chore(deps): Bump clap from 4.5.28 to 4.5.29 #801
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release | |
| on: | |
| push: | |
| tags: | |
| - "v*" | |
| branches: | |
| - main | |
| permissions: | |
| attestations: write | |
| contents: read | |
| id-token: write | |
| jobs: | |
| linux: | |
| if: startsWith(github.ref, 'refs/tags/') && github.event_name == 'push' | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 | |
| with: | |
| egress-policy: block | |
| allowed-endpoints: > | |
| azure.archive.ubuntu.com:80 | |
| crates.io:443 | |
| esm.ubuntu.com:443 | |
| github.com:443 | |
| index.crates.io:443 | |
| motd.ubuntu.com:443 | |
| ppa.launchpadcontent.net:443 | |
| static.crates.io:443 | |
| static.rust-lang.org:443 | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - name: Setup Rust toolchain | |
| run: | | |
| rustup target install x86_64-unknown-linux-musl | |
| sudo apt-get install -y musl musl-dev musl-tools dpkg-dev liblzma-dev | |
| cargo install cargo-deb cargo-auditable cargo-audit | |
| - id: version | |
| run: echo "version=$(cargo metadata --format-version=1 --no-deps | jq '.packages[] | select(.name == "malwaredb") | .version' --raw-output)" >>$GITHUB_OUTPUT | |
| - name: Install dependencies | |
| run: sudo apt-get install -y libmagic-dev | |
| - name: Install GUI dependencies | |
| run: sudo apt-get install -y libxcb-shape0-dev libxcb-xfixes0-dev libx11-dev libxkbcommon-dev libfontconfig-dev libxext-dev libxft-dev libxinerama-dev libxcursor-dev libxrender-dev libxfixes-dev | |
| - name: Build client | |
| run: cargo auditable build --workspace --bin mdb_client --target x86_64-unknown-linux-musl --release | |
| - name: Package client | |
| run: | | |
| cd client | |
| cargo auditable deb --target x86_64-unknown-linux-musl | |
| - name: Build server | |
| run: cargo auditable build --features=admin,admin-gui,sqlite,vt --bin mdb_server --target x86_64-unknown-linux-musl --release | |
| - name: Package server | |
| run: cargo auditable deb --target x86_64-unknown-linux-musl | |
| - run: mv target/x86_64-unknown-linux-musl/release/mdb_server target/x86_64-unknown-linux-musl/release/mdb_server_linux_musl_x86_64 | |
| - name: Upload mdb_server | |
| uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 | |
| with: | |
| name: mdb_server_linux_musl_x86_64 | |
| path: target/x86_64-unknown-linux-musl/release/mdb_server_linux_musl_x86_64 | |
| if-no-files-found: error | |
| retention-days: 5 | |
| - name: Upload mdb_server deb | |
| uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 | |
| with: | |
| name: "malwaredb_${{ steps.version.outputs.version }}-1_amd64.deb" | |
| path: "target/x86_64-unknown-linux-musl/debian/malwaredb_${{ steps.version.outputs.version }}-1_amd64.deb" | |
| if-no-files-found: error | |
| retention-days: 5 | |
| - run: mv target/x86_64-unknown-linux-musl/release/mdb_client target/x86_64-unknown-linux-musl/release/mdb_client_linux_musl_x86_64 | |
| - name: Upload mdb_client | |
| uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 | |
| with: | |
| name: mdb_client_linux_musl_x86_64 | |
| path: target/x86_64-unknown-linux-musl/release/mdb_client_linux_musl_x86_64 | |
| retention-days: 5 | |
| - name: Upload mdb_client deb | |
| uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 | |
| with: | |
| name: "malwaredb-client_${{ steps.version.outputs.version }}-1_amd64.deb" | |
| path: "target/x86_64-unknown-linux-musl/debian/malwaredb-client_${{ steps.version.outputs.version }}-1_amd64.deb" | |
| if-no-files-found: error | |
| retention-days: 5 | |
| # Re-do the SBOM so we can upload in the release | |
| - name: Install cargo-cyclonedx | |
| run: cargo install cargo-cyclonedx | |
| - name: Run cycloneDX and get JSON output | |
| run: cargo cyclonedx --all --all-features --format=json --override-filename sbom | |
| - name: Run cycloneDX and get XML output | |
| run: cargo cyclonedx --all --all-features --format=xml --override-filename sbom | |
| - name: Upload the JSON BOM file | |
| uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 | |
| with: | |
| name: sbom.json | |
| path: sbom.json | |
| if-no-files-found: error | |
| retention-days: 5 | |
| - name: Upload the XML BOM file | |
| uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 | |
| with: | |
| name: sbom.xml | |
| path: sbom.xml | |
| if-no-files-found: error | |
| retention-days: 5 | |
| macos: | |
| if: startsWith(github.ref, 'refs/tags/') && github.event_name == 'push' | |
| runs-on: macos-14 | |
| steps: | |
| - name: Update Rust | |
| run: rustup update | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - name: Install libmagic | |
| run: brew install libmagic | |
| - name: Install Cargo audit & auditable | |
| run: cargo install cargo-auditable cargo-audit | |
| - name: Build client | |
| run: cargo auditable build --workspace --bin mdb_client --release | |
| - name: Build server | |
| run: cargo auditable build --features=admin,admin-gui,sqlite,vt --bin mdb_server --release | |
| env: | |
| LIBRARY_PATH: "/opt/homebrew/lib:/opt/homebrew/opt/libmagic/lib" | |
| - name: Rename and prepare for signing | |
| run: | | |
| mv ./target/release/mdb_server ./target/release/mdb_server_darwin_arm64 | |
| mv ./target/release/mdb_client ./target/release/mdb_client_darwin_arm64 | |
| mkdir -p private_keys/ | |
| echo -n "${{ secrets.CERTIFICATE_P12 }}" | base64 --decode -o private_keys/cert.p12 | |
| - name: Sign server | |
| uses: indygreg/apple-code-sign-action@44d0985b7f4363198e80b6fea63ac3e9dd3e9957 # v1.1 | |
| with: | |
| input_path: ./target/release/mdb_server_darwin_arm64 | |
| p12_file: private_keys/cert.p12 | |
| p12_password: ${{ secrets.CERTIFICATE_PASSWORD }} | |
| sign_args: | | |
| --for-notarization | |
| rcodesign_version: '0.29.0' | |
| - name: Sign client | |
| uses: indygreg/apple-code-sign-action@44d0985b7f4363198e80b6fea63ac3e9dd3e9957 # v1.1 | |
| with: | |
| input_path: ./target/release/mdb_client_darwin_arm64 | |
| p12_file: private_keys/cert.p12 | |
| p12_password: ${{ secrets.CERTIFICATE_PASSWORD }} | |
| sign_args: | | |
| --for-notarization | |
| rcodesign_version: '0.29.0' | |
| - name: Upload mdb_server | |
| uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 | |
| with: | |
| name: mdb_server_darwin_arm64 | |
| path: target/release/mdb_server_darwin_arm64 | |
| if-no-files-found: error | |
| retention-days: 5 | |
| - name: Upload mdb_client | |
| uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 | |
| with: | |
| name: mdb_client_darwin_arm64 | |
| path: target/release/mdb_client_darwin_arm64 | |
| if-no-files-found: error | |
| retention-days: 5 | |
| - name: Cleanup | |
| run: | | |
| echo 000000000000 > private_keys/cert.p12 | |
| rm -rf private_keys/ | |
| windows: | |
| if: startsWith(github.ref, 'refs/tags/') && github.event_name == 'push' | |
| runs-on: windows-latest | |
| env: | |
| VCPKG_LIBRARY_LINKAGE: static | |
| steps: | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - uses: dtolnay/rust-toolchain@d0e72ca3bfdc51937a4f81431ccbed269ef9f2a2 # stable | |
| - uses: ChristopheLav/windows-sdk-install@88d72875fb873886ea398ed04041446da6f26f86 # v1.0.3 | |
| with: | |
| version-sdk: 22621 | |
| features: 'OptionId.DesktopCPPx64,OptionId.DesktopCPParm64' | |
| - run: | | |
| rustup update | |
| rustup target install aarch64-pc-windows-msvc | |
| # We have to update vcpkg because the version installed on the GitHub Actions runners is too old, and | |
| # we need to deal with https://github.com/microsoft/vcpkg/issues/43565, which was fixed in | |
| # https://github.com/microsoft/vcpkg/pull/43635, https://github.com/microsoft/vcpkg/commit/a0f974c | |
| # However, this is very slow (git pull), and should be removed when GitHub advances the vcpkg data in the runner | |
| - name: Install vcpkg | |
| run: | | |
| cd C:\vcpkg | |
| git pull origin master | |
| vcpkg upgrade --no-dry-run | |
| vcpkg install libmagic:x64-windows-static-md | |
| vcpkg install libmagic:arm64-windows-static-md | |
| vcpkg integrate install | |
| cargo install cargo-vcpkg | |
| - name: Install Cargo audit & auditable | |
| run: cargo install cargo-auditable cargo-audit | |
| - name: Build client x86_64 | |
| run: cargo auditable build --workspace --bin mdb_client --release | |
| - name: Build client arm64 | |
| run: cargo auditable build --workspace --bin mdb_client --release --target=aarch64-pc-windows-msvc | |
| - name: Build server x86_64 | |
| run: cargo auditable build --features=admin,admin-gui,sqlite,vt --release | |
| - name: Build server arm64 | |
| run: cargo auditable build --features=admin,admin-gui,sqlite,vt --release --target=aarch64-pc-windows-msvc | |
| - run: | | |
| copy target/release/mdb_server.exe target/release/mdb_server_amd64.exe | |
| copy target/release/mdb_client.exe target/release/mdb_client_amd64.exe | |
| copy target/aarch64-pc-windows-msvc/release/mdb_server.exe target/aarch64-pc-windows-msvc/release/mdb_server_arm64.exe | |
| copy target/aarch64-pc-windows-msvc/release/mdb_client.exe target/aarch64-pc-windows-msvc/release/mdb_client_arm64.exe | |
| - name: Upload mdb_server.exe | |
| uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 | |
| with: | |
| name: mdb_server_amd64.exe | |
| path: target/release/mdb_server_amd64.exe | |
| if-no-files-found: error | |
| retention-days: 5 | |
| - name: Upload mdb_server_arm64.exe | |
| uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 | |
| with: | |
| name: mdb_server_arm64.exe | |
| path: target/aarch64-pc-windows-msvc/release/mdb_server_arm64.exe | |
| if-no-files-found: error | |
| retention-days: 5 | |
| - name: Upload mdb_client.exe | |
| uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 | |
| with: | |
| name: mdb_client_amd64.exe | |
| path: target/release/mdb_client_amd64.exe | |
| if-no-files-found: error | |
| retention-days: 5 | |
| - name: Upload mdb_client_arm64.exe | |
| uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 | |
| with: | |
| name: mdb_client_arm64.exe | |
| path: target/aarch64-pc-windows-msvc/release/mdb_client_arm64.exe | |
| if-no-files-found: error | |
| retention-days: 5 | |
| release: | |
| if: startsWith(github.ref, 'refs/tags/') && github.event_name == 'push' | |
| needs: [ windows, macos, linux ] | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 | |
| with: | |
| egress-policy: block | |
| allowed-endpoints: > | |
| api.github.com:443 | |
| api.snapcraft.io:443 | |
| azure.archive.ubuntu.com:80 | |
| esm.ubuntu.com:443 | |
| github.com:443 | |
| motd.ubuntu.com:443 | |
| objects.githubusercontent.com:443 | |
| uploads.github.com:443 | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| - id: version | |
| run: echo "version=$(cargo metadata --format-version=1 --no-deps | jq '.packages[] | select(.name == "malwaredb") | .version' --raw-output)" >>$GITHUB_OUTPUT | |
| - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
| with: | |
| name: mdb_server_darwin_arm64 | |
| - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
| with: | |
| name: mdb_client_darwin_arm64 | |
| - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
| with: | |
| name: mdb_server_amd64.exe | |
| - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
| with: | |
| name: mdb_server_arm64.exe | |
| - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
| with: | |
| name: mdb_client_amd64.exe | |
| - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
| with: | |
| name: mdb_client_arm64.exe | |
| - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
| with: | |
| name: mdb_server_linux_musl_x86_64 | |
| - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
| with: | |
| name: "malwaredb_${{ steps.version.outputs.version }}-1_amd64.deb" | |
| - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
| with: | |
| name: mdb_client_linux_musl_x86_64 | |
| - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
| with: | |
| name: "malwaredb-client_${{ steps.version.outputs.version }}-1_amd64.deb" | |
| - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
| with: | |
| name: sbom.xml | |
| - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
| with: | |
| name: sbom.json | |
| - name: Download minisign | |
| run: | | |
| sudo apt-get install wget | |
| wget https://github.com/jedisct1/minisign/releases/download/0.11/minisign-0.11-linux.tar.gz | |
| tar xzf minisign-0.11-linux.tar.gz | |
| mv minisign-linux/x86_64/minisign . | |
| - name: Sign artifacts | |
| run: | | |
| mkdir ~/.minisign/ | |
| echo "${{ secrets.MINISIGN_KEY }}" > ~/.minisign/minisign.key | |
| echo | ./minisign -Sm mdb_* malwaredb* sbom.* | |
| echo | ./minisign -R | |
| - uses: softprops/action-gh-release@7b4da11513bf3f43f9999e90eabced41ab8bb048 # v2.2.0 | |
| with: | |
| draft: true | |
| prerelease: true | |
| generate_release_notes: true | |
| files: | | |
| mdb_server_darwin_arm64 | |
| mdb_server_darwin_arm64.minisig | |
| mdb_client_darwin_arm64 | |
| mdb_client_darwin_arm64.minisig | |
| mdb_server_amd64.exe | |
| mdb_server_amd64.exe.minisig | |
| mdb_server_arm64.exe | |
| mdb_server_arm64.exe.minisig | |
| mdb_client_amd64.exe | |
| mdb_client_amd64.exe.minisig | |
| mdb_client_arm64.exe | |
| mdb_client_arm64.exe.minisig | |
| mdb_server_linux_musl_x86_64 | |
| mdb_server_linux_musl_x86_64.minisig | |
| mdb_client_linux_musl_x86_64 | |
| mdb_client_linux_musl_x86_64.minisig | |
| malwaredb_${{ steps.version.outputs.version }}-1_amd64.deb | |
| malwaredb_${{ steps.version.outputs.version }}-1_amd64.deb.minisig | |
| malwaredb-client_${{ steps.version.outputs.version }}-1_amd64.deb | |
| malwaredb-client_${{ steps.version.outputs.version }}-1_amd64.deb.minisig | |
| sbom.xml | |
| sbom.xml.minisig | |
| sbom.json | |
| sbom.json.minisig | |
| minisign.pub | |
| - run: echo 00000 > ~/.minisign/minisign.key | |
| - uses: actions/attest-build-provenance@7668571508540a607bdfd90a87a560489fe372eb # v2.1.0 | |
| with: | |
| subject-path: | | |
| mdb_server_darwin_arm64 | |
| mdb_client_darwin_arm64 | |
| mdb_server_amd64.exe | |
| mdb_server_arm64.exe | |
| mdb_client_amd64.exe | |
| mdb_client_arm64.exe | |
| mdb_server_linux_musl_x86_64 | |
| mdb_client_linux_musl_x86_64 | |
| sbom.xml | |
| sbom.json |