mirror of
https://github.com/okhsunrog/vpnhide.git
synced 2026-05-06 03:24:19 +00:00
38f9b56f5b
Some checks are pending
CI / kmod (android13-5.15) (push) Waiting to run
CI / kmod (android14-5.15) (push) Waiting to run
CI / kmod (android14-6.1) (push) Waiting to run
CI / kmod (android15-6.6) (push) Waiting to run
CI / kmod (android16-6.12) (push) Waiting to run
CI / kmod (android12-5.10) (push) Waiting to run
CI / kmod (android13-5.10) (push) Waiting to run
CI / setup (push) Waiting to run
CI / lint (push) Blocked by required conditions
CI / zygisk (push) Blocked by required conditions
CI / lsposed (push) Blocked by required conditions
CI / portshide (push) Waiting to run
CI / release (push) Blocked by required conditions
Two follow-ups to #90 in one PR: 1. Two new match forms in data/interfaces.toml grammar: suffix = "digits_optional" prefix + 0+ ASCII digits suffix = "any" prefix + 1+ any chars Needed by the upcoming whitelist (PR-B) for patterns like `seth_lte\d*` and `v4-.+`. Not used by any current [[vpn]] rule, but the helper functions are exercised by direct unit tests in the generated test modules so a bug would surface before whitelist lands. 2. [[test]] vectors in data/interfaces.toml that the codegen renders into per-language unit tests: - zygisk + lsposed/native: #[cfg(test)] mod tests inside the generated iface_lists.rs (run via `cargo test`) - lsposed/app: a separate IfaceListsGeneratedTest under src/test/kotlin (run via `:app:testDebugUnitTest`) - kmod: a userspace test driver test_iface_lists.c — the generated header now has __KERNEL__-guarded includes so the same matcher compiles against libc, and a new lint step builds and runs it via gcc. 36 fixed vectors today; trivial to grow as new rules / corner cases come up. CI catches drift on the next push: any single matcher that disagrees with the toml fails its job. No production behavior change — generated matches_vpn / vpnhide_iface_is_vpn / IfaceLists.isVpnIface bodies are byte-identical to before; only the helper functions and test modules grew.
270 lines
7.8 KiB
YAML
270 lines
7.8 KiB
YAML
name: CI
|
|
|
|
on:
|
|
push:
|
|
branches: [main]
|
|
tags: ['v*']
|
|
pull_request:
|
|
workflow_dispatch:
|
|
|
|
permissions:
|
|
contents: write
|
|
packages: read
|
|
|
|
jobs:
|
|
setup:
|
|
runs-on: ubuntu-latest
|
|
outputs:
|
|
image: ${{ steps.img.outputs.image }}
|
|
steps:
|
|
- id: img
|
|
env:
|
|
REPO: ${{ github.repository }}
|
|
run: echo "image=ghcr.io/${REPO,,}/ci:latest" >> "$GITHUB_OUTPUT"
|
|
|
|
lint:
|
|
needs: setup
|
|
runs-on: ubuntu-latest
|
|
container:
|
|
image: ${{ needs.setup.outputs.image }}
|
|
credentials:
|
|
username: ${{ github.actor }}
|
|
password: ${{ secrets.GITHUB_TOKEN }}
|
|
steps:
|
|
- uses: actions/checkout@v6
|
|
with:
|
|
submodules: recursive
|
|
fetch-depth: 0
|
|
- name: Mark workspace safe
|
|
run: git config --global --add safe.directory "$GITHUB_WORKSPACE"
|
|
|
|
# Codegen
|
|
- name: Verify generated iface lists are up to date
|
|
run: |
|
|
python3 scripts/codegen-interfaces.py
|
|
if ! git diff --quiet; then
|
|
echo "::error::data/interfaces.toml is out of sync with generated files. Run scripts/codegen-interfaces.py and commit the result." >&2
|
|
git --no-pager diff
|
|
exit 1
|
|
fi
|
|
|
|
# Rust
|
|
- name: rustfmt
|
|
run: |
|
|
cd zygisk && cargo fmt --check
|
|
cd ../lsposed/native && cargo fmt --check
|
|
- name: clippy (zygisk)
|
|
run: cd zygisk && cargo ndk -t arm64-v8a clippy -- -D warnings
|
|
- name: clippy (lsposed native)
|
|
run: cd lsposed/native && cargo ndk -t arm64-v8a clippy -- -D warnings
|
|
- name: cargo test (zygisk)
|
|
run: cd zygisk && cargo test
|
|
|
|
# C (kernel module)
|
|
- name: clang-format
|
|
run: clang-format --dry-run --Werror kmod/vpnhide_kmod.c
|
|
- name: kmod iface-list test (host build)
|
|
run: |
|
|
cd kmod
|
|
gcc -O2 -Wall -Werror -o /tmp/test_iface_lists test_iface_lists.c
|
|
/tmp/test_iface_lists
|
|
|
|
# Kotlin
|
|
- name: ktlint
|
|
run: ktlint "lsposed/**/*.kt"
|
|
- name: Android lint
|
|
run: cd lsposed && ./gradlew --no-daemon :app:lint
|
|
- name: Kotlin unit tests
|
|
run: cd lsposed && ./gradlew --no-daemon :app:testDebugUnitTest
|
|
|
|
kmod:
|
|
runs-on: ubuntu-latest
|
|
strategy:
|
|
matrix:
|
|
kmi:
|
|
- android12-5.10
|
|
- android13-5.10
|
|
- android13-5.15
|
|
- android14-5.15
|
|
- android14-6.1
|
|
- android15-6.6
|
|
- android16-6.12
|
|
container:
|
|
image: ghcr.io/ylarod/ddk-min:${{ matrix.kmi }}-20260313
|
|
env:
|
|
KMI: ${{ matrix.kmi }}
|
|
|
|
steps:
|
|
- uses: actions/checkout@v6
|
|
with:
|
|
fetch-depth: 0
|
|
|
|
- name: Mark workspace safe
|
|
run: git config --global --add safe.directory "$GITHUB_WORKSPACE"
|
|
|
|
- name: Build and package kernel module
|
|
run: |
|
|
cd kmod
|
|
python3 ./build-zip.py --kmi $KMI
|
|
|
|
- name: Upload artifact
|
|
uses: actions/upload-artifact@v7
|
|
with:
|
|
name: vpnhide-kmod-${{ matrix.kmi }}
|
|
path: vpnhide-kmod-${{ matrix.kmi }}.zip
|
|
if-no-files-found: error
|
|
|
|
zygisk:
|
|
needs: setup
|
|
runs-on: ubuntu-latest
|
|
container:
|
|
image: ${{ needs.setup.outputs.image }}
|
|
credentials:
|
|
username: ${{ github.actor }}
|
|
password: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
steps:
|
|
- uses: actions/checkout@v6
|
|
with:
|
|
submodules: recursive
|
|
fetch-depth: 0
|
|
|
|
- name: Mark workspace safe
|
|
run: git config --global --add safe.directory "$GITHUB_WORKSPACE"
|
|
|
|
- name: Cache cargo
|
|
uses: actions/cache@v5
|
|
with:
|
|
path: |
|
|
/usr/local/cargo/registry
|
|
/usr/local/cargo/git
|
|
zygisk/target
|
|
key: cargo-${{ runner.os }}-${{ hashFiles('zygisk/Cargo.lock') }}
|
|
restore-keys: cargo-${{ runner.os }}-
|
|
|
|
- name: Build module zip
|
|
env:
|
|
UPDATE_JSON_URL: https://raw.githubusercontent.com/okhsunrog/vpnhide/main/update-json/update-zygisk.json
|
|
run: |
|
|
cd zygisk
|
|
python3 ./build-zip.py
|
|
|
|
- name: Upload artifact
|
|
uses: actions/upload-artifact@v7
|
|
with:
|
|
name: vpnhide-zygisk
|
|
path: zygisk/target/vpnhide-zygisk.zip
|
|
if-no-files-found: error
|
|
|
|
lsposed:
|
|
needs: setup
|
|
runs-on: ubuntu-latest
|
|
container:
|
|
image: ${{ needs.setup.outputs.image }}
|
|
credentials:
|
|
username: ${{ github.actor }}
|
|
password: ${{ secrets.GITHUB_TOKEN }}
|
|
steps:
|
|
- uses: actions/checkout@v6
|
|
with:
|
|
fetch-depth: 0
|
|
|
|
- name: Mark workspace safe
|
|
run: git config --global --add safe.directory "$GITHUB_WORKSPACE"
|
|
|
|
- name: Set up keystore
|
|
env:
|
|
KEYSTORE_BASE64: ${{ secrets.ANDROID_KEYSTORE_BASE64 }}
|
|
KEYSTORE_PASSWORD: ${{ secrets.ANDROID_KEYSTORE_PASSWORD }}
|
|
KEY_ALIAS: ${{ secrets.ANDROID_KEY_ALIAS }}
|
|
run: |
|
|
KEYSTORE_PATH="$GITHUB_WORKSPACE/lsposed/release.jks"
|
|
if [ -n "$KEYSTORE_BASE64" ]; then
|
|
echo "$KEYSTORE_BASE64" | base64 --decode > "$KEYSTORE_PATH"
|
|
else
|
|
echo "ANDROID_KEYSTORE_BASE64 is empty (fork PR); generating an ephemeral keystore. Resulting APK is signed with a throwaway key and is NOT suitable for release."
|
|
KEYSTORE_PASSWORD=ephemeral
|
|
KEY_ALIAS=ephemeral
|
|
keytool -genkeypair -v \
|
|
-keystore "$KEYSTORE_PATH" \
|
|
-storepass "$KEYSTORE_PASSWORD" \
|
|
-keypass "$KEYSTORE_PASSWORD" \
|
|
-alias "$KEY_ALIAS" \
|
|
-keyalg RSA -keysize 4096 -validity 365 \
|
|
-dname "CN=vpnhide-fork-ci, O=vpnhide, C=US"
|
|
fi
|
|
cat > "$GITHUB_WORKSPACE/lsposed/keystore.properties" <<EOF
|
|
password=$KEYSTORE_PASSWORD
|
|
keyAlias=$KEY_ALIAS
|
|
storeFile=$KEYSTORE_PATH
|
|
EOF
|
|
|
|
- name: Build APK
|
|
run: |
|
|
cd "$GITHUB_WORKSPACE/lsposed" && ./gradlew --no-daemon assembleRelease
|
|
cp app/build/outputs/apk/release/app-release.apk "$GITHUB_WORKSPACE/vpnhide.apk"
|
|
|
|
- name: Upload artifact
|
|
uses: actions/upload-artifact@v7
|
|
with:
|
|
name: vpnhide-apk
|
|
path: vpnhide.apk
|
|
if-no-files-found: error
|
|
|
|
portshide:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v6
|
|
with:
|
|
fetch-depth: 0
|
|
|
|
- name: Package ports module zip
|
|
env:
|
|
UPDATE_JSON_URL: https://raw.githubusercontent.com/okhsunrog/vpnhide/main/update-json/update-ports.json
|
|
run: |
|
|
cd portshide
|
|
python3 ./build-zip.py
|
|
mv vpnhide-ports.zip "$GITHUB_WORKSPACE/vpnhide-ports.zip"
|
|
|
|
- name: Upload artifact
|
|
uses: actions/upload-artifact@v7
|
|
with:
|
|
name: vpnhide-ports
|
|
path: vpnhide-ports.zip
|
|
if-no-files-found: error
|
|
|
|
release:
|
|
needs: [kmod, zygisk, lsposed, portshide]
|
|
if: startsWith(github.ref, 'refs/tags/v')
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v6
|
|
with:
|
|
fetch-depth: 0
|
|
|
|
- name: Download all artifacts
|
|
uses: actions/download-artifact@v8
|
|
with:
|
|
path: dist/
|
|
merge-multiple: true
|
|
|
|
- name: Extract release notes from CHANGELOG.md
|
|
run: |
|
|
TAG="${{ github.ref_name }}"
|
|
awk -v t="^## ${TAG}\$" '$0~t{flag=1;next} /^## v/{flag=0} flag' \
|
|
CHANGELOG.md > release-notes.md
|
|
echo "=== release-notes.md ==="
|
|
cat release-notes.md
|
|
|
|
- name: Create draft release
|
|
uses: softprops/action-gh-release@v2
|
|
with:
|
|
tag_name: ${{ github.ref_name }}
|
|
body_path: release-notes.md
|
|
generate_release_notes: true
|
|
draft: true
|
|
files: |
|
|
dist/*.zip
|
|
dist/*.apk
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|