From dfd60248705eb9c81e9c080b59c8195992ba6688 Mon Sep 17 00:00:00 2001 From: Aleksander <170264518+t-aleksander@users.noreply.github.com> Date: Mon, 21 Jul 2025 12:59:15 +0200 Subject: [PATCH 01/10] packer 1 --- .github/workflows/release.yml | 237 +++++++++++++++++++--------------- images/ami/core.pkr.hcl | 62 +++++++++ images/ami/core.sh | 20 +++ 3 files changed, 213 insertions(+), 106 deletions(-) create mode 100644 images/ami/core.pkr.hcl create mode 100644 images/ami/core.sh diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 3540aa572c..14a86f7e94 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,58 +1,60 @@ name: Publish to GitHub registry on: push: - tags: - - v*.*.* + # tags: + # - v*.*.* + branches: + - core-ami concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true jobs: - build-docker-release: - # Ignore tags with -, like v1.0.0-alpha - # This job will build the docker container with the "latest" tag which - # is a tag used in production, thus it should only be run for full releases. - if: startsWith(github.ref, 'refs/tags/') && !contains(github.ref, '-') - name: Build Release Docker image - uses: ./.github/workflows/build-docker.yml - with: - tags: | - type=raw,value=latest - type=semver,pattern={{version}} - type=semver,pattern={{major}}.{{minor}} - type=sha - - build-docker-prerelease: - # Only build tags with -, like v1.0.0-alpha - if: startsWith(github.ref, 'refs/tags/') && contains(github.ref, '-') - name: Build Pre-release Docker image - uses: ./.github/workflows/build-docker.yml - with: - tags: | - type=raw,value=pre-release - type=semver,pattern={{version}} - type=sha - # Explicitly disable latest tag. It will be added otherwise. - flavor: | - latest=false - - create-release: - name: create-release - runs-on: self-hosted - outputs: - upload_url: ${{ steps.release.outputs.upload_url }} - steps: - - name: Create GitHub release - id: release - uses: softprops/action-gh-release@v2 - if: startsWith(github.ref, 'refs/tags/') - with: - draft: true - generate_release_notes: true + # build-docker-release: + # # Ignore tags with -, like v1.0.0-alpha + # # This job will build the docker container with the "latest" tag which + # # is a tag used in production, thus it should only be run for full releases. + # if: startsWith(github.ref, 'refs/tags/') && !contains(github.ref, '-') + # name: Build Release Docker image + # uses: ./.github/workflows/build-docker.yml + # with: + # tags: | + # type=raw,value=latest + # type=semver,pattern={{version}} + # type=semver,pattern={{major}}.{{minor}} + # type=sha + + # build-docker-prerelease: + # # Only build tags with -, like v1.0.0-alpha + # if: startsWith(github.ref, 'refs/tags/') && contains(github.ref, '-') + # name: Build Pre-release Docker image + # uses: ./.github/workflows/build-docker.yml + # with: + # tags: | + # type=raw,value=pre-release + # type=semver,pattern={{version}} + # type=sha + # # Explicitly disable latest tag. It will be added otherwise. + # flavor: | + # latest=false + + # create-release: + # name: create-release + # runs-on: self-hosted + # outputs: + # upload_url: ${{ steps.release.outputs.upload_url }} + # steps: + # - name: Create GitHub release + # id: release + # uses: softprops/action-gh-release@v2 + # if: startsWith(github.ref, 'refs/tags/') + # with: + # draft: true + # generate_release_notes: true build-binaries: - needs: [create-release] + # needs: [create-release] runs-on: - self-hosted - Linux @@ -60,17 +62,22 @@ jobs: strategy: fail-fast: false matrix: - build: [linux, linux-arm64, freebsd] + build: [linux] include: - build: linux arch: amd64 target: x86_64-unknown-linux-gnu - - build: linux-arm64 - arch: arm64 - target: aarch64-unknown-linux-gnu - - build: freebsd - arch: amd64 - target: x86_64-unknown-freebsd + # build: [linux, linux-arm64, freebsd] + # include: + # - build: linux + # arch: amd64 + # target: x86_64-unknown-linux-gnu + # - build: linux-arm64 + # arch: arm64 + # target: aarch64-unknown-linux-gnu + # - build: freebsd + # arch: amd64 + # target: x86_64-unknown-freebsd steps: # Store the version, stripping any v-prefix - name: Write release version @@ -84,6 +91,10 @@ jobs: with: submodules: recursive + - name: Setup `packer` + uses: hashicorp/setup-packer@main + id: setup + - name: Install Rust stable uses: actions-rs/toolchain@v1 with: @@ -136,15 +147,15 @@ jobs: defguard-${{ github.ref_name }}-${{ matrix.target }} outPath: defguard-${{ github.ref_name }}-${{ matrix.target }}.tar.gz - - name: Upload release archive - uses: actions/upload-release-asset@v1.0.2 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - upload_url: ${{ needs.create-release.outputs.upload_url }} - asset_path: defguard-${{ github.ref_name }}-${{ matrix.target }}.tar.gz - asset_name: defguard-${{ github.ref_name }}-${{ matrix.target }}.tar.gz - asset_content_type: application/octet-stream + # - name: Upload release archive + # uses: actions/upload-release-asset@v1.0.2 + # env: + # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + # with: + # upload_url: ${{ needs.create-release.outputs.upload_url }} + # asset_path: defguard-${{ github.ref_name }}-${{ matrix.target }}.tar.gz + # asset_name: defguard-${{ github.ref_name }}-${{ matrix.target }}.tar.gz + # asset_content_type: application/octet-stream - name: Build DEB package if: matrix.build == 'linux' @@ -153,49 +164,63 @@ jobs: fpm_args: "defguard-${{ github.ref_name }}-${{ matrix.target }}=/usr/bin/defguard defguard.service=/usr/lib/systemd/system/defguard.service .env-template=/etc/defguard/core.conf" fpm_opts: "--architecture ${{ matrix.arch }} --debug --output-type deb --version ${{ env.VERSION }} --package defguard-${{ env.VERSION }}-${{ matrix.target }}.deb" - - name: Upload DEB - if: matrix.build == 'linux' - uses: actions/upload-release-asset@v1.0.2 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - upload_url: ${{ needs.create-release.outputs.upload_url }} - asset_path: defguard-${{ env.VERSION }}-${{ matrix.target }}.deb - asset_name: defguard-${{ env.VERSION }}-${{ matrix.target }}.deb - asset_content_type: application/octet-stream - - - name: Build RPM package - if: matrix.build == 'linux' - uses: defGuard/fpm-action@main - with: - fpm_args: "defguard-${{ github.ref_name }}-${{ matrix.target }}=/usr/bin/defguard defguard.service=/usr/lib/systemd/system/defguard.service .env-template=/etc/defguard/core.conf" - fpm_opts: "--architecture ${{ matrix.arch }} --debug --output-type rpm --version ${{ env.VERSION }} --package defguard-${{ env.VERSION }}-${{ matrix.target }}.rpm" - - - name: Upload RPM - if: matrix.build == 'linux' - uses: actions/upload-release-asset@v1.0.2 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - upload_url: ${{ needs.create-release.outputs.upload_url }} - asset_path: defguard-${{ env.VERSION }}-${{ matrix.target }}.rpm - asset_name: defguard-${{ env.VERSION }}-${{ matrix.target }}.rpm - asset_content_type: application/octet-stream - - - name: Build FreeBSD package - if: matrix.build == 'freebsd' - uses: defGuard/fpm-action@main - with: - fpm_args: "defguard-${{ github.ref_name }}-${{ matrix.target }}=/usr/local/bin/defguard defguard.service.freebsd=/usr/local/etc/rc.d/defguard" - fpm_opts: "--architecture ${{ matrix.arch }} --debug --output-type freebsd --version ${{ env.VERSION }} --package defguard-${{ env.VERSION }}_${{ matrix.target }}.pkg --freebsd-osversion '*'" - - - name: Upload FreeBSD - if: matrix.build == 'freebsd' - uses: actions/upload-release-asset@v1.0.2 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - upload_url: ${{ needs.create-release.outputs.upload_url }} - asset_path: defguard-${{ env.VERSION }}_${{ matrix.target }}.pkg - asset_name: defguard-${{ env.VERSION }}_${{ matrix.target }}.pkg - asset_content_type: application/octet-stream + - name: Run `packer init` + if: matrix.build == 'linux' && matrix.arch == 'amd64' + id: init + run: "packer init ./images/ami/core.pkr.hcl" + + - name: Run `packer validate` + if: matrix.build == 'linux' && matrix.arch == 'amd64' + id: validate + run: "packer validate ./images/ami/core.pkr.hcl" + + - name: Build AMI image + if: matrix.build == 'linux' && matrix.arch == 'amd64' + run: packer build -color=false -on-error=abort ./images/ami/core.pkr.hcl + + # - name: Upload DEB + # if: matrix.build == 'linux' + # uses: actions/upload-release-asset@v1.0.2 + # env: + # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + # with: + # upload_url: ${{ needs.create-release.outputs.upload_url }} + # asset_path: defguard-${{ env.VERSION }}-${{ matrix.target }}.deb + # asset_name: defguard-${{ env.VERSION }}-${{ matrix.target }}.deb + # asset_content_type: application/octet-stream + + # - name: Build RPM package + # if: matrix.build == 'linux' + # uses: defGuard/fpm-action@main + # with: + # fpm_args: "defguard-${{ github.ref_name }}-${{ matrix.target }}=/usr/bin/defguard defguard.service=/usr/lib/systemd/system/defguard.service .env-template=/etc/defguard/core.conf" + # fpm_opts: "--architecture ${{ matrix.arch }} --debug --output-type rpm --version ${{ env.VERSION }} --package defguard-${{ env.VERSION }}-${{ matrix.target }}.rpm" + + # - name: Upload RPM + # if: matrix.build == 'linux' + # uses: actions/upload-release-asset@v1.0.2 + # env: + # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + # with: + # upload_url: ${{ needs.create-release.outputs.upload_url }} + # asset_path: defguard-${{ env.VERSION }}-${{ matrix.target }}.rpm + # asset_name: defguard-${{ env.VERSION }}-${{ matrix.target }}.rpm + # asset_content_type: application/octet-stream + + # - name: Build FreeBSD package + # if: matrix.build == 'freebsd' + # uses: defGuard/fpm-action@main + # with: + # fpm_args: "defguard-${{ github.ref_name }}-${{ matrix.target }}=/usr/local/bin/defguard defguard.service.freebsd=/usr/local/etc/rc.d/defguard" + # fpm_opts: "--architecture ${{ matrix.arch }} --debug --output-type freebsd --version ${{ env.VERSION }} --package defguard-${{ env.VERSION }}_${{ matrix.target }}.pkg --freebsd-osversion '*'" + + # - name: Upload FreeBSD + # if: matrix.build == 'freebsd' + # uses: actions/upload-release-asset@v1.0.2 + # env: + # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + # with: + # upload_url: ${{ needs.create-release.outputs.upload_url }} + # asset_path: defguard-${{ env.VERSION }}_${{ matrix.target }}.pkg + # asset_name: defguard-${{ env.VERSION }}_${{ matrix.target }}.pkg + # asset_content_type: application/octet-stream diff --git a/images/ami/core.pkr.hcl b/images/ami/core.pkr.hcl new file mode 100644 index 0000000000..d7b9290133 --- /dev/null +++ b/images/ami/core.pkr.hcl @@ -0,0 +1,62 @@ +packer { + required_plugins { + amazon = { + version = ">= 1.2.8" + source = "github.com/hashicorp/amazon" + } + } +} + +variable "package_version" { + type = string +} + +variable "region" { + type = string + default = "eu-north-1" +} + +variable "instance_type" { + type = string + default = "t3.micro" +} + +source "amazon-ebs" "defguard-core" { + ami_name = "defguard-core-${var.package_version}-amd64" + instance_type = var.instance_type + region = var.region + source_ami_filter { + filters = { + name = "ubuntu/images/hvm-ssd-gp3/ubuntu-noble-24.04-amd64-server-*" + root-device-type = "ebs" + virtualization-type = "hvm" + } + most_recent = true + owners = ["099720109477"] + } + ssh_username = "ubuntu" +} + +build { + name = "defguard-core" + sources = [ + "source.amazon-ebs.defguard-core" + ] + + provisioner "file" { + source = "defguard-${var.package_version}-x86_64-unknown-linux-gnu.deb" + destination = "/tmp/defguard-core.deb" + } + + provisioner "shell" { + script = "core.sh" + } + + provisioner "shell" { + inline = ["rm /home/ubuntu/.ssh/authorized_keys"] + } + + provisioner "shell" { + inline = ["sudo rm /root/.ssh/authorized_keys"] + } +} diff --git a/images/ami/core.sh b/images/ami/core.sh new file mode 100644 index 0000000000..89795f84f3 --- /dev/null +++ b/images/ami/core.sh @@ -0,0 +1,20 @@ +#!/usr/bin/env bash +set -e + +echo "Updating apt repositories..." +sudo apt update + +# echo "Installing curl..." +# sudo apt install -y curl + +# DEB_URL="https://github.com/DefGuard/defguard/releases/download/v${PACKAGE_VERSION}/defguard-${PACKAGE_VERSION}-x86_64-unknown-linux-gnu.deb" +# echo "Downloading Defguard package from: $DEB_URL" +# sudo curl -fsSL -o /tmp/defguard-core.deb "$DEB_URL" + +echo "Installing Defguard package..." +sudo dpkg -i /tmp/defguard-core.deb + +echo "Cleaning up..." +sudo rm -f /tmp/defguard-core.deb + +echo "Defguard installation completed successfully." From 4361accf205b8e5120014f0d48848a5c62528d00 Mon Sep 17 00:00:00 2001 From: Aleksander <170264518+t-aleksander@users.noreply.github.com> Date: Mon, 21 Jul 2025 13:19:38 +0200 Subject: [PATCH 02/10] pass secrets and package version --- .github/workflows/release.yml | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 14a86f7e94..15d95acb7f 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -80,9 +80,14 @@ jobs: # target: x86_64-unknown-freebsd steps: # Store the version, stripping any v-prefix + # - name: Write release version + # run: | + # VERSION=${GITHUB_REF_NAME#v} + # echo Version: $VERSION + # echo "VERSION=$VERSION" >> $GITHUB_ENV - name: Write release version run: | - VERSION=${GITHUB_REF_NAME#v} + VERSION=1.5.0 echo Version: $VERSION echo "VERSION=$VERSION" >> $GITHUB_ENV @@ -176,7 +181,10 @@ jobs: - name: Build AMI image if: matrix.build == 'linux' && matrix.arch == 'amd64' - run: packer build -color=false -on-error=abort ./images/ami/core.pkr.hcl + run: packer build -color=false -on-error=abort ./images/ami/core.pkr.hcl --var "package_version=${{ env.VERSION }}" + env: + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} # - name: Upload DEB # if: matrix.build == 'linux' From fe827908dd38336a23d0148b3a6b1f98b84c0a95 Mon Sep 17 00:00:00 2001 From: Aleksander <170264518+t-aleksander@users.noreply.github.com> Date: Mon, 21 Jul 2025 13:30:08 +0200 Subject: [PATCH 03/10] fix packer validate --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 15d95acb7f..f2851876cc 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -177,7 +177,7 @@ jobs: - name: Run `packer validate` if: matrix.build == 'linux' && matrix.arch == 'amd64' id: validate - run: "packer validate ./images/ami/core.pkr.hcl" + run: packer validate ./images/ami/core.pkr.hcl --var "package_version=${{ env.VERSION }}" - name: Build AMI image if: matrix.build == 'linux' && matrix.arch == 'amd64' From edfa2159e5c4a0b444b3ecbf8bf2adb16c40ef8c Mon Sep 17 00:00:00 2001 From: Aleksander <170264518+t-aleksander@users.noreply.github.com> Date: Mon, 21 Jul 2025 13:52:52 +0200 Subject: [PATCH 04/10] fix packer validaate 2 --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index f2851876cc..a85d59ecc7 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -177,7 +177,7 @@ jobs: - name: Run `packer validate` if: matrix.build == 'linux' && matrix.arch == 'amd64' id: validate - run: packer validate ./images/ami/core.pkr.hcl --var "package_version=${{ env.VERSION }}" + run: packer validate --var "package_version=${{ env.VERSION }}" ./images/ami/core.pkr.hcl - name: Build AMI image if: matrix.build == 'linux' && matrix.arch == 'amd64' From c17b8604e3191a2cacd97699fb67f607338bc961 Mon Sep 17 00:00:00 2001 From: Aleksander <170264518+t-aleksander@users.noreply.github.com> Date: Mon, 21 Jul 2025 14:02:27 +0200 Subject: [PATCH 05/10] fix path --- images/ami/core.pkr.hcl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/ami/core.pkr.hcl b/images/ami/core.pkr.hcl index d7b9290133..8bb7d90fdd 100644 --- a/images/ami/core.pkr.hcl +++ b/images/ami/core.pkr.hcl @@ -49,7 +49,7 @@ build { } provisioner "shell" { - script = "core.sh" + script = "./images/ami/core.sh" } provisioner "shell" { From 6cbd9f7b503952f4278e9b833734959eaad3476f Mon Sep 17 00:00:00 2001 From: Aleksander <170264518+t-aleksander@users.noreply.github.com> Date: Mon, 21 Jul 2025 14:12:11 +0200 Subject: [PATCH 06/10] fix packer build --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index a85d59ecc7..92763b8511 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -181,7 +181,7 @@ jobs: - name: Build AMI image if: matrix.build == 'linux' && matrix.arch == 'amd64' - run: packer build -color=false -on-error=abort ./images/ami/core.pkr.hcl --var "package_version=${{ env.VERSION }}" + run: packer build -color=false -on-error=abort --var "package_version=${{ env.VERSION }}" ./images/ami/core.pkr.hcl env: AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} From 8b4e5934e423c4db92b92a80c78d9d95f56b351c Mon Sep 17 00:00:00 2001 From: Aleksander <170264518+t-aleksander@users.noreply.github.com> Date: Fri, 25 Jul 2025 11:41:40 +0200 Subject: [PATCH 07/10] build for multiple regions --- .github/workflows/release.yml | 17 ++++++++++------- images/ami/core.sh | 7 ------- 2 files changed, 10 insertions(+), 14 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 92763b8511..9e1daec74e 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -174,14 +174,17 @@ jobs: id: init run: "packer init ./images/ami/core.pkr.hcl" - - name: Run `packer validate` + - name: Build AMI images for multiple regions if: matrix.build == 'linux' && matrix.arch == 'amd64' - id: validate - run: packer validate --var "package_version=${{ env.VERSION }}" ./images/ami/core.pkr.hcl - - - name: Build AMI image - if: matrix.build == 'linux' && matrix.arch == 'amd64' - run: packer build -color=false -on-error=abort --var "package_version=${{ env.VERSION }}" ./images/ami/core.pkr.hcl + run: | + regions=(us-east-1 eu-west-1) + for region in "${regions[@]}"; do + echo "Building AMI for region: $region" + echo "Running packer validate for $region..." + packer validate --var "package_version=${{ env.VERSION }}" --var "region=$region" ./images/ami/core.pkr.hcl + echo "Building AMI image for $region..." + packer build -color=false -on-error=abort --var "package_version=${{ env.VERSION }}" --var "region=$region" ./images/ami/core.pkr.hcl + done env: AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} diff --git a/images/ami/core.sh b/images/ami/core.sh index 89795f84f3..1203c711ae 100644 --- a/images/ami/core.sh +++ b/images/ami/core.sh @@ -4,13 +4,6 @@ set -e echo "Updating apt repositories..." sudo apt update -# echo "Installing curl..." -# sudo apt install -y curl - -# DEB_URL="https://github.com/DefGuard/defguard/releases/download/v${PACKAGE_VERSION}/defguard-${PACKAGE_VERSION}-x86_64-unknown-linux-gnu.deb" -# echo "Downloading Defguard package from: $DEB_URL" -# sudo curl -fsSL -o /tmp/defguard-core.deb "$DEB_URL" - echo "Installing Defguard package..." sudo dpkg -i /tmp/defguard-core.deb From 949ad8855260d417a997e6d735fab9e76022223f Mon Sep 17 00:00:00 2001 From: Aleksander <170264518+t-aleksander@users.noreply.github.com> Date: Fri, 25 Jul 2025 13:07:44 +0200 Subject: [PATCH 08/10] revert workflow --- .github/workflows/release.yml | 224 ++++++++++++++++------------------ 1 file changed, 106 insertions(+), 118 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 9e1daec74e..4a1a3e11ac 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,57 +1,55 @@ name: Publish to GitHub registry on: push: - # tags: - # - v*.*.* - branches: - - core-ami + tags: + - v*.*.* concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true jobs: - # build-docker-release: - # # Ignore tags with -, like v1.0.0-alpha - # # This job will build the docker container with the "latest" tag which - # # is a tag used in production, thus it should only be run for full releases. - # if: startsWith(github.ref, 'refs/tags/') && !contains(github.ref, '-') - # name: Build Release Docker image - # uses: ./.github/workflows/build-docker.yml - # with: - # tags: | - # type=raw,value=latest - # type=semver,pattern={{version}} - # type=semver,pattern={{major}}.{{minor}} - # type=sha - - # build-docker-prerelease: - # # Only build tags with -, like v1.0.0-alpha - # if: startsWith(github.ref, 'refs/tags/') && contains(github.ref, '-') - # name: Build Pre-release Docker image - # uses: ./.github/workflows/build-docker.yml - # with: - # tags: | - # type=raw,value=pre-release - # type=semver,pattern={{version}} - # type=sha - # # Explicitly disable latest tag. It will be added otherwise. - # flavor: | - # latest=false - - # create-release: - # name: create-release - # runs-on: self-hosted - # outputs: - # upload_url: ${{ steps.release.outputs.upload_url }} - # steps: - # - name: Create GitHub release - # id: release - # uses: softprops/action-gh-release@v2 - # if: startsWith(github.ref, 'refs/tags/') - # with: - # draft: true - # generate_release_notes: true + build-docker-release: + # Ignore tags with -, like v1.0.0-alpha + # This job will build the docker container with the "latest" tag which + # is a tag used in production, thus it should only be run for full releases. + if: startsWith(github.ref, 'refs/tags/') && !contains(github.ref, '-') + name: Build Release Docker image + uses: ./.github/workflows/build-docker.yml + with: + tags: | + type=raw,value=latest + type=semver,pattern={{version}} + type=semver,pattern={{major}}.{{minor}} + type=sha + + build-docker-prerelease: + # Only build tags with -, like v1.0.0-alpha + if: startsWith(github.ref, 'refs/tags/') && contains(github.ref, '-') + name: Build Pre-release Docker image + uses: ./.github/workflows/build-docker.yml + with: + tags: | + type=raw,value=pre-release + type=semver,pattern={{version}} + type=sha + # Explicitly disable latest tag. It will be added otherwise. + flavor: | + latest=false + + create-release: + name: create-release + runs-on: self-hosted + outputs: + upload_url: ${{ steps.release.outputs.upload_url }} + steps: + - name: Create GitHub release + id: release + uses: softprops/action-gh-release@v2 + if: startsWith(github.ref, 'refs/tags/') + with: + draft: true + generate_release_notes: true build-binaries: # needs: [create-release] @@ -62,32 +60,22 @@ jobs: strategy: fail-fast: false matrix: - build: [linux] + build: [linux, linux-arm64, freebsd] include: - build: linux arch: amd64 target: x86_64-unknown-linux-gnu - # build: [linux, linux-arm64, freebsd] - # include: - # - build: linux - # arch: amd64 - # target: x86_64-unknown-linux-gnu - # - build: linux-arm64 - # arch: arm64 - # target: aarch64-unknown-linux-gnu - # - build: freebsd - # arch: amd64 - # target: x86_64-unknown-freebsd + - build: linux-arm64 + arch: arm64 + target: aarch64-unknown-linux-gnu + - build: freebsd + arch: amd64 + target: x86_64-unknown-freebsd steps: # Store the version, stripping any v-prefix - # - name: Write release version - # run: | - # VERSION=${GITHUB_REF_NAME#v} - # echo Version: $VERSION - # echo "VERSION=$VERSION" >> $GITHUB_ENV - name: Write release version run: | - VERSION=1.5.0 + VERSION=${GITHUB_REF_NAME#v} echo Version: $VERSION echo "VERSION=$VERSION" >> $GITHUB_ENV @@ -152,15 +140,15 @@ jobs: defguard-${{ github.ref_name }}-${{ matrix.target }} outPath: defguard-${{ github.ref_name }}-${{ matrix.target }}.tar.gz - # - name: Upload release archive - # uses: actions/upload-release-asset@v1.0.2 - # env: - # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - # with: - # upload_url: ${{ needs.create-release.outputs.upload_url }} - # asset_path: defguard-${{ github.ref_name }}-${{ matrix.target }}.tar.gz - # asset_name: defguard-${{ github.ref_name }}-${{ matrix.target }}.tar.gz - # asset_content_type: application/octet-stream + - name: Upload release archive + uses: actions/upload-release-asset@v1.0.2 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + upload_url: ${{ needs.create-release.outputs.upload_url }} + asset_path: defguard-${{ github.ref_name }}-${{ matrix.target }}.tar.gz + asset_name: defguard-${{ github.ref_name }}-${{ matrix.target }}.tar.gz + asset_content_type: application/octet-stream - name: Build DEB package if: matrix.build == 'linux' @@ -189,49 +177,49 @@ jobs: AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - # - name: Upload DEB - # if: matrix.build == 'linux' - # uses: actions/upload-release-asset@v1.0.2 - # env: - # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - # with: - # upload_url: ${{ needs.create-release.outputs.upload_url }} - # asset_path: defguard-${{ env.VERSION }}-${{ matrix.target }}.deb - # asset_name: defguard-${{ env.VERSION }}-${{ matrix.target }}.deb - # asset_content_type: application/octet-stream - - # - name: Build RPM package - # if: matrix.build == 'linux' - # uses: defGuard/fpm-action@main - # with: - # fpm_args: "defguard-${{ github.ref_name }}-${{ matrix.target }}=/usr/bin/defguard defguard.service=/usr/lib/systemd/system/defguard.service .env-template=/etc/defguard/core.conf" - # fpm_opts: "--architecture ${{ matrix.arch }} --debug --output-type rpm --version ${{ env.VERSION }} --package defguard-${{ env.VERSION }}-${{ matrix.target }}.rpm" - - # - name: Upload RPM - # if: matrix.build == 'linux' - # uses: actions/upload-release-asset@v1.0.2 - # env: - # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - # with: - # upload_url: ${{ needs.create-release.outputs.upload_url }} - # asset_path: defguard-${{ env.VERSION }}-${{ matrix.target }}.rpm - # asset_name: defguard-${{ env.VERSION }}-${{ matrix.target }}.rpm - # asset_content_type: application/octet-stream - - # - name: Build FreeBSD package - # if: matrix.build == 'freebsd' - # uses: defGuard/fpm-action@main - # with: - # fpm_args: "defguard-${{ github.ref_name }}-${{ matrix.target }}=/usr/local/bin/defguard defguard.service.freebsd=/usr/local/etc/rc.d/defguard" - # fpm_opts: "--architecture ${{ matrix.arch }} --debug --output-type freebsd --version ${{ env.VERSION }} --package defguard-${{ env.VERSION }}_${{ matrix.target }}.pkg --freebsd-osversion '*'" - - # - name: Upload FreeBSD - # if: matrix.build == 'freebsd' - # uses: actions/upload-release-asset@v1.0.2 - # env: - # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - # with: - # upload_url: ${{ needs.create-release.outputs.upload_url }} - # asset_path: defguard-${{ env.VERSION }}_${{ matrix.target }}.pkg - # asset_name: defguard-${{ env.VERSION }}_${{ matrix.target }}.pkg - # asset_content_type: application/octet-stream + - name: Upload DEB + if: matrix.build == 'linux' + uses: actions/upload-release-asset@v1.0.2 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + upload_url: ${{ needs.create-release.outputs.upload_url }} + asset_path: defguard-${{ env.VERSION }}-${{ matrix.target }}.deb + asset_name: defguard-${{ env.VERSION }}-${{ matrix.target }}.deb + asset_content_type: application/octet-stream + + - name: Build RPM package + if: matrix.build == 'linux' + uses: defGuard/fpm-action@main + with: + fpm_args: "defguard-${{ github.ref_name }}-${{ matrix.target }}=/usr/bin/defguard defguard.service=/usr/lib/systemd/system/defguard.service .env-template=/etc/defguard/core.conf" + fpm_opts: "--architecture ${{ matrix.arch }} --debug --output-type rpm --version ${{ env.VERSION }} --package defguard-${{ env.VERSION }}-${{ matrix.target }}.rpm" + + - name: Upload RPM + if: matrix.build == 'linux' + uses: actions/upload-release-asset@v1.0.2 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + upload_url: ${{ needs.create-release.outputs.upload_url }} + asset_path: defguard-${{ env.VERSION }}-${{ matrix.target }}.rpm + asset_name: defguard-${{ env.VERSION }}-${{ matrix.target }}.rpm + asset_content_type: application/octet-stream + + - name: Build FreeBSD package + if: matrix.build == 'freebsd' + uses: defGuard/fpm-action@main + with: + fpm_args: "defguard-${{ github.ref_name }}-${{ matrix.target }}=/usr/local/bin/defguard defguard.service.freebsd=/usr/local/etc/rc.d/defguard" + fpm_opts: "--architecture ${{ matrix.arch }} --debug --output-type freebsd --version ${{ env.VERSION }} --package defguard-${{ env.VERSION }}_${{ matrix.target }}.pkg --freebsd-osversion '*'" + + - name: Upload FreeBSD + if: matrix.build == 'freebsd' + uses: actions/upload-release-asset@v1.0.2 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + upload_url: ${{ needs.create-release.outputs.upload_url }} + asset_path: defguard-${{ env.VERSION }}_${{ matrix.target }}.pkg + asset_name: defguard-${{ env.VERSION }}_${{ matrix.target }}.pkg + asset_content_type: application/octet-stream From a9723c22a4af607b3b6ec44687cd3ce5cf9683b2 Mon Sep 17 00:00:00 2001 From: Aleksander <170264518+t-aleksander@users.noreply.github.com> Date: Fri, 25 Jul 2025 13:08:19 +0200 Subject: [PATCH 09/10] fix --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 4a1a3e11ac..550b291ecd 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -52,7 +52,7 @@ jobs: generate_release_notes: true build-binaries: - # needs: [create-release] + needs: [create-release] runs-on: - self-hosted - Linux From 99474684275bef3a4479b0c9689cc88368e236e7 Mon Sep 17 00:00:00 2001 From: Aleksander <170264518+t-aleksander@users.noreply.github.com> Date: Fri, 25 Jul 2025 15:58:14 +0200 Subject: [PATCH 10/10] tokyo region --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 550b291ecd..a79149cb92 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -165,7 +165,7 @@ jobs: - name: Build AMI images for multiple regions if: matrix.build == 'linux' && matrix.arch == 'amd64' run: | - regions=(us-east-1 eu-west-1) + regions=(us-east-1 eu-west-1 ap-northeast-1) for region in "${regions[@]}"; do echo "Building AMI for region: $region" echo "Running packer validate for $region..."