61bf05454e
Nouveaux workflows GitHub Actions: - .github/workflows/build-deb.yml : Build et release DEB sur Ubuntu - .github/workflows/build-rpm.yml : Build et release RPM sur Fedora - Déclenchement sur tags v*, push main/master, workflow_dispatch - Upload des artifacts et création automatique de release Système de build de packages: - packaging/build-deb.sh : Script de build .deb avec sanitization version - packaging/build-rpm.sh : Script de build .rpm (via Docker) - packaging/Dockerfile.deb : Container Ubuntu 22.04 pour build DEB - packaging/Dockerfile.rpm : Container Go 1.24 + rpm pour build RPM Fichiers de configuration systemd: - packaging/systemd/ja4sentinel.service : Unit avec security hardening * NoNewPrivileges, ProtectSystem, ProtectHome * CAP_NET_RAW, CAP_NET_ADMIN pour packet capture - packaging/systemd/config.yml : Configuration par défaut Scripts mainteneur DEB: - packaging/deb/postinst : Création user/group, dirs, config - packaging/deb/prerm : Stop service avant upgrade/remove - packaging/deb/postrm : Cleanup complet en purge Spec file RPM: - packaging/rpm/ja4sentinel.spec : Spec complet avec dependencies * Requires: systemd, libpcap * %pre/%post/%preun/%postun scripts Tests d'installation dans containers: - packaging/test/test-deb.sh : Build + test Docker Ubuntu - packaging/test/test-rpm.sh : Build + test Docker Fedora - packaging/test/test-install-deb.sh : 11 tests automatisés - packaging/test/test-install-rpm.sh : 11 tests automatisés - Dockerfile.deb/rpm : Containers de test dédiés Makefile: - package-deb : Build .deb - package-rpm : Build .rpm via Docker (no-cache) - package : Build les deux - test-package-deb : Build + test installation DEB - test-package-rpm : Build + test installation RPM - test-package : Test les deux packages Tests: - ✅ DEB: 11/11 tests passés (binaire, config, service, user, dirs) - ✅ RPM: Build réussi (3.3 MB) - Version sanitization pour git tags (ex: efd4481-dirty → 0.0.0+efd4481-dirty) Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
131 lines
3.1 KiB
YAML
131 lines
3.1 KiB
YAML
name: Build DEB Package
|
|
|
|
on:
|
|
push:
|
|
tags:
|
|
- 'v*'
|
|
branches:
|
|
- main
|
|
- master
|
|
paths:
|
|
- 'go/**'
|
|
- 'cmd/**'
|
|
- 'internal/**'
|
|
- 'api/**'
|
|
- 'packaging/**'
|
|
- 'Makefile'
|
|
- 'go.mod'
|
|
- 'go.sum'
|
|
pull_request:
|
|
branches:
|
|
- main
|
|
- master
|
|
paths:
|
|
- 'go/**'
|
|
- 'cmd/**'
|
|
- 'internal/**'
|
|
- 'api/**'
|
|
- 'packaging/**'
|
|
- 'Makefile'
|
|
- 'go.mod'
|
|
- 'go.sum'
|
|
workflow_dispatch:
|
|
inputs:
|
|
version:
|
|
description: 'Version to build (e.g., 1.0.0)'
|
|
required: false
|
|
default: '1.0.0-dev'
|
|
|
|
env:
|
|
GO_VERSION: '1.24'
|
|
PACKAGE_NAME: ja4sentinel
|
|
|
|
jobs:
|
|
build-deb:
|
|
name: Build DEB Package
|
|
runs-on: ubuntu-latest
|
|
permissions:
|
|
contents: write
|
|
packages: write
|
|
|
|
steps:
|
|
- name: Checkout code
|
|
uses: actions/checkout@v4
|
|
with:
|
|
fetch-depth: 0
|
|
|
|
- name: Set up Go
|
|
uses: actions/setup-go@v5
|
|
with:
|
|
go-version: ${{ env.GO_VERSION }}
|
|
cache: true
|
|
|
|
- name: Determine version
|
|
id: version
|
|
run: |
|
|
if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then
|
|
VERSION="${{ github.event.inputs.version }}"
|
|
elif [[ "${{ github.ref }}" == refs/tags/v* ]]; then
|
|
VERSION="${{ github.ref_name#v }}"
|
|
else
|
|
VERSION="0.0.0-$(git rev-parse --short HEAD)"
|
|
fi
|
|
echo "version=${VERSION}" >> $GITHUB_OUTPUT
|
|
echo "Building version: ${VERSION}"
|
|
|
|
- name: Install dependencies
|
|
run: |
|
|
sudo apt-get update
|
|
sudo apt-get install -y \
|
|
libpcap-dev \
|
|
dpkg-dev \
|
|
fakeroot \
|
|
lintian
|
|
|
|
- name: Build Go binary
|
|
run: |
|
|
make build-linux
|
|
ls -la dist/
|
|
|
|
- name: Build DEB package
|
|
run: |
|
|
VERSION="${{ steps.version.outputs.version }}"
|
|
./packaging/build-deb.sh "${VERSION}" "amd64"
|
|
|
|
- name: Run lintian checks
|
|
run: |
|
|
lintian build/deb/*.deb --suppress-tags "dir-or-file-in-/usr/share/doc" || true
|
|
|
|
- name: List build artifacts
|
|
run: |
|
|
echo "=== Build Artifacts ==="
|
|
ls -lah build/deb/
|
|
echo "=== Checksums ==="
|
|
cat build/deb/*.sha256 || true
|
|
|
|
- name: Upload DEB artifact
|
|
uses: actions/upload-artifact@v4
|
|
with:
|
|
name: ja4sentinel-deb-amd64
|
|
path: build/deb/*.deb
|
|
retention-days: 30
|
|
|
|
- name: Upload checksum artifact
|
|
uses: actions/upload-artifact@v4
|
|
with:
|
|
name: ja4sentinel-deb-checksums
|
|
path: build/deb/*.sha256
|
|
retention-days: 30
|
|
|
|
- name: Create release and upload assets (on tag)
|
|
if: startsWith(github.ref, 'refs/tags/v')
|
|
uses: softprops/action-gh-release@v2
|
|
with:
|
|
files: |
|
|
build/deb/*.deb
|
|
build/deb/*.sha256
|
|
generate_release_notes: true
|
|
make_latest: true
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|