mvn: comment #1277
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: AAARRR | |
| on: | |
| push: | |
| branches: [ n2 ] | |
| pull_request: | |
| branches: [ n2 ] | |
| workflow_dispatch: | |
| jobs: | |
| build: | |
| name: ๐งฌ Build | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: ๐ฅ Checkout code | |
| uses: actions/checkout@v4 | |
| - name: ๐ผ Setup go1.24+ | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: '>=1.24' | |
| - name: โ Setup Java 17 | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: '17' | |
| distribution: 'temurin' | |
| - name: ๐๏ธ Make | |
| run: | | |
| # outputs firestack.aar and firestack-arm.aar; also see: "Obj" below | |
| ./make-aar nogo debug | |
| shell: bash | |
| - name: ๐งช Test | |
| if: success() | |
| run: | | |
| go env | |
| # go test -v -race -bench=. -benchtime=100ms ./... | |
| echo "::notice::success" | |
| - name: ๐ฎ Vet | |
| run: | | |
| # github.com/actions/setup-go/issues/27 | |
| export PATH=${PATH}:`go env GOPATH`/bin | |
| # vet: fails: archive.is/XcDl6 | |
| go vet ./... | |
| # staticcheck | |
| # go install honnef.co/go/tools/cmd/staticcheck@latest | |
| # staticcheck ./... | |
| go install go.uber.org/nilaway/cmd/nilaway@latest | |
| nilaway ./... | |
| go install golang.org/x/vuln/cmd/govulncheck@latest | |
| govulncheck -show verbose -test ./... | |
| shell: bash | |
| - name: ๐ Python3 | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: '3.10' | |
| - name: ๐ฟ Obj | |
| run: | | |
| wget --tries=2 --waitretry=3 --no-dns-cache https://github.com/Zxilly/go-size-analyzer/releases/download/v1.0.8/go-size-analyzer_1.0.8_linux_amd64.deb -O gsa.deb | |
| sudo dpkg -i gsa.deb | |
| # s/tun2socks*.aar/firestack*.aar; see: make-aar | |
| # | |
| # Archive: firestack-debug.aar | |
| # inflating: AndroidManifest.xml | |
| # inflating: proguard.txt | |
| # inflating: classes.jar | |
| # inflating: jni/armeabi-v7a/libgojni.so | |
| # inflating: jni/arm64-v8a/libgojni.so | |
| # inflating: jni/x86/libgojni.so | |
| # inflating: jni/x86_64/libgojni.so | |
| # inflating: R.txt | |
| # creating: res/ | |
| # /usr/bin/jar | |
| unzip firestack-debug.aar | |
| which jar && jar tf ./classes.jar | |
| gsa jni/arm64-v8a/*.so -f text --verbose | |
| #pip install sqlelf | |
| #sqlelf jni/arm64-v8a/libgojni.so --sql \ | |
| # "SELECT mnemonic, COUNT(*) from elf_instructions GROUP BY mnemonic ORDER BY 2 DESC LIMIT 20" | |
| #sqlelf jni/arm64-v8a/libgojni.so --sql \ | |
| # "SELECT * from elf_headers" | |
| # determine NEEDED entries | |
| #sqlelf jni/arm64-v8a/libgojni.so --sql \ | |
| # "SELECT elf_strings.path, elf_strings.value | |
| # FROM elf_dynamic_entries | |
| # INNER JOIN elf_strings ON elf_dynamic_entries.value = elf_strings.offset | |
| # WHERE elf_dynamic_entries.tag = 'NEEDED'" | |
| # determine the largest functions | |
| #sqlelf jni/arm64-v8a/libgojni.so --sql \ | |
| # "SELECT name AS function_name, (high_pc - low_pc) AS function_size | |
| # FROM dwarf_dies | |
| # WHERE tag = 'DW_TAG_subprogram' | |
| # ORDER BY function_size DESC | |
| # LIMIT 50;" | |
| readelf -l jni/arm64-v8a/*.so | |
| # from: cs.android.com/android/platform/superproject/main/+/main:system/extras/tools/check_elf_alignment.sh;drc=97bcb31779;l=87 | |
| RED="\e[31m" | |
| GREEN="\e[32m" | |
| ENDCOLOR="\e[0m" | |
| unaligned_libs=() | |
| echo | |
| echo "=== ELF alignment ===" | |
| matches="$(find jni/ -type f)" | |
| IFS=$'\n' | |
| for match in $matches; do | |
| [[ $(file "${match}") == *"ELF"* ]] || continue | |
| readelf -l "${match}" | |
| res="$(objdump -p "${match}" | grep LOAD | awk '{ print $NF }' | head -1)" | |
| if [[ $res =~ 2\*\*(1[4-9]|[2-9][0-9]|[1-9][0-9]{2,}) ]]; then | |
| echo -e "${match}: ${GREEN}ALIGNED${ENDCOLOR} ($res)" | |
| else | |
| echo -e "${match}: ${RED}UNALIGNED${ENDCOLOR} ($res)" | |
| unaligned_libs+=("${match}") | |
| fi | |
| done | |
| if [ ${#unaligned_libs[@]} -gt 0 ]; then | |
| echo -e "${RED}Found ${#unaligned_libs[@]} unaligned libs (only arm64-v8a/x86_64 libs need to be aligned).${ENDCOLOR}" | |
| elif [ -n "${dir_filename}" ]; then | |
| echo -e "ELF Verification Successful" | |
| fi | |
| echo "=====================" | |
| shell: bash | |
| # docs.github.com/en/actions/tutorials/build-and-test-code/java-with-maven | |
| # docs.github.com/en/actions/tutorials/publish-packages/publish-java-packages-with-maven#publishing-packages-to-github-packages | |
| - name: ๐ฆ Publish | |
| shell: bash | |
| run: | | |
| # docs.github.com/en/actions/reference/workflows-and-actions/contexts#github-context | |
| GROUP="com.github.${{ github.repository_owner }}" | |
| # project artifactId; see: pom.xml | |
| ARTIFACT="firestack" | |
| # Repository | |
| REPO="github" | |
| # artefact type | |
| PACK="${PACK:-aar}" | |
| # final out from make-aar | |
| FOUT="${FOUT:-firestack.aar}" | |
| FOUTDBG="${FOUTDBG:-firestack-debug.aar}" | |
| # artifact classifier | |
| CLASSFULL="${CLASSFULL:-full}" # unused | |
| CLASSDBG="${CLASSDBG:-debug}" | |
| # artifact bytecode sources | |
| SOURCES="${SOURCES:-build/intra/tun2socks-sources.jar}" | |
| # 10 chars of the commit SHA | |
| VCSVER="${GITHUB_SHA:0:10}" | |
| # uploaded at: | |
| # maven.pkg.github.com/celzero/firestack/com/github/celzero/firestack/<commit>/firestack-<commit>.aar | |
| # TODO: firestack-debug | |
| # github.com/deelaa-marketplace/commons-workflow/blob/637dc111/flows/publish-api.yml#L49 | |
| # github.com/markocto/cf-octopub/blob/bba2de2c/github/script/action.yaml#L118 | |
| mvn deploy:deploy-file \ | |
| -DgroupId="${GROUP}" \ | |
| -DartifactId="${ARTIFACT}" \ | |
| -Dversion="${VCSVER}" \ | |
| -Dpackaging="${PACK}" \ | |
| -Dfile="${FOUT}" \ | |
| -DrepositoryId="${REPO}" \ | |
| -Dsources="${SOURCES}" \ | |
| -Durl="https://maven.pkg.github.com/${{ github.repository }}" | |
| env: | |
| GITHUB_ACTOR: ${{ github.actor }} | |
| GITHUB_TOKEN: ${{ github.token }} | |
| # github.com/actions/upload-artifact | |
| - name: ๐ Upload | |
| uses: actions/upload-artifact@v4 | |
| if: success() | |
| with: | |
| name: firestack-aar-${{ github.sha }} # must be unique | |
| path: firestack*.aar # see: make-aar | |
| retention-days: 52 # 0-90; 90 is max | |
| if-no-files-found: error # error, warn (default), ignore | |
| compression-level: 9 # 0-9; 9 is max | |
| checker: | |
| name: ๐ Security checker | |
| runs-on: ubuntu-latest | |
| permissions: | |
| security-events: write | |
| id-token: write | |
| env: | |
| GO111MODULE: on | |
| steps: | |
| - name: ๐ฅ Checkout | |
| uses: actions/checkout@v4 | |
| - name: ๐ต๏ธ Gosec Scanner | |
| uses: securego/gosec@master | |
| with: | |
| # github.com/securego/gosec/issues/1219 | |
| # we let the report trigger content trigger a failure using the GitHub Security features. | |
| args: '-no-fail -fmt sarif -out results.sarif ./...' | |
| - name: ๐ก Upload to code-scanning | |
| uses: github/codeql-action/upload-sarif@v3 | |
| with: | |
| sarif_file: results.sarif | |
| # from: github.com/golangci/golangci-lint-action | |
| golangci-lint: | |
| name: ๐งญ Lint | |
| runs-on: ubuntu-latest | |
| permissions: | |
| # Required: allow read access to the content for analysis. | |
| contents: read | |
| # Optional: allow read access to pull request. Use with `only-new-issues` option. | |
| pull-requests: read | |
| # Optional: Allow write access to checks to allow the action to annotate code in the PR. | |
| checks: write | |
| steps: | |
| - name: ๐ฅ Checkout | |
| uses: actions/checkout@v4 | |
| - name: ๐ผ Set up Go | |
| uses: actions/setup-go@v5 | |
| with: | |
| go-version: '>=1.24' | |
| cache: false | |
| # github.com/tailscale/tailscale/blob/93324cc7b/.github/workflows/depaware.yml | |
| # consolidated in: github.com/tailscale/tailscale/commit/4022796484 | |
| - name: ๐ฆ Depaware | |
| run: | | |
| go run github.com/tailscale/depaware github.com/celzero/firestack/intra | |
| go run github.com/tailscale/depaware github.com/celzero/firestack/tunnel | |
| - name: ๐ Lint | |
| uses: golangci/golangci-lint-action@v3.7.0 | |
| with: | |
| args: --config=.golangci.yml --issues-exit-code=0 | |
| - name: ๐ก Staticheck | |
| uses: dominikh/staticcheck-action@v1.3.1 | |
| with: | |
| version: "latest" | |
| install-go: false |