pangolin_mirror/newt
1
0
Fork 0
mirror of https://github.com/fosrl/newt.git synced 2026-03-26 20:46:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

Refactor .goreleaser.yaml for improved release management and update README with installation instructions

Browse Source 
Add script to append release notes and enhance publish-apt.sh for asset downloading

Signed-off-by: Marc Schäfer <git@marcschaeferger.de>
This commit is contained in:
Marc Schäfer
2026-02-22 23:05:06 +01:00
parent 0f6852b681
commit 53d79aea5a
4 changed files with 74 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
.goreleaser.yaml
View File

@@ -1,42 +1,33 @@
version: 2
project_name: newt project_name: newt
release: release:
# du nutzt Tags wie 1.2.3 und 1.2.3-rc.1 (ohne v)
draft: true draft: true
prerelease: auto prerelease: "{{ contains .Tag \"-rc.\" }}"
name_template: "{{ .Tag }}" name_template: "{{ .Tag }}"
mode: replace
builds: builds:
- id: newt - id: newt
main: ./main.go # <- falls du cmd/newt hast: ./cmd/newt main: ./main.go
binary: newt binary: newt
env: env:
- CGO_ENABLED=0 - CGO_ENABLED=0
goos: goos:
- linux - linux
- darwin
- windows
- freebsd
goarch: goarch:
- amd64 - amd64
- arm64 - arm64
goarm:
- "6"
- "7"
flags: flags:
- -trimpath - -trimpath
ldflags: ldflags:
- -s -w -X main.version={{ .Tag }} - -s -w -X main.newtVersion={{ .Tag }}
archives: archives:
# Wichtig: format "binary" -> keine tar.gz, sondern raw binary wie bei dir aktuell - id: binaries
- id: raw
builds: builds:
- newt - newt
format: binary format: binary
name_template: >- name_template: "{{ .ProjectName }}_{{ .Os }}_{{ .Arch }}"
{{ .ProjectName }}_{{ .Os }}_{{ if eq .Arch "amd64" }}amd64{{ else if eq .Arch "arm64" }}arm64{{ else if eq .Arch "386" }}386{{ else }}{{ .Arch }}{{ end }}{{ if .Arm }}v{{ .Arm }}{{ end }}{{ if .Mips }}_{{ .Mips }}{{ end }}{{ if .Amd64 }}_{{ .Amd64 }}{{ end }}{{ if .Riscv64 }}_{{ .Riscv64 }}{{ end }}{{ if .Os | eq "windows" }}.exe{{ end }}
checksum: checksum:
name_template: "checksums.txt" name_template: "checksums.txt"
@@ -49,14 +40,13 @@ nfpms:
vendor: fosrl vendor: fosrl
maintainer: fosrl <repo@fosrl.io> maintainer: fosrl <repo@fosrl.io>
description: Newt - userspace tunnel client and TCP/UDP proxy description: Newt - userspace tunnel client and TCP/UDP proxy
license: AGPL-3.0 license: AGPL-3.0-or-later
formats: formats:
- deb - deb
- rpm - rpm
- apk - apk
bindir: /usr/bin bindir: /usr/bin
# sorgt dafür, dass die Paketnamen gut pattern-matchbar sind file_name_template: "newt_{{ .Version }}_{{ .Arch }}"
file_name_template: "{{ .PackageName }}_{{ .Version }}_{{ .Arch }}"
contents: contents:
- src: LICENSE - src: LICENSE
dst: /usr/share/doc/newt/LICENSE dst: /usr/share/doc/newt/LICENSE

13
README.md
View File

@@ -1,15 +1,24 @@
# Newt # Newt
[![PkgGoDev](https://pkg.go.dev/badge/github.com/fosrl/newt)](https://pkg.go.dev/github.com/fosrl/newt) [![PkgGoDev](https://pkg.go.dev/badge/github.com/fosrl/newt)](https://pkg.go.dev/github.com/fosrl/newt)
[![GitHub License](https://img.shields.io/github/license/fosrl/newt)](https://github.com/fosrl/newt/blob/main/LICENSE) [![GitHub License](https://img.shields.io/github/license/fosrl/newt)](https://github.com/fosrl/newt/blob/main/LICENSE)
[![Go Report Card](https://goreportcard.com/badge/github.com/fosrl/newt)](https://goreportcard.com/report/github.com/fosrl/newt) [![Go Report Card](https://goreportcard.com/badge/github.com/fosrl/newt)](https://goreportcard.com/report/github.com/fosrl/newt)
Newt is a fully user space [WireGuard](https://www.wireguard.com/) tunnel client and TCP/UDP proxy, designed to securely expose private resources controlled by Pangolin. By using Newt, you don't need to manage complex WireGuard tunnels and NATing. Newt is a fully user space [WireGuard](https://www.wireguard.com/) tunnel client and TCP/UDP proxy, designed to securely expose private resources controlled by Pangolin. By using Newt, you don't need to manage complex WireGuard tunnels and NATing.
### Installation and Documentation ## Installation and Documentation
Newt is used with Pangolin and Gerbil as part of the larger system. See documentation below: Newt is used with Pangolin and Gerbil as part of the larger system. See documentation below:
- [Full Documentation](https://docs.pangolin.net/manage/sites/understanding-sites) - [Full Documentation](https://docs.pangolin.net/manage/sites/understanding-sites)
### Install via APT (Debian/Ubuntu)
```bash
curl -fsSL https://repo.dev.fosrl.io/apt/public.key | sudo gpg --dearmor -o /usr/share/keyrings/newt-archive-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/newt-archive-keyring.gpg] https://repo.dev.fosrl.io/apt stable main" | sudo tee /etc/apt/sources.list.d/newt.list
sudo apt update && sudo apt install newt
```
## Key Functions ## Key Functions

22
scripts/append-release-notes.sh Normal file
View File

@@ -0,0 +1,22 @@
#!/usr/bin/env bash
set -euo pipefail
: "${TAG:?}"
: "${GHCR_REF:?}"
: "${DIGEST:?}"
NOTES_FILE="$(mktemp)"
existing_body="$(gh release view "${TAG}" --json body --jq '.body')"
cat > "${NOTES_FILE}" <<EOF
${existing_body}
## Container Images
- GHCR: \`${GHCR_REF}\`
- Docker Hub: \`${DH_REF:-N/A}\`
**Digest:** \`${DIGEST}\`
EOF
gh release edit "${TAG}" --draft --notes-file "${NOTES_FILE}"
rm -f "${NOTES_FILE}"

56
scripts/publish-apt.sh
View File

@@ -19,6 +19,23 @@ fi
WORKDIR="$(pwd)" WORKDIR="$(pwd)"
mkdir -p repo/apt assets build mkdir -p repo/apt assets build
download_asset() {
local tag="$1"
local pattern="$2"
local attempts=12
for attempt in $(seq 1 "${attempts}"); do
if gh release download "${tag}" -R "${GH_REPO}" -p "${pattern}" -D assets; then
return 0
fi
echo "Asset ${pattern} not available yet (attempt ${attempt}/${attempts}); retrying..."
sleep 5
done
echo "ERROR: Failed to download asset ${pattern} for ${tag} after ${attempts} attempts"
return 1
}
echo "${APT_GPG_PRIVATE_KEY}" | gpg --batch --import >/dev/null 2>&1 || true echo "${APT_GPG_PRIVATE_KEY}" | gpg --batch --import >/dev/null 2>&1 || true
KEYID="$(gpg --list-secret-keys --with-colons | awk -F: '$1=="sec"{print $5; exit}')" KEYID="$(gpg --list-secret-keys --with-colons | awk -F: '$1=="sec"{print $5; exit}')"
@@ -37,6 +54,8 @@ else
TAGS="${INPUT_TAG}" TAGS="${INPUT_TAG}"
elif [[ -n "${EVENT_TAG:-}" ]]; then elif [[ -n "${EVENT_TAG:-}" ]]; then
TAGS="${EVENT_TAG}" TAGS="${EVENT_TAG}"
elif [[ -n "${PUSH_TAG:-}" ]]; then
TAGS="${PUSH_TAG}"
else else
echo "No tag provided; using latest release tag..." echo "No tag provided; using latest release tag..."
TAGS="$(gh release view -R "${GH_REPO}" --json tagName --jq '.tagName')" TAGS="$(gh release view -R "${GH_REPO}" --json tagName --jq '.tagName')"
@@ -58,32 +77,23 @@ while IFS= read -r TAG; do
rm -rf assets build rm -rf assets build
mkdir -p assets build mkdir -p assets build
gh release download "${TAG}" -R "${GH_REPO}" -p "newt_linux_amd64" -D assets deb_amd64="${PKG_NAME}_${TAG}_amd64.deb"
gh release download "${TAG}" -R "${GH_REPO}" -p "newt_linux_arm64" -D assets deb_arm64="${PKG_NAME}_${TAG}_arm64.deb"
VERSION="${TAG#v}" download_asset "${TAG}" "${deb_amd64}"
download_asset "${TAG}" "${deb_arm64}"
for arch in amd64 arm64; do if [[ ! -f "assets/${deb_amd64}" ]]; then
bin="assets/newt_linux_${arch}" echo "ERROR: Missing release asset: ${deb_amd64}"
if [[ ! -f "${bin}" ]]; then exit 1
echo "ERROR: Missing release asset: ${bin}" fi
exit 1 if [[ ! -f "assets/${deb_arm64}" ]]; then
fi echo "ERROR: Missing release asset: ${deb_arm64}"
exit 1
install -Dm755 "${bin}" "build/newt" fi
# Create nfpm config from template file (no heredoc here)
sed \
-e "s/__PKG_NAME__/${PKG_NAME}/g" \
-e "s/__ARCH__/${arch}/g" \
-e "s/__VERSION__/${VERSION}/g" \
scripts/nfpm.yaml.tmpl > nfpm.yaml
nfpm package -p deb -f nfpm.yaml -t "build/${PKG_NAME}_${VERSION}_${arch}.deb"
done
mkdir -p "repo/apt/pool/${COMPONENT}/${PKG_NAME:0:1}/${PKG_NAME}/" mkdir -p "repo/apt/pool/${COMPONENT}/${PKG_NAME:0:1}/${PKG_NAME}/"
cp -v build/*.deb "repo/apt/pool/${COMPONENT}/${PKG_NAME:0:1}/${PKG_NAME}/" cp -v assets/*.deb "repo/apt/pool/${COMPONENT}/${PKG_NAME:0:1}/${PKG_NAME}/"
done <<< "${TAGS}" done <<< "${TAGS}"
@@ -124,7 +134,7 @@ gpg --batch --yes --pinentry-mode loopback \
# Export public key into apt repo root # Export public key into apt repo root
cd ../../.. cd ../../..
gpg --batch --yes --armor --export "${KEYID}" > public.key gpg --batch --yes --armor --export "${KEYID}" > "${WORKDIR}/repo/apt/public.key"
# Upload to S3 # Upload to S3
echo "Uploading to S3..." echo "Uploading to S3..."