From ef967830664d94e54153b02b15becbb6d4acb18d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adam=20Ciarcin=CC=81ski?= Date: Wed, 15 Apr 2026 09:16:28 +0200 Subject: [PATCH 1/4] Get rid of cross-rs --- .github/workflows/release.yml | 252 ++++++++++++++++++++-------------- .github/workflows/sbom.yml | 4 +- Cargo.lock | 173 ++++++++++++----------- Cross.toml | 41 ------ defguard.service.freebsd | 1 + 5 files changed, 240 insertions(+), 231 deletions(-) delete mode 100644 Cross.toml diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index ec60d0e618..40f60b0ac8 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,6 +1,8 @@ -name: Publish to GitHub registry +name: Make a new release on: push: + branches: + - cross tags: - v*.*.* @@ -13,6 +15,12 @@ concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true +env: + SQLX_OFFLINE: "1" + # sccache + SCCACHE_GHA_ENABLED: "true" + RUSTC_WRAPPER: "sccache" + jobs: build-docker-release: # Ignore tags with -, like v1.0.0-alpha @@ -52,43 +60,30 @@ jobs: steps: - name: Create GitHub release id: release - uses: softprops/action-gh-release@v2 - if: startsWith(github.ref, 'refs/tags/') + uses: shogo82148/actions-create-release@v1 with: draft: true generate_release_notes: true + # TODO: remove + release_name: test + tag_name: test create-sbom: - needs: [create-release, build-docker-release] + needs: + - create-release + - build-docker-release uses: ./.github/workflows/sbom.yml with: upload_url: ${{ needs.create-release.outputs.upload_url }} build-binaries: - needs: [create-release] + needs: + - create-release runs-on: - self-hosted - Linux - X64 - strategy: - fail-fast: false - matrix: - build: [linux, linux-arm64, freebsd] - include: - - build: linux - arch: amd64 - target: x86_64-unknown-linux-gnu - - build: linux-arm64 - arch: arm64 - target: aarch64-unknown-linux-gnu - - build: freebsd - arch: amd64 - target: x86_64-unknown-freebsd - - permissions: - contents: write # needed to upload release assets - steps: # Store the version, stripping any v-prefix - name: Write release version @@ -102,121 +97,176 @@ jobs: with: submodules: recursive - - name: Setup `packer` - uses: hashicorp/setup-packer@main - id: setup - - - name: Install Rust stable - uses: actions-rs/toolchain@v1 + - name: Install NodeJS + uses: actions/setup-node@v6 with: - toolchain: 1.89.0 # "stable" causes rust-lld: error on aarch64-linux - target: ${{ matrix.target }} - override: true + node-version: 25 - - name: Set up Docker BuildX - uses: docker/setup-buildx-action@v4 + - name: Install pnpm + uses: pnpm/action-setup@v6 with: - buildkitd-config-inline: | - [registry."docker.io"] - mirrors = ["dockerhub-proxy.teonite.net"] + version: 10 - - name: Install pnpm - uses: pnpm/action-setup@v4 + # Change to '--frozen-lockfile' once this gets fixed: + # https://github.com/pnpm/action-setup/issues/40 + - name: Build frontend + run: pnpm install --ignore-scripts --no-frozen-lockfile && pnpm build + working-directory: web + + - name: Install Rust stable + uses: dtolnay/rust-toolchain@stable with: - # FIXME: temporarily pinned because of https://github.com/pnpm/pnpm/pull/9959 - version: 10.17 + targets: "aarch64-unknown-linux-gnu" - - name: Use Node.js 24 - uses: actions/setup-node@v6 + - name: Run sccache-cache + uses: mozilla-actions/sccache-action@v0.0.9 + + - name: Build Linux x86_64 binary + run: | + cargo build --locked --release --target x86_64-unknown-linux-gnu + mv target/x86_64-unknown-linux-gnu/release/defguard defguard-${{ env.VERSION }}-x86_64-unknown-linux-gnu + tar -zcf defguard-${{ env.VERSION }}-x86_64-unknown-linux-gnu.tar.gz \ + defguard-${{ env.VERSION }}-x86_64-unknown-linux-gnu + + - name: Build Linux aarch64 binary + env: + CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER: aarch64-linux-gnu-gcc + PKG_CONFIG_SYSROOT_DIR: /usr/lib/aarch64-linux-gnu + run: | + cargo build --locked --release --target aarch64-unknown-linux-gnu + mv target/aarch64-unknown-linux-gnu/release/defguard defguard-${{ env.VERSION }}-aarch64-unknown-linux-gnu + tar -zcf defguard-${{ env.VERSION }}-aarch64-unknown-linux-gnu.tar.gz \ + defguard-${{ env.VERSION }}-aarch64-unknown-linux-gnu + + - name: Build FreeBSD binary + run: | + rsync -rlptxzH -e 'ssh -l root' --del ./ freebsd:work/defguard/ + ssh root@freebsd 'cd work/defguard && cargo build --locked --release' + scp root@freebsd:work/defguard/target/release/defguard defguard-${{ env.VERSION }}-x86_64-unknown-freebsd + tar -zcf defguard-${{ env.VERSION }}-x86_64-unknown-freebsd.tar.gz \ + defguard-${{ env.VERSION }}-x86_64-unknown-freebsd + + - name: Build x86_64 DEB package + uses: defGuard/fpm-action@main with: - node-version: 24 + fpm_args: + "defguard-${{ env.VERSION }}-x86_64-unknown-linux-gnu=/usr/bin/defguard + defguard.service=/usr/lib/systemd/system/defguard.service + .env-template=/etc/defguard/core.conf" + fpm_opts: "--architecture amd64 --output-type deb --version ${{ env.VERSION }} --package defguard-${{ env.VERSION }}-x86_64-unknown-linux-gnu.deb" - - name: Install frontend dependencies - run: pnpm install --ignore-scripts --frozen-lockfile - working-directory: web + - name: Build aarch64 DEB package + uses: defGuard/fpm-action@main + with: + fpm_args: + "defguard-${{ env.VERSION }}-aarch64-unknown-linux-gnu=/usr/bin/defguard + defguard.service=/usr/lib/systemd/system/defguard.service + .env-template=/etc/defguard/core.conf" + fpm_opts: "--architecture arm64 --output-type deb --version ${{ env.VERSION }} --package defguard-${{ env.VERSION }}-aarch64-unknown-linux-gnu.deb" - - name: Build frontend - run: pnpm build - working-directory: web + - name: Build x86_64 RPM package + uses: defGuard/fpm-action@main + with: + fpm_args: + "defguard-${{ env.VERSION }}-x86_64-unknown-linux-gnu=/usr/bin/defguard + defguard.service=/usr/lib/systemd/system/defguard.service + .env-template=/etc/defguard/core.conf" + fpm_opts: "--architecture amd64 --output-type rpm --version ${{ env.VERSION }} --package defguard-${{ env.VERSION }}-x86_64-unknown-linux-gnu.rpm" - - name: Build release binary - uses: actions-rs/cargo@v1 + - name: Build aarch64 RPM package + uses: defGuard/fpm-action@main with: - use-cross: true - command: build - args: --locked --release --target ${{ matrix.target }} + fpm_args: + "defguard-${{ env.VERSION }}-aarch64-unknown-linux-gnu=/usr/bin/defguard + defguard.service=/usr/lib/systemd/system/defguard.service + .env-template=/etc/defguard/core.conf" + fpm_opts: "--architecture arm64 --output-type rpm --version ${{ env.VERSION }} --package defguard-${{ env.VERSION }}-aarch64-unknown-freebsd.rpm" - - name: Rename binary - run: mv target/${{ matrix.target }}/release/defguard defguard-${{ github.ref_name }}-${{ matrix.target }} + - name: Build FreeBSD package + uses: defGuard/fpm-action@main + with: + fpm_args: + "defguard-${{ env.VERSION }}-x86_64-unknown-freebsd=/usr/local/bin/defguard + defguard.service.freebsd=/usr/local/etc/rc.d/defguard + .env-template=/etc/defguard/core.conf" + fpm_opts: "--architecture amd64 --output-type freebsd --version ${{ env.VERSION }} --package defguard-${{ env.VERSION }}_x86_64-unknown-freebsd.pkg --freebsd-osversion '*' --depends openssl" - - name: Tar - uses: a7ul/tar-action@v1.2.0 + - name: Upload Linux x86_64 archive + uses: shogo82148/actions-upload-release-asset@v1 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: - command: c - files: | - defguard-${{ github.ref_name }}-${{ matrix.target }} - outPath: defguard-${{ github.ref_name }}-${{ matrix.target }}.tar.gz + upload_url: ${{ needs.create-release.outputs.upload_url }} + asset_path: defguard-${{ env.VERSION }}-x86_64-unknown-linux-gnu.tar.gz + asset_content_type: application/gzip + overwrite: true - - name: Upload release archive - uses: actions/upload-release-asset@v1.0.2 + - name: Upload Linux aarch64 archive + uses: shogo82148/actions-upload-release-asset@v1 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: upload_url: ${{ needs.create-release.outputs.upload_url }} - asset_path: defguard-${{ github.ref_name }}-${{ matrix.target }}.tar.gz - asset_name: defguard-${{ github.ref_name }}-${{ matrix.target }}.tar.gz - asset_content_type: application/octet-stream + asset_path: defguard-${{ env.VERSION }}-aarch64-unknown-linux-gnu.tar.gz + asset_content_type: application/gzip + overwrite: true - - name: Build DEB package - if: matrix.build == 'linux' - uses: defGuard/fpm-action@main + - name: Upload FreeBSD x86_64 archive + uses: shogo82148/actions-upload-release-asset@v1 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: - fpm_args: "defguard-${{ github.ref_name }}-${{ matrix.target }}=/usr/bin/defguard defguard.service=/usr/lib/systemd/system/defguard.service .env-template=/etc/defguard/core.conf" - fpm_opts: "--architecture ${{ matrix.arch }} --debug --output-type deb --version ${{ env.VERSION }} --package defguard-${{ env.VERSION }}-${{ matrix.target }}.deb" + upload_url: ${{ needs.create-release.outputs.upload_url }} + asset_path: defguard-${{ env.VERSION }}-x86_64-unknown-freebsd.tar.gz + asset_content_type: application/gzip + overwrite: true - - name: Upload DEB - if: matrix.build == 'linux' - uses: actions/upload-release-asset@v1.0.2 + - name: Upload Linux x86_64 DEB + uses: shogo82148/actions-upload-release-asset@v1 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: upload_url: ${{ needs.create-release.outputs.upload_url }} - asset_path: defguard-${{ env.VERSION }}-${{ matrix.target }}.deb - asset_name: defguard-${{ env.VERSION }}-${{ matrix.target }}.deb - asset_content_type: application/octet-stream + asset_path: defguard-${{ env.VERSION }}-x86_64-unknown-linux-gnu.deb + asset_content_type: application/gzip + overwrite: true - - name: Build RPM package - if: matrix.build == 'linux' - uses: defGuard/fpm-action@main + - name: Upload Linux aarch64 DEB + uses: shogo82148/actions-upload-release-asset@v1 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: - fpm_args: "defguard-${{ github.ref_name }}-${{ matrix.target }}=/usr/bin/defguard defguard.service=/usr/lib/systemd/system/defguard.service .env-template=/etc/defguard/core.conf" - fpm_opts: "--architecture ${{ matrix.arch }} --debug --output-type rpm --version ${{ env.VERSION }} --package defguard-${{ env.VERSION }}-${{ matrix.target }}.rpm" + upload_url: ${{ needs.create-release.outputs.upload_url }} + asset_path: defguard-${{ env.VERSION }}-aarch64-unknown-linux-gnu.deb + asset_content_type: application/gzip + overwrite: true - - name: Upload RPM - if: matrix.build == 'linux' - uses: actions/upload-release-asset@v1.0.2 + - name: Upload Linux x86_64 RPM + uses: shogo82148/actions-upload-release-asset@v1 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: upload_url: ${{ needs.create-release.outputs.upload_url }} - asset_path: defguard-${{ env.VERSION }}-${{ matrix.target }}.rpm - asset_name: defguard-${{ env.VERSION }}-${{ matrix.target }}.rpm - asset_content_type: application/octet-stream + asset_path: defguard-${{ env.VERSION }}-x86_64-unknown-linux-gnu.rpm + asset_content_type: application/gzip + overwrite: true - - name: Build FreeBSD package - if: matrix.build == 'freebsd' - uses: defGuard/fpm-action@main + - name: Upload Linux aarch64 RPM + uses: shogo82148/actions-upload-release-asset@v1 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: - fpm_args: "defguard-${{ github.ref_name }}-${{ matrix.target }}=/usr/local/bin/defguard defguard.service.freebsd=/usr/local/etc/rc.d/defguard" - fpm_opts: "--architecture ${{ matrix.arch }} --debug --output-type freebsd --version ${{ env.VERSION }} --package defguard-${{ env.VERSION }}_${{ matrix.target }}.pkg --freebsd-osversion '*' --depends openssl" + upload_url: ${{ needs.create-release.outputs.upload_url }} + asset_path: defguard-${{ env.VERSION }}-aarch64-unknown-linux-gnu.rpm + asset_content_type: application/gzip + overwrite: true - - name: Upload FreeBSD - if: matrix.build == 'freebsd' - uses: actions/upload-release-asset@v1.0.2 + - name: Upload FreeBSD package + uses: shogo82148/actions-upload-release-asset@v1 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: upload_url: ${{ needs.create-release.outputs.upload_url }} - asset_path: defguard-${{ env.VERSION }}_${{ matrix.target }}.pkg - asset_name: defguard-${{ env.VERSION }}_${{ matrix.target }}.pkg - asset_content_type: application/octet-stream + asset_path: defguard-${{ env.VERSION }}_x86_64-unknown-freebsd.pkg + asset_content_type: application/x-pkg + overwrite: true diff --git a/.github/workflows/sbom.yml b/.github/workflows/sbom.yml index 018115ebb0..3f2fb166a4 100644 --- a/.github/workflows/sbom.yml +++ b/.github/workflows/sbom.yml @@ -45,7 +45,7 @@ jobs: scanners: "vuln" skip-dirs: "e2e" - - name: Create docker image SBOM with Trivy + - name: Create Docker image SBOM with Trivy uses: aquasecurity/trivy-action@0.35.0 with: image-ref: "ghcr.io/defguard/defguard:${{ steps.vars.outputs.VERSION }}" @@ -83,5 +83,5 @@ jobs: with: upload_url: ${{ inputs.upload_url }} asset_path: "defguard-*.json" - asset_content_type: application/octet-stream + asset_content_type: application/json overwrite: true diff --git a/Cargo.lock b/Cargo.lock index 233c079176..c2b7dfe6cc 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -409,9 +409,9 @@ dependencies = [ [[package]] name = "axum" -version = "0.8.8" +version = "0.8.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8b52af3cb4058c895d37317bb27508dccc8e5f2d39454016b297bf4a400597b8" +checksum = "31b698c5f9a010f6573133b09e0de5408834d0c82f8d7475a89fc1867a71cd90" dependencies = [ "axum-core", "bytes", @@ -472,9 +472,9 @@ dependencies = [ [[package]] name = "axum-extra" -version = "0.12.5" +version = "0.12.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fef252edff26ddba56bbcdf2ee3307b8129acb86f5749b68990c168a6fcc9c76" +checksum = "be44683b41ccb9ab2d23a5230015c9c3c55be97a25e4428366de8873103f7970" dependencies = [ "axum", "axum-core", @@ -595,20 +595,20 @@ checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a" [[package]] name = "bitflags" -version = "2.11.0" +version = "2.11.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "843867be96c8daad0d758b57df9392b6d8d271134fce549de6ce169ff98a92af" +checksum = "c4512299f36f043ab09a583e57bceb5a5aab7a73db1805848e8fef3c9e8c78b3" dependencies = [ "serde_core", ] [[package]] name = "bitstream-io" -version = "4.9.0" +version = "4.10.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "60d4bd9d1db2c6bdf285e223a7fa369d5ce98ec767dec949c6ca62863ce61757" +checksum = "7eff00be299a18769011411c9def0d827e8f2d7bf0c3dbf53633147a8867fd1f" dependencies = [ - "core2", + "no_std_io2", ] [[package]] @@ -748,9 +748,9 @@ dependencies = [ [[package]] name = "cc" -version = "1.2.59" +version = "1.2.60" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b7a4d3ec6524d28a329fc53654bbadc9bdd7b0431f5d65f1a56ffb28a1ee5283" +checksum = "43c5703da9466b66a946814e1adf53ea2c90f10063b86290cc9eb67ce3478a20" dependencies = [ "find-msvc-tools", "jobserver", @@ -1014,15 +1014,6 @@ version = "0.8.7" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "773648b94d0e5d620f64f280777445740e61fe701025087ec8b57f45c791888b" -[[package]] -name = "core2" -version = "0.4.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b49ba7ef1ad6107f8824dbe97de947cbaac53c44e7f9756a1fba0d37c1eec505" -dependencies = [ - "memchr", -] - [[package]] name = "cpufeatures" version = "0.2.17" @@ -1860,7 +1851,7 @@ version = "0.3.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1e0e367e4e7da84520dedcac1901e4da967309406d1e51017ae1abfb97adbd38" dependencies = [ - "bitflags 2.11.0", + "bitflags 2.11.1", "objc2", ] @@ -2499,7 +2490,7 @@ version = "0.20.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7b88256088d75a56f8ecfa070513a775dd9107f6530ef14919dac831af9cfe2b" dependencies = [ - "bitflags 2.11.0", + "bitflags 2.11.1", "libc", "libgit2-sys", "log", @@ -2525,7 +2516,7 @@ version = "0.9.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0bf760ebf69878d9fd8f110c89703d90ce35095324d1f1edcb595c63945ee757" dependencies = [ - "bitflags 2.11.0", + "bitflags 2.11.1", "ignore", "walkdir", ] @@ -2779,9 +2770,9 @@ dependencies = [ [[package]] name = "hyper-rustls" -version = "0.27.7" +version = "0.27.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e3c93eb611681b207e1fe55d5a71ecf91572ec8a6705cdb6857f7d8d5242cf58" +checksum = "33ca68d021ef39cf6463ab54c1d0f5daf03377b70561305bb89a8f83aab66e0f" dependencies = [ "http", "hyper", @@ -2789,7 +2780,6 @@ dependencies = [ "log", "rustls", "rustls-native-certs", - "rustls-pki-types", "tokio", "tokio-rustls", "tower-service", @@ -3164,9 +3154,9 @@ dependencies = [ [[package]] name = "js-sys" -version = "0.3.94" +version = "0.3.95" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2e04e2ef80ce82e13552136fabeef8a5ed1f985a96805761cbb9a2c34e7664d9" +checksum = "2964e92d1d9dc3364cae4d718d93f227e3abb088e747d92e0395bfdedf1c12ca" dependencies = [ "cfg-if", "futures-util", @@ -3181,7 +3171,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ba781c43eb46c3bbf5bfda541139eed9a52b78d7c3aa74d516918885ecd63c40" dependencies = [ "base64 0.22.1", - "bitflags 2.11.0", + "bitflags 2.11.1", "num-bigint", "serde", "serde_json", @@ -3319,9 +3309,9 @@ dependencies = [ [[package]] name = "libc" -version = "0.2.184" +version = "0.2.185" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "48f5d2a454e16a5ea0f4ced81bd44e4cfc7bd3a507b61887c99fd3538b28e4af" +checksum = "52ff2c0fe9bc6cb6b14a0592c2ff4fa9ceb83eea9db979b0487cd054946a2b8f" [[package]] name = "libfuzzer-sys" @@ -3357,7 +3347,7 @@ version = "0.1.16" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e02f3bb43d335493c96bf3fd3a321600bf6bd07ed34bc64118e9293bdffea46c" dependencies = [ - "bitflags 2.11.0", + "bitflags 2.11.1", "libc", "plain", "redox_syscall 0.7.4", @@ -3636,12 +3626,21 @@ version = "0.30.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "74523f3a35e05aba87a1d978330aef40f67b0304ac79c1c00b294c9830543db6" dependencies = [ - "bitflags 2.11.0", + "bitflags 2.11.1", "cfg-if", "cfg_aliases", "libc", ] +[[package]] +name = "no_std_io2" +version = "0.9.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b51ed7824b6e07d354605f4abb3d9d300350701299da96642ee084f5ce631550" +dependencies = [ + "memchr", +] + [[package]] name = "nom" version = "7.1.3" @@ -3833,7 +3832,7 @@ version = "0.3.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "73ad74d880bb43877038da939b7427bba67e9dd42004a18b809ba7d87cee241c" dependencies = [ - "bitflags 2.11.0", + "bitflags 2.11.1", "objc2", "objc2-foundation", ] @@ -3854,7 +3853,7 @@ version = "0.3.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "2a180dd8642fa45cdb7dd721cd4c11b1cadd4929ce112ebd8b9f5803cc79d536" dependencies = [ - "bitflags 2.11.0", + "bitflags 2.11.1", "dispatch2", "objc2", ] @@ -3865,7 +3864,7 @@ version = "0.3.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e022c9d066895efa1345f8e33e584b9f958da2fd4cd116792e15e07e4720a807" dependencies = [ - "bitflags 2.11.0", + "bitflags 2.11.1", "dispatch2", "objc2", "objc2-core-foundation", @@ -3898,7 +3897,7 @@ version = "0.3.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0cde0dfb48d25d2b4862161a4d5fcc0e3c24367869ad306b0c9ec0073bfed92d" dependencies = [ - "bitflags 2.11.0", + "bitflags 2.11.1", "objc2", "objc2-core-foundation", "objc2-core-graphics", @@ -3916,7 +3915,7 @@ version = "0.3.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e3e0adef53c21f888deb4fa59fc59f7eb17404926ee8a6f59f5df0fd7f9f3272" dependencies = [ - "bitflags 2.11.0", + "bitflags 2.11.1", "block2", "libc", "objc2", @@ -3929,7 +3928,7 @@ version = "0.3.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "180788110936d59bab6bd83b6060ffdfffb3b922ba1396b312ae795e1de9d81d" dependencies = [ - "bitflags 2.11.0", + "bitflags 2.11.1", "objc2", "objc2-core-foundation", ] @@ -3940,7 +3939,7 @@ version = "0.3.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "96c1358452b371bf9f104e21ec536d37a650eb10f7ee379fff67d2e08d537f1f" dependencies = [ - "bitflags 2.11.0", + "bitflags 2.11.1", "objc2", "objc2-core-foundation", "objc2-foundation", @@ -3952,7 +3951,7 @@ version = "0.3.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d87d638e33c06f577498cbcc50491496a3ed4246998a7fbba7ccb98b1e7eab22" dependencies = [ - "bitflags 2.11.0", + "bitflags 2.11.1", "block2", "objc2", "objc2-cloud-kit", @@ -4058,11 +4057,11 @@ dependencies = [ [[package]] name = "openssl" -version = "0.10.76" +version = "0.10.77" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "951c002c75e16ea2c65b8c7e4d3d51d5530d8dfa7d060b4776828c88cfb18ecf" +checksum = "bfe4646e360ec77dff7dde40ed3d6c5fee52d156ef4a62f53973d38294dad87f" dependencies = [ - "bitflags 2.11.0", + "bitflags 2.11.1", "cfg-if", "foreign-types", "libc", @@ -4090,9 +4089,9 @@ checksum = "7c87def4c32ab89d880effc9e097653c8da5d6ef28e6b539d313baaacfbafcbe" [[package]] name = "openssl-sys" -version = "0.9.112" +version = "0.9.113" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "57d55af3b3e226502be1526dfdba67ab0e9c96fc293004e79576b2b9edb0dbdb" +checksum = "ad2f2c0eba47118757e4c6d2bff2838f3e0523380021356e7875e858372ce644" dependencies = [ "cc", "libc", @@ -4213,9 +4212,9 @@ dependencies = [ [[package]] name = "parse_link_header" -version = "0.4.0" +version = "0.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fbc23fdb8bbf668d582b0c17120bf6b7f91d85ccad3a5b39706f019a4efda005" +checksum = "4eb9c7a76731a2792f9b97fb34c1e774fff008badcd449d61fcdacb7a912392b" dependencies = [ "http", "lazy_static", @@ -4493,9 +4492,9 @@ dependencies = [ [[package]] name = "pkg-config" -version = "0.3.32" +version = "0.3.33" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7edddbd0b52d732b21ad9a5fab5c704c14cd949e5e9a1ec5929a24fded1b904c" +checksum = "19f132c84eca552bf34cab8ec81f1c1dcc229b811638f9d283dceabe58c5569e" [[package]] name = "plain" @@ -4509,7 +4508,7 @@ version = "0.18.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "60769b8b31b2a9f263dae2776c37b1b28ae246943cf719eb6946a1db05128a61" dependencies = [ - "bitflags 2.11.0", + "bitflags 2.11.1", "crc32fast", "fdeflate", "flate2", @@ -4689,7 +4688,7 @@ version = "0.13.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7c3a14896dfa883796f1cb410461aef38810ea05f2b2c33c5aded3649095fdad" dependencies = [ - "bitflags 2.11.0", + "bitflags 2.11.1", "getopts", "memchr", "pulldown-cmark-escape", @@ -4770,7 +4769,7 @@ dependencies = [ "bytes", "getrandom 0.3.4", "lru-slab", - "rand 0.9.2", + "rand 0.9.4", "ring", "rustc-hash", "rustls", @@ -4842,9 +4841,9 @@ dependencies = [ [[package]] name = "rand" -version = "0.9.2" +version = "0.9.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6db2770f06117d490610c7488547d543617b21bfa07796d7a12f6f1bd53850d1" +checksum = "44c5af06bb1b7d3216d91932aed5265164bf384dc89cd6ba05cf59a35f5f76ea" dependencies = [ "rand_chacha 0.9.0", "rand_core 0.9.5", @@ -4915,7 +4914,7 @@ dependencies = [ "num-traits", "paste", "profiling", - "rand 0.9.2", + "rand 0.9.4", "rand_chacha 0.9.0", "simd_helpers", "thiserror 2.0.18", @@ -4940,9 +4939,9 @@ dependencies = [ [[package]] name = "rayon" -version = "1.11.0" +version = "1.12.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "368f01d005bf8fd9b1206fb6fa653e6c4a81ceb1466406b81792d87c5677a58f" +checksum = "fb39b166781f92d482534ef4b4b1b2568f42613b53e5b6c160e24cfbfa30926d" dependencies = [ "either", "rayon-core", @@ -4978,7 +4977,7 @@ version = "0.5.18" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ed2bf2547551a7053d6fdfafda3f938979645c44812fbfcda098faae3f1a362d" dependencies = [ - "bitflags 2.11.0", + "bitflags 2.11.1", ] [[package]] @@ -4987,7 +4986,7 @@ version = "0.7.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f450ad9c3b1da563fb6948a8e0fb0fb9269711c9c73d9ea1de5058c79c8d643a" dependencies = [ - "bitflags 2.11.0", + "bitflags 2.11.1", ] [[package]] @@ -5230,7 +5229,7 @@ version = "1.1.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b6fe4565b9518b83ef4f91bb47ce29620ca828bd32cb7e408f0062e9930ba190" dependencies = [ - "bitflags 2.11.0", + "bitflags 2.11.1", "errno", "libc", "linux-raw-sys", @@ -5239,9 +5238,9 @@ dependencies = [ [[package]] name = "rustls" -version = "0.23.37" +version = "0.23.38" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "758025cb5fccfd3bc2fd74708fd4682be41d99e5dff73c377c0646c6012c73a4" +checksum = "69f9466fb2c14ea04357e91413efb882e2a6d4a406e625449bc0a5d360d53a21" dependencies = [ "aws-lc-rs", "log", @@ -5277,9 +5276,9 @@ dependencies = [ [[package]] name = "rustls-webpki" -version = "0.103.10" +version = "0.103.12" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "df33b2b81ac578cabaf06b89b0631153a3f416b0a886e8a7a1707fb51abbd1ef" +checksum = "8279bb85272c9f10811ae6a6c547ff594d6a7f3c6c6b02ee9726d1d0dcfcdd06" dependencies = [ "aws-lc-rs", "ring", @@ -5378,7 +5377,7 @@ version = "3.7.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b7f4bc775c73d9a02cde8bf7b2ec4c9d12743edf609006c7facc23998404cd1d" dependencies = [ - "bitflags 2.11.0", + "bitflags 2.11.1", "core-foundation 0.10.1", "core-foundation-sys", "libc", @@ -5896,7 +5895,7 @@ checksum = "aa003f0038df784eb8fecbbac13affe3da23b45194bd57dba231c8f48199c526" dependencies = [ "atoi", "base64 0.22.1", - "bitflags 2.11.0", + "bitflags 2.11.1", "byteorder", "bytes", "chrono", @@ -5940,7 +5939,7 @@ checksum = "db58fcd5a53cf07c184b154801ff91347e4c30d17a3562a635ff028ad5deda46" dependencies = [ "atoi", "base64 0.22.1", - "bitflags 2.11.0", + "bitflags 2.11.1", "byteorder", "chrono", "crc", @@ -6171,7 +6170,7 @@ version = "0.7.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a13f3d0daba03132c0aa9767f98351b3488edc2c100cda2d2ec2b04f3d8d3c8b" dependencies = [ - "bitflags 2.11.0", + "bitflags 2.11.1", "core-foundation 0.9.4", "system-configuration-sys", ] @@ -6370,9 +6369,9 @@ checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20" [[package]] name = "tokio" -version = "1.51.1" +version = "1.52.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f66bf9585cda4b724d3e78ab34b73fb2bbaba9011b9bfdf69dc836382ea13b8c" +checksum = "a91135f59b1cbf38c91e73cf3386fca9bb77915c45ce2771460c9d92f0f3d776" dependencies = [ "bytes", "libc", @@ -6591,7 +6590,7 @@ version = "0.6.8" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d4e6559d53cc268e5031cd8429d05415bc4cb4aefc4aa5d6cc35fbf5b924a1f8" dependencies = [ - "bitflags 2.11.0", + "bitflags 2.11.1", "bytes", "futures-core", "futures-util", @@ -7023,9 +7022,9 @@ checksum = "b8dad83b4f25e74f184f64c43b150b91efe7647395b42289f38e50566d82855b" [[package]] name = "wasm-bindgen" -version = "0.2.117" +version = "0.2.118" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0551fc1bb415591e3372d0bc4780db7e587d84e2a7e79da121051c5c4b89d0b0" +checksum = "0bf938a0bacb0469e83c1e148908bd7d5a6010354cf4fb73279b7447422e3a89" dependencies = [ "cfg-if", "once_cell", @@ -7036,9 +7035,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-futures" -version = "0.4.67" +version = "0.4.68" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "03623de6905b7206edd0a75f69f747f134b7f0a2323392d664448bf2d3c5d87e" +checksum = "f371d383f2fb139252e0bfac3b81b265689bf45b6874af544ffa4c975ac1ebf8" dependencies = [ "js-sys", "wasm-bindgen", @@ -7046,9 +7045,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-macro" -version = "0.2.117" +version = "0.2.118" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7fbdf9a35adf44786aecd5ff89b4563a90325f9da0923236f6104e603c7e86be" +checksum = "eeff24f84126c0ec2db7a449f0c2ec963c6a49efe0698c4242929da037ca28ed" dependencies = [ "quote", "wasm-bindgen-macro-support", @@ -7056,9 +7055,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-macro-support" -version = "0.2.117" +version = "0.2.118" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dca9693ef2bab6d4e6707234500350d8dad079eb508dca05530c85dc3a529ff2" +checksum = "9d08065faf983b2b80a79fd87d8254c409281cf7de75fc4b773019824196c904" dependencies = [ "bumpalo", "proc-macro2", @@ -7069,9 +7068,9 @@ dependencies = [ [[package]] name = "wasm-bindgen-shared" -version = "0.2.117" +version = "0.2.118" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "39129a682a6d2d841b6c429d0c51e5cb0ed1a03829d8b3d1e69a011e62cb3d3b" +checksum = "5fd04d9e306f1907bd13c6361b5c6bfc7b3b3c095ed3f8a9246390f8dbdee129" dependencies = [ "unicode-ident", ] @@ -7117,7 +7116,7 @@ version = "0.244.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "47b807c72e1bac69382b3a6fb3dbe8ea4c0ed87ff5629b8685ae6b9a611028fe" dependencies = [ - "bitflags 2.11.0", + "bitflags 2.11.1", "hashbrown 0.15.5", "indexmap 2.14.0", "semver", @@ -7125,9 +7124,9 @@ dependencies = [ [[package]] name = "web-sys" -version = "0.3.94" +version = "0.3.95" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cd70027e39b12f0849461e08ffc50b9cd7688d942c1c8e3c7b22273236b4dd0a" +checksum = "4f2dfbb17949fa2088e5d39408c48368947b86f7834484e87b73de55bc14d97d" dependencies = [ "js-sys", "wasm-bindgen", @@ -7229,7 +7228,7 @@ dependencies = [ "nom 7.1.3", "openssl", "openssl-sys", - "rand 0.9.2", + "rand 0.9.4", "rand_chacha 0.9.0", "serde", "serde_cbor_2", @@ -7649,7 +7648,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9d66ea20e9553b30172b5e831994e35fbde2d165325bec84fc43dbf6f4eb9cb2" dependencies = [ "anyhow", - "bitflags 2.11.0", + "bitflags 2.11.1", "indexmap 2.14.0", "log", "serde", diff --git a/Cross.toml b/Cross.toml deleted file mode 100644 index 499cd583a9..0000000000 --- a/Cross.toml +++ /dev/null @@ -1,41 +0,0 @@ -[build.env] -passthrough = ["SQLX_OFFLINE=true"] - -[target.x86_64-unknown-linux-gnu] -image = "ghcr.io/defguard/cross:x86_64-unknown-linux-gnu" -pre-build = [ - "apt-get update && apt-get install --assume-yes libssl-dev unzip", - "PB_REL='https://github.com/protocolbuffers/protobuf/releases'", - "PB_VERSION='3.20.0' && curl -LO $PB_REL/download/v$PB_VERSION/protoc-$PB_VERSION-linux-x86_64.zip", - "unzip -o protoc-$PB_VERSION-linux-x86_64.zip bin/protoc include/google/* -d /usr", -] - -[target.armv7-unknown-linux-gnueabihf] -image = "ghcr.io/defguard/cross:armv7-unknown-linux-gnueabihf" -pre-build = [ - "dpkg --add-architecture $CROSS_DEB_ARCH", - "apt-get update && apt-get install --assume-yes libssl-dev libssl-dev:$CROSS_DEB_ARCH unzip", - "PB_REL='https://github.com/protocolbuffers/protobuf/releases'", - "PB_VERSION='3.20.0' && curl -LO $PB_REL/download/v$PB_VERSION/protoc-$PB_VERSION-linux-x86_64.zip", - "unzip -o protoc-$PB_VERSION-linux-x86_64.zip bin/protoc include/google/* -d /usr", -] - -[target.aarch64-unknown-linux-gnu] -image = "ghcr.io/defguard/cross:aarch64-unknown-linux-gnu" -pre-build = [ - "dpkg --add-architecture $CROSS_DEB_ARCH", - "apt-get update && apt-get install --assume-yes libssl-dev libssl-dev:$CROSS_DEB_ARCH unzip", - "PB_REL='https://github.com/protocolbuffers/protobuf/releases'", - "PB_VERSION='3.20.0' && curl -LO $PB_REL/download/v$PB_VERSION/protoc-$PB_VERSION-linux-x86_64.zip", - "unzip -o protoc-$PB_VERSION-linux-x86_64.zip bin/protoc include/google/* -d /usr", -] - - -[target.x86_64-unknown-freebsd] -image = "ghcr.io/defguard/cross:x86_64-unknown-freebsd" -pre-build = [ - "apt-get update && apt-get install --assume-yes libssl-dev unzip", - "PB_REL='https://github.com/protocolbuffers/protobuf/releases'", - "PB_VERSION='3.20.0' && curl -LO $PB_REL/download/v$PB_VERSION/protoc-$PB_VERSION-linux-x86_64.zip", - "unzip -o protoc-$PB_VERSION-linux-x86_64.zip bin/protoc include/google/* -d /usr", -] diff --git a/defguard.service.freebsd b/defguard.service.freebsd index d9ae3b89a1..c8ae9118db 100644 --- a/defguard.service.freebsd +++ b/defguard.service.freebsd @@ -9,6 +9,7 @@ name="defguard" rcvar=defguard_enable command="/usr/local/bin/defguard" +config="/etc/defguard/core.conf" start_cmd="${name}_start" defguard_start() From ec7979e3448f891dbfe740082da4e54b759f1a5a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adam=20Ciarcin=CC=81ski?= Date: Wed, 15 Apr 2026 09:58:11 +0200 Subject: [PATCH 2/4] Remove test --- .github/workflows/release.yml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 40f60b0ac8..7bba3381b2 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,8 +1,6 @@ name: Make a new release on: push: - branches: - - cross tags: - v*.*.* @@ -64,9 +62,6 @@ jobs: with: draft: true generate_release_notes: true - # TODO: remove - release_name: test - tag_name: test create-sbom: needs: From 1122670ee51c1a309379885ddf4730a9a164b185 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adam=20Ciarcin=CC=81ski?= Date: Wed, 15 Apr 2026 12:41:10 +0200 Subject: [PATCH 3/4] fix lints --- .github/workflows/lint-e2e.yml | 36 ++++++++++++++++++++------------- .github/workflows/lint-web.yml | 37 ++++++++++++++++++---------------- .github/workflows/release.yml | 4 +++- 3 files changed, 45 insertions(+), 32 deletions(-) diff --git a/.github/workflows/lint-e2e.yml b/.github/workflows/lint-e2e.yml index 6eaf5f2f7f..b6a4aa5d78 100644 --- a/.github/workflows/lint-e2e.yml +++ b/.github/workflows/lint-e2e.yml @@ -16,20 +16,28 @@ on: jobs: lint-e2e: - runs-on: [self-hosted, Linux, X64] + runs-on: + - codebuild-defguard-core-runner-${{ github.run_id }}-${{ github.run_attempt }} steps: - - uses: actions/checkout@v6 - - uses: actions/setup-node@v6 + - name: Checkout + uses: actions/checkout@v6 with: - node-version-file: "./e2e/.nvmrc" - - uses: pnpm/action-setup@v4 + submodules: recursive + + - name: Install NodeJS + uses: actions/setup-node@v6 + with: + node-version: 25 + + - name: Install pnpm + uses: pnpm/action-setup@v6 with: - # FIXME: temporarily pinned because of https://github.com/pnpm/pnpm/pull/9959 - version: 10.17 - run_install: false - - name: install deps - working-directory: ./e2e - run: pnpm i --frozen-lockfile - - name: Lint - working-directory: ./e2e - run: pnpm lint + version: 10 + + # Change to '--frozen-lockfile' once this gets fixed: + # https://github.com/pnpm/action-setup/issues/40 + - name: Build and lint e2e + working-directory: e2e + run: | + pnpm install --no-frozen-lockfile + pnpm lint diff --git a/.github/workflows/lint-web.yml b/.github/workflows/lint-web.yml index ae2de80f20..46912d35cf 100644 --- a/.github/workflows/lint-web.yml +++ b/.github/workflows/lint-web.yml @@ -20,25 +20,28 @@ jobs: lint-web: runs-on: - codebuild-defguard-core-runner-${{ github.run_id }}-${{ github.run_attempt }} - steps: - - uses: actions/checkout@v6 + - name: Checkout + uses: actions/checkout@v6 with: - submodules: "recursive" - - uses: actions/setup-node@v6 + submodules: recursive + + - name: Install NodeJS + uses: actions/setup-node@v6 with: node-version: 25 - - name: install deps - working-directory: ./web + + - name: Install pnpm + uses: pnpm/action-setup@v6 + with: + version: 10 + + # Change to '--frozen-lockfile' once this gets fixed: + # https://github.com/pnpm/action-setup/issues/40 + - name: Lint frontend + working-directory: web run: | - npm i -g npm pnpm - pnpm i --frozen-lockfile - - name: Build - working-directory: ./web - run: pnpm run build - - name: Lint - working-directory: ./web - run: pnpm run lint - - name: Audit - working-directory: ./web - run: pnpm audit --prod --ignore-unfixable + pnpm install --ignore-scripts --no-frozen-lockfile + pnpm build + pnpm lint + pnpm audit --prod --ignore-unfixable diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 7bba3381b2..00be6a2a23 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -105,8 +105,10 @@ jobs: # Change to '--frozen-lockfile' once this gets fixed: # https://github.com/pnpm/action-setup/issues/40 - name: Build frontend - run: pnpm install --ignore-scripts --no-frozen-lockfile && pnpm build working-directory: web + run: | + pnpm install --ignore-scripts --no-frozen-lockfile + pnpm build - name: Install Rust stable uses: dtolnay/rust-toolchain@stable From 6a3f146c56addc67c7b49ecde2cefd0ce2f12da1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adam=20Ciarcin=CC=81ski?= Date: Wed, 15 Apr 2026 15:22:27 +0200 Subject: [PATCH 4/4] fix --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 00be6a2a23..1e5eb11577 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -177,7 +177,7 @@ jobs: "defguard-${{ env.VERSION }}-aarch64-unknown-linux-gnu=/usr/bin/defguard defguard.service=/usr/lib/systemd/system/defguard.service .env-template=/etc/defguard/core.conf" - fpm_opts: "--architecture arm64 --output-type rpm --version ${{ env.VERSION }} --package defguard-${{ env.VERSION }}-aarch64-unknown-freebsd.rpm" + fpm_opts: "--architecture arm64 --output-type rpm --version ${{ env.VERSION }} --package defguard-${{ env.VERSION }}-aarch64-unknown-linux-gnu.rpm" - name: Build FreeBSD package uses: defGuard/fpm-action@main