Github CI #604
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Github CI | |
on: | |
push: | |
workflow_dispatch: | |
inputs: | |
debug_enabled: | |
description: 'Run the build with tmate debugging enabled (https://github.com/marketplace/actions/debugging-with-tmate)' | |
required: false | |
default: false | |
repository_dispatch: | |
schedule: | |
- cron: "0 */12 * * *" # https://crontab.guru/ | |
defaults: | |
run: | |
shell: bash -x -e -c ". $0" "{0}" | |
working-directory: Fermion | |
jobs: | |
update: | |
runs-on: ubuntu-latest | |
outputs: | |
FRIDA_VER: ${{ steps.check.outputs.FRIDA_VER }} | |
FRIDA_GUM_VER: ${{ steps.check.outputs.FRIDA_GUM_VER }} | |
FRIDA_ELECTRON: ${{ steps.check.outputs.FRIDA_ELECTRON }} | |
FERMION_TAG: ${{ steps.check.outputs.FERMION_TAG }} | |
NO_BUILD: ${{ steps.checkTag.outputs.exists }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 2 | |
submodules: recursive | |
- uses: gautamkrishnar/keepalive-workflow@master | |
# Enable tmate debugging of manually-triggered workflows if the input option was provided | |
- name: Setup tmate session | |
uses: mxschmitt/action-tmate@v3 | |
if: ${{ github.event_name == 'workflow_dispatch' && github.event.inputs.debug_enabled }} | |
env: | |
SECRETS_CONTEXT: ${{ toJson(secrets) }} | |
- name: Populate Fermion Variables | |
id: check | |
run: python3 ../.github/workflows/populate_variables.py | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
# Check if we are building a new Fermion tag | |
- uses: mukunku/tag-exists-action@v1.1.0 | |
id: checkTag | |
with: | |
tag: v${{ steps.check.outputs.FERMION_TAG }} | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
build: | |
needs: | |
- update | |
if: ${{ needs.update.outputs.NO_BUILD == 'false' }} | |
# Build Matrix | |
strategy: | |
matrix: | |
os: [macos-latest, ubuntu-latest, windows-latest] | |
# Create tasks across our build matrix | |
runs-on: ${{ matrix.os }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 2 | |
submodules: recursive | |
- uses: actions/setup-node@v3 | |
with: | |
node-version: '16' | |
# Update dependency versions in the package manifest & install | |
- name: Update Frida package | |
id: npmi | |
run: | | |
export npm_config_runtime=electron | |
export npm_config_target=${{needs.update.outputs.FRIDA_ELECTRON}} | |
npm install | |
npm i @types/frida-gum@${{needs.update.outputs.FRIDA_GUM_VER}} | |
npm i frida@${{needs.update.outputs.FRIDA_VER}} | |
echo "ELECTRON_VER=${{needs.update.outputs.FRIDA_ELECTRON}}" >> $GITHUB_OUTPUT | |
- name: Prepare building.. | |
run: | | |
OUT='${{ github.workspace }}/build' | |
echo "OUT=$OUT" >> $GITHUB_ENV | |
rm -rf "$OUT" | |
mkdir "$OUT" | |
# Package Fermion across our build matrix | |
- name: Build Windows | |
if: runner.os == 'Windows' | |
run: | | |
npx electron-packager . --icon ./src/images/fermion-ico.ico --out "$OUT" | |
- name: Build Linux | |
if: runner.os == 'Linux' | |
run: | | |
npx electron-packager . --icon ./src/images/fermion-ico.png --out "$OUT" | |
- name: Build macOS | |
if: runner.os == 'macOS' | |
run: | | |
npx electron-packager . --icon ./src/images/fermion-ico.icns --out "$OUT" | |
# Archive fermion | |
- name: Package build asset | |
run: | | |
cd "$OUT" | |
find . -type d -name node_modules -prune -exec ls -ald "{}" \; | |
ZIPNAME="fermion-${{ matrix.os }}-v${{ needs.update.outputs.FERMION_TAG }}" | |
if command -v zip > /dev/null; then | |
(cd *; zip -qr "../$ZIPNAME.zip" .) | |
else | |
(cd *; python3 -c "import shutil; shutil.make_archive('../$ZIPNAME', 'zip', '.')") | |
fi | |
ls -al | |
# Upload action artifact as-is | |
- name: Upload to GitHub Actions artifact | |
uses: NyaMisty/upload-artifact-as-is@master | |
with: | |
path: ${{ env.OUT }}/fermion-*.zip | |
release: | |
runs-on: ubuntu-latest | |
needs: | |
- update | |
- build | |
name: "release" | |
steps: | |
- name: "Create artifact directory" | |
run: | | |
mkdir -p build_output | |
working-directory: ${{ runner.temp }} | |
- name: "Download all artifacts" | |
uses: actions/download-artifact@v2 | |
with: | |
path: ${{ runner.temp }}/build_output | |
- name: "Rearrange artifacts" | |
run: | | |
find build_output | |
mkdir -p build_release | |
mv build_output/*/* build_release | |
ls build_release | |
if [ "$(ls -A build_release)" ]; then exit 0; else exit 1; fi | |
working-directory: ${{ runner.temp }} | |
- name: Checkout | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 2 | |
submodules: recursive | |
- name: Update package index | |
run: | | |
export npm_config_runtime=electron | |
export npm_config_target=${{needs.update.outputs.FRIDA_ELECTRON}} | |
npm install | |
npm i @types/frida-gum@${{needs.update.outputs.FRIDA_GUM_VER}} | |
npm i frida@${{needs.update.outputs.FRIDA_VER}} | |
- name: Update badgen & compile instructions | |
run: | | |
# Set new frida version for badgen | |
perl -i -pe 's|badgen.net/badge/Frida-Node/v[\d.]+?/grey|badgen.net/badge/Frida-Node/v${{ needs.update.outputs.FRIDA_VER }}/grey|' ../README.md | |
# Set new gum version for badgen | |
perl -i -pe 's|badgen.net/badge/Frida-Gum/v[\d.]+?/grey|badgen.net/badge/Frida-Gum/v${{ needs.update.outputs.FRIDA_GUM_VER }}/grey|' ../README.md | |
# Set new Fermion version for badgen | |
perl -i -pe 's|badgen.net/badge/Fermion/v[\d.]+?/grey|badgen.net/badge/Fermion/v${{ needs.update.outputs.FERMION_TAG }}/grey|' ../README.md | |
# Set new electron version for README | |
perl -i -pe 's|npm_config_target=[\d.]+|npm_config_target=${{ needs.update.outputs.FRIDA_ELECTRON }}|' ../README.md | |
# This is still a todo | |
- name: Update Frida assets | |
run: | | |
/bin/bash .github/workflows/update_fermion_asset.sh | |
working-directory: ${{ github.workspace }} | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
# Commit | |
- name: Update Versions to Git | |
id: bumpver | |
run: | | |
if ! [ -z "$(git status --untracked-files=no --porcelain)" ]; then | |
AUTOUPDATE_PATTERN="^\[AutoUpdate\]" | |
preserve_branch=0 | |
if ! [[ "$(git log -1 --pretty=%B)" =~ $AUTOUPDATE_PATTERN ]]; then | |
preserve_branch=1 | |
git branch -f before_auto_update | |
fi | |
git config --local user.email "41898282+github-actions[bot]@users.noreply.github.com" | |
git config --local user.name "github-actions[bot]" | |
git commit -a -m "[AutoUpdate] v${{ needs.update.outputs.FERMION_TAG }}" | |
git push origin master | |
if [[ "$preserve_branch" == "1" ]]; then | |
git push -f origin before_auto_update | |
fi | |
fi | |
echo "CURRENT_SHA=$(git rev-parse HEAD)" >> $GITHUB_OUTPUT | |
# Release | |
- name: Create New Release and Upload | |
if: ${{ !startsWith(github.ref, 'refs/tags/') }} | |
uses: ncipollo/release-action@v1 | |
with: | |
artifacts: "${{ runner.temp }}/build_release/*" | |
name: "${{ format('Fermion v{0}', needs.update.outputs.FERMION_TAG, needs.update.outputs.FRIDA_VER, needs.update.outputs.FRIDA_GUM_VER) }}" | |
body: "${{ format('Electron: {0}\nFrida: {1}\nGumJS: {2}\nBuild: Windows, Linux, Mac\n', needs.update.outputs.FRIDA_ELECTRON, needs.update.outputs.FRIDA_VER, needs.update.outputs.FRIDA_GUM_VER) }}" | |
tag: v${{ needs.update.outputs.FERMION_TAG }} | |
commit: ${{ steps.bumpver.outputs.CURRENT_SHA }} | |
prerelease: false | |
allowUpdates: true | |
# NOTE: edit this to false & true if you want to preserve original artifact | |
removeArtifacts: true | |
replacesArtifacts: false | |
artifactErrorsFailBuild: true | |
token: ${{ secrets.GITHUB_TOKEN }} |