Swift plugin (#630)

Author: moubctez

.github/workflows/build-macos.yaml

@@ -0,0 +1,90 @@
+name: Build macOS app
+on:
+  push:
+    branches:
+      - main
+      - dev
+      - "release/**"
+    paths-ignore:
+      - "*.md"
+      - "LICENSE"
+    tags:
+      - v*.*.*
+
+jobs:
+  build-macos:
+    runs-on:
+      - self-hosted
+      - macOS
+    env:
+      APPLE_SIGNING_IDENTITY: "Apple Distribution: defguard sp. z o.o. (82GZ7KN29J)"
+      APPLE_SIGNING_IDENTITY_INSTALLER: "3rd Party Mac Developer Installer: defguard sp. z o.o. (82GZ7KN29J)"
+      APPLE_PROVIDER_SHORT_NAME: "82GZ7KN29J"
+      APPLE_ID: "kamil@defguard.net"
+      APPLE_TEAM_ID: "82GZ7KN29J"
+    steps:
+      - uses: actions/checkout@v5
+        with:
+          submodules: recursive
+
+      - name: Write release version
+        run: |
+          VERSION=$(echo ${GITHUB_REF_NAME#v} | cut -d '-' -f1)
+          echo Version: $VERSION
+          echo "VERSION=$VERSION" >> ${GITHUB_ENV}
+
+      - uses: actions/setup-node@v6
+        with:
+          node-version: "24"
+          cache: "pnpm"
+
+      - uses: pnpm/action-setup@v4
+        with:
+          version: 10
+          run_install: false
+
+      - name: Get pnpm store directory
+        shell: bash
+        run: echo "STORE_PATH=$(pnpm store path --silent)" >> ${GITHUB_ENV}
+
+      - name: Install deps
+        run: pnpm install --frozen-lockfile
+
+      - uses: dtolnay/rust-toolchain@stable
+        with:
+          targets: aarch64-apple-darwin,x86_64-apple-darwin
+
+      - name: Unlock keychain
+        run: security -v unlock-keychain -p "${{ secrets.KEYCHAIN_PASSWORD }}" login.keychain
+
+      - name: Set build number
+        run: |
+          sed -i '' "s,@BUILD_NUMBER@,${{ github.run_number }}," src-tauri/tauri.conf.json
+          sed -i '' "s,@BUILD_NUMBER@,${{ github.run_number }}," swift/extension/VPNExtension.xcodeproj/project.pbxproj
+
+      - name: Build app
+        # Switch back to tauri-action when this gets merged https://github.com/tauri-apps/tauri/pull/14379
+        # uses: tauri-apps/tauri-action@v0.5.23 # .24 seems broken, TODO: update when fixed
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          # APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }}
+          # APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
+        run: cd src-tauri && cargo tauri build --bundles app --target universal-apple-darwin
+
+      - name: Build installation package
+        run: |
+          security -v unlock-keychain -p "${{ secrets.KEYCHAIN_PASSWORD }}" login.keychain
+          xcrun productbuild --sign "${{ env.APPLE_SIGNING_IDENTITY_INSTALLER }}" --component "src-tauri/target/universal-apple-darwin/release/bundle/macos/defguard-client.app" /Applications defguard-client.pkg
+          xcrun altool --upload-app --type macos --file defguard-client.pkg --apiKey ${{ secrets.APPLE_API_KEY }} --apiIssuer ${{ secrets.APPLE_API_ISSUER }}
+          # xcrun notarytool submit --wait --apple-id ${{ env.APPLE_ID }} --password ${{ secrets.NOTARYTOOL_APP_SPECIFIC_PASSWORD }} --team-id ${{ env.APPLE_TEAM_ID }} defguard-client.pkg
+          # xcrun stapler staple defguard-client.pkg
+
+      # - name: Upload installation package
+      #   uses: actions/upload-release-asset@v1
+      #   env:
+      #     GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      #   with:
+      #     upload_url: ${{ needs.create-release.outputs.upload_url }}
+      #     asset_path: defguard-client.pkg
+      #     asset_name: defguard-client-universal-${{ env.VERSION }}.pkg
+      #     asset_content_type: application/octet-stream

.github/workflows/release.yaml

@@ -3,6 +3,7 @@ on:
   push:
     tags:
       - v*.*.*
+
 jobs:
   create-release:
     name: create-release
@@ -105,12 +106,11 @@ jobs:
           apt-get install -y ruby
           gem install deb-s3
           echo "$(ruby -r rubygems -e 'puts Gem.user_dir')/bin" >> $GITHUB_PATH
-      - name: Upload DEB to APT repository 
+      - name: Upload DEB to APT repository
         run: |
           COMPONENT=$([[ "${{ github.ref_name }}" == *"-"* ]] && echo "pre-release" || echo "release") # if tag contain "-" assume it's pre-release.
 
           deb-s3 upload -l --bucket=apt.defguard.net --access-key-id=${{ secrets.AWS_ACCESS_KEY_APT }} --secret-access-key=${{ secrets.AWS_SECRET_KEY_APT }} --s3-region=eu-north-1 --no-fail-if-exists --codename=bookworm --component="$COMPONENT" src-tauri/target/release/bundle/deb/defguard-client_${{ env.VERSION }}_${{ matrix.deb_arch }}.deb
-          
 
   build-linux:
     needs:
@@ -208,7 +208,6 @@ jobs:
       - name: Upload DEB to APT repository #Add this to ubuntu 22.04 job (on merge dev -> main) with --codename=bookworm
         run: |
           COMPONENT=$([[ "${{ github.ref_name }}" == *"-"* ]] && echo "pre-release" || echo "release") # if tag contain "-" assume it's pre-release.
-
           deb-s3 upload -l --bucket=apt.defguard.net --access-key-id=${{ secrets.AWS_ACCESS_KEY_APT }} --secret-access-key=${{ secrets.AWS_SECRET_KEY_APT }} --s3-region=eu-north-1 --no-fail-if-exists --codename=trixie --component="$COMPONENT" src-tauri/target/release/bundle/deb/defguard-client_${{ env.VERSION }}_${{ matrix.deb_arch }}.deb
       - name: Rename client binary
         run: mv src-tauri/target/release/defguard-client defguard-client-linux-${{ matrix.binary_arch }}-${{ github.ref_name }}
@@ -301,8 +300,6 @@ jobs:
       - self-hosted
       - Linux
       - X64
-    strategy:
-      fail-fast: false
     steps:
       - name: Sign APT repository
         run: |
@@ -314,15 +311,15 @@ jobs:
 
           for DIST in trixie bookworm; do
             aws s3 cp s3://apt.defguard.net/dists/${DIST}/Release .
-            
+
             curl -X POST "${{ secrets.DEFGUARD_SIGNING_URL }}?signature_type=both" \
               -H "Authorization: Bearer ${{ secrets.DEFGUARD_SIGNING_API_KEY }}" \
               -F "file=@Release" \
               -o response.json
-            
+
             cat response.json | jq -r '.files["Release.gpg"].content' | base64 --decode > Release.gpg
             cat response.json | jq -r '.files.Release.content' | base64 --decode > InRelease
-            
+
             aws s3 cp Release.gpg s3://apt.defguard.net/dists/${DIST}/ --acl public-read
             aws s3 cp InRelease s3://apt.defguard.net/dists/${DIST}/ --acl public-read
 
@@ -398,83 +395,6 @@ jobs:
           cat PKGBUILD
           cat .SRCINFO
 
-  build-macos:
-    needs:
-      - create-release
-    strategy:
-      fail-fast: false
-      matrix:
-        target: [aarch64-apple-darwin, x86_64-apple-darwin]
-    runs-on:
-      - self-hosted
-      - macOS
-    env:
-      APPLE_SIGNING_IDENTITY_APPLICATION: "Developer ID Application: defguard sp. z o.o. (82GZ7KN29J)"
-      APPLE_SIGNING_IDENTITY_INSTALLER: "Developer ID Installer: defguard sp. z o.o. (82GZ7KN29J)"
-      APPLE_ID: "kamil@defguard.net"
-      APPLE_TEAM_ID: "82GZ7KN29J"
-    steps:
-      - uses: actions/checkout@v5
-        with:
-          submodules: "recursive"
-      - name: Write release version
-        run: |
-          VERSION=$(echo ${GITHUB_REF_NAME#v} | cut -d '-' -f1)
-          echo Version: $VERSION
-          echo "VERSION=$VERSION" >> ${GITHUB_ENV}
-      - uses: actions/setup-node@v4
-        with:
-          node-version: "22"
-      - uses: pnpm/action-setup@v4
-        with:
-          version: 10
-          run_install: false
-      - name: Get pnpm store directory
-        shell: bash
-        run: echo "STORE_PATH=$(pnpm store path --silent)" >> ${GITHUB_ENV}
-      - uses: actions/cache@v4
-        name: Setup pnpm cache
-        with:
-          path: ${{ env.STORE_PATH }}
-          key: ${{ runner.os }}-pnpm-build-store-${{ hashFiles('**/pnpm-lock.yaml') }}
-          restore-keys: |
-            ${{ runner.os }}-pnpm-build-store-
-      - name: Install deps
-        run: pnpm install --frozen-lockfile
-      - uses: dtolnay/rust-toolchain@stable
-      - name: Install protobuf compiler
-        run: brew install protobuf
-      - name: Install ARM target
-        run: rustup target add aarch64-apple-darwin
-      - name: Unlock keychain
-        run: security -v unlock-keychain -p "${{ secrets.KEYCHAIN_PASSWORD }}" /Users/admin/Library/Keychains/login.keychain
-      - name: Build app
-        uses: tauri-apps/tauri-action@v0.5.23 # .24 seems broken, TODO: update when fixed
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          APPLE_SIGNING_IDENTITY: ${{ env.APPLE_SIGNING_IDENTITY_APPLICATION }}
-          APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }}
-          APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
-          APPLE_ID: ${{ env.APPLE_ID }}
-          APPLE_PASSWORD: ${{ secrets.NOTARYTOOL_APP_SPECIFIC_PASSWORD }}
-          APPLE_TEAM_ID: ${{ env.APPLE_TEAM_ID }}
-        with:
-          args: --target ${{ matrix.target }} -v
-      - name: Build installation package
-        run: |
-          bash build-macos-package.sh src-tauri/target/${{ matrix.target }} src-tauri/resources-macos/scripts '${{ env.APPLE_SIGNING_IDENTITY_INSTALLER }}' /Users/admin/Library/Keychains/login.keychain
-          xcrun notarytool submit --wait --apple-id ${{ env.APPLE_ID }} --password ${{ secrets.NOTARYTOOL_APP_SPECIFIC_PASSWORD }} --team-id ${{ env.APPLE_TEAM_ID }} src-tauri/target/${{ matrix.target }}/product-signed/defguard.pkg
-          xcrun stapler staple src-tauri/target/${{ matrix.target }}/product-signed/defguard.pkg
-      - name: Upload installation package
-        uses: actions/upload-release-asset@v1
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        with:
-          upload_url: ${{ needs.create-release.outputs.upload_url }}
-          asset_path: src-tauri/target/${{ matrix.target }}/product-signed/defguard.pkg
-          asset_name: defguard-${{ matrix.target }}-${{ env.VERSION }}.pkg
-          asset_content_type: application/octet-stream
-
   # Builds Windows MSI and uploads it as artifact
   build-windows:
     needs:

.gitmodules

@@ -4,3 +4,6 @@
 [submodule "src-tauri/proto"]
 	path = src-tauri/proto
 	url = ../proto.git
+[submodule "swift/boringtun"]
+	path = swift/boringtun
+	url = ../boringtun.git

biome.json

@@ -1,5 +1,5 @@
 {
-  "$schema": "https://biomejs.dev/schemas/2.2.4/schema.json",
+  "$schema": "https://biomejs.dev/schemas/2.3.2/schema.json",
   "vcs": {
     "enabled": false,
     "clientKind": "git",

build-macos-package.sh

@@ -52,7 +52,7 @@
     "@react-hook/resize-observer": "^2.0.2",
     "@stablelib/base64": "^2.0.1",
     "@stablelib/x25519": "^2.0.1",
-    "@tanstack/query-core": "^5.90.2",
+    "@tanstack/query-core": "^5.90.5",
     "@tanstack/react-virtual": "3.13.12",
     "@tauri-apps/api": "^2.8.0",
     "@tauri-apps/plugin-clipboard-manager": "^2.3.0",
@@ -72,19 +72,19 @@
     "classnames": "^2.5.1",
     "clsx": "^2.1.1",
     "compare-versions": "^6.1.1",
-    "dayjs": "^1.11.18",
+    "dayjs": "^1.11.19",
     "deepmerge-ts": "^7.1.5",
     "detect-browser": "^5.3.0",
     "fast-deep-equal": "^3.1.3",
     "file-saver": "^2.0.5",
     "get-text-width": "^1.0.3",
-    "html-react-parser": "^5.2.6",
+    "html-react-parser": "^5.2.7",
     "itertools": "^2.5.0",
     "js-base64": "^3.7.8",
     "lodash-es": "^4.17.21",
     "merge-refs": "^2.0.0",
     "millify": "^6.1.0",
-    "motion": "^12.23.22",
+    "motion": "^12.23.24",
     "p-timeout": "^6.1.4",
     "prop-types": "^15.8.1",
     "radash": "^12.1.1",
@@ -100,36 +100,36 @@
     "react-router-dom": "^6.30.1",
     "react-use-websocket": "^4.13.0",
     "react-virtualized-auto-sizer": "^1.0.26",
-    "recharts": "^3.2.1",
+    "recharts": "^3.3.0",
     "rehype-sanitize": "^6.0.0",
     "rxjs": "^7.8.2",
-    "use-breakpoint": "^4.0.6",
+    "use-breakpoint": "^4.0.10",
     "zod": "^3.25.76",
     "zustand": "^5.0.8"
   },
   "devDependencies": {
-    "@biomejs/biome": "^2.2.4",
+    "@biomejs/biome": "^2.3.2",
     "@hookform/devtools": "^4.4.0",
     "@svgr/cli": "^8.1.0",
-    "@tanstack/react-query": "^5.90.2",
+    "@tanstack/react-query": "^5.90.5",
     "@tanstack/react-query-devtools": "^5.90.2",
-    "@tauri-apps/cli": "^2.8.4",
+    "@tauri-apps/cli": "^2.9.2",
     "@types/file-saver": "^2.0.7",
     "@types/lodash-es": "^4.17.12",
-    "@types/node": "^24.6.2",
-    "@types/react": "^19.2.0",
-    "@types/react-dom": "^19.2.0",
-    "@vitejs/plugin-react": "^5.0.4",
-    "@vitejs/plugin-react-swc": "^4.1.0",
+    "@types/node": "^24.9.2",
+    "@types/react": "^19.2.2",
+    "@types/react-dom": "^19.2.2",
+    "@vitejs/plugin-react": "^5.1.0",
+    "@vitejs/plugin-react-swc": "^4.2.0",
     "autoprefixer": "^10.4.21",
     "npm-run-all": "^4.1.5",
     "postcss": "^8.5.6",
     "prettier": "^3.6.2",
     "sass": "~1.92.1",
-    "typedoc": "^0.28.13",
+    "typedoc": "^0.28.14",
     "typesafe-i18n": "^5.26.2",
     "typescript": "^5.9.3",
-    "vite": "^7.1.8"
+    "vite": "^7.1.12"
   },
   "volta": {
     "node": "20.5.1"