VulTrack-Agent/.github/workflows/release.yml at 2f7bab22efe118501905efb01571e0ab93b04d60 · RiskIdent/VulTrack-Agent · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
name: Release

on:
  push:
    tags:
      - 'v*'  # Triggers on version tags like v1.0.0

jobs:
  build-and-release:
    name: Build and Release
    runs-on: ubuntu-latest
    permissions:
      contents: write

    steps:
      - name: Checkout code
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd  # v6.0.2
        with:
          fetch-depth: 0  # Fetch all history for git describe
          persist-credentials: false

      - name: Set up Go
        uses: actions/setup-go@40f1582b2485089dde7abd97c1529aa768e1baff  # v5.6.0
        with:
          go-version: '1.21'
          cache: false

      - name: Extract version from tag
        id: version
        run: |
          VERSION=${GITHUB_REF#refs/tags/v}
          echo "version=$VERSION" >> $GITHUB_OUTPUT
          echo "Version: $VERSION"

      - name: Download dependencies
        run: |
          go mod download
          go mod verify

      - name: Build binary
        env:
          VERSION: ${{ steps.version.outputs.version }}
        run: |
          echo "Building for architecture: amd64"

          BUILD_TIME=$(date -u +"%Y-%m-%dT%H:%M:%SZ")
          echo "Build time: ${BUILD_TIME}"
          echo "Version: ${VERSION}"

          GOARCH=amd64 GOOS=linux CGO_ENABLED=0 go build \
            -ldflags "-s -w -X 'main.version=${VERSION}' -X 'main.buildTime=${BUILD_TIME}'" \
            -o vultrack-agent-amd64 \
            ./cmd/vultrack-agent

          ls -lh vultrack-agent-amd64

      - name: Build Debian package
        env:
          VERSION: ${{ steps.version.outputs.version }}
          ARCH: amd64
        run: |
          sudo apt-get update
          sudo apt-get install -y dpkg-dev

          ./build.sh deb

      - name: Generate SHA256 checksums
        env:
          VERSION: ${{ steps.version.outputs.version }}
        run: |
          mkdir -p release-files
          cp vultrack-agent-amd64 release-files/
          cp dist/vultrack-agent_${VERSION}_amd64.deb release-files/

          cd release-files
          sha256sum vultrack-agent-amd64 \
            vultrack-agent_${VERSION}_amd64.deb \
            > SHA256SUMS

          echo "Release files with checksums:"
          ls -lh
          echo ""
          cat SHA256SUMS

      - name: Create Release
        uses: softprops/action-gh-release@a06a81a03ee405af7f2048a818ed3f03bbf83c7b  # v2.5.0
        with:
          files: release-files/*
          tag_name: ${{ github.ref_name }}
          name: Release ${{ steps.version.outputs.version }}
          body: |
            ## VulTrack Agent ${{ steps.version.outputs.version }}

            ### Binary
            - `vultrack-agent-amd64` - Static binary for Linux amd64

            ### Debian Package
            - `vultrack-agent_${{ steps.version.outputs.version }}_amd64.deb` - Debian package for amd64

            ### Checksums
            Verify integrity with `SHA256SUMS` (included in release assets):
            ```bash
            sha256sum -c SHA256SUMS
            ```

            ### Installation

            **Binary:**
            ```bash
            chmod +x vultrack-agent-amd64
            sudo mv vultrack-agent-amd64 /usr/local/bin/vultrack-agent
            ```

            **Debian Package:**
            ```bash
            sudo dpkg -i vultrack-agent_${{ steps.version.outputs.version }}_amd64.deb
            ```
          draft: false
          prerelease: false
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}