Skip to content

Commit b363d97

Browse files
moubctezmoubctez
authored
Build packages with custom user (#278)
1 parent c544c7e commit b363d97

14 files changed

Lines changed: 250 additions & 126 deletions

File tree

.github/workflows/lint-web.yml

Lines changed: 19 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -28,20 +28,30 @@ jobs:
2828
uses: actions/checkout@v6
2929
with:
3030
submodules: recursive
31-
- uses: actions/setup-node@v6
31+
32+
- name: Install NodeJS
33+
uses: actions/setup-node@v6
3234
with:
3335
node-version: 25
34-
- name: install deps
35-
working-directory: ./web
36-
run: |
37-
npm i -g pnpm
38-
pnpm i --frozen-lockfile
36+
37+
- name: Install pnpm
38+
uses: pnpm/action-setup@v6
39+
with:
40+
cache: true
41+
version: 10
42+
43+
- name: Install deps
44+
working-directory: web
45+
run: pnpm install --frozen-lockfile
46+
3947
- name: Build translations
40-
working-directory: ./web
48+
working-directory: web
4149
run: pnpm dlx @inlang/paraglide-js compile --project ./project.inlang --outdir ./src/paraglide
50+
4251
- name: Lint
43-
working-directory: ./web
52+
working-directory: web
4453
run: pnpm lint
54+
4555
- name: Audit
46-
working-directory: ./web
56+
working-directory: web
4757
run: pnpm audit --prod --ignore-unfixable

.github/workflows/release.yml

Lines changed: 51 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -95,12 +95,10 @@ jobs:
9595
cache: true
9696
version: 10
9797

98-
# Change to '--frozen-lockfile' once this gets fixed:
99-
# https://github.com/pnpm/action-setup/issues/40
10098
- name: Build frontend
10199
working-directory: web
102100
run: |
103-
pnpm install --ignore-scripts --no-frozen-lockfile
101+
pnpm install --ignore-scripts --frozen-lockfile
104102
pnpm build
105103
106104
- name: Install Rust stable
@@ -141,45 +139,85 @@ jobs:
141139
with:
142140
fpm_args:
143141
"defguard-proxy-${{ env.VERSION }}-x86_64-unknown-linux-gnu=/usr/bin/defguard-proxy
144-
defguard-proxy.service=/usr/lib/systemd/system/defguard-proxy.service
142+
linux/defguard-proxy.service=/usr/lib/systemd/system/defguard-proxy.service
145143
example-config.toml=/etc/defguard/proxy.toml"
146-
fpm_opts: "--architecture amd64 --output-type deb --version ${{ env.VERSION }} --package defguard-proxy-${{ env.VERSION }}-x86_64-unknown-linux-gnu.deb"
144+
fpm_opts:
145+
"--architecture amd64
146+
--output-type deb
147+
--version ${{ env.VERSION }}
148+
--package defguard-proxy-${{ env.VERSION }}-x86_64-unknown-linux-gnu.deb
149+
--before-install linux/preinst
150+
--after-install linux/postinst
151+
--before-remove linux/prerm
152+
--after-remove linux/postrm"
147153

148154
- name: Build aarch64 DEB package
149155
uses: defGuard/fpm-action@main
150156
with:
151157
fpm_args:
152158
"defguard-proxy-${{ env.VERSION }}-aarch64-unknown-linux-gnu=/usr/bin/defguard-proxy
153-
defguard-proxy.service=/usr/lib/systemd/system/defguard-proxy.service
159+
linux/defguard-proxy.service=/usr/lib/systemd/system/defguard-proxy.service
154160
example-config.toml=/etc/defguard/proxy.toml"
155-
fpm_opts: "--architecture arm64 --output-type deb --version ${{ env.VERSION }} --package defguard-proxy-${{ env.VERSION }}-aarch64-unknown-linux-gnu.deb"
161+
fpm_opts:
162+
"--architecture arm64
163+
--output-type deb
164+
--version ${{ env.VERSION }}
165+
--package defguard-proxy-${{ env.VERSION }}-aarch64-unknown-linux-gnu.deb
166+
--before-install linux/preinst
167+
--after-install linux/postinst
168+
--before-remove linux/prerm
169+
--after-remove linux/postrm"
156170

157171
- name: Build x86_64 RPM package
158172
uses: defGuard/fpm-action@main
159173
with:
160174
fpm_args:
161175
"defguard-proxy-${{ env.VERSION }}-x86_64-unknown-linux-gnu=/usr/bin/defguard-proxy
162-
defguard-proxy.service=/usr/lib/systemd/system/defguard-proxy.service
176+
linux/defguard-proxy.service=/usr/lib/systemd/system/defguard-proxy.service
163177
example-config.toml=/etc/defguard/proxy.toml"
164-
fpm_opts: "--architecture amd64 --output-type rpm --version ${{ env.VERSION }} --package defguard-proxy-${{ env.VERSION }}-x86_64-unknown-linux-gnu.rpm"
178+
fpm_opts:
179+
"--architecture amd64
180+
--output-type rpm
181+
--version ${{ env.VERSION }}
182+
--package defguard-proxy-${{ env.VERSION }}-x86_64-unknown-linux-gnu.rpm
183+
--before-install linux/preinst
184+
--after-install linux/postinst
185+
--before-remove linux/prerm
186+
--after-remove linux/postrm"
165187

166188
- name: Build aarch64 RPM package
167189
uses: defGuard/fpm-action@main
168190
with:
169191
fpm_args:
170192
"defguard-proxy-${{ env.VERSION }}-aarch64-unknown-linux-gnu=/usr/bin/defguard-proxy
171-
defguard-proxy.service=/usr/lib/systemd/system/defguard-proxy.service
193+
linux/defguard-proxy.service=/usr/lib/systemd/system/defguard-proxy.service
172194
example-config.toml=/etc/defguard/proxy.toml"
173-
fpm_opts: "--architecture arm64 --output-type rpm --version ${{ env.VERSION }} --package defguard-proxy-${{ env.VERSION }}-aarch64-unknown-linux-gnu.rpm"
195+
fpm_opts:
196+
"--architecture arm64
197+
--output-type rpm
198+
--version ${{ env.VERSION }}
199+
--package defguard-proxy-${{ env.VERSION }}-aarch64-unknown-linux-gnu.rpm
200+
--before-install linux/preinst
201+
--after-install linux/postinst
202+
--before-remove linux/prerm
203+
--after-remove linux/postrm"
174204

175205
- name: Build FreeBSD package
176206
uses: defGuard/fpm-action@main
177207
with:
178208
fpm_args:
179209
"defguard-proxy-${{ env.VERSION }}-x86_64-unknown-freebsd=/usr/local/bin/defguard-proxy
180-
defguard-proxy.service.freebsd=/usr/local/etc/rc.d/defguard-proxy
210+
freebsd/defguard-proxy=/usr/local/etc/rc.d/defguard-proxy
181211
example-config.toml=/etc/defguard/proxy.toml"
182-
fpm_opts: "--architecture amd64 --output-type freebsd --version ${{ env.VERSION }} --package defguard-proxy-${{ env.VERSION }}_x86_64-unknown-freebsd.pkg --freebsd-osversion '*' --depends openssl"
212+
fpm_opts:
213+
"--architecture amd64
214+
--output-type freebsd
215+
--version ${{ env.VERSION }}
216+
--package defguard-proxy-${{ env.VERSION }}_x86_64-unknown-freebsd.pkg
217+
--freebsd-osversion '*'
218+
--depends openssl
219+
--before-install freebsd/preinst
220+
--after-remove freebsd/postrm"
183221

184222
- name: Upload Linux x86_64 archive
185223
uses: shogo82148/actions-upload-release-asset@v1

Cargo.lock

Lines changed: 7 additions & 8 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

Cargo.toml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,7 @@ rustls-pki-types = "1"
1515
# base `axum` deps
1616
axum = { version = "0.8", features = ["ws"] }
1717
axum-client-ip = "0.7"
18-
axum-extra = { version = "0.10", features = [
18+
axum-extra = { version = "0.12", features = [
1919
"cookie",
2020
"cookie-private",
2121
"typed-header",

defguard-proxy.service.freebsd renamed to freebsd/defguard-proxy

File renamed without changes.

freebsd/postrm

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,9 @@
1+
#!/bin/sh
2+
set -e
3+
4+
USERNAME=defguard
5+
6+
if id -u ${USERNAME} >/dev/null 2>&1
7+
then
8+
echo "If no longer needed, remove ${USERNAME} manually: pw user del -n ${USERNAME}"
9+
fi

freebsd/preinst

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,13 @@
1+
#!/bin/sh
2+
set -e
3+
4+
USERNAME=defguard
5+
6+
if ! id -u ${USERNAME} >/dev/null 2>&1
7+
then
8+
pw user add -n ${USERNAME} -g nogroup -c "Defguard" -d /nonexistent -s /usr/sbin/nologin
9+
fi
10+
11+
mkdir -p /etc/defguard
12+
chown ${USERNAME}:${USERNAME} /etc/defguard
13+
chmod 750 /etc/defguard

defguard-proxy.service renamed to linux/defguard-proxy.service

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,12 +1,12 @@
11
[Unit]
2-
Description=defguard proxy service
2+
Description=Defguard Edge service
33
Documentation=https://defguard.gitbook.io/defguard/
44
Wants=network-online.target
55
After=network-online.target
66

77
[Service]
8-
DynamicUser=yes
98
User=defguard
9+
Group=defguard
1010
ExecReload=/bin/kill -HUP $MAINPID
1111
ExecStart=/usr/bin/defguard-proxy --config /etc/defguard/proxy.toml
1212
KillMode=process

linux/postinst

Lines changed: 22 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,22 @@
1+
#!/bin/sh
2+
set -e
3+
4+
SERVICE_NAME='defguard-proxy'
5+
6+
case "${1}" in
7+
1 | configure)
8+
if [ -x /usr/bin/systemctl ]; then
9+
/usr/bin/systemctl daemon-reload
10+
/usr/bin/systemctl enable ${SERVICE_NAME}
11+
/usr/bin/systemctl --no-block start ${SERVICE_NAME}
12+
fi
13+
;;
14+
abort-upgrade | abort-remove | abort-deconfigure)
15+
if [ -x /usr/bin/systemctl ]; then
16+
/usr/bin/systemctl daemon-reload
17+
if /usr/bin/systemctl is-enabled ${SERVICE_NAME} >/dev/null 2>&1; then
18+
/usr/bin/systemctl start ${SERVICE_NAME} || true
19+
fi
20+
fi
21+
;;
22+
esac

linux/postrm

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,13 @@
1+
#!/bin/sh
2+
set -e
3+
4+
USERNAME=defguard
5+
6+
if [ -x /usr/bin/systemctl ]; then
7+
/usr/bin/systemctl daemon-reload >/dev/null 2>&1 || true
8+
fi
9+
10+
if id -u ${USERNAME} >/dev/null 2>&1
11+
then
12+
echo "If no longer needed, remove ${USERNAME} manually: userdel ${USERNAME}"
13+
fi

0 commit comments

Comments
 (0)