Skip to content

chore: prepare 2.0.1 release #296

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
wojcik91 merged 6 commits into from
May 14, 2026
Merged

chore: prepare 2.0.1 release #296

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
cf7894c
update flake inputs
wojcik91 May 14, 2026
f5d2333
update dependencies
wojcik91 May 14, 2026
608669f
bump version
wojcik91 May 14, 2026
49bcdee
update branch references in CI
wojcik91 May 14, 2026
6b2a9c3
update core dependencies
wojcik91 May 14, 2026
9d202ee
pin GH actions to specific hashes
wojcik91 May 14, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 8 additions & 8 deletions .github/workflows/build-docker.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,19 +39,19 @@ jobs:

steps:
- name: Checkout
uses: actions/checkout@v6
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
submodules: recursive

- name: Login to GitHub container registry
uses: docker/login-action@v4
uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v4
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4
with:
buildkitd-config-inline: |
[registry."docker.io"]
Expand All @@ -61,7 +61,7 @@ jobs:
run: echo "SAFE_REF=${GITHUB_REF_NAME//\//-}" >> $GITHUB_ENV

- name: Build container
uses: docker/build-push-action@v7
uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7
with:
context: .
platforms: linux/${{ matrix.cpu }}
Expand All @@ -74,7 +74,7 @@ jobs:
cache-to: type=registry,mode=max,ref=${{ env.GHCR_REPO }}:cache-${{ matrix.tag }}-${{ env.SAFE_REF }}

- name: Scan image with Trivy
uses: aquasecurity/trivy-action@v0.36.0
uses: aquasecurity/trivy-action@ed142fd0673e97e23eac54620cfb913e5ce36c25 # v0.36.0
env:
TRIVY_SHOW_SUPPRESSED: 1
TRIVY_IGNOREFILE: "./.trivyignore.yaml"
Expand All @@ -98,19 +98,19 @@ jobs:

steps:
- name: Install Cosign
uses: sigstore/cosign-installer@v4.1.0
uses: sigstore/cosign-installer@cad07c2e89fa2edd6e2d7bab4c1aa38e53f76003 # v4.1.1

- name: Docker meta
id: meta
uses: docker/metadata-action@v6
uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6
with:
images: |
${{ env.GHCR_REPO }}
flavor: ${{ inputs.flavor }}
tags: ${{ inputs.tags }}

- name: Login to GitHub container registry
uses: docker/login-action@v4
uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4
with:
registry: ghcr.io
username: ${{ github.actor }}
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/current.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,9 @@ name: Build current image
on:
push:
branches:
- main
- dev
- 'release/**'
- 'stable/**'
paths-ignore:
- "*.md"
- "LICENSE"
Expand Down
10 changes: 5 additions & 5 deletions .github/workflows/lint-web.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,17 +3,17 @@ name: Lint frontend
on:
push:
branches:
- main
- dev
- "release/**"
- "stable/**"
paths-ignore:
- "*.md"
- "LICENSE"
pull_request:
branches:
- main
- dev
- "release/**"
- "stable/**"
paths-ignore:
- "*.md"
- "LICENSE"
Expand All @@ -25,17 +25,17 @@ jobs:

steps:
- name: Checkout
uses: actions/checkout@v6
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
submodules: recursive

- name: Install NodeJS
uses: actions/setup-node@v6
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
with:
node-version: 25

- name: Install pnpm
uses: pnpm/action-setup@v6
uses: pnpm/action-setup@0e279bb959325dab635dd2c09392533439d90093 # v6
with:
cache: true
version: 10
Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/publish-docker-latest.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,17 +19,17 @@ jobs:

steps:
- name: Install Cosign
uses: sigstore/cosign-installer@v4.1.1
uses: sigstore/cosign-installer@cad07c2e89fa2edd6e2d7bab4c1aa38e53f76003 # v4.1.1

- name: Login to GitHub container registry
uses: docker/login-action@v4
uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v4
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4

- name: Derive semver tag
run: |
Expand Down
39 changes: 20 additions & 19 deletions .github/workflows/release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@ jobs:
tags: |
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=semver,pattern={{major}}
type=sha
# Explicitly disable latest tag. It will be added otherwise.
flavor: |
Expand Down Expand Up @@ -51,7 +52,7 @@ jobs:
steps:
- name: Create GitHub release
id: release
uses: shogo82148/actions-create-release@v1
uses: shogo82148/actions-create-release@6a396031bc74c57403da1018fec74d24c6aa03cd # v1
with:
draft: true
generate_release_notes: true
Expand Down Expand Up @@ -80,17 +81,17 @@ jobs:
echo "VERSION=$VERSION" >> $GITHUB_ENV

- name: Checkout
uses: actions/checkout@v6
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
submodules: recursive

- name: Install NodeJS
uses: actions/setup-node@v6
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
with:
node-version: 25

- name: Install pnpm
uses: pnpm/action-setup@v6
uses: pnpm/action-setup@0e279bb959325dab635dd2c09392533439d90093 # v6
with:
cache: true
version: 10
Expand All @@ -102,12 +103,12 @@ jobs:
pnpm build

- name: Install Rust stable
uses: dtolnay/rust-toolchain@stable
uses: dtolnay/rust-toolchain@29eef336d9b2848a0b548edc03f92a220660cdb8 # stable
with:
targets: "aarch64-unknown-linux-gnu"

- name: Run sccache-cache
uses: mozilla-actions/sccache-action@v0.0.9
uses: mozilla-actions/sccache-action@7d986dd989559c6ecdb630a3fd2557667be217ad # v0.0.9

- name: Build Linux x86_64 binary
run: |
Expand Down Expand Up @@ -135,7 +136,7 @@ jobs:
defguard-proxy-${{ env.VERSION }}-x86_64-unknown-freebsd

- name: Build x86_64 DEB package
uses: defGuard/fpm-action@main
uses: defGuard/fpm-action@ebb2575fbb892876fbdd326bb6d12524fbd7398c # main
with:
fpm_args:
"defguard-proxy-${{ env.VERSION }}-x86_64-unknown-linux-gnu=/usr/bin/defguard-proxy
Expand All @@ -152,7 +153,7 @@ jobs:
--after-remove linux/postrm"

- name: Build aarch64 DEB package
uses: defGuard/fpm-action@main
uses: defGuard/fpm-action@ebb2575fbb892876fbdd326bb6d12524fbd7398c # main
with:
fpm_args:
"defguard-proxy-${{ env.VERSION }}-aarch64-unknown-linux-gnu=/usr/bin/defguard-proxy
Expand All @@ -169,7 +170,7 @@ jobs:
--after-remove linux/postrm"

- name: Build x86_64 RPM package
uses: defGuard/fpm-action@main
uses: defGuard/fpm-action@ebb2575fbb892876fbdd326bb6d12524fbd7398c # main
with:
fpm_args:
"defguard-proxy-${{ env.VERSION }}-x86_64-unknown-linux-gnu=/usr/bin/defguard-proxy
Expand All @@ -186,7 +187,7 @@ jobs:
--after-remove linux/postrm"

- name: Build aarch64 RPM package
uses: defGuard/fpm-action@main
uses: defGuard/fpm-action@ebb2575fbb892876fbdd326bb6d12524fbd7398c # main
with:
fpm_args:
"defguard-proxy-${{ env.VERSION }}-aarch64-unknown-linux-gnu=/usr/bin/defguard-proxy
Expand All @@ -203,7 +204,7 @@ jobs:
--after-remove linux/postrm"

- name: Build FreeBSD package
uses: defGuard/fpm-action@main
uses: defGuard/fpm-action@ebb2575fbb892876fbdd326bb6d12524fbd7398c # main
with:
fpm_args:
"defguard-proxy-${{ env.VERSION }}-x86_64-unknown-freebsd=/usr/local/bin/defguard-proxy
Expand All @@ -218,7 +219,7 @@ jobs:
--depends openssl"

- name: Upload Linux x86_64 archive
uses: shogo82148/actions-upload-release-asset@v1
uses: shogo82148/actions-upload-release-asset@ee2ae851dc5d938b90075b3ef12c540abfd1ee72 # v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
Expand All @@ -228,7 +229,7 @@ jobs:
overwrite: true

- name: Upload Linux aarch64 archive
uses: shogo82148/actions-upload-release-asset@v1
uses: shogo82148/actions-upload-release-asset@ee2ae851dc5d938b90075b3ef12c540abfd1ee72 # v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
Expand All @@ -238,7 +239,7 @@ jobs:
overwrite: true

- name: Upload FreeBSD x86_64 archive
uses: shogo82148/actions-upload-release-asset@v1
uses: shogo82148/actions-upload-release-asset@ee2ae851dc5d938b90075b3ef12c540abfd1ee72 # v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
Expand All @@ -248,7 +249,7 @@ jobs:
overwrite: true

- name: Upload Linux x86_64 DEB
uses: shogo82148/actions-upload-release-asset@v1
uses: shogo82148/actions-upload-release-asset@ee2ae851dc5d938b90075b3ef12c540abfd1ee72 # v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
Expand All @@ -258,7 +259,7 @@ jobs:
overwrite: true

- name: Upload Linux aarch64 DEB
uses: shogo82148/actions-upload-release-asset@v1
uses: shogo82148/actions-upload-release-asset@ee2ae851dc5d938b90075b3ef12c540abfd1ee72 # v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
Expand All @@ -268,7 +269,7 @@ jobs:
overwrite: true

- name: Upload Linux x86_64 RPM
uses: shogo82148/actions-upload-release-asset@v1
uses: shogo82148/actions-upload-release-asset@ee2ae851dc5d938b90075b3ef12c540abfd1ee72 # v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
Expand All @@ -278,7 +279,7 @@ jobs:
overwrite: true

- name: Upload Linux aarch64 RPM
uses: shogo82148/actions-upload-release-asset@v1
uses: shogo82148/actions-upload-release-asset@ee2ae851dc5d938b90075b3ef12c540abfd1ee72 # v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
Expand All @@ -288,7 +289,7 @@ jobs:
overwrite: true

- name: Upload FreeBSD package
uses: shogo82148/actions-upload-release-asset@v1
uses: shogo82148/actions-upload-release-asset@ee2ae851dc5d938b90075b3ef12c540abfd1ee72 # v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
Expand Down
12 changes: 6 additions & 6 deletions .github/workflows/sbom.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,13 +27,13 @@ jobs:
echo "VERSION=$VERSION" >> $GITHUB_OUTPUT

- name: Checkout
uses: actions/checkout@v6
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
ref: ${{ steps.vars.outputs.TAG_NAME }}
submodules: recursive

- name: Create SBOM with Trivy
uses: aquasecurity/trivy-action@v0.36.0
uses: aquasecurity/trivy-action@ed142fd0673e97e23eac54620cfb913e5ce36c25 # v0.36.0
env:
TRIVY_SHOW_SUPPRESSED: 1
TRIVY_IGNOREFILE: "./.trivyignore.yaml"
Expand All @@ -46,7 +46,7 @@ jobs:
scanners: "vuln"

- name: Create Docker image SBOM with Trivy
uses: aquasecurity/trivy-action@v0.36.0
uses: aquasecurity/trivy-action@ed142fd0673e97e23eac54620cfb913e5ce36c25 # v0.36.0
env:
TRIVY_SHOW_SUPPRESSED: 1
TRIVY_IGNOREFILE: "./.trivyignore.yaml"
Expand All @@ -59,7 +59,7 @@ jobs:
scanners: "vuln"

- name: Create security advisory file with Trivy
uses: aquasecurity/trivy-action@v0.36.0
uses: aquasecurity/trivy-action@ed142fd0673e97e23eac54620cfb913e5ce36c25 # v0.36.0
env:
TRIVY_SHOW_SUPPRESSED: 1
TRIVY_IGNOREFILE: "./.trivyignore.yaml"
Expand All @@ -72,7 +72,7 @@ jobs:
scanners: "vuln"

- name: Create Docker image security advisory file with Trivy
uses: aquasecurity/trivy-action@v0.36.0
uses: aquasecurity/trivy-action@ed142fd0673e97e23eac54620cfb913e5ce36c25 # v0.36.0
env:
TRIVY_SHOW_SUPPRESSED: 1
TRIVY_IGNOREFILE: "./.trivyignore.yaml"
Expand All @@ -85,7 +85,7 @@ jobs:
scanners: "vuln"

- name: Upload SBOMs and advisories
uses: shogo82148/actions-upload-release-asset@v1
uses: shogo82148/actions-upload-release-asset@ee2ae851dc5d938b90075b3ef12c540abfd1ee72 # v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
Expand Down
Loading
Loading