DefGuard
diff --git a/‎.fpm‎
Lines changed: 3 additions & 2 deletions b/‎.fpm‎
Lines changed: 3 additions & 2 deletions
diff --git a/‎.github/workflows/release.yml‎
Lines changed: 50 additions & 23 deletions b/‎.github/workflows/release.yml‎
Lines changed: 50 additions & 23 deletions
diff --git a/‎.github/workflows/test-web.yml‎
Lines changed: 39 additions & 0 deletions b/‎.github/workflows/test-web.yml‎
Lines changed: 39 additions & 0 deletions
diff --git a/‎…0e5106af580e45647ae620850de0b77785b.json‎ ‎…4a42e3447f9d2a949b6820e685ddab6561d.json‎.sqlx/query-5350e57595e044cea6976a73910210e5106af580e45647ae620850de0b77785b.json renamed to .sqlx/query-03710e2a3e96096e57f95a62543174a42e3447f9d2a949b6820e685ddab6561d.json
Lines changed: 19 additions & 2 deletions b/‎…0e5106af580e45647ae620850de0b77785b.json‎ ‎…4a42e3447f9d2a949b6820e685ddab6561d.json‎.sqlx/query-5350e57595e044cea6976a73910210e5106af580e45647ae620850de0b77785b.json renamed to .sqlx/query-03710e2a3e96096e57f95a62543174a42e3447f9d2a949b6820e685ddab6561d.json
Lines changed: 19 additions & 2 deletions
diff --git a/‎…75d5674fd59fe3018af120ae2ef5fd10f48.json‎ ‎…b1ea9e8149f3bb760d2039b463ef262eb03.json‎.sqlx/query-0fb053b3b00a1fe78f764d2d1d90375d5674fd59fe3018af120ae2ef5fd10f48.json renamed to .sqlx/query-0c237b235f0455c5f79f2ea4e8210b1ea9e8149f3bb760d2039b463ef262eb03.json
Lines changed: 19 additions & 2 deletions b/‎…75d5674fd59fe3018af120ae2ef5fd10f48.json‎ ‎…b1ea9e8149f3bb760d2039b463ef262eb03.json‎.sqlx/query-0fb053b3b00a1fe78f764d2d1d90375d5674fd59fe3018af120ae2ef5fd10f48.json renamed to .sqlx/query-0c237b235f0455c5f79f2ea4e8210b1ea9e8149f3bb760d2039b463ef262eb03.json
Lines changed: 19 additions & 2 deletions
diff --git a/‎…c2db2a35045a66fff8d25aa3e5763733529.json‎ ‎…bea01b09ec20e7ff70e626488191509bcf4.json‎.sqlx/query-08dfc889eda4765110276bfa2f660c2db2a35045a66fff8d25aa3e5763733529.json renamed to .sqlx/query-11c5c9eaade29091b93d5d3e2fca6bea01b09ec20e7ff70e626488191509bcf4.json
Lines changed: 9 additions & 3 deletions b/‎…c2db2a35045a66fff8d25aa3e5763733529.json‎ ‎…bea01b09ec20e7ff70e626488191509bcf4.json‎.sqlx/query-08dfc889eda4765110276bfa2f660c2db2a35045a66fff8d25aa3e5763733529.json renamed to .sqlx/query-11c5c9eaade29091b93d5d3e2fca6bea01b09ec20e7ff70e626488191509bcf4.json
Lines changed: 9 additions & 3 deletions
diff --git a/‎…29e22e58f33e902c06bbf6163ee48ae802a.json‎ ‎…0b9fa3479c919f1ace2a787470690be9de3.json‎.sqlx/query-9f98a138560451105b104fc7a4d3d29e22e58f33e902c06bbf6163ee48ae802a.json renamed to .sqlx/query-14302b1c6c7d72d6e6f38c80538040b9fa3479c919f1ace2a787470690be9de3.json
Lines changed: 9 additions & 3 deletions b/‎…29e22e58f33e902c06bbf6163ee48ae802a.json‎ ‎…0b9fa3479c919f1ace2a787470690be9de3.json‎.sqlx/query-9f98a138560451105b104fc7a4d3d29e22e58f33e902c06bbf6163ee48ae802a.json renamed to .sqlx/query-14302b1c6c7d72d6e6f38c80538040b9fa3479c919f1ace2a787470690be9de3.json
Lines changed: 9 additions & 3 deletions
diff --git a/‎.sqlx/query-160d23b882d0465fbc8c5453b7dba68521649ba86985d45049487ae50d7dfde8.json‎
Lines changed: 43 additions & 0 deletions b/‎.sqlx/query-160d23b882d0465fbc8c5453b7dba68521649ba86985d45049487ae50d7dfde8.json‎
Lines changed: 43 additions & 0 deletions
diff --git a/‎.sqlx/query-283e1c3d082f1388fc2b806bdcab715db1c1df67da573b0f132fea265e42b416.json‎
Lines changed: 0 additions & 32 deletions b/‎.sqlx/query-283e1c3d082f1388fc2b806bdcab715db1c1df67da573b0f132fea265e42b416.json‎
Lines changed: 0 additions & 32 deletions
@@ -1,5 +1,6 @@
 -s dir
 --name defguard
---description "defguard core service"
+--description "Defguard Core service"
 --url "https://defguard.net/"
---maintainer "teonite"
+--maintainer "Defguard"
+--config-files /etc/defguard/core.conf
@@ -64,7 +64,6 @@ jobs:
 
   build-binaries:
     needs: [create-release]
-
     runs-on:
       - self-hosted
       - Linux
@@ -108,7 +107,7 @@ jobs:
       - name: Install Rust stable
         uses: actions-rs/toolchain@v1
         with:
-          toolchain: 1.89.0
+          toolchain: 1.89.0 # "stable" causes rust-lld: error on aarch64-linux
           target: ${{ matrix.target }}
           override: true
 
@@ -173,26 +172,6 @@ jobs:
           fpm_args: "defguard-${{ github.ref_name }}-${{ matrix.target }}=/usr/bin/defguard defguard.service=/usr/lib/systemd/system/defguard.service .env-template=/etc/defguard/core.conf"
           fpm_opts: "--architecture ${{ matrix.arch }} --debug --output-type deb --version ${{ env.VERSION }} --package defguard-${{ env.VERSION }}-${{ matrix.target }}.deb"
 
-      - name: Run `packer init`
-        if: matrix.build == 'linux' && matrix.arch == 'amd64'
-        id: init
-        run: "packer init ./images/ami/core.pkr.hcl"
-
-      - name: Build AMI images for multiple regions
-        if: matrix.build == 'linux' && matrix.arch == 'amd64'
-        run: |
-          regions=(us-east-1 eu-west-1 ap-northeast-1 eu-central-1)
-          for region in "${regions[@]}"; do
-            echo "Building AMI for region: $region"
-            echo "Running packer validate for $region..."
-            packer validate --var "package_version=${{ env.VERSION }}" --var "region=$region" ./images/ami/core.pkr.hcl
-            echo "Building AMI image for $region..."
-            packer build -color=false -on-error=abort --var "package_version=${{ env.VERSION }}" --var "region=$region" ./images/ami/core.pkr.hcl
-          done
-        env:
-          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-
       - name: Upload DEB
         if: matrix.build == 'linux'
         uses: actions/upload-release-asset@v1.0.2
@@ -204,6 +183,20 @@ jobs:
           asset_name: defguard-${{ env.VERSION }}-${{ matrix.target }}.deb
           asset_content_type: application/octet-stream
 
+      - name: Install ruby with deb-s3
+        if: matrix.build == 'linux'
+        run: |
+          sudo apt-get install -y ruby
+          gem install deb-s3
+          echo "$(ruby -r rubygems -e 'puts Gem.user_dir')/bin" >> $GITHUB_PATH
+
+      - name: Upload DEB to apt repository
+        if: matrix.build == 'linux'
+        run: |
+          COMPONENT=$([[ "${{ github.ref_name }}" == *"-"* ]] && echo "pre-release" || echo "release") # if tag contain "-" assume it's pre-release.
+
+          deb-s3 upload -l --bucket=apt.defguard.net --access-key-id=${{ secrets.AWS_ACCESS_KEY_APT }} --secret-access-key=${{ secrets.AWS_SECRET_KEY_APT }} --s3-region=eu-north-1 --no-fail-if-exists --codename=trixie --component="$COMPONENT" defguard-${{ env.VERSION }}-${{ matrix.target }}.deb
+
       - name: Build RPM package
         if: matrix.build == 'linux'
         uses: defGuard/fpm-action@main
@@ -227,7 +220,7 @@ jobs:
         uses: defGuard/fpm-action@main
         with:
           fpm_args: "defguard-${{ github.ref_name }}-${{ matrix.target }}=/usr/local/bin/defguard defguard.service.freebsd=/usr/local/etc/rc.d/defguard"
-          fpm_opts: "--architecture ${{ matrix.arch }} --debug --output-type freebsd --version ${{ env.VERSION }} --package defguard-${{ env.VERSION }}_${{ matrix.target }}.pkg --freebsd-osversion '*'"
+          fpm_opts: "--architecture ${{ matrix.arch }} --debug --output-type freebsd --version ${{ env.VERSION }} --package defguard-${{ env.VERSION }}_${{ matrix.target }}.pkg --freebsd-osversion '*' --depends openssl"
 
       - name: Upload FreeBSD
         if: matrix.build == 'freebsd'
@@ -239,3 +232,37 @@ jobs:
           asset_path: defguard-${{ env.VERSION }}_${{ matrix.target }}.pkg
           asset_name: defguard-${{ env.VERSION }}_${{ matrix.target }}.pkg
           asset_content_type: application/octet-stream
+
+  apt-sign:
+    needs:
+      - build-binaries
+    runs-on:
+      - self-hosted
+      - Linux
+      - X64
+    steps:
+      - name: Sign APT repository
+        run: |
+          export AWS_ACCESS_KEY_ID=${{ secrets.AWS_ACCESS_KEY_APT }}
+          export AWS_SECRET_ACCESS_KEY=${{ secrets.AWS_SECRET_KEY_APT }}
+          export AWS_REGION=eu-north-1
+          sudo apt update -y
+          sudo apt install -y awscli curl jq
+
+          for DIST in trixie; do
+            aws s3 cp s3://apt.defguard.net/dists/${DIST}/Release .
+
+            curl -X POST "${{ secrets.DEFGUARD_SIGNING_URL }}?signature_type=both" \
+              -H "Authorization: Bearer ${{ secrets.DEFGUARD_SIGNING_API_KEY }}" \
+              -F "file=@Release" \
+              -o response.json
+
+            cat response.json | jq -r '.files["Release.gpg"].content' | base64 --decode > Release.gpg
+            cat response.json | jq -r '.files.Release.content' | base64 --decode > InRelease
+
+            aws s3 cp Release.gpg s3://apt.defguard.net/dists/${DIST}/ --acl public-read
+            aws s3 cp InRelease s3://apt.defguard.net/dists/${DIST}/ --acl public-read
+
+          done
+          (aws s3 ls s3://apt.defguard.net/dists/ --recursive; aws s3 ls s3://apt.defguard.net/pool/ --recursive) | awk '{print "<a href=\""$4"\">"$4"</a><br>"}' > index.html
+          aws s3 cp index.html s3://apt.defguard.net/ --acl public-read
@@ -0,0 +1,39 @@
+on:
+  push:
+    branches:
+      - main
+      - dev
+      - "release/**"
+    paths-ignore:
+      - "*.md"
+      - "LICENSE"
+  pull_request:
+    branches:
+      - main
+      - dev
+      - "release/**"
+    paths-ignore:
+      - "*.md"
+      - "LICENSE"
+
+permissions:
+  contents: read
+jobs:
+  test-web:
+    runs-on:
+      - codebuild-defguard-core-runner-${{ github.run_id }}-${{ github.run_attempt }}
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          submodules: "recursive"
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 24
+      - name: install deps
+        working-directory: ./web
+        run: |
+          npm i -g npm pnpm
+          pnpm i --frozen-lockfile
+      - name: Run tests
+        working-directory: ./web
+        run: pnpm run test