From d571bee8e042bc01a97ea61c50d2a6d4385e4808 Mon Sep 17 00:00:00 2001
From: jakub-tldr <78603704+jakub-tldr@users.noreply.github.com>
Date: Wed, 15 Oct 2025 13:07:58 +0200
Subject: [PATCH 1/8] workflow test
---
.github/workflows/release.yml | 221 ++++++++++++++++++++--------------
1 file changed, 132 insertions(+), 89 deletions(-)
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index a45196f589..97892363e1 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -1,41 +1,43 @@
name: Publish to GitHub registry
on:
push:
- tags:
- - v*.*.*
+ branches:
+ - apt_repository
+ # tags:
+ # - v*.*.*
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
- build-docker-release:
- # Ignore tags with -, like v1.0.0-alpha
- # This job will build the docker container with the "latest" tag which
- # is a tag used in production, thus it should only be run for full releases.
- if: startsWith(github.ref, 'refs/tags/') && !contains(github.ref, '-')
- name: Build Release Docker image
- uses: ./.github/workflows/build-docker.yml
- with:
- tags: |
- type=raw,value=latest
- type=semver,pattern={{version}}
- type=semver,pattern={{major}}.{{minor}}
- type=sha
-
- build-docker-prerelease:
- # Only build tags with -, like v1.0.0-alpha
- if: startsWith(github.ref, 'refs/tags/') && contains(github.ref, '-')
- name: Build Pre-release Docker image
- uses: ./.github/workflows/build-docker.yml
- with:
- tags: |
- type=raw,value=pre-release
- type=semver,pattern={{version}}
- type=sha
- # Explicitly disable latest tag. It will be added otherwise.
- flavor: |
- latest=false
+ # build-docker-release:
+ # # Ignore tags with -, like v1.0.0-alpha
+ # # This job will build the docker container with the "latest" tag which
+ # # is a tag used in production, thus it should only be run for full releases.
+ # if: startsWith(github.ref, 'refs/tags/') && !contains(github.ref, '-')
+ # name: Build Release Docker image
+ # uses: ./.github/workflows/build-docker.yml
+ # with:
+ # tags: |
+ # type=raw,value=latest
+ # type=semver,pattern={{version}}
+ # type=semver,pattern={{major}}.{{minor}}
+ # type=sha
+
+ # build-docker-prerelease:
+ # # Only build tags with -, like v1.0.0-alpha
+ # if: startsWith(github.ref, 'refs/tags/') && contains(github.ref, '-')
+ # name: Build Pre-release Docker image
+ # uses: ./.github/workflows/build-docker.yml
+ # with:
+ # tags: |
+ # type=raw,value=pre-release
+ # type=semver,pattern={{version}}
+ # type=sha
+ # # Explicitly disable latest tag. It will be added otherwise.
+ # flavor: |
+ # latest=false
create-release:
name: create-release
@@ -46,20 +48,19 @@ jobs:
- name: Create GitHub release
id: release
uses: softprops/action-gh-release@v2
- if: startsWith(github.ref, 'refs/tags/')
+ # if: startsWith(github.ref, 'refs/tags/')
with:
draft: true
generate_release_notes: true
- create-sbom:
- needs: [create-release, build-docker-release]
- uses: ./.github/workflows/sbom.yml
- with:
- upload_url: ${{ needs.create-release.outputs.upload_url }}
+ # create-sbom:
+ # needs: [create-release, build-docker-release]
+ # uses: ./.github/workflows/sbom.yml
+ # with:
+ # upload_url: ${{ needs.create-release.outputs.upload_url }}
build-binaries:
needs: [create-release]
-
runs-on:
- self-hosted
- Linux
@@ -68,28 +69,34 @@ jobs:
strategy:
fail-fast: false
matrix:
- build: [linux, linux-arm64, freebsd]
+ build: [linux] #, linux-arm64, freebsd]
include:
- build: linux
arch: amd64
target: x86_64-unknown-linux-gnu
- - build: linux-arm64
- arch: arm64
- target: aarch64-unknown-linux-gnu
- - build: freebsd
- arch: amd64
- target: x86_64-unknown-freebsd
+ # - build: linux-arm64
+ # arch: arm64
+ # target: aarch64-unknown-linux-gnu
+ # - build: freebsd
+ # arch: amd64
+ # target: x86_64-unknown-freebsd
permissions:
contents: write # needed to upload release assets
steps:
+ # # Store the version, stripping any v-prefix
+ # - name: Write release version
+ # run: |
+ # VERSION=${GITHUB_REF_NAME#v}
+ # echo Version: $VERSION
+ # echo "VERSION=$VERSION" >> $GITHUB_ENV
# Store the version, stripping any v-prefix
- name: Write release version
run: |
VERSION=${GITHUB_REF_NAME#v}
echo Version: $VERSION
- echo "VERSION=$VERSION" >> $GITHUB_ENV
+ echo "VERSION=1.5.1" >> $GITHUB_ENV
- name: Checkout
uses: actions/checkout@v4
@@ -172,20 +179,20 @@ jobs:
id: init
run: "packer init ./images/ami/core.pkr.hcl"
- - name: Build AMI images for multiple regions
- if: matrix.build == 'linux' && matrix.arch == 'amd64'
- run: |
- regions=(us-east-1 eu-west-1 ap-northeast-1 eu-central-1)
- for region in "${regions[@]}"; do
- echo "Building AMI for region: $region"
- echo "Running packer validate for $region..."
- packer validate --var "package_version=${{ env.VERSION }}" --var "region=$region" ./images/ami/core.pkr.hcl
- echo "Building AMI image for $region..."
- packer build -color=false -on-error=abort --var "package_version=${{ env.VERSION }}" --var "region=$region" ./images/ami/core.pkr.hcl
- done
- env:
- AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
- AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+ # - name: Build AMI images for multiple regions
+ # if: matrix.build == 'linux' && matrix.arch == 'amd64'
+ # run: |
+ # regions=(us-east-1 eu-west-1 ap-northeast-1 eu-central-1)
+ # for region in "${regions[@]}"; do
+ # echo "Building AMI for region: $region"
+ # echo "Running packer validate for $region..."
+ # packer validate --var "package_version=${{ env.VERSION }}" --var "region=$region" ./images/ami/core.pkr.hcl
+ # echo "Building AMI image for $region..."
+ # packer build -color=false -on-error=abort --var "package_version=${{ env.VERSION }}" --var "region=$region" ./images/ami/core.pkr.hcl
+ # done
+ # env:
+ # AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+ # AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
- name: Upload DEB
if: matrix.build == 'linux'
@@ -198,38 +205,74 @@ jobs:
asset_name: defguard-${{ env.VERSION }}-${{ matrix.target }}.deb
asset_content_type: application/octet-stream
- - name: Build RPM package
+ - name: Upload DEB to apt repository
if: matrix.build == 'linux'
- uses: defGuard/fpm-action@main
- with:
- fpm_args: "defguard-${{ github.ref_name }}-${{ matrix.target }}=/usr/bin/defguard defguard.service=/usr/lib/systemd/system/defguard.service .env-template=/etc/defguard/core.conf"
- fpm_opts: "--architecture ${{ matrix.arch }} --debug --output-type rpm --version ${{ env.VERSION }} --package defguard-${{ env.VERSION }}-${{ matrix.target }}.rpm"
+ run: |
+ export PATH="/srv/github/defguard/.local/share/gem/ruby/3.3.0/bin:$PATH"
+ COMPONENT=$([[ "${{ github.ref_name }}" == *"-"* ]] && echo "pre-release" || echo "release") # if tag contain "-" assume it's pre-release.
- - name: Upload RPM
- if: matrix.build == 'linux'
- uses: actions/upload-release-asset@v1.0.2
- env:
- GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- with:
- upload_url: ${{ needs.create-release.outputs.upload_url }}
- asset_path: defguard-${{ env.VERSION }}-${{ matrix.target }}.rpm
- asset_name: defguard-${{ env.VERSION }}-${{ matrix.target }}.rpm
- asset_content_type: application/octet-stream
+ deb-s3 upload -l --bucket=apt.defguard.net --access-key-id=${{ secrets.AWS_ACCESS_KEY_APT }} --secret-access-key=${{ secrets.AWS_SECRET_KEY_APT }} --s3-region=eu-north-1 --no-fail-if-exists --codename=trixie --component="$COMPONENT" defguard-${{ env.VERSION }}-${{ matrix.target }}.deb
+ # - name: Build RPM package
+ # if: matrix.build == 'linux'
+ # uses: defGuard/fpm-action@main
+ # with:
+ # fpm_args: "defguard-${{ github.ref_name }}-${{ matrix.target }}=/usr/bin/defguard defguard.service=/usr/lib/systemd/system/defguard.service .env-template=/etc/defguard/core.conf"
+ # fpm_opts: "--architecture ${{ matrix.arch }} --debug --output-type rpm --version ${{ env.VERSION }} --package defguard-${{ env.VERSION }}-${{ matrix.target }}.rpm"
- - name: Build FreeBSD package
- if: matrix.build == 'freebsd'
- uses: defGuard/fpm-action@main
- with:
- fpm_args: "defguard-${{ github.ref_name }}-${{ matrix.target }}=/usr/local/bin/defguard defguard.service.freebsd=/usr/local/etc/rc.d/defguard"
- fpm_opts: "--architecture ${{ matrix.arch }} --debug --output-type freebsd --version ${{ env.VERSION }} --package defguard-${{ env.VERSION }}_${{ matrix.target }}.pkg --freebsd-osversion '*'"
+ # - name: Upload RPM
+ # if: matrix.build == 'linux'
+ # uses: actions/upload-release-asset@v1.0.2
+ # env:
+ # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ # with:
+ # upload_url: ${{ needs.create-release.outputs.upload_url }}
+ # asset_path: defguard-${{ env.VERSION }}-${{ matrix.target }}.rpm
+ # asset_name: defguard-${{ env.VERSION }}-${{ matrix.target }}.rpm
+ # asset_content_type: application/octet-stream
- - name: Upload FreeBSD
- if: matrix.build == 'freebsd'
- uses: actions/upload-release-asset@v1.0.2
- env:
- GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- with:
- upload_url: ${{ needs.create-release.outputs.upload_url }}
- asset_path: defguard-${{ env.VERSION }}_${{ matrix.target }}.pkg
- asset_name: defguard-${{ env.VERSION }}_${{ matrix.target }}.pkg
- asset_content_type: application/octet-stream
+ # - name: Build FreeBSD package
+ # if: matrix.build == 'freebsd'
+ # uses: defGuard/fpm-action@main
+ # with:
+ # fpm_args: "defguard-${{ github.ref_name }}-${{ matrix.target }}=/usr/local/bin/defguard defguard.service.freebsd=/usr/local/etc/rc.d/defguard"
+ # fpm_opts: "--architecture ${{ matrix.arch }} --debug --output-type freebsd --version ${{ env.VERSION }} --package defguard-${{ env.VERSION }}_${{ matrix.target }}.pkg --freebsd-osversion '*'"
+
+ # - name: Upload FreeBSD
+ # if: matrix.build == 'freebsd'
+ # uses: actions/upload-release-asset@v1.0.2
+ # env:
+ # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ # with:
+ # upload_url: ${{ needs.create-release.outputs.upload_url }}
+ # asset_path: defguard-${{ env.VERSION }}_${{ matrix.target }}.pkg
+ # asset_name: defguard-${{ env.VERSION }}_${{ matrix.target }}.pkg
+ # asset_content_type: application/octet-stream
+
+ apt-sign:
+ needs:
+ - build-binaries
+ runs-on:
+ - self-hosted
+ - Linux
+ - X64
+ strategy:
+ fail-fast: false
+ steps:
+ - name: Sign APT repository on trixie
+ run: |
+ export AWS_ACCESS_KEY_ID=${{ secrets.AWS_ACCESS_KEY_APT }}
+ export AWS_SECRET_ACCESS_KEY=${{ secrets.AWS_SECRET_KEY_APT }}
+ export AWS_REGION=eu-north-1
+ sudo apt update -y
+ sudo apt install -y awscli curl jq
+
+ #For trixie
+ aws s3 cp s3://apt.defguard.net/dists/trixie/Release .
+ curl -X POST "${{ secrets.DEFGUARD_SIGNING_URL }}?signature_type=both" \
+ -H "Authorization: Bearer ${{ secrets.DEFGUARD_SIGNING_API_KEY }}" \
+ -F "file=@Release" \
+ -o response.json
+ cat response.json | jq -r '.files["Release.gpg"].content' | base64 --decode > Release.gpg
+ cat response.json | jq -r '.files.Release.content' | base64 --decode > InRelease
+ aws s3 cp Release.gpg s3://apt.defguard.net/dists/trixie/ --acl public-read
+ aws s3 cp InRelease s3://apt.defguard.net/dists/trixie/ --acl public-read
\ No newline at end of file
From 01be2983e1827a6e47ad673759d439cb73456e48 Mon Sep 17 00:00:00 2001
From: jakub-tldr <78603704+jakub-tldr@users.noreply.github.com>
Date: Wed, 15 Oct 2025 13:24:16 +0200
Subject: [PATCH 2/8] ready to release
---
.github/workflows/release.yml | 190 ++++++++++++++++------------------
1 file changed, 91 insertions(+), 99 deletions(-)
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 97892363e1..61b0aeaf1b 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -1,43 +1,41 @@
name: Publish to GitHub registry
on:
push:
- branches:
- - apt_repository
- # tags:
- # - v*.*.*
+ tags:
+ - v*.*.*
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
- # build-docker-release:
- # # Ignore tags with -, like v1.0.0-alpha
- # # This job will build the docker container with the "latest" tag which
- # # is a tag used in production, thus it should only be run for full releases.
- # if: startsWith(github.ref, 'refs/tags/') && !contains(github.ref, '-')
- # name: Build Release Docker image
- # uses: ./.github/workflows/build-docker.yml
- # with:
- # tags: |
- # type=raw,value=latest
- # type=semver,pattern={{version}}
- # type=semver,pattern={{major}}.{{minor}}
- # type=sha
-
- # build-docker-prerelease:
- # # Only build tags with -, like v1.0.0-alpha
- # if: startsWith(github.ref, 'refs/tags/') && contains(github.ref, '-')
- # name: Build Pre-release Docker image
- # uses: ./.github/workflows/build-docker.yml
- # with:
- # tags: |
- # type=raw,value=pre-release
- # type=semver,pattern={{version}}
- # type=sha
- # # Explicitly disable latest tag. It will be added otherwise.
- # flavor: |
- # latest=false
+ build-docker-release:
+ # Ignore tags with -, like v1.0.0-alpha
+ # This job will build the docker container with the "latest" tag which
+ # is a tag used in production, thus it should only be run for full releases.
+ if: startsWith(github.ref, 'refs/tags/') && !contains(github.ref, '-')
+ name: Build Release Docker image
+ uses: ./.github/workflows/build-docker.yml
+ with:
+ tags: |
+ type=raw,value=latest
+ type=semver,pattern={{version}}
+ type=semver,pattern={{major}}.{{minor}}
+ type=sha
+
+ build-docker-prerelease:
+ # Only build tags with -, like v1.0.0-alpha
+ if: startsWith(github.ref, 'refs/tags/') && contains(github.ref, '-')
+ name: Build Pre-release Docker image
+ uses: ./.github/workflows/build-docker.yml
+ with:
+ tags: |
+ type=raw,value=pre-release
+ type=semver,pattern={{version}}
+ type=sha
+ # Explicitly disable latest tag. It will be added otherwise.
+ flavor: |
+ latest=false
create-release:
name: create-release
@@ -53,11 +51,11 @@ jobs:
draft: true
generate_release_notes: true
- # create-sbom:
- # needs: [create-release, build-docker-release]
- # uses: ./.github/workflows/sbom.yml
- # with:
- # upload_url: ${{ needs.create-release.outputs.upload_url }}
+ create-sbom:
+ needs: [create-release, build-docker-release]
+ uses: ./.github/workflows/sbom.yml
+ with:
+ upload_url: ${{ needs.create-release.outputs.upload_url }}
build-binaries:
needs: [create-release]
@@ -69,34 +67,28 @@ jobs:
strategy:
fail-fast: false
matrix:
- build: [linux] #, linux-arm64, freebsd]
+ build: [linux, linux-arm64, freebsd]
include:
- build: linux
arch: amd64
target: x86_64-unknown-linux-gnu
- # - build: linux-arm64
- # arch: arm64
- # target: aarch64-unknown-linux-gnu
- # - build: freebsd
- # arch: amd64
- # target: x86_64-unknown-freebsd
+ - build: linux-arm64
+ arch: arm64
+ target: aarch64-unknown-linux-gnu
+ - build: freebsd
+ arch: amd64
+ target: x86_64-unknown-freebsd
permissions:
contents: write # needed to upload release assets
steps:
# # Store the version, stripping any v-prefix
- # - name: Write release version
- # run: |
- # VERSION=${GITHUB_REF_NAME#v}
- # echo Version: $VERSION
- # echo "VERSION=$VERSION" >> $GITHUB_ENV
- # Store the version, stripping any v-prefix
- name: Write release version
run: |
VERSION=${GITHUB_REF_NAME#v}
echo Version: $VERSION
- echo "VERSION=1.5.1" >> $GITHUB_ENV
+ echo "VERSION=$VERSION" >> $GITHUB_ENV
- name: Checkout
uses: actions/checkout@v4
@@ -179,20 +171,20 @@ jobs:
id: init
run: "packer init ./images/ami/core.pkr.hcl"
- # - name: Build AMI images for multiple regions
- # if: matrix.build == 'linux' && matrix.arch == 'amd64'
- # run: |
- # regions=(us-east-1 eu-west-1 ap-northeast-1 eu-central-1)
- # for region in "${regions[@]}"; do
- # echo "Building AMI for region: $region"
- # echo "Running packer validate for $region..."
- # packer validate --var "package_version=${{ env.VERSION }}" --var "region=$region" ./images/ami/core.pkr.hcl
- # echo "Building AMI image for $region..."
- # packer build -color=false -on-error=abort --var "package_version=${{ env.VERSION }}" --var "region=$region" ./images/ami/core.pkr.hcl
- # done
- # env:
- # AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
- # AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+ - name: Build AMI images for multiple regions
+ if: matrix.build == 'linux' && matrix.arch == 'amd64'
+ run: |
+ regions=(us-east-1 eu-west-1 ap-northeast-1 eu-central-1)
+ for region in "${regions[@]}"; do
+ echo "Building AMI for region: $region"
+ echo "Running packer validate for $region..."
+ packer validate --var "package_version=${{ env.VERSION }}" --var "region=$region" ./images/ami/core.pkr.hcl
+ echo "Building AMI image for $region..."
+ packer build -color=false -on-error=abort --var "package_version=${{ env.VERSION }}" --var "region=$region" ./images/ami/core.pkr.hcl
+ done
+ env:
+ AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+ AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
- name: Upload DEB
if: matrix.build == 'linux'
@@ -212,41 +204,41 @@ jobs:
COMPONENT=$([[ "${{ github.ref_name }}" == *"-"* ]] && echo "pre-release" || echo "release") # if tag contain "-" assume it's pre-release.
deb-s3 upload -l --bucket=apt.defguard.net --access-key-id=${{ secrets.AWS_ACCESS_KEY_APT }} --secret-access-key=${{ secrets.AWS_SECRET_KEY_APT }} --s3-region=eu-north-1 --no-fail-if-exists --codename=trixie --component="$COMPONENT" defguard-${{ env.VERSION }}-${{ matrix.target }}.deb
- # - name: Build RPM package
- # if: matrix.build == 'linux'
- # uses: defGuard/fpm-action@main
- # with:
- # fpm_args: "defguard-${{ github.ref_name }}-${{ matrix.target }}=/usr/bin/defguard defguard.service=/usr/lib/systemd/system/defguard.service .env-template=/etc/defguard/core.conf"
- # fpm_opts: "--architecture ${{ matrix.arch }} --debug --output-type rpm --version ${{ env.VERSION }} --package defguard-${{ env.VERSION }}-${{ matrix.target }}.rpm"
-
- # - name: Upload RPM
- # if: matrix.build == 'linux'
- # uses: actions/upload-release-asset@v1.0.2
- # env:
- # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- # with:
- # upload_url: ${{ needs.create-release.outputs.upload_url }}
- # asset_path: defguard-${{ env.VERSION }}-${{ matrix.target }}.rpm
- # asset_name: defguard-${{ env.VERSION }}-${{ matrix.target }}.rpm
- # asset_content_type: application/octet-stream
-
- # - name: Build FreeBSD package
- # if: matrix.build == 'freebsd'
- # uses: defGuard/fpm-action@main
- # with:
- # fpm_args: "defguard-${{ github.ref_name }}-${{ matrix.target }}=/usr/local/bin/defguard defguard.service.freebsd=/usr/local/etc/rc.d/defguard"
- # fpm_opts: "--architecture ${{ matrix.arch }} --debug --output-type freebsd --version ${{ env.VERSION }} --package defguard-${{ env.VERSION }}_${{ matrix.target }}.pkg --freebsd-osversion '*'"
-
- # - name: Upload FreeBSD
- # if: matrix.build == 'freebsd'
- # uses: actions/upload-release-asset@v1.0.2
- # env:
- # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- # with:
- # upload_url: ${{ needs.create-release.outputs.upload_url }}
- # asset_path: defguard-${{ env.VERSION }}_${{ matrix.target }}.pkg
- # asset_name: defguard-${{ env.VERSION }}_${{ matrix.target }}.pkg
- # asset_content_type: application/octet-stream
+ - name: Build RPM package
+ if: matrix.build == 'linux'
+ uses: defGuard/fpm-action@main
+ with:
+ fpm_args: "defguard-${{ github.ref_name }}-${{ matrix.target }}=/usr/bin/defguard defguard.service=/usr/lib/systemd/system/defguard.service .env-template=/etc/defguard/core.conf"
+ fpm_opts: "--architecture ${{ matrix.arch }} --debug --output-type rpm --version ${{ env.VERSION }} --package defguard-${{ env.VERSION }}-${{ matrix.target }}.rpm"
+
+ - name: Upload RPM
+ if: matrix.build == 'linux'
+ uses: actions/upload-release-asset@v1.0.2
+ env:
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ with:
+ upload_url: ${{ needs.create-release.outputs.upload_url }}
+ asset_path: defguard-${{ env.VERSION }}-${{ matrix.target }}.rpm
+ asset_name: defguard-${{ env.VERSION }}-${{ matrix.target }}.rpm
+ asset_content_type: application/octet-stream
+
+ - name: Build FreeBSD package
+ if: matrix.build == 'freebsd'
+ uses: defGuard/fpm-action@main
+ with:
+ fpm_args: "defguard-${{ github.ref_name }}-${{ matrix.target }}=/usr/local/bin/defguard defguard.service.freebsd=/usr/local/etc/rc.d/defguard"
+ fpm_opts: "--architecture ${{ matrix.arch }} --debug --output-type freebsd --version ${{ env.VERSION }} --package defguard-${{ env.VERSION }}_${{ matrix.target }}.pkg --freebsd-osversion '*'"
+
+ - name: Upload FreeBSD
+ if: matrix.build == 'freebsd'
+ uses: actions/upload-release-asset@v1.0.2
+ env:
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ with:
+ upload_url: ${{ needs.create-release.outputs.upload_url }}
+ asset_path: defguard-${{ env.VERSION }}_${{ matrix.target }}.pkg
+ asset_name: defguard-${{ env.VERSION }}_${{ matrix.target }}.pkg
+ asset_content_type: application/octet-stream
apt-sign:
needs:
From 0ba75e25498856a678abca1d347bfc809067fdc7 Mon Sep 17 00:00:00 2001
From: jakub-tldr <78603704+jakub-tldr@users.noreply.github.com>
Date: Wed, 15 Oct 2025 13:28:50 +0200
Subject: [PATCH 3/8] delete comment
---
.github/workflows/release.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 61b0aeaf1b..a4b6cdaee3 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -46,7 +46,7 @@ jobs:
- name: Create GitHub release
id: release
uses: softprops/action-gh-release@v2
- # if: startsWith(github.ref, 'refs/tags/')
+ if: startsWith(github.ref, 'refs/tags/')
with:
draft: true
generate_release_notes: true
From c4b5a32caf1b098d4ac0c6cf6d6eb125b076a5e6 Mon Sep 17 00:00:00 2001
From: jakub-tldr <78603704+jakub-tldr@users.noreply.github.com>
Date: Wed, 15 Oct 2025 13:31:00 +0200
Subject: [PATCH 4/8] add EOL
---
.github/workflows/release.yml | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index a4b6cdaee3..3a82439a8a 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -83,7 +83,7 @@ jobs:
contents: write # needed to upload release assets
steps:
- # # Store the version, stripping any v-prefix
+ # Store the version, stripping any v-prefix
- name: Write release version
run: |
VERSION=${GITHUB_REF_NAME#v}
@@ -267,4 +267,4 @@ jobs:
cat response.json | jq -r '.files["Release.gpg"].content' | base64 --decode > Release.gpg
cat response.json | jq -r '.files.Release.content' | base64 --decode > InRelease
aws s3 cp Release.gpg s3://apt.defguard.net/dists/trixie/ --acl public-read
- aws s3 cp InRelease s3://apt.defguard.net/dists/trixie/ --acl public-read
\ No newline at end of file
+ aws s3 cp InRelease s3://apt.defguard.net/dists/trixie/ --acl public-read
From c24a98e4646cc65e976e628b2deda5416face7d3 Mon Sep 17 00:00:00 2001
From: jakub-tldr <78603704+jakub-tldr@users.noreply.github.com>
Date: Wed, 15 Oct 2025 15:16:34 +0200
Subject: [PATCH 5/8] Added ruby to path
---
.github/workflows/release.yml | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 3a82439a8a..8cfa13fccd 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -197,10 +197,16 @@ jobs:
asset_name: defguard-${{ env.VERSION }}-${{ matrix.target }}.deb
asset_content_type: application/octet-stream
+ - name: Install ruby with deb-s3
+ if: matrix.build == 'linux'
+ run: |
+ sudo apt-get install -y ruby
+ gem install deb-s3
+ echo "$(ruby -r rubygems -e 'puts Gem.user_dir')/bin" >> $GITHUB_PATH
+
- name: Upload DEB to apt repository
if: matrix.build == 'linux'
run: |
- export PATH="/srv/github/defguard/.local/share/gem/ruby/3.3.0/bin:$PATH"
COMPONENT=$([[ "${{ github.ref_name }}" == *"-"* ]] && echo "pre-release" || echo "release") # if tag contain "-" assume it's pre-release.
deb-s3 upload -l --bucket=apt.defguard.net --access-key-id=${{ secrets.AWS_ACCESS_KEY_APT }} --secret-access-key=${{ secrets.AWS_SECRET_KEY_APT }} --s3-region=eu-north-1 --no-fail-if-exists --codename=trixie --component="$COMPONENT" defguard-${{ env.VERSION }}-${{ matrix.target }}.deb
From b0ca0176dc611ca2d97ca81ee73edeb651ace971 Mon Sep 17 00:00:00 2001
From: jakub-tldr <78603704+jakub-tldr@users.noreply.github.com>
Date: Thu, 16 Oct 2025 13:38:46 +0200
Subject: [PATCH 6/8] for loop
---
.github/workflows/release.yml | 24 ++++++++++++++----------
1 file changed, 14 insertions(+), 10 deletions(-)
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 8cfa13fccd..c589af7dbf 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -264,13 +264,17 @@ jobs:
sudo apt update -y
sudo apt install -y awscli curl jq
- #For trixie
- aws s3 cp s3://apt.defguard.net/dists/trixie/Release .
- curl -X POST "${{ secrets.DEFGUARD_SIGNING_URL }}?signature_type=both" \
- -H "Authorization: Bearer ${{ secrets.DEFGUARD_SIGNING_API_KEY }}" \
- -F "file=@Release" \
- -o response.json
- cat response.json | jq -r '.files["Release.gpg"].content' | base64 --decode > Release.gpg
- cat response.json | jq -r '.files.Release.content' | base64 --decode > InRelease
- aws s3 cp Release.gpg s3://apt.defguard.net/dists/trixie/ --acl public-read
- aws s3 cp InRelease s3://apt.defguard.net/dists/trixie/ --acl public-read
+ for DIST in trixie; do
+ aws s3 cp s3://apt.defguard.net/dists/{$DIST}/Release .
+
+ curl -X POST "${{ secrets.DEFGUARD_SIGNING_URL }}?signature_type=both" \
+ -H "Authorization: Bearer ${{ secrets.DEFGUARD_SIGNING_API_KEY }}" \
+ -F "file=@Release" \
+ -o response.json
+
+ cat response.json | jq -r '.files["Release.gpg"].content' | base64 --decode > Release.gpg
+ cat response.json | jq -r '.files.Release.content' | base64 --decode > InRelease
+
+ aws s3 cp Release.gpg s3://apt.defguard.net/dists/${DIST}/ --acl public-read
+ aws s3 cp InRelease s3://apt.defguard.net/dists/${DIST}/ --acl public-read
+ done
\ No newline at end of file
From db5f073904a489ddfe5e75de84a64fc7fd43346c Mon Sep 17 00:00:00 2001
From: jakub-tldr <78603704+jakub-tldr@users.noreply.github.com>
Date: Thu, 16 Oct 2025 13:40:02 +0200
Subject: [PATCH 7/8] typo 2
---
.github/workflows/release.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index c589af7dbf..7727b47f43 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -265,7 +265,7 @@ jobs:
sudo apt install -y awscli curl jq
for DIST in trixie; do
- aws s3 cp s3://apt.defguard.net/dists/{$DIST}/Release .
+ aws s3 cp s3://apt.defguard.net/dists/${DIST}/Release .
curl -X POST "${{ secrets.DEFGUARD_SIGNING_URL }}?signature_type=both" \
-H "Authorization: Bearer ${{ secrets.DEFGUARD_SIGNING_API_KEY }}" \
From c38509cf06f5c097edaf45eb292bbf7d28232a96 Mon Sep 17 00:00:00 2001
From: jakub-tldr <78603704+jakub-tldr@users.noreply.github.com>
Date: Fri, 17 Oct 2025 17:27:05 +0200
Subject: [PATCH 8/8] refresh html
---
.github/workflows/release.yml | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 7727b47f43..95daff338b 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -277,4 +277,7 @@ jobs:
aws s3 cp Release.gpg s3://apt.defguard.net/dists/${DIST}/ --acl public-read
aws s3 cp InRelease s3://apt.defguard.net/dists/${DIST}/ --acl public-read
- done
\ No newline at end of file
+
+ aws s3 ls s3://apt.defguard.net/dists/ --recursive | awk '{print ""$4"
"}' > index.html
+ aws s3 cp index.html s3://apt.defguard.net/ --acl public-read
+ done