build-manager.yml

name: Build Manager

on:
  push:
    branches: [ 'rebase-magic-mount', 'ci', 'magic-mount\+susfs-*' ]
    paths:
      - '.github/workflows/build-manager.yml'
      - 'manager/**'
      - 'kernel/**'
      - 'userspace/ksud/**'
  pull_request:
    branches: [ "rebase-magic-mount" ]
    paths:
      - 'manager/**'
  workflow_call:
  workflow_dispatch:

jobs:
  update-signature:
    runs-on: ubuntu-latest

    steps:
      - name: Checkout current branch
        uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Update unofficial build signature
        run: |
          git config user.name "github-actions[bot]"
          git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
          git fetch --all

          if [ ! -z "${{ secrets.KEYSTORE }}" ]; then
              KEYSTORE_PASSWORD='${{ secrets.KEYSTORE_PASSWORD }}'
              KEY_ALIAS='${{ secrets.KEY_ALIAS }}'
              KEY_PASSWORD='${{ secrets.KEY_PASSWORD }}'
              KEYSTORE_FILE='key.jks'
              echo ${{ secrets.KEYSTORE }} | base64 -d > key.jks

              keytool -exportcert -file cert.crt \
                -keystore key.jks \
                -storepass $KEYSTORE_PASSWORD \
                -alias $KEY_ALIAS \
                -keypass $KEY_PASSWORD

              EXPECTED_SIZE=$(printf "0x%01x" $(stat -c %s cert.crt))
              EXPECTED_HASH=$(sha256sum -b cert.crt | cut -d ' ' -f 1)

              OLD_SIG_CODE="return check_v2_signature(path, EXPECTED_SIZE, EXPECTED_HASH);"
              REPLACE_CODE="return (check_v2_signature(path, EXPECTED_SIZE, EXPECTED_HASH)\n"$'\t'"|| check_v2_signature(path, $EXPECTED_SIZE, \"$EXPECTED_HASH\")\n"$'\t'");"

              sed -i "s/"$'\t'"$OLD_SIG_CODE/"$'\t'"$REPLACE_CODE/" kernel/apk_sign.c

              git add kernel/apk_sign.c
              git commit -m "kernel: Allow signature for unofficial manager"
              git push origin $GITHUB_REF_NAME
          fi

  update-version:
    needs: update-signature
    runs-on: ubuntu-latest

    steps:
      - name: Checkout upstream
        uses: actions/checkout@v4
        with:
          fetch-depth: 0
          ref: upstream
          path: upstream

      - name: Obtain upstream version
        id: upstream
        run: |
          cd $GITHUB_WORKSPACE/upstream
          git fetch --all

          UPSTREAM_VALUE=$(sed -nE 's/return major \* 10000 \+ commitCount \+ ([[:digit:]]+)/\1/p' manager/build.gradle.kts)
          echo "UPSTREAM_VALUE=$UPSTREAM_VALUE" >> $GITHUB_OUTPUT

      - name: Checkout current branch
        uses: actions/checkout@v4
        with:
          fetch-depth: 0
          ref: ${{ github.ref_name }}
          path: ${{ github.ref_name }}

      - name: Update current version
        env:
          UPSTREAM_VALUE: ${{ steps.upstream.outputs.UPSTREAM_VALUE }}
        run: |
          cd $GITHUB_WORKSPACE/$GITHUB_REF_NAME
          git config user.name "github-actions[bot]"
          git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
          git fetch --all

          VALUE_AFTER_OFFSET=$((UPSTREAM_VALUE - 1 - $(git rev-list --count origin/upstream..origin/$GITHUB_REF_NAME)))

          sed -i -E 's/(return major \* 10000 \+ commitCount \+ )[[:digit:]]+/\1'$VALUE_AFTER_OFFSET'/i' manager/build.gradle.kts
          sed -i -E 's/(\$\(shell expr 10000 \+ \$\(KSU_GIT_VERSION\) \+ )[[:digit:]]+/\1'$VALUE_AFTER_OFFSET'/i' kernel/Makefile
          sed -i -E 's/(\= 10000 \+ )[[:digit:]]+( \+ version_code)/\1'$VALUE_AFTER_OFFSET'\2/i' userspace/ksud/build.rs

          git add manager/build.gradle.kts kernel/Makefile userspace/ksud/build.rs
          git commit -m "treewide: Offset build version to match with upstream"
          git push origin $GITHUB_REF_NAME

  build-ksud:
    needs: update-version
    strategy:
      matrix:
        include:
          - target: aarch64-linux-android
            os: ubuntu-latest
          - target: x86_64-linux-android
            os: ubuntu-latest
    uses: ./.github/workflows/ksud.yml
    with:
      target: ${{ matrix.target }}
      os: ${{ matrix.os }}
      pack_lkm: false

  build-manager:
    needs: build-ksud
    runs-on: ubuntu-latest
    defaults:
      run:
        working-directory: ./manager

    steps:
      - name: Checkout current branch
        uses: actions/checkout@v4
        with:
          fetch-depth: 0
          ref: ${{ github.ref_name }}

      - name: Setup need_upload
        id: need_upload
        run: |
          if [ ! -z "${{ secrets.BOT_TOKEN }}" ]; then
            echo "UPLOAD=true" >> $GITHUB_OUTPUT
          else
            echo "UPLOAD=false" >> $GITHUB_OUTPUT
          fi

      - name: Write key
        if: ${{ ( github.event_name != 'pull_request' && ( github.ref == 'refs/heads/rebase-magic-mount' || startsWith(github.ref, 'refs/heads/magic-mount+susfs-') )) || github.ref_type == 'tag' }}
        run: |
          if [ ! -z "${{ secrets.KEYSTORE }}" ]; then
            {
              echo KEYSTORE_PASSWORD='${{ secrets.KEYSTORE_PASSWORD }}'
              echo KEY_ALIAS='${{ secrets.KEY_ALIAS }}'
              echo KEY_PASSWORD='${{ secrets.KEY_PASSWORD }}'
              echo KEYSTORE_FILE='key.jks'
            } >> gradle.properties
            echo ${{ secrets.KEYSTORE }} | base64 -d > key.jks
          fi

      - name: Setup Java
        uses: actions/setup-java@v4
        with:
          distribution: temurin
          java-version: 21

      - name: Setup Gradle
        uses: gradle/actions/setup-gradle@v4

      - name: Setup Android SDK
        uses: android-actions/setup-android@v3

      - name: Download arm64 ksud
        uses: actions/download-artifact@v4
        with:
          name: ksud-aarch64-linux-android
          path: .

      - name: Download x86_64 ksud
        uses: actions/download-artifact@v4
        with:
          name: ksud-x86_64-linux-android
          path: .

      - name: Copy ksud to app jniLibs
        run: |
          mkdir -p app/src/main/jniLibs/arm64-v8a
          mkdir -p app/src/main/jniLibs/x86_64
          cp -f ../aarch64-linux-android/release/ksud ../manager/app/src/main/jniLibs/arm64-v8a/libksud.so
          cp -f ../x86_64-linux-android/release/ksud ../manager/app/src/main/jniLibs/x86_64/libksud.so

      - name: Build with Gradle
        run: |
          {
            echo 'org.gradle.parallel=true'
            echo 'org.gradle.vfs.watch=true'
            echo 'org.gradle.jvmargs=-Xmx2048m'
            echo 'android.native.buildOutput=verbose'
          } >> gradle.properties
          sed -i 's/org.gradle.configuration-cache=true//g' gradle.properties
          ./gradlew clean assembleRelease

      - name: Upload build artifact
        uses: actions/upload-artifact@v4
        if: ${{ ( github.event_name != 'pull_request' && ( github.ref == 'refs/heads/rebase-magic-mount' || startsWith(github.ref, 'refs/heads/magic-mount+susfs-') )) || github.ref_type == 'tag' }}
        with:
          name: manager
          path: manager/app/build/outputs/apk/release/*.apk

      - name: Upload mappings
        uses: actions/upload-artifact@v4
        if: ${{ ( github.event_name != 'pull_request' && ( github.ref == 'refs/heads/rebase-magic-mount' || startsWith(github.ref, 'refs/heads/magic-mount+susfs-') )) || github.ref_type == 'tag' }}
        with:
          name: "mappings"
          path: "manager/app/build/outputs/mapping/release/"

      - name: Bot session cache
        if: github.event_name != 'pull_request' && steps.need_upload.outputs.UPLOAD == 'true'
        id: bot_session_cache
        uses: actions/cache@v4
        with:
          path: scripts/ksubot.session
          key: ${{ runner.os }}-bot-session

      - name: Upload to telegram
        if: github.event_name != 'pull_request' && steps.need_upload.outputs.UPLOAD == 'true'
        env:
          CHAT_ID: ${{ secrets.CHAT_ID }}
          BOT_TOKEN: ${{ secrets.BOT_TOKEN }}
          MESSAGE_THREAD_ID: ${{ secrets.MESSAGE_THREAD_ID }}
          COMMIT_MESSAGE: ${{ github.event.head_commit.message }}
          COMMIT_URL: ${{ github.event.head_commit.url }}
          RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
          TITLE: Manager
        run: |
          if [ ! -z "${{ secrets.BOT_TOKEN }}" ]; then
            export VERSION=$(git rev-list --count HEAD)
            APK=$(find ./app/build/outputs/apk/release -name "*.apk")
            pip3 install telethon
            python3 $GITHUB_WORKSPACE/scripts/ksubot.py $APK
          fi