Skip to content

Get rid of Cross-rs #308

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
moubctez merged 4 commits into from
Apr 15, 2026
+197 −188
Merged

Get rid of Cross-rs #308

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
3b75106
Get rid of Cross-rs
moubctez Apr 15, 2026
f3250ca
fix
moubctez Apr 15, 2026
414990c
Remove test
moubctez Apr 15, 2026
26e6bf1
fix
moubctez Apr 15, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
255 changes: 151 additions & 104 deletions .github/workflows/release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,12 @@ concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true

env:
SQLX_OFFLINE: "1"
# sccache
SCCACHE_GHA_ENABLED: "true"
RUSTC_WRAPPER: "sccache"

jobs:
build-docker-release:
# Ignore tags with -, like v1.0.0-alpha
Expand Down Expand Up @@ -45,174 +51,215 @@ jobs:
steps:
- name: Create GitHub release
id: release
uses: softprops/action-gh-release@v2
if: startsWith(github.ref, 'refs/tags/')
uses: shogo82148/actions-create-release@v1
with:
draft: true
generate_release_notes: true

create-sbom:
needs: [create-release, build-docker-release]
needs:
- create-release
- build-docker-release
uses: ./.github/workflows/sbom.yml
with:
upload_url: ${{ needs.create-release.outputs.upload_url }}

build-release:
name: Release ${{ matrix.build }}
needs: [create-release]
needs:
- create-release
runs-on:
- self-hosted
- ${{ matrix.os }}
- Linux
- X64
strategy:
fail-fast: false
matrix:
build: [linux, linux-arm64, freebsd]
include:
- build: linux
arch: amd64
os: Linux
asset_name: defguard-gateway-linux-x86_64
target: x86_64-unknown-linux-gnu
- build: linux-arm64
arch: arm64
os: Linux
asset_name: defguard-gateway-linux-arm64
target: aarch64-unknown-linux-gnu
- build: freebsd
arch: amd64
os: Linux
asset_name: defguard-gateway-freebsd-x86_64
target: x86_64-unknown-freebsd
steps:
# Store the version, stripping any v-prefix
- name: Write release version
run: |
VERSION=${GITHUB_REF_NAME#v}
echo Version: $VERSION
echo "VERSION=$VERSION" >> $GITHUB_ENV

- name: Checkout
uses: actions/checkout@v6
with:
submodules: recursive

- name: Install Rust stable
uses: actions-rs/toolchain@v1
uses: dtolnay/rust-toolchain@stable
with:
toolchain: 1.89.0 # "stable" causes rust-lld: error on aarch64-linux
target: ${{ matrix.target }}
override: true
targets: "aarch64-unknown-linux-gnu"

- name: Run sccache-cache
uses: mozilla-actions/sccache-action@v0.0.9

- name: Build Linux x86_64 binary
run: |
cargo build --locked --release --target x86_64-unknown-linux-gnu
mv target/x86_64-unknown-linux-gnu/release/defguard-gateway defguard-gateway-${{ env.VERSION }}-x86_64-unknown-linux-gnu
tar -zcf defguard-gateway-${{ env.VERSION }}-x86_64-unknown-linux-gnu.tar.gz \
defguard-gateway-${{ env.VERSION }}-x86_64-unknown-linux-gnu

- name: Build Linux aarch64 binary
env:
CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER: aarch64-linux-gnu-gcc
PKG_CONFIG_SYSROOT_DIR: /usr/lib/aarch64-linux-gnu
run: |
cargo build --locked --release --target aarch64-unknown-linux-gnu
mv target/aarch64-unknown-linux-gnu/release/defguard-gateway defguard-gateway-${{ env.VERSION }}-aarch64-unknown-linux-gnu
tar -zcf defguard-gateway-${{ env.VERSION }}-aarch64-unknown-linux-gnu.tar.gz \
defguard-gateway-${{ env.VERSION }}-aarch64-unknown-linux-gnu

- name: Setup `packer`
uses: hashicorp/setup-packer@main
id: setup
- name: Build FreeBSD binary
run: |
rsync -rlptxzH -e 'ssh -l root' --del ./ freebsd:work/gateway/
ssh root@freebsd 'cd work/gateway && cargo build --locked --release'
scp root@freebsd:work/gateway/target/release/defguard-gateway defguard-gateway-${{ env.VERSION }}-x86_64-unknown-freebsd
tar -zcf defguard-gateway-${{ env.VERSION }}-x86_64-unknown-freebsd.tar.gz \
defguard-gateway-${{ env.VERSION }}-x86_64-unknown-freebsd

- name: Build x86_64 DEB package
uses: defGuard/fpm-action@main
with:
fpm_args:
"defguard-gateway-${{ env.VERSION }}-x86_64-unknown-linux-gnu=/usr/bin/defguard-gateway
defguard-gateway.service=/usr/lib/systemd/system/defguard-gateway.service
example-config.toml=/etc/defguard/gateway.toml.sample"
fpm_opts: "--architecture amd64 --output-type deb --version ${{ env.VERSION }} --package defguard-gateway-${{ env.VERSION }}-x86_64-unknown-linux-gnu.deb --after-install after-install.sh"

- name: Build aarch64 DEB package
uses: defGuard/fpm-action@main
with:
fpm_args:
"defguard-gateway-${{ env.VERSION }}-aarch64-unknown-linux-gnu=/usr/bin/defguard-gateway
defguard-gateway.service=/usr/lib/systemd/system/defguard-gateway.service
example-config.toml=/etc/defguard/gateway.toml.sample"
fpm_opts: "--architecture arm64 --output-type deb --version ${{ env.VERSION }} --package defguard-gateway-${{ env.VERSION }}-aarch64-unknown-linux-gnu.deb --after-install after-install.sh"

- name: Build release binary
uses: actions-rs/cargo@v1
- name: Build x86_64 RPM package
uses: defGuard/fpm-action@main
with:
use-cross: true
command: build
args: --locked --release --target ${{ matrix.target }}
fpm_args:
"defguard-gateway-${{ env.VERSION }}-x86_64-unknown-linux-gnu=/usr/bin/defguard-gateway
defguard-gateway.service=/usr/lib/systemd/system/defguard-gateway.service
example-config.toml=/etc/defguard/gateway.toml.sample"
fpm_opts: "--architecture amd64 --output-type rpm --version ${{ env.VERSION }} --package defguard-gateway-${{ env.VERSION }}-x86_64-unknown-linux-gnu.rpm --after-install after-install.sh"

- name: Rename binary
run: mv target/${{ matrix.target }}/release/defguard-gateway ${{ matrix.asset_name }}-${{ github.ref_name }}
- name: Build aarch64 RPM package
uses: defGuard/fpm-action@main
with:
fpm_args:
"defguard-gateway-${{ env.VERSION }}-aarch64-unknown-linux-gnu=/usr/bin/defguard-gateway
defguard-gateway.service=/usr/lib/systemd/system/defguard-gateway.service
example-config.toml=/etc/defguard/gateway.toml.sample"
fpm_opts: "--architecture arm64 --output-type rpm --version ${{ env.VERSION }} --package defguard-gateway-${{ env.VERSION }}-aarch64-unknown-linux-gnu.rpm --after-install after-install.sh"

- name: Tar
uses: a7ul/tar-action@v1.2.0
- name: Build FreeBSD package
uses: defGuard/fpm-action@main
with:
command: c
files: |
${{ matrix.asset_name }}-${{ github.ref_name }}
outPath: ${{ matrix.asset_name }}-${{ github.ref_name }}-${{ matrix.target }}.tar.gz
fpm_args:
"defguard-gateway-${{ env.VERSION }}-x86_64-unknown-freebsd=/usr/local/bin/defguard-gateway
defguard-gateway.service.freebsd=/usr/local/etc/rc.d/defguard-gateway
example-config.toml=/etc/defguard/gateway.toml.sample"
fpm_opts: "--architecture amd64 --output-type freebsd --version ${{ env.VERSION }} --package defguard-gateway-${{ env.VERSION }}_x86_64-unknown-freebsd.pkg --freebsd-osversion '*' --depends openssl"

- name: Upload release archive
uses: actions/upload-release-asset@v1
- name: Build OPNsense package
uses: defGuard/fpm-action@main
with:
fpm_args:
"defguard-gateway-${{ env.VERSION }}-x86_64-unknown-freebsd=/usr/local/bin/defguard-gateway
defguard-gateway.service.freebsd=/usr/local/etc/rc.d/defguard-gateway
example-config.toml=/etc/defguard/gateway.toml.sample
defguard-rc.conf=/etc/rc.conf.d/defguard_gateway
opnsense/src/etc/=/usr/local/etc/
opnsense/src/opnsense/=/usr/local/opnsense/"
fpm_opts: "--architecture amd64 --output-type freebsd --version ${{ env.VERSION }} --package defguard-gateway-${{ env.VERSION }}_x86_64-unknown-opnsense.pkg --freebsd-osversion '*' --depends openssl"

- name: Upload Linux x86_64 archive
uses: shogo82148/actions-upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ needs.create-release.outputs.upload_url }}
asset_path: ${{ matrix.asset_name }}-${{ github.ref_name }}-${{ matrix.target }}.tar.gz
asset_name: ${{ matrix.asset_name }}-${{ github.ref_name }}-${{ matrix.target }}.tar.gz
asset_content_type: application/octet-stream
asset_path: defguard-gateway-${{ env.VERSION }}-x86_64-unknown-linux-gnu.tar.gz
asset_content_type: application/gzip
overwrite: true

- name: Build DEB package
if: matrix.build != 'freebsd'
uses: defGuard/fpm-action@main
- name: Upload Linux aarch64 archive
uses: shogo82148/actions-upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
fpm_args: "${{ matrix.asset_name }}-${{ github.ref_name }}=/usr/sbin/defguard-gateway defguard-gateway.service=/usr/lib/systemd/system/defguard-gateway.service example-config.toml=/etc/defguard/gateway.toml.sample"
fpm_opts: "--architecture ${{ matrix.arch }} --debug --output-type deb --version ${{ env.VERSION }} --package defguard-gateway_${{ env.VERSION }}_${{ matrix.target }}.deb --after-install after-install.sh"
upload_url: ${{ needs.create-release.outputs.upload_url }}
asset_path: defguard-gateway-${{ env.VERSION }}-aarch64-unknown-linux-gnu.tar.gz
asset_content_type: application/gzip
overwrite: true

- name: Upload DEB
if: matrix.build != 'freebsd'
uses: actions/upload-release-asset@v1
- name: Upload FreeBSD x86_64 archive
uses: shogo82148/actions-upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ needs.create-release.outputs.upload_url }}
asset_path: defguard-gateway_${{ env.VERSION }}_${{ matrix.target }}.deb
asset_name: defguard-gateway_${{ env.VERSION }}_${{ matrix.target }}.deb
asset_content_type: application/octet-stream
asset_path: defguard-gateway-${{ env.VERSION }}-x86_64-unknown-freebsd.tar.gz
asset_content_type: application/gzip
overwrite: true

- name: Build RPM package
if: matrix.build == 'linux'
uses: defGuard/fpm-action@main
- name: Upload Linux x86_64 DEB
uses: shogo82148/actions-upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
fpm_args: "${{ matrix.asset_name }}-${{ github.ref_name }}=/usr/sbin/defguard-gateway defguard-gateway.service=/usr/lib/systemd/system/defguard-gateway.service example-config.toml=/etc/defguard/gateway.toml.sample"
fpm_opts: "--architecture ${{ matrix.arch }} --debug --output-type rpm --version ${{ env.VERSION }} --package defguard-gateway_${{ env.VERSION }}_${{ matrix.target }}.rpm --after-install after-install.sh"
upload_url: ${{ needs.create-release.outputs.upload_url }}
asset_path: defguard-gateway-${{ env.VERSION }}-x86_64-unknown-linux-gnu.deb
asset_content_type: application/gzip
overwrite: true

- name: Upload RPM
if: matrix.build == 'linux'
uses: actions/upload-release-asset@v1
- name: Upload Linux aarch64 DEB
uses: shogo82148/actions-upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ needs.create-release.outputs.upload_url }}
asset_path: defguard-gateway_${{ env.VERSION }}_${{ matrix.target }}.rpm
asset_name: defguard-gateway_${{ env.VERSION }}_${{ matrix.target }}.rpm
asset_content_type: application/octet-stream
asset_path: defguard-gateway-${{ env.VERSION }}-aarch64-unknown-linux-gnu.deb
asset_content_type: application/gzip
overwrite: true

- name: Build FreeBSD package
if: matrix.build == 'freebsd'
uses: defGuard/fpm-action@main
- name: Upload Linux x86_64 RPM
uses: shogo82148/actions-upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
fpm_args:
"${{ matrix.asset_name }}-${{ github.ref_name }}=/usr/local/sbin/defguard-gateway
defguard-gateway.service.freebsd=/usr/local/etc/rc.d/defguard_gateway
example-config.toml=/etc/defguard/gateway.toml.sample
defguard-rc.conf=/etc/rc.conf.d/defguard_gateway"
fpm_opts: "--architecture ${{ matrix.arch }} --debug --output-type freebsd --version ${{ env.VERSION }} --package defguard-gateway_${{ env.VERSION }}_${{ matrix.target }}.pkg --freebsd-osversion '*'"
upload_url: ${{ needs.create-release.outputs.upload_url }}
asset_path: defguard-gateway-${{ env.VERSION }}-x86_64-unknown-linux-gnu.rpm
asset_content_type: application/gzip
overwrite: true

- name: Upload FreeBSD
if: matrix.build == 'freebsd'
uses: actions/upload-release-asset@v1
- name: Upload Linux aarch64 RPM
uses: shogo82148/actions-upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ needs.create-release.outputs.upload_url }}
asset_path: defguard-gateway_${{ env.VERSION }}_${{ matrix.target }}.pkg
asset_name: defguard-gateway_${{ env.VERSION }}_${{ matrix.target }}.pkg
asset_content_type: application/octet-stream
asset_path: defguard-gateway-${{ env.VERSION }}-aarch64-unknown-linux-gnu.rpm
asset_content_type: application/gzip
overwrite: true

- name: Build OPNsense package
if: matrix.build == 'freebsd'
uses: defGuard/fpm-action@main
- name: Upload FreeBSD package
uses: shogo82148/actions-upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
fpm_args:
"${{ matrix.asset_name }}-${{ github.ref_name }}=/usr/local/sbin/defguard-gateway
defguard-gateway.service.freebsd=/usr/local/etc/rc.d/defguard_gateway
example-config.toml=/etc/defguard/gateway.toml.sample
defguard-rc.conf=/etc/rc.conf.d/defguard_gateway
opnsense/src/etc/=/usr/local/etc/
opnsense/src/opnsense/=/usr/local/opnsense/"
fpm_opts: "--architecture ${{ matrix.arch }} --debug --output-type freebsd --version ${{ env.VERSION }} --package defguard-gateway_${{ env.VERSION }}_x86_64-unknown-opnsense.pkg --freebsd-osversion '*'"
upload_url: ${{ needs.create-release.outputs.upload_url }}
asset_path: defguard-gateway-${{ env.VERSION }}_x86_64-unknown-freebsd.pkg
asset_content_type: application/x-pkg
overwrite: true

- name: Upload OPNsense package
if: matrix.build == 'freebsd'
uses: actions/upload-release-asset@v1
uses: shogo82148/actions-upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ needs.create-release.outputs.upload_url }}
asset_path: defguard-gateway_${{ env.VERSION }}_x86_64-unknown-opnsense.pkg
asset_name: defguard-gateway_${{ env.VERSION }}_x86_64-unknown-opnsense.pkg
asset_content_type: application/octet-stream
asset_path: defguard-gateway-${{ env.VERSION }}_x86_64-unknown-opnsense.pkg
asset_content_type: application/x-pkg
overwrite: true
4 changes: 2 additions & 2 deletions .github/workflows/sbom.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,7 @@ jobs:
severity: "CRITICAL,HIGH,MEDIUM,LOW"
scanners: "vuln"

- name: Create docker image security advisory file with Trivy
- name: Create Docker image security advisory file with Trivy
uses: aquasecurity/trivy-action@0.35.0
with:
image-ref: "ghcr.io/defguard/gateway:${{ steps.vars.outputs.VERSION }}"
Expand All @@ -79,5 +79,5 @@ jobs:
with:
upload_url: ${{ inputs.upload_url }}
asset_path: "defguard-*.json"
asset_content_type: application/octet-stream
asset_content_type: application/json
overwrite: true
Loading
Loading