diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml new file mode 100644 index 0000000..f01ca1d --- /dev/null +++ b/.github/workflows/build.yml @@ -0,0 +1,377 @@ +name: build +run-name: ${{ startsWith(github.ref, 'refs/tags/v') && format('Release {0}', github.ref_name) || null }} + +on: + workflow_dispatch: + push: + tags: + - v[0-9]+* + # branches: + # - master + # paths: + # - 'ip2net/**' + # - 'mdig/**' + # - 'nfq/**' + # - 'tpws/**' + +jobs: + build-linux: + name: Linux ${{ matrix.arch }} + runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + include: + - arch: arm64 + tool: aarch64-unknown-linux-musl + - arch: arm + tool: arm-unknown-linux-musleabi + # - arch: armhf + # tool: arm-unknown-linux-musleabihf + # - arch: armv7 + # tool: armv7-unknown-linux-musleabi + # - arch: armv7hf + # tool: armv7-unknown-linux-musleabihf + # - arch: mips64el + # tool: mips64el-unknown-linux-musl + - arch: mips64 + tool: mips64-unknown-linux-musl + # - arch: mipsel + # tool: mipsel-unknown-linux-musl + - arch: mipselsf + tool: mipsel-unknown-linux-muslsf + # - arch: mips + # tool: mips-unknown-linux-musl + - arch: mipssf + tool: mips-unknown-linux-muslsf + # - arch: ppc64 + # tool: powerpc64-unknown-linux-musl + - arch: ppc + tool: powerpc-unknown-linux-musl + - arch: x86 + tool: i586-unknown-linux-musl + - arch: x86_64 + tool: x86_64-unknown-linux-musl + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + path: zapret + + - name: Set up build tools + env: + REPO: 'spvkgn/musl-cross' + TOOL: ${{ matrix.tool }} + run: | + sudo apt update -qq && sudo apt install -y libcap-dev + mkdir -p $HOME/tools + wget -qO- https://github.com/$REPO/releases/download/latest/$TOOL.tar.xz | tar -C $HOME/tools -xJ || exit 1 + [ -d "$HOME/tools/$TOOL/bin" ] && echo "$HOME/tools/$TOOL/bin" >> $GITHUB_PATH + + - name: Build + env: + ARCH: ${{ matrix.arch }} + TARGET: ${{ matrix.tool }} + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + DEPS_DIR=$GITHUB_WORKSPACE/deps + export CC="$TARGET-gcc" + export LD=$TARGET-ld + export AR=$TARGET-ar + export NM=$TARGET-nm + export STRIP=$TARGET-strip + export PKG_CONFIG_PATH=$DEPS_DIR/lib/pkgconfig + + # optimize for size + export CFLAGS="-Os -flto=auto" + export LDFLAGS="-Os" + + # netfilter libs + git clone --depth 1 -b libmnl-1.0.5 git://git.netfilter.org/libmnl + git clone --depth 1 -b libnfnetlink-1.0.2 git://git.netfilter.org/libnfnetlink + git clone --depth 1 -b libnetfilter_queue-1.0.5 git://git.netfilter.org/libnetfilter_queue + + for i in libmnl libnfnetlink libnetfilter_queue ; do + ( + cd $i + ./autogen.sh && \ + ./configure --prefix= --host=$TARGET --enable-static --disable-shared && \ + make install -j$(nproc) DESTDIR=$DEPS_DIR + ) + sed -i "s|^prefix=.*|prefix=$DEPS_DIR|g" $DEPS_DIR/lib/pkgconfig/$i.pc + done + + # zlib + gh api repos/madler/zlib/releases/latest --jq '.tag_name' |\ + xargs -I{} wget -qO- https://github.com/madler/zlib/archive/refs/tags/{}.tar.gz | tar -xz + ( + cd zlib-* + ./configure --prefix= --static && \ + make install -j$(nproc) DESTDIR=$DEPS_DIR + ) + + # headers + # wget https://git.alpinelinux.org/aports/plain/main/bsd-compat-headers/queue.h && \ + # wget https://git.kernel.org/pub/scm/libs/libcap/libcap.git/plain/libcap/include/sys/capability.h && \ + install -Dm644 -t $DEPS_DIR/include/sys /usr/include/x86_64-linux-gnu/sys/queue.h /usr/include/sys/capability.h + + # zapret + CFLAGS="$CFLAGS -static-libgcc -static -I$DEPS_DIR/include" \ + LDFLAGS="$LDFLAGS -L$DEPS_DIR/lib" \ + make -C zapret -j$(nproc) + tar -C zapret/binaries/my -cJf zapret-linux-$ARCH.tar.xz . + + - name: Upload artifacts + uses: actions/upload-artifact@v4 + with: + name: zapret-linux-${{ matrix.arch }} + path: zapret-*.tar.xz + if-no-files-found: error + + build-macos: + name: macOS + runs-on: macos-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Build zapret + run: | + make mac -j$(sysctl -n hw.logicalcpu) + tar -C binaries/my -cJf zapret-mac-x64.tar.xz . + + - name: Upload artifacts + uses: actions/upload-artifact@v4 + with: + name: zapret-mac-x64 + path: zapret-*.tar.xz + if-no-files-found: error + + build-freebsd: + name: FreeBSD ${{ matrix.arch }} + runs-on: ubuntu-latest + strategy: + matrix: + include: + - target: x86_64 + arch: x86_64 + # - target: i386 + # arch: x86 + container: + image: empterdose/freebsd-cross-build:11.4 + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Install packages + run: apk add tar xz + + - name: Build zapret + env: + TARGET: ${{ matrix.target }} + ARCH: ${{ matrix.arch }} + run: | + settarget $TARGET-freebsd11 make bsd -j$(nproc) || exit 1 + tar -C binaries/my -cJf zapret-freebsd-$ARCH.tar.xz . + + - name: Upload artifacts + uses: actions/upload-artifact@v4 + with: + name: zapret-freebsd-${{ matrix.arch }} + path: zapret-*.tar.xz + if-no-files-found: error + + build-windows: + name: Windows ${{ matrix.arch }} + runs-on: windows-latest + strategy: + fail-fast: false + matrix: + arch: [ x86_64, x86 ] + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + path: zapret + + - name: Set up MinGW + uses: msys2/setup-msys2@v2 + with: + msystem: ${{ matrix.arch == 'x86_64' && 'MINGW64' || 'MINGW32' }} + install: >- + ${{ matrix.arch == 'x86_64' && 'mingw-w64-x86_64-toolchain' || 'mingw-w64-i686-toolchain' }} + + - name: Build ip2net, mdig + shell: msys2 {0} + run: | + mkdir -p output + cd zapret + mingw32-make -C ip2net win + mingw32-make -C mdig win + cp -a {ip2net/ip2net,mdig/mdig}.exe ../output + + - name: Restore psmisc from cache + id: cache-restore-psmisc + uses: actions/cache/restore@v4 + with: + path: ${{ github.workspace }}/psmisc + key: psmisc-${{ matrix.arch }} + + - name: Set up Cygwin + env: + PACKAGES: ${{ steps.cache-restore-psmisc.outputs.cache-hit != 'true' && 'cygport gettext-devel libiconv-devel libncurses-devel' || null }} + uses: cygwin/cygwin-install-action@v4 + with: + platform: ${{ matrix.arch }} + site: ${{ matrix.arch == 'x86_64' && 'http://ctm.crouchingtigerhiddenfruitbat.org/pub/cygwin/circa/64bit/2024/01/30/231215' || null }} + check-sig: ${{ matrix.arch == 'x86_64' && 'false' || null }} + packages: >- + gcc-core + make + zlib-devel + zip + unzip + wget + ${{ env.PACKAGES }} + + - name: Build psmisc + if: steps.cache-restore-psmisc.outputs.cache-hit != 'true' + env: + URL: https://mirrors.kernel.org/sourceware/cygwin/x86_64/release/psmisc + shell: C:\cygwin\bin\bash.exe -eo pipefail '{0}' + run: >- + export MAKEFLAGS=-j$(nproc) && + mkdir -p psmisc && cd psmisc && + wget -qO- ${URL} | grep -Po 'href=\"\Kpsmisc-(\d+\.)+\d+.+src\.tar\.xz(?=\")' | xargs -I{} wget -O- ${URL}/{} | tar -xJ && + cd psmisc-*.src && + echo CYGCONF_ARGS+=\" --disable-dependency-tracking --disable-nls\" >> psmisc.cygport && + cygport psmisc.cygport prep compile install + + - name: Save psmisc to cache + if: steps.cache-restore-psmisc.outputs.cache-hit != 'true' + uses: actions/cache/save@v4 + with: + path: ${{ github.workspace }}/psmisc + key: psmisc-${{ matrix.arch }} + + - name: Build winws + env: + TARGET: ${{ matrix.arch == 'x86_64' && 'cygwin' || 'cygwin32' }} + shell: C:\cygwin\bin\bash.exe -eo pipefail '{0}' + run: >- + export MAKEFLAGS=-j$(nproc) && + cd zapret && + make -C nfq ${TARGET} && + cp -a nfq/winws.exe ../output + + - name: Create zip + env: + BITS: ${{ matrix.arch == 'x86_64' && '64' || '32' }} + DIR: ${{ matrix.arch == 'x86_64' && 'x64' || 'x86' }} + shell: C:\cygwin\bin\bash.exe -e '{0}' + run: >- + cp -a -t output psmisc/psmisc-*.src/psmisc-*/inst/usr/bin/killall.exe /usr/bin/cygwin1.dll && + wget -O WinDivert.zip https://github.com/basil00/WinDivert/releases/download/v2.2.2/WinDivert-2.2.2-A.zip && + unzip -j WinDivert.zip "*/${DIR}/WinDivert.dll" "*/${DIR}/WinDivert${BITS}.sys" -d output && + zip zapret-win-${{ matrix.arch }}.zip -j output/* + + - name: Upload artifacts + uses: actions/upload-artifact@v4 + with: + name: zapret-win-${{ matrix.arch }} + path: zapret-*.zip + if-no-files-found: error + + release: + if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v') + needs: [ build-linux, build-windows, build-macos, build-freebsd ] + permissions: + contents: write + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + path: zapret + + - name: Download artifacts + uses: actions/download-artifact@v4 + id: bins + with: + path: zapret/binaries + pattern: zapret-* + + - name: Install upx + uses: crazy-max/ghaction-upx@v3 + with: + install-only: true + + - name: Prepare binaries + shell: bash + run: | + cd ${{ steps.bins.outputs.download-path }} + run_upx() { + upx --best --lzma $@ || true + } + run_dir() { + for f in $dir/* ; do + # extract binaries + case $f in + *.tar.xz ) + tar -C $dir -xvf $f && rm $f + if [[ $dir == *-linux-x86_64 ]]; then + tar -C $dir -czvf $dir/tpws_wsl.tgz tpws + run_upx $dir/* + elif [[ $dir =~ linux ]] && [[ $dir != *-linux-mips64 ]]; then + run_upx $dir/* + fi + ;; + *.zip ) + unzip $f -d $dir && rm $f + if [[ $dir =~ win ]]; then + chmod -x $dir/* + run_upx --force $dir/cygwin1.dll + fi + ;; + esac + done + mv $dir $1 + } + for dir in * ; do + if [ -d $dir ]; then + echo "Processing $dir" + case $dir in + *-freebsd-x86_64 ) run_dir freebsd-x64 ;; + *-linux-arm ) run_dir arm ;; + *-linux-arm64 ) run_dir aarch64 ;; + *-linux-mips64 ) run_dir mips64r2-msb ;; + *-linux-mipselsf ) run_dir mips32r1-lsb ;; + *-linux-mipssf ) run_dir mips32r1-msb ;; + *-linux-ppc ) run_dir ppc ;; + *-linux-x86 ) run_dir x86 ;; + *-linux-x86_64 ) run_dir x86_64 ;; + *-mac-x64 ) run_dir mac64 ;; + *-win-x86 ) run_dir win32 ;; + *-win-x86_64 ) run_dir win64 ;; + esac + fi + done + ls -lhR + + - name: Create release bundles + run: | + rm -rf zapret/.git* + tar -czf zapret-${{ github.ref_name }}.tar.gz zapret + zip -qr zapret-${{ github.ref_name }}.zip zapret + + - name: Upload release assets + uses: softprops/action-gh-release@v2 + with: + fail_on_unmatched_files: true + prerelease: false + draft: false + body: | + ### zapret ${{ github.ref_name }} + files: | + zapret*.tar.gz + zapret*.zip