ci: unify into single workflow with parallel builds

Replace separate kmod/zygisk/lsposed workflows with one ci.yml. Four jobs run in parallel: kmod, zygisk, lsposed, test-app. A release job depends on all four and runs only on tag pushes, creating a GitHub release with all artifacts and checksums.
2026-05-05 18:53:49 +00:00 · 2026-04-11 21:46:49 +03:00 · 2026-04-11 21:46:49 +03:00 · fe2a104572
commit fe2a104572
parent 1849ead690
3 changed files with 108 additions and 193 deletions
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@ -0,0 +1,243 @@
+name: CI
+
+on:
+  push:
+    branches: [main]
+    tags: ['v*']
+  pull_request:
+  workflow_dispatch:
+
+permissions:
+  contents: write
+  packages: read
+
+jobs:
+  kmod:
+    runs-on: ubuntu-latest
+    container:
+      image: ghcr.io/${{ github.repository }}/ci:latest
+      credentials:
+        username: ${{ github.actor }}
+        password: ${{ secrets.GITHUB_TOKEN }}
+
+    strategy:
+      matrix:
+        gki:
+          - branch: android14-6.1
+            symvers: kmod/symvers/android14-6.1.symvers
+
+    env:
+      CLANG_DIR: /opt/aosp-clang/bin
+
+    steps:
+      - name: Add AOSP clang to PATH
+        run: echo "$CLANG_DIR" >> "$GITHUB_PATH"
+
+      - uses: actions/checkout@v4
+
+      - name: Mark workspace safe
+        run: git config --global --add safe.directory "$GITHUB_WORKSPACE"
+
+      - name: Cache kernel source
+        uses: actions/cache@v4
+        id: kernel-cache
+        with:
+          path: kernel-source
+          key: kernel-${{ matrix.gki.branch }}-v2
+
+      - name: Clone kernel source (shallow)
+        if: steps.kernel-cache.outputs.cache-hit != 'true'
+        run: |
+          git clone --depth=1 -b ${{ matrix.gki.branch }} \
+              https://android.googlesource.com/kernel/common \
+              kernel-source
+
+      - name: Prepare kernel source
+        run: |
+          cd kernel-source
+
+          make ARCH=arm64 LLVM=1 LLVM_IAS=1 \
+              CC=$CLANG_DIR/clang LD=$CLANG_DIR/ld.lld \
+              AR=$CLANG_DIR/llvm-ar NM=$CLANG_DIR/llvm-nm \
+              OBJCOPY=$CLANG_DIR/llvm-objcopy \
+              OBJDUMP=$CLANG_DIR/llvm-objdump \
+              STRIP=$CLANG_DIR/llvm-strip \
+              CROSS_COMPILE=aarch64-linux-gnu- \
+              gki_defconfig
+
+          touch abi_symbollist.raw
+
+          make ARCH=arm64 LLVM=1 LLVM_IAS=1 \
+              CC=$CLANG_DIR/clang LD=$CLANG_DIR/ld.lld \
+              AR=$CLANG_DIR/llvm-ar NM=$CLANG_DIR/llvm-nm \
+              OBJCOPY=$CLANG_DIR/llvm-objcopy \
+              OBJDUMP=$CLANG_DIR/llvm-objdump \
+              STRIP=$CLANG_DIR/llvm-strip \
+              CROSS_COMPILE=aarch64-linux-gnu- \
+              olddefconfig prepare || true
+
+          # Generate module.lds (make prepare sometimes skips this)
+          if [ ! -f scripts/module.lds ]; then
+              $CLANG_DIR/clang -E -Wp,-MD,scripts/.module.lds.d -nostdinc \
+                  -I arch/arm64/include -I arch/arm64/include/generated \
+                  -I include -I include/generated \
+                  -include include/linux/kconfig.h \
+                  -D__KERNEL__ -DCC_USING_PATCHABLE_FUNCTION_ENTRY \
+                  --target=aarch64-linux-gnu -x c scripts/module.lds.S \
+                  2>/dev/null | grep -v '^#' > scripts/module.lds
+              sed -i 's/((1UL) << 12)/4096/g' scripts/module.lds
+          fi
+
+          cp "$GITHUB_WORKSPACE/${{ matrix.gki.symvers }}" Module.symvers
+
+          echo '#define UTS_RELEASE "6.1.0-vpnhide-ci"' \
+              > include/generated/utsrelease.h
+          echo -n "6.1.0-vpnhide-ci" > include/config/kernel.release
+
+      - name: Build kernel module
+        run: |
+          make -C $GITHUB_WORKSPACE/kernel-source M=$GITHUB_WORKSPACE/kmod \
+              ARCH=arm64 LLVM=1 LLVM_IAS=1 \
+              CC=$CLANG_DIR/clang LD=$CLANG_DIR/ld.lld \
+              AR=$CLANG_DIR/llvm-ar NM=$CLANG_DIR/llvm-nm \
+              OBJCOPY=$CLANG_DIR/llvm-objcopy \
+              OBJDUMP=$CLANG_DIR/llvm-objdump \
+              STRIP=$CLANG_DIR/llvm-strip \
+              CROSS_COMPILE=aarch64-linux-gnu- \
+              modules
+
+      - name: Package KSU module zip
+        run: |
+          cp kmod/vpnhide_kmod.ko kmod/module/
+          (cd kmod/module && zip -qr "$GITHUB_WORKSPACE/vpnhide-kmod-${{ matrix.gki.branch }}.zip" .)
+
+      - name: Upload artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: vpnhide-kmod-${{ matrix.gki.branch }}
+          path: vpnhide-kmod-${{ matrix.gki.branch }}.zip
+          if-no-files-found: error
+
+  zygisk:
+    runs-on: ubuntu-latest
+    container:
+      image: ghcr.io/${{ github.repository }}/ci:latest
+      credentials:
+        username: ${{ github.actor }}
+        password: ${{ secrets.GITHUB_TOKEN }}
+
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          submodules: recursive
+
+      - name: Mark workspace safe
+        run: git config --global --add safe.directory "$GITHUB_WORKSPACE"
+
+      - name: Cache cargo
+        uses: actions/cache@v4
+        with:
+          path: |
+            /usr/local/cargo/registry
+            /usr/local/cargo/git
+            zygisk/target
+          key: cargo-${{ runner.os }}-${{ hashFiles('zygisk/Cargo.lock') }}
+          restore-keys: cargo-${{ runner.os }}-
+
+      - name: Build module zip
+        run: cd zygisk && ./build-zip.sh
+
+      - name: Upload artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: vpnhide-zygisk
+          path: zygisk/target/vpnhide-zygisk.zip
+          if-no-files-found: error
+
+  lsposed:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up JDK 17
+        uses: actions/setup-java@v4
+        with:
+          distribution: temurin
+          java-version: '17'
+
+      - name: Set up Gradle
+        uses: gradle/actions/setup-gradle@v4
+
+      - name: Build APK
+        run: cd lsposed && ./gradlew --no-daemon assembleDebug
+
+      - name: Upload artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: vpnhide-lsposed
+          path: lsposed/app/build/outputs/apk/debug/app-debug.apk
+          if-no-files-found: error
+
+  test-app:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up JDK 17
+        uses: actions/setup-java@v4
+        with:
+          distribution: temurin
+          java-version: '17'
+
+      - name: Set up Gradle
+        uses: gradle/actions/setup-gradle@v4
+
+      - name: Build APK
+        run: cd test-app && ./gradlew --no-daemon assembleDebug
+
+      - name: Upload artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: vpnhide-test
+          path: test-app/app/build/outputs/apk/debug/app-debug.apk
+          if-no-files-found: error
+
+  release:
+    needs: [kmod, zygisk, lsposed, test-app]
+    if: startsWith(github.ref, 'refs/tags/v')
+    runs-on: ubuntu-latest
+    steps:
+      - name: Download all artifacts
+        uses: actions/download-artifact@v4
+        with:
+          path: dist/
+          merge-multiple: true
+
+      - name: Rename artifacts
+        run: |
+          cd dist
+          tag="${GITHUB_REF##*/}"
+          # Rename with version tag
+          for f in *.zip *.apk; do
+            [ -f "$f" ] || continue
+            base="${f%.*}"
+            ext="${f##*.}"
+            mv "$f" "${base}-${tag}.${ext}" 2>/dev/null || true
+          done
+          # Generate checksums
+          for f in *.zip *.apk; do
+            [ -f "$f" ] && sha256sum "$f" > "${f}.sha256"
+          done
+          ls -lh
+
+      - name: Create release
+        uses: softprops/action-gh-release@v2
+        with:
+          tag_name: ${{ github.ref_name }}
+          generate_release_notes: true
+          files: |
+            dist/*.zip
+            dist/*.apk
+            dist/*.sha256
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}