ci(build): add comprehensive build summary to workflow #9
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Kernel Build Process | ||
|
Check failure on line 1 in .github/workflows/build.yml
|
||
| permissions: | ||
| contents: write | ||
| actions: write | ||
| on: | ||
| workflow_call: | ||
| inputs: | ||
| android_version: | ||
| required: true | ||
| type: string | ||
| kernel_version: | ||
| required: true | ||
| type: string | ||
| sub_level: | ||
| required: true | ||
| type: string | ||
| os_patch_level: | ||
| required: true | ||
| type: string | ||
| susfs_version: | ||
| required: false | ||
| type: string | ||
| default: "v1.5.12" | ||
| # revision input removed; A12 boot image download uses fixed r1 | ||
| jobs: | ||
| build-gki: | ||
| runs-on: ubuntu-latest | ||
| strategy: | ||
| fail-fast: false | ||
| matrix: | ||
| apply_module_check_bypass: ["normal", "bypass"] | ||
| steps: | ||
| - name: Maximize Build Space | ||
| uses: AdityaGarg8/remove-unwanted-software@v5 | ||
| with: | ||
| remove-dotnet: 'true' # Frees ~2 GB | ||
| remove-android: 'true' # Frees ~9 GB | ||
| remove-haskell: 'true' # Frees ~5.2 GB | ||
| remove-codeql: 'true' # Frees ~5.4 GB | ||
| remove-docker-images: 'true' # Frees ~3.2 GB | ||
| remove-large-packages: 'true' # Frees ~3.1 GB | ||
| remove-swapfile: 'true' # Frees ~4 GB | ||
| remove-cached-tools: 'false' # Avoid unless confirmed safe | ||
| verbose: 'true' # Enable detailed logging | ||
| - name: Set CONFIG Environment Variable | ||
| run: | | ||
| # Set CONFIG dynamically based on inputs values | ||
| CONFIG="${{ inputs.android_version }}-${{ inputs.kernel_version }}-${{ inputs.sub_level }}" | ||
| # Set CONFIG as an environment variable for future steps | ||
| echo "CONFIG=$CONFIG" >> $GITHUB_ENV | ||
| - name: Setup Build Environment | ||
| run: | | ||
| AOSP_MIRROR=https://android.googlesource.com | ||
| BRANCH=main-kernel-2025 | ||
| git clone $AOSP_MIRROR/kernel/prebuilts/build-tools -b $BRANCH --depth 1 kernel-build-tools & | ||
| git clone $AOSP_MIRROR/platform/system/tools/mkbootimg -b $BRANCH --depth 1 mkbootimg & | ||
| wait | ||
| echo "AVBTOOL=$GITHUB_WORKSPACE/kernel-build-tools/linux-x86/bin/avbtool" >> $GITHUB_ENV | ||
| echo "MKBOOTIMG=$GITHUB_WORKSPACE/mkbootimg/mkbootimg.py" >> $GITHUB_ENV | ||
| echo "UNPACK_BOOTIMG=$GITHUB_WORKSPACE/mkbootimg/unpack_bootimg.py" >> $GITHUB_ENV | ||
| echo "BOOT_SIGN_KEY_PATH=$GITHUB_WORKSPACE/kernel-build-tools/linux-x86/share/avb/testkey_rsa2048.pem" >> $GITHUB_ENV | ||
| echo "PATH=$GITHUB_WORKSPACE/kernel-build-tools/linux-x86/bin:$PATH" >> $GITHUB_ENV | ||
| mkdir -p ./git-repo | ||
| curl https://storage.googleapis.com/git-repo-downloads/repo > ./git-repo/repo | ||
| chmod a+rx ./git-repo/repo | ||
| echo "REPO=$GITHUB_WORKSPACE/./git-repo/repo" >> $GITHUB_ENV | ||
| - name: Set boot sign key | ||
| env: | ||
| BOOT_SIGN_KEY: ${{ secrets.BOOT_SIGN_KEY }} | ||
| run: | | ||
| if [ ! -z "$BOOT_SIGN_KEY" ]; then | ||
| echo "$BOOT_SIGN_KEY" > ./kernel-build-tools/linux-x86/share/avb/testkey_rsa2048.pem | ||
| fi | ||
| - name: Clone AnyKernel3 and Other Dependencies | ||
| run: | | ||
| ANYKERNEL_BRANCH="gki-2.0" | ||
| SUSFS_BRANCH="gki-${{ inputs.android_version }}-${{ inputs.kernel_version }}" | ||
| git clone https://github.com/WildKernels/AnyKernel3.git -b "$ANYKERNEL_BRANCH" | ||
| git clone https://github.com/WildKernels/kernel_patches.git | ||
| git clone https://gitlab.com/simonpunk/susfs4ksu.git -b "$SUSFS_BRANCH" | ||
| # Checkout specific commits for SUSFS v1.5.9 if enabled | ||
| if [ "${{ inputs.susfs_version }}" = "v1.5.9" ]; then | ||
| cd susfs4ksu | ||
| case "${{ inputs.android_version }}-${{ inputs.kernel_version }}" in | ||
| "android15-6.6") | ||
| git checkout 2598fee8963adab11c255bf28521df32912e027f | ||
| ;; | ||
| "android14-6.1") | ||
| git checkout 646cfabce9d5dba5b806e9cbe2c198128ebd0e69 | ||
| ;; | ||
| "android14-5.15") | ||
| git checkout ab4d9570a9494a67c290002f3b28e69dd370a0f5 | ||
| ;; | ||
| "android13-5.15") | ||
| git checkout a21f265695f2869a6f3fc71a70328aa6d0f4a3ae | ||
| ;; | ||
| "android13-5.10") | ||
| git checkout 8acbd10775a447f546b14c6bded6f476a7f4733f | ||
| ;; | ||
| "android12-5.10") | ||
| git checkout 6f42c0e24e35a6fa0fc43051a5f1e7dfe568e8c2 | ||
| ;; | ||
| esac | ||
| cd .. | ||
| fi | ||
| # Checkout specific commits for SUSFS v1.5.12 if enabled | ||
| if [ "${{ inputs.susfs_version }}" = "v1.5.12" ]; then | ||
| cd susfs4ksu | ||
| case "${{ inputs.android_version }}-${{ inputs.kernel_version }}" in | ||
| "android12-5.10") | ||
| git checkout ed19454a4b5905e6718c9a22fad769b906837931 | ||
| ;; | ||
| "android13-5.10") | ||
| git checkout 8919927b63d95e62d33842452b9a60546187fb7b | ||
| ;; | ||
| "android13-5.15") | ||
| git checkout 700b9316b5a1cab174401b57f4198782a17154fb | ||
| ;; | ||
| "android14-5.15") | ||
| git checkout e1b1bba04b3cada700b8fd5bda4cfd4c59de07a2 | ||
| ;; | ||
| "android14-6.1") | ||
| git checkout f16560ce8263fbfa9b2f259e9531f72d6fda4e3f | ||
| ;; | ||
| "android15-6.6") | ||
| git checkout c49b1dab205bbc4ef20b120e84c5b7530355961d | ||
| ;; | ||
| esac | ||
| cd .. | ||
| fi | ||
| - name: Initialize and Sync Kernel Source | ||
| run: | | ||
| mkdir -p "$CONFIG" | ||
| cd "$CONFIG" | ||
| FORMATTED_BRANCH="${{ inputs.android_version }}-${{ inputs.kernel_version }}-${{ inputs.os_patch_level }}" | ||
| $REPO init --depth=1 --u https://android.googlesource.com/kernel/manifest -b common-${FORMATTED_BRANCH} --repo-rev=v2.16 | ||
| REMOTE_BRANCH=$(git ls-remote https://android.googlesource.com/kernel/common ${FORMATTED_BRANCH}) | ||
| DEFAULT_MANIFEST_PATH=.repo/manifests/default.xml | ||
| if grep -q deprecated <<< $REMOTE_BRANCH; then | ||
| sed -i "s/\"${FORMATTED_BRANCH}\"/\"deprecated\/${FORMATTED_BRANCH}\"/g" $DEFAULT_MANIFEST_PATH | ||
| fi | ||
| $REPO --trace sync -c -j$(nproc --all) --no-tags --fail-fast | ||
| - name: Extract Actual Sublevel for LTS Builds | ||
| if: inputs.sub_level == 'X' | ||
| run: | | ||
| cd "$CONFIG/common" | ||
| if [ -f "Makefile" ]; then | ||
| ACTUAL_SUBLEVEL=$(grep '^SUBLEVEL = ' Makefile | awk '{print $3}') | ||
| if [ -n "$ACTUAL_SUBLEVEL" ]; then | ||
| OLD_CONFIG="$CONFIG" | ||
| NEW_CONFIG="${{ inputs.android_version }}-${{ inputs.kernel_version }}-$ACTUAL_SUBLEVEL" | ||
| echo "CONFIG=$NEW_CONFIG" >> $GITHUB_ENV | ||
| echo "ACTUAL_SUBLEVEL=$ACTUAL_SUBLEVEL" >> $GITHUB_ENV | ||
| cd ../.. | ||
| if [ -d "$OLD_CONFIG" ]; then | ||
| mv "$OLD_CONFIG" "$NEW_CONFIG" | ||
| fi | ||
| fi | ||
| fi | ||
| - name: Apply glibc 2.38 Compatibility Fix | ||
| run: | | ||
| # Use ACTUAL_SUBLEVEL for LTS builds, otherwise use the input sub_level | ||
| SUBLEVEL_TO_CHECK="${ACTUAL_SUBLEVEL:-${{ inputs.sub_level }}}" | ||
| if ([[ "${{ inputs.android_version }}" == "android13" ]] && [[ "${{ inputs.kernel_version }}" == "5.10" ]] && (( $SUBLEVEL_TO_CHECK <= 186 ))) || | ||
| ([[ "${{ inputs.android_version }}" == "android13" ]] && [[ "${{ inputs.kernel_version }}" == "5.15" ]] && (( $SUBLEVEL_TO_CHECK <= 119 ))) || | ||
| ([[ "${{ inputs.android_version }}" == "android14" ]] && [[ "${{ inputs.kernel_version }}" == "5.15" ]] && (( $SUBLEVEL_TO_CHECK <= 110 ))) || | ||
| ([[ "${{ inputs.android_version }}" == "android14" ]] && [[ "${{ inputs.kernel_version }}" == "6.1" ]] && (( $SUBLEVEL_TO_CHECK <= 43 ))); then | ||
| GLIBC_VERSION=$(ldd --version 2>/dev/null | head -n 1 | awk '{print $NF}') | ||
| if [ "$(printf '%s\n' "2.38" "$GLIBC_VERSION" | sort -V | head -n1)" = "2.38" ]; then | ||
| cd $CONFIG/common/ | ||
| sed -i '/\$(Q)\$(MAKE) -C \$(SUBCMD_SRC) OUTPUT=\$(abspath \$(dir \$@))\/ \$(abspath \$@)/s//$(Q)$(MAKE) -C $(SUBCMD_SRC) EXTRA_CFLAGS="$(CFLAGS)" OUTPUT=$(abspath $(dir $@))\/ $(abspath $@)/' tools/bpf/resolve_btfids/Makefile 2>/dev/null || true | ||
| if ([[ "${{ inputs.android_version }}" == "android13" ]] && [[ "${{ inputs.kernel_version }}" == "5.10" ]] && (( $SUBLEVEL_TO_CHECK <= 186 ))) || | ||
| ([[ "${{ inputs.android_version }}" == "android13" ]] && [[ "${{ inputs.kernel_version }}" == "5.15" ]] && (( $SUBLEVEL_TO_CHECK <= 119 ))) || | ||
| ([[ "${{ inputs.android_version }}" == "android14" ]] && [[ "${{ inputs.kernel_version }}" == "5.15" ]] && (( $SUBLEVEL_TO_CHECK <= 110 ))); then | ||
| sed -i '/char \*buf = NULL;/a int i;' tools/lib/subcmd/parse-options.c 2>/dev/null || true | ||
| sed -i 's/for (int i = 0; subcommands\[i\]; i++) {/for (i = 0; subcommands[i]; i++) {/' tools/lib/subcmd/parse-options.c 2>/dev/null || true | ||
| sed -i '/if (subcommands) {/a int i;' tools/lib/subcmd/parse-options.c 2>/dev/null || true | ||
| sed -i 's/for (int i = 0; subcommands\[i\]; i++)/for (i = 0; subcommands[i]; i++)/' tools/lib/subcmd/parse-options.c 2>/dev/null || true | ||
| fi | ||
| fi | ||
| fi | ||
| - name: Fix Less Then 6.6.50 Builds | ||
| if: inputs.android_version == 'android15' && inputs.kernel_version == '6.6' | ||
| run: | | ||
| cd "$CONFIG/common" | ||
| if ! grep -qxF '#include <trace/hooks/fs.h>' ./fs/namespace.c; then | ||
| sed -i '/#include <trace\/hooks\/blk.h>/a #include <trace\/hooks\/fs.h>' ./fs/namespace.c | ||
| fi | ||
| - name: Apply ptrace patch for older kernels | ||
| if: fromJSON(inputs.kernel_version) < 5.16 | ||
| run: | | ||
| cd "$CONFIG/common" | ||
| patch -p1 -F 3 < "../../kernel_patches/gki_ptrace.patch" | ||
| - name: Add KernelSU | ||
| run: | | ||
| cd "$CONFIG" | ||
| curl -LSs "https://raw.githubusercontent.com/WildKernels/Wild_KSU/wild/kernel/setup.sh" | bash -s wild | ||
| - name: Getting KernelSU Version | ||
| run: | | ||
| cd "$CONFIG/Wild_KSU/kernel" | ||
| BASE_VERSION=10200 | ||
| COMMIT_COUNT=$(/usr/bin/git rev-list --count HEAD) | ||
| KSU_VERSION=$(expr $COMMIT_COUNT "+" $BASE_VERSION) | ||
| echo "KSUVER=$KSU_VERSION" >> $GITHUB_ENV | ||
| - name: Apply SUSFS Patches for KernelSU Variants | ||
| run: | | ||
| cd "$CONFIG" | ||
| # Apply compatibility fixes | ||
| if [ "${{ inputs.susfs_version }}" = "v1.5.9" ]; then | ||
| SUSFS_VERSION="1.5.9" | ||
| else | ||
| SUSFS_VERSION="1.5.12" | ||
| fi | ||
| cp ../susfs4ksu/kernel_patches/fs/* ./common/fs/ | ||
| cp ../susfs4ksu/kernel_patches/include/linux/* ./common/include/linux/ | ||
| # Apply core SUSFS patches | ||
| cp ../susfs4ksu/kernel_patches/50_add_susfs_in_gki-${{ inputs.android_version }}-${{ inputs.kernel_version }}.patch ./common/ | ||
| cd common | ||
| patch -p1 < 50_add_susfs_in_gki-${{ inputs.android_version }}-${{ inputs.kernel_version }}.patch || true | ||
| # Apply additional SUSFS patches for Android 13 5.15 compatibility | ||
| if [[ "${{ inputs.android_version }}" == "android13" ]] && [[ "${{ inputs.kernel_version }}" == "5.15" ]] && (( ${{ inputs.sub_level }} <= 41 )); then | ||
| cp ../../kernel_patches/wild/susfs_fix_patches/v${SUSFS_VERSION}/fix_fdinfo.c.patch ./ | ||
| patch -p1 < fix_fdinfo.c.patch || true | ||
| cp ../../kernel_patches/wild/susfs_fix_patches/v${SUSFS_VERSION}/fix_namespace.c.patch ./ | ||
| patch -p1 < fix_namespace.c.patch || true | ||
| cp ../../kernel_patches/wild/susfs_fix_patches/v${SUSFS_VERSION}/fix_open.c.patch ./ | ||
| patch -p1 < fix_open.c.patch || true | ||
| sed -i 's/i_uid_into_mnt(i_user_ns(inode), inode)/i_uid_into_mnt(inode->i_sb->s_user_ns, inode)/g' fs/susfs.c | ||
| fi | ||
| # Apply KSU integration patches | ||
| cd ../Wild_KSU | ||
| cp ../../susfs4ksu/kernel_patches/KernelSU/10_enable_susfs_for_ksu.patch . | ||
| patch -p1 < 10_enable_susfs_for_ksu.patch || true | ||
| cp ../../kernel_patches/wild/susfs_fix_patches/v${SUSFS_VERSION}/fix_core_hook.c.patch ./ | ||
| patch -p1 < fix_core_hook.c.patch | ||
| cp ../../kernel_patches/wild/susfs_fix_patches/v${SUSFS_VERSION}/fix_sucompat.c.patch ./ | ||
| patch -p1 < fix_sucompat.c.patch | ||
| cp ../../kernel_patches/wild/susfs_fix_patches/v${SUSFS_VERSION}/fix_kernel_compat.c.patch ./ | ||
| patch -p1 < fix_kernel_compat.c.patch | ||
| - name: Apply Hooks Patches | ||
| run: | | ||
| cd "$CONFIG/common" | ||
| cp ../../kernel_patches/wild/hooks/scope_min_manual_hooks_v1.4.patch ./ | ||
| patch -p1 -F 3 < scope_min_manual_hooks_v1.4.patch | ||
| - name: Scan and collect patch rejects | ||
| if: ${{ always() }} | ||
| run: | | ||
| set -e | ||
| CONFIG_DIR="$CONFIG" | ||
| REJECTS_DIR="$GITHUB_WORKSPACE/patch-rejects" | ||
| mkdir -p "$REJECTS_DIR" | ||
| # Find all .rej files under the configuration directory | ||
| mapfile -t REJS < <(find "$CONFIG_DIR" -type f -name '*.rej') | ||
| REJ_COUNT=${#REJS[@]} | ||
| echo "Found $REJ_COUNT .rej files under $CONFIG_DIR" | ||
| echo "REJ_COUNT=$REJ_COUNT" >> $GITHUB_ENV | ||
| if [ "$REJ_COUNT" -gt 0 ]; then | ||
| for REJ in "${REJS[@]}"; do | ||
| # Relative path from $CONFIG | ||
| REL="${REJ#"$CONFIG_DIR"/}" | ||
| DEST="$REJECTS_DIR/$REL" | ||
| mkdir -p "$(dirname "$DEST")" | ||
| cp "$REJ" "$DEST" | ||
| # Copy the associated original file alongside the .rej | ||
| ORIG="${REJ%.rej}" | ||
| if [ -f "$ORIG" ]; then | ||
| ORIG_DEST="$REJECTS_DIR/${REL%.rej}" | ||
| mkdir -p "$(dirname "$ORIG_DEST")" | ||
| cp "$ORIG" "$ORIG_DEST" | ||
| fi | ||
| echo "$REL" >> "$REJECTS_DIR/index.txt" | ||
| done | ||
| fi | ||
| - name: Add BBG | ||
| run: | | ||
| cd "$CONFIG" | ||
| echo "Adding BBG..." | ||
| wget -O- https://github.com/vc-teahouse/Baseband-guard/raw/main/setup.sh | bash | ||
| echo "CONFIG_BBG=y" >> common/arch/arm64/configs/gki_defconfig | ||
| # Before sed: Show the original LSM default line for comparison | ||
| echo "=== Before sed ===" | ||
| sed -n '/^config LSM$/,/^help$/{ /^[[:space:]]*default/ p }' common/security/Kconfig | ||
| # Apply the sed command to add baseband_guard to default security configurations | ||
| sed -i '/^config LSM$/,/^help$/{ /^[[:space:]]*default/ { /baseband_guard/! s/lockdown/lockdown,baseband_guard/ } }' common/security/Kconfig | ||
| # After sed: Show the updated LSM default line | ||
| echo "=== After sed ===" | ||
| sed -n '/^config LSM$/,/^help$/{ /^[[:space:]]*default/ p }' common/security/Kconfig | ||
| # Confirm baseband_guard is now present (should output the line if successful) | ||
| echo "=== Confirmation: grep for baseband_guard ===" | ||
| if ! grep -q "baseband_guard" common/security/Kconfig; then | ||
| echo "ERROR: baseband_guard not found after sed - stopping workflow" | ||
| exit 1 | ||
| else | ||
| echo "SUCCESS: baseband_guard found in security configuration" | ||
| grep "baseband_guard" common/security/Kconfig | ||
| fi | ||
| - name: Apply Module Check Bypass | ||
| if: ${{ matrix.apply_module_check_bypass == 'bypass' }} | ||
| run: | | ||
| if [[ "${{ inputs.kernel_version }}" == "6.1" || "${{ inputs.kernel_version }}" == "6.6" ]]; then | ||
| cd "$CONFIG/common/kernel/module" | ||
| sed -i '/bad_version:/{:a;n;/return 0;/{s/return 0;/return 1;/;b};ba}' version.c | ||
| else | ||
| cd "$CONFIG/common/kernel" | ||
| sed -i '/bad_version:/{:a;n;/return 0;/{s/return 0;/return 1;/;b};ba}' module.c | ||
| fi | ||
| - name: Fix WiFi and Bluetooth on Samsung 6.6 GKI devices | ||
| if: ${{ ( inputs.kernel_version == '6.6' ) }} | ||
| run: | | ||
| SYMBOL_LIST=$CONFIG/common/android/abi_gki_aarch64_galaxy | ||
| echo "kdp_set_cred_non_rcu" >> $SYMBOL_LIST | ||
| echo "kdp_usecount_dec_and_test" >> $SYMBOL_LIST | ||
| echo "kdp_usecount_inc" >> $SYMBOL_LIST | ||
| cd $CONFIG/common | ||
| PATCH="../../kernel_patches/samsung/min_kdp/add-min_kdp-symbols.patch" | ||
| if patch -p1 --dry-run < $PATCH; then | ||
| patch -p1 --no-backup-if-mismatch < $PATCH | ||
| fi | ||
| cd drivers | ||
| cp "../../../kernel_patches/samsung/min_kdp/min_kdp.c" min_kdp.c | ||
| echo "obj-y += min_kdp.o" >> Makefile | ||
| - name: Apply Kernel Configuration | ||
| run: | | ||
| cd "$CONFIG" | ||
| defconfig="./common/arch/arm64/configs/gki_defconfig" | ||
| echo "Applying kernel configurations one by one..." | ||
| # KernelSU Core Configuration | ||
| echo "CONFIG_KSU=y" >> "$defconfig" | ||
| echo "CONFIG_KSU_KPROBES_HOOK=n" >> "$defconfig" | ||
| # Mountify Support | ||
| echo "CONFIG_TMPFS_XATTR=y" >> "$defconfig" | ||
| echo "CONFIG_TMPFS_POSIX_ACL=y" >> "$defconfig" | ||
| # Networking Configuration | ||
| echo "CONFIG_IP_NF_TARGET_TTL=y" >> "$defconfig" | ||
| echo "CONFIG_IP6_NF_TARGET_HL=y" >> "$defconfig" | ||
| echo "CONFIG_IP6_NF_MATCH_HL=y" >> "$defconfig" | ||
| # BBR TCP Congestion Control | ||
| echo "CONFIG_TCP_CONG_ADVANCED=y" >> "$defconfig" | ||
| echo "CONFIG_TCP_CONG_BBR=y" >> "$defconfig" | ||
| echo "CONFIG_NET_SCH_FQ=y" >> "$defconfig" | ||
| echo "CONFIG_TCP_CONG_BIC=n" >> "$defconfig" | ||
| echo "CONFIG_TCP_CONG_WESTWOOD=n" >> "$defconfig" | ||
| echo "CONFIG_TCP_CONG_HTCP=n" >> "$defconfig" | ||
| # IPSet support | ||
| echo "CONFIG_IP_SET=y" >> "$defconfig" | ||
| echo "CONFIG_IP_SET_MAX=256" >> "$defconfig" | ||
| echo "CONFIG_IP_SET_BITMAP_IP=y" >> "$defconfig" | ||
| echo "CONFIG_IP_SET_BITMAP_IPMAC=y" >> "$defconfig" | ||
| echo "CONFIG_IP_SET_BITMAP_PORT=y" >> "$defconfig" | ||
| echo "CONFIG_IP_SET_HASH_IP=y" >> "$defconfig" | ||
| echo "CONFIG_IP_SET_HASH_IPPORT=y" >> "$defconfig" | ||
| echo "CONFIG_IP_SET_HASH_IPPORTIP=y" >> "$defconfig" | ||
| echo "CONFIG_IP_SET_HASH_IPPORTNET=y" >> "$defconfig" | ||
| echo "CONFIG_IP_SET_HASH_NET=y" >> "$defconfig" | ||
| echo "CONFIG_IP_SET_HASH_NETNET=y" >> "$defconfig" | ||
| echo "CONFIG_IP_SET_HASH_NETPORT=y" >> "$defconfig" | ||
| echo "CONFIG_IP_SET_HASH_NETIFACE=y" >> "$defconfig" | ||
| # SUSFS Configuration | ||
| echo "CONFIG_KSU_SUSFS=y" >> "$defconfig" | ||
| #echo "CONFIG_KSU_SUSFS_HAS_MAGIC_MOUNT=y" >> "$defconfig" | ||
| echo "CONFIG_KSU_SUSFS_SUS_PATH=y" >> "$defconfig" | ||
| echo "CONFIG_KSU_SUSFS_SUS_MOUNT=y" >> "$defconfig" | ||
| echo "CONFIG_KSU_SUSFS_TRY_UMOUNT=y" >> "$defconfig" | ||
| echo "CONFIG_KSU_SUSFS_AUTO_ADD_SUS_KSU_DEFAULT_MOUNT=y" >> "$defconfig" | ||
| echo "CONFIG_KSU_SUSFS_AUTO_ADD_SUS_BIND_MOUNT=y" >> "$defconfig" | ||
| echo "CONFIG_KSU_SUSFS_AUTO_ADD_TRY_UMOUNT_FOR_BIND_MOUNT=y" >> "$defconfig" | ||
| echo "CONFIG_KSU_SUSFS_SUS_KSTAT=y" >> "$defconfig" | ||
| echo "CONFIG_KSU_SUSFS_SUS_OVERLAYFS=n" >> "$defconfig" | ||
| echo "CONFIG_KSU_SUSFS_SPOOF_UNAME=y" >> "$defconfig" | ||
| echo "CONFIG_KSU_SUSFS_SPOOF_CMDLINE_OR_BOOTCONFIG=y" >> "$defconfig" | ||
| echo "CONFIG_KSU_SUSFS_OPEN_REDIRECT=y" >> "$defconfig" | ||
| echo "CONFIG_KSU_SUSFS_ENABLE_LOG=y" >> "$defconfig" | ||
| echo "CONFIG_KSU_SUSFS_HIDE_KSU_SUSFS_SYMBOLS=y" >> "$defconfig" | ||
| echo "CONFIG_KSU_SUSFS_SUS_SU=n" >> "$defconfig" | ||
| # Sound Configuration | ||
| echo "CONFIG_SND_ALOOP=y" >> "$defconfig" | ||
| # Build Optimization Configuration | ||
| echo "CONFIG_LTO_CLANG_THIN=y" >> "$defconfig" | ||
| echo "CONFIG_LTO_CLANG=y" >> "$defconfig" | ||
| echo "CONFIG_CC_OPTIMIZE_FOR_PERFORMANCE=y" >> "$defconfig" | ||
| echo "CONFIG_CC_OPTIMIZE_FOR_PERFORMANCE_O3=n" >> "$defconfig" | ||
| echo "CONFIG_OPTIMIZE_INLINING=y" >> "$defconfig" | ||
| # Remove check_defconfig | ||
| sed -i 's/check_defconfig//' ./common/build.config.gki | ||
| - name: Change Kernel Name | ||
| run: | | ||
| cd "$CONFIG" | ||
| #Add Wild to Kernel Version | ||
| sed -i '$s|echo "\$res"|echo "\$res-Wild"|' ./common/scripts/setlocalversion | ||
| #Set Kernel Timestamp | ||
| perl -pi -e 's{UTS_VERSION="\$\(echo \$UTS_VERSION \$CONFIG_FLAGS \$TIMESTAMP \| cut -b -\$UTS_LEN\)"}{UTS_VERSION="#1 SMP PREEMPT Sun Apr 20 04:20:00 UTC 2025"}' ./common/scripts/mkcompile_h | ||
| if [ -f "build/build.sh" ]; then | ||
| #Remove Dirty Flag | ||
| sed -i 's/-dirty//' ./common/scripts/setlocalversion | ||
| else | ||
| #Remove Dirty Flag | ||
| sed -i "/stable_scmversion_cmd/s/-maybe-dirty//g" ./build/kernel/kleaf/impl/stamp.bzl | ||
| #Remove Abi Exports and Error | ||
| rm -rf ./common/android/abi_gki_protected_exports_* | ||
| perl -pi -e 's/^\s*"protected_exports_list"\s*:\s*"android\/abi_gki_protected_exports_aarch64",\s*$//;' ./common/BUILD.bazel | ||
| fi | ||
| - name: Set file name | ||
| run: | | ||
| # Set artifact name base for consistent naming | ||
| # Prepare sublevel for naming | ||
| SUBLEVEL_FOR_NAME="${{ inputs.sub_level }}" | ||
| if [ -n "$ACTUAL_SUBLEVEL" ]; then | ||
| SUBLEVEL_FOR_NAME="$ACTUAL_SUBLEVEL" | ||
| fi | ||
| # Set artifact name base for consistent naming | ||
| ARTIFACT_BASE="WKSU-${{ env.KSUVER }}-SUSFS_${{ inputs.susfs_version }}-${{ inputs.android_version }}-${{ inputs.kernel_version }}.${SUBLEVEL_FOR_NAME}-${{ inputs.os_patch_level }}-${{ matrix.apply_module_check_bypass == 'bypass' && 'Module_Check_Bypass' || 'Normal' }}" | ||
| echo "ARTIFACT_BASE=$ARTIFACT_BASE" >> $GITHUB_ENV | ||
| echo "FILE_NAME=$ARTIFACT_BASE" >> $GITHUB_ENV | ||
| - name: Build | ||
| run : | | ||
| set -e | ||
| set -x | ||
| cd "$CONFIG" | ||
| echo "Building the kernel..." | ||
| if [ -f "build/build.sh" ]; then | ||
| LTO=thin BUILD_CONFIG=common/build.config.gki.aarch64 build/build.sh || exit 1 | ||
| else | ||
| tools/bazel build --config=fast --lto=thin //common:kernel_aarch64_dist || exit 1 | ||
| fi | ||
| - name: Prepare AnyKernel3 | ||
| run: | | ||
| # Copy Image from normal build locations | ||
| if [ -f "./$CONFIG/out/${{ inputs.android_version }}-${{ inputs.kernel_version }}/dist/Image" ]; then | ||
| cp ./$CONFIG/out/${{ inputs.android_version }}-${{ inputs.kernel_version }}/dist/Image AnyKernel3/Image | ||
| elif [ -f "./$CONFIG/bazel-bin/common/kernel_aarch64/Image" ]; then | ||
| cp ./$CONFIG/bazel-bin/common/kernel_aarch64/Image AnyKernel3/Image | ||
| else | ||
| echo "Error: Image file not found in any expected location" | ||
| exit 1 | ||
| fi | ||
| - name: Create Bootimgs Folder and Copy Images for Android 12/13 | ||
| if: ${{ inputs.android_version == 'android12' || inputs.android_version == 'android13' }} | ||
| run: | | ||
| mkdir bootimgs | ||
| echo "Creating bootimgs folder and copying images..." | ||
| cp ./$CONFIG/out/${{ inputs.android_version }}-${{ inputs.kernel_version }}/dist/Image ./bootimgs | ||
| cp ./$CONFIG/out/${{ inputs.android_version }}-${{ inputs.kernel_version }}/dist/Image.lz4 ./bootimgs | ||
| cp ./$CONFIG/out/${{ inputs.android_version }}-${{ inputs.kernel_version }}/dist/Image ./ | ||
| cp ./$CONFIG/out/${{ inputs.android_version }}-${{ inputs.kernel_version }}/dist/Image.lz4 ./ | ||
| # Create gzip of the Image file | ||
| gzip -n -k -f -9 ./Image > ./Image.gz | ||
| gzip -n -k -f -9 ./Image > ./bootimgs/Image.gz | ||
| - name: Create Bootimgs Folder and Copy Images for Android 14/15 | ||
| if: ${{ inputs.android_version == 'android14' || inputs.android_version == 'android15' }} | ||
| run: | | ||
| mkdir bootimgs | ||
| echo "Creating bootimgs folder and copying images..." | ||
| cp ./$CONFIG/bazel-bin/common/kernel_aarch64/Image ./bootimgs | ||
| cp ./$CONFIG/bazel-bin/common/kernel_aarch64/Image.lz4 ./bootimgs | ||
| cp ./$CONFIG/bazel-bin/common/kernel_aarch64/Image ./ | ||
| cp ./$CONFIG/bazel-bin/common/kernel_aarch64/Image.lz4 ./ | ||
| # Create gzip of the Image file | ||
| gzip -n -k -f -9 ./Image > ./Image.gz | ||
| gzip -n -k -f -9 ./Image > ./bootimgs/Image.gz | ||
| - name: Android 12 boot image build script | ||
| if: ${{ inputs.android_version == 'android12' }} | ||
| run: | | ||
| echo "Changing to configuration directory: $CONFIG..." | ||
| cd bootimgs | ||
| GKI_URL=https://dl.google.com/android/gki/gki-certified-boot-android12-5.10-"${{ inputs.os_patch_level }}"_r1.zip | ||
| FALLBACK_URL=https://dl.google.com/android/gki/gki-certified-boot-android12-5.10-2023-01_r1.zip | ||
| # Check if the GKI URL is available | ||
| echo "Checking if GKI kernel URL is reachable: $GKI_URL" | ||
| status=$(curl -sL -w "%{http_code}" "$GKI_URL" -o /dev/null) | ||
| if [ "$status" = "200" ]; then | ||
| echo "[+] Downloading from GKI_URL" | ||
| curl -Lo gki-kernel.zip "$GKI_URL" | ||
| else | ||
| echo "[+] $GKI_URL not found, using $FALLBACK_URL" | ||
| curl -Lo gki-kernel.zip "$FALLBACK_URL" | ||
| fi | ||
| # Unzip the downloaded kernel and remove the zip | ||
| echo "Unzipping the downloaded kernel..." | ||
| unzip gki-kernel.zip && rm gki-kernel.zip | ||
| echo "Unpacking boot.img..." | ||
| FULL_PATH=$(pwd)/boot-5.10.img | ||
| echo "Unpacking using: $FULL_PATH" | ||
| echo "Running unpack_bootimg.py..." | ||
| $UNPACK_BOOTIMG --boot_img="$FULL_PATH" | ||
| echo "Building boot.img" | ||
| $MKBOOTIMG --header_version 4 --kernel Image --output boot.img --ramdisk out/ramdisk --os_version 12.0.0 --os_patch_level "${{ inputs.os_patch_level }}" | ||
| $AVBTOOL add_hash_footer --partition_name boot --partition_size $((64 * 1024 * 1024)) --image boot.img --algorithm SHA256_RSA2048 --key $BOOT_SIGN_KEY_PATH | ||
| cp ./boot.img ../${{ env.FILE_NAME }}-boot.img | ||
| echo "Building boot-gz.img" | ||
| $MKBOOTIMG --header_version 4 --kernel Image.gz --output boot-gz.img --ramdisk out/ramdisk --os_version 12.0.0 --os_patch_level "${{ inputs.os_patch_level }}" | ||
| $AVBTOOL add_hash_footer --partition_name boot --partition_size $((64 * 1024 * 1024)) --image boot-gz.img --algorithm SHA256_RSA2048 --key $BOOT_SIGN_KEY_PATH | ||
| cp ./boot-gz.img ../${{ env.FILE_NAME }}-boot-gz.img | ||
| echo "Building boot-lz4.img" | ||
| $MKBOOTIMG --header_version 4 --kernel Image.lz4 --output boot-lz4.img --ramdisk out/ramdisk --os_version 12.0.0 --os_patch_level "${{ inputs.os_patch_level }}" | ||
| $AVBTOOL add_hash_footer --partition_name boot --partition_size $((64 * 1024 * 1024)) --image boot-lz4.img --algorithm SHA256_RSA2048 --key $BOOT_SIGN_KEY_PATH | ||
| cp ./boot-lz4.img ../${{ env.FILE_NAME }}-boot-lz4.img | ||
| - name: Android 13/14/15 boot image build script | ||
| if: ${{ inputs.android_version == 'android13' || inputs.android_version == 'android14' || inputs.android_version == 'android15' }} | ||
| run: | | ||
| cd bootimgs | ||
| echo "Building boot.img" | ||
| $MKBOOTIMG --header_version 4 --kernel Image --output boot.img | ||
| $AVBTOOL add_hash_footer --partition_name boot --partition_size $((64 * 1024 * 1024)) --image boot.img --algorithm SHA256_RSA2048 --key $BOOT_SIGN_KEY_PATH | ||
| cp ./boot.img ../${{ env.FILE_NAME }}-boot.img | ||
| echo "Building boot-gz.img" | ||
| $MKBOOTIMG --header_version 4 --kernel Image.gz --output boot-gz.img | ||
| $AVBTOOL add_hash_footer --partition_name boot --partition_size $((64 * 1024 * 1024)) --image boot-gz.img --algorithm SHA256_RSA2048 --key $BOOT_SIGN_KEY_PATH | ||
| cp ./boot-gz.img ../${{ env.FILE_NAME }}-boot-gz.img | ||
| echo "Building boot-lz4.img" | ||
| $MKBOOTIMG --header_version 4 --kernel Image.lz4 --output boot-lz4.img | ||
| $AVBTOOL add_hash_footer --partition_name boot --partition_size $((64 * 1024 * 1024)) --image boot-lz4.img --algorithm SHA256_RSA2048 --key $BOOT_SIGN_KEY_PATH | ||
| cp ./boot-lz4.img ../${{ env.FILE_NAME }}-boot-lz4.img | ||
| - name: Upload Build Artifacts | ||
| uses: actions/upload-artifact@v4 | ||
| with: | ||
| name: ${{ env.FILE_NAME }}-AnyKernel3 | ||
| path: | | ||
| AnyKernel3/ | ||
| compression-level: 9 | ||
| - name: Upload Build Artifacts | ||
| uses: actions/upload-artifact@v4 | ||
| with: | ||
| name: ${{ env.FILE_NAME }}-Boot | ||
| path: | | ||
| AnyKernel3/ | ||
| *-boot.img | ||
| *-boot-gz.img | ||
| *-boot-lz4.img | ||
| compression-level: 9 | ||
| - name: Upload Build Diagnostics | ||
| if: ${{ always() }} | ||
| uses: actions/upload-artifact@v4 | ||
| with: | ||
| name: ${{ env.FILE_NAME }}-Rejected-Patches | ||
| path: patch-rejects | ||
| compression-level: 9 | ||
| - name: Create Comprehensive Build Summary | ||
| if: ${{ always() }} | ||
| run: | | ||
| # Get actual commit hashes from the cloned repositories (not latest from remote) | ||
| cd "$CONFIG" | ||
| # Get actual WKSU commit hash from the cloned Wild_KSU directory | ||
| if [ -d "Wild_KSU" ]; then | ||
| cd Wild_KSU | ||
| ACTUAL_WKSU_REF=$(git rev-parse HEAD 2>/dev/null || echo "unknown") | ||
| ACTUAL_WKSU_URL="https://github.com/WildKernels/Wild_KSU/commit/$ACTUAL_WKSU_REF" | ||
| cd .. | ||
| else | ||
| ACTUAL_WKSU_REF="not-cloned" | ||
| ACTUAL_WKSU_URL="N/A" | ||
| fi | ||
| # Get actual SUSFS commit hash from the applied patches | ||
| if [ -d "../susfs4ksu" ]; then | ||
| cd ../susfs4ksu | ||
| ACTUAL_SUSFS_REF=$(git rev-parse HEAD 2>/dev/null || echo "unknown") | ||
| ACTUAL_SUSFS_URL="https://gitlab.com/simonpunk/susfs4ksu/-/commit/$ACTUAL_SUSFS_REF" | ||
| cd "$CONFIG" | ||
| else | ||
| ACTUAL_SUSFS_REF="not-cloned" | ||
| ACTUAL_SUSFS_URL="N/A" | ||
| fi | ||
| # Get actual BBG commit hash from the applied patches | ||
| if [ -d "../baseband_guard" ]; then | ||
| cd ../baseband_guard | ||
| ACTUAL_BBG_REF=$(git rev-parse HEAD 2>/dev/null || echo "unknown") | ||
| ACTUAL_BBG_URL="https://github.com/vc-teahouse/Baseband-guard/commit/$ACTUAL_BBG_REF" | ||
| cd "$CONFIG" | ||
| else | ||
| ACTUAL_BBG_REF="not-cloned" | ||
| ACTUAL_BBG_URL="N/A" | ||
| fi | ||
| # Create comprehensive build summary | ||
| cat >> $GITHUB_STEP_SUMMARY << EOF | ||
| ## Comprehensive Kernel Build Summary | ||
| ### Build Configuration | ||
| - **Android Version:** ${{ inputs.android_version }} | ||
| - **Kernel Version:** ${{ inputs.kernel_version }} | ||
| - **Sub Level:** ${{ inputs.sub_level }}${ACTUAL_SUBLEVEL:+ (Actual: $ACTUAL_SUBLEVEL)} | ||
| - **OS Patch Level:** ${{ inputs.os_patch_level }} | ||
| - **KernelSU Version:** ${{ env.KSUVER }} | ||
| - **SUSFS Version:** ${{ inputs.susfs_version }} | ||
| - **Module Check:** ${{ matrix.apply_module_check_bypass == 'bypass' ? 'Bypass' : 'Normal' }} | ||
| ### Build Timeline | ||
| - **Build Started:** $(date -d '@${{ github.event.head_commit.timestamp }}' +'%Y-%m-%d %H:%M:%S UTC' 2>/dev/null || echo "Unknown") | ||
| - **Build Completed:** $BUILD_END_TIME | ||
| - **Build Status:** ${{ job.status }} | ||
| ### Actual Commit Hashes (Used in Build) | ||
| > These are the actual commits that were used in this build, not the latest from remote | ||
| → **WKSU (Wild KernelSU):** [$ACTUAL_WKSU_REF]($ACTUAL_WKSU_URL) | ||
| → **Baseband-guard:** [$ACTUAL_BBG_REF]($ACTUAL_BBG_URL) | ||
| → **SUSFS4KSU ($SUSFS_BRANCH):** [$ACTUAL_SUSFS_REF]($ACTUAL_SUSFS_URL) | ||
| ### Remote Reference Commits (Latest at Build Time) | ||
| > These were the latest commits available when the build started | ||
| → **WKSU Remote:** [${{ env.WKSU_REF }}](${{ env.WKSU_URL }}) | ||
| → **Baseband-guard Remote:** [${{ env.BBG_REF }}](${{ env.BBG_URL }}) | ||
| → **SUSFS4KSU Remote:** [${{ env.SUSFS_REF }}](${{ env.SUSFS_URL }}) | ||
| ### Workflow Information | ||
| - **Workflow:** ${{ github.workflow }} | ||
| - **Run ID:** ${{ github.run_id }} | ||
| - **Run Number:** ${{ github.run_number }} | ||
| ### Generated Artifacts ($ARTIFACT_COUNT items) | ||
| $ARTIFACT_LIST | ||
| ### Patch Rejection Details | ||
| EOF | ||
| # Add patch rejection details if any exist | ||
| if [ "${REJ_COUNT:-0}" -gt 0 ] && [ -f "../patch-rejects/index.txt" ]; then | ||
| echo "**Rejected patch files:**" >> $GITHUB_STEP_SUMMARY | ||
| while IFS= read -r rejected_file; do | ||
| echo "- \`$rejected_file\`" >> $GITHUB_STEP_SUMMARY | ||
| done < "../patch-rejects/index.txt" | ||
| else | ||
| echo "No patch rejections detected" >> $GITHUB_STEP_SUMMARY | ||
| fi | ||
| cat >> $GITHUB_STEP_SUMMARY << EOF | ||
| --- | ||
| *Build completed with actual commit hashes and patch rejection status above.* | ||
| EOF | ||
