|
1 | 1 | name: Make a new release |
2 | | - |
3 | 2 | on: |
4 | 3 | push: |
5 | 4 | tags: |
@@ -178,6 +177,20 @@ jobs: |
178 | 177 | asset_name: defguard-proxy-${{ env.VERSION }}-${{ matrix.target }}.deb |
179 | 178 | asset_content_type: application/octet-stream |
180 | 179 |
|
| 180 | + - name: Install ruby with deb-s3 |
| 181 | + if: matrix.build == 'linux' |
| 182 | + run: | |
| 183 | + sudo apt-get install -y ruby |
| 184 | + gem install deb-s3 |
| 185 | + echo "$(ruby -r rubygems -e 'puts Gem.user_dir')/bin" >> $GITHUB_PATH |
| 186 | +
|
| 187 | + - name: Upload DEB to apt repository |
| 188 | + if: matrix.build == 'linux' |
| 189 | + run: | |
| 190 | + COMPONENT=$([[ "${{ github.ref_name }}" == *"-"* ]] && echo "pre-release" || echo "release") # if tag contain "-" assume it's pre-release. |
| 191 | +
|
| 192 | + deb-s3 upload -l --bucket=apt.defguard.net --access-key-id=${{ secrets.AWS_ACCESS_KEY_APT }} --secret-access-key=${{ secrets.AWS_SECRET_KEY_APT }} --s3-region=eu-north-1 --no-fail-if-exists --codename=trixie --component="$COMPONENT" defguard-proxy-${{ env.VERSION }}-${{ matrix.target }}.deb |
| 193 | +
|
181 | 194 | - name: Run `packer init` |
182 | 195 | if: matrix.build == 'linux' && matrix.arch == 'amd64' |
183 | 196 | id: init |
@@ -215,3 +228,36 @@ jobs: |
215 | 228 | asset_path: defguard-proxy-${{ env.VERSION }}-${{ matrix.target }}.rpm |
216 | 229 | asset_name: defguard-proxy-${{ env.VERSION }}-${{ matrix.target }}.rpm |
217 | 230 | asset_content_type: application/octet-stream |
| 231 | + |
| 232 | + apt-sign: |
| 233 | + needs: |
| 234 | + - build-binaries |
| 235 | + runs-on: |
| 236 | + - self-hosted |
| 237 | + - Linux |
| 238 | + - X64 |
| 239 | + strategy: |
| 240 | + fail-fast: false |
| 241 | + steps: |
| 242 | + - name: Sign APT repository on trixie |
| 243 | + run: | |
| 244 | + export AWS_ACCESS_KEY_ID=${{ secrets.AWS_ACCESS_KEY_APT }} |
| 245 | + export AWS_SECRET_ACCESS_KEY=${{ secrets.AWS_SECRET_KEY_APT }} |
| 246 | + export AWS_REGION=eu-north-1 |
| 247 | + sudo apt update -y |
| 248 | + sudo apt install -y awscli curl jq |
| 249 | +
|
| 250 | + for DIST in trixie; do |
| 251 | + aws s3 cp s3://apt.defguard.net/dists/${DIST}/Release . |
| 252 | + |
| 253 | + curl -X POST "${{ secrets.DEFGUARD_SIGNING_URL }}?signature_type=both" \ |
| 254 | + -H "Authorization: Bearer ${{ secrets.DEFGUARD_SIGNING_API_KEY }}" \ |
| 255 | + -F "file=@Release" \ |
| 256 | + -o response.json |
| 257 | + |
| 258 | + cat response.json | jq -r '.files["Release.gpg"].content' | base64 --decode > Release.gpg |
| 259 | + cat response.json | jq -r '.files.Release.content' | base64 --decode > InRelease |
| 260 | + |
| 261 | + aws s3 cp Release.gpg s3://apt.defguard.net/dists/${DIST}/ --acl public-read |
| 262 | + aws s3 cp InRelease s3://apt.defguard.net/dists/${DIST}/ --acl public-read |
| 263 | + done |
0 commit comments