From 3181dd17bc70cf1bc2b875dcbd78684d2e3a15bb Mon Sep 17 00:00:00 2001 From: skbeh <60107333+skbeh@users.noreply.github.com> Date: Sat, 4 Feb 2023 13:52:20 +0800 Subject: [PATCH] ci: add CI for clippy, rustfmt and shell scripts (#193) --- .github/scripts/build_a12.sh | 65 +++++++++++++++++--------------- .github/scripts/build_a13.sh | 47 ++++++++++++----------- .github/workflows/clippy-pr.yml | 22 +++++++++++ .github/workflows/clippy.yml | 30 +++++++++++++++ .github/workflows/ksud.yml | 19 ++++------ .github/workflows/rustfmt.yml | 33 ++++++++++++++++ .github/workflows/shellcheck.yml | 27 +++++++++++++ userspace/ksud/build.rs | 7 +++- userspace/ksud/src/defs.rs | 3 +- userspace/ksud/src/restorecon.rs | 16 +++++--- userspace/ksud/src/sepolicy.rs | 2 +- 11 files changed, 197 insertions(+), 74 deletions(-) create mode 100644 .github/workflows/clippy-pr.yml create mode 100644 .github/workflows/clippy.yml create mode 100644 .github/workflows/rustfmt.yml create mode 100644 .github/workflows/shellcheck.yml diff --git a/.github/scripts/build_a12.sh b/.github/scripts/build_a12.sh index 4dd6ccc2..f6032983 100644 --- a/.github/scripts/build_a12.sh +++ b/.github/scripts/build_a12.sh @@ -1,51 +1,56 @@ -build_from_image(){ - export TITLE=kernel-aarch64-$(echo $1 | sed 's/Image-//g') +#!/bin/bash +set -euo pipefail + +build_from_image() { + export TITLE + TITLE=kernel-aarch64-${1//Image-/} echo "[+] title: $TITLE" - export PATCH_LEVEL=$(echo $1 | awk -F_ '{ print $2}') + export PATCH_LEVEL + PATCH_LEVEL=$(echo "$1" | awk -F_ '{ print $2}') echo "[+] patch level: $PATCH_LEVEL" - echo "[+] Download prebuilt ramdisk" - curl -Lo gki-kernel.zip https://dl.google.com/android/gki/gki-certified-boot-android12-5.10-${PATCH_LEVEL}_r1.zip + echo '[+] Download prebuilt ramdisk' + curl -Lo gki-kernel.zip https://dl.google.com/android/gki/gki-certified-boot-android12-5.10-"${PATCH_LEVEL}"_r1.zip unzip gki-kernel.zip && rm gki-kernel.zip - echo "[+] Unpack prebuilt boot.img" + echo '[+] Unpack prebuilt boot.img' BOOT_IMG=$(find . -maxdepth 1 -name "boot*.img") - $UNPACK_BOOTIMG --boot_img=$BOOT_IMG - rm $BOOT_IMG + $UNPACK_BOOTIMG --boot_img="$BOOT_IMG" + rm "$BOOT_IMG" - echo "[+] Building Image.gz" - cat Image | $GZIP -n -f -9 > Image.gz + echo '[+] Building Image.gz' + $GZIP -n -k -f -9 Image >Image.gz - echo "[+] Building boot.img" - $MKBOOTIMG --header_version 4 --kernel Image --output boot.img --ramdisk out/ramdisk --os_version 12.0.0 --os_patch_level ${PATCH_LEVEL} - $AVBTOOL add_hash_footer --partition_name boot --partition_size $((64*1024*1024)) --image boot.img --algorithm SHA256_RSA2048 --key ../kernel-build-tools/linux-x86/share/avb/testkey_rsa2048.pem + echo '[+] Building boot.img' + $MKBOOTIMG --header_version 4 --kernel Image --output boot.img --ramdisk out/ramdisk --os_version 12.0.0 --os_patch_level "${PATCH_LEVEL}" + $AVBTOOL add_hash_footer --partition_name boot --partition_size $((64 * 1024 * 1024)) --image boot.img --algorithm SHA256_RSA2048 --key ../kernel-build-tools/linux-x86/share/avb/testkey_rsa2048.pem - echo "[+] Building boot-gz.img" - $MKBOOTIMG --header_version 4 --kernel Image.gz --output boot-gz.img --ramdisk out/ramdisk --os_version 12.0.0 --os_patch_level ${PATCH_LEVEL} - $AVBTOOL add_hash_footer --partition_name boot --partition_size $((64*1024*1024)) --image boot-gz.img --algorithm SHA256_RSA2048 --key ../kernel-build-tools/linux-x86/share/avb/testkey_rsa2048.pem + echo '[+] Building boot-gz.img' + $MKBOOTIMG --header_version 4 --kernel Image.gz --output boot-gz.img --ramdisk out/ramdisk --os_version 12.0.0 --os_patch_level "${PATCH_LEVEL}" + $AVBTOOL add_hash_footer --partition_name boot --partition_size $((64 * 1024 * 1024)) --image boot-gz.img --algorithm SHA256_RSA2048 --key ../kernel-build-tools/linux-x86/share/avb/testkey_rsa2048.pem - echo "[+] Building boot-lz4.img" - $MKBOOTIMG --header_version 4 --kernel Image.lz4 --output boot-lz4.img --ramdisk out/ramdisk --os_version 12.0.0 --os_patch_level ${PATCH_LEVEL} - $AVBTOOL add_hash_footer --partition_name boot --partition_size $((64*1024*1024)) --image boot-lz4.img --algorithm SHA256_RSA2048 --key ../kernel-build-tools/linux-x86/share/avb/testkey_rsa2048.pem + echo '[+] Building boot-lz4.img' + $MKBOOTIMG --header_version 4 --kernel Image.lz4 --output boot-lz4.img --ramdisk out/ramdisk --os_version 12.0.0 --os_patch_level "${PATCH_LEVEL}" + $AVBTOOL add_hash_footer --partition_name boot --partition_size $((64 * 1024 * 1024)) --image boot-lz4.img --algorithm SHA256_RSA2048 --key ../kernel-build-tools/linux-x86/share/avb/testkey_rsa2048.pem - echo "[+] Compress images" - for image in boot*.img; do - $GZIP -n -f -9 $image - mv $image.gz ksu-$VERSION-$image.gz - done + echo '[+] Compress images' + for image in boot*.img; do + $GZIP -n -f -9 "$image" + mv "$image".gz ksu-"$VERSION"-"$image".gz + done - echo "[+] Images to upload" - find . -type f -name "*.gz" + echo "[+] Images to upload" + find . -type f -name "*.gz" - find . -type f -name "*.gz" | xargs python3 $GITHUB_WORKSPACE/KernelSU/scripts/ksubot.py + find . -type f -name "*.gz" -exec python3 "$GITHUB_WORKSPACE"/KernelSU/scripts/ksubot.py {} + } for dir in Image*; do if [ -d "$dir" ]; then echo "----- Building $dir -----" - cd $dir - build_from_image $dir + cd "$dir" + build_from_image "$dir" cd .. fi -done \ No newline at end of file +done diff --git a/.github/scripts/build_a13.sh b/.github/scripts/build_a13.sh index 36a8069f..703fc2f1 100644 --- a/.github/scripts/build_a13.sh +++ b/.github/scripts/build_a13.sh @@ -1,38 +1,43 @@ -build_from_image(){ - export TITLE=kernel-aarch64-$(echo $1 | sed 's/Image-//g') +#!/bin/bash +set -euo pipefail + +build_from_image() { + export TITLE + TITLE=kernel-aarch64-${1//Image-/} + echo "[+] title: $TITLE" - echo "[+] Building Image.gz" - cat Image | $GZIP -n -f -9 > Image.gz + echo '[+] Building Image.gz' + $GZIP -n -k -f -9 Image >Image.gz - echo "[+] Building boot.img" + echo '[+] Building boot.img' $MKBOOTIMG --header_version 4 --kernel Image --output boot.img - $AVBTOOL add_hash_footer --partition_name boot --partition_size $((64*1024*1024)) --image boot.img --algorithm SHA256_RSA2048 --key ../kernel-build-tools/linux-x86/share/avb/testkey_rsa2048.pem + $AVBTOOL add_hash_footer --partition_name boot --partition_size $((64 * 1024 * 1024)) --image boot.img --algorithm SHA256_RSA2048 --key ../kernel-build-tools/linux-x86/share/avb/testkey_rsa2048.pem - echo "[+] Building boot-gz.img" + echo '[+] Building boot-gz.img' $MKBOOTIMG --header_version 4 --kernel Image.gz --output boot-gz.img - $AVBTOOL add_hash_footer --partition_name boot --partition_size $((64*1024*1024)) --image boot-gz.img --algorithm SHA256_RSA2048 --key ../kernel-build-tools/linux-x86/share/avb/testkey_rsa2048.pem + $AVBTOOL add_hash_footer --partition_name boot --partition_size $((64 * 1024 * 1024)) --image boot-gz.img --algorithm SHA256_RSA2048 --key ../kernel-build-tools/linux-x86/share/avb/testkey_rsa2048.pem - echo "[+] Building boot-lz4.img" + echo '[+] Building boot-lz4.img' $MKBOOTIMG --header_version 4 --kernel Image.lz4 --output boot-lz4.img - $AVBTOOL add_hash_footer --partition_name boot --partition_size $((64*1024*1024)) --image boot-lz4.img --algorithm SHA256_RSA2048 --key ../kernel-build-tools/linux-x86/share/avb/testkey_rsa2048.pem + $AVBTOOL add_hash_footer --partition_name boot --partition_size $((64 * 1024 * 1024)) --image boot-lz4.img --algorithm SHA256_RSA2048 --key ../kernel-build-tools/linux-x86/share/avb/testkey_rsa2048.pem - echo "[+] Compress images" - for image in boot*.img; do - $GZIP -n -f -9 $image - mv $image.gz ksu-$VERSION-$image.gz - done + echo '[+] Compress images' + for image in boot*.img; do + $GZIP -n -f -9 "$image" + mv "$image".gz ksu-"$VERSION"-"$image".gz + done - echo "[+] Images to upload" - find . -type f -name "*.gz" + echo '[+] Images to upload' + find . -type f -name "*.gz" - find . -type f -name "*.gz" | xargs python3 $GITHUB_WORKSPACE/KernelSU/scripts/ksubot.py + find . -type f -name "*.gz" -exec python3 "$GITHUB_WORKSPACE"/KernelSU/scripts/ksubot.py {} + } for dir in Image*; do if [ -d "$dir" ]; then echo "----- Building $dir -----" - cd $dir - build_from_image $dir + cd "$dir" + build_from_image "$dir" cd .. fi -done \ No newline at end of file +done diff --git a/.github/workflows/clippy-pr.yml b/.github/workflows/clippy-pr.yml new file mode 100644 index 00000000..78ad721e --- /dev/null +++ b/.github/workflows/clippy-pr.yml @@ -0,0 +1,22 @@ +name: Clippy check for pull request + +on: + pull_request: + branches: + - 'main' + paths: + - '.github/workflows/clippy-pr.yml' + - 'userspace/ksud/**' + +permissions: + checks: write + +jobs: + clippy: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + + - uses: giraffate/clippy-action@v1 + with: + workdir: userspace/ksud diff --git a/.github/workflows/clippy.yml b/.github/workflows/clippy.yml new file mode 100644 index 00000000..2ec3b14e --- /dev/null +++ b/.github/workflows/clippy.yml @@ -0,0 +1,30 @@ +name: Clippy check + +on: + push: + branches: + - 'main' + paths: + - '.github/workflows/clippy.yml' + - 'userspace/ksud/**' + +env: + RUSTFLAGS: '-Dwarnings' + +jobs: + clippy: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + + - uses: Swatinem/rust-cache@v2 + with: + workspaces: userspace/ksud + + - name: Install cross + run: cargo install cross + + - name: Run clippy + run: | + cross clippy --manifest-path userspace/ksud/Cargo.toml --target aarch64-linux-android + cross clippy --manifest-path userspace/ksud/Cargo.toml --target x86_64-linux-android diff --git a/.github/workflows/ksud.yml b/.github/workflows/ksud.yml index fbce856e..9b5b6cf1 100644 --- a/.github/workflows/ksud.yml +++ b/.github/workflows/ksud.yml @@ -15,18 +15,13 @@ jobs: steps: - uses: actions/checkout@v3 - - name: Set up cargo cache - if: inputs.use_cache == true - uses: actions/cache@v3 - continue-on-error: false + - uses: Swatinem/rust-cache@v2 with: - path: | - ~/.cargo/bin/ - ~/.cargo/registry/index/ - ~/.cargo/registry/cache/ - ~/.cargo/git/db/ - key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }} - restore-keys: ${{ runner.os }}-cargo- + workspaces: userspace/ksud + cache-targets: false + + - name: Install cross + run: cargo install cross - name: Build ksud run: cross build --target ${{ inputs.target }} --release --manifest-path ./userspace/ksud/Cargo.toml @@ -35,5 +30,5 @@ jobs: uses: actions/upload-artifact@v3 with: name: ksud-${{ inputs.target }} - path: ./userspace/ksud/target/**/release/ksud + path: userspace/ksud/target/**/release/ksud diff --git a/.github/workflows/rustfmt.yml b/.github/workflows/rustfmt.yml new file mode 100644 index 00000000..03d3eb08 --- /dev/null +++ b/.github/workflows/rustfmt.yml @@ -0,0 +1,33 @@ +name: Rustfmt check + +on: + push: + branches: + - 'main' + paths: + - '.github/workflows/rustfmt.yml' + - 'userspace/ksud/**' + pull_request: + branches: + - 'main' + paths: + - '.github/workflows/rustfmt.yml' + - 'userspace/ksud/**' + +permissions: + checks: write + +jobs: + format: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + + - uses: dtolnay/rust-toolchain@nightly + with: + components: rustfmt + + - uses: LoliGothick/rustfmt-check@v0.2 + with: + token: ${{ github.token }} + options: --manifest-path userspace/ksud/Cargo.toml diff --git a/.github/workflows/shellcheck.yml b/.github/workflows/shellcheck.yml new file mode 100644 index 00000000..2786630a --- /dev/null +++ b/.github/workflows/shellcheck.yml @@ -0,0 +1,27 @@ +name: ShellCheck + +on: + push: + branches: + - 'main' + paths: + - '.github/workflows/shellcheck.yml' + - '**/*.sh' + pull_request: + branches: + - 'main' + paths: + - '.github/workflows/shellcheck.yml' + - '**/*.sh' + +jobs: + shellcheck: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + + - name: Run ShellCheck + uses: ludeeus/action-shellcheck@2.0.0 + with: + ignore_names: gradlew + ignore_paths: ./userspace/ksud/src/installer.sh diff --git a/userspace/ksud/build.rs b/userspace/ksud/build.rs index 1e4ff453..f208ee88 100644 --- a/userspace/ksud/build.rs +++ b/userspace/ksud/build.rs @@ -13,7 +13,10 @@ fn get_git_version() -> (u32, String) { .stdout, ) .expect("Failed to read git count stdout"); - let version_code: u32 = version_code.trim().parse().expect("Failed to parse git count"); + let version_code: u32 = version_code + .trim() + .parse() + .expect("Failed to parse git count"); let version_code = 10000 + 200 + version_code; // For historical reasons let version_name = String::from_utf8( @@ -28,7 +31,7 @@ fn get_git_version() -> (u32, String) { } fn main() { - let (code, name)= get_git_version(); + let (code, name) = get_git_version(); let out_dir = env::var("OUT_DIR").expect("Failed to get $OUT_DIR"); let out_dir = Path::new(&out_dir); File::create(Path::new(out_dir).join("VERSION_CODE")) diff --git a/userspace/ksud/src/defs.rs b/userspace/ksud/src/defs.rs index d70b09a1..cbd3fb24 100644 --- a/userspace/ksud/src/defs.rs +++ b/userspace/ksud/src/defs.rs @@ -20,6 +20,5 @@ pub const DISABLE_FILE_NAME: &str = "disable"; pub const UPDATE_FILE_NAME: &str = "update"; pub const REMOVE_FILE_NAME: &str = "remove"; - pub const VERSION_CODE: &str = include_str!(concat!(env!("OUT_DIR"), "/VERSION_CODE")); -pub const VERSION_NAME: &str = include_str!(concat!(env!("OUT_DIR"), "/VERSION_NAME")); \ No newline at end of file +pub const VERSION_NAME: &str = include_str!(concat!(env!("OUT_DIR"), "/VERSION_NAME")); diff --git a/userspace/ksud/src/restorecon.rs b/userspace/ksud/src/restorecon.rs index 08ccf204..5258bed8 100644 --- a/userspace/ksud/src/restorecon.rs +++ b/userspace/ksud/src/restorecon.rs @@ -9,12 +9,16 @@ use extattr::{setxattr, Flags as XattrFlags}; const SYSTEM_CON: &str = "u:object_r:system_file:s0"; const _ADB_CON: &str = "u:object_r:adb_data_file:s0"; -const SELINUX_XATTR : &str = "security.selinux"; +const SELINUX_XATTR: &str = "security.selinux"; pub fn setcon>(path: P, con: &str) -> Result<()> { #[cfg(any(target_os = "linux", target_os = "android"))] - setxattr(&path, SELINUX_XATTR, con, XattrFlags::empty()) - .with_context(|| format!("Failed to change SELinux context for {}", path.as_ref().display()))?; + setxattr(&path, SELINUX_XATTR, con, XattrFlags::empty()).with_context(|| { + format!( + "Failed to change SELinux context for {}", + path.as_ref().display() + ) + })?; Ok(()) } @@ -32,9 +36,9 @@ pub fn restore_syscon>(dir: P) -> Result<()> { for dir_entry in WalkDir::new(dir).parallelism(Serial) { if let Some(path) = dir_entry.ok().map(|dir_entry| dir_entry.path()) { #[cfg(any(target_os = "linux", target_os = "android"))] - setxattr(&path, SELINUX_XATTR, SYSTEM_CON, XattrFlags::empty()).with_context( - || format!("Failed to change SELinux context for {}", path.display()), - )?; + setxattr(&path, SELINUX_XATTR, SYSTEM_CON, XattrFlags::empty()).with_context(|| { + format!("Failed to change SELinux context for {}", path.display()) + })?; } } Ok(()) diff --git a/userspace/ksud/src/sepolicy.rs b/userspace/ksud/src/sepolicy.rs index 912808d3..c8eec1a9 100644 --- a/userspace/ksud/src/sepolicy.rs +++ b/userspace/ksud/src/sepolicy.rs @@ -745,4 +745,4 @@ pub fn check_rule(policy: &str) -> Result<()> { apply_one_rule(&statement, true)?; } Ok(()) -} \ No newline at end of file +}