Skip to content
Build Manager

kernel: trim non-exported symbols #4266

Sign in to view logs

kernel: trim non-exported symbols

kernel: trim non-exported symbols #4266

Workflow file for this run

.github/workflows/build-manager.yml at 7bde808
name: Build Manager
on:
push:
branches: [ "main", "dev", "ci" ]
paths:
- '.github/workflows/build-manager.yml'
- '.github/workflows/build-lkm.yml'
- '.github/workflows/ddk-lkm.yml'
- '.github/workflows/ksud.yml'
- '.github/workflows/ksud-extra.yml'
- '.github/scripts/setup-rust-build.sh'
- 'repack_apk.py'
- 'manager/**'
- 'kernel/**'
- 'userspace/**'
pull_request:
branches: [ "main", "dev" ]
paths:
- '.github/workflows/build-manager.yml'
- '.github/workflows/build-lkm.yml'
- '.github/workflows/ddk-lkm.yml'
- '.github/workflows/ksud.yml'
- '.github/workflows/ksud-extra.yml'
- '.github/scripts/setup-rust-build.sh'
- 'repack_apk.py'
- 'manager/**'
- 'kernel/**'
- 'userspace/**'
workflow_call:
jobs:
generate-key:
runs-on: ubuntu-latest
outputs:
expected_size: ${{ steps.extract.outputs.expected_size }}
expected_hash: ${{ steps.extract.outputs.expected_hash }}
keystore: ${{ steps.gen.outputs.keystore }}
keystore_password: ${{ steps.gen.outputs.keystore_password }}
key_password: ${{ steps.gen.outputs.key_password }}
steps:
- name: Generate temporary keystore
if: github.event_name == 'pull_request'
id: gen
run: |
KEYSTORE_PASSWORD=$(openssl rand -hex 32)
KEY_PASSWORD=$(openssl rand -hex 32)
echo "keystore_password=$KEYSTORE_PASSWORD" >> $GITHUB_OUTPUT
echo "key_password=$KEY_PASSWORD" >> $GITHUB_OUTPUT
keytool -genkeypair \
-alias pr-key \
-keyalg RSA -keysize 2048 \
-validity 1 \
-storepass "$KEYSTORE_PASSWORD" \
-keypass "$KEY_PASSWORD" \
-dname "CN=KernelSU PR Build" \
-storetype JKS \
-keystore pr-key.jks
echo "keystore=$(base64 -w 0 pr-key.jks)" >> $GITHUB_OUTPUT
- name: Extract certificate hash and size
if: github.event_name == 'pull_request'
id: extract
env:
STORE_PASS: ${{ steps.gen.outputs.keystore_password }}
run: |
# Export DER certificate
keytool -exportcert \
-alias pr-key \
-keystore pr-key.jks \
-storepass "$STORE_PASS" \
-file pr-cert.der
# Calculate size in hex
SIZE_DEC=$(stat -c%s pr-cert.der)
SIZE_HEX=$(printf '0x%04x' "$SIZE_DEC")
echo "expected_size=$SIZE_HEX" >> $GITHUB_OUTPUT
# Calculate SHA256 hash
HASH=$(sha256sum pr-cert.der | awk '{print $1}')
echo "expected_hash=$HASH" >> $GITHUB_OUTPUT
echo "Certificate size: $SIZE_HEX ($SIZE_DEC bytes)"
echo "Certificate hash: $HASH"
build-lkm:
needs: generate-key
uses: ./.github/workflows/build-lkm.yml
with:
expected_size2: ${{ needs.generate-key.outputs.expected_size || '' }}
expected_hash2: ${{ needs.generate-key.outputs.expected_hash || '' }}
secrets: inherit
build-ksuinit:
uses: ./.github/workflows/ksuinit.yml
build-ksud:
needs: [build-lkm, build-ksuinit]
strategy:
matrix:
include:
- target: aarch64-linux-android
- target: x86_64-linux-android
uses: ./.github/workflows/ksud.yml
with:
target: ${{ matrix.target }}
pack_lkm: true
pack_ksuinit: true
build-ksud-extra:
needs: [build-lkm, build-ksuinit]
strategy:
matrix:
include:
- target: x86_64-pc-windows-gnu # windows pc
os: ubuntu-latest
- target: x86_64-apple-darwin # Intel mac
os: macos-latest
- target: aarch64-apple-darwin # M chip mac
os: macos-latest
- target: aarch64-unknown-linux-musl # arm64 Linux
os: ubuntu-latest
- target: x86_64-unknown-linux-musl # x86 Linux
os: ubuntu-latest
uses: ./.github/workflows/ksud-extra.yml
with:
target: ${{ matrix.target }}
os: ${{ matrix.os }}
pack_lkm: true
pack_ksuinit: true
build-manager:
needs: [generate-key]
if: always() && needs.generate-key.result == 'success'
runs-on: ubuntu-latest
defaults:
run:
working-directory: ./manager
steps:
- name: Checkout
uses: actions/checkout@v6
with:
fetch-depth: 0
- name: Write key
if: ${{ ( github.event_name != 'pull_request' && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/dev' )) || github.ref_type == 'tag' }}
run: |
if [ ! -z "${{ secrets.KEYSTORE }}" ]; then
{
echo KEYSTORE_PASSWORD='${{ secrets.KEYSTORE_PASSWORD }}'
echo KEY_ALIAS='${{ secrets.KEY_ALIAS }}'
echo KEY_PASSWORD='${{ secrets.KEY_PASSWORD }}'
echo KEYSTORE_FILE='key.jks'
} >> gradle.properties
echo ${{ secrets.KEYSTORE }} | base64 -d > key.jks
fi
- name: Write PR key
if: github.event_name == 'pull_request'
env:
PR_KEYSTORE: ${{ needs.generate-key.outputs.keystore }}
PR_KEYSTORE_PASSWORD: ${{ needs.generate-key.outputs.keystore_password }}
PR_KEY_PASSWORD: ${{ needs.generate-key.outputs.key_password }}
run: |
echo "$PR_KEYSTORE" | base64 -d > pr-key.jks
{
echo KEYSTORE_PASSWORD="$PR_KEYSTORE_PASSWORD"
echo KEY_ALIAS='pr-key'
echo KEY_PASSWORD="$PR_KEY_PASSWORD"
echo KEYSTORE_FILE='pr-key.jks'
} >> gradle.properties
- name: Setup Java
uses: actions/setup-java@v5
with:
distribution: temurin
java-version: 21
- name: Setup Gradle
uses: gradle/actions/setup-gradle@v6
- name: Setup Android SDK
uses: android-actions/setup-android@v4
- name: Build with Gradle
run: |
if [ "${{ github.event_name }}" = "pull_request" ]; then
./gradlew clean assembleRelease -PIS_PR_BUILD=true
else
./gradlew clean assembleRelease
fi
- name: Upload build artifact
if: ${{ github.event_name == 'pull_request' || (github.event_name != 'pull_request' && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/dev')) || github.ref_type == 'tag' }}
uses: actions/upload-artifact@v7
with:
name: manager-gradle
path: manager/app/build/outputs/apk/release/*.apk
- name: Upload mappings
uses: actions/upload-artifact@v7
if: ${{ ( github.event_name != 'pull_request' && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/dev' )) || github.ref_type == 'tag' }}
with:
name: "mappings"
path: "manager/app/build/outputs/mapping/release/"
repack-manager:
needs: [build-manager, build-ksud, generate-key]
if: always() && needs.build-manager.result == 'success' && needs.build-ksud.result == 'success' && needs.generate-key.result == 'success'
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v6
with:
fetch-depth: 0
- name: Setup need_upload
id: need_upload
run: |
if [ ! -z "${{ secrets.BOT_TOKEN }}" ]; then
echo "UPLOAD=true" >> $GITHUB_OUTPUT
else
echo "UPLOAD=false" >> $GITHUB_OUTPUT
fi
- name: Setup Android SDK
uses: android-actions/setup-android@v4
- name: Download gradle manager artifact
uses: actions/download-artifact@v8
with:
name: manager-gradle
path: artifacts/manager-gradle
- name: Download arm64 ksud
uses: actions/download-artifact@v8
with:
name: ksud-aarch64-linux-android
path: artifacts/ksud-aarch64-linux-android
- name: Download x86_64 ksud
uses: actions/download-artifact@v8
with:
name: ksud-x86_64-linux-android
path: artifacts/ksud-x86_64-linux-android
- name: Place manager apk and ksud artifacts
run: |
mkdir -p manager/app/build/outputs/apk/release
APK=$(find artifacts/manager-gradle -type f -name "*.apk" | head -n 1)
test -n "$APK"
cp -f "$APK" manager/app/build/outputs/apk/release/
mkdir -p target/aarch64-linux-android/release
mkdir -p target/x86_64-linux-android/release
ARM64_KSUD=$(find artifacts/ksud-aarch64-linux-android -type f -name ksud | head -n 1)
X86_64_KSUD=$(find artifacts/ksud-x86_64-linux-android -type f -name ksud | head -n 1)
test -n "$ARM64_KSUD"
test -n "$X86_64_KSUD"
cp -f "$ARM64_KSUD" target/aarch64-linux-android/release/ksud
cp -f "$X86_64_KSUD" target/x86_64-linux-android/release/ksud
- name: Prepare signing inputs
if: ${{ github.event_name == 'pull_request' || (github.event_name != 'pull_request' && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/dev')) || github.ref_type == 'tag' }}
env:
PR_KEYSTORE: ${{ needs.generate-key.outputs.keystore }}
PR_KEYSTORE_PASSWORD: ${{ needs.generate-key.outputs.keystore_password }}
PR_KEY_PASSWORD: ${{ needs.generate-key.outputs.key_password }}
PROD_KEYSTORE: ${{ secrets.KEYSTORE }}
PROD_KEY_ALIAS: ${{ secrets.KEY_ALIAS }}
PROD_KEYSTORE_PASSWORD: ${{ secrets.KEYSTORE_PASSWORD }}
PROD_KEY_PASSWORD: ${{ secrets.KEY_PASSWORD }}
run: |
if [ "${{ github.event_name }}" = "pull_request" ]; then
echo "$PR_KEYSTORE" | base64 -d > pr-key.jks
echo "SIGN_KEYSTORE_FILE=pr-key.jks" >> $GITHUB_ENV
echo "SIGN_KEY_ALIAS=pr-key" >> $GITHUB_ENV
echo "SIGN_KEYSTORE_PASSWORD=$PR_KEYSTORE_PASSWORD" >> $GITHUB_ENV
echo "SIGN_KEY_PASSWORD=$PR_KEY_PASSWORD" >> $GITHUB_ENV
else
test -n "$PROD_KEYSTORE"
echo "$PROD_KEYSTORE" | base64 -d > key.jks
echo "SIGN_KEYSTORE_FILE=key.jks" >> $GITHUB_ENV
echo "SIGN_KEY_ALIAS=$PROD_KEY_ALIAS" >> $GITHUB_ENV
echo "SIGN_KEYSTORE_PASSWORD=$PROD_KEYSTORE_PASSWORD" >> $GITHUB_ENV
echo "SIGN_KEY_PASSWORD=$PROD_KEY_PASSWORD" >> $GITHUB_ENV
fi
- name: Repack and resign
if: ${{ github.event_name == 'pull_request' || (github.event_name != 'pull_request' && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/dev')) || github.ref_type == 'tag' }}
run: |
python3 repack_apk.py repack \
-b release \
-t release \
-a arm64-v8a \
-a x86_64 \
-K "$SIGN_KEYSTORE_FILE" \
-A "$SIGN_KEY_ALIAS" \
-P "$SIGN_KEYSTORE_PASSWORD" \
-S "$SIGN_KEY_PASSWORD" \
--strip
- name: Upload build artifact
if: ${{ github.event_name == 'pull_request' || (github.event_name != 'pull_request' && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/dev')) || github.ref_type == 'tag' }}
uses: actions/upload-artifact@v7
with:
name: manager
path: dist/*.apk
- name: Bot session cache
if: github.event_name != 'pull_request' && steps.need_upload.outputs.UPLOAD == 'true'
id: bot_session_cache
uses: actions/cache@v5
with:
path: scripts/ksubot.session
key: ${{ runner.os }}-bot-session
- name: Upload to telegram
if: github.event_name != 'pull_request' && steps.need_upload.outputs.UPLOAD == 'true'
env:
CHAT_ID: ${{ secrets.CHAT_ID }}
BOT_TOKEN: ${{ secrets.BOT_TOKEN }}
MESSAGE_THREAD_ID: ${{ secrets.MESSAGE_THREAD_ID }}
COMMIT_MESSAGE: ${{ github.event.head_commit.message }}
COMMIT_URL: ${{ github.event.head_commit.url }}
RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
TITLE: Manager
BRANCH: ${{ github.ref_name }}
run: |
if [ ! -z "${{ secrets.BOT_TOKEN }}" ]; then
export VERSION=$(git rev-list --count HEAD)
APK=$(find ./dist -name "*.apk")
pip3 install telethon
python3 $GITHUB_WORKSPACE/scripts/ksubot.py $APK
fi