name: CD - BanForge Release on: push: tags: - 'v*' workflow_dispatch: permissions: contents: write jobs: build: strategy: matrix: include: - goos: linux arch: amd64 - goos: linux arch: arm64 runs-on: ubuntu-latest steps: - uses: actions/checkout@v6 - uses: actions/setup-go@v6 with: go-version: '1.25' cache: false - run: go mod tidy - uses: golangci/golangci-lint-action@v9.2.0 with: args: --timeout=5m skip-cache: true - run: go test ./... - name: Build ${{ matrix.goos }}-${{ matrix.arch }} env: GOOS: ${{ matrix.goos }} GOARCH: ${{ matrix.arch }} run: go build -o banforge-${{ matrix.goos }}-${{ matrix.arch }} ./cmd/banforge - uses: actions/upload-artifact@v4 with: name: banforge-${{ matrix.arch }} path: banforge-${{ matrix.goos }}-${{ matrix.arch }} retention-days: 1 release: needs: build runs-on: ubuntu-latest steps: - uses: actions/checkout@v6 - uses: actions/download-artifact@v4 with: path: ./artifacts - name: Create Release env: GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }} run: | TAG="${{ gitea.ref_name }}" REPO="${{ gitea.repository }}" SERVER="${{ gitea.server_url }}" TOKEN="$TOKEN" curl -X POST \ -H "Authorization: token $TOKEN" \ -H "Content-Type: application/json" \ -d '{ "tag_name": "'$TAG'", "name": "Release '$TAG'", "body": "# BanForge '$TAG'\n\nIntrusion Prevention System\n\n## Supported Firewalls\n- UFW\n- iptables\n- nftables\n- firewalld", "draft": false, "prerelease": false }' \ "$SERVER/api/v1/repos/$REPO/releases" - name: Upload Assets env: GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }} run: | TAG="${{ gitea.ref_name }}" REPO="${{ gitea.repository }}" SERVER="${{ gitea.server_url }}" TOKEN="$GITEA_TOKEN" for artifact_dir in artifacts/*/; do for file in "$artifact_dir"*; do [ -f "$file" ] && \ curl -X POST \ -H "Authorization: token $TOKEN" \ -H "Content-Type: application/octet-stream" \ --data-binary "@$file" \ "$SERVER/api/v1/repos/$REPO/releases/tags/$TAG/assets?name=$(basename "$file")" done done