Skip to content

Github CI

Github CI #1522

Workflow file for this run

name: Github CI
on:
push:
workflow_dispatch:
inputs:
debug_enabled:
description: 'Run the build with tmate debugging enabled (https://github.com/marketplace/actions/debugging-with-tmate)'
required: false
default: false
repository_dispatch:
schedule:
- cron: "0 */12 * * *" # https://crontab.guru/
defaults:
run:
shell: bash -x -e -c ". $0" "{0}"
working-directory: Fermion
jobs:
update:
runs-on: ubuntu-latest
outputs:
FRIDA_VER: ${{ steps.check.outputs.FRIDA_VER }}
FRIDA_GUM_VER: ${{ steps.check.outputs.FRIDA_GUM_VER }}
FRIDA_ELECTRON: ${{ steps.check.outputs.FRIDA_ELECTRON }}
FERMION_TAG: ${{ steps.check.outputs.FERMION_TAG }}
NO_BUILD: ${{ steps.checkTag.outputs.exists }}
steps:
- name: Checkout
uses: actions/checkout@v3
with:
fetch-depth: 2
submodules: recursive
- uses: gautamkrishnar/keepalive-workflow@master
# Enable tmate debugging of manually-triggered workflows if the input option was provided
- name: Setup tmate session
uses: mxschmitt/action-tmate@v3
if: ${{ github.event_name == 'workflow_dispatch' && github.event.inputs.debug_enabled }}
env:
SECRETS_CONTEXT: ${{ toJson(secrets) }}
- name: Populate Fermion Variables
id: check
run: python3 ../.github/workflows/populate_variables.py
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# Check if we are building a new Fermion tag
- uses: mukunku/tag-exists-action@v1.1.0
id: checkTag
with:
tag: v${{ steps.check.outputs.FERMION_TAG }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
build:
needs:
- update
if: ${{ needs.update.outputs.NO_BUILD == 'false' }}
# Build Matrix
strategy:
matrix:
os: [macos-latest, ubuntu-latest, windows-latest]
# Create tasks across our build matrix
runs-on: ${{ matrix.os }}
steps:
- name: Checkout
uses: actions/checkout@v3
with:
fetch-depth: 2
submodules: recursive
- uses: actions/setup-node@v3
with:
node-version: '16'
# Update dependency versions in the package manifest & install
- name: Update Frida package
id: npmi
run: |
export npm_config_runtime=electron
export npm_config_target=${{needs.update.outputs.FRIDA_ELECTRON}}
npm install
npm i @types/frida-gum@${{needs.update.outputs.FRIDA_GUM_VER}}
npm i frida@${{needs.update.outputs.FRIDA_VER}}
echo "ELECTRON_VER=${{needs.update.outputs.FRIDA_ELECTRON}}" >> $GITHUB_OUTPUT
- name: Prepare building..
run: |
OUT='${{ github.workspace }}/build'
echo "OUT=$OUT" >> $GITHUB_ENV
rm -rf "$OUT"
mkdir "$OUT"
# Package Fermion across our build matrix
- name: Build Windows
if: runner.os == 'Windows'
run: |
npx electron-packager . --icon ./src/images/fermion-ico.ico --out "$OUT"
- name: Build Linux
if: runner.os == 'Linux'
run: |
npx electron-packager . --icon ./src/images/fermion-ico.png --out "$OUT"
- name: Build macOS
if: runner.os == 'macOS'
run: |
npx electron-packager . --icon ./src/images/fermion-ico.icns --out "$OUT"
# Archive fermion
- name: Package build asset
run: |
cd "$OUT"
find . -type d -name node_modules -prune -exec ls -ald "{}" \;
ZIPNAME="fermion-${{ matrix.os }}-v${{ needs.update.outputs.FERMION_TAG }}"
if command -v zip > /dev/null; then
(cd *; zip -qr "../$ZIPNAME.zip" .)
else
(cd *; python3 -c "import shutil; shutil.make_archive('../$ZIPNAME', 'zip', '.')")
fi
ls -al
# Upload action artifact as-is
- name: Upload to GitHub Actions artifact
uses: NyaMisty/upload-artifact-as-is@master
with:
path: ${{ env.OUT }}/fermion-*.zip
release:
runs-on: ubuntu-latest
needs:
- update
- build
name: "release"
steps:
- name: "Create artifact directory"
run: |
mkdir -p build_output
working-directory: ${{ runner.temp }}
- name: "Download all artifacts"
uses: actions/download-artifact@v2
with:
path: ${{ runner.temp }}/build_output
- name: "Rearrange artifacts"
run: |
find build_output
mkdir -p build_release
mv build_output/*/* build_release
ls build_release
if [ "$(ls -A build_release)" ]; then exit 0; else exit 1; fi
working-directory: ${{ runner.temp }}
- name: Checkout
uses: actions/checkout@v3
with:
fetch-depth: 2
submodules: recursive
- name: Update package index
run: |
export npm_config_runtime=electron
export npm_config_target=${{needs.update.outputs.FRIDA_ELECTRON}}
npm install
npm i @types/frida-gum@${{needs.update.outputs.FRIDA_GUM_VER}}
npm i frida@${{needs.update.outputs.FRIDA_VER}}
- name: Update badgen & compile instructions
run: |
# Set new frida version for badgen
perl -i -pe 's|badgen.net/badge/Frida-Node/v[\d.]+?/grey|badgen.net/badge/Frida-Node/v${{ needs.update.outputs.FRIDA_VER }}/grey|' ../README.md
# Set new gum version for badgen
perl -i -pe 's|badgen.net/badge/Frida-Gum/v[\d.]+?/grey|badgen.net/badge/Frida-Gum/v${{ needs.update.outputs.FRIDA_GUM_VER }}/grey|' ../README.md
# Set new Fermion version for badgen
perl -i -pe 's|badgen.net/badge/Fermion/v[\d.]+?/grey|badgen.net/badge/Fermion/v${{ needs.update.outputs.FERMION_TAG }}/grey|' ../README.md
# Set new electron version for README
perl -i -pe 's|npm_config_target=[\d.]+|npm_config_target=${{ needs.update.outputs.FRIDA_ELECTRON }}|' ../README.md
# This is still a todo
- name: Update Frida assets
run: |
/bin/bash .github/workflows/update_fermion_asset.sh
working-directory: ${{ github.workspace }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# Commit
- name: Update Versions to Git
id: bumpver
run: |
if ! [ -z "$(git status --untracked-files=no --porcelain)" ]; then
AUTOUPDATE_PATTERN="^\[AutoUpdate\]"
preserve_branch=0
if ! [[ "$(git log -1 --pretty=%B)" =~ $AUTOUPDATE_PATTERN ]]; then
preserve_branch=1
git branch -f before_auto_update
fi
git config --local user.email "41898282+github-actions[bot]@users.noreply.github.com"
git config --local user.name "github-actions[bot]"
git commit -a -m "[AutoUpdate] v${{ needs.update.outputs.FERMION_TAG }}"
git push origin master
if [[ "$preserve_branch" == "1" ]]; then
git push -f origin before_auto_update
fi
fi
echo "CURRENT_SHA=$(git rev-parse HEAD)" >> $GITHUB_OUTPUT
# Release
- name: Create New Release and Upload
if: ${{ !startsWith(github.ref, 'refs/tags/') }}
uses: ncipollo/release-action@v1
with:
artifacts: "${{ runner.temp }}/build_release/*"
name: "${{ format('Fermion v{0}', needs.update.outputs.FERMION_TAG, needs.update.outputs.FRIDA_VER, needs.update.outputs.FRIDA_GUM_VER) }}"
body: "${{ format('Electron: {0}\nFrida: {1}\nGumJS: {2}\nBuild: Windows, Linux, Mac\n', needs.update.outputs.FRIDA_ELECTRON, needs.update.outputs.FRIDA_VER, needs.update.outputs.FRIDA_GUM_VER) }}"
tag: v${{ needs.update.outputs.FERMION_TAG }}
commit: ${{ steps.bumpver.outputs.CURRENT_SHA }}
prerelease: false
allowUpdates: true
# NOTE: edit this to false & true if you want to preserve original artifact
removeArtifacts: true
replacesArtifacts: false
artifactErrorsFailBuild: true
token: ${{ secrets.GITHUB_TOKEN }}