name: CI on: push: branches: [main] tags: ['v*'] pull_request: workflow_dispatch: permissions: contents: write packages: read jobs: lint: runs-on: ubuntu-latest container: image: ghcr.io/${{ github.repository }}/ci:latest credentials: username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} steps: - uses: actions/checkout@v6 with: submodules: recursive fetch-depth: 0 - name: Mark workspace safe run: git config --global --add safe.directory "$GITHUB_WORKSPACE" # Rust - name: rustfmt run: | cd zygisk && cargo fmt --check cd ../lsposed/native && cargo fmt --check - name: clippy (zygisk) run: cd zygisk && cargo ndk -t arm64-v8a clippy -- -D warnings - name: clippy (lsposed native) run: cd lsposed/native && cargo ndk -t arm64-v8a clippy -- -D warnings - name: cargo test (zygisk) run: cd zygisk && cargo test # C (kernel module) - name: clang-format run: clang-format --dry-run --Werror kmod/vpnhide_kmod.c # Kotlin - name: ktlint run: ktlint "lsposed/**/*.kt" - name: Android lint run: cd lsposed && ./gradlew --no-daemon :app:lint kmod: runs-on: ubuntu-latest strategy: matrix: kmi: - android12-5.10 - android13-5.10 - android13-5.15 - android14-5.15 - android14-6.1 - android15-6.6 - android16-6.12 container: image: ghcr.io/ylarod/ddk-min:${{ matrix.kmi }}-20260313 env: KDIR: /opt/ddk/kdir/${{ matrix.kmi }} steps: - uses: actions/checkout@v6 with: fetch-depth: 0 - name: Build kernel module run: | CLANG=$(echo /opt/ddk/clang/clang-r*/bin) make -C $KDIR M=$GITHUB_WORKSPACE/kmod \ ARCH=arm64 LLVM=1 LLVM_IAS=1 \ CC=$CLANG/clang LD=$CLANG/ld.lld \ AR=$CLANG/llvm-ar NM=$CLANG/llvm-nm \ OBJCOPY=$CLANG/llvm-objcopy \ OBJDUMP=$CLANG/llvm-objdump \ STRIP=$CLANG/llvm-strip \ CROSS_COMPILE=aarch64-linux-gnu- \ modules $CLANG/llvm-strip -d kmod/vpnhide_kmod.ko - name: Package KSU module zip run: | apt-get update -qq && apt-get install -y -qq zip git >/dev/null git config --global --add safe.directory "$GITHUB_WORKSPACE" BUILD_VERSION=$(./scripts/build-version.sh) echo "Stamping kmod module.prop version=v${BUILD_VERSION}" cp kmod/vpnhide_kmod.ko kmod/module/ sed -i "s|^version=.*|version=v${BUILD_VERSION}|" kmod/module/module.prop echo "updateJson=https://raw.githubusercontent.com/okhsunrog/vpnhide/main/update-json/update-kmod-${{ matrix.kmi }}.json" >> kmod/module/module.prop (cd kmod/module && zip -qr "$GITHUB_WORKSPACE/vpnhide-kmod-${{ matrix.kmi }}.zip" .) - name: Upload artifact uses: actions/upload-artifact@v7 with: name: vpnhide-kmod-${{ matrix.kmi }} path: vpnhide-kmod-${{ matrix.kmi }}.zip if-no-files-found: error zygisk: runs-on: ubuntu-latest container: image: ghcr.io/${{ github.repository }}/ci:latest credentials: username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} steps: - uses: actions/checkout@v6 with: submodules: recursive fetch-depth: 0 - name: Mark workspace safe run: git config --global --add safe.directory "$GITHUB_WORKSPACE" - name: Cache cargo uses: actions/cache@v5 with: path: | /usr/local/cargo/registry /usr/local/cargo/git zygisk/target key: cargo-${{ runner.os }}-${{ hashFiles('zygisk/Cargo.lock') }} restore-keys: cargo-${{ runner.os }}- - name: Build module zip env: UPDATE_JSON_URL: https://raw.githubusercontent.com/okhsunrog/vpnhide/main/update-json/update-zygisk.json run: | cd zygisk ./build-zip.sh - name: Upload artifact uses: actions/upload-artifact@v7 with: name: vpnhide-zygisk path: zygisk/target/vpnhide-zygisk.zip if-no-files-found: error lsposed: runs-on: ubuntu-latest container: image: ghcr.io/${{ github.repository }}/ci:latest credentials: username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} steps: - uses: actions/checkout@v6 with: fetch-depth: 0 - name: Mark workspace safe run: git config --global --add safe.directory "$GITHUB_WORKSPACE" - name: Set up keystore env: KEYSTORE_BASE64: ${{ secrets.ANDROID_KEYSTORE_BASE64 }} KEYSTORE_PASSWORD: ${{ secrets.ANDROID_KEYSTORE_PASSWORD }} KEY_ALIAS: ${{ secrets.ANDROID_KEY_ALIAS }} run: | KEYSTORE_PATH="$GITHUB_WORKSPACE/lsposed/release.jks" echo "$KEYSTORE_BASE64" | base64 --decode > "$KEYSTORE_PATH" cat > "$GITHUB_WORKSPACE/lsposed/keystore.properties" </dev/null cd portshide ./build-zip.sh mv vpnhide-ports.zip "$GITHUB_WORKSPACE/vpnhide-ports.zip" - name: Upload artifact uses: actions/upload-artifact@v7 with: name: vpnhide-ports path: vpnhide-ports.zip if-no-files-found: error release: needs: [kmod, zygisk, lsposed, portshide] if: startsWith(github.ref, 'refs/tags/v') runs-on: ubuntu-latest steps: - uses: actions/checkout@v6 with: fetch-depth: 0 - name: Download all artifacts uses: actions/download-artifact@v8 with: path: dist/ merge-multiple: true - name: Extract release notes from CHANGELOG.md run: | TAG="${{ github.ref_name }}" awk -v t="^## ${TAG}\$" '$0~t{flag=1;next} /^## v/{flag=0} flag' \ CHANGELOG.md > release-notes.md echo "=== release-notes.md ===" cat release-notes.md - name: Create draft release uses: softprops/action-gh-release@v2 with: tag_name: ${{ github.ref_name }} body_path: release-notes.md generate_release_notes: true draft: true files: | dist/*.zip dist/*.apk env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}