Skip to content

github actions security features #2

github actions security features

github actions security features #2

Workflow file for this run

name: Release
on:
push:
tags:
- 'v*'
env:
GO_VERSION: '1.24'
jobs:
# Create GitHub release with binaries
release:
name: Create Release
runs-on: ubuntu-latest
permissions:
contents: write
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}
- name: Cache Go modules
uses: actions/cache@v4
with:
path: |
~/.cache/go-build
~/go/pkg/mod
key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
- name: Install dependencies
run: |
go mod download
- name: Run tests
run: |
go test -v ./...
- name: Build binaries
run: |
mkdir -p ../dist
# Build for multiple platforms
GOOS=linux GOARCH=amd64 go build -o ../dist/qzkp-linux-amd64 .
GOOS=linux GOARCH=arm64 go build -o ../dist/qzkp-linux-arm64 .
GOOS=darwin GOARCH=amd64 go build -o ../dist/qzkp-darwin-amd64 .
GOOS=darwin GOARCH=arm64 go build -o ../dist/qzkp-darwin-arm64 .
GOOS=windows GOARCH=amd64 go build -o ../dist/qzkp-windows-amd64.exe .
# Create checksums
cd ../dist
sha256sum * > checksums.txt
- name: Create release archives
run: |
cd dist
# Create tar.gz for Unix systems
tar -czf qzkp-linux-amd64.tar.gz qzkp-linux-amd64
tar -czf qzkp-linux-arm64.tar.gz qzkp-linux-arm64
tar -czf qzkp-darwin-amd64.tar.gz qzkp-darwin-amd64
tar -czf qzkp-darwin-arm64.tar.gz qzkp-darwin-arm64
# Create zip for Windows
zip qzkp-windows-amd64.zip qzkp-windows-amd64.exe
- name: Generate release notes
run: |
echo "# Quantum ZKP Release ${GITHUB_REF#refs/tags/}" > release-notes.md
echo "" >> release-notes.md
echo "## What's New" >> release-notes.md
echo "" >> release-notes.md
echo "This release includes:" >> release-notes.md
echo "- Secure quantum zero-knowledge proof implementation" >> release-notes.md
echo "- Post-quantum cryptographic security" >> release-notes.md
echo "- Configurable soundness levels (32-256 bits)" >> release-notes.md
echo "- Comprehensive test suite and documentation" >> release-notes.md
echo "" >> release-notes.md
echo "## Security Features" >> release-notes.md
echo "- Zero information leakage (proven through testing)" >> release-notes.md
echo "- NIST post-quantum cryptography standards" >> release-notes.md
echo "- Dilithium digital signatures" >> release-notes.md
echo "- BLAKE3 and SHA-256 cryptographic hashing" >> release-notes.md
echo "" >> release-notes.md
echo "## Performance" >> release-notes.md
echo "- Sub-millisecond proof generation" >> release-notes.md
echo "- Proof sizes: 13.5KB (32-bit) to 41.9KB (256-bit)" >> release-notes.md
echo "- Production-ready performance characteristics" >> release-notes.md
echo "" >> release-notes.md
echo "## Installation" >> release-notes.md
echo "" >> release-notes.md
echo "Download the appropriate binary for your platform:" >> release-notes.md
echo "- Linux (x64): \`qzkp-linux-amd64.tar.gz\`" >> release-notes.md
echo "- Linux (ARM64): \`qzkp-linux-arm64.tar.gz\`" >> release-notes.md
echo "- macOS (Intel): \`qzkp-darwin-amd64.tar.gz\`" >> release-notes.md
echo "- macOS (Apple Silicon): \`qzkp-darwin-arm64.tar.gz\`" >> release-notes.md
echo "- Windows (x64): \`qzkp-windows-amd64.zip\`" >> release-notes.md
echo "" >> release-notes.md
echo "## Usage" >> release-notes.md
echo "" >> release-notes.md
echo "\`\`\`bash" >> release-notes.md
echo "# Quick demo" >> release-notes.md
echo "./qzkp demo" >> release-notes.md
echo "" >> release-notes.md
echo "# Security analysis" >> release-notes.md
echo "./qzkp security" >> release-notes.md
echo "" >> release-notes.md
echo "# All examples" >> release-notes.md
echo "./qzkp examples" >> release-notes.md
echo "\`\`\`" >> release-notes.md
echo "" >> release-notes.md
echo "## Verification" >> release-notes.md
echo "" >> release-notes.md
echo "Verify the integrity of downloaded files using the provided checksums:" >> release-notes.md
echo "" >> release-notes.md
echo "\`\`\`bash" >> release-notes.md
echo "sha256sum -c checksums.txt" >> release-notes.md
echo "\`\`\`" >> release-notes.md
echo "" >> release-notes.md
echo "## Documentation" >> release-notes.md
echo "" >> release-notes.md
echo "- [Scientific Paper](https://github.com/hydraresearch/qzkp/blob/main/SCIENTIFIC_PAPER.md)" >> release-notes.md
echo "- [API Documentation](https://github.com/hydraresearch/qzkp/blob/main/API.md)" >> release-notes.md
echo "- [Usage Guide](https://github.com/hydraresearch/qzkp/blob/main/USAGE_GUIDE.md)" >> release-notes.md
echo "" >> release-notes.md
echo "## Citation" >> release-notes.md
echo "" >> release-notes.md
echo "If you use this software in academic work, please cite:" >> release-notes.md
echo "" >> release-notes.md
echo "\`\`\`bibtex" >> release-notes.md
echo "@software{cloutier2025qzkp," >> release-notes.md
echo " author = {Nick Cloutier}," >> release-notes.md
echo " title = {Secure Quantum Zero-Knowledge Proofs: Implementation, Analysis, and Optimization}," >> release-notes.md
echo " year = {2025}," >> release-notes.md
echo " url = {https://github.com/hydraresearch/qzkp}," >> release-notes.md
echo " version = {${GITHUB_REF#refs/tags/}}" >> release-notes.md
echo "}" >> release-notes.md
echo "\`\`\`" >> release-notes.md
- name: Create GitHub Release
uses: softprops/action-gh-release@v2
with:
body_path: release-notes.md
files: |
dist/qzkp-*.tar.gz
dist/qzkp-*.zip
dist/checksums.txt
draft: false
prerelease: false
generate_release_notes: true
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# Update package registries
update-registries:
name: Update Package Registries
runs-on: ubuntu-latest
needs: release
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Update Homebrew formula (placeholder)
run: |
echo "TODO: Update Homebrew formula"
echo "This would typically involve creating a PR to homebrew-core"
echo "or updating a custom tap with the new version and checksums"
- name: Update AUR package (placeholder)
run: |
echo "TODO: Update Arch User Repository package"
echo "This would involve updating the PKGBUILD file"
echo "with new version and checksums"
- name: Notify package maintainers
run: |
echo "Release ${GITHUB_REF#refs/tags/} created successfully"
echo "Package maintainers should be notified to update their packages"