From 35d5bbb6af1500df91f1466490c2d5ec0e768a8e Mon Sep 17 00:00:00 2001 From: Maciek <19913370+wojcik91@users.noreply.github.com> Date: Thu, 28 May 2026 12:41:30 +0200 Subject: [PATCH] chore: bump version to 2.1.0 (#309) * chore: prepare 2.0.1 release (#296) * update flake inputs * update dependencies * bump version * update branch references in CI * update core dependencies * pin GH actions to specific hashes * fix pnpm lockfile format (#297) * pin pnpm version in dockerfile * regenerate lockfile with pnpm v10 * update openssl crate (#302) * update nix flake * update openssl * fix proxy warning page (#301) (#304) Narrows down the "core disconnected" gating mechanism to API routes only. This way the static site can be loaded by the browser and then display the warning message. Co-authored-by: Jacek Chmielewski * Build debs for debian 12/ubuntu 22.04 (#305) * bump version --------- Co-authored-by: Jacek Chmielewski Co-authored-by: Kuba <78603704+jakub-tldr@users.noreply.github.com> --- .github/workflows/build-docker.yml | 16 +- .github/workflows/current.yml | 2 +- .github/workflows/lint-web.yml | 10 +- .github/workflows/publish-docker-latest.yml | 6 +- .github/workflows/release.yml | 153 +++++++++++++++++--- .github/workflows/sbom.yml | 12 +- .github/workflows/test.yml | 12 +- .github/workflows/update-repositories.yml | 2 +- Cargo.lock | 14 +- Cargo.toml | 8 +- Dockerfile | 4 +- flake.lock | 12 +- 12 files changed, 178 insertions(+), 73 deletions(-) diff --git a/.github/workflows/build-docker.yml b/.github/workflows/build-docker.yml index 3f7d7eba..44cd0759 100644 --- a/.github/workflows/build-docker.yml +++ b/.github/workflows/build-docker.yml @@ -39,19 +39,19 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: submodules: recursive - name: Login to GitHub container registry - uses: docker/login-action@v4 + uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v4 + uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4 with: buildkitd-config-inline: | [registry."docker.io"] @@ -61,7 +61,7 @@ jobs: run: echo "SAFE_REF=${GITHUB_REF_NAME//\//-}" >> $GITHUB_ENV - name: Build container - uses: docker/build-push-action@v7 + uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7 with: context: . platforms: linux/${{ matrix.cpu }} @@ -74,7 +74,7 @@ jobs: cache-to: type=registry,mode=max,ref=${{ env.GHCR_REPO }}:cache-${{ matrix.tag }}-${{ env.SAFE_REF }} - name: Scan image with Trivy - uses: aquasecurity/trivy-action@v0.36.0 + uses: aquasecurity/trivy-action@ed142fd0673e97e23eac54620cfb913e5ce36c25 # v0.36.0 env: TRIVY_SHOW_SUPPRESSED: 1 TRIVY_IGNOREFILE: "./.trivyignore.yaml" @@ -98,11 +98,11 @@ jobs: steps: - name: Install Cosign - uses: sigstore/cosign-installer@v4.1.0 + uses: sigstore/cosign-installer@cad07c2e89fa2edd6e2d7bab4c1aa38e53f76003 # v4.1.1 - name: Docker meta id: meta - uses: docker/metadata-action@v6 + uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6 with: images: | ${{ env.GHCR_REPO }} @@ -110,7 +110,7 @@ jobs: tags: ${{ inputs.tags }} - name: Login to GitHub container registry - uses: docker/login-action@v4 + uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4 with: registry: ghcr.io username: ${{ github.actor }} diff --git a/.github/workflows/current.yml b/.github/workflows/current.yml index 1587da18..1bf35ccb 100644 --- a/.github/workflows/current.yml +++ b/.github/workflows/current.yml @@ -2,9 +2,9 @@ name: Build current image on: push: branches: - - main - dev - 'release/**' + - 'stable/**' paths-ignore: - "*.md" - "LICENSE" diff --git a/.github/workflows/lint-web.yml b/.github/workflows/lint-web.yml index f4812458..4db9b2ea 100644 --- a/.github/workflows/lint-web.yml +++ b/.github/workflows/lint-web.yml @@ -3,17 +3,17 @@ name: Lint frontend on: push: branches: - - main - dev - "release/**" + - "stable/**" paths-ignore: - "*.md" - "LICENSE" pull_request: branches: - - main - dev - "release/**" + - "stable/**" paths-ignore: - "*.md" - "LICENSE" @@ -25,17 +25,17 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: submodules: recursive - name: Install NodeJS - uses: actions/setup-node@v6 + uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6 with: node-version: 25 - name: Install pnpm - uses: pnpm/action-setup@v6 + uses: pnpm/action-setup@0e279bb959325dab635dd2c09392533439d90093 # v6 with: cache: true version: 10 diff --git a/.github/workflows/publish-docker-latest.yml b/.github/workflows/publish-docker-latest.yml index b3f788a3..e05ff9ae 100644 --- a/.github/workflows/publish-docker-latest.yml +++ b/.github/workflows/publish-docker-latest.yml @@ -19,17 +19,17 @@ jobs: steps: - name: Install Cosign - uses: sigstore/cosign-installer@v4.1.1 + uses: sigstore/cosign-installer@cad07c2e89fa2edd6e2d7bab4c1aa38e53f76003 # v4.1.1 - name: Login to GitHub container registry - uses: docker/login-action@v4 + uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v4 + uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4 - name: Derive semver tag run: | diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 287d1dcc..fa80481f 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -8,11 +8,7 @@ concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true -env: - SQLX_OFFLINE: "1" - # sccache - SCCACHE_GHA_ENABLED: "true" - RUSTC_WRAPPER: "sccache" + jobs: build-docker-release: @@ -24,6 +20,7 @@ jobs: tags: | type=semver,pattern={{version}} type=semver,pattern={{major}}.{{minor}} + type=semver,pattern={{major}} type=sha # Explicitly disable latest tag. It will be added otherwise. flavor: | @@ -51,7 +48,7 @@ jobs: steps: - name: Create GitHub release id: release - uses: shogo82148/actions-create-release@v1 + uses: shogo82148/actions-create-release@6a396031bc74c57403da1018fec74d24c6aa03cd # v1 with: draft: true generate_release_notes: true @@ -71,6 +68,11 @@ jobs: - self-hosted - Linux - X64 + env: + SQLX_OFFLINE: "1" + # sccache + SCCACHE_GHA_ENABLED: "true" + RUSTC_WRAPPER: "sccache" steps: # Store the version, stripping any v-prefix - name: Write release version @@ -80,17 +82,17 @@ jobs: echo "VERSION=$VERSION" >> $GITHUB_ENV - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: submodules: recursive - name: Install NodeJS - uses: actions/setup-node@v6 + uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6 with: node-version: 25 - name: Install pnpm - uses: pnpm/action-setup@v6 + uses: pnpm/action-setup@0e279bb959325dab635dd2c09392533439d90093 # v6 with: cache: true version: 10 @@ -102,12 +104,12 @@ jobs: pnpm build - name: Install Rust stable - uses: dtolnay/rust-toolchain@stable + uses: dtolnay/rust-toolchain@29eef336d9b2848a0b548edc03f92a220660cdb8 # stable with: targets: "aarch64-unknown-linux-gnu" - name: Run sccache-cache - uses: mozilla-actions/sccache-action@v0.0.9 + uses: mozilla-actions/sccache-action@7d986dd989559c6ecdb630a3fd2557667be217ad # v0.0.9 - name: Build Linux x86_64 binary run: | @@ -135,7 +137,7 @@ jobs: defguard-proxy-${{ env.VERSION }}-x86_64-unknown-freebsd - name: Build x86_64 DEB package - uses: defGuard/fpm-action@main + uses: defGuard/fpm-action@ebb2575fbb892876fbdd326bb6d12524fbd7398c # main with: fpm_args: "defguard-proxy-${{ env.VERSION }}-x86_64-unknown-linux-gnu=/usr/bin/defguard-proxy @@ -152,7 +154,7 @@ jobs: --after-remove linux/postrm" - name: Build aarch64 DEB package - uses: defGuard/fpm-action@main + uses: defGuard/fpm-action@ebb2575fbb892876fbdd326bb6d12524fbd7398c # main with: fpm_args: "defguard-proxy-${{ env.VERSION }}-aarch64-unknown-linux-gnu=/usr/bin/defguard-proxy @@ -169,7 +171,7 @@ jobs: --after-remove linux/postrm" - name: Build x86_64 RPM package - uses: defGuard/fpm-action@main + uses: defGuard/fpm-action@ebb2575fbb892876fbdd326bb6d12524fbd7398c # main with: fpm_args: "defguard-proxy-${{ env.VERSION }}-x86_64-unknown-linux-gnu=/usr/bin/defguard-proxy @@ -186,7 +188,7 @@ jobs: --after-remove linux/postrm" - name: Build aarch64 RPM package - uses: defGuard/fpm-action@main + uses: defGuard/fpm-action@ebb2575fbb892876fbdd326bb6d12524fbd7398c # main with: fpm_args: "defguard-proxy-${{ env.VERSION }}-aarch64-unknown-linux-gnu=/usr/bin/defguard-proxy @@ -203,7 +205,7 @@ jobs: --after-remove linux/postrm" - name: Build FreeBSD package - uses: defGuard/fpm-action@main + uses: defGuard/fpm-action@ebb2575fbb892876fbdd326bb6d12524fbd7398c # main with: fpm_args: "defguard-proxy-${{ env.VERSION }}-x86_64-unknown-freebsd=/usr/local/bin/defguard-proxy @@ -218,7 +220,7 @@ jobs: --depends openssl" - name: Upload Linux x86_64 archive - uses: shogo82148/actions-upload-release-asset@v1 + uses: shogo82148/actions-upload-release-asset@ee2ae851dc5d938b90075b3ef12c540abfd1ee72 # v1 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: @@ -228,7 +230,7 @@ jobs: overwrite: true - name: Upload Linux aarch64 archive - uses: shogo82148/actions-upload-release-asset@v1 + uses: shogo82148/actions-upload-release-asset@ee2ae851dc5d938b90075b3ef12c540abfd1ee72 # v1 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: @@ -238,7 +240,7 @@ jobs: overwrite: true - name: Upload FreeBSD x86_64 archive - uses: shogo82148/actions-upload-release-asset@v1 + uses: shogo82148/actions-upload-release-asset@ee2ae851dc5d938b90075b3ef12c540abfd1ee72 # v1 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: @@ -248,7 +250,7 @@ jobs: overwrite: true - name: Upload Linux x86_64 DEB - uses: shogo82148/actions-upload-release-asset@v1 + uses: shogo82148/actions-upload-release-asset@ee2ae851dc5d938b90075b3ef12c540abfd1ee72 # v1 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: @@ -258,7 +260,7 @@ jobs: overwrite: true - name: Upload Linux aarch64 DEB - uses: shogo82148/actions-upload-release-asset@v1 + uses: shogo82148/actions-upload-release-asset@ee2ae851dc5d938b90075b3ef12c540abfd1ee72 # v1 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: @@ -268,7 +270,7 @@ jobs: overwrite: true - name: Upload Linux x86_64 RPM - uses: shogo82148/actions-upload-release-asset@v1 + uses: shogo82148/actions-upload-release-asset@ee2ae851dc5d938b90075b3ef12c540abfd1ee72 # v1 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: @@ -278,7 +280,7 @@ jobs: overwrite: true - name: Upload Linux aarch64 RPM - uses: shogo82148/actions-upload-release-asset@v1 + uses: shogo82148/actions-upload-release-asset@ee2ae851dc5d938b90075b3ef12c540abfd1ee72 # v1 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: @@ -288,7 +290,7 @@ jobs: overwrite: true - name: Upload FreeBSD package - uses: shogo82148/actions-upload-release-asset@v1 + uses: shogo82148/actions-upload-release-asset@ee2ae851dc5d938b90075b3ef12c540abfd1ee72 # v1 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: @@ -296,3 +298,106 @@ jobs: asset_path: defguard-proxy-${{ env.VERSION }}_x86_64-unknown-freebsd.pkg asset_content_type: application/x-pkg overwrite: true + + ubuntu-22-04-build: + needs: + - create-release + runs-on: + - self-hosted + - Linux + - ${{ matrix.architecture }} + strategy: + fail-fast: false + matrix: + architecture: [ARM64, X64] + include: + - architecture: ARM64 + deb_arch: arm64 + rust_target: aarch64-unknown-linux-gnu + - architecture: X64 + deb_arch: amd64 + rust_target: x86_64-unknown-linux-gnu + container: + image: ubuntu:22.04 + env: + DEBIAN_FRONTEND: noninteractive + HOME: /root + RUSTUP_HOME: /root/.rustup + CARGO_HOME: /root/.cargo + + steps: + - name: Install git + run: | + apt-get update + apt-get install -y git curl ca-certificates libatomic1 + git config --global --add safe.directory '*' + + - name: Checkout + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + with: + submodules: recursive + + - name: Write release version + run: | + VERSION=${GITHUB_REF_NAME#v} + echo Version: $VERSION + echo "VERSION=$VERSION" >> $GITHUB_ENV + + - name: Install NodeJS + uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6 + with: + node-version: 26 + + - name: Install pnpm + uses: pnpm/action-setup@0e279bb959325dab635dd2c09392533439d90093 # v6 + with: + version: 11 + + # Change to '--frozen-lockfile' once this gets fixed: + # https://github.com/pnpm/action-setup/issues/40 + - name: Build frontend + working-directory: web + run: | + pnpm install --ignore-scripts --no-frozen-lockfile + pnpm build + + - name: Install Rust stable + uses: dtolnay/rust-toolchain@29eef336d9b2848a0b548edc03f92a220660cdb8 # stable + + - name: Install build dependencies + run: | + apt-get install -y \ + build-essential pkg-config \ + libssl-dev \ + protobuf-compiler libprotobuf-dev \ + ruby ruby-dev rubygems rpm + gem install fpm --no-document + + - name: Build binary + run: | + cargo build --locked --release --target ${{ matrix.rust_target }} + + - name: Build DEB package (ubuntu-22-04-lts) + run: | + fpm \ + --output-type deb \ + --version "${{ env.VERSION }}" \ + --architecture ${{ matrix.deb_arch }} \ + --package defguard-proxy-${{ env.VERSION }}-${{ matrix.deb_arch }}_ubuntu-22-04-lts.deb \ + --before-install linux/preinst \ + --after-install linux/postinst \ + --before-remove linux/prerm \ + --after-remove linux/postrm \ + "target/${{ matrix.rust_target }}/release/defguard-proxy=/usr/bin/defguard-proxy" \ + "linux/defguard-proxy.service=/usr/lib/systemd/system/defguard-proxy.service" \ + "example-config.toml=/etc/defguard/proxy.toml" + + - name: Upload ubuntu-22-04-lts DEB + uses: shogo82148/actions-upload-release-asset@ee2ae851dc5d938b90075b3ef12c540abfd1ee72 # v1 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + with: + upload_url: ${{ needs.create-release.outputs.upload_url }} + asset_path: defguard-proxy-${{ env.VERSION }}-${{ matrix.deb_arch }}_ubuntu-22-04-lts.deb + asset_content_type: application/gzip + overwrite: true diff --git a/.github/workflows/sbom.yml b/.github/workflows/sbom.yml index 9525ad90..061b59a1 100644 --- a/.github/workflows/sbom.yml +++ b/.github/workflows/sbom.yml @@ -27,13 +27,13 @@ jobs: echo "VERSION=$VERSION" >> $GITHUB_OUTPUT - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: ref: ${{ steps.vars.outputs.TAG_NAME }} submodules: recursive - name: Create SBOM with Trivy - uses: aquasecurity/trivy-action@v0.36.0 + uses: aquasecurity/trivy-action@ed142fd0673e97e23eac54620cfb913e5ce36c25 # v0.36.0 env: TRIVY_SHOW_SUPPRESSED: 1 TRIVY_IGNOREFILE: "./.trivyignore.yaml" @@ -46,7 +46,7 @@ jobs: scanners: "vuln" - name: Create Docker image SBOM with Trivy - uses: aquasecurity/trivy-action@v0.36.0 + uses: aquasecurity/trivy-action@ed142fd0673e97e23eac54620cfb913e5ce36c25 # v0.36.0 env: TRIVY_SHOW_SUPPRESSED: 1 TRIVY_IGNOREFILE: "./.trivyignore.yaml" @@ -59,7 +59,7 @@ jobs: scanners: "vuln" - name: Create security advisory file with Trivy - uses: aquasecurity/trivy-action@v0.36.0 + uses: aquasecurity/trivy-action@ed142fd0673e97e23eac54620cfb913e5ce36c25 # v0.36.0 env: TRIVY_SHOW_SUPPRESSED: 1 TRIVY_IGNOREFILE: "./.trivyignore.yaml" @@ -72,7 +72,7 @@ jobs: scanners: "vuln" - name: Create Docker image security advisory file with Trivy - uses: aquasecurity/trivy-action@v0.36.0 + uses: aquasecurity/trivy-action@ed142fd0673e97e23eac54620cfb913e5ce36c25 # v0.36.0 env: TRIVY_SHOW_SUPPRESSED: 1 TRIVY_IGNOREFILE: "./.trivyignore.yaml" @@ -85,7 +85,7 @@ jobs: scanners: "vuln" - name: Upload SBOMs and advisories - uses: shogo82148/actions-upload-release-asset@v1 + uses: shogo82148/actions-upload-release-asset@ee2ae851dc5d938b90075b3ef12c540abfd1ee72 # v1 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 943a4ce9..b69ef32d 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -3,17 +3,17 @@ name: Test backend on: push: branches: - - main - dev - 'release/**' + - 'stable/**' paths-ignore: - "*.md" - "LICENSE" pull_request: branches: - - main - dev - 'release/**' + - 'stable/**' paths-ignore: - "*.md" - "LICENSE" @@ -32,12 +32,12 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: submodules: recursive - name: Scan code with Trivy - uses: aquasecurity/trivy-action@v0.36.0 + uses: aquasecurity/trivy-action@ed142fd0673e97e23eac54620cfb913e5ce36c25 # v0.36.0 env: TRIVY_IGNOREFILE: "./.trivyignore.yaml" TRIVY_SHOW_SUPPRESSED: 1 @@ -50,7 +50,7 @@ jobs: scanners: "vuln" - name: Run sccache-cache - uses: mozilla-actions/sccache-action@v0.0.9 + uses: mozilla-actions/sccache-action@7d986dd989559c6ecdb630a3fd2557667be217ad # v0.0.9 - name: Install protoc run: apt-get update && apt-get -y install protobuf-compiler @@ -66,7 +66,7 @@ jobs: cargo clippy --all-targets --all-features -- -D warnings - name: Install cargo extensions - uses: taiki-e/install-action@v2 + uses: taiki-e/install-action@3235f8901fd37ffed0052b276cec25a362fb82e9 # v2 with: tool: cargo-deny diff --git a/.github/workflows/update-repositories.yml b/.github/workflows/update-repositories.yml index 44e9951a..685eba38 100644 --- a/.github/workflows/update-repositories.yml +++ b/.github/workflows/update-repositories.yml @@ -12,7 +12,7 @@ jobs: - X64 steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Install gh cli run: | diff --git a/Cargo.lock b/Cargo.lock index 4870f2cd..76aadf77 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -915,7 +915,7 @@ checksum = "a4ae5f15dda3c708c0ade84bfee31ccab44a3da4f88015ed22f63732abe300c8" [[package]] name = "defguard-proxy" -version = "2.0.0" +version = "2.1.0" dependencies = [ "ammonia", "anyhow", @@ -962,7 +962,7 @@ dependencies = [ [[package]] name = "defguard_certs" version = "0.0.0" -source = "git+https://github.com/DefGuard/defguard.git?rev=dc0b70e69335c4be98d5b17615003922c9464994#dc0b70e69335c4be98d5b17615003922c9464994" +source = "git+https://github.com/DefGuard/defguard.git?rev=b6e69565394662eb0b81199eb9efba3aea43b414#b6e69565394662eb0b81199eb9efba3aea43b414" dependencies = [ "base64 0.22.1", "chrono", @@ -975,8 +975,8 @@ dependencies = [ [[package]] name = "defguard_common" -version = "2.0.0" -source = "git+https://github.com/DefGuard/defguard.git?rev=dc0b70e69335c4be98d5b17615003922c9464994#dc0b70e69335c4be98d5b17615003922c9464994" +version = "2.0.1" +source = "git+https://github.com/DefGuard/defguard.git?rev=b6e69565394662eb0b81199eb9efba3aea43b414#b6e69565394662eb0b81199eb9efba3aea43b414" dependencies = [ "anyhow", "argon2", @@ -1017,7 +1017,7 @@ dependencies = [ [[package]] name = "defguard_grpc_tls" version = "0.0.0" -source = "git+https://github.com/DefGuard/defguard.git?rev=dc0b70e69335c4be98d5b17615003922c9464994#dc0b70e69335c4be98d5b17615003922c9464994" +source = "git+https://github.com/DefGuard/defguard.git?rev=b6e69565394662eb0b81199eb9efba3aea43b414#b6e69565394662eb0b81199eb9efba3aea43b414" dependencies = [ "defguard_common", "http", @@ -1034,7 +1034,7 @@ dependencies = [ [[package]] name = "defguard_version" version = "0.0.0" -source = "git+https://github.com/DefGuard/defguard.git?rev=dc0b70e69335c4be98d5b17615003922c9464994#dc0b70e69335c4be98d5b17615003922c9464994" +source = "git+https://github.com/DefGuard/defguard.git?rev=b6e69565394662eb0b81199eb9efba3aea43b414#b6e69565394662eb0b81199eb9efba3aea43b414" dependencies = [ "axum", "http", @@ -2514,7 +2514,7 @@ dependencies = [ [[package]] name = "model_derive" version = "0.0.0" -source = "git+https://github.com/DefGuard/defguard.git?rev=dc0b70e69335c4be98d5b17615003922c9464994#dc0b70e69335c4be98d5b17615003922c9464994" +source = "git+https://github.com/DefGuard/defguard.git?rev=b6e69565394662eb0b81199eb9efba3aea43b414#b6e69565394662eb0b81199eb9efba3aea43b414" dependencies = [ "quote", "syn", diff --git a/Cargo.toml b/Cargo.toml index 069ecf5e..531769ca 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,15 +1,15 @@ [package] name = "defguard-proxy" -version = "2.0.0" +version = "2.1.0" edition = "2024" license = "Apache-2.0" homepage = "https://github.com/DefGuard/proxy" repository = "https://github.com/DefGuard/proxy" [dependencies] -defguard_certs = { git = "https://github.com/DefGuard/defguard.git", rev = "dc0b70e69335c4be98d5b17615003922c9464994" } -defguard_grpc_tls = { git = "https://github.com/DefGuard/defguard.git", rev = "dc0b70e69335c4be98d5b17615003922c9464994" } -defguard_version = { git = "https://github.com/DefGuard/defguard.git", rev = "dc0b70e69335c4be98d5b17615003922c9464994" } +defguard_certs = { git = "https://github.com/DefGuard/defguard.git", rev = "b6e69565394662eb0b81199eb9efba3aea43b414" } +defguard_grpc_tls = { git = "https://github.com/DefGuard/defguard.git", rev = "b6e69565394662eb0b81199eb9efba3aea43b414" } +defguard_version = { git = "https://github.com/DefGuard/defguard.git", rev = "b6e69565394662eb0b81199eb9efba3aea43b414" } rustls-webpki = { version = "0.103", features = ["aws-lc-rs", "std"] } rustls-pki-types = "1" # base `axum` deps diff --git a/Dockerfile b/Dockerfile index f6e23653..fb93c31c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -2,8 +2,8 @@ FROM node:24-alpine AS web WORKDIR /app COPY web/package.json web/pnpm-lock.yaml ./ -RUN npm i -g pnpm -RUN pnpm install --ignore-scripts --no-frozen-lockfile +RUN npm i -g pnpm@10 +RUN pnpm install --ignore-scripts --frozen-lockfile COPY web/ . RUN pnpm build diff --git a/flake.lock b/flake.lock index 979f95d8..a8a3f7c1 100644 --- a/flake.lock +++ b/flake.lock @@ -20,11 +20,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1778443072, - "narHash": "sha256-zi7/fsqM/kFdNuED//4WOCUtezGtKKqRNORjMvfwjnA=", + "lastModified": 1778869304, + "narHash": "sha256-30sZNZoA1cqF5JNO9fVX+wgiQYjB7HJqqJ4ztCDeBZE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "da5ad661ba4e5ef59ba743f0d112cbc30e474f32", + "rev": "d233902339c02a9c334e7e593de68855ad26c4cb", "type": "github" }, "original": { @@ -48,11 +48,11 @@ ] }, "locked": { - "lastModified": 1778728594, - "narHash": "sha256-+gIOsOzqWNfn+ThCXBQGcLHVEnaGQW59XjghE9JUIYk=", + "lastModified": 1779247103, + "narHash": "sha256-DwltBoBl9a7fCzlKi3xnNha1NHbfvawwkNdnTXEyfFQ=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "83a17ebffcfacb17b49e1b5e9dc15eed07936648", + "rev": "86dbfb70dc1c2967245d87ed6d07d2c8bda305e3", "type": "github" }, "original": {