intra: disable port-fwd; reuse port across uids fails #917
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: AAARRR | |
on: | |
push: | |
branches: [ n2 ] | |
pull_request: | |
branches: [ n2 ] | |
workflow_dispatch: | |
jobs: | |
build: | |
name: ๐งฌ Build | |
runs-on: ubuntu-latest | |
steps: | |
- name: ๐ฅ Checkout code | |
uses: actions/checkout@v4 | |
- name: ๐ผ Setup go1.23+ | |
uses: actions/setup-go@v4 | |
with: | |
go-version: '>=1.23.2' | |
- name: ๐๏ธ Make | |
run: | | |
# outputs firestack.aar and firestack-arm.aar; also see: "Obj" below | |
./make-aar nogo debug | |
shell: bash | |
- name: ๐งช Test | |
if: success() | |
run: | | |
go env | |
# go test -v -race -bench=. -benchtime=100ms ./... | |
echo "::notice::success" | |
- name: ๐ฎ Vet | |
run: | | |
# github.com/actions/setup-go/issues/27 | |
export PATH=${PATH}:`go env GOPATH`/bin | |
# vet: fails: archive.is/XcDl6 | |
go vet ./... | |
# staticcheck | |
# go install honnef.co/go/tools/cmd/staticcheck@latest | |
# staticcheck ./... | |
go install go.uber.org/nilaway/cmd/nilaway@latest | |
nilaway ./... | |
go install golang.org/x/vuln/cmd/govulncheck@latest | |
govulncheck -test ./... | |
shell: bash | |
- name: ๐ Python3 | |
uses: actions/setup-python@v5 | |
with: | |
python-version: '3.10' | |
- name: ๐ฟ Obj | |
run: | | |
wget --tries=2 --waitretry=3 --no-dns-cache https://github.com/Zxilly/go-size-analyzer/releases/download/v1.0.8/go-size-analyzer_1.0.8_linux_amd64.deb -O gsa.deb | |
sudo dpkg -i gsa.deb | |
# s/tun2socks*.aar/firestack*.aar; see: make-aar | |
# | |
# Archive: firestack-debug.aar | |
# inflating: AndroidManifest.xml | |
# inflating: proguard.txt | |
# inflating: classes.jar | |
# inflating: jni/armeabi-v7a/libgojni.so | |
# inflating: jni/arm64-v8a/libgojni.so | |
# inflating: jni/x86/libgojni.so | |
# inflating: jni/x86_64/libgojni.so | |
# inflating: R.txt | |
# creating: res/ | |
# /usr/bin/jar | |
unzip firestack-debug.aar | |
which jar && jar tf ./classes.jar | |
gsa jni/arm64-v8a/*.so -f text --verbose | |
#pip install sqlelf | |
#sqlelf jni/arm64-v8a/libgojni.so --sql \ | |
# "SELECT mnemonic, COUNT(*) from elf_instructions GROUP BY mnemonic ORDER BY 2 DESC LIMIT 20" | |
#sqlelf jni/arm64-v8a/libgojni.so --sql \ | |
# "SELECT * from elf_headers" | |
# determine NEEDED entries | |
#sqlelf jni/arm64-v8a/libgojni.so --sql \ | |
# "SELECT elf_strings.path, elf_strings.value | |
# FROM elf_dynamic_entries | |
# INNER JOIN elf_strings ON elf_dynamic_entries.value = elf_strings.offset | |
# WHERE elf_dynamic_entries.tag = 'NEEDED'" | |
# determine the largest functions | |
#sqlelf jni/arm64-v8a/libgojni.so --sql \ | |
# "SELECT name AS function_name, (high_pc - low_pc) AS function_size | |
# FROM dwarf_dies | |
# WHERE tag = 'DW_TAG_subprogram' | |
# ORDER BY function_size DESC | |
# LIMIT 50;" | |
shell: bash | |
# github.com/actions/upload-artifact | |
- name: ๐ Upload | |
uses: actions/upload-artifact@v4 | |
if: success() | |
with: | |
name: firestack-aar-${{ github.sha }} # must be unique | |
path: firestack*.aar # see: make-aar | |
retention-days: 52 # 0-90; 90 is max | |
if-no-files-found: error # error, warn (default), ignore | |
compression-level: 9 # 0-9; 9 is max | |
checker: | |
name: ๐ Security checker | |
runs-on: ubuntu-latest | |
permissions: | |
security-events: write | |
id-token: write | |
env: | |
GO111MODULE: on | |
steps: | |
- name: ๐ฅ Checkout | |
uses: actions/checkout@v4 | |
- name: ๐ต๏ธ Gosec Scanner | |
uses: securego/gosec@master | |
with: | |
# github.com/securego/gosec/issues/1219 | |
# we let the report trigger content trigger a failure using the GitHub Security features. | |
args: '-no-fail -fmt sarif -out results.sarif ./...' | |
- name: ๐ก Upload to code-scanning | |
uses: github/codeql-action/upload-sarif@v3 | |
with: | |
sarif_file: results.sarif | |
# from: github.com/golangci/golangci-lint-action | |
golangci-lint: | |
name: ๐งญ Lint | |
runs-on: ubuntu-latest | |
permissions: | |
# Required: allow read access to the content for analysis. | |
contents: read | |
# Optional: allow read access to pull request. Use with `only-new-issues` option. | |
pull-requests: read | |
# Optional: Allow write access to checks to allow the action to annotate code in the PR. | |
checks: write | |
steps: | |
- name: ๐ฅ Checkout | |
uses: actions/checkout@v4 | |
- name: ๐ผ Set up Go | |
uses: actions/setup-go@v4 | |
with: | |
go-version: '>=1.23' | |
cache: false | |
# github.com/tailscale/tailscale/blob/93324cc7b/.github/workflows/depaware.yml | |
# consolidated in: github.com/tailscale/tailscale/commit/4022796484 | |
- name: ๐ฆ Depaware | |
run: | | |
go run github.com/tailscale/depaware github.com/celzero/firestack/intra | |
go run github.com/tailscale/depaware github.com/celzero/firestack/tunnel | |
- name: ๐ Lint | |
uses: golangci/[email protected] | |
with: | |
args: --config=.golangci.yml --issues-exit-code=0 | |
- name: ๐ก Staticheck | |
uses: dominikh/[email protected] | |
with: | |
version: "latest" | |
install-go: false |