name: Release Build and Upload on: push: tags: - "v*.*.*" jobs: build-and-release: runs-on: ubuntu-latest permissions: contents: write packages: write steps: - name: Checkout code uses: actions/checkout@v4 with: fetch-depth: 1 - name: Set up Docker uses: docker/setup-buildx-action@v3 - name: Log in to GitHub Container Registry uses: docker/login-action@v3 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Extract version from tag id: get_version run: | echo "VERSION=${GITHUB_REF#refs/tags/v}" >> $GITHUB_OUTPUT echo "TAG=${GITHUB_REF#refs/tags/}" >> $GITHUB_OUTPUT echo "HASH=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT - name: Build frontend files working-directory: frontend run: | sudo docker run --rm \ -v "$(pwd)":/app \ -w /app \ node:alpine \ sh -c "npm ci && npm run build-production" - name: Move frontend build to backend run: | rm -rf backend/frontend/build mkdir -p backend/frontend/build cp -r frontend/build/* backend/frontend/build/ - name: Build single binary with all features run: | sudo docker run --rm \ -v "$(pwd)":/app \ -w /app/backend \ -e CGO_ENABLED=1 \ golang:1.25.1 \ go build -trimpath \ -ldflags='-X github.com/phishingclub/phishingclub/version.hash=ph${{ steps.get_version.outputs.HASH }} -X github.com/phishingclub/phishingclub/version.version=${{ steps.get_version.outputs.VERSION }}' \ -tags production -o ../build/phishingclub main.go - name: Fix build directory permissions run: | sudo chown -R $USER:$USER build/ chmod 755 build/ ls -la build/ - name: Sign binary with Ed25519 run: | # Create directory for keys mkdir -p /tmp/keys chmod 700 /tmp/keys # Save both private keys from GitHub secrets echo "${{ secrets.SIGNKEY_1 }}" > /tmp/keys/private1.pem echo "${{ secrets.SIGNKEY_2 }}" > /tmp/keys/private2.pem chmod 600 /tmp/keys/private1.pem chmod 600 /tmp/keys/private2.pem # Sign binary with primary key (Key 1) openssl pkeyutl -sign -inkey /tmp/keys/private1.pem \ -rawin -in build/phishingclub \ -out build/phishingclub.sig # Clean up keys rm -rf /tmp/keys - name: Create compressed package with signature run: | mkdir -p packages # Package binary with signature tar -czf packages/phishingclub_${{ steps.get_version.outputs.VERSION }}.tar.gz \ -C build \ phishingclub \ phishingclub.sig - name: Extract release notes from RELEASE.md id: get_release_notes run: | # extract the section for the current version from RELEASE.md VERSION="${{ steps.get_version.outputs.VERSION }}" # find the line containing the current version START_LINE=$(grep -n "## \[$VERSION\]" RELEASE.md | cut -d: -f1) if [ -z "$START_LINE" ]; then echo "Could not find version $VERSION in RELEASE.md" echo "NOTES=PhishingClub release ${{ steps.get_version.outputs.TAG }}" >> $GITHUB_OUTPUT exit 0 fi # find the next version section (next line starting with ##) NEXT_LINE=$(tail -n +$((START_LINE + 1)) RELEASE.md | grep -n "^## " | head -1 | cut -d: -f1) if [ -z "$NEXT_LINE" ]; then # no next section, take from start line to end of file RELEASE_NOTES=$(tail -n +$START_LINE RELEASE.md) else # calculate end line END_LINE=$((START_LINE + NEXT_LINE - 1)) RELEASE_NOTES=$(sed -n "${START_LINE},${END_LINE}p" RELEASE.md) fi # save to github output (escape newlines) echo "NOTES<> $GITHUB_OUTPUT echo "$RELEASE_NOTES" >> $GITHUB_OUTPUT echo "EOF" >> $GITHUB_OUTPUT - name: Create GitHub Release env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | gh release create ${{ steps.get_version.outputs.TAG }} \ ./packages/phishingclub_${{ steps.get_version.outputs.VERSION }}.tar.gz \ --title "PhishingClub ${{ steps.get_version.outputs.TAG }}" \ --notes "${{ steps.get_release_notes.outputs.NOTES }}" - name: Notify about release run: | curl -d "phishingclub version ${{ steps.get_version.outputs.VERSION }} has been released on GitHub" https://ntfy.sh/phishing_club_released