ci: add CI for clippy, rustfmt and shell scripts (#193)

.github/scripts/build_a12.sh

@@ -1,51 +1,56 @@
-build_from_image(){
-	export TITLE=kernel-aarch64-$(echo $1 | sed 's/Image-//g')
+#!/bin/bash
+set -euo pipefail
+
+build_from_image() {
+	export TITLE
+	TITLE=kernel-aarch64-${1//Image-/}
 	echo "[+] title: $TITLE"
 
-	export PATCH_LEVEL=$(echo $1 | awk -F_ '{ print $2}')
+	export PATCH_LEVEL
+	PATCH_LEVEL=$(echo "$1" | awk -F_ '{ print $2}')
 	echo "[+] patch level: $PATCH_LEVEL"
 
-	echo "[+] Download prebuilt ramdisk"
-	curl -Lo gki-kernel.zip https://dl.google.com/android/gki/gki-certified-boot-android12-5.10-${PATCH_LEVEL}_r1.zip
+	echo '[+] Download prebuilt ramdisk'
+	curl -Lo gki-kernel.zip https://dl.google.com/android/gki/gki-certified-boot-android12-5.10-"${PATCH_LEVEL}"_r1.zip
 	unzip gki-kernel.zip && rm gki-kernel.zip
 
-	echo "[+] Unpack prebuilt boot.img"
+	echo '[+] Unpack prebuilt boot.img'
 	BOOT_IMG=$(find . -maxdepth 1 -name "boot*.img")
-	$UNPACK_BOOTIMG --boot_img=$BOOT_IMG
-	rm $BOOT_IMG
+	$UNPACK_BOOTIMG --boot_img="$BOOT_IMG"
+	rm "$BOOT_IMG"
 
-	echo "[+] Building Image.gz"
-	cat Image | $GZIP -n -f -9 > Image.gz
+	echo '[+] Building Image.gz'
+	$GZIP -n -k -f -9 Image >Image.gz
 
-	echo "[+] Building boot.img"
-	$MKBOOTIMG --header_version 4 --kernel Image --output boot.img --ramdisk out/ramdisk --os_version 12.0.0 --os_patch_level ${PATCH_LEVEL}
-	$AVBTOOL add_hash_footer --partition_name boot --partition_size $((64*1024*1024)) --image boot.img --algorithm SHA256_RSA2048 --key ../kernel-build-tools/linux-x86/share/avb/testkey_rsa2048.pem
+	echo '[+] Building boot.img'
+	$MKBOOTIMG --header_version 4 --kernel Image --output boot.img --ramdisk out/ramdisk --os_version 12.0.0 --os_patch_level "${PATCH_LEVEL}"
+	$AVBTOOL add_hash_footer --partition_name boot --partition_size $((64 * 1024 * 1024)) --image boot.img --algorithm SHA256_RSA2048 --key ../kernel-build-tools/linux-x86/share/avb/testkey_rsa2048.pem
 
-	echo "[+] Building boot-gz.img"
-	$MKBOOTIMG --header_version 4 --kernel Image.gz --output boot-gz.img --ramdisk out/ramdisk --os_version 12.0.0 --os_patch_level ${PATCH_LEVEL}
-	$AVBTOOL add_hash_footer --partition_name boot --partition_size $((64*1024*1024)) --image boot-gz.img --algorithm SHA256_RSA2048 --key ../kernel-build-tools/linux-x86/share/avb/testkey_rsa2048.pem
+	echo '[+] Building boot-gz.img'
+	$MKBOOTIMG --header_version 4 --kernel Image.gz --output boot-gz.img --ramdisk out/ramdisk --os_version 12.0.0 --os_patch_level "${PATCH_LEVEL}"
+	$AVBTOOL add_hash_footer --partition_name boot --partition_size $((64 * 1024 * 1024)) --image boot-gz.img --algorithm SHA256_RSA2048 --key ../kernel-build-tools/linux-x86/share/avb/testkey_rsa2048.pem
 
-	echo "[+] Building boot-lz4.img"
-	$MKBOOTIMG --header_version 4 --kernel Image.lz4 --output boot-lz4.img --ramdisk out/ramdisk --os_version 12.0.0 --os_patch_level ${PATCH_LEVEL}
-	$AVBTOOL add_hash_footer --partition_name boot --partition_size $((64*1024*1024)) --image boot-lz4.img --algorithm SHA256_RSA2048 --key ../kernel-build-tools/linux-x86/share/avb/testkey_rsa2048.pem
+	echo '[+] Building boot-lz4.img'
+	$MKBOOTIMG --header_version 4 --kernel Image.lz4 --output boot-lz4.img --ramdisk out/ramdisk --os_version 12.0.0 --os_patch_level "${PATCH_LEVEL}"
+	$AVBTOOL add_hash_footer --partition_name boot --partition_size $((64 * 1024 * 1024)) --image boot-lz4.img --algorithm SHA256_RSA2048 --key ../kernel-build-tools/linux-x86/share/avb/testkey_rsa2048.pem
 
-    echo "[+] Compress images"
-    for image in boot*.img; do
-        $GZIP -n -f -9 $image
-		mv $image.gz ksu-$VERSION-$image.gz
-    done
+	echo '[+] Compress images'
+	for image in boot*.img; do
+		$GZIP -n -f -9 "$image"
+		mv "$image".gz ksu-"$VERSION"-"$image".gz
+	done
 
-    echo "[+] Images to upload"
-    find . -type f -name "*.gz"
+	echo "[+] Images to upload"
+	find . -type f -name "*.gz"
 
-	find . -type f -name "*.gz" | xargs python3 $GITHUB_WORKSPACE/KernelSU/scripts/ksubot.py
+	find . -type f -name "*.gz" -exec python3 "$GITHUB_WORKSPACE"/KernelSU/scripts/ksubot.py {} +
 }
 
 for dir in Image*; do
 	if [ -d "$dir" ]; then
 		echo "----- Building $dir -----"
-		cd $dir
-		build_from_image $dir
+		cd "$dir"
+		build_from_image "$dir"
 		cd ..
 	fi
-done
+done

.github/scripts/build_a13.sh

@@ -1,38 +1,43 @@
-build_from_image(){
-	export TITLE=kernel-aarch64-$(echo $1 | sed 's/Image-//g')
+#!/bin/bash
+set -euo pipefail
+
+build_from_image() {
+	export TITLE
+	TITLE=kernel-aarch64-${1//Image-/}
+
 	echo "[+] title: $TITLE"
-	echo "[+] Building Image.gz"
-	cat Image | $GZIP -n -f -9 > Image.gz
+	echo '[+] Building Image.gz'
+	$GZIP -n -k -f -9 Image >Image.gz
 
-	echo "[+] Building boot.img"
+	echo '[+] Building boot.img'
 	$MKBOOTIMG --header_version 4 --kernel Image --output boot.img
-	$AVBTOOL add_hash_footer --partition_name boot --partition_size $((64*1024*1024)) --image boot.img --algorithm SHA256_RSA2048 --key ../kernel-build-tools/linux-x86/share/avb/testkey_rsa2048.pem
+	$AVBTOOL add_hash_footer --partition_name boot --partition_size $((64 * 1024 * 1024)) --image boot.img --algorithm SHA256_RSA2048 --key ../kernel-build-tools/linux-x86/share/avb/testkey_rsa2048.pem
 
-	echo "[+] Building boot-gz.img"
+	echo '[+] Building boot-gz.img'
 	$MKBOOTIMG --header_version 4 --kernel Image.gz --output boot-gz.img
-	$AVBTOOL add_hash_footer --partition_name boot --partition_size $((64*1024*1024)) --image boot-gz.img --algorithm SHA256_RSA2048 --key ../kernel-build-tools/linux-x86/share/avb/testkey_rsa2048.pem
+	$AVBTOOL add_hash_footer --partition_name boot --partition_size $((64 * 1024 * 1024)) --image boot-gz.img --algorithm SHA256_RSA2048 --key ../kernel-build-tools/linux-x86/share/avb/testkey_rsa2048.pem
 
-	echo "[+] Building boot-lz4.img"
+	echo '[+] Building boot-lz4.img'
 	$MKBOOTIMG --header_version 4 --kernel Image.lz4 --output boot-lz4.img
-	$AVBTOOL add_hash_footer --partition_name boot --partition_size $((64*1024*1024)) --image boot-lz4.img --algorithm SHA256_RSA2048 --key ../kernel-build-tools/linux-x86/share/avb/testkey_rsa2048.pem
+	$AVBTOOL add_hash_footer --partition_name boot --partition_size $((64 * 1024 * 1024)) --image boot-lz4.img --algorithm SHA256_RSA2048 --key ../kernel-build-tools/linux-x86/share/avb/testkey_rsa2048.pem
 
-    echo "[+] Compress images"
-    for image in boot*.img; do
-        $GZIP -n -f -9 $image
-		mv $image.gz ksu-$VERSION-$image.gz
-    done
+	echo '[+] Compress images'
+	for image in boot*.img; do
+		$GZIP -n -f -9 "$image"
+		mv "$image".gz ksu-"$VERSION"-"$image".gz
+	done
 
-	echo "[+] Images to upload"
-    find . -type f -name "*.gz"
+	echo '[+] Images to upload'
+	find . -type f -name "*.gz"
 
-	find . -type f -name "*.gz" | xargs python3 $GITHUB_WORKSPACE/KernelSU/scripts/ksubot.py
+	find . -type f -name "*.gz" -exec python3 "$GITHUB_WORKSPACE"/KernelSU/scripts/ksubot.py {} +
 }
 
 for dir in Image*; do
 	if [ -d "$dir" ]; then
 		echo "----- Building $dir -----"
-		cd $dir
-		build_from_image $dir
+		cd "$dir"
+		build_from_image "$dir"
 		cd ..
 	fi
-done
+done

.github/workflows/clippy-pr.yml

@@ -0,0 +1,22 @@
+name: Clippy check for pull request
+
+on:
+  pull_request:
+    branches:
+      - 'main'
+    paths:
+      - '.github/workflows/clippy-pr.yml'
+      - 'userspace/ksud/**'
+
+permissions:
+  checks: write
+
+jobs:
+  clippy:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+
+      - uses: giraffate/clippy-action@v1
+        with:
+          workdir: userspace/ksud

.github/workflows/clippy.yml

@@ -0,0 +1,30 @@
+name: Clippy check
+
+on:
+  push:
+    branches:
+      - 'main'
+    paths:
+      - '.github/workflows/clippy.yml'
+      - 'userspace/ksud/**'
+
+env:
+  RUSTFLAGS: '-Dwarnings'
+
+jobs:
+  clippy:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+
+      - uses: Swatinem/rust-cache@v2
+        with:
+          workspaces: userspace/ksud
+
+      - name: Install cross
+        run: cargo install cross
+
+      - name: Run clippy
+        run: |
+          cross clippy --manifest-path userspace/ksud/Cargo.toml --target aarch64-linux-android
+          cross clippy --manifest-path userspace/ksud/Cargo.toml --target x86_64-linux-android

.github/workflows/ksud.yml

@@ -15,18 +15,13 @@ jobs:
     steps:
     - uses: actions/checkout@v3
 
-    - name: Set up cargo cache
-      if: inputs.use_cache == true
-      uses: actions/cache@v3
-      continue-on-error: false
+    - uses: Swatinem/rust-cache@v2
       with:
-        path: |
-          ~/.cargo/bin/
-          ~/.cargo/registry/index/
-          ~/.cargo/registry/cache/
-          ~/.cargo/git/db/
-        key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
-        restore-keys: ${{ runner.os }}-cargo-
+        workspaces: userspace/ksud
+        cache-targets: false
+
+    - name: Install cross
+      run: cargo install cross
 
     - name: Build ksud
       run: cross build --target ${{ inputs.target }} --release --manifest-path ./userspace/ksud/Cargo.toml
@@ -35,5 +30,5 @@ jobs:
       uses: actions/upload-artifact@v3
       with:
         name: ksud-${{ inputs.target }}
-        path: ./userspace/ksud/target/**/release/ksud
+        path: userspace/ksud/target/**/release/ksud
 

.github/workflows/rustfmt.yml

@@ -0,0 +1,33 @@
+name: Rustfmt check
+
+on:
+  push:
+    branches:
+      - 'main'
+    paths:
+      - '.github/workflows/rustfmt.yml'
+      - 'userspace/ksud/**'
+  pull_request:
+    branches:
+      - 'main'
+    paths:
+      - '.github/workflows/rustfmt.yml'
+      - 'userspace/ksud/**'
+
+permissions:
+  checks: write
+
+jobs:
+  format:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+
+      - uses: dtolnay/rust-toolchain@nightly
+        with:
+          components: rustfmt
+
+      - uses: LoliGothick/rustfmt-check@v0.2
+        with:
+          token: ${{ github.token }}
+          options: --manifest-path userspace/ksud/Cargo.toml

.github/workflows/shellcheck.yml

@@ -0,0 +1,27 @@
+name: ShellCheck
+
+on:
+  push:
+    branches:
+      - 'main'
+    paths:
+      - '.github/workflows/shellcheck.yml'
+      - '**/*.sh'
+  pull_request:
+    branches:
+      - 'main'
+    paths:
+      - '.github/workflows/shellcheck.yml'
+      - '**/*.sh'
+
+jobs:
+  shellcheck:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Run ShellCheck
+        uses: ludeeus/action-shellcheck@2.0.0
+        with:
+          ignore_names: gradlew
+          ignore_paths: ./userspace/ksud/src/installer.sh

userspace/ksud/build.rs

@@ -13,7 +13,10 @@ fn get_git_version() -> (u32, String) {
             .stdout,
     )
     .expect("Failed to read git count stdout");
-    let version_code: u32 = version_code.trim().parse().expect("Failed to parse git count");
+    let version_code: u32 = version_code
+        .trim()
+        .parse()
+        .expect("Failed to parse git count");
     let version_code = 10000 + 200 + version_code; // For historical reasons
 
     let version_name = String::from_utf8(
@@ -28,7 +31,7 @@ fn get_git_version() -> (u32, String) {
 }
 
 fn main() {
-    let (code, name)= get_git_version();
+    let (code, name) = get_git_version();
     let out_dir = env::var("OUT_DIR").expect("Failed to get $OUT_DIR");
     let out_dir = Path::new(&out_dir);
     File::create(Path::new(out_dir).join("VERSION_CODE"))

userspace/ksud/src/defs.rs

@@ -20,6 +20,5 @@ pub const DISABLE_FILE_NAME: &str = "disable";
 pub const UPDATE_FILE_NAME: &str = "update";
 pub const REMOVE_FILE_NAME: &str = "remove";
 
-
 pub const VERSION_CODE: &str = include_str!(concat!(env!("OUT_DIR"), "/VERSION_CODE"));
-pub const VERSION_NAME: &str = include_str!(concat!(env!("OUT_DIR"), "/VERSION_NAME"));
+pub const VERSION_NAME: &str = include_str!(concat!(env!("OUT_DIR"), "/VERSION_NAME"));

userspace/ksud/src/restorecon.rs

@@ -9,12 +9,16 @@ use extattr::{setxattr, Flags as XattrFlags};
 
 const SYSTEM_CON: &str = "u:object_r:system_file:s0";
 const _ADB_CON: &str = "u:object_r:adb_data_file:s0";
-const SELINUX_XATTR : &str = "security.selinux";
+const SELINUX_XATTR: &str = "security.selinux";
 
 pub fn setcon<P: AsRef<Path>>(path: P, con: &str) -> Result<()> {
     #[cfg(any(target_os = "linux", target_os = "android"))]
-    setxattr(&path, SELINUX_XATTR, con, XattrFlags::empty())
-        .with_context(|| format!("Failed to change SELinux context for {}", path.as_ref().display()))?;
+    setxattr(&path, SELINUX_XATTR, con, XattrFlags::empty()).with_context(|| {
+        format!(
+            "Failed to change SELinux context for {}",
+            path.as_ref().display()
+        )
+    })?;
     Ok(())
 }
 
@@ -32,9 +36,9 @@ pub fn restore_syscon<P: AsRef<Path>>(dir: P) -> Result<()> {
     for dir_entry in WalkDir::new(dir).parallelism(Serial) {
         if let Some(path) = dir_entry.ok().map(|dir_entry| dir_entry.path()) {
             #[cfg(any(target_os = "linux", target_os = "android"))]
-            setxattr(&path, SELINUX_XATTR, SYSTEM_CON, XattrFlags::empty()).with_context(
-                || format!("Failed to change SELinux context for {}", path.display()),
-            )?;
+            setxattr(&path, SELINUX_XATTR, SYSTEM_CON, XattrFlags::empty()).with_context(|| {
+                format!("Failed to change SELinux context for {}", path.display())
+            })?;
         }
     }
     Ok(())

userspace/ksud/src/sepolicy.rs

@@ -745,4 +745,4 @@ pub fn check_rule(policy: &str) -> Result<()> {
         apply_one_rule(&statement, true)?;
     }
     Ok(())
-}
+}