Skip to content
Make a new release

workflow test #63

Sign in to view logs

workflow test

workflow test #63

Workflow file for this run

.github/workflows/release.yml at bcac4db
name: Make a new release
on:
push:
branches:
- apt_repository
# tags:
# - v*.*.*
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
# build-docker-release:
# # Ignore tags with -, like v1.0.0-alpha
# # This job will build the docker container with the "latest" tag which
# # is a tag used in production, thus it should only be run for full releases.
# if: startsWith(github.ref, 'refs/tags/') && !contains(github.ref, '-')
# name: Build Release Docker image
# uses: ./.github/workflows/build-docker.yml
# with:
# tags: |
# type=raw,value=latest
# type=semver,pattern={{version}}
# type=semver,pattern={{major}}.{{minor}}
# type=sha
# build-docker-prerelease:
# # Only build tags with -, like v1.0.0-alpha
# if: startsWith(github.ref, 'refs/tags/') && contains(github.ref, '-')
# name: Build Pre-release Docker image
# uses: ./.github/workflows/build-docker.yml
# with:
# tags: |
# type=raw,value=pre-release
# type=semver,pattern={{version}}
# type=sha
# # Explicitly disable latest tag. It will be added otherwise.
# flavor: |
# latest=false
create-release:
name: create-release
runs-on: self-hosted
outputs:
upload_url: ${{ steps.release.outputs.upload_url }}
steps:
- name: Create GitHub release
id: release
uses: softprops/action-gh-release@v1
# if: startsWith(github.ref, 'refs/tags/')
with:
draft: true
generate_release_notes: true
# create-sbom:
# needs: [create-release, build-docker-release]
# uses: ./.github/workflows/sbom.yml
# with:
# upload_url: ${{ needs.create-release.outputs.upload_url }}
build-binaries:
needs: [create-release]
runs-on:
- self-hosted
- ${{ matrix.os }}
- X64
strategy:
fail-fast: false
matrix:
build: [linux] #, linux-arm64, freebsd]
include:
- build: linux
arch: amd64
os: Linux
target: x86_64-unknown-linux-gnu
# - build: linux-arm64
# arch: arm64
# os: Linux
# target: aarch64-unknown-linux-gnu
# - build: freebsd
# arch: amd64
# os: Linux
# target: x86_64-unknown-freebsd
steps:
# Store the version, stripping any v-prefix
# - name: Write release version
# run: |
# VERSION=${GITHUB_REF_NAME#v}
# echo Version: $VERSION
# echo "VERSION=$VERSION" >> $GITHUB_ENV
- name: Write release version
run: |
VERSION=${GITHUB_REF_NAME#v}
echo Version: $VERSION
echo "VERSION=1.5.1" >> $GITHUB_ENV
- name: Checkout
uses: actions/checkout@v4
with:
submodules: recursive
- name: Install Rust stable
uses: actions-rs/toolchain@v1
with:
toolchain: stable
target: ${{ matrix.target }}
override: true
- name: Setup `packer`
uses: hashicorp/setup-packer@main
id: setup
- name: Set up Docker BuildX
uses: docker/setup-buildx-action@v3
with:
config-inline: |
[registry."docker.io"]
mirrors = ["dockerhub-proxy.teonite.net"]
- name: Install pnpm
uses: pnpm/action-setup@v4
with:
version: 10
- name: Use Node.js
uses: actions/setup-node@v4
with:
node-version: 24
cache: "pnpm"
cache-dependency-path: ./web/pnpm-lock.yaml
- name: Install frontend dependencies
run: pnpm install --ignore-scripts --frozen-lockfile
working-directory: web
- name: Build frontend
run: pnpm build
working-directory: web
- name: Build release binary
uses: actions-rs/cargo@v1
with:
use-cross: true
command: build
args: --locked --release --target ${{ matrix.target }}
- name: Rename binary
run: mv target/${{ matrix.target }}/release/defguard-proxy defguard-proxy-${{ github.ref_name }}-${{ matrix.target }}
- name: Tar
uses: a7ul/tar-action@v1.1.0
with:
command: c
files: |
defguard-proxy-${{ github.ref_name }}-${{ matrix.target }}
outPath: defguard-proxy-${{ github.ref_name }}-${{ matrix.target }}.tar.gz
- name: Upload release archive
uses: actions/upload-release-asset@v1.0.2
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ needs.create-release.outputs.upload_url }}
asset_path: defguard-proxy-${{ github.ref_name }}-${{ matrix.target }}.tar.gz
asset_name: defguard-proxy-${{ github.ref_name }}-${{ matrix.target }}.tar.gz
asset_content_type: application/octet-stream
- name: Build DEB package
if: matrix.build == 'linux'
uses: bpicode/github-action-fpm@master
with:
fpm_args: "defguard-proxy-${{ github.ref_name }}-${{ matrix.target }}=/usr/bin/defguard-proxy defguard-proxy.service=/usr/lib/systemd/system/defguard-proxy.service example-config.toml=/etc/defguard/proxy.toml"
fpm_opts: "--architecture ${{ matrix.arch }} --debug --output-type deb --version ${{ env.VERSION }} --package defguard-proxy-${{ env.VERSION }}-${{ matrix.target }}.deb"
- name: Upload DEB
if: matrix.build == 'linux'
uses: actions/upload-release-asset@v1.0.2
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ needs.create-release.outputs.upload_url }}
asset_path: defguard-proxy-${{ env.VERSION }}-${{ matrix.target }}.deb
asset_name: defguard-proxy-${{ env.VERSION }}-${{ matrix.target }}.deb
asset_content_type: application/octet-stream
- name: Upload DEB to apt repository
if: matrix.build == 'linux'
run: |
export PATH="/srv/github/defguard/.local/share/gem/ruby/3.3.0/bin:$PATH"
COMPONENT=$([[ "${{ github.ref_name }}" == *"-"* ]] && echo "pre-release" || echo "release") # if tag contain "-" assume it's pre-release.
deb-s3 upload -l --bucket=apt.defguard.net --access-key-id=${{ secrets.AWS_ACCESS_KEY }} --secret-access-key=${{ secrets.AWS_SECRET_KEY }} --s3-region=eu-north-1 --no-fail-if-exists --codename=trixie --component="$COMPONENT" defguard-proxy-${{ env.VERSION }}-${{ matrix.target }}.deb
- name: Run `packer init`
if: matrix.build == 'linux' && matrix.arch == 'amd64'
id: init
run: "packer init ./images/ami/proxy.pkr.hcl"
# - name: Build AMI images for multiple regions
# if: matrix.build == 'linux' && matrix.arch == 'amd64'
# run: |
# regions=(us-east-1 eu-west-1 ap-northeast-1 eu-central-1)
# for region in "${regions[@]}"; do
# echo "Building AMI for region: $region"
# echo "Running packer validate for $region..."
# packer validate --var "package_version=${{ env.VERSION }}" --var "region=$region" ./images/ami/proxy.pkr.hcl
# echo "Building AMI image for $region..."
# packer build -color=false -on-error=abort --var "package_version=${{ env.VERSION }}" --var "region=$region" ./images/ami/proxy.pkr.hcl
# done
# env:
# AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
# AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
# - name: Build RPM package
# if: matrix.build == 'linux'
# uses: bpicode/github-action-fpm@master
# with:
# fpm_args: "defguard-proxy-${{ github.ref_name }}-${{ matrix.target }}=/usr/bin/defguard-proxy defguard-proxy.service=/usr/lib/systemd/system/defguard-proxy.service example-config.toml=/etc/defguard/proxy.toml"
# fpm_opts: "--architecture ${{ matrix.arch }} --debug --output-type rpm --version ${{ env.VERSION }} --package defguard-proxy-${{ env.VERSION }}-${{ matrix.target }}.rpm"
# - name: Upload RPM
# if: matrix.build == 'linux'
# uses: actions/upload-release-asset@v1.0.2
# env:
# GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# with:
# upload_url: ${{ needs.create-release.outputs.upload_url }}
# asset_path: defguard-proxy-${{ env.VERSION }}-${{ matrix.target }}.rpm
# asset_name: defguard-proxy-${{ env.VERSION }}-${{ matrix.target }}.rpm
# asset_content_type: application/octet-stream