt-get install -y libgtk-3-dev libwebkit2gtk-4.1-dev libayatana-appindicator3-dev librsvg2-dev patchelf libssl-dev libxdo-dev unzip protobuf-compiler libprotobuf-dev rpm
- - name: Build packages
- uses: tauri-apps/tauri-action@v0.5.23 # .24 seems broken, TODO: update when fixed
- env:
- GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- with:
- args: "--bundles deb,rpm"
- - name: Calculate DEB SHA256
- id: calculate-sha256
- if: matrix.deb_arch == 'amd64'
- run: |
- DEB_FILE="src-tauri/target/release/bundle/deb/defguard-client_${{ env.VERSION }}_${{ matrix.deb_arch }}.deb"
- DEB_SHA256=$(sha256sum "$DEB_FILE" | cut -d ' ' -f1)
- echo "DEB SHA256: $DEB_SHA256"
- echo "DEB_SHA256=$DEB_SHA256" >> ${GITHUB_ENV}
- echo "deb_sha256_${{ matrix.deb_arch }}=$DEB_SHA256" >> ${GITHUB_OUTPUT}
- - name: Upload RPM
- uses: actions/upload-release-asset@v1
- env:
- GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- with:
- upload_url: ${{ needs.create-release.outputs.upload_url }}
- asset_path: src-tauri/target/release/bundle/rpm/defguard-client-${{ env.VERSION }}-1.${{ matrix.binary_arch }}.rpm
- asset_name: defguard-client-${{ env.VERSION }}-1.${{ matrix.binary_arch }}.rpm
- asset_content_type: application/octet-stream
- - name: Upload DEB
- uses: actions/upload-release-asset@v1
- env:
- GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- with:
- upload_url: ${{ needs.create-release.outputs.upload_url }}
- asset_path: src-tauri/target/release/bundle/deb/defguard-client_${{ env.VERSION }}_${{ matrix.deb_arch }}.deb
- asset_name: defguard-client_${{ env.VERSION }}_${{ matrix.deb_arch }}.deb
- asset_content_type: application/octet-stream
- - name: Install ruby with deb-s3
- if: matrix.build != 'freebsd'
- run: |
- sudo apt-get install -y ruby
- gem install deb-s3
- echo "$(ruby -r rubygems -e 'puts Gem.user_dir')/bin" >> $GITHUB_PATH
- - name: Upload DEB to APT repository #Add this to ubuntu 22.04 job (on merge dev -> main) with --codename=bookworm
- run: |
- COMPONENT=$([[ "${{ github.ref_name }}" == *"-"* ]] && echo "pre-release" || echo "release") # if tag contain "-" assume it's pre-release.
- deb-s3 upload -l --bucket=apt.defguard.net --access-key-id=${{ secrets.AWS_ACCESS_KEY_APT }} --secret-access-key=${{ secrets.AWS_SECRET_KEY_APT }} --s3-region=eu-north-1 --no-fail-if-exists --codename=trixie --component="$COMPONENT" src-tauri/target/release/bundle/deb/defguard-client_${{ env.VERSION }}_${{ matrix.deb_arch }}.deb
- - name: Rename client binary
- run: mv src-tauri/target/release/defguard-client defguard-client-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}
- - name: Tar client binary
- uses: a7ul/tar-action@v1.2.0
- with:
- command: c
- files: |
- defguard-client-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}
- outPath: defguard-client-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.tar.gz
- - name: Upload client archive
- uses: actions/upload-release-asset@v1
- env:
- GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- with:
- upload_url: ${{ needs.create-release.outputs.upload_url }}
- asset_path: defguard-client-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.tar.gz
- asset_name: defguard-client-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.tar.gz
- asset_content_type: application/octet-stream
- - name: Rename daemon binary
- run: mv src-tauri/target/release/defguard-service defguard-service-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}
- - name: Tar daemon binary
- uses: a7ul/tar-action@v1.2.0
- with:
- command: c
- files: |
- defguard-service-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}
- outPath: defguard-service-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.tar.gz
- - name: Upload daemon archive
- uses: actions/upload-release-asset@v1
- env:
- GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- with:
- upload_url: ${{ needs.create-release.outputs.upload_url }}
- asset_path: defguard-service-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.tar.gz
- asset_name: defguard-service-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.tar.gz
- asset_content_type: application/octet-stream
-
- name: Rename dg binary
run: mv src-tauri/target/release/dg dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}
- name: Tar dg binary
@@ -254,7 +110,7 @@ jobs:
command: c
files: |
dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}
- outPath: dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.tar.gz
+ outPath: dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}_ubuntu-22-04-lts.tar.gz
- name: Upload dg archive
uses: actions/upload-release-asset@v1
env:
@@ -262,217 +118,395 @@ jobs:
with:
upload_url: ${{ needs.create-release.outputs.upload_url }}
asset_path: dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.tar.gz
- asset_name: dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.tar.gz
+ asset_name: dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}_ubuntu-22-04-lts.tar.gz
asset_content_type: application/octet-stream
- name: Build dg deb
uses: defGuard/fpm-action@main
with:
- fpm_args: "dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}=/usr/sbin/dg dg.service=/usr/lib/systemd/system/dg.service src-tauri/cli/.env=/etc/defguard/dg.conf"
- fpm_opts: "--architecture ${{ matrix.binary_arch }} --debug --output-type deb --version ${{ env.VERSION }} --package dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.deb"
+ fpm_args: 'dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}=/usr/sbin/dg dg.service=/usr/lib/systemd/system/dg.service src-tauri/cli/.env=/etc/defguard/dg.conf'
+ fpm_opts: '--architecture ${{ matrix.binary_arch }} --debug --output-type deb --version ${{ env.VERSION }} --package dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}_ubuntu-22-04-lts.deb'
- name: Upload DEB
uses: actions/upload-release-asset@v1.0.2
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ needs.create-release.outputs.upload_url }}
- asset_path: dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.deb
- asset_name: dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.deb
- asset_content_type: application/octet-stream
- - name: Build dg rpm
- uses: defGuard/fpm-action@main
- with:
- fpm_args: "dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}=/usr/sbin/dg dg.service=/usr/lib/systemd/system/dg.service src-tauri/cli/.env=/etc/defguard/dg.conf"
- fpm_opts: "--architecture ${{ matrix.binary_arch }} --debug --output-type rpm --version ${{ env.VERSION }} --package dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.rpm"
- - name: Upload RPM
- uses: actions/upload-release-asset@v1.0.2
- env:
- GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- with:
- upload_url: ${{ needs.create-release.outputs.upload_url }}
- asset_path: dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.rpm
- asset_name: dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.rpm
+ asset_path: dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}_ubuntu-22-04-lts.deb
+ asset_name: dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}_ubuntu-22-04-lts.deb
asset_content_type: application/octet-stream
+ # - name: Install ruby with deb-s3
+ # if: matrix.build != 'freebsd'
+ # run: |
+ # apt-get install -y ruby
+ # gem install deb-s3
+ # echo "$(ruby -r rubygems -e 'puts Gem.user_dir')/bin" >> $GITHUB_PATH
+ # - name: Upload DEB to APT repository
+ # run: |
+ # COMPONENT=$([[ "${{ github.ref_name }}" == *"-"* ]] && echo "pre-release" || echo "release") # if tag contain "-" assume it's pre-release.
- apt-sign:
- needs: #Add needs: -ubuntu-22-04-build (on merge dev -> main)
- - build-linux
- runs-on:
- - self-hosted
- - Linux
- - X64
- steps:
- - name: Sign APT repository
- run: |
- export AWS_ACCESS_KEY_ID=${{ secrets.AWS_ACCESS_KEY_APT }}
- export AWS_SECRET_ACCESS_KEY=${{ secrets.AWS_SECRET_KEY_APT }}
- export AWS_REGION=eu-north-1
- sudo apt update -y
- sudo apt install -y awscli curl jq
+ # deb-s3 upload -l --bucket=apt.defguard.net --access-key-id=${{ secrets.AWS_ACCESS_KEY_APT }} --secret-access-key=${{ secrets.AWS_SECRET_KEY_APT }} --s3-region=eu-north-1 --no-fail-if-exists --codename=bookworm --component="$COMPONENT" src-tauri/target/release/bundle/deb/defguard-client_${{ env.VERSION }}_${{ matrix.deb_arch }}.deb
- for DIST in trixie bookworm; do
- aws s3 cp s3://apt.defguard.net/dists/${DIST}/Release .
+ # build-linux:
+ # needs:
+ # - create-release
+ # outputs:
+ # deb_sha256_amd64: ${{ steps.calculate-sha256.outputs.deb_sha256_amd64 }}
+ # runs-on:
+ # - self-hosted
+ # - Linux
+ # - ${{ matrix.architecture }}
+ # strategy:
+ # fail-fast: false
+ # matrix:
+ # architecture: [ARM64, X64]
+ # include:
+ # - architecture: ARM64
+ # deb_arch: arm64
+ # binary_arch: aarch64
+ # - architecture: X64
+ # deb_arch: amd64
+ # binary_arch: x86_64
+ # steps:
+ # - uses: actions/checkout@v5
+ # with:
+ # submodules: 'recursive'
+ # - name: Write release version
+ # run: |
+ # VERSION=$(echo ${GITHUB_REF_NAME#v} | cut -d '-' -f1)
+ # echo Version: $VERSION
+ # echo "VERSION=$VERSION" >> ${GITHUB_ENV}
+ # - uses: actions/setup-node@v5
+ # with:
+ # node-version: '24'
+ # - uses: pnpm/action-setup@v4
+ # with:
+ # version: 10.17
+ # run_install: false
+ # - name: Get pnpm store directory
+ # shell: bash
+ # run: |
+ # echo "STORE_PATH=$(pnpm store path --silent)" >> ${GITHUB_ENV}
+ # - uses: actions/cache@v4
+ # name: Setup pnpm cache
+ # with:
+ # path: ${{ env.STORE_PATH }}
+ # key: ${{ runner.os }}-pnpm-build-store-${{ hashFiles('**/pnpm-lock.yaml') }}
+ # restore-keys: |
+ # ${{ runner.os }}-pnpm-build-store-
+ # - name: Install Node dependencies
+ # run: pnpm install --frozen-lockfile
+ # - uses: dtolnay/rust-toolchain@stable
+ # - name: Install Linux dependencies
+ # run: |
+ # sudo apt-get update
+ # sudo apt-get install -y libgtk-3-dev libwebkit2gtk-4.1-dev libayatana-appindicator3-dev librsvg2-dev patchelf libssl-dev libxdo-dev unzip protobuf-compiler libprotobuf-dev rpm
+ # - name: Build packages
+ # uses: tauri-apps/tauri-action@v0.5.23 # .24 seems broken, TODO: update when fixed
+ # env:
+ # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ # with:
+ # args: '--bundles deb,rpm'
+ # - name: Calculate DEB SHA256
+ # id: calculate-sha256
+ # if: matrix.deb_arch == 'amd64'
+ # run: |
+ # DEB_FILE="src-tauri/target/release/bundle/deb/defguard-client_${{ env.VERSION }}_${{ matrix.deb_arch }}.deb"
+ # DEB_SHA256=$(sha256sum "$DEB_FILE" | cut -d ' ' -f1)
+ # echo "DEB SHA256: $DEB_SHA256"
+ # echo "DEB_SHA256=$DEB_SHA256" >> ${GITHUB_ENV}
+ # echo "deb_sha256_${{ matrix.deb_arch }}=$DEB_SHA256" >> ${GITHUB_OUTPUT}
+ # - name: Upload RPM
+ # uses: actions/upload-release-asset@v1
+ # env:
+ # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ # with:
+ # upload_url: ${{ needs.create-release.outputs.upload_url }}
+ # asset_path: src-tauri/target/release/bundle/rpm/defguard-client-${{ env.VERSION }}-1.${{ matrix.binary_arch }}.rpm
+ # asset_name: defguard-client-${{ env.VERSION }}-1.${{ matrix.binary_arch }}.rpm
+ # asset_content_type: application/octet-stream
+ # - name: Upload DEB
+ # uses: actions/upload-release-asset@v1
+ # env:
+ # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ # with:
+ # upload_url: ${{ needs.create-release.outputs.upload_url }}
+ # asset_path: src-tauri/target/release/bundle/deb/defguard-client_${{ env.VERSION }}_${{ matrix.deb_arch }}.deb
+ # asset_name: defguard-client_${{ env.VERSION }}_${{ matrix.deb_arch }}.deb
+ # asset_content_type: application/octet-stream
+ # - name: Install ruby with deb-s3
+ # if: matrix.build != 'freebsd'
+ # run: |
+ # sudo apt-get install -y ruby
+ # gem install deb-s3
+ # echo "$(ruby -r rubygems -e 'puts Gem.user_dir')/bin" >> $GITHUB_PATH
+ # - name: Upload DEB to APT repository #Add this to ubuntu 22.04 job (on merge dev -> main) with --codename=bookworm
+ # run: |
+ # COMPONENT=$([[ "${{ github.ref_name }}" == *"-"* ]] && echo "pre-release" || echo "release") # if tag contain "-" assume it's pre-release.
+ # deb-s3 upload -l --bucket=apt.defguard.net --access-key-id=${{ secrets.AWS_ACCESS_KEY_APT }} --secret-access-key=${{ secrets.AWS_SECRET_KEY_APT }} --s3-region=eu-north-1 --no-fail-if-exists --codename=trixie --component="$COMPONENT" src-tauri/target/release/bundle/deb/defguard-client_${{ env.VERSION }}_${{ matrix.deb_arch }}.deb
+ # - name: Rename client binary
+ # run: mv src-tauri/target/release/defguard-client defguard-client-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}
+ # - name: Tar client binary
+ # uses: a7ul/tar-action@v1.2.0
+ # with:
+ # command: c
+ # files: |
+ # defguard-client-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}
+ # outPath: defguard-client-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.tar.gz
+ # - name: Upload client archive
+ # uses: actions/upload-release-asset@v1
+ # env:
+ # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ # with:
+ # upload_url: ${{ needs.create-release.outputs.upload_url }}
+ # asset_path: defguard-client-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.tar.gz
+ # asset_name: defguard-client-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.tar.gz
+ # asset_content_type: application/octet-stream
+ # - name: Rename daemon binary
+ # run: mv src-tauri/target/release/defguard-service defguard-service-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}
+ # - name: Tar daemon binary
+ # uses: a7ul/tar-action@v1.2.0
+ # with:
+ # command: c
+ # files: |
+ # defguard-service-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}
+ # outPath: defguard-service-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.tar.gz
+ # - name: Upload daemon archive
+ # uses: actions/upload-release-asset@v1
+ # env:
+ # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ # with:
+ # upload_url: ${{ needs.create-release.outputs.upload_url }}
+ # asset_path: defguard-service-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.tar.gz
+ # asset_name: defguard-service-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.tar.gz
+ # asset_content_type: application/octet-stream
- curl -X POST "${{ secrets.DEFGUARD_SIGNING_URL }}?signature_type=both" \
- -H "Authorization: Bearer ${{ secrets.DEFGUARD_SIGNING_API_KEY }}" \
- -F "file=@Release" \
- -o response.json
+ # - name: Rename dg binary
+ # run: mv src-tauri/target/release/dg dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}
+ # - name: Tar dg binary
+ # uses: a7ul/tar-action@v1.2.0
+ # with:
+ # command: c
+ # files: |
+ # dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}
+ # outPath: dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.tar.gz
+ # - name: Upload dg archive
+ # uses: actions/upload-release-asset@v1
+ # env:
+ # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ # with:
+ # upload_url: ${{ needs.create-release.outputs.upload_url }}
+ # asset_path: dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.tar.gz
+ # asset_name: dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.tar.gz
+ # asset_content_type: application/octet-stream
+ # - name: Build dg deb
+ # uses: defGuard/fpm-action@main
+ # with:
+ # fpm_args: 'dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}=/usr/sbin/dg dg.service=/usr/lib/systemd/system/dg.service src-tauri/cli/.env=/etc/defguard/dg.conf'
+ # fpm_opts: '--architecture ${{ matrix.binary_arch }} --debug --output-type deb --version ${{ env.VERSION }} --package dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.deb'
+ # - name: Upload DEB
+ # uses: actions/upload-release-asset@v1.0.2
+ # env:
+ # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ # with:
+ # upload_url: ${{ needs.create-release.outputs.upload_url }}
+ # asset_path: dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.deb
+ # asset_name: dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.deb
+ # asset_content_type: application/octet-stream
+ # - name: Build dg rpm
+ # uses: defGuard/fpm-action@main
+ # with:
+ # fpm_args: 'dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}=/usr/sbin/dg dg.service=/usr/lib/systemd/system/dg.service src-tauri/cli/.env=/etc/defguard/dg.conf'
+ # fpm_opts: '--architecture ${{ matrix.binary_arch }} --debug --output-type rpm --version ${{ env.VERSION }} --package dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.rpm'
+ # - name: Upload RPM
+ # uses: actions/upload-release-asset@v1.0.2
+ # env:
+ # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ # with:
+ # upload_url: ${{ needs.create-release.outputs.upload_url }}
+ # asset_path: dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.rpm
+ # asset_name: dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.rpm
+ # asset_content_type: application/octet-stream
- cat response.json | jq -r '.files["Release.gpg"].content' | base64 --decode > Release.gpg
- cat response.json | jq -r '.files.Release.content' | base64 --decode > InRelease
+ # apt-sign:
+ # needs: #Add needs: -ubuntu-22-04-build (on merge dev -> main)
+ # - build-linux
+ # runs-on:
+ # - self-hosted
+ # - Linux
+ # - X64
+ # steps:
+ # - name: Sign APT repository
+ # run: |
+ # export AWS_ACCESS_KEY_ID=${{ secrets.AWS_ACCESS_KEY_APT }}
+ # export AWS_SECRET_ACCESS_KEY=${{ secrets.AWS_SECRET_KEY_APT }}
+ # export AWS_REGION=eu-north-1
+ # sudo apt update -y
+ # sudo apt install -y awscli curl jq
- aws s3 cp Release.gpg s3://apt.defguard.net/dists/${DIST}/ --acl public-read
- aws s3 cp InRelease s3://apt.defguard.net/dists/${DIST}/ --acl public-read
+ # for DIST in trixie bookworm; do
+ # aws s3 cp s3://apt.defguard.net/dists/${DIST}/Release .
- done
- (aws s3 ls s3://apt.defguard.net/dists/ --recursive; aws s3 ls s3://apt.defguard.net/pool/ --recursive) | awk '{print ""$4"
"}' > index.html
- aws s3 cp index.html s3://apt.defguard.net/ --acl public-read
+ # curl -X POST "${{ secrets.DEFGUARD_SIGNING_URL }}?signature_type=both" \
+ # -H "Authorization: Bearer ${{ secrets.DEFGUARD_SIGNING_API_KEY }}" \
+ # -F "file=@Release" \
+ # -o response.json
- update-aur:
- needs:
- - create-release
- - build-linux
- if: "!contains(github.ref_name, '-')"
- runs-on:
- - self-hosted
- - Linux
- - ${{ matrix.architecture }}
- container: archlinux:latest
- strategy:
- fail-fast: false
- matrix:
- architecture: [X64]
- include:
- - architecture: X64
- deb_arch: amd64
- binary_arch: x86_64
- steps:
- - name: Install dependencies
- run: |
- pacman -Syu --noconfirm
- pacman -S --noconfirm git openssh base-devel
- - name: Setup SSH for AUR
- run: |
- mkdir -p ~/.ssh
- echo "${{ secrets.AUR_SSH_KEY }}" > ~/.ssh/id_rsa
- chmod 600 ~/.ssh/id_rsa
- ssh-keyscan aur.archlinux.org >> ~/.ssh/known_hosts
- chmod 600 ~/.ssh/known_hosts
- # Create SSH config file
- cat > ~/.ssh/config << EOF
- Host aur.archlinux.org
- IdentityFile ~/.ssh/id_rsa
- User aur
- StrictHostKeyChecking accept-new
- EOF
- chmod 600 ~/.ssh/config
- - name: Update AUR Package
- run: |
+ # cat response.json | jq -r '.files["Release.gpg"].content' | base64 --decode > Release.gpg
+ # cat response.json | jq -r '.files.Release.content' | base64 --decode > InRelease
- git config --global user.name "Defguard Build System"
- git config --global user.email "community@defguard.net"
- git config --global --add safe.directory '*'
+ # aws s3 cp Release.gpg s3://apt.defguard.net/dists/${DIST}/ --acl public-read
+ # aws s3 cp InRelease s3://apt.defguard.net/dists/${DIST}/ --acl public-read
- rm -rf aur-repo || true
- GIT_SSH_COMMAND="ssh -v -i ~/.ssh/id_rsa -o StrictHostKeyChecking=accept-new" \
- git clone "ssh://aur@aur.archlinux.org/defguard-client.git" aur-repo
- cd aur-repo
- git config --global --add safe.directory "$(pwd)"
- VERSION=$(echo ${GITHUB_REF_NAME#v} | cut -d '-' -f1)
- echo "Updating to version: $VERSION"
- sed -i "s/^pkgver=.*/pkgver=$VERSION/" PKGBUILD
+ # done
+ # (aws s3 ls s3://apt.defguard.net/dists/ --recursive; aws s3 ls s3://apt.defguard.net/pool/ --recursive) | awk '{print ""$4"
"}' > index.html
+ # aws s3 cp index.html s3://apt.defguard.net/ --acl public-read
- AMD64_SHA="${{ needs.build-linux.outputs.deb_sha256_amd64 }}"
- echo "AMD64 DEB SHA256: $AMD64_SHA"
- sed -i "s/^sha256sums_x86_64=.*/sha256sums_x86_64=('$AMD64_SHA')/" PKGBUILD
+ # update-aur:
+ # needs:
+ # - create-release
+ # - build-linux
+ # if: "!contains(github.ref_name, '-')"
+ # runs-on:
+ # - self-hosted
+ # - Linux
+ # - ${{ matrix.architecture }}
+ # container: archlinux:latest
+ # strategy:
+ # fail-fast: false
+ # matrix:
+ # architecture: [X64]
+ # include:
+ # - architecture: X64
+ # deb_arch: amd64
+ # binary_arch: x86_64
+ # steps:
+ # - name: Install dependencies
+ # run: |
+ # pacman -Syu --noconfirm
+ # pacman -S --noconfirm git openssh base-devel
+ # - name: Setup SSH for AUR
+ # run: |
+ # mkdir -p ~/.ssh
+ # echo "${{ secrets.AUR_SSH_KEY }}" > ~/.ssh/id_rsa
+ # chmod 600 ~/.ssh/id_rsa
+ # ssh-keyscan aur.archlinux.org >> ~/.ssh/known_hosts
+ # chmod 600 ~/.ssh/known_hosts
+ # # Create SSH config file
+ # cat > ~/.ssh/config << EOF
+ # Host aur.archlinux.org
+ # IdentityFile ~/.ssh/id_rsa
+ # User aur
+ # StrictHostKeyChecking accept-new
+ # EOF
+ # chmod 600 ~/.ssh/config
+ # - name: Update AUR Package
+ # run: |
- useradd -m builduser
- chown -R builduser:builduser .
+ # git config --global user.name "Defguard Build System"
+ # git config --global user.email "community@defguard.net"
+ # git config --global --add safe.directory '*'
- su builduser -c "makepkg --printsrcinfo" > .SRCINFO
- git add PKGBUILD .SRCINFO
- git commit -m "Updated to $VERSION"
- GIT_SSH_COMMAND="ssh -v -i ~/.ssh/id_rsa -o StrictHostKeyChecking=accept-new" git push
- cat PKGBUILD
- cat .SRCINFO
+ # rm -rf aur-repo || true
+ # GIT_SSH_COMMAND="ssh -v -i ~/.ssh/id_rsa -o StrictHostKeyChecking=accept-new" \
+ # git clone "ssh://aur@aur.archlinux.org/defguard-client.git" aur-repo
+ # cd aur-repo
+ # git config --global --add safe.directory "$(pwd)"
+ # VERSION=$(echo ${GITHUB_REF_NAME#v} | cut -d '-' -f1)
+ # echo "Updating to version: $VERSION"
+ # sed -i "s/^pkgver=.*/pkgver=$VERSION/" PKGBUILD
- # Builds Windows MSI and uploads it as artifact
- build-windows:
- needs:
- - create-release
- runs-on: windows-latest
- steps:
- - uses: actions/checkout@v5
- with:
- submodules: "recursive"
- - name: Write release version
- run: |
- $env:VERSION=echo ($env:GITHUB_REF_NAME.Substring(1) -Split "-")[0]
- echo Version: $env:VERSION
- echo "VERSION=$env:VERSION" >> $env:GITHUB_ENV
- - uses: actions/setup-node@v6
- with:
- node-version: "22"
- - uses: pnpm/action-setup@v4
- with:
- version: 10
- run_install: false
- - name: Get pnpm store directory
- shell: bash
- run: echo "STORE_PATH=$(pnpm store path --silent)" >> ${GITHUB_ENV}
- - uses: actions/cache@v4
- name: Setup pnpm cache
- with:
- path: ${{ env.STORE_PATH }}
- key: ${{ runner.os }}-pnpm-build-store-${{ hashFiles('**/pnpm-lock.yaml') }}
- restore-keys: |
- ${{ runner.os }}-pnpm-build-store-
- - name: Install deps
- run: pnpm install --frozen-lockfile
- - uses: dtolnay/rust-toolchain@stable
- - name: Install Protoc
- uses: arduino/setup-protoc@v3
- with:
- repo-token: ${{ secrets.GITHUB_TOKEN }}
- - name: Remove "default-run" line from Cargo.toml
- run: |
- Set-Content -Path ".\src-tauri\Cargo.toml" -Value (get-content -Path ".\src-tauri\Cargo.toml" | Select-String -Pattern 'default-run =' -NotMatch)
- - name: Build packages
- uses: tauri-apps/tauri-action@v0.5.23 # .24 seems broken, TODO: update when fixed
- env:
- GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- - name: Upload unsigned bundle
- uses: actions/upload-artifact@v4
- with:
- name: unsigned-bundle
- path: src-tauri/target/release/bundle/msi/defguard-client_${{ env.VERSION }}_x64_en-US.msi
+ # AMD64_SHA="${{ needs.build-linux.outputs.deb_sha256_amd64 }}"
+ # echo "AMD64 DEB SHA256: $AMD64_SHA"
+ # sed -i "s/^sha256sums_x86_64=.*/sha256sums_x86_64=('$AMD64_SHA')/" PKGBUILD
- # Signs the MSI and uploads it as release asset
- sign-bundle:
- needs:
- - create-release
- - build-windows
- runs-on:
- - self-hosted
- - Linux
- - X64
- steps:
- - name: Write release version
- run: |
- VERSION=$(echo ${GITHUB_REF_NAME#v} | cut -d '-' -f1)
- echo Version: $VERSION
- echo "VERSION=$VERSION" >> ${GITHUB_ENV}
- - name: Download unsigned bundle
- uses: actions/download-artifact@v4
- with:
- name: unsigned-bundle
- - name: Sign bundle
- run: osslsigncode sign -pkcs11module /srv/codesign/certum/sc30pkcs11-3.0.6.71-MS.so -pkcs11cert ${{ secrets.CODESIGN_KEYID }} -key ${{ secrets.CODESIGN_KEYID }} -pass ${{ secrets.CODESIGN_PIN }} -h sha256 -t http://time.certum.pl/ -in defguard-client_${{ env.VERSION }}_x64_en-US.msi -out defguard-client-signed.msi
- - name: Upload installer asset
- uses: actions/upload-release-asset@v1
- env:
- GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- with:
- upload_url: ${{ needs.create-release.outputs.upload_url }}
- asset_path: defguard-client-signed.msi
- asset_name: defguard-client_${{ env.VERSION }}_x64_en-US.msi
- asset_content_type: application/octet-stream
+ # useradd -m builduser
+ # chown -R builduser:builduser .
+
+ # su builduser -c "makepkg --printsrcinfo" > .SRCINFO
+ # git add PKGBUILD .SRCINFO
+ # git commit -m "Updated to $VERSION"
+ # GIT_SSH_COMMAND="ssh -v -i ~/.ssh/id_rsa -o StrictHostKeyChecking=accept-new" git push
+ # cat PKGBUILD
+ # cat .SRCINFO
+
+ # # Builds Windows MSI and uploads it as artifact
+ # build-windows:
+ # needs:
+ # - create-release
+ # runs-on: windows-latest
+ # steps:
+ # - uses: actions/checkout@v5
+ # with:
+ # submodules: 'recursive'
+ # - name: Write release version
+ # run: |
+ # $env:VERSION=echo ($env:GITHUB_REF_NAME.Substring(1) -Split "-")[0]
+ # echo Version: $env:VERSION
+ # echo "VERSION=$env:VERSION" >> $env:GITHUB_ENV
+ # - uses: actions/setup-node@v6
+ # with:
+ # node-version: '22'
+ # - uses: pnpm/action-setup@v4
+ # with:
+ # version: 10
+ # run_install: false
+ # - name: Get pnpm store directory
+ # shell: bash
+ # run: echo "STORE_PATH=$(pnpm store path --silent)" >> ${GITHUB_ENV}
+ # - uses: actions/cache@v4
+ # name: Setup pnpm cache
+ # with:
+ # path: ${{ env.STORE_PATH }}
+ # key: ${{ runner.os }}-pnpm-build-store-${{ hashFiles('**/pnpm-lock.yaml') }}
+ # restore-keys: |
+ # ${{ runner.os }}-pnpm-build-store-
+ # - name: Install deps
+ # run: pnpm install --frozen-lockfile
+ # - uses: dtolnay/rust-toolchain@stable
+ # - name: Install Protoc
+ # uses: arduino/setup-protoc@v3
+ # with:
+ # repo-token: ${{ secrets.GITHUB_TOKEN }}
+ # - name: Remove "default-run" line from Cargo.toml
+ # run: |
+ # Set-Content -Path ".\src-tauri\Cargo.toml" -Value (get-content -Path ".\src-tauri\Cargo.toml" | Select-String -Pattern 'default-run =' -NotMatch)
+ # - name: Build packages
+ # uses: tauri-apps/tauri-action@v0.5.23 # .24 seems broken, TODO: update when fixed
+ # env:
+ # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ # - name: Upload unsigned bundle
+ # uses: actions/upload-artifact@v4
+ # with:
+ # name: unsigned-bundle
+ # path: src-tauri/target/release/bundle/msi/defguard-client_${{ env.VERSION }}_x64_en-US.msi
+
+ # # Signs the MSI and uploads it as release asset
+ # sign-bundle:
+ # needs:
+ # - create-release
+ # - build-windows
+ # runs-on:
+ # - self-hosted
+ # - Linux
+ # - X64
+ # steps:
+ # - name: Write release version
+ # run: |
+ # VERSION=$(echo ${GITHUB_REF_NAME#v} | cut -d '-' -f1)
+ # echo Version: $VERSION
+ # echo "VERSION=$VERSION" >> ${GITHUB_ENV}
+ # - name: Download unsigned bundle
+ # uses: actions/download-artifact@v4
+ # with:
+ # name: unsigned-bundle
+ # - name: Sign bundle
+ # run: osslsigncode sign -pkcs11module /srv/codesign/certum/sc30pkcs11-3.0.6.71-MS.so -pkcs11cert ${{ secrets.CODESIGN_KEYID }} -key ${{ secrets.CODESIGN_KEYID }} -pass ${{ secrets.CODESIGN_PIN }} -h sha256 -t http://time.certum.pl/ -in defguard-client_${{ env.VERSION }}_x64_en-US.msi -out defguard-client-signed.msi
+ # - name: Upload installer asset
+ # uses: actions/upload-release-asset@v1
+ # env:
+ # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ # with:
+ # upload_url: ${{ needs.create-release.outputs.upload_url }}
+ # asset_path: defguard-client-signed.msi
+ # asset_name: defguard-client_${{ env.VERSION }}_x64_en-US.msi
+ # asset_content_type: application/octet-stream
From 621fed7c058efbb7b1ebb561f2cd193a2530dc9d Mon Sep 17 00:00:00 2001
From: jakub-tldr <78603704+jakub-tldr@users.noreply.github.com>
Date: Wed, 17 Dec 2025 17:18:21 +0100
Subject: [PATCH 02/11] test
---
.github/workflows/release.yaml | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 6050300f..89e01664 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -1,8 +1,8 @@
name: 'Build app and create release'
on:
push:
- tags:
- - v*.*.*
+ # tags:
+ # - v*.*.*
branches:
- ubuntu2204_dg_fix
From 18e4dcf6d994d2d3664138e12604ad147f53300c Mon Sep 17 00:00:00 2001
From: jakub-tldr <78603704+jakub-tldr@users.noreply.github.com>
Date: Wed, 17 Dec 2025 17:22:06 +0100
Subject: [PATCH 03/11] add tag_name parameter
---
.github/workflows/release.yaml | 1 +
1 file changed, 1 insertion(+)
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 89e01664..3263f170 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -17,6 +17,7 @@ jobs:
id: release
uses: softprops/action-gh-release@v2
with:
+ tag_name: ${{ github.ref_name }}
draft: true
generate_release_notes: true
From 3a6af705fea449e179732b1887b0350c1936caf1 Mon Sep 17 00:00:00 2001
From: jakub-tldr <78603704+jakub-tldr@users.noreply.github.com>
Date: Wed, 17 Dec 2025 17:43:03 +0100
Subject: [PATCH 04/11] change asset name
---
.github/workflows/release.yaml | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 3263f170..cf38ded2 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -100,8 +100,8 @@ jobs:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ needs.create-release.outputs.upload_url }}
- asset_path: src-tauri/target/release/bundle/deb/defguard-client_${{ env.VERSION }}_${{ matrix.deb_arch }}.deb
- asset_name: defguard-client_${{ env.VERSION }}_${{ matrix.deb_arch }}_ubuntu-22-04-lts.deb
+ asset_path: src-tauri/target/release/bundle/deb/Defguard_${{ env.VERSION }}_${{ matrix.deb_arch }}.deb
+ asset_name: Defguard__${{ env.VERSION }}_${{ matrix.deb_arch }}_ubuntu-22-04-lts.deb
asset_content_type: application/octet-stream
- name: Rename dg binary
run: mv src-tauri/target/release/dg dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}
From fac98ebb88c8ec05006a4de2c4156a184dc7d7d0 Mon Sep 17 00:00:00 2001
From: jakub-tldr <78603704+jakub-tldr@users.noreply.github.com>
Date: Wed, 17 Dec 2025 17:53:23 +0100
Subject: [PATCH 05/11] change version
---
.github/workflows/release.yaml | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index cf38ded2..34283133 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -72,7 +72,8 @@ jobs:
echo "STORE_PATH=$(pnpm store path --silent)" >> ${GITHUB_ENV}
- name: Write release version
run: |
- VERSION=$(echo ${GITHUB_REF_NAME#v} | cut -d '-' -f1)
+ # VERSION=$(echo ${GITHUB_REF_NAME#v} | cut -d '-' -f1)
+ VERSION=1.6.0
echo Version: $VERSION
echo "VERSION=$VERSION" >> ${GITHUB_ENV}
- uses: actions/cache@v4
@@ -101,7 +102,7 @@ jobs:
with:
upload_url: ${{ needs.create-release.outputs.upload_url }}
asset_path: src-tauri/target/release/bundle/deb/Defguard_${{ env.VERSION }}_${{ matrix.deb_arch }}.deb
- asset_name: Defguard__${{ env.VERSION }}_${{ matrix.deb_arch }}_ubuntu-22-04-lts.deb
+ asset_name: Defguard_${{ env.VERSION }}_${{ matrix.deb_arch }}_ubuntu-22-04-lts.deb
asset_content_type: application/octet-stream
- name: Rename dg binary
run: mv src-tauri/target/release/dg dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}
From bae5c7ce0829512a345aa1741bc53938c31dde1f Mon Sep 17 00:00:00 2001
From: jakub-tldr <78603704+jakub-tldr@users.noreply.github.com>
Date: Thu, 18 Dec 2025 13:28:56 +0100
Subject: [PATCH 06/11] change path
---
.github/workflows/release.yaml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 34283133..193aeecb 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -119,7 +119,7 @@ jobs:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ needs.create-release.outputs.upload_url }}
- asset_path: dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.tar.gz
+ asset_path: dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}_ubuntu-22-04-lts.tar.gz
asset_name: dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}_ubuntu-22-04-lts.tar.gz
asset_content_type: application/octet-stream
- name: Build dg deb
From c20a474425e7270f5d74a5e93541e5b315540de9 Mon Sep 17 00:00:00 2001
From: jakub-tldr <78603704+jakub-tldr@users.noreply.github.com>
Date: Fri, 19 Dec 2025 10:30:26 +0100
Subject: [PATCH 07/11] change filename
---
.github/workflows/release.yaml | 23 +++++++----------------
1 file changed, 7 insertions(+), 16 deletions(-)
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 193aeecb..c876d590 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -105,36 +105,27 @@ jobs:
asset_name: Defguard_${{ env.VERSION }}_${{ matrix.deb_arch }}_ubuntu-22-04-lts.deb
asset_content_type: application/octet-stream
- name: Rename dg binary
- run: mv src-tauri/target/release/dg dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}
+ run: mv src-tauri/target/release/dg dg-linux-${{ env.VERSION }}_${{ matrix.deb_arch }}
- name: Tar dg binary
uses: a7ul/tar-action@v1.2.0
with:
command: c
files: |
- dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}
- outPath: dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}_ubuntu-22-04-lts.tar.gz
- - name: Upload dg archive
- uses: actions/upload-release-asset@v1
- env:
- GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- with:
- upload_url: ${{ needs.create-release.outputs.upload_url }}
- asset_path: dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}_ubuntu-22-04-lts.tar.gz
- asset_name: dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}_ubuntu-22-04-lts.tar.gz
- asset_content_type: application/octet-stream
+ dg-linux-${{ env.VERSION }}_${{ matrix.deb_arch }}
+ outPath: dg-linux-${{ env.VERSION }}_${{ matrix.deb_arch }}_ubuntu-22-04-lts.tar.gz
- name: Build dg deb
uses: defGuard/fpm-action@main
with:
- fpm_args: 'dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}=/usr/sbin/dg dg.service=/usr/lib/systemd/system/dg.service src-tauri/cli/.env=/etc/defguard/dg.conf'
- fpm_opts: '--architecture ${{ matrix.binary_arch }} --debug --output-type deb --version ${{ env.VERSION }} --package dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}_ubuntu-22-04-lts.deb'
+ fpm_args: 'dg-linux-${{ env.VERSION }}_${{ matrix.deb_arch }}=/usr/sbin/dg dg.service=/usr/lib/systemd/system/dg.service src-tauri/cli/.env=/etc/defguard/dg.conf'
+ fpm_opts: '--architecture ${{ matrix.binary_arch }} --debug --output-type deb --version ${{ env.VERSION }} --package dg-linux-${{ env.VERSION }}_${{ matrix.deb_arch }}_ubuntu-22-04-lts.deb'
- name: Upload DEB
uses: actions/upload-release-asset@v1.0.2
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ needs.create-release.outputs.upload_url }}
- asset_path: dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}_ubuntu-22-04-lts.deb
- asset_name: dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}_ubuntu-22-04-lts.deb
+ asset_path: dg-linux-${{ env.VERSION }}_${{ matrix.deb_arch }}_ubuntu-22-04-lts.deb
+ asset_name: dg-linux-${{ env.VERSION }}_${{ matrix.deb_arch }}_ubuntu-22-04-lts.deb
asset_content_type: application/octet-stream
# - name: Install ruby with deb-s3
# if: matrix.build != 'freebsd'
From 39fc774210cb76e7f08c39826e778e6bab072789 Mon Sep 17 00:00:00 2001
From: jakub-tldr <78603704+jakub-tldr@users.noreply.github.com>
Date: Fri, 19 Dec 2025 10:58:26 +0100
Subject: [PATCH 08/11] test workflow
---
.github/workflows/release.yaml | 84 ++++++++++++++++------------------
1 file changed, 39 insertions(+), 45 deletions(-)
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index c876d590..3de81ced 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -106,13 +106,6 @@ jobs:
asset_content_type: application/octet-stream
- name: Rename dg binary
run: mv src-tauri/target/release/dg dg-linux-${{ env.VERSION }}_${{ matrix.deb_arch }}
- - name: Tar dg binary
- uses: a7ul/tar-action@v1.2.0
- with:
- command: c
- files: |
- dg-linux-${{ env.VERSION }}_${{ matrix.deb_arch }}
- outPath: dg-linux-${{ env.VERSION }}_${{ matrix.deb_arch }}_ubuntu-22-04-lts.tar.gz
- name: Build dg deb
uses: defGuard/fpm-action@main
with:
@@ -127,17 +120,18 @@ jobs:
asset_path: dg-linux-${{ env.VERSION }}_${{ matrix.deb_arch }}_ubuntu-22-04-lts.deb
asset_name: dg-linux-${{ env.VERSION }}_${{ matrix.deb_arch }}_ubuntu-22-04-lts.deb
asset_content_type: application/octet-stream
- # - name: Install ruby with deb-s3
- # if: matrix.build != 'freebsd'
- # run: |
- # apt-get install -y ruby
- # gem install deb-s3
- # echo "$(ruby -r rubygems -e 'puts Gem.user_dir')/bin" >> $GITHUB_PATH
- # - name: Upload DEB to APT repository
- # run: |
- # COMPONENT=$([[ "${{ github.ref_name }}" == *"-"* ]] && echo "pre-release" || echo "release") # if tag contain "-" assume it's pre-release.
+ - name: Install ruby with deb-s3
+ if: matrix.build != 'freebsd'
+ run: |
+ apt-get install -y ruby
+ gem install deb-s3
+ echo "$(ruby -r rubygems -e 'puts Gem.user_dir')/bin" >> $GITHUB_PATH
+ - name: Upload DEB to APT repository
+ run: |
+ COMPONENT=$([[ "${{ github.ref_name }}" == *"-"* ]] && echo "pre-release" || echo "release") # if tag contain "-" assume it's pre-release.
- # deb-s3 upload -l --bucket=apt.defguard.net --access-key-id=${{ secrets.AWS_ACCESS_KEY_APT }} --secret-access-key=${{ secrets.AWS_SECRET_KEY_APT }} --s3-region=eu-north-1 --no-fail-if-exists --codename=bookworm --component="$COMPONENT" src-tauri/target/release/bundle/deb/defguard-client_${{ env.VERSION }}_${{ matrix.deb_arch }}.deb
+ deb-s3 upload -l --bucket=apt.defguard.net --access-key-id=${{ secrets.AWS_ACCESS_KEY_APT }} --secret-access-key=${{ secrets.AWS_SECRET_KEY_APT }} --s3-region=eu-north-1 --no-fail-if-exists --codename=bookworm --component="$COMPONENT" src-tauri/target/release/bundle/deb/Defguard_${{ env.VERSION }}_${{ matrix.deb_arch }}.deb
+ deb-s3 upload -l --bucket=apt.defguard.net --access-key-id=${{ secrets.AWS_ACCESS_KEY_APT }} --secret-access-key=${{ secrets.AWS_SECRET_KEY_APT }} --s3-region=eu-north-1 --no-fail-if-exists --codename=bookworm --component="$COMPONENT" dg-linux-${{ env.VERSION }}_${{ matrix.deb_arch }}_ubuntu-22-04-lts.deb
# build-linux:
# needs:
@@ -320,39 +314,39 @@ jobs:
# asset_name: dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.rpm
# asset_content_type: application/octet-stream
- # apt-sign:
- # needs: #Add needs: -ubuntu-22-04-build (on merge dev -> main)
- # - build-linux
- # runs-on:
- # - self-hosted
- # - Linux
- # - X64
- # steps:
- # - name: Sign APT repository
- # run: |
- # export AWS_ACCESS_KEY_ID=${{ secrets.AWS_ACCESS_KEY_APT }}
- # export AWS_SECRET_ACCESS_KEY=${{ secrets.AWS_SECRET_KEY_APT }}
- # export AWS_REGION=eu-north-1
- # sudo apt update -y
- # sudo apt install -y awscli curl jq
+ apt-sign:
+ needs:
+ - build-linux
+ runs-on:
+ - self-hosted
+ - Linux
+ - X64
+ steps:
+ - name: Sign APT repository
+ run: |
+ export AWS_ACCESS_KEY_ID=${{ secrets.AWS_ACCESS_KEY_APT }}
+ export AWS_SECRET_ACCESS_KEY=${{ secrets.AWS_SECRET_KEY_APT }}
+ export AWS_REGION=eu-north-1
+ sudo apt update -y
+ sudo apt install -y awscli curl jq
- # for DIST in trixie bookworm; do
- # aws s3 cp s3://apt.defguard.net/dists/${DIST}/Release .
+ for DIST in trixie bookworm; do
+ aws s3 cp s3://apt.defguard.net/dists/${DIST}/Release .
- # curl -X POST "${{ secrets.DEFGUARD_SIGNING_URL }}?signature_type=both" \
- # -H "Authorization: Bearer ${{ secrets.DEFGUARD_SIGNING_API_KEY }}" \
- # -F "file=@Release" \
- # -o response.json
+ curl -X POST "${{ secrets.DEFGUARD_SIGNING_URL }}?signature_type=both" \
+ -H "Authorization: Bearer ${{ secrets.DEFGUARD_SIGNING_API_KEY }}" \
+ -F "file=@Release" \
+ -o response.json
- # cat response.json | jq -r '.files["Release.gpg"].content' | base64 --decode > Release.gpg
- # cat response.json | jq -r '.files.Release.content' | base64 --decode > InRelease
+ cat response.json | jq -r '.files["Release.gpg"].content' | base64 --decode > Release.gpg
+ cat response.json | jq -r '.files.Release.content' | base64 --decode > InRelease
- # aws s3 cp Release.gpg s3://apt.defguard.net/dists/${DIST}/ --acl public-read
- # aws s3 cp InRelease s3://apt.defguard.net/dists/${DIST}/ --acl public-read
+ aws s3 cp Release.gpg s3://apt.defguard.net/dists/${DIST}/ --acl public-read
+ aws s3 cp InRelease s3://apt.defguard.net/dists/${DIST}/ --acl public-read
- # done
- # (aws s3 ls s3://apt.defguard.net/dists/ --recursive; aws s3 ls s3://apt.defguard.net/pool/ --recursive) | awk '{print ""$4"
"}' > index.html
- # aws s3 cp index.html s3://apt.defguard.net/ --acl public-read
+ done
+ (aws s3 ls s3://apt.defguard.net/dists/ --recursive; aws s3 ls s3://apt.defguard.net/pool/ --recursive) | awk '{print ""$4"
"}' > index.html
+ aws s3 cp index.html s3://apt.defguard.net/ --acl public-read
# update-aur:
# needs:
From 8027a3a33073ed162a4cf87e598cd23e6b2d57cd Mon Sep 17 00:00:00 2001
From: jakub-tldr <78603704+jakub-tldr@users.noreply.github.com>
Date: Fri, 19 Dec 2025 11:04:11 +0100
Subject: [PATCH 09/11] change "needs"
---
.github/workflows/release.yaml | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 3de81ced..0a5fdbd2 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -316,7 +316,8 @@ jobs:
apt-sign:
needs:
- - build-linux
+ # - build-linux
+ - ubuntu-22-04-build
runs-on:
- self-hosted
- Linux
From 41f53f70894ba76cc40cee31f9a4ac4e75ace07b Mon Sep 17 00:00:00 2001
From: jakub-tldr <78603704+jakub-tldr@users.noreply.github.com>
Date: Fri, 19 Dec 2025 11:28:11 +0100
Subject: [PATCH 10/11] ready to merge
---
.github/workflows/release.yaml | 664 ++++++++++++++++-----------------
1 file changed, 330 insertions(+), 334 deletions(-)
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 0a5fdbd2..9811746f 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -1,10 +1,8 @@
name: 'Build app and create release'
on:
push:
- # tags:
- # - v*.*.*
- branches:
- - ubuntu2204_dg_fix
+ tags:
+ - v*.*.*
jobs:
create-release:
@@ -17,15 +15,14 @@ jobs:
id: release
uses: softprops/action-gh-release@v2
with:
- tag_name: ${{ github.ref_name }}
draft: true
generate_release_notes: true
- # create-sbom:
- # needs: [create-release]
- # uses: ./.github/workflows/sbom.yml
- # with:
- # upload_url: ${{ needs.create-release.outputs.upload_url }}
+ create-sbom:
+ needs: [create-release]
+ uses: ./.github/workflows/sbom.yml
+ with:
+ upload_url: ${{ needs.create-release.outputs.upload_url }}
ubuntu-22-04-build:
needs:
- create-release
@@ -72,8 +69,7 @@ jobs:
echo "STORE_PATH=$(pnpm store path --silent)" >> ${GITHUB_ENV}
- name: Write release version
run: |
- # VERSION=$(echo ${GITHUB_REF_NAME#v} | cut -d '-' -f1)
- VERSION=1.6.0
+ VERSION=$(echo ${GITHUB_REF_NAME#v} | cut -d '-' -f1)
echo Version: $VERSION
echo "VERSION=$VERSION" >> ${GITHUB_ENV}
- uses: actions/cache@v4
@@ -133,190 +129,190 @@ jobs:
deb-s3 upload -l --bucket=apt.defguard.net --access-key-id=${{ secrets.AWS_ACCESS_KEY_APT }} --secret-access-key=${{ secrets.AWS_SECRET_KEY_APT }} --s3-region=eu-north-1 --no-fail-if-exists --codename=bookworm --component="$COMPONENT" src-tauri/target/release/bundle/deb/Defguard_${{ env.VERSION }}_${{ matrix.deb_arch }}.deb
deb-s3 upload -l --bucket=apt.defguard.net --access-key-id=${{ secrets.AWS_ACCESS_KEY_APT }} --secret-access-key=${{ secrets.AWS_SECRET_KEY_APT }} --s3-region=eu-north-1 --no-fail-if-exists --codename=bookworm --component="$COMPONENT" dg-linux-${{ env.VERSION }}_${{ matrix.deb_arch }}_ubuntu-22-04-lts.deb
- # build-linux:
- # needs:
- # - create-release
- # outputs:
- # deb_sha256_amd64: ${{ steps.calculate-sha256.outputs.deb_sha256_amd64 }}
- # runs-on:
- # - self-hosted
- # - Linux
- # - ${{ matrix.architecture }}
- # strategy:
- # fail-fast: false
- # matrix:
- # architecture: [ARM64, X64]
- # include:
- # - architecture: ARM64
- # deb_arch: arm64
- # binary_arch: aarch64
- # - architecture: X64
- # deb_arch: amd64
- # binary_arch: x86_64
- # steps:
- # - uses: actions/checkout@v5
- # with:
- # submodules: 'recursive'
- # - name: Write release version
- # run: |
- # VERSION=$(echo ${GITHUB_REF_NAME#v} | cut -d '-' -f1)
- # echo Version: $VERSION
- # echo "VERSION=$VERSION" >> ${GITHUB_ENV}
- # - uses: actions/setup-node@v5
- # with:
- # node-version: '24'
- # - uses: pnpm/action-setup@v4
- # with:
- # version: 10.17
- # run_install: false
- # - name: Get pnpm store directory
- # shell: bash
- # run: |
- # echo "STORE_PATH=$(pnpm store path --silent)" >> ${GITHUB_ENV}
- # - uses: actions/cache@v4
- # name: Setup pnpm cache
- # with:
- # path: ${{ env.STORE_PATH }}
- # key: ${{ runner.os }}-pnpm-build-store-${{ hashFiles('**/pnpm-lock.yaml') }}
- # restore-keys: |
- # ${{ runner.os }}-pnpm-build-store-
- # - name: Install Node dependencies
- # run: pnpm install --frozen-lockfile
- # - uses: dtolnay/rust-toolchain@stable
- # - name: Install Linux dependencies
- # run: |
- # sudo apt-get update
- # sudo apt-get install -y libgtk-3-dev libwebkit2gtk-4.1-dev libayatana-appindicator3-dev librsvg2-dev patchelf libssl-dev libxdo-dev unzip protobuf-compiler libprotobuf-dev rpm
- # - name: Build packages
- # uses: tauri-apps/tauri-action@v0.5.23 # .24 seems broken, TODO: update when fixed
- # env:
- # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- # with:
- # args: '--bundles deb,rpm'
- # - name: Calculate DEB SHA256
- # id: calculate-sha256
- # if: matrix.deb_arch == 'amd64'
- # run: |
- # DEB_FILE="src-tauri/target/release/bundle/deb/defguard-client_${{ env.VERSION }}_${{ matrix.deb_arch }}.deb"
- # DEB_SHA256=$(sha256sum "$DEB_FILE" | cut -d ' ' -f1)
- # echo "DEB SHA256: $DEB_SHA256"
- # echo "DEB_SHA256=$DEB_SHA256" >> ${GITHUB_ENV}
- # echo "deb_sha256_${{ matrix.deb_arch }}=$DEB_SHA256" >> ${GITHUB_OUTPUT}
- # - name: Upload RPM
- # uses: actions/upload-release-asset@v1
- # env:
- # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- # with:
- # upload_url: ${{ needs.create-release.outputs.upload_url }}
- # asset_path: src-tauri/target/release/bundle/rpm/defguard-client-${{ env.VERSION }}-1.${{ matrix.binary_arch }}.rpm
- # asset_name: defguard-client-${{ env.VERSION }}-1.${{ matrix.binary_arch }}.rpm
- # asset_content_type: application/octet-stream
- # - name: Upload DEB
- # uses: actions/upload-release-asset@v1
- # env:
- # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- # with:
- # upload_url: ${{ needs.create-release.outputs.upload_url }}
- # asset_path: src-tauri/target/release/bundle/deb/defguard-client_${{ env.VERSION }}_${{ matrix.deb_arch }}.deb
- # asset_name: defguard-client_${{ env.VERSION }}_${{ matrix.deb_arch }}.deb
- # asset_content_type: application/octet-stream
- # - name: Install ruby with deb-s3
- # if: matrix.build != 'freebsd'
- # run: |
- # sudo apt-get install -y ruby
- # gem install deb-s3
- # echo "$(ruby -r rubygems -e 'puts Gem.user_dir')/bin" >> $GITHUB_PATH
- # - name: Upload DEB to APT repository #Add this to ubuntu 22.04 job (on merge dev -> main) with --codename=bookworm
- # run: |
- # COMPONENT=$([[ "${{ github.ref_name }}" == *"-"* ]] && echo "pre-release" || echo "release") # if tag contain "-" assume it's pre-release.
- # deb-s3 upload -l --bucket=apt.defguard.net --access-key-id=${{ secrets.AWS_ACCESS_KEY_APT }} --secret-access-key=${{ secrets.AWS_SECRET_KEY_APT }} --s3-region=eu-north-1 --no-fail-if-exists --codename=trixie --component="$COMPONENT" src-tauri/target/release/bundle/deb/defguard-client_${{ env.VERSION }}_${{ matrix.deb_arch }}.deb
- # - name: Rename client binary
- # run: mv src-tauri/target/release/defguard-client defguard-client-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}
- # - name: Tar client binary
- # uses: a7ul/tar-action@v1.2.0
- # with:
- # command: c
- # files: |
- # defguard-client-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}
- # outPath: defguard-client-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.tar.gz
- # - name: Upload client archive
- # uses: actions/upload-release-asset@v1
- # env:
- # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- # with:
- # upload_url: ${{ needs.create-release.outputs.upload_url }}
- # asset_path: defguard-client-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.tar.gz
- # asset_name: defguard-client-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.tar.gz
- # asset_content_type: application/octet-stream
- # - name: Rename daemon binary
- # run: mv src-tauri/target/release/defguard-service defguard-service-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}
- # - name: Tar daemon binary
- # uses: a7ul/tar-action@v1.2.0
- # with:
- # command: c
- # files: |
- # defguard-service-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}
- # outPath: defguard-service-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.tar.gz
- # - name: Upload daemon archive
- # uses: actions/upload-release-asset@v1
- # env:
- # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- # with:
- # upload_url: ${{ needs.create-release.outputs.upload_url }}
- # asset_path: defguard-service-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.tar.gz
- # asset_name: defguard-service-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.tar.gz
- # asset_content_type: application/octet-stream
+ build-linux:
+ needs:
+ - create-release
+ outputs:
+ deb_sha256_amd64: ${{ steps.calculate-sha256.outputs.deb_sha256_amd64 }}
+ runs-on:
+ - self-hosted
+ - Linux
+ - ${{ matrix.architecture }}
+ strategy:
+ fail-fast: false
+ matrix:
+ architecture: [ARM64, X64]
+ include:
+ - architecture: ARM64
+ deb_arch: arm64
+ binary_arch: aarch64
+ - architecture: X64
+ deb_arch: amd64
+ binary_arch: x86_64
+ steps:
+ - uses: actions/checkout@v5
+ with:
+ submodules: 'recursive'
+ - name: Write release version
+ run: |
+ VERSION=$(echo ${GITHUB_REF_NAME#v} | cut -d '-' -f1)
+ echo Version: $VERSION
+ echo "VERSION=$VERSION" >> ${GITHUB_ENV}
+ - uses: actions/setup-node@v5
+ with:
+ node-version: '24'
+ - uses: pnpm/action-setup@v4
+ with:
+ version: 10.17
+ run_install: false
+ - name: Get pnpm store directory
+ shell: bash
+ run: |
+ echo "STORE_PATH=$(pnpm store path --silent)" >> ${GITHUB_ENV}
+ - uses: actions/cache@v4
+ name: Setup pnpm cache
+ with:
+ path: ${{ env.STORE_PATH }}
+ key: ${{ runner.os }}-pnpm-build-store-${{ hashFiles('**/pnpm-lock.yaml') }}
+ restore-keys: |
+ ${{ runner.os }}-pnpm-build-store-
+ - name: Install Node dependencies
+ run: pnpm install --frozen-lockfile
+ - uses: dtolnay/rust-toolchain@stable
+ - name: Install Linux dependencies
+ run: |
+ sudo apt-get update
+ sudo apt-get install -y libgtk-3-dev libwebkit2gtk-4.1-dev libayatana-appindicator3-dev librsvg2-dev patchelf libssl-dev libxdo-dev unzip protobuf-compiler libprotobuf-dev rpm
+ - name: Build packages
+ uses: tauri-apps/tauri-action@v0.5.23 # .24 seems broken, TODO: update when fixed
+ env:
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ with:
+ args: '--bundles deb,rpm'
+ - name: Calculate DEB SHA256
+ id: calculate-sha256
+ if: matrix.deb_arch == 'amd64'
+ run: |
+ DEB_FILE="src-tauri/target/release/bundle/deb/defguard-client_${{ env.VERSION }}_${{ matrix.deb_arch }}.deb"
+ DEB_SHA256=$(sha256sum "$DEB_FILE" | cut -d ' ' -f1)
+ echo "DEB SHA256: $DEB_SHA256"
+ echo "DEB_SHA256=$DEB_SHA256" >> ${GITHUB_ENV}
+ echo "deb_sha256_${{ matrix.deb_arch }}=$DEB_SHA256" >> ${GITHUB_OUTPUT}
+ - name: Upload RPM
+ uses: actions/upload-release-asset@v1
+ env:
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ with:
+ upload_url: ${{ needs.create-release.outputs.upload_url }}
+ asset_path: src-tauri/target/release/bundle/rpm/defguard-client-${{ env.VERSION }}-1.${{ matrix.binary_arch }}.rpm
+ asset_name: defguard-client-${{ env.VERSION }}-1.${{ matrix.binary_arch }}.rpm
+ asset_content_type: application/octet-stream
+ - name: Upload DEB
+ uses: actions/upload-release-asset@v1
+ env:
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ with:
+ upload_url: ${{ needs.create-release.outputs.upload_url }}
+ asset_path: src-tauri/target/release/bundle/deb/defguard-client_${{ env.VERSION }}_${{ matrix.deb_arch }}.deb
+ asset_name: defguard-client_${{ env.VERSION }}_${{ matrix.deb_arch }}.deb
+ asset_content_type: application/octet-stream
+ - name: Install ruby with deb-s3
+ if: matrix.build != 'freebsd'
+ run: |
+ sudo apt-get install -y ruby
+ gem install deb-s3
+ echo "$(ruby -r rubygems -e 'puts Gem.user_dir')/bin" >> $GITHUB_PATH
+ - name: Upload DEB to APT repository #Add this to ubuntu 22.04 job (on merge dev -> main) with --codename=bookworm
+ run: |
+ COMPONENT=$([[ "${{ github.ref_name }}" == *"-"* ]] && echo "pre-release" || echo "release") # if tag contain "-" assume it's pre-release.
+ deb-s3 upload -l --bucket=apt.defguard.net --access-key-id=${{ secrets.AWS_ACCESS_KEY_APT }} --secret-access-key=${{ secrets.AWS_SECRET_KEY_APT }} --s3-region=eu-north-1 --no-fail-if-exists --codename=trixie --component="$COMPONENT" src-tauri/target/release/bundle/deb/defguard-client_${{ env.VERSION }}_${{ matrix.deb_arch }}.deb
+ - name: Rename client binary
+ run: mv src-tauri/target/release/defguard-client defguard-client-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}
+ - name: Tar client binary
+ uses: a7ul/tar-action@v1.2.0
+ with:
+ command: c
+ files: |
+ defguard-client-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}
+ outPath: defguard-client-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.tar.gz
+ - name: Upload client archive
+ uses: actions/upload-release-asset@v1
+ env:
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ with:
+ upload_url: ${{ needs.create-release.outputs.upload_url }}
+ asset_path: defguard-client-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.tar.gz
+ asset_name: defguard-client-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.tar.gz
+ asset_content_type: application/octet-stream
+ - name: Rename daemon binary
+ run: mv src-tauri/target/release/defguard-service defguard-service-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}
+ - name: Tar daemon binary
+ uses: a7ul/tar-action@v1.2.0
+ with:
+ command: c
+ files: |
+ defguard-service-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}
+ outPath: defguard-service-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.tar.gz
+ - name: Upload daemon archive
+ uses: actions/upload-release-asset@v1
+ env:
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ with:
+ upload_url: ${{ needs.create-release.outputs.upload_url }}
+ asset_path: defguard-service-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.tar.gz
+ asset_name: defguard-service-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.tar.gz
+ asset_content_type: application/octet-stream
- # - name: Rename dg binary
- # run: mv src-tauri/target/release/dg dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}
- # - name: Tar dg binary
- # uses: a7ul/tar-action@v1.2.0
- # with:
- # command: c
- # files: |
- # dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}
- # outPath: dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.tar.gz
- # - name: Upload dg archive
- # uses: actions/upload-release-asset@v1
- # env:
- # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- # with:
- # upload_url: ${{ needs.create-release.outputs.upload_url }}
- # asset_path: dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.tar.gz
- # asset_name: dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.tar.gz
- # asset_content_type: application/octet-stream
- # - name: Build dg deb
- # uses: defGuard/fpm-action@main
- # with:
- # fpm_args: 'dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}=/usr/sbin/dg dg.service=/usr/lib/systemd/system/dg.service src-tauri/cli/.env=/etc/defguard/dg.conf'
- # fpm_opts: '--architecture ${{ matrix.binary_arch }} --debug --output-type deb --version ${{ env.VERSION }} --package dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.deb'
- # - name: Upload DEB
- # uses: actions/upload-release-asset@v1.0.2
- # env:
- # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- # with:
- # upload_url: ${{ needs.create-release.outputs.upload_url }}
- # asset_path: dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.deb
- # asset_name: dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.deb
- # asset_content_type: application/octet-stream
- # - name: Build dg rpm
- # uses: defGuard/fpm-action@main
- # with:
- # fpm_args: 'dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}=/usr/sbin/dg dg.service=/usr/lib/systemd/system/dg.service src-tauri/cli/.env=/etc/defguard/dg.conf'
- # fpm_opts: '--architecture ${{ matrix.binary_arch }} --debug --output-type rpm --version ${{ env.VERSION }} --package dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.rpm'
- # - name: Upload RPM
- # uses: actions/upload-release-asset@v1.0.2
- # env:
- # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- # with:
- # upload_url: ${{ needs.create-release.outputs.upload_url }}
- # asset_path: dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.rpm
- # asset_name: dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.rpm
- # asset_content_type: application/octet-stream
+ - name: Rename dg binary
+ run: mv src-tauri/target/release/dg dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}
+ - name: Tar dg binary
+ uses: a7ul/tar-action@v1.2.0
+ with:
+ command: c
+ files: |
+ dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}
+ outPath: dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.tar.gz
+ - name: Upload dg archive
+ uses: actions/upload-release-asset@v1
+ env:
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ with:
+ upload_url: ${{ needs.create-release.outputs.upload_url }}
+ asset_path: dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.tar.gz
+ asset_name: dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.tar.gz
+ asset_content_type: application/octet-stream
+ - name: Build dg deb
+ uses: defGuard/fpm-action@main
+ with:
+ fpm_args: 'dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}=/usr/sbin/dg dg.service=/usr/lib/systemd/system/dg.service src-tauri/cli/.env=/etc/defguard/dg.conf'
+ fpm_opts: '--architecture ${{ matrix.binary_arch }} --debug --output-type deb --version ${{ env.VERSION }} --package dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.deb'
+ - name: Upload DEB
+ uses: actions/upload-release-asset@v1.0.2
+ env:
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ with:
+ upload_url: ${{ needs.create-release.outputs.upload_url }}
+ asset_path: dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.deb
+ asset_name: dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.deb
+ asset_content_type: application/octet-stream
+ - name: Build dg rpm
+ uses: defGuard/fpm-action@main
+ with:
+ fpm_args: 'dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}=/usr/sbin/dg dg.service=/usr/lib/systemd/system/dg.service src-tauri/cli/.env=/etc/defguard/dg.conf'
+ fpm_opts: '--architecture ${{ matrix.binary_arch }} --debug --output-type rpm --version ${{ env.VERSION }} --package dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.rpm'
+ - name: Upload RPM
+ uses: actions/upload-release-asset@v1.0.2
+ env:
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ with:
+ upload_url: ${{ needs.create-release.outputs.upload_url }}
+ asset_path: dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.rpm
+ asset_name: dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.rpm
+ asset_content_type: application/octet-stream
apt-sign:
needs:
- # - build-linux
+ - build-linux
- ubuntu-22-04-build
runs-on:
- self-hosted
@@ -349,152 +345,152 @@ jobs:
(aws s3 ls s3://apt.defguard.net/dists/ --recursive; aws s3 ls s3://apt.defguard.net/pool/ --recursive) | awk '{print ""$4"
"}' > index.html
aws s3 cp index.html s3://apt.defguard.net/ --acl public-read
- # update-aur:
- # needs:
- # - create-release
- # - build-linux
- # if: "!contains(github.ref_name, '-')"
- # runs-on:
- # - self-hosted
- # - Linux
- # - ${{ matrix.architecture }}
- # container: archlinux:latest
- # strategy:
- # fail-fast: false
- # matrix:
- # architecture: [X64]
- # include:
- # - architecture: X64
- # deb_arch: amd64
- # binary_arch: x86_64
- # steps:
- # - name: Install dependencies
- # run: |
- # pacman -Syu --noconfirm
- # pacman -S --noconfirm git openssh base-devel
- # - name: Setup SSH for AUR
- # run: |
- # mkdir -p ~/.ssh
- # echo "${{ secrets.AUR_SSH_KEY }}" > ~/.ssh/id_rsa
- # chmod 600 ~/.ssh/id_rsa
- # ssh-keyscan aur.archlinux.org >> ~/.ssh/known_hosts
- # chmod 600 ~/.ssh/known_hosts
- # # Create SSH config file
- # cat > ~/.ssh/config << EOF
- # Host aur.archlinux.org
- # IdentityFile ~/.ssh/id_rsa
- # User aur
- # StrictHostKeyChecking accept-new
- # EOF
- # chmod 600 ~/.ssh/config
- # - name: Update AUR Package
- # run: |
+ update-aur:
+ needs:
+ - create-release
+ - build-linux
+ if: "!contains(github.ref_name, '-')"
+ runs-on:
+ - self-hosted
+ - Linux
+ - ${{ matrix.architecture }}
+ container: archlinux:latest
+ strategy:
+ fail-fast: false
+ matrix:
+ architecture: [X64]
+ include:
+ - architecture: X64
+ deb_arch: amd64
+ binary_arch: x86_64
+ steps:
+ - name: Install dependencies
+ run: |
+ pacman -Syu --noconfirm
+ pacman -S --noconfirm git openssh base-devel
+ - name: Setup SSH for AUR
+ run: |
+ mkdir -p ~/.ssh
+ echo "${{ secrets.AUR_SSH_KEY }}" > ~/.ssh/id_rsa
+ chmod 600 ~/.ssh/id_rsa
+ ssh-keyscan aur.archlinux.org >> ~/.ssh/known_hosts
+ chmod 600 ~/.ssh/known_hosts
+ # Create SSH config file
+ cat > ~/.ssh/config << EOF
+ Host aur.archlinux.org
+ IdentityFile ~/.ssh/id_rsa
+ User aur
+ StrictHostKeyChecking accept-new
+ EOF
+ chmod 600 ~/.ssh/config
+ - name: Update AUR Package
+ run: |
- # git config --global user.name "Defguard Build System"
- # git config --global user.email "community@defguard.net"
- # git config --global --add safe.directory '*'
+ git config --global user.name "Defguard Build System"
+ git config --global user.email "community@defguard.net"
+ git config --global --add safe.directory '*'
- # rm -rf aur-repo || true
- # GIT_SSH_COMMAND="ssh -v -i ~/.ssh/id_rsa -o StrictHostKeyChecking=accept-new" \
- # git clone "ssh://aur@aur.archlinux.org/defguard-client.git" aur-repo
- # cd aur-repo
- # git config --global --add safe.directory "$(pwd)"
- # VERSION=$(echo ${GITHUB_REF_NAME#v} | cut -d '-' -f1)
- # echo "Updating to version: $VERSION"
- # sed -i "s/^pkgver=.*/pkgver=$VERSION/" PKGBUILD
+ rm -rf aur-repo || true
+ GIT_SSH_COMMAND="ssh -v -i ~/.ssh/id_rsa -o StrictHostKeyChecking=accept-new" \
+ git clone "ssh://aur@aur.archlinux.org/defguard-client.git" aur-repo
+ cd aur-repo
+ git config --global --add safe.directory "$(pwd)"
+ VERSION=$(echo ${GITHUB_REF_NAME#v} | cut -d '-' -f1)
+ echo "Updating to version: $VERSION"
+ sed -i "s/^pkgver=.*/pkgver=$VERSION/" PKGBUILD
- # AMD64_SHA="${{ needs.build-linux.outputs.deb_sha256_amd64 }}"
- # echo "AMD64 DEB SHA256: $AMD64_SHA"
- # sed -i "s/^sha256sums_x86_64=.*/sha256sums_x86_64=('$AMD64_SHA')/" PKGBUILD
+ AMD64_SHA="${{ needs.build-linux.outputs.deb_sha256_amd64 }}"
+ echo "AMD64 DEB SHA256: $AMD64_SHA"
+ sed -i "s/^sha256sums_x86_64=.*/sha256sums_x86_64=('$AMD64_SHA')/" PKGBUILD
- # useradd -m builduser
- # chown -R builduser:builduser .
+ useradd -m builduser
+ chown -R builduser:builduser .
- # su builduser -c "makepkg --printsrcinfo" > .SRCINFO
- # git add PKGBUILD .SRCINFO
- # git commit -m "Updated to $VERSION"
- # GIT_SSH_COMMAND="ssh -v -i ~/.ssh/id_rsa -o StrictHostKeyChecking=accept-new" git push
- # cat PKGBUILD
- # cat .SRCINFO
+ su builduser -c "makepkg --printsrcinfo" > .SRCINFO
+ git add PKGBUILD .SRCINFO
+ git commit -m "Updated to $VERSION"
+ GIT_SSH_COMMAND="ssh -v -i ~/.ssh/id_rsa -o StrictHostKeyChecking=accept-new" git push
+ cat PKGBUILD
+ cat .SRCINFO
- # # Builds Windows MSI and uploads it as artifact
- # build-windows:
- # needs:
- # - create-release
- # runs-on: windows-latest
- # steps:
- # - uses: actions/checkout@v5
- # with:
- # submodules: 'recursive'
- # - name: Write release version
- # run: |
- # $env:VERSION=echo ($env:GITHUB_REF_NAME.Substring(1) -Split "-")[0]
- # echo Version: $env:VERSION
- # echo "VERSION=$env:VERSION" >> $env:GITHUB_ENV
- # - uses: actions/setup-node@v6
- # with:
- # node-version: '22'
- # - uses: pnpm/action-setup@v4
- # with:
- # version: 10
- # run_install: false
- # - name: Get pnpm store directory
- # shell: bash
- # run: echo "STORE_PATH=$(pnpm store path --silent)" >> ${GITHUB_ENV}
- # - uses: actions/cache@v4
- # name: Setup pnpm cache
- # with:
- # path: ${{ env.STORE_PATH }}
- # key: ${{ runner.os }}-pnpm-build-store-${{ hashFiles('**/pnpm-lock.yaml') }}
- # restore-keys: |
- # ${{ runner.os }}-pnpm-build-store-
- # - name: Install deps
- # run: pnpm install --frozen-lockfile
- # - uses: dtolnay/rust-toolchain@stable
- # - name: Install Protoc
- # uses: arduino/setup-protoc@v3
- # with:
- # repo-token: ${{ secrets.GITHUB_TOKEN }}
- # - name: Remove "default-run" line from Cargo.toml
- # run: |
- # Set-Content -Path ".\src-tauri\Cargo.toml" -Value (get-content -Path ".\src-tauri\Cargo.toml" | Select-String -Pattern 'default-run =' -NotMatch)
- # - name: Build packages
- # uses: tauri-apps/tauri-action@v0.5.23 # .24 seems broken, TODO: update when fixed
- # env:
- # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- # - name: Upload unsigned bundle
- # uses: actions/upload-artifact@v4
- # with:
- # name: unsigned-bundle
- # path: src-tauri/target/release/bundle/msi/defguard-client_${{ env.VERSION }}_x64_en-US.msi
+ # Builds Windows MSI and uploads it as artifact
+ build-windows:
+ needs:
+ - create-release
+ runs-on: windows-latest
+ steps:
+ - uses: actions/checkout@v5
+ with:
+ submodules: 'recursive'
+ - name: Write release version
+ run: |
+ $env:VERSION=echo ($env:GITHUB_REF_NAME.Substring(1) -Split "-")[0]
+ echo Version: $env:VERSION
+ echo "VERSION=$env:VERSION" >> $env:GITHUB_ENV
+ - uses: actions/setup-node@v6
+ with:
+ node-version: '22'
+ - uses: pnpm/action-setup@v4
+ with:
+ version: 10
+ run_install: false
+ - name: Get pnpm store directory
+ shell: bash
+ run: echo "STORE_PATH=$(pnpm store path --silent)" >> ${GITHUB_ENV}
+ - uses: actions/cache@v4
+ name: Setup pnpm cache
+ with:
+ path: ${{ env.STORE_PATH }}
+ key: ${{ runner.os }}-pnpm-build-store-${{ hashFiles('**/pnpm-lock.yaml') }}
+ restore-keys: |
+ ${{ runner.os }}-pnpm-build-store-
+ - name: Install deps
+ run: pnpm install --frozen-lockfile
+ - uses: dtolnay/rust-toolchain@stable
+ - name: Install Protoc
+ uses: arduino/setup-protoc@v3
+ with:
+ repo-token: ${{ secrets.GITHUB_TOKEN }}
+ - name: Remove "default-run" line from Cargo.toml
+ run: |
+ Set-Content -Path ".\src-tauri\Cargo.toml" -Value (get-content -Path ".\src-tauri\Cargo.toml" | Select-String -Pattern 'default-run =' -NotMatch)
+ - name: Build packages
+ uses: tauri-apps/tauri-action@v0.5.23 # .24 seems broken, TODO: update when fixed
+ env:
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ - name: Upload unsigned bundle
+ uses: actions/upload-artifact@v4
+ with:
+ name: unsigned-bundle
+ path: src-tauri/target/release/bundle/msi/defguard-client_${{ env.VERSION }}_x64_en-US.msi
- # # Signs the MSI and uploads it as release asset
- # sign-bundle:
- # needs:
- # - create-release
- # - build-windows
- # runs-on:
- # - self-hosted
- # - Linux
- # - X64
- # steps:
- # - name: Write release version
- # run: |
- # VERSION=$(echo ${GITHUB_REF_NAME#v} | cut -d '-' -f1)
- # echo Version: $VERSION
- # echo "VERSION=$VERSION" >> ${GITHUB_ENV}
- # - name: Download unsigned bundle
- # uses: actions/download-artifact@v4
- # with:
- # name: unsigned-bundle
- # - name: Sign bundle
- # run: osslsigncode sign -pkcs11module /srv/codesign/certum/sc30pkcs11-3.0.6.71-MS.so -pkcs11cert ${{ secrets.CODESIGN_KEYID }} -key ${{ secrets.CODESIGN_KEYID }} -pass ${{ secrets.CODESIGN_PIN }} -h sha256 -t http://time.certum.pl/ -in defguard-client_${{ env.VERSION }}_x64_en-US.msi -out defguard-client-signed.msi
- # - name: Upload installer asset
- # uses: actions/upload-release-asset@v1
- # env:
- # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- # with:
- # upload_url: ${{ needs.create-release.outputs.upload_url }}
- # asset_path: defguard-client-signed.msi
- # asset_name: defguard-client_${{ env.VERSION }}_x64_en-US.msi
- # asset_content_type: application/octet-stream
+ # Signs the MSI and uploads it as release asset
+ sign-bundle:
+ needs:
+ - create-release
+ - build-windows
+ runs-on:
+ - self-hosted
+ - Linux
+ - X64
+ steps:
+ - name: Write release version
+ run: |
+ VERSION=$(echo ${GITHUB_REF_NAME#v} | cut -d '-' -f1)
+ echo Version: $VERSION
+ echo "VERSION=$VERSION" >> ${GITHUB_ENV}
+ - name: Download unsigned bundle
+ uses: actions/download-artifact@v4
+ with:
+ name: unsigned-bundle
+ - name: Sign bundle
+ run: osslsigncode sign -pkcs11module /srv/codesign/certum/sc30pkcs11-3.0.6.71-MS.so -pkcs11cert ${{ secrets.CODESIGN_KEYID }} -key ${{ secrets.CODESIGN_KEYID }} -pass ${{ secrets.CODESIGN_PIN }} -h sha256 -t http://time.certum.pl/ -in defguard-client_${{ env.VERSION }}_x64_en-US.msi -out defguard-client-signed.msi
+ - name: Upload installer asset
+ uses: actions/upload-release-asset@v1
+ env:
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ with:
+ upload_url: ${{ needs.create-release.outputs.upload_url }}
+ asset_path: defguard-client-signed.msi
+ asset_name: defguard-client_${{ env.VERSION }}_x64_en-US.msi
+ asset_content_type: application/octet-stream
From 22e302faefb7f1c8fbb3bb8208dd3ffe0b6446e4 Mon Sep 17 00:00:00 2001
From: jakub-tldr <78603704+jakub-tldr@users.noreply.github.com>
Date: Fri, 19 Dec 2025 11:47:30 +0100
Subject: [PATCH 11/11] change node version
---
.github/workflows/release.yaml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 9811746f..978a6622 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -429,7 +429,7 @@ jobs:
echo "VERSION=$env:VERSION" >> $env:GITHUB_ENV
- uses: actions/setup-node@v6
with:
- node-version: '22'
+ node-version: '24'
- uses: pnpm/action-setup@v4
with:
version: 10