Skip to content

chore(deps): Bump vergen from 9.0.2 to 9.0.3 #724

chore(deps): Bump vergen from 9.0.2 to 9.0.3

chore(deps): Bump vergen from 9.0.2 to 9.0.3 #724

Workflow file for this run

name: Release
on:
push:
tags:
- "v*"
branches:
- main
permissions:
contents: read
jobs:
linux:
if: startsWith(github.ref, 'refs/tags/') && github.event_name == 'push'
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
egress-policy: block
allowed-endpoints: >
azure.archive.ubuntu.com:80
crates.io:443
esm.ubuntu.com:443
github.com:443
index.crates.io:443
motd.ubuntu.com:443
ppa.launchpadcontent.net:443
static.crates.io:443
static.rust-lang.org:443
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Setup Rust toolchain
run: |
rustup target install x86_64-unknown-linux-musl
sudo apt-get install -y musl musl-dev musl-tools dpkg-dev liblzma-dev
cargo install cargo-deb
- id: version
run: echo "version=$(cargo metadata --format-version=1 --no-deps | jq '.packages[] | select(.name == "malwaredb") | .version' --raw-output)" >>$GITHUB_OUTPUT
- name: Install dependencies
run: sudo apt-get install -y libmagic-dev
- name: Install GUI dependencies
run: sudo apt-get install -y libxcb-shape0-dev libxcb-xfixes0-dev libx11-dev libxkbcommon-dev libfontconfig-dev libxext-dev libxft-dev libxinerama-dev libxcursor-dev libxrender-dev libxfixes-dev
- name: Build client
run: cargo build --workspace --bin mdb_client --target x86_64-unknown-linux-musl --release
- name: Package client
run: |
cd client
cargo deb --target x86_64-unknown-linux-musl
- name: Build server
run: cargo build --features=admin,admin-gui,sqlite,vt --bin mdb_server --target x86_64-unknown-linux-musl --release
- name: Package server
run: cargo deb --target x86_64-unknown-linux-musl
- run: mv target/x86_64-unknown-linux-musl/release/mdb_server target/x86_64-unknown-linux-musl/release/mdb_server_linux_musl_x86_64
- name: Upload mdb_server
uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
with:
name: mdb_server_linux_musl_x86_64
path: target/x86_64-unknown-linux-musl/release/mdb_server_linux_musl_x86_64
if-no-files-found: error
retention-days: 5
- name: Upload mdb_server deb
uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
with:
name: "malwaredb_${{ steps.version.outputs.version }}-1_amd64.deb"
path: "target/x86_64-unknown-linux-musl/debian/malwaredb_${{ steps.version.outputs.version }}-1_amd64.deb"
if-no-files-found: error
retention-days: 5
- run: mv target/x86_64-unknown-linux-musl/release/mdb_client target/x86_64-unknown-linux-musl/release/mdb_client_linux_musl_x86_64
- name: Upload mdb_client
uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
with:
name: mdb_client_linux_musl_x86_64
path: target/x86_64-unknown-linux-musl/release/mdb_client_linux_musl_x86_64
retention-days: 5
- name: Upload mdb_client deb
uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
with:
name: "malwaredb-client_${{ steps.version.outputs.version }}-1_amd64.deb"
path: "target/x86_64-unknown-linux-musl/debian/malwaredb-client_${{ steps.version.outputs.version }}-1_amd64.deb"
if-no-files-found: error
retention-days: 5
# Re-do the SBOM so we can upload in the release
- name: Install cargo-cyclonedx
run: cargo install cargo-cyclonedx
- name: Run cycloneDX and get JSON output
run: cargo cyclonedx --all --all-features --format=json --override-filename sbom
- name: Run cycloneDX and get XML output
run: cargo cyclonedx --all --all-features --format=xml --override-filename sbom
- name: Upload the JSON BOM file
uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
with:
name: sbom.json
path: sbom.json
if-no-files-found: error
retention-days: 5
- name: Upload the XML BOM file
uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
with:
name: sbom.xml
path: sbom.xml
if-no-files-found: error
retention-days: 5
macos:
if: startsWith(github.ref, 'refs/tags/') && github.event_name == 'push'
runs-on: macos-14
steps:
- name: Update Rust
run: rustup update
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Install libmagic
run: brew install libmagic
- name: Build client
run: cargo build --workspace --bin mdb_client --release
- name: Build server
run: cargo build --features=admin,admin-gui,sqlite,vt --bin mdb_server --release
env:
LIBRARY_PATH: "/opt/homebrew/lib:/opt/homebrew/opt/libmagic/lib"
- run: mv ./target/release/mdb_server ./target/release/mdb_server_darwin_arm64
- run: mv ./target/release/mdb_client ./target/release/mdb_client_darwin_arm64
- name: Upload mdb_server
uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
with:
name: mdb_server_darwin_arm64
path: target/release/mdb_server_darwin_arm64
if-no-files-found: error
retention-days: 5
- name: Upload mdb_client
uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
with:
name: mdb_client_darwin_arm64
path: target/release/mdb_client_darwin_arm64
if-no-files-found: error
retention-days: 5
windows:
if: startsWith(github.ref, 'refs/tags/') && github.event_name == 'push'
runs-on: windows-latest
env:
VCPKG_LIBRARY_LINKAGE: static
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: dtolnay/rust-toolchain@d0e72ca3bfdc51937a4f81431ccbed269ef9f2a2 # stable
- uses: ChristopheLav/windows-sdk-install@88d72875fb873886ea398ed04041446da6f26f86 # v1.0.3
with:
version-sdk: 22621
features: 'OptionId.DesktopCPPx64,OptionId.DesktopCPParm64'
- run: rustup target install aarch64-pc-windows-msvc
- name: Install vcpkg
run: |
cargo install cargo-vcpkg
vcpkg install libmagic:x64-windows-static-md
vcpkg install libmagic:arm64-windows-static-md
vcpkg integrate install
- name: Build client x86_64
run: cargo build --workspace --bin mdb_client --release
- name: Build client arm64
run: cargo build --workspace --bin mdb_client --release --target=aarch64-pc-windows-msvc
- name: Build server x86_64
run: cargo build --features=admin,admin-gui,sqlite,vt --release
- name: Build server arm64
run: cargo build --features=admin,admin-gui,sqlite,vt --release --target=aarch64-pc-windows-msvc
- run: |
copy target/release/mdb_server.exe target/release/mdb_server_amd64.exe
copy target/release/mdb_client.exe target/release/mdb_client_amd64.exe
copy target/aarch64-pc-windows-msvc/release/mdb_server.exe target/aarch64-pc-windows-msvc/release/mdb_server_arm64.exe
copy target/aarch64-pc-windows-msvc/release/mdb_client.exe target/aarch64-pc-windows-msvc/release/mdb_client_arm64.exe
- name: Upload mdb_server.exe
uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
with:
name: mdb_server_amd64.exe
path: target/release/mdb_server_amd64.exe
if-no-files-found: error
retention-days: 5
- name: Upload mdb_server_arm64.exe
uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
with:
name: mdb_server_arm64.exe
path: target/aarch64-pc-windows-msvc/release/mdb_server_arm64.exe
if-no-files-found: error
retention-days: 5
- name: Upload mdb_client.exe
uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
with:
name: mdb_client_amd64.exe
path: target/release/mdb_client_amd64.exe
if-no-files-found: error
retention-days: 5
- name: Upload mdb_client_arm64.exe
uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
with:
name: mdb_client_arm64.exe
path: target/aarch64-pc-windows-msvc/release/mdb_client_arm64.exe
if-no-files-found: error
retention-days: 5
release:
if: startsWith(github.ref, 'refs/tags/') && github.event_name == 'push'
needs: [ windows, macos, linux ]
runs-on: ubuntu-latest
permissions:
contents: write
steps:
- name: Harden Runner
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
with:
egress-policy: block
allowed-endpoints: >
api.github.com:443
api.snapcraft.io:443
azure.archive.ubuntu.com:80
esm.ubuntu.com:443
github.com:443
motd.ubuntu.com:443
objects.githubusercontent.com:443
uploads.github.com:443
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- id: version
run: echo "version=$(cargo metadata --format-version=1 --no-deps | jq '.packages[] | select(.name == "malwaredb") | .version' --raw-output)" >>$GITHUB_OUTPUT
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: mdb_server_darwin_arm64
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: mdb_client_darwin_arm64
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: mdb_server_amd64.exe
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: mdb_server_arm64.exe
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: mdb_client_amd64.exe
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: mdb_client_arm64.exe
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: mdb_server_linux_musl_x86_64
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: "malwaredb_${{ steps.version.outputs.version }}-1_amd64.deb"
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: mdb_client_linux_musl_x86_64
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: "malwaredb-client_${{ steps.version.outputs.version }}-1_amd64.deb"
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: sbom.xml
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
with:
name: sbom.json
- name: Download minisign
run: |
sudo apt-get install wget
wget https://github.com/jedisct1/minisign/releases/download/0.11/minisign-0.11-linux.tar.gz
tar xzf minisign-0.11-linux.tar.gz
mv minisign-linux/x86_64/minisign .
- name: Sign artifacts
run: |
mkdir ~/.minisign/
echo "${{ secrets.MINISIGN_KEY }}" > ~/.minisign/minisign.key
echo | ./minisign -Sm mdb_* malwaredb* sbom.*
echo | ./minisign -R
- uses: softprops/action-gh-release@7b4da11513bf3f43f9999e90eabced41ab8bb048 # v2.2.0
with:
draft: true
prerelease: true
generate_release_notes: true
files: |
mdb_server_darwin_arm64
mdb_server_darwin_arm64.minisig
mdb_client_darwin_arm64
mdb_client_darwin_arm64.minisig
mdb_server_amd64.exe
mdb_server_amd64.exe.minisig
mdb_server_arm64.exe
mdb_server_arm64.exe.minisig
mdb_client_amd64.exe
mdb_client_amd64.exe.minisig
mdb_client_arm64.exe
mdb_client_arm64.exe.minisig
mdb_server_linux_musl_x86_64
mdb_server_linux_musl_x86_64.minisig
mdb_client_linux_musl_x86_64
mdb_client_linux_musl_x86_64.minisig
malwaredb_${{ steps.version.outputs.version }}-1_amd64.deb
malwaredb_${{ steps.version.outputs.version }}-1_amd64.deb.minisig
malwaredb-client_${{ steps.version.outputs.version }}-1_amd64.deb
malwaredb-client_${{ steps.version.outputs.version }}-1_amd64.deb.minisig
sbom.xml
sbom.xml.minisig
sbom.json
sbom.json.minisig
minisign.pub
- run: echo 00000 > ~/.minisign/minisign.key