ready to release

jakub-tldr · jakub-tldr · commit dd9e28ac7699 · 2025-10-15T12:56:45.000+02:00
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -1,43 +1,41 @@
 name: Make a new release
 on:
   push:
-    branches:
-      - apt_repository
-    # tags:
-    #   - v*.*.*
+    tags:
+      - v*.*.*
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
 
 jobs:
-  # build-docker-release:
-  #   # Ignore tags with -, like v1.0.0-alpha
-  #   # This job will build the docker container with the "latest" tag which
-  #   # is a tag used in production, thus it should only be run for full releases.
-  #   if: startsWith(github.ref, 'refs/tags/') && !contains(github.ref, '-')
-  #   name: Build Release Docker image
-  #   uses: ./.github/workflows/build-docker.yml
-  #   with:
-  #     tags: |
-  #       type=raw,value=latest
-  #       type=semver,pattern={{version}}
-  #       type=semver,pattern={{major}}.{{minor}}
-  #       type=sha
-
-  # build-docker-prerelease:
-  #   # Only build tags with -, like v1.0.0-alpha
-  #   if: startsWith(github.ref, 'refs/tags/') && contains(github.ref, '-')
-  #   name: Build Pre-release Docker image
-  #   uses: ./.github/workflows/build-docker.yml
-  #   with:
-  #     tags: |
-  #       type=raw,value=pre-release
-  #       type=semver,pattern={{version}}
-  #       type=sha
-  #     # Explicitly disable latest tag. It will be added otherwise.
-  #     flavor: |
-  #       latest=false
+  build-docker-release:
+    # Ignore tags with -, like v1.0.0-alpha
+    # This job will build the docker container with the "latest" tag which
+    # is a tag used in production, thus it should only be run for full releases.
+    if: startsWith(github.ref, 'refs/tags/') && !contains(github.ref, '-')
+    name: Build Release Docker image
+    uses: ./.github/workflows/build-docker.yml
+    with:
+      tags: |
+        type=raw,value=latest
+        type=semver,pattern={{version}}
+        type=semver,pattern={{major}}.{{minor}}
+        type=sha
+
+  build-docker-prerelease:
+    # Only build tags with -, like v1.0.0-alpha
+    if: startsWith(github.ref, 'refs/tags/') && contains(github.ref, '-')
+    name: Build Pre-release Docker image
+    uses: ./.github/workflows/build-docker.yml
+    with:
+      tags: |
+        type=raw,value=pre-release
+        type=semver,pattern={{version}}
+        type=sha
+      # Explicitly disable latest tag. It will be added otherwise.
+      flavor: |
+        latest=false
 
   create-release:
     name: create-release
@@ -48,16 +46,16 @@ jobs:
       - name: Create GitHub release
         id: release
         uses: softprops/action-gh-release@v1
-        # if: startsWith(github.ref, 'refs/tags/')
+        if: startsWith(github.ref, 'refs/tags/')
         with:
           draft: true
           generate_release_notes: true
 
-  # create-sbom:
-  #   needs: [create-release, build-docker-release]
-  #   uses: ./.github/workflows/sbom.yml
-  #   with:
-  #     upload_url: ${{ needs.create-release.outputs.upload_url }}
+  create-sbom:
+    needs: [create-release, build-docker-release]
+    uses: ./.github/workflows/sbom.yml
+    with:
+      upload_url: ${{ needs.create-release.outputs.upload_url }}
 
   build-binaries:
     needs: [create-release]
@@ -68,32 +66,27 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        build: [linux] #, linux-arm64, freebsd]
+        build: [linux, linux-arm64, freebsd]
         include:
           - build: linux
             arch: amd64
             os: Linux
             target: x86_64-unknown-linux-gnu
-          # - build: linux-arm64
-          #   arch: arm64
-          #   os: Linux
-          #   target: aarch64-unknown-linux-gnu
-          # - build: freebsd
-          #   arch: amd64
-          #   os: Linux
-          #   target: x86_64-unknown-freebsd
+          - build: linux-arm64
+            arch: arm64
+            os: Linux
+            target: aarch64-unknown-linux-gnu
+          - build: freebsd
+            arch: amd64
+            os: Linux
+            target: x86_64-unknown-freebsd
     steps:
       # Store the version, stripping any v-prefix
-      # - name: Write release version
-      #   run: |
-      #     VERSION=${GITHUB_REF_NAME#v}
-      #     echo Version: $VERSION
-      #     echo "VERSION=$VERSION" >> $GITHUB_ENV
       - name: Write release version
         run: |
           VERSION=${GITHUB_REF_NAME#v}
           echo Version: $VERSION
-          echo "VERSION=1.5.1" >> $GITHUB_ENV
+          echo "VERSION=$VERSION" >> $GITHUB_ENV
 
       - name: Checkout
         uses: actions/checkout@v4
@@ -183,6 +176,7 @@ jobs:
           asset_path: defguard-proxy-${{ env.VERSION }}-${{ matrix.target }}.deb
           asset_name: defguard-proxy-${{ env.VERSION }}-${{ matrix.target }}.deb
           asset_content_type: application/octet-stream
+
       - name: Upload DEB to apt repository
         if: matrix.build == 'linux'
         run: |
@@ -191,44 +185,43 @@ jobs:
 
           deb-s3 upload -l --bucket=apt.defguard.net --access-key-id=${{ secrets.AWS_ACCESS_KEY_APT }} --secret-access-key=${{ secrets.AWS_SECRET_KEY_APT }} --s3-region=eu-north-1 --no-fail-if-exists --codename=trixie --component="$COMPONENT" defguard-proxy-${{ env.VERSION }}-${{ matrix.target }}.deb
 
-
       - name: Run `packer init`
         if: matrix.build == 'linux' && matrix.arch == 'amd64'
         id: init
         run: "packer init ./images/ami/proxy.pkr.hcl"
 
-      # - name: Build AMI images for multiple regions
-      #   if: matrix.build == 'linux' && matrix.arch == 'amd64'
-      #   run: |
-      #     regions=(us-east-1 eu-west-1 ap-northeast-1 eu-central-1)
-      #     for region in "${regions[@]}"; do
-      #       echo "Building AMI for region: $region"
-      #       echo "Running packer validate for $region..."
-      #       packer validate --var "package_version=${{ env.VERSION }}" --var "region=$region" ./images/ami/proxy.pkr.hcl
-      #       echo "Building AMI image for $region..."
-      #       packer build -color=false -on-error=abort --var "package_version=${{ env.VERSION }}" --var "region=$region" ./images/ami/proxy.pkr.hcl
-      #     done
-      #   env:
-      #     AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
-      #     AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+      - name: Build AMI images for multiple regions
+        if: matrix.build == 'linux' && matrix.arch == 'amd64'
+        run: |
+          regions=(us-east-1 eu-west-1 ap-northeast-1 eu-central-1)
+          for region in "${regions[@]}"; do
+            echo "Building AMI for region: $region"
+            echo "Running packer validate for $region..."
+            packer validate --var "package_version=${{ env.VERSION }}" --var "region=$region" ./images/ami/proxy.pkr.hcl
+            echo "Building AMI image for $region..."
+            packer build -color=false -on-error=abort --var "package_version=${{ env.VERSION }}" --var "region=$region" ./images/ami/proxy.pkr.hcl
+          done
+        env:
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
 
-      # - name: Build RPM package
-      #   if: matrix.build == 'linux'
-      #   uses: bpicode/github-action-fpm@master
-      #   with:
-      #     fpm_args: "defguard-proxy-${{ github.ref_name }}-${{ matrix.target }}=/usr/bin/defguard-proxy defguard-proxy.service=/usr/lib/systemd/system/defguard-proxy.service example-config.toml=/etc/defguard/proxy.toml"
-      #     fpm_opts: "--architecture ${{ matrix.arch }} --debug --output-type rpm --version ${{ env.VERSION }} --package defguard-proxy-${{ env.VERSION }}-${{ matrix.target }}.rpm"
+      - name: Build RPM package
+        if: matrix.build == 'linux'
+        uses: bpicode/github-action-fpm@master
+        with:
+          fpm_args: "defguard-proxy-${{ github.ref_name }}-${{ matrix.target }}=/usr/bin/defguard-proxy defguard-proxy.service=/usr/lib/systemd/system/defguard-proxy.service example-config.toml=/etc/defguard/proxy.toml"
+          fpm_opts: "--architecture ${{ matrix.arch }} --debug --output-type rpm --version ${{ env.VERSION }} --package defguard-proxy-${{ env.VERSION }}-${{ matrix.target }}.rpm"
 
-      # - name: Upload RPM
-      #   if: matrix.build == 'linux'
-      #   uses: actions/upload-release-asset@v1.0.2
-      #   env:
-      #     GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      #   with:
-      #     upload_url: ${{ needs.create-release.outputs.upload_url }}
-      #     asset_path: defguard-proxy-${{ env.VERSION }}-${{ matrix.target }}.rpm
-      #     asset_name: defguard-proxy-${{ env.VERSION }}-${{ matrix.target }}.rpm
-      #     asset_content_type: application/octet-stream
+      - name: Upload RPM
+        if: matrix.build == 'linux'
+        uses: actions/upload-release-asset@v1.0.2
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          upload_url: ${{ needs.create-release.outputs.upload_url }}
+          asset_path: defguard-proxy-${{ env.VERSION }}-${{ matrix.target }}.rpm
+          asset_name: defguard-proxy-${{ env.VERSION }}-${{ matrix.target }}.rpm
+          asset_content_type: application/octet-stream
 
   apt-sign:
     needs: 
