@@ -52,160 +52,167 @@ jobs:
5252 draft : true
5353 generate_release_notes : true
5454
55- build-binaries :
56- needs : [create-release]
57- runs-on :
58- - self-hosted
59- - ${{ matrix.os }}
60- - X64
61- strategy :
62- fail-fast : false
63- matrix :
64- build : [linux, linux-arm64, freebsd]
65- include :
66- - build : linux
67- arch : amd64
68- os : Linux
69- target : x86_64-unknown-linux-gnu
70- - build : linux-arm64
71- arch : arm64
72- os : Linux
73- target : aarch64-unknown-linux-gnu
74- - build : freebsd
75- arch : amd64
76- os : Linux
77- target : x86_64-unknown-freebsd
78- steps :
79- # Store the version, stripping any v-prefix
80- - name : Write release version
81- run : |
82- VERSION=${GITHUB_REF_NAME#v}
83- echo Version: $VERSION
84- echo "VERSION=$VERSION" >> $GITHUB_ENV
85-
86- name : Checkout
87- uses : actions/checkout@v4
88- with :
89- submodules : recursive
90-
91- - name : Install Rust stable
92- uses : actions-rs/toolchain@v1
93- with :
94- toolchain : stable
95- target : ${{ matrix.target }}
96- override : true
97-
98- - name : Setup `packer`
99- uses : hashicorp/setup-packer@main
100- id : setup
101-
102- - name : Set up Docker BuildX
103- uses : docker/setup-buildx-action@v3
104- with :
105- config-inline : |
106- [registry."docker.io"]
107- mirrors = ["dockerhub-proxy.teonite.net"]
108-
109- name : Install pnpm
110- uses : pnpm/action-setup@v4
111- with :
112- version : 10
113-
114- - name : Use Node.js
115- uses : actions/setup-node@v4
116- with :
117- node-version : 24
118- cache : " pnpm"
119- cache-dependency-path : ./webnext/pnpm-lock.yaml
120-
121- - name : Install frontend dependencies
122- run : pnpm install --ignore-scripts --frozen-lockfile
123- working-directory : webnext
124-
125- - name : Build frontend
126- run : pnpm build
127- working-directory : webnext
128-
129- - name : Build release binary
130- uses : actions-rs/cargo@v1
131- with :
132- use-cross : true
133- command : build
134- args : --locked --release --target ${{ matrix.target }}
135-
136- - name : Rename binary
137- run : mv target/${{ matrix.target }}/release/defguard-proxy defguard-proxy-${{ github.ref_name }}-${{ matrix.target }}
138-
139- - name : Tar
140- 141- with :
142- command : c
143- files : |
144- defguard-proxy-${{ github.ref_name }}-${{ matrix.target }}
145- outPath : defguard-proxy-${{ github.ref_name }}-${{ matrix.target }}.tar.gz
146-
147- - name : Upload release archive
148- 149- env :
150- GITHUB_TOKEN : ${{ secrets.GITHUB_TOKEN }}
151- with :
152- upload_url : ${{ needs.create-release.outputs.upload_url }}
153- asset_path : defguard-proxy-${{ github.ref_name }}-${{ matrix.target }}.tar.gz
154- asset_name : defguard-proxy-${{ github.ref_name }}-${{ matrix.target }}.tar.gz
155- asset_content_type : application/octet-stream
156-
157- - name : Build DEB package
158- if : matrix.build == 'linux'
159- uses : bpicode/github-action-fpm@master
160- with :
161- fpm_args : " defguard-proxy-${{ github.ref_name }}-${{ matrix.target }}=/usr/bin/defguard-proxy defguard-proxy.service=/usr/lib/systemd/system/defguard-proxy.service example-config.toml=/etc/defguard/proxy.toml"
162- fpm_opts : " --architecture ${{ matrix.arch }} --debug --output-type deb --version ${{ env.VERSION }} --package defguard-proxy-${{ env.VERSION }}-${{ matrix.target }}.deb"
163-
164- - name : Upload DEB
165- if : matrix.build == 'linux'
166- 167- env :
168- GITHUB_TOKEN : ${{ secrets.GITHUB_TOKEN }}
169- with :
170- upload_url : ${{ needs.create-release.outputs.upload_url }}
171- asset_path : defguard-proxy-${{ env.VERSION }}-${{ matrix.target }}.deb
172- asset_name : defguard-proxy-${{ env.VERSION }}-${{ matrix.target }}.deb
173- asset_content_type : application/octet-stream
174-
175- - name : Run `packer init`
176- if : matrix.build == 'linux' && matrix.arch == 'amd64'
177- id : init
178- run : " packer init ./images/ami/proxy.pkr.hcl"
179-
180- - name : Build AMI images for multiple regions
181- if : matrix.build == 'linux' && matrix.arch == 'amd64'
182- run : |
183- regions=(us-east-1 eu-west-1 ap-northeast-1 eu-central-1)
184- for region in "${regions[@]}"; do
185- echo "Building AMI for region: $region"
186- echo "Running packer validate for $region..."
187- packer validate --var "package_version=${{ env.VERSION }}" --var "region=$region" ./images/ami/proxy.pkr.hcl
188- echo "Building AMI image for $region..."
189- packer build -color=false -on-error=abort --var "package_version=${{ env.VERSION }}" --var "region=$region" ./images/ami/proxy.pkr.hcl
190- done
191- env :
192- AWS_ACCESS_KEY_ID : ${{ secrets.AWS_ACCESS_KEY_ID }}
193- AWS_SECRET_ACCESS_KEY : ${{ secrets.AWS_SECRET_ACCESS_KEY }}
194-
195- - name : Build RPM package
196- if : matrix.build == 'linux'
197- uses : bpicode/github-action-fpm@master
198- with :
199- fpm_args : " defguard-proxy-${{ github.ref_name }}-${{ matrix.target }}=/usr/bin/defguard-proxy defguard-proxy.service=/usr/lib/systemd/system/defguard-proxy.service example-config.toml=/etc/defguard/proxy.toml"
200- fpm_opts : " --architecture ${{ matrix.arch }} --debug --output-type rpm --version ${{ env.VERSION }} --package defguard-proxy-${{ env.VERSION }}-${{ matrix.target }}.rpm"
201-
202- - name : Upload RPM
203- if : matrix.build == 'linux'
204- 205- env :
206- GITHUB_TOKEN : ${{ secrets.GITHUB_TOKEN }}
207- with :
208- upload_url : ${{ needs.create-release.outputs.upload_url }}
209- asset_path : defguard-proxy-${{ env.VERSION }}-${{ matrix.target }}.rpm
210- asset_name : defguard-proxy-${{ env.VERSION }}-${{ matrix.target }}.rpm
211- asset_content_type : application/octet-stream
55+ create-sbom :
56+ # TODO change to build-docker-release
57+ needs : [create-release, build-docker-prerelease]
58+ uses : ./.github/workflows/sbom.yml
59+ with :
60+ upload_url : ${{ needs.create-release.outputs.upload_url }}
61+
62+ # build-binaries:
63+ # needs: [create-release]
64+ # runs-on:
65+ # - self-hosted
66+ # - ${{ matrix.os }}
67+ # - X64
68+ # strategy:
69+ # fail-fast: false
70+ # matrix:
71+ # build: [linux, linux-arm64, freebsd]
72+ # include:
73+ # - build: linux
74+ # arch: amd64
75+ # os: Linux
76+ # target: x86_64-unknown-linux-gnu
77+ # - build: linux-arm64
78+ # arch: arm64
79+ # os: Linux
80+ # target: aarch64-unknown-linux-gnu
81+ # - build: freebsd
82+ # arch: amd64
83+ # os: Linux
84+ # target: x86_64-unknown-freebsd
85+ # steps:
86+ # # Store the version, stripping any v-prefix
87+ # - name: Write release version
88+ # run: |
89+ # VERSION=${GITHUB_REF_NAME#v}
90+ # echo Version: $VERSION
91+ # echo "VERSION=$VERSION" >> $GITHUB_ENV
92+
93+ # - name: Checkout
94+ # uses: actions/checkout@v4
95+ # with:
96+ # submodules: recursive
97+
98+ # - name: Install Rust stable
99+ # uses: actions-rs/toolchain@v1
100+ # with:
101+ # toolchain: stable
102+ # target: ${{ matrix.target }}
103+ # override: true
104+
105+ # - name: Setup `packer`
106+ # uses: hashicorp/setup-packer@main
107+ # id: setup
108+
109+ # - name: Set up Docker BuildX
110+ # uses: docker/setup-buildx-action@v3
111+ # with:
112+ # config-inline: |
113+ # [registry."docker.io"]
114+ # mirrors = ["dockerhub-proxy.teonite.net"]
115+
116+ # - name: Install pnpm
117+ # uses: pnpm/action-setup@v4
118+ # with:
119+ # version: 10
120+
121+ # - name: Use Node.js
122+ # uses: actions/setup-node@v4
123+ # with:
124+ # node-version: 24
125+ # cache: "pnpm"
126+ # cache-dependency-path: ./webnext/pnpm-lock.yaml
127+
128+ # - name: Install frontend dependencies
129+ # run: pnpm install --ignore-scripts --frozen-lockfile
130+ # working-directory: webnext
131+
132+ # - name: Build frontend
133+ # run: pnpm build
134+ # working-directory: webnext
135+
136+ # - name: Build release binary
137+ # uses: actions-rs/cargo@v1
138+ # with:
139+ # use-cross: true
140+ # command: build
141+ # args: --locked --release --target ${{ matrix.target }}
142+
143+ # - name: Rename binary
144+ # run: mv target/${{ matrix.target }}/release/defguard-proxy defguard-proxy-${{ github.ref_name }}-${{ matrix.target }}
145+
146+ # - name: Tar
147+ 148+ # with:
149+ # command: c
150+ # files: |
151+ # defguard-proxy-${{ github.ref_name }}-${{ matrix.target }}
152+ # outPath: defguard-proxy-${{ github.ref_name }}-${{ matrix.target }}.tar.gz
153+
154+ # - name: Upload release archive
155+ 156+ # env:
157+ # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
158+ # with:
159+ # upload_url: ${{ needs.create-release.outputs.upload_url }}
160+ # asset_path: defguard-proxy-${{ github.ref_name }}-${{ matrix.target }}.tar.gz
161+ # asset_name: defguard-proxy-${{ github.ref_name }}-${{ matrix.target }}.tar.gz
162+ # asset_content_type: application/octet-stream
163+
164+ # - name: Build DEB package
165+ # if: matrix.build == 'linux'
166+ # uses: bpicode/github-action-fpm@master
167+ # with:
168+ # fpm_args: "defguard-proxy-${{ github.ref_name }}-${{ matrix.target }}=/usr/bin/defguard-proxy defguard-proxy.service=/usr/lib/systemd/system/defguard-proxy.service example-config.toml=/etc/defguard/proxy.toml"
169+ # fpm_opts: "--architecture ${{ matrix.arch }} --debug --output-type deb --version ${{ env.VERSION }} --package defguard-proxy-${{ env.VERSION }}-${{ matrix.target }}.deb"
170+
171+ # - name: Upload DEB
172+ # if: matrix.build == 'linux'
173+ 174+ # env:
175+ # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
176+ # with:
177+ # upload_url: ${{ needs.create-release.outputs.upload_url }}
178+ # asset_path: defguard-proxy-${{ env.VERSION }}-${{ matrix.target }}.deb
179+ # asset_name: defguard-proxy-${{ env.VERSION }}-${{ matrix.target }}.deb
180+ # asset_content_type: application/octet-stream
181+
182+ # - name: Run `packer init`
183+ # if: matrix.build == 'linux' && matrix.arch == 'amd64'
184+ # id: init
185+ # run: "packer init ./images/ami/proxy.pkr.hcl"
186+
187+ # - name: Build AMI images for multiple regions
188+ # if: matrix.build == 'linux' && matrix.arch == 'amd64'
189+ # run: |
190+ # regions=(us-east-1 eu-west-1 ap-northeast-1 eu-central-1)
191+ # for region in "${regions[@]}"; do
192+ # echo "Building AMI for region: $region"
193+ # echo "Running packer validate for $region..."
194+ # packer validate --var "package_version=${{ env.VERSION }}" --var "region=$region" ./images/ami/proxy.pkr.hcl
195+ # echo "Building AMI image for $region..."
196+ # packer build -color=false -on-error=abort --var "package_version=${{ env.VERSION }}" --var "region=$region" ./images/ami/proxy.pkr.hcl
197+ # done
198+ # env:
199+ # AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
200+ # AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
201+
202+ # - name: Build RPM package
203+ # if: matrix.build == 'linux'
204+ # uses: bpicode/github-action-fpm@master
205+ # with:
206+ # fpm_args: "defguard-proxy-${{ github.ref_name }}-${{ matrix.target }}=/usr/bin/defguard-proxy defguard-proxy.service=/usr/lib/systemd/system/defguard-proxy.service example-config.toml=/etc/defguard/proxy.toml"
207+ # fpm_opts: "--architecture ${{ matrix.arch }} --debug --output-type rpm --version ${{ env.VERSION }} --package defguard-proxy-${{ env.VERSION }}-${{ matrix.target }}.rpm"
208+
209+ # - name: Upload RPM
210+ # if: matrix.build == 'linux'
211+ 212+ # env:
213+ # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
214+ # with:
215+ # upload_url: ${{ needs.create-release.outputs.upload_url }}
216+ # asset_path: defguard-proxy-${{ env.VERSION }}-${{ matrix.target }}.rpm
217+ # asset_name: defguard-proxy-${{ env.VERSION }}-${{ matrix.target }}.rpm
218+ # asset_content_type: application/octet-stream
0 commit comments