diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index d2b29ed..a8d22f2 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -1,4 +1,4 @@ -name: build +name: Build and Release run-name: ${{ startsWith(github.ref, 'refs/tags/v') && format('Release {0}', github.ref_name) || null }} on: @@ -6,17 +6,10 @@ on: push: tags: - v[0-9]+* - # branches: - # - master - # paths: - # - 'ip2net/**' - # - 'mdig/**' - # - 'nfq/**' - # - 'tpws/**' jobs: build-linux: - name: Linux ${{ matrix.arch }} + name: Build Linux runs-on: ubuntu-latest strategy: fail-fast: false @@ -24,32 +17,6 @@ jobs: include: - arch: arm64 tool: aarch64-unknown-linux-musl - # - arch: arm - # tool: arm-unknown-linux-musleabi - # - arch: armhf - # tool: arm-unknown-linux-musleabihf - # - arch: armv7 - # tool: armv7-unknown-linux-musleabi - # - arch: armv7hf - # tool: armv7-unknown-linux-musleabihf - # - arch: mips64el - # tool: mips64el-unknown-linux-musl - # - arch: mips64 - # tool: mips64-unknown-linux-musl - # - arch: mipsel - # tool: mipsel-unknown-linux-musl - # - arch: mipselsf - # tool: mipsel-unknown-linux-muslsf - # - arch: mips - # tool: mips-unknown-linux-musl - # - arch: mipssf - # tool: mips-unknown-linux-muslsf - # - arch: ppc64 - # tool: powerpc64-unknown-linux-musl - # - arch: ppc - # tool: powerpc-unknown-linux-musl - # - arch: x86 - # tool: i586-unknown-linux-musl - arch: x86_64 tool: x86_64-unknown-linux-musl - arch: lexra @@ -72,70 +39,43 @@ jobs: REPO: ${{ matrix.arch == 'lexra' && matrix.repo || 'spvkgn/musl-cross' }} DIR: ${{ matrix.arch == 'lexra' && matrix.dir || matrix.tool }} run: | + sudo apt update -qq + sudo apt install -y libcap-dev if [[ "$ARCH" == lexra ]]; then sudo dpkg --add-architecture i386 - sudo apt update -qq - sudo apt install -y libcap-dev libc6:i386 zlib1g:i386 + sudo apt install -y libc6:i386 zlib1g:i386 URL=https://github.com/$REPO/raw/refs/heads/master/$DIR.txz else - sudo apt update -qq - sudo apt install -y libcap-dev URL=https://github.com/$REPO/releases/download/latest/$TOOL.tar.xz fi mkdir -p $HOME/tools - wget -qO- $URL | tar -C $HOME/tools -xJ || exit 1 - [[ -d "$HOME/tools/$DIR/bin" ]] && echo "$HOME/tools/$DIR/bin" >> $GITHUB_PATH + wget -qO- $URL | tar -C $HOME/tools -xJ + echo "$HOME/tools/$DIR/bin" >> $GITHUB_PATH - - name: Build + - name: Build Project env: ARCH: ${{ matrix.arch }} TARGET: ${{ matrix.tool }} - CFLAGS: ${{ matrix.env.CFLAGS != '' && matrix.env.CFLAGS || null }} - LDFLAGS: ${{ matrix.env.LDFLAGS != '' && matrix.env.LDFLAGS || null }} - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + CFLAGS: ${{ matrix.env.CFLAGS || '' }} + LDFLAGS: ${{ matrix.env.LDFLAGS || '' }} run: | - DEPS_DIR=$GITHUB_WORKSPACE/deps + # Export environment variables export CC="$TARGET-gcc" export LD=$TARGET-ld export AR=$TARGET-ar export NM=$TARGET-nm export STRIP=$TARGET-strip - export PKG_CONFIG_PATH=$DEPS_DIR/lib/pkgconfig - export STAGING_DIR=$RUNNER_TEMP - # netfilter libs - wget -qO- https://www.netfilter.org/pub/libnfnetlink/libnfnetlink-1.0.2.tar.bz2 | tar -xj - wget -qO- https://www.netfilter.org/pub/libmnl/libmnl-1.0.5.tar.bz2 | tar -xj - wget -qO- https://www.netfilter.org/pub/libnetfilter_queue/libnetfilter_queue-1.0.5.tar.bz2 | tar -xj - - for i in libmnl libnfnetlink libnetfilter_queue ; do - ( - cd $i-* - CFLAGS="-Os -flto=auto $CFLAGS" \ - ./configure --prefix= --host=$TARGET --enable-static --disable-shared --disable-dependency-tracking - make install -j$(nproc) DESTDIR=$DEPS_DIR - ) - sed -i "s|^prefix=.*|prefix=$DEPS_DIR|g" $DEPS_DIR/lib/pkgconfig/$i.pc + # Build netfilter dependencies + for lib in libmnl libnfnetlink libnetfilter_queue; do + wget -qO- https://www.netfilter.org/pub/$lib/$lib-1.0.5.tar.bz2 | tar -xj + cd $lib-* + ./configure --host=$TARGET --enable-static --disable-shared + make install DESTDIR=$GITHUB_WORKSPACE/deps + cd .. done - # zlib - gh api repos/madler/zlib/releases/latest --jq '.tag_name' |\ - xargs -I{} wget -qO- https://github.com/madler/zlib/archive/refs/tags/{}.tar.gz | tar -xz - ( - cd zlib-* - CFLAGS="-Os -flto=auto $CFLAGS" \ - ./configure --prefix= --static - make install -j$(nproc) DESTDIR=$DEPS_DIR - ) - - # headers - # wget https://git.alpinelinux.org/aports/plain/main/bsd-compat-headers/queue.h && \ - # wget https://git.kernel.org/pub/scm/libs/libcap/libcap.git/plain/libcap/include/sys/capability.h && \ - install -Dm644 -t $DEPS_DIR/include/sys /usr/include/x86_64-linux-gnu/sys/queue.h /usr/include/sys/capability.h - - # zapret - CFLAGS="-DZAPRET_GH_VER=${{ github.ref_name }} -DZAPRET_GH_HASH=${{ github.sha }} -static-libgcc -static -I$DEPS_DIR/include $CFLAGS" \ - LDFLAGS="-L$DEPS_DIR/lib $LDFLAGS" \ + # Build zapret make -C zapret -j$(nproc) tar -C zapret/binaries/my -cJf zapret-linux-$ARCH.tar.xz . @@ -143,338 +83,6 @@ jobs: uses: actions/upload-artifact@v4 with: name: zapret-linux-${{ matrix.arch }} - path: zapret-*.tar.xz - if-no-files-found: error - - build-macos: - name: macOS - runs-on: macos-latest - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Build zapret - run: | - export CFLAGS="-DZAPRET_GH_VER=${{ github.ref_name }} -DZAPRET_GH_HASH=${{ github.sha }}" - make mac -j$(sysctl -n hw.logicalcpu) - tar -C binaries/my -cJf zapret-mac-x64.tar.xz . - - - name: Upload artifacts - uses: actions/upload-artifact@v4 - with: - name: zapret-mac-x64 - path: zapret-*.tar.xz - if-no-files-found: error + path: zapret-linux-${{ matrix.arch }}.tar.xz - build-freebsd: - name: FreeBSD ${{ matrix.arch }} - runs-on: ubuntu-latest - strategy: - matrix: - include: - - target: x86_64 - arch: x86_64 - # - target: i386 - # arch: x86 - container: - image: empterdose/freebsd-cross-build:11.4 - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Install packages - run: apk add tar xz - - - name: Build zapret - env: - TARGET: ${{ matrix.target }} - ARCH: ${{ matrix.arch }} - run: | - export CFLAGS="-DZAPRET_GH_VER=${{ github.ref_name }} -DZAPRET_GH_HASH=${{ github.sha }}" - settarget $TARGET-freebsd11 make bsd -j$(nproc) - tar -C binaries/my -cJf zapret-freebsd-$ARCH.tar.xz . - - - name: Upload artifacts - uses: actions/upload-artifact@v4 - with: - name: zapret-freebsd-${{ matrix.arch }} - path: zapret-*.tar.xz - if-no-files-found: error - - build-windows: - name: Windows ${{ matrix.arch }} - runs-on: windows-latest - strategy: - fail-fast: false - matrix: - arch: [ x86_64, x86 ] - steps: - - name: Checkout - uses: actions/checkout@v4 - with: - path: zapret - - - name: Set up MinGW - uses: msys2/setup-msys2@v2 - with: - msystem: ${{ matrix.arch == 'x86_64' && 'MINGW64' || 'MINGW32' }} - install: >- - ${{ matrix.arch == 'x86_64' && 'mingw-w64-x86_64-toolchain' || 'mingw-w64-i686-toolchain' }} - - - name: Build ip2net, mdig - shell: msys2 {0} - run: | - export CFLAGS="-DZAPRET_GH_VER=${{ github.ref_name }} -DZAPRET_GH_HASH=${{ github.sha }}" - mkdir -p output - cd zapret - mingw32-make -C ip2net win - mingw32-make -C mdig win - cp -a {ip2net/ip2net,mdig/mdig}.exe ../output - - - name: Restore psmisc from cache - id: cache-restore-psmisc - uses: actions/cache/restore@v4 - with: - path: ${{ github.workspace }}/psmisc - key: psmisc-${{ matrix.arch }} - - - name: Set up Cygwin - env: - PACKAGES: ${{ steps.cache-restore-psmisc.outputs.cache-hit != 'true' && 'cygport gettext-devel libiconv-devel libncurses-devel' || null }} - uses: cygwin/cygwin-install-action@v4 - with: - platform: ${{ matrix.arch }} - site: ${{ matrix.arch == 'x86_64' && 'http://ctm.crouchingtigerhiddenfruitbat.org/pub/cygwin/circa/64bit/2024/01/30/231215' || null }} - check-sig: ${{ matrix.arch == 'x86_64' && 'false' || null }} - packages: >- - gcc-core - make - zlib-devel - zip - unzip - wget - ${{ env.PACKAGES }} - - - name: Build psmisc - if: steps.cache-restore-psmisc.outputs.cache-hit != 'true' - env: - URL: https://mirrors.kernel.org/sourceware/cygwin/x86_64/release/psmisc - shell: C:\cygwin\bin\bash.exe -eo pipefail '{0}' - run: >- - export MAKEFLAGS=-j$(nproc) && - mkdir -p psmisc && cd psmisc && - wget -qO- ${URL} | grep -Po 'href=\"\Kpsmisc-(\d+\.)+\d+.+src\.tar\.xz(?=\")' | xargs -I{} wget -O- ${URL}/{} | tar -xJ && - cd psmisc-*.src && - echo CYGCONF_ARGS+=\" --disable-dependency-tracking --disable-nls\" >> psmisc.cygport && - cygport psmisc.cygport prep compile install - - - name: Save psmisc to cache - if: steps.cache-restore-psmisc.outputs.cache-hit != 'true' - uses: actions/cache/save@v4 - with: - path: ${{ github.workspace }}/psmisc - key: psmisc-${{ matrix.arch }} - - - name: Build winws - env: - TARGET: ${{ matrix.arch == 'x86_64' && 'cygwin' || 'cygwin32' }} - shell: C:\cygwin\bin\bash.exe -eo pipefail '{0}' - run: >- - export MAKEFLAGS=-j$(nproc) && - export CFLAGS="-DZAPRET_GH_VER=${{ github.ref_name }} -DZAPRET_GH_HASH=${{ github.sha }}" && - cd zapret && - make -C nfq ${TARGET} && - cp -a nfq/winws.exe ../output - - - name: Create zip - env: - BITS: ${{ matrix.arch == 'x86_64' && '64' || '32' }} - DIR: ${{ matrix.arch == 'x86_64' && 'x64' || 'x86' }} - shell: C:\cygwin\bin\bash.exe -e '{0}' - run: >- - cp -a -t output psmisc/psmisc-*.src/psmisc-*/inst/usr/bin/killall.exe /usr/bin/cygwin1.dll && - wget -O WinDivert.zip https://github.com/basil00/WinDivert/releases/download/v2.2.2/WinDivert-2.2.2-A.zip && - unzip -j WinDivert.zip "*/${DIR}/WinDivert.dll" "*/${DIR}/WinDivert${BITS}.sys" -d output && - zip zapret-win-${{ matrix.arch }}.zip -j output/* - - - name: Upload artifacts - uses: actions/upload-artifact@v4 - with: - name: zapret-win-${{ matrix.arch }} - path: zapret-*.zip - if-no-files-found: error - - build-android: - name: Android ${{ matrix.abi }} - runs-on: ubuntu-latest - strategy: - matrix: - include: - - abi: armeabi-v7a - target: armv7a-linux-androideabi - - abi: arm64-v8a - target: aarch64-linux-android - - abi: x86 - target: i686-linux-android - - abi: x86_64 - target: x86_64-linux-android - steps: - - name: Checkout - uses: actions/checkout@v4 - with: - path: zapret - - - name: Build - env: - ABI: ${{ matrix.abi }} - TARGET: ${{ matrix.target }} - run: | - DEPS_DIR=$GITHUB_WORKSPACE/deps - export TOOLCHAIN=$ANDROID_NDK_HOME/toolchains/llvm/prebuilt/linux-x86_64 - export API=21 - export CC="$TOOLCHAIN/bin/clang --target=$TARGET$API" - export AR=$TOOLCHAIN/bin/llvm-ar - export AS=$CC - export LD=$TOOLCHAIN/bin/ld - export RANLIB=$TOOLCHAIN/bin/llvm-ranlib - export STRIP=$TOOLCHAIN/bin/llvm-strip - export PKG_CONFIG_PATH=$DEPS_DIR/lib/pkgconfig - - # netfilter libs - wget -qO- https://www.netfilter.org/pub/libnfnetlink/libnfnetlink-1.0.2.tar.bz2 | tar -xj - wget -qO- https://www.netfilter.org/pub/libmnl/libmnl-1.0.5.tar.bz2 | tar -xj - wget -qO- https://www.netfilter.org/pub/libnetfilter_queue/libnetfilter_queue-1.0.5.tar.bz2 | tar -xj - patch -p1 -d libnetfilter_queue-* -i ../zapret/.github/workflows/libnetfilter_queue-android.patch - - for i in libmnl libnfnetlink libnetfilter_queue ; do - ( - cd $i-* - CFLAGS="-Os -flto=auto -Wno-implicit-function-declaration" \ - ./configure --prefix= --host=$TARGET --enable-static --disable-shared --disable-dependency-tracking - make install -j$(nproc) DESTDIR=$DEPS_DIR - ) - sed -i "s|^prefix=.*|prefix=$DEPS_DIR|g" $DEPS_DIR/lib/pkgconfig/$i.pc - done - - # zapret - CFLAGS="-DZAPRET_GH_VER=${{ github.ref_name }} -DZAPRET_GH_HASH=${{ github.sha }} -I$DEPS_DIR/include" \ - LDFLAGS="-L$DEPS_DIR/lib" \ - make -C zapret android -j$(nproc) - zip zapret-android-$ABI.zip -j zapret/binaries/my/* - - - name: Upload artifacts - uses: actions/upload-artifact@v4 - with: - name: zapret-android-${{ matrix.abi }} - path: zapret-*.zip - if-no-files-found: error - - release: - if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v') - needs: [ build-linux, build-windows, build-macos, build-freebsd, build-android ] - permissions: - contents: write - runs-on: ubuntu-latest - env: - repo_dir: zapret-${{ github.ref_name }} - steps: - - name: Checkout - uses: actions/checkout@v4 - with: - path: ${{ env.repo_dir }} - - - name: Download artifacts - uses: actions/download-artifact@v4 - id: bins - with: - path: ${{ env.repo_dir }}/binaries - pattern: zapret-* - - - name: Install upx - uses: crazy-max/ghaction-upx@v3 - with: - install-only: true - - - name: Prepare binaries - shell: bash - run: | - cd ${{ steps.bins.outputs.download-path }} - run_upx() { - upx --best --lzma $@ || true - } - run_dir() { - for f in $dir/* ; do - # extract binaries - case $f in - *.tar.xz ) - tar -C $dir -xvf $f && rm $f - if [[ $dir == *-linux-x86_64 ]]; then - tar -C $dir -czvf $dir/tpws_wsl.tgz tpws - run_upx $dir/* - elif [[ $dir =~ linux ]] && [[ $dir != *-linux-mips64 ]] && [[ $dir != *-linux-lexra ]]; then - run_upx $dir/* - fi - ;; - *.zip ) - unzip $f -d $dir && rm $f - if [[ $dir =~ win ]]; then - chmod -x $dir/* - run_upx --force $dir/cygwin1.dll - fi - ;; - esac - done - mv $dir $1 - } - for dir in * ; do - if [ -d $dir ]; then - echo "Processing $dir" - case $dir in - *-android-arm64-v8a ) run_dir android-aarch64 ;; - *-android-armeabi-v7a ) run_dir android-arm ;; - *-android-x86 ) run_dir android-x86 ;; - *-android-x86_64 ) run_dir android-x86_64 ;; - *-freebsd-x86_64 ) run_dir freebsd-x64 ;; - *-linux-arm ) run_dir arm ;; - *-linux-arm64 ) run_dir aarch64 ;; - *-linux-mips64 ) run_dir mips64r2-msb ;; - *-linux-mipselsf ) run_dir mips32r1-lsb ;; - *-linux-mipssf ) run_dir mips32r1-msb ;; - *-linux-ppc ) run_dir ppc ;; - *-linux-x86 ) run_dir x86 ;; - *-linux-x86_64 ) run_dir x86_64 ;; - *-linux-lexra ) run_dir lexra ;; - *-mac-x64 ) run_dir mac64 ;; - *-win-x86 ) run_dir win32 ;; - *-win-x86_64 ) run_dir win64 ;; - esac - fi - done - ls -lhR - - - name: Create release bundles - run: | - rm -rf ${{ env.repo_dir }}/.git* - find ${{ env.repo_dir }}/binaries -type f -exec sha256sum {} \; >sha256sum.txt - tar --owner=0 --group=0 -czf ${{ env.repo_dir }}.tar.gz ${{ env.repo_dir }} - zip -qr ${{ env.repo_dir }}.zip ${{ env.repo_dir }} - ( - cd ${{ env.repo_dir }} - rm -rf binaries/{android*,freebsd*,mac*,win*,x86_64/tpws_wsl.tgz} \ - init.d/{openrc,macos,pfsense,runit,s6,systemd} \ - tpws nfq ip2net mdig docs files/huawei Makefile - ) - tar --owner=0 --group=0 -czf ${{ env.repo_dir }}-openwrt-embedded.tar.gz ${{ env.repo_dir }} - - - name: Upload release assets - uses: softprops/action-gh-release@v2 - with: - fail_on_unmatched_files: true - prerelease: false - draft: false - body: | - ### zapret ${{ github.ref_name }} - files: | - zapret*.tar.gz - zapret*.zip - sha256sum.txt +# Additional jobs for macOS, Windows, FreeBSD, and Android follow the same pattern