@@ -63,19 +63,20 @@ jobs:
6363 contents : read
6464 security-events : write
6565 with :
66- asset-name : l3montree-cybersecurity/projects/devguard/assets/devguard
67- api-url : https://api.main.devguard.org
66+ devguard- asset-name : l3montree-cybersecurity/projects/devguard/assets/devguard
67+ devguard- api-url : https://api.main.devguard.org
6868 fail-on-risk : high
6969 fail-on-cvss : high
70- web-ui : https://main.devguard.org
71- continue-on-open-code-risk : true
70+ devguard- web-ui : https://main.devguard.org
71+ allow-failure : true
7272 secrets :
7373 devguard-token : ${{ secrets.DEVGUARD_TOKEN }}
7474
7575
7676 api-pipeline :
7777 if : github.event_name == 'workflow_dispatch' || startsWith(github.ref, 'refs/tags/') || github.ref == 'refs/heads/main'
7878 uses : l3montree-dev/devguard-ci-components/.github/workflows/full-nix.yml@main
79+ needs : [tests]
7980 permissions :
8081 contents : read
8182 packages : write
8586 nix-target-arm64 : devguard-arm64
8687 nix-version : ' 2.34.4'
8788 image-name : ghcr.io/${{ github.repository }}
88- asset-name : l3montree-cybersecurity/projects/devguard/assets/devguard
89- api-url : https://api.main.devguard.org
90- web-ui : https://main.devguard.org
89+ devguard- asset-name : l3montree-cybersecurity/projects/devguard/assets/devguard
90+ devguard- api-url : https://api.main.devguard.org
91+ devguard- web-ui : https://main.devguard.org
9192 fail-on-cvss : high
9293 fail-on-risk : high
9394 nix-cache-substituter : https://nix.garage.l3montree.cloud
@@ -111,9 +112,9 @@ jobs:
111112 nix-version : ' 2.34.4'
112113 image-name : ghcr.io/${{ github.repository }}/scanner
113114 artifact-name-suffix : scanner
114- asset-name : l3montree-cybersecurity/projects/devguard/assets/devguard
115- api-url : https://api.main.devguard.org
116- web-ui : https://main.devguard.org
115+ devguard- asset-name : l3montree-cybersecurity/projects/devguard/assets/devguard
116+ devguard- api-url : https://api.main.devguard.org
117+ devguard- web-ui : https://main.devguard.org
117118 fail-on-cvss : high
118119 fail-on-risk : high
119120 nix-cache-substituter : https://nix.garage.l3montree.cloud
@@ -136,9 +137,9 @@ jobs:
136137 nix-version : ' 2.34.4'
137138 image-name : ghcr.io/${{ github.repository }}/postgresql
138139 artifact-name-suffix : postgresql
139- asset-name : l3montree-cybersecurity/projects/devguard/assets/devguard-postgresql
140- api-url : https://api.main.devguard.org
141- web-ui : https://main.devguard.org
140+ devguard- asset-name : l3montree-cybersecurity/projects/devguard/assets/devguard-postgresql
141+ devguard- api-url : https://api.main.devguard.org
142+ devguard- web-ui : https://main.devguard.org
142143 fail-on-cvss : high
143144 fail-on-risk : high
144145 nix-cache-substituter : https://nix.garage.l3montree.cloud
@@ -176,10 +177,14 @@ jobs:
176177 id : tag
177178 run : |
178179 if [[ "${GITHUB_REF}" == refs/tags/* ]]; then
179- echo "tag=${GITHUB_REF#refs/tags/}" >> $GITHUB_OUTPUT
180+ TAG="${GITHUB_REF#refs/tags/}"
181+ echo "tag=${TAG}" >> $GITHUB_OUTPUT
180182 echo "TAG_NO_V=${GITHUB_REF_NAME#v}" >> $GITHUB_ENV
183+ MINOR=$(echo "${TAG#v}" | cut -d. -f1-2)
184+ echo "minor=${MINOR}" >> $GITHUB_OUTPUT
181185 else
182186 echo "tag=test-$(date +%Y%m%d-%H%M%S)" >> $GITHUB_OUTPUT
187+ echo "minor=0.0" >> $GITHUB_OUTPUT
183188 fi
184189
185190 - name : Build cross-platform binaries
@@ -195,6 +200,13 @@ jobs:
195200 GOOS=windows GOARCH=arm64 CGO_ENABLED=0 go build -ldflags=\"\$BUILD_FLAGS\" -o dist/devguard-scanner-windows-arm64.exe ./cmd/devguard-scanner
196201 GOOS=darwin GOARCH=amd64 CGO_ENABLED=0 go build -ldflags=\"\$BUILD_FLAGS\" -o dist/devguard-scanner-darwin-amd64 ./cmd/devguard-scanner
197202 GOOS=darwin GOARCH=arm64 CGO_ENABLED=0 go build -ldflags=\"\$BUILD_FLAGS\" -o dist/devguard-scanner-darwin-arm64 ./cmd/devguard-scanner
203+
204+ GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -ldflags=\"\$BUILD_FLAGS\" -o dist/devguard-cli-linux-amd64 ./cmd/devguard-cli
205+ GOOS=linux GOARCH=arm64 CGO_ENABLED=0 go build -ldflags=\"\$BUILD_FLAGS\" -o dist/devguard-cli-linux-arm64 ./cmd/devguard-cli
206+ GOOS=windows GOARCH=amd64 CGO_ENABLED=0 go build -ldflags=\"\$BUILD_FLAGS\" -o dist/devguard-cli-windows-amd64.exe ./cmd/devguard-cli
207+ GOOS=windows GOARCH=arm64 CGO_ENABLED=0 go build -ldflags=\"\$BUILD_FLAGS\" -o dist/devguard-cli-windows-arm64.exe ./cmd/devguard-cli
208+ GOOS=darwin GOARCH=amd64 CGO_ENABLED=0 go build -ldflags=\"\$BUILD_FLAGS\" -o dist/devguard-cli-darwin-amd64 ./cmd/devguard-cli
209+ GOOS=darwin GOARCH=arm64 CGO_ENABLED=0 go build -ldflags=\"\$BUILD_FLAGS\" -o dist/devguard-cli-darwin-arm64 ./cmd/devguard-cli
198210 "
199211 env :
200212 STEPS_TAG_OUTPUTS_TAG : ${{ steps.tag.outputs.tag }}
@@ -208,14 +220,24 @@ jobs:
208220 tar -czf devguard-scanner-linux-arm64.tar.gz devguard-scanner-linux-arm64
209221 tar -czf devguard-scanner-darwin-amd64.tar.gz devguard-scanner-darwin-amd64
210222 tar -czf devguard-scanner-darwin-arm64.tar.gz devguard-scanner-darwin-arm64
223+
224+ tar -czf devguard-cli-linux-arm64.tar.gz devguard-cli-linux-arm64
225+ tar -czf devguard-cli-linux-amd64.tar.gz devguard-cli-linux-amd64
226+ tar -czf devguard-cli-darwin-amd64.tar.gz devguard-cli-darwin-amd64
227+ tar -czf devguard-cli-darwin-arm64.tar.gz devguard-cli-darwin-arm64
211228
212229 # Create zip archives for Windows
213230 zip devguard-scanner-windows-amd64.zip devguard-scanner-windows-amd64.exe
214231 zip devguard-scanner-windows-arm64.zip devguard-scanner-windows-arm64.exe
232+
233+ zip devguard-cli-windows-amd64.zip devguard-cli-windows-amd64.exe
234+ zip devguard-cli-windows-arm64.zip devguard-cli-windows-arm64.exe
215235
216236 # Remove individual binaries, keep archives
217237 rm -f devguard-scanner-linux-amd64 devguard-scanner-linux-arm64 devguard-scanner-darwin-amd64 devguard-scanner-darwin-arm64
238+ rm -f devguard-cli-linux-amd64 devguard-cli-linux-arm64 devguard-cli-darwin-amd64 devguard-cli-darwin-arm64
218239 rm -f devguard-scanner-windows-amd64.exe devguard-scanner-windows-arm64.exe
240+ rm -f devguard-cli-windows-amd64.exe devguard-cli-windows-arm64.exe
219241
220242
221243 - name : Generate checksums
@@ -243,70 +265,135 @@ jobs:
243265 uses : softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v1
244266 with :
245267 tag_name : ${{ steps.tag.outputs.tag }}
246- name : " DevGuard Scanner ${{ steps.tag.outputs.tag }}"
268+ name : " DevGuard Release ${{ steps.tag.outputs.tag }}"
247269 draft : false
248- prerelease : ${{ contains(steps.tag.outputs.tag, 'test-') }}
270+ prerelease : ${{ contains(steps.tag.outputs.tag, 'test-') || contains(steps.tag.outputs.tag, '-rc') || contains(steps.tag.outputs.tag, '-alpha') || contains(steps.tag.outputs.tag, '-beta') }}
249271 body : |
250- ## 🚀 DevGuard Release ${{ steps.tag.outputs.tag }}
251-
252- **Secure software supply chain scanning and security analysis toolkit**
253-
254- ### Release Assets
255-
256- #### **📱 Binaries**
257- - `devguard-scanner-linux-amd64.tar.gz` - Linux x64 binary
258- - `devguard-scanner-linux-arm64.tar.gz` - Linux ARM64 binary
259- - `devguard-scanner-darwin-amd64.tar.gz` - macOS x64 binary
260- - `devguard-scanner-darwin-arm64.tar.gz` - macOS ARM64 (Apple Silicon) binary
261- - `devguard-scanner-windows-amd64.zip` - Windows x64 binary
262- - `devguard-scanner-windows-arm64.zip` - Windows ARM64 binary
263-
264- #### **🐳 Container Images**
265- - **Registry**:
266- - `ghcr.io/l3montree-dev/devguard:${{ steps.tag.outputs.tag }}` (Main platform)
267- - `ghcr.io/l3montree-dev/devguard-web:${{ steps.tag.outputs.tag }}` (Frontend of the platform)
268- - `ghcr.io/l3montree-dev/devguard/scanner:${{ steps.tag.outputs.tag }}` (Scanner tool)
269-
270- #### Helm Charts
271-
272- `oci://ghcr.io/l3montree-dev/devguard-helm-chart/devguard` (Main platform Helm chart)
272+ # 🚀 DevGuard Release ${{ steps.tag.outputs.tag }}
273273
274+ **Secure software supply chain scanning and security analysis platform**
275+
276+ ---
277+
278+ # 🔍 DevGuard Scanner
279+
280+ The Scanner performs software supply chain analysis, SBOM generation, vulnerability detection, and security scanning. It communicates with a running devguard-api instance.
281+
282+ ### 📱 Binaries
283+
284+ | Platform | Binary |
285+ |-----------|---------|
286+ | Linux x64 | `devguard-scanner-linux-amd64.tar.gz` |
287+ | Linux ARM64 | `devguard-scanner-linux-arm64.tar.gz` |
288+ | macOS x64 | `devguard-scanner-darwin-amd64.tar.gz` |
289+ | macOS ARM64 (Apple Silicon) | `devguard-scanner-darwin-arm64.tar.gz` |
290+ | Windows x64 | `devguard-scanner-windows-amd64.zip` |
291+ | Windows ARM64 | `devguard-scanner-windows-arm64.zip` |
292+
293+ **Download and Install**
274294 ```bash
275- helm install my-devguard oci://ghcr.io/l3montree-dev/devguard-helm-chart/devguard --version ${{ env.TAG_NO_V }}
276- ```
277-
278- ### Quick Start
279-
280- #### **Download and Install**
281- ```bash
282- # Linux/macOS - Download and extract
283295 curl -L https://github.com/l3montree-dev/devguard/releases/download/${{ steps.tag.outputs.tag }}/devguard-scanner-linux-amd64.tar.gz | tar -xz
296+
284297 chmod +x devguard-scanner-linux-amd64
285298 sudo mv devguard-scanner-linux-amd64 /usr/local/bin/devguard-scanner
286-
287- # Verify installation
288- devguard-scanner --version
299+
300+ #Verify
301+ devguard-scanner --help
289302 ```
290-
291- #### **Docker Usage**
303+
304+ ### 🐳 Container Image
305+
292306 ```bash
293- # Pull DevGuard Scanner from registry
294307 docker pull ghcr.io/l3montree-dev/devguard/scanner:${{ steps.tag.outputs.tag }}
295-
296- # Pull DevGuard Platform from registry
297- docker pull ghcr.io/l3montree-dev/devguard:${{ steps.tag.outputs.tag }}
298308 ```
299-
300- #### **Go Install**
309+
310+ ### Go Install
311+
301312 ```bash
302313 go install github.com/l3montree-dev/devguard/cmd/devguard-scanner@${{ steps.tag.outputs.tag }}
303314 ```
304-
315+
316+ ---
317+
318+ # 💻 DevGuard CLI
319+
320+ The CLI provides interaction capabilities with DevGuard. It is used in conjuction with a running devguard-api server. Some tasks like generating an instance admin key can be done using the devguard-cli binary.
321+
322+ ### 📱 Binaries
323+
324+ | Platform | Binary |
325+ |-----------|---------|
326+ | Linux x64 | `devguard-cli-linux-amd64.tar.gz` |
327+ | Linux ARM64 | `devguard-cli-linux-arm64.tar.gz` |
328+ | macOS x64 | `devguard-cli-darwin-amd64.tar.gz` |
329+ | macOS ARM64 (Apple Silicon) | `devguard-cli-darwin-arm64.tar.gz` |
330+ | Windows x64 | `devguard-cli-windows-amd64.zip` |
331+ | Windows ARM64 | `devguard-cli-windows-arm64.zip` |
332+
333+ **Download and Install**
334+ ```bash
335+ curl -L https://github.com/l3montree-dev/devguard/releases/download/${{ steps.tag.outputs.tag }}/devguard-cli-linux-amd64.tar.gz | tar -xz
336+
337+ chmod +x devguard-cli-linux-amd64
338+ sudo mv devguard-cli-linux-amd64 /usr/local/bin/devguard-cli
339+
340+ #Verify
341+ devguard-cli --help
342+ ```
343+
305344 ---
306-
307- 📖 **Documentation**: [DevGuard Documentation](https://github.com/l3montree-dev/devguard)
308- 🐛 **Report Issues**: [GitHub Issues](https://github.com/l3montree-dev/devguard/issues)
309- 💬 **Community**: [Discussions](https://github.com/l3montree-dev/devguard/discussions)
345+
346+ # 🛡️ DevGuard Platform
347+
348+ The DevGuard Platform provides centralized security visibility, findings management, and reporting.
349+
350+ ### 🐳 Container Image
351+
352+ ```bash
353+ docker pull ghcr.io/l3montree-dev/devguard:${{ steps.tag.outputs.tag }}
354+ ```
355+
356+ > The frontend image (`devguard-web`) is released separately — see [devguard-web releases](https://github.com/l3montree-dev/devguard-web/releases) for the matching `v${{ steps.tag.outputs.minor }}.*` release.
357+
358+ ---
359+
360+ # ☸️ Kubernetes Deployment
361+
362+ Deploy DevGuard to Kubernetes using the official Helm chart.
363+
364+ ### Helm Chart
365+
366+ ```text
367+ oci://ghcr.io/l3montree-dev/devguard-helm-chart/devguard
368+ ```
369+
370+ ### Install
371+
372+ ```bash
373+ helm install my-devguard \
374+ oci://ghcr.io/l3montree-dev/devguard-helm-chart/devguard \
375+ --version ${{ env.TAG_NO_V }}
376+ ```
377+
378+ ---
379+
380+ ## Versioning
381+
382+ All DevGuard components (`devguard`, `devguard-web`, Helm chart) share the same **minor version**. Any `v${{ steps.tag.outputs.minor }}.*` release of one component is compatible with any `v${{ steps.tag.outputs.minor }}.*` release of another. Patch versions are released independently per component — you do not need to upgrade all components simultaneously as long as the minor version matches.
383+
384+ 📖 See [VERSIONING.md](https://github.com/l3montree-dev/devguard/blob/main/VERSIONING.md) for the full policy.
385+ 📋 See [CHANGELOG](https://github.com/l3montree-dev/devguard/blob/main/CHANGELOG.md) for what changed in this release.
386+
387+ ---
388+
389+ ## Resources
390+
391+ 📖 Documentation: https://github.com/l3montree-dev/devguard
392+
393+ 🐛 Report Issues: https://github.com/l3montree-dev/devguard/issues
394+
395+ 💬 Community Discussions: https://github.com/l3montree-dev/devguard/discussions
396+
310397 files : |
311398 dist/*.tar.gz
312399 dist/*.zip
0 commit comments