From f667af7799cdf3c180471e70e1d60ed746b9c244 Mon Sep 17 00:00:00 2001 From: Kuba <78603704+jakub-tldr@users.noreply.github.com> Date: Wed, 20 May 2026 17:52:34 +0200 Subject: [PATCH 1/8] test workflow --- .github/workflows/release.yml | 164 ++++++++++++++++++++++++++-------- 1 file changed, 128 insertions(+), 36 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index d3fec17f..53c531b9 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -3,6 +3,8 @@ on: push: tags: - v*.*.* + branches: + - build-additional-debs concurrency: group: ${{ github.workflow }}-${{ github.ref }} @@ -15,34 +17,34 @@ env: RUSTC_WRAPPER: "sccache" jobs: - build-docker-release: - # Ignore tags with -, like v1.0.0-alpha - if: startsWith(github.ref, 'refs/tags/') && !contains(github.ref, '-') - name: Build Release Docker image - uses: ./.github/workflows/build-docker.yml - with: - tags: | - type=semver,pattern={{version}} - type=semver,pattern={{major}}.{{minor}} - type=semver,pattern={{major}} - type=sha - # Explicitly disable latest tag. It will be added by publish-docker-latest.yml. - flavor: | - latest=false - - build-docker-prerelease: - # Only build tags with -, like v1.0.0-alpha - if: startsWith(github.ref, 'refs/tags/') && contains(github.ref, '-') - name: Build Pre-release Docker image - uses: ./.github/workflows/build-docker.yml - with: - tags: | - type=raw,value=pre-release - type=semver,pattern={{version}} - type=sha - # Explicitly disable latest tag. It will be added otherwise. - flavor: | - latest=false + # build-docker-release: + # # Ignore tags with -, like v1.0.0-alpha + # if: startsWith(github.ref, 'refs/tags/') && !contains(github.ref, '-') + # name: Build Release Docker image + # uses: ./.github/workflows/build-docker.yml + # with: + # tags: | + # type=semver,pattern={{version}} + # type=semver,pattern={{major}}.{{minor}} + # type=semver,pattern={{major}} + # type=sha + # # Explicitly disable latest tag. It will be added by publish-docker-latest.yml. + # flavor: | + # latest=false + + # build-docker-prerelease: + # # Only build tags with -, like v1.0.0-alpha + # if: startsWith(github.ref, 'refs/tags/') && contains(github.ref, '-') + # name: Build Pre-release Docker image + # uses: ./.github/workflows/build-docker.yml + # with: + # tags: | + # type=raw,value=pre-release + # type=semver,pattern={{version}} + # type=sha + # # Explicitly disable latest tag. It will be added otherwise. + # flavor: | + # latest=false create-release: name: create-release @@ -55,15 +57,16 @@ jobs: uses: shogo82148/actions-create-release@6a396031bc74c57403da1018fec74d24c6aa03cd # v1 with: draft: true + tag_name: v2.0.1-test generate_release_notes: true - create-sbom: - needs: - - create-release - - build-docker-release - uses: ./.github/workflows/sbom.yml - with: - upload_url: ${{ needs.create-release.outputs.upload_url }} + # create-sbom: + # needs: + # - create-release + # - build-docker-release + # uses: ./.github/workflows/sbom.yml + # with: + # upload_url: ${{ needs.create-release.outputs.upload_url }} build-release: needs: @@ -76,7 +79,8 @@ jobs: # Store the version, stripping any v-prefix - name: Write release version run: | - VERSION=${GITHUB_REF_NAME#v} + # VERSION=${GITHUB_REF_NAME#v} + VERSION="2.0.1-test" echo Version: $VERSION echo "VERSION=$VERSION" >> $GITHUB_ENV @@ -308,3 +312,91 @@ jobs: asset_path: defguard-gateway-${{ env.VERSION }}_x86_64-unknown-opnsense.pkg asset_content_type: application/x-pkg overwrite: true + + ubuntu-22-04-build: + needs: + - create-release + runs-on: + - self-hosted + - Linux + - ${{ matrix.architecture }} + strategy: + fail-fast: false + matrix: + architecture: [ARM64, X64] + include: + - architecture: ARM64 + deb_arch: arm64 + rust_target: aarch64-unknown-linux-gnu + - architecture: X64 + deb_arch: amd64 + rust_target: x86_64-unknown-linux-gnu + container: + image: ubuntu:22.04 + env: + DEBIAN_FRONTEND: noninteractive + HOME: /root + RUSTUP_HOME: /root/.rustup + CARGO_HOME: /root/.cargo + env: + RUSTC_WRAPPER: "" + + steps: + - name: Install git + run: | + apt-get update + apt-get install -y git curl ca-certificates libatomic1 + git config --global --add safe.directory '*' + + - name: Checkout + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + with: + submodules: recursive + + - name: Write release version + run: | + # VERSION=${GITHUB_REF_NAME#v} + VERSION="2.0.1-test" + echo Version: $VERSION + echo "VERSION=$VERSION" >> $GITHUB_ENV + + - name: Install Rust stable + uses: dtolnay/rust-toolchain@29eef336d9b2848a0b548edc03f92a220660cdb8 # stable + + - name: Install build dependencies + run: | + apt-get install -y \ + build-essential pkg-config cmake \ + libssl-dev \ + protobuf-compiler libprotobuf-dev \ + ruby ruby-dev rubygems rpm + gem install fpm --no-document + + - name: Build binary + run: | + cargo build --locked --release --target ${{ matrix.rust_target }} + + - name: Build DEB package (ubuntu-22-04-lts) + run: | + fpm \ + --output-type deb \ + --version "${{ env.VERSION }}" \ + --architecture ${{ matrix.deb_arch }} \ + --package defguard-gateway-${{ env.VERSION }}-${{ matrix.deb_arch }}_ubuntu-22-04-lts.deb \ + --before-install linux/preinst \ + --after-install linux/postinst \ + --before-remove linux/prerm \ + --after-remove linux/postrm \ + "target/${{ matrix.rust_target }}/release/defguard-gateway=/usr/bin/defguard-gateway" \ + "linux/defguard-gateway.service=/usr/lib/systemd/system/defguard-gateway.service" \ + "example-config.toml=/etc/defguard/gateway.toml" + + - name: Upload ubuntu-22-04-lts DEB + uses: shogo82148/actions-upload-release-asset@ee2ae851dc5d938b90075b3ef12c540abfd1ee72 # v1 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + upload_url: ${{ needs.create-release.outputs.upload_url }} + asset_path: defguard-gateway-${{ env.VERSION }}-${{ matrix.deb_arch }}_ubuntu-22-04-lts.deb + asset_content_type: application/gzip + overwrite: true From c6ea14900abf46666d8cc6df457c14f1d640f505 Mon Sep 17 00:00:00 2001 From: Kuba <78603704+jakub-tldr@users.noreply.github.com> Date: Wed, 20 May 2026 18:09:13 +0200 Subject: [PATCH 2/8] add dep --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 53c531b9..c5fbe036 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -367,7 +367,7 @@ jobs: run: | apt-get install -y \ build-essential pkg-config cmake \ - libssl-dev \ + libssl-dev libmnl-dev \ protobuf-compiler libprotobuf-dev \ ruby ruby-dev rubygems rpm gem install fpm --no-document From 046c679f079d60ee42cdbb200152529c800c1b26 Mon Sep 17 00:00:00 2001 From: Kuba <78603704+jakub-tldr@users.noreply.github.com> Date: Wed, 20 May 2026 18:20:30 +0200 Subject: [PATCH 3/8] another one --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index c5fbe036..a0ba3196 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -367,7 +367,7 @@ jobs: run: | apt-get install -y \ build-essential pkg-config cmake \ - libssl-dev libmnl-dev \ + libssl-dev libmnl-dev libnftnl-dev \ protobuf-compiler libprotobuf-dev \ ruby ruby-dev rubygems rpm gem install fpm --no-document From b90f81a863df289328b2f25d00ec8cce57bec8a6 Mon Sep 17 00:00:00 2001 From: Kuba <78603704+jakub-tldr@users.noreply.github.com> Date: Wed, 20 May 2026 18:44:37 +0200 Subject: [PATCH 4/8] remove test trigger --- .github/workflows/release.yml | 79 ++++++++++++++++------------------- 1 file changed, 37 insertions(+), 42 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index a0ba3196..bdb5b75f 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -3,8 +3,6 @@ on: push: tags: - v*.*.* - branches: - - build-additional-debs concurrency: group: ${{ github.workflow }}-${{ github.ref }} @@ -17,34 +15,34 @@ env: RUSTC_WRAPPER: "sccache" jobs: - # build-docker-release: - # # Ignore tags with -, like v1.0.0-alpha - # if: startsWith(github.ref, 'refs/tags/') && !contains(github.ref, '-') - # name: Build Release Docker image - # uses: ./.github/workflows/build-docker.yml - # with: - # tags: | - # type=semver,pattern={{version}} - # type=semver,pattern={{major}}.{{minor}} - # type=semver,pattern={{major}} - # type=sha - # # Explicitly disable latest tag. It will be added by publish-docker-latest.yml. - # flavor: | - # latest=false - - # build-docker-prerelease: - # # Only build tags with -, like v1.0.0-alpha - # if: startsWith(github.ref, 'refs/tags/') && contains(github.ref, '-') - # name: Build Pre-release Docker image - # uses: ./.github/workflows/build-docker.yml - # with: - # tags: | - # type=raw,value=pre-release - # type=semver,pattern={{version}} - # type=sha - # # Explicitly disable latest tag. It will be added otherwise. - # flavor: | - # latest=false + build-docker-release: + # Ignore tags with -, like v1.0.0-alpha + if: startsWith(github.ref, 'refs/tags/') && !contains(github.ref, '-') + name: Build Release Docker image + uses: ./.github/workflows/build-docker.yml + with: + tags: | + type=semver,pattern={{version}} + type=semver,pattern={{major}}.{{minor}} + type=semver,pattern={{major}} + type=sha + # Explicitly disable latest tag. It will be added by publish-docker-latest.yml. + flavor: | + latest=false + + build-docker-prerelease: + # Only build tags with -, like v1.0.0-alpha + if: startsWith(github.ref, 'refs/tags/') && contains(github.ref, '-') + name: Build Pre-release Docker image + uses: ./.github/workflows/build-docker.yml + with: + tags: | + type=raw,value=pre-release + type=semver,pattern={{version}} + type=sha + # Explicitly disable latest tag. It will be added otherwise. + flavor: | + latest=false create-release: name: create-release @@ -57,16 +55,15 @@ jobs: uses: shogo82148/actions-create-release@6a396031bc74c57403da1018fec74d24c6aa03cd # v1 with: draft: true - tag_name: v2.0.1-test generate_release_notes: true - # create-sbom: - # needs: - # - create-release - # - build-docker-release - # uses: ./.github/workflows/sbom.yml - # with: - # upload_url: ${{ needs.create-release.outputs.upload_url }} + create-sbom: + needs: + - create-release + - build-docker-release + uses: ./.github/workflows/sbom.yml + with: + upload_url: ${{ needs.create-release.outputs.upload_url }} build-release: needs: @@ -79,8 +76,7 @@ jobs: # Store the version, stripping any v-prefix - name: Write release version run: | - # VERSION=${GITHUB_REF_NAME#v} - VERSION="2.0.1-test" + VERSION=${GITHUB_REF_NAME#v} echo Version: $VERSION echo "VERSION=$VERSION" >> $GITHUB_ENV @@ -355,8 +351,7 @@ jobs: - name: Write release version run: | - # VERSION=${GITHUB_REF_NAME#v} - VERSION="2.0.1-test" + VERSION=${GITHUB_REF_NAME#v} echo Version: $VERSION echo "VERSION=$VERSION" >> $GITHUB_ENV From 09e20b92e1eb5af48afa77f157218db36356ece8 Mon Sep 17 00:00:00 2001 From: Kuba <78603704+jakub-tldr@users.noreply.github.com> Date: Thu, 21 May 2026 11:49:34 +0200 Subject: [PATCH 5/8] apply suggestions and test workflow --- .github/workflows/release.yml | 79 ++++++++++++++++++----------------- 1 file changed, 40 insertions(+), 39 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index bdb5b75f..6b7f8cda 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -15,34 +15,34 @@ env: RUSTC_WRAPPER: "sccache" jobs: - build-docker-release: - # Ignore tags with -, like v1.0.0-alpha - if: startsWith(github.ref, 'refs/tags/') && !contains(github.ref, '-') - name: Build Release Docker image - uses: ./.github/workflows/build-docker.yml - with: - tags: | - type=semver,pattern={{version}} - type=semver,pattern={{major}}.{{minor}} - type=semver,pattern={{major}} - type=sha - # Explicitly disable latest tag. It will be added by publish-docker-latest.yml. - flavor: | - latest=false - - build-docker-prerelease: - # Only build tags with -, like v1.0.0-alpha - if: startsWith(github.ref, 'refs/tags/') && contains(github.ref, '-') - name: Build Pre-release Docker image - uses: ./.github/workflows/build-docker.yml - with: - tags: | - type=raw,value=pre-release - type=semver,pattern={{version}} - type=sha - # Explicitly disable latest tag. It will be added otherwise. - flavor: | - latest=false + # build-docker-release: + # # Ignore tags with -, like v1.0.0-alpha + # if: startsWith(github.ref, 'refs/tags/') && !contains(github.ref, '-') + # name: Build Release Docker image + # uses: ./.github/workflows/build-docker.yml + # with: + # tags: | + # type=semver,pattern={{version}} + # type=semver,pattern={{major}}.{{minor}} + # type=semver,pattern={{major}} + # type=sha + # # Explicitly disable latest tag. It will be added by publish-docker-latest.yml. + # flavor: | + # latest=false + + # build-docker-prerelease: + # # Only build tags with -, like v1.0.0-alpha + # if: startsWith(github.ref, 'refs/tags/') && contains(github.ref, '-') + # name: Build Pre-release Docker image + # uses: ./.github/workflows/build-docker.yml + # with: + # tags: | + # type=raw,value=pre-release + # type=semver,pattern={{version}} + # type=sha + # # Explicitly disable latest tag. It will be added otherwise. + # flavor: | + # latest=false create-release: name: create-release @@ -55,15 +55,16 @@ jobs: uses: shogo82148/actions-create-release@6a396031bc74c57403da1018fec74d24c6aa03cd # v1 with: draft: true + tag_name: v2.0.1-test generate_release_notes: true - create-sbom: - needs: - - create-release - - build-docker-release - uses: ./.github/workflows/sbom.yml - with: - upload_url: ${{ needs.create-release.outputs.upload_url }} + # create-sbom: + # needs: + # - create-release + # - build-docker-release + # uses: ./.github/workflows/sbom.yml + # with: + # upload_url: ${{ needs.create-release.outputs.upload_url }} build-release: needs: @@ -76,7 +77,8 @@ jobs: # Store the version, stripping any v-prefix - name: Write release version run: | - VERSION=${GITHUB_REF_NAME#v} + # VERSION=${GITHUB_REF_NAME#v} + VERSION="2.0.1-test" echo Version: $VERSION echo "VERSION=$VERSION" >> $GITHUB_ENV @@ -334,8 +336,6 @@ jobs: HOME: /root RUSTUP_HOME: /root/.rustup CARGO_HOME: /root/.cargo - env: - RUSTC_WRAPPER: "" steps: - name: Install git @@ -351,7 +351,8 @@ jobs: - name: Write release version run: | - VERSION=${GITHUB_REF_NAME#v} + # VERSION=${GITHUB_REF_NAME#v} + VERSION="2.0.1-test" echo Version: $VERSION echo "VERSION=$VERSION" >> $GITHUB_ENV From 0ff0af80642b26be65cd4b1cdbd7d7d4245291e0 Mon Sep 17 00:00:00 2001 From: Kuba <78603704+jakub-tldr@users.noreply.github.com> Date: Thu, 21 May 2026 11:49:59 +0200 Subject: [PATCH 6/8] add trigger --- .github/workflows/release.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 6b7f8cda..0836e13d 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -3,6 +3,8 @@ on: push: tags: - v*.*.* + branches: + - build-additional-debs concurrency: group: ${{ github.workflow }}-${{ github.ref }} From d06e16273f206694393e597b9e7084f52dba6133 Mon Sep 17 00:00:00 2001 From: Kuba <78603704+jakub-tldr@users.noreply.github.com> Date: Thu, 21 May 2026 12:02:00 +0200 Subject: [PATCH 7/8] move env --- .github/workflows/release.yml | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 0836e13d..464ea23f 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -10,11 +10,7 @@ concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true -env: - SQLX_OFFLINE: "1" - # sccache - SCCACHE_GHA_ENABLED: "true" - RUSTC_WRAPPER: "sccache" + jobs: # build-docker-release: @@ -75,6 +71,11 @@ jobs: - self-hosted - Linux - X64 + env: + SQLX_OFFLINE: "1" + # sccache + SCCACHE_GHA_ENABLED: "true" + RUSTC_WRAPPER: "sccache" steps: # Store the version, stripping any v-prefix - name: Write release version From be6605e35491cd582b0a84e92ee8ea411b087cdf Mon Sep 17 00:00:00 2001 From: Kuba <78603704+jakub-tldr@users.noreply.github.com> Date: Thu, 21 May 2026 12:31:43 +0200 Subject: [PATCH 8/8] remove test trigger --- .github/workflows/release.yml | 79 ++++++++++++++++------------------- 1 file changed, 37 insertions(+), 42 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 464ea23f..907141d1 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -3,8 +3,6 @@ on: push: tags: - v*.*.* - branches: - - build-additional-debs concurrency: group: ${{ github.workflow }}-${{ github.ref }} @@ -13,34 +11,34 @@ concurrency: jobs: - # build-docker-release: - # # Ignore tags with -, like v1.0.0-alpha - # if: startsWith(github.ref, 'refs/tags/') && !contains(github.ref, '-') - # name: Build Release Docker image - # uses: ./.github/workflows/build-docker.yml - # with: - # tags: | - # type=semver,pattern={{version}} - # type=semver,pattern={{major}}.{{minor}} - # type=semver,pattern={{major}} - # type=sha - # # Explicitly disable latest tag. It will be added by publish-docker-latest.yml. - # flavor: | - # latest=false - - # build-docker-prerelease: - # # Only build tags with -, like v1.0.0-alpha - # if: startsWith(github.ref, 'refs/tags/') && contains(github.ref, '-') - # name: Build Pre-release Docker image - # uses: ./.github/workflows/build-docker.yml - # with: - # tags: | - # type=raw,value=pre-release - # type=semver,pattern={{version}} - # type=sha - # # Explicitly disable latest tag. It will be added otherwise. - # flavor: | - # latest=false + build-docker-release: + # Ignore tags with -, like v1.0.0-alpha + if: startsWith(github.ref, 'refs/tags/') && !contains(github.ref, '-') + name: Build Release Docker image + uses: ./.github/workflows/build-docker.yml + with: + tags: | + type=semver,pattern={{version}} + type=semver,pattern={{major}}.{{minor}} + type=semver,pattern={{major}} + type=sha + # Explicitly disable latest tag. It will be added by publish-docker-latest.yml. + flavor: | + latest=false + + build-docker-prerelease: + # Only build tags with -, like v1.0.0-alpha + if: startsWith(github.ref, 'refs/tags/') && contains(github.ref, '-') + name: Build Pre-release Docker image + uses: ./.github/workflows/build-docker.yml + with: + tags: | + type=raw,value=pre-release + type=semver,pattern={{version}} + type=sha + # Explicitly disable latest tag. It will be added otherwise. + flavor: | + latest=false create-release: name: create-release @@ -53,16 +51,15 @@ jobs: uses: shogo82148/actions-create-release@6a396031bc74c57403da1018fec74d24c6aa03cd # v1 with: draft: true - tag_name: v2.0.1-test generate_release_notes: true - # create-sbom: - # needs: - # - create-release - # - build-docker-release - # uses: ./.github/workflows/sbom.yml - # with: - # upload_url: ${{ needs.create-release.outputs.upload_url }} + create-sbom: + needs: + - create-release + - build-docker-release + uses: ./.github/workflows/sbom.yml + with: + upload_url: ${{ needs.create-release.outputs.upload_url }} build-release: needs: @@ -80,8 +77,7 @@ jobs: # Store the version, stripping any v-prefix - name: Write release version run: | - # VERSION=${GITHUB_REF_NAME#v} - VERSION="2.0.1-test" + VERSION=${GITHUB_REF_NAME#v} echo Version: $VERSION echo "VERSION=$VERSION" >> $GITHUB_ENV @@ -354,8 +350,7 @@ jobs: - name: Write release version run: | - # VERSION=${GITHUB_REF_NAME#v} - VERSION="2.0.1-test" + VERSION=${GITHUB_REF_NAME#v} echo Version: $VERSION echo "VERSION=$VERSION" >> $GITHUB_ENV