Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions .github/workflows/build-macos.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -73,11 +73,11 @@ jobs:
pnpm build

- name: Build app
uses: tauri-apps/tauri-action@v0
uses: tauri-apps/tauri-action@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
args: --target universal-apple-darwin
args: --config src-tauri/tauri.app.conf.json --target universal-apple-darwin

# - name: Bundle Defguard CLI
# env:
Expand Down
83 changes: 83 additions & 0 deletions .github/workflows/release-macos.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,83 @@
name: Build macOS dmg
on:
workflow_call:
inputs:
upload_url:
description: 'Upload URL for release'
required: true
type: string

env:
SQLX_OFFLINE: "1"

jobs:
build-macos-dmg:
runs-on:
- self-hosted
- macOS
steps:
- uses: actions/checkout@v6
with:
submodules: recursive

- name: Write release version
run: |
VERSION=$(echo ${GITHUB_REF_NAME#v} | cut -d '-' -f1)
echo Version: $VERSION
echo "VERSION=$VERSION" >> ${GITHUB_ENV}
if [ "${GITHUB_REF_TYPE}" = "tag" ]; then
echo "DEFGUARD_CLIENT_BUILD_VERSION=${GITHUB_REF_NAME#v}" >> ${GITHUB_ENV}
fi

- uses: actions/setup-node@v6
with:
node-version: 26

- uses: pnpm/action-setup@v6
with:
cache: true
version: 11

- name: Install Node dependencies for New UI
run: |
cd new-ui
pnpm install --no-frozen-lockfile

- name: Install Rust stable
uses: dtolnay/rust-toolchain@stable
with:
targets: aarch64-apple-darwin,x86_64-apple-darwin

- name: Set build number
run: |
sed -i '' "s,@BUILD_NUMBER@,${{ github.run_number }}," swift/extension/VPNExtension.xcodeproj/project.pbxproj
sed -i '' "s,@BUILD_NUMBER@,${{ github.run_number }}," src-tauri/tauri.macos.conf.json
sed -i '' "s,@BUILD_NUMBER@,${{ github.run_number }}," src-tauri/client-cli/Info.plist

- name: Unlock keychain
run: security -v unlock-keychain -p "${{ secrets.KEYCHAIN_PASSWORD }}" login.keychain

- name: Build new UI
run: |
cd new-ui
pnpm build

- name: Build app
uses: tauri-apps/tauri-action@v1
env:
APPLE_API_ISSUER: ${{ secrets.APPLE_API_KEY }}
APPLE_API_KEY: ${{ secrets.APPLE_API_KEY }}
APPLE_SIGNING_IDENTITY: "Apple Distribution: defguard sp. z o.o. (82GZ7KN29J)"
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
args: --config src-tauri/tauri.dmg.conf.json --target universal-apple-darwin

- name: Upload DMG
uses: shogo82148/actions-upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ inputs.upload_url }}
asset_path: src-tauri/target/universal-apple-darwin/release/bundle/dmg/Defguard_${{ env.VERSION }}_universal.dmg
asset_content_type: application/x-apple-diskimage
overwrite: true
40 changes: 19 additions & 21 deletions .github/workflows/release.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ jobs:
steps:
- name: Create GitHub release
id: release
uses: softprops/action-gh-release@v2
uses: softprops/action-gh-release@v3
with:
draft: true
generate_release_notes: true
Expand Down Expand Up @@ -113,7 +113,7 @@ jobs:
args: "--bundles deb"

- name: Upload DEB
uses: actions/upload-release-asset@v1
uses: shogo82148/actions-upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
Expand All @@ -132,13 +132,12 @@ jobs:
fpm_opts: "--architecture ${{ matrix.binary_arch }} --debug --output-type deb --version ${{ env.VERSION }} --package dg-linux-${{ env.VERSION }}_${{ matrix.deb_arch }}_ubuntu-22-04-lts.deb"

- name: Upload DEB
uses: actions/upload-release-asset@v1
uses: shogo82148/actions-upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ needs.create-release.outputs.upload_url }}
asset_path: dg-linux-${{ env.VERSION }}_${{ matrix.deb_arch }}_ubuntu-22-04-lts.deb
asset_name: dg-linux-${{ env.VERSION }}_${{ matrix.deb_arch }}_ubuntu-22-04-lts.deb
asset_content_type: application/octet-stream

build-linux:
Expand Down Expand Up @@ -227,23 +226,21 @@ jobs:
echo "deb_sha256_${{ matrix.deb_arch }}=$DEB_SHA256" >> ${GITHUB_OUTPUT}

- name: Upload RPM
uses: actions/upload-release-asset@v1
uses: shogo82148/actions-upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ needs.create-release.outputs.upload_url }}
asset_path: src-tauri/target/release/bundle/rpm/defguard-client-${{ env.VERSION }}-1.${{ matrix.binary_arch }}.rpm
asset_name: defguard-client-${{ env.VERSION }}-1.${{ matrix.binary_arch }}.rpm
asset_content_type: application/octet-stream

- name: Upload DEB
uses: actions/upload-release-asset@v1
uses: shogo82148/actions-upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ needs.create-release.outputs.upload_url }}
asset_path: src-tauri/target/release/bundle/deb/defguard-client_${{ env.VERSION }}_${{ matrix.deb_arch }}.deb
asset_name: defguard-client_${{ env.VERSION }}_${{ matrix.deb_arch }}.deb
asset_content_type: application/octet-stream

- name: Rename and tar client binary
Expand All @@ -253,13 +250,12 @@ jobs:
defguard-client-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}

- name: Upload client archive
uses: actions/upload-release-asset@v1
uses: shogo82148/actions-upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ needs.create-release.outputs.upload_url }}
asset_path: defguard-client-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.tar.gz
asset_name: defguard-client-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.tar.gz
asset_content_type: application/octet-stream

- name: Rename and tar daemon binary
Expand All @@ -269,13 +265,12 @@ jobs:
defguard-service-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}

- name: Upload daemon archive
uses: actions/upload-release-asset@v1
uses: shogo82148/actions-upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ needs.create-release.outputs.upload_url }}
asset_path: defguard-service-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.tar.gz
asset_name: defguard-service-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.tar.gz
asset_content_type: application/octet-stream

- name: Rename and tar defguard-cli binary
Expand All @@ -285,13 +280,12 @@ jobs:
defguard-cli-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}

- name: Upload defguard-cli archive
uses: actions/upload-release-asset@v1
uses: shogo82148/actions-upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ needs.create-release.outputs.upload_url }}
asset_path: defguard-cli-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.tar.gz
asset_name: defguard-cli-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.tar.gz
asset_content_type: application/octet-stream

- name: Rename and tar dg binary
Expand All @@ -301,13 +295,12 @@ jobs:
dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}

- name: Upload dg archive
uses: actions/upload-release-asset@v1
uses: shogo82148/actions-upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ needs.create-release.outputs.upload_url }}
asset_path: dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.tar.gz
asset_name: dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.tar.gz
asset_content_type: application/octet-stream

- name: Build dg deb
Expand All @@ -317,13 +310,12 @@ jobs:
fpm_opts: "--architecture ${{ matrix.binary_arch }} --debug --output-type deb --version ${{ env.VERSION }} --package dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.deb"

- name: Upload DEB
uses: actions/upload-release-asset@v1.0.2
uses: shogo82148/actions-upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ needs.create-release.outputs.upload_url }}
asset_path: dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.deb
asset_name: dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.deb
asset_content_type: application/octet-stream

- name: Build dg rpm
Expand All @@ -333,15 +325,21 @@ jobs:
fpm_opts: "--architecture ${{ matrix.binary_arch }} --debug --output-type rpm --version ${{ env.VERSION }} --package dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.rpm"

- name: Upload RPM
uses: actions/upload-release-asset@v1.0.2
uses: shogo82148/actions-upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ needs.create-release.outputs.upload_url }}
asset_path: dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.rpm
asset_name: dg-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}.rpm
asset_content_type: application/octet-stream

build-macos:
needs:
- create-release
uses: ./.github/workflows/sbom.yml
with:
upload_url: ${{ needs.create-release.outputs.upload_url }}

# Builds Windows MSI and uploads it as artifact
# build-windows:
# needs:
Expand Down Expand Up @@ -423,7 +421,7 @@ jobs:
# - name: Sign bundle
# run: osslsigncode sign -pkcs11module /srv/codesign/certum/sc30pkcs11-3.0.6.72-MS.so -pkcs11cert ${{ secrets.CODESIGN_KEYID }} -key ${{ secrets.CODESIGN_KEYID }} -pass ${{ secrets.CODESIGN_PIN }} -h sha256 -t http://time.certum.pl/ -in Defguard_${{ env.VERSION }}_${{ matrix.cpu }}_en-US.msi -out Defguard-signed.msi
# - name: Upload installer asset
# uses: actions/upload-release-asset@v1
# uses: shogo82148/actions-upload-release-asset@v1
# env:
# GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# with:
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/sbom.yml
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ jobs:
submodules: recursive

- name: Create SBOM with Trivy
uses: aquasecurity/trivy-action@0.35.0
uses: aquasecurity/trivy-action@v0.36.0
env:
TRIVY_SHOW_SUPPRESSED: 1
TRIVY_IGNOREFILE: "./.trivyignore.yaml"
Expand All @@ -45,7 +45,7 @@ jobs:
scanners: "vuln"

- name: Create security advisory file with Trivy
uses: aquasecurity/trivy-action@0.35.0
uses: aquasecurity/trivy-action@v0.36.0
env:
TRIVY_SHOW_SUPPRESSED: 1
TRIVY_IGNOREFILE: "./.trivyignore.yaml"
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@ jobs:
submodules: recursive

- name: Scan code with Trivy
uses: aquasecurity/trivy-action@0.35.0
uses: aquasecurity/trivy-action@v0.36.0
env:
TRIVY_SHOW_SUPPRESSED: 1
TRIVY_IGNOREFILE: "./.trivyignore.yaml"
Expand Down
1 change: 0 additions & 1 deletion .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,6 @@ dist-ssr
*.db
*.db-shm
*.db-wal
*.provisionprofile

src-tauri/gen/

Expand Down
4 changes: 2 additions & 2 deletions new-ui/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@
"chart.js": "^4.5.1",
"clsx": "^2.1.1",
"dayjs": "^1.11.21",
"motion": "^12.42.0",
"motion": "^12.42.2",
"p-timeout": "^7.0.1",
"prettier": "^3.9.4",
"qrcode.react": "^4.2.0",
Expand Down Expand Up @@ -62,6 +62,6 @@
"stylelint-config-standard-scss": "^17.0.0",
"stylelint-scss": "^7.2.0",
"typescript": "~6.0.3",
"vite": "^8.1.1"
"vite": "^8.1.2"
}
}
Loading
Loading