-
Notifications
You must be signed in to change notification settings - Fork 2
249 lines (209 loc) · 9.5 KB
/
release.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
name: Patch and Release OTA
on:
schedule:
- cron: '0 */6 * * *' # Check for update every 6 hours (UTC). GrapheneOS checks every 6 hours.
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
inputs:
device-id:
description: Device code name
required: true
root:
description: Add root to the build
required: false
type: boolean
default: false
magisk-preinit-device:
description: Magisk preinit device. For example, "sda8", "sda15" etc.,
required: false
update-channel:
description: GrapheneOS update channel. Supports `alpha`, `beta` and `stable`. Defaults to `stable`
required: false
env:
CARGO_INCREMENTAL: 1
DEVICE_NAME: ${{ github.event.inputs.device-id }}
INTERACTIVE_MODE: false
GRAPHENEOS_UPDATE_CHANNEL: ${{ github.event.inputs.update-channel }}
RUST_BACKTRACE: short
RUSTUP_MAX_RETRIES: 10
jobs:
build:
runs-on: ubuntu-latest
# Required by publisher step
permissions: write-all
steps:
- name: Check if `magisk-preinit-device` is set when `root` is true
run: |
# Convert inputs to proper boolean values
root=${{ github.event.inputs.root }}
magisk_preinit_device=${{ github.event.inputs.magisk-preinit-device }}
# Ensure that the boolean comparison is correctly handled
if [ "$root" == "true" ] && [ -z "$magisk_preinit_device" ]; then
echo -e "::error:: magisk-preinit-device is required when root is true."
exit 1
fi
- name: Checkout code
uses: actions/checkout@v4
with:
# Allow for switching to github-pages branch
fetch-depth: 0
- name: Read from `env.toml` if exist
if: ${{ github.event_name == 'schedule' }}
run: |
# Check if the file exists
source src/util_functions.sh && check_toml_env
echo "DEVICE_NAME=${DEVICE_NAME}" >> $GITHUB_ENV
echo "GRAPHENEOS_UPDATE_CHANNEL=${GRAPHENEOS[UPDATE_CHANNEL]}" >> $GITHUB_ENV
- name: Check if a build exists already and verify assets
shell: bash
run: |
# Device name is a required parameter
if [[ -z "${DEVICE_NAME}" ]]; then
echo -e "::error::Missing required param \`DEVICE_NAME\`"
exit 1
fi
# Fetch the latest GrapheneOS version and set up the environment
source src/fetcher.sh && get_latest_version
echo "GRAPHENEOS_VERSION=${VERSION[GRAPHENEOS]}" >> $GITHUB_ENV
# Determine if the build is based on magisk or rootless (build flavor)
build_flavor=$([[ ${{ github.event.inputs.root == 'true' }} == 'true' ]] && echo 'magisk' || echo 'rootless')
# Check if the tag exists
if git show-ref --tags ${VERSION[GRAPHENEOS]} --quiet; then
echo -e "Tag with GrapheneOS version ${VERSION[GRAPHENEOS]} already exists. Looking for assets..."
# Fetch the release information for the tag
repo_url="https://api.github.com/repos/${{ github.repository }}/releases/tags/${VERSION[GRAPHENEOS]}"
release_info=$(curl -sL "$repo_url")
# Define required assets
required_assets=(
"${{ env.DEVICE_NAME }}-${VERSION[GRAPHENEOS]}-magisk-*.zip"
"${{ env.DEVICE_NAME }}-${VERSION[GRAPHENEOS]}-magisk-*.zip.csig"
"${{ env.DEVICE_NAME }}-${VERSION[GRAPHENEOS]}-rootless-*.zip"
"${{ env.DEVICE_NAME }}-${VERSION[GRAPHENEOS]}-rootless-*.zip.csig"
)
existing_assets=$(echo "$release_info" | jq -r '.assets[].name')
missing_assets=()
for required_asset in "${required_assets[@]}"; do
# Convert wildcard pattern to regex
regex="${required_asset//\*/.*}"
for asset in "${existing_assets[@]}"; do
# if existing asset matches the required asset, break the loop
if ! [[ $asset =~ $regex ]]; then
missing_assets+=("$required_asset")
break
fi
done
done
if [ ${#missing_assets[@]} -eq 0 ]; then
echo -e "::error::All required assets are present. Exiting..."
exit 1
else
echo -e "Missing assets:"
for missing_asset in "${missing_assets[@]}"; do
echo -e " - $missing_asset"
done
# Grep always throws an error stating it cannot find the file or directory
valid_build=""
for missing_asset in "${missing_assets[@]}"; do
if [[ $missing_asset == *"$build_flavor"* ]]; then
valid_build="$build_flavor"
break
fi
done
# Check if valid_build is either "magisk" or "rootless"
if [[ "$valid_build" == "magisk" ]] || [[ "$valid_build" == "rootless" ]]; then
echo -e "Proceeding with build to create missing assets..."
else
echo -e "::error::Asset with \`$build_flavor\` flavor already exists!"
exit 1
fi
fi
else
echo -e "Tag with GrapheneOS version ${VERSION[GRAPHENEOS]} does not exist. Creating one..."
fi
- name: Setup Git
run: |
# Configure git for pushing changes
git config --global user.email ${{ secrets.EMAIL }} && git config --global user.name PiX
- name: Install Rust stable
uses: dtolnay/rust-toolchain@master
with:
toolchain: stable 2 weeks ago
- name: Build and Cache Rust Dependencies
uses: Swatinem/[email protected]
- name: Install Python
uses: actions/setup-python@v5
with:
python-version: '3.12-dev'
- name: Setup Environment variables
run: |
echo "KEYS_AVB_BASE64=${{ secrets.AVB_KEY }}" >> $GITHUB_ENV
echo "KEYS_CERT_OTA_BASE64=${{ secrets.CERT_OTA }}" >> $GITHUB_ENV
echo "KEYS_OTA_BASE64=${{ secrets.OTA_KEY }}" >> $GITHUB_ENV
- name: Patch OTA
shell: bash
env:
ADDITIONALS_ROOT: ${{ github.event.inputs.root }}
CLEANUP: true
MAGISK_PREINIT: ${{ github.event.inputs.magisk-preinit-device }}
PASSPHRASE_AVB: ${{ secrets.PASSPHRASE_AVB }}
PASSPHRASE_OTA: ${{ secrets.PASSPHRASE_OTA }}
run: |
echo -e "Running release script.."
# Instead of running the script directly,
# we source it to get the variables in the current shell and use them in the next steps by exporting them
. src/main.sh
# Export the variables for the next steps
echo "GRAPHENEOS_OTA_TARGET=${GRAPHENEOS[OTA_TARGET]}" >> $GITHUB_ENV
echo "OUTPUTS_PATCHED_OTA=${OUTPUTS[PATCHED_OTA]}" >> $GITHUB_ENV
echo "WORKDIR=${WORKDIR}" >> $GITHUB_ENV
- name: Generate Changelog
run: |
# Generate a changelog for the release taking the latest GrapheneOS release
echo -e "See [Changelog](https://grapheneos.org/releases#${{ env.GRAPHENEOS_VERSION }})." > ${{ github.workspace }}-CHANGELOG.txt
- name: Make Release
uses: softprops/action-gh-release@v2
with:
body_path: ${{ github.workspace }}-CHANGELOG.txt
files: |
${{ env.OUTPUTS_PATCHED_OTA }}
${{ env.OUTPUTS_PATCHED_OTA }}.csig
name: "${{ env.GRAPHENEOS_VERSION }}"
tag_name: "${{ env.GRAPHENEOS_VERSION }}"
- name: Publish OTA to server
shell: bash
run: |
CURRENT_COMMIT=$(git rev-parse --short HEAD)
FLAVOR=("magisk" "rootless")
root=${{ github.event.inputs.root }}
# Create `magisk` and `rootless` directories if they don't exist
mkdir -p "${FLAVOR}"
# Switch to gh-pages branch
git checkout gh-pages
echo -e "Updating Configs for the new release..."
# If root is true or the the release has `magisk` in <device_name>.json, use magisk flavor
if [ "${root}" = "true" ] || grep -q magisk "${{ env.DEVICE_NAME }}.json"; then
TARGET_FILE="${FLAVOR[0]}/${{ env.DEVICE_NAME }}.json"
else
TARGET_FILE="${FLAVOR[1]}/${{ env.DEVICE_NAME }}.json"
fi
echo -e "Updating Configs for the new release..."
# Check if the target file exists, if not create an empty one to avoid any issues
if [ ! -f "${TARGET_FILE}" ]; then
echo -e "touching ${TARGET_FILE}..."
touch "${TARGET_FILE}"
fi
# Copy from `./` to `./<flavor>/` if same tag doesn't exist in the target file
if ! grep -q "${{ env.GRAPHENEOS_VERSION }}" "${TARGET_FILE}"; then
echo -e "Copying ${{ env.DEVICE_NAME }}.json to ${TARGET_FILE}..."
cp "${{ env.DEVICE_NAME }}.json" "${TARGET_FILE}"
git add "${TARGET_FILE}"
else
echo -e "Deployed version (${{ env.GRAPHENEOS_VERSION }}) is same as current GrapheneOS release (${{ env.GRAPHENEOS_VERSION }}).\nUpdate skipped."
fi
# Commit and push the changes if the working directory is clean
if ! git diff-index --quiet HEAD; then
git commit -m "release("${CURRENT_COMMIT}"): bump GrapheneOS version to ${{ env.GRAPHENEOS_VERSION }}"
git push origin gh-pages
fi
# Switch back to main branch
git checkout main