DefGuard · t-aleksander · Aug 27, 2024 · Aug 4, 2024 · Aug 6, 2024 · Aug 6, 2024
diff --git a/.fpm b/.fpm
@@ -1,6 +1,5 @@
 -s dir
 --name defguard-proxy
---architecture x86_64
 --description "defguard proxy service"
 --url "https://defguard.net/"
 --maintainer "teonite"
diff --git a/.github/workflows/build-docker.yml b/.github/workflows/build-docker.yml
@@ -0,0 +1,80 @@
+name: Build Docker image
+
+on:
+  workflow_call:
+    inputs:
+      tags:
+        description: "List of tags as key-value pair attributes"
+        required: false
+        type: string
+
+env:
+  GHCR_REPO: ghcr.io/defguard/proxy
+
+jobs:
+  build-docker:
+    runs-on:
+      - self-hosted
+      - Linux
+      - ${{ matrix.runner }}
+    strategy:
+      matrix:
+        cpu: [arm64, amd64]
+        include:
+          - cpu: arm64
+            runner: ARM64
+          - cpu: amd64
+            runner: X64
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          submodules: recursive
+      - name: Login to GitHub container registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          buildkitd-config-inline: |
+            [registry."docker.io"]
+              mirrors = ["dockerhub-proxy.teonite.net"]
+      - name: Build container
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          platforms: linux/${{ matrix.cpu }}
+          provenance: false
+          push: true
+          tags: ${{ env.GHCR_REPO }}:${{ github.sha }}-${{ matrix.cpu }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+  docker-manifest:
+    runs-on: [self-hosted, Linux]
+    needs: [build-docker]
+    steps:
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            ${{ env.GHCR_REPO }}
+          tags: ${{ inputs.tags }}
+      - name: Login to GitHub container registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Create and push manifests
+        run: |
+          tags='${{ env.GHCR_REPO }}:${{ github.sha }} ${{ steps.meta.outputs.tags }}'
+          for tag in ${tags}
+          do
+            docker manifest create --amend ${tag} ${{ env.GHCR_REPO }}:${{ github.sha }}-amd64 ${{ env.GHCR_REPO }}:${{ github.sha }}-arm64
+            docker manifest push ${tag}
+          done
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
diff --git a/.github/workflows/current.yml b/.github/workflows/current.yml
@@ -0,0 +1,22 @@
+name: Build current image
+on:
+  push:
+    branches:
+      - main
+      - dev
+    paths-ignore:
+      - "*.md"
+      - "LICENSE"
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  build-current:
+    uses: ./.github/workflows/build-docker.yml
+    with:
+      tags: |
+        type=raw,value=current
+        type=ref,event=branch
+        type=sha
diff --git a/.github/workflows/lint-web.yml b/.github/workflows/lint-web.yml
@@ -18,10 +18,10 @@ jobs:
   lint-web:
     runs-on: self-hosted
     steps:
-      - uses: actions/checkout@v3
-      - uses: actions/setup-node@v3
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
         with:
-          node-version: 19
+          node-version: 20
       - name: install deps
         working-directory: ./web
         run: |

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -5,50 +5,19 @@ on:
     tags:
       - v*.*.*
 
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
 jobs:
-  publish-docker:
-    runs-on: [self-hosted, Linux]
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v3
-        with:
-          submodules: recursive
-      - name: Docker meta
-        id: meta
-        uses: docker/metadata-action@v5
-        with:
-          images: |
-            ghcr.io/DefGuard/defguard-proxy
-          tags: |
-            type=raw,value=latest
-            type=semver,pattern={{version}}
-            type=semver,pattern={{major}}.{{minor}}
-            type=sha
-      - name: Login to GitHub container registry
-        if: github.event_name != 'pull_request'
-        uses: docker/login-action@v3
-        with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v3
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-        with:
-          config-inline: |
-            [registry."docker.io"]
-              mirrors = ["dockerhub-proxy.teonite.net"]
-      - name: Build container
-        uses: docker/build-push-action@v5
-        with:
-          context: .
-          platforms: linux/amd64
-          push: ${{ github.event_name != 'pull_request' }}
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
+  build-latest:
+    uses: ./.github/workflows/build-docker.yml
+    with:
+      tags: |
+        type=raw,value=latest
+        type=semver,pattern={{version}}
+        type=semver,pattern={{major}}.{{minor}}
+        type=sha
 
   create-release:
     name: create-release
@@ -65,25 +34,25 @@ jobs:
           generate_release_notes: true
 
   build-binaries:
-    needs: [ "create-release" ]
+    needs: [create-release]
     runs-on:
       - self-hosted
       - ${{ matrix.os }}
     strategy:
       fail-fast: false
       matrix:
-        build: [ linux, linux-arm, linux-arm64, freebsd ]
+        build: [linux, linux-arm64, freebsd]
         include:
           - build: linux
+            arch: amd64
             os: Linux
             target: x86_64-unknown-linux-gnu
-          - build: linux-arm
-            os: Linux
-            target: armv7-unknown-linux-gnueabihf
           - build: linux-arm64
+            arch: arm64
             os: Linux
             target: aarch64-unknown-linux-gnu
           - build: freebsd
+            arch: amd64
             os: Linux
             target: x86_64-unknown-freebsd
     steps:
@@ -95,7 +64,7 @@ jobs:
           echo "VERSION=$VERSION" >> $GITHUB_ENV
 
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           submodules: recursive
 
@@ -122,7 +91,7 @@ jobs:
         uses: actions/setup-node@v4
         with:
           node-version: 20
-          cache: 'pnpm'
+          cache: "pnpm"
           cache-dependency-path: ./web/pnpm-lock.yaml
 
       - name: Install frontend dependencies
@@ -166,7 +135,7 @@ jobs:
         uses: bpicode/github-action-fpm@master
         with:
           fpm_args: "defguard-proxy-${{ github.ref_name }}-${{ matrix.target }}=/usr/bin/defguard-proxy defguard-proxy.service=/usr/lib/systemd/system/defguard-proxy.service example-config.toml=/etc/defguard/proxy.toml"
-          fpm_opts: "--debug --output-type deb --version ${{ env.VERSION }} --package defguard-proxy-${{ env.VERSION }}-${{ matrix.target }}.deb"
+          fpm_opts: "--architecture ${{ matrix.arch }} --debug --output-type deb --version ${{ env.VERSION }} --package defguard-proxy-${{ env.VERSION }}-${{ matrix.target }}.deb"
 
       - name: Upload DEB
         if: matrix.build == 'linux'
@@ -184,7 +153,7 @@ jobs:
         uses: bpicode/github-action-fpm@master
         with:
           fpm_args: "defguard-proxy-${{ github.ref_name }}-${{ matrix.target }}=/usr/bin/defguard-proxy defguard-proxy.service=/usr/lib/systemd/system/defguard-proxy.service example-config.toml=/etc/defguard/proxy.toml"
-          fpm_opts: "--debug --output-type rpm --version ${{ env.VERSION }} --package defguard-proxy-${{ env.VERSION }}-${{ matrix.target }}.rpm"
+          fpm_opts: "--architecture ${{ matrix.arch }} --debug --output-type rpm --version ${{ env.VERSION }} --package defguard-proxy-${{ env.VERSION }}-${{ matrix.target }}.rpm"
 
       - name: Upload RPM
         if: matrix.build == 'linux'

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -6,29 +6,29 @@ on:
       - main
       - dev
     paths-ignore:
-      - '*.md'
-      - 'LICENSE'
+      - "*.md"
+      - "LICENSE"
   pull_request:
     branches:
       - main
       - dev
     paths-ignore:
-      - '*.md'
-      - 'LICENSE'
+      - "*.md"
+      - "LICENSE"
 
 env:
   CARGO_TERM_COLOR: always
 
 jobs:
   test:
     runs-on: [self-hosted, Linux]
-    container: rust:1.75
+    container: rust:1
 
     steps:
       - name: Debug
         run: echo ${{ github.ref_name }}
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           submodules: recursive
       - name: Cache