kernel: harden the signature check #586
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build Kernel - Android 12 | |
on: | |
push: | |
branches: ["main", "ci"] | |
paths: | |
- ".github/workflows/build-kernel-a12.yml" | |
- ".github/workflows/gki-kernel.yml" | |
- ".github/scripts/build_a12.sh" | |
- "kernel/**" | |
pull_request: | |
branches: ["main"] | |
paths: | |
- ".github/workflows/build-kernel-a12.yml" | |
- ".github/workflows/gki-kernel.yml" | |
- ".github/scripts/build-a12.sh" | |
- "kernel/**" | |
workflow_call: | |
jobs: | |
build-kernel: | |
if: github.event_name != 'pull_request' | |
strategy: | |
matrix: | |
include: | |
- sub_level: 66 | |
os_patch_level: 2022-01 | |
- sub_level: 81 | |
os_patch_level: 2022-03 | |
- sub_level: 101 | |
os_patch_level: 2022-05 | |
- sub_level: 110 | |
os_patch_level: 2022-07 | |
- sub_level: 117 | |
os_patch_level: 2022-09 | |
- sub_level: 136 | |
os_patch_level: 2022-11 | |
- sub_level: 149 | |
os_patch_level: 2023-01 | |
- sub_level: 160 | |
os_patch_level: 2023-03 | |
- sub_level: 168 | |
os_patch_level: 2023-05 | |
- sub_level: 177 | |
os_patch_level: 2023-07 | |
- sub_level: 185 | |
os_patch_level: 2023-09 | |
uses: ./.github/workflows/gki-kernel.yml | |
secrets: inherit | |
with: | |
version: android12-5.10 | |
version_name: android12-5.10.${{ matrix.sub_level }} | |
tag: android12-5.10-${{ matrix.os_patch_level }} | |
os_patch_level: ${{ matrix.os_patch_level }} | |
patch_path: "5.10" | |
upload-artifacts: | |
needs: build-kernel | |
runs-on: ubuntu-latest | |
if: ${{ ( github.event_name != 'pull_request' && github.ref == 'refs/heads/main' ) || github.ref_type == 'tag' || github.ref == 'refs/heads/ci' }} | |
env: | |
CHAT_ID: ${{ secrets.CHAT_ID }} | |
CACHE_CHAT_ID: ${{ secrets.CACHE_CHAT_ID }} | |
BOT_TOKEN: ${{ secrets.BOT_TOKEN }} | |
MESSAGE_THREAD_ID: ${{ secrets.MESSAGE_THREAD_ID }} | |
COMMIT_MESSAGE: ${{ github.event.head_commit.message }} | |
COMMIT_URL: ${{ github.event.head_commit.url }} | |
RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} | |
steps: | |
- name: Download artifacts | |
uses: actions/download-artifact@v3 | |
- uses: actions/checkout@v4 | |
with: | |
path: KernelSU | |
fetch-depth: 0 | |
- name: List artifacts | |
run: | | |
tree | |
- name: Download prebuilt toolchain | |
run: | | |
AOSP_MIRROR=https://android.googlesource.com | |
BRANCH=main-kernel-build-2023 | |
git clone $AOSP_MIRROR/platform/prebuilts/build-tools -b $BRANCH --depth 1 build-tools | |
git clone $AOSP_MIRROR/kernel/prebuilts/build-tools -b $BRANCH --depth 1 kernel-build-tools | |
git clone $AOSP_MIRROR/platform/system/tools/mkbootimg -b $BRANCH --depth 1 | |
pip3 install python-telegram-bot | |
- name: Set boot sign key | |
env: | |
BOOT_SIGN_KEY: ${{ secrets.BOOT_SIGN_KEY }} | |
run: | | |
if [ ! -z "$BOOT_SIGN_KEY" ]; then | |
echo "$BOOT_SIGN_KEY" > ./kernel-build-tools/linux-x86/share/avb/testkey_rsa2048.pem | |
fi | |
- name: Setup mutex for uploading | |
uses: ben-z/[email protected] | |
- name: Build boot images | |
run: | | |
export AVBTOOL=$GITHUB_WORKSPACE/kernel-build-tools/linux-x86/bin/avbtool | |
export GZIP=$GITHUB_WORKSPACE/build-tools/path/linux-x86/gzip | |
export LZ4=$GITHUB_WORKSPACE/build-tools/path/linux-x86/lz4 | |
export MKBOOTIMG=$GITHUB_WORKSPACE/mkbootimg/mkbootimg.py | |
export UNPACK_BOOTIMG=$GITHUB_WORKSPACE/mkbootimg/unpack_bootimg.py | |
cd $GITHUB_WORKSPACE/KernelSU | |
export VERSION=$(($(git rev-list --count HEAD) + 10200)) | |
echo "VERSION: $VERSION" | |
cd - | |
bash $GITHUB_WORKSPACE/KernelSU/.github/scripts/build_a12.sh | |
- name: Display structure of boot files | |
run: ls -R | |
- name: Upload images artifact | |
uses: actions/upload-artifact@v3 | |
with: | |
name: boot-images-android12 | |
path: Image-android12*/*.img.gz | |
check-build-kernel: | |
if: github.event_name == 'pull_request' | |
uses: ./.github/workflows/gki-kernel.yml | |
with: | |
version: android12-5.10 | |
version_name: android12-5.10.177 | |
tag: android12-5.10-2023-06 | |
os_patch_level: 2023-06 | |
patch_path: "5.10" |