Skip to content

ipn/wg: ignore reverse protocol handlers as req #999

ipn/wg: ignore reverse protocol handlers as req

ipn/wg: ignore reverse protocol handlers as req #999

Workflow file for this run

name: AAARRR
on:
push:
branches: [ n2 ]
pull_request:
branches: [ n2 ]
workflow_dispatch:
jobs:
build:
name: ๐Ÿงฌ Build
runs-on: ubuntu-latest
steps:
- name: ๐Ÿฅ Checkout code
uses: actions/checkout@v4
- name: ๐Ÿผ Setup go1.23+
uses: actions/setup-go@v5
with:
go-version: '>=1.23.2'
- name: ๐Ÿ—๏ธ Make
run: |
# outputs firestack.aar and firestack-arm.aar; also see: "Obj" below
./make-aar nogo debug
shell: bash
- name: ๐Ÿงช Test
if: success()
run: |
go env
# go test -v -race -bench=. -benchtime=100ms ./...
echo "::notice::success"
- name: ๐Ÿ”ฎ Vet
run: |
# github.com/actions/setup-go/issues/27
export PATH=${PATH}:`go env GOPATH`/bin
# vet: fails: archive.is/XcDl6
go vet ./...
# staticcheck
# go install honnef.co/go/tools/cmd/staticcheck@latest
# staticcheck ./...
go install go.uber.org/nilaway/cmd/nilaway@latest
nilaway ./...
go install golang.org/x/vuln/cmd/govulncheck@latest
govulncheck -test ./...
shell: bash
- name: ๐Ÿ Python3
uses: actions/setup-python@v5
with:
python-version: '3.10'
- name: ๐Ÿ’ฟ Obj
run: |
wget --tries=2 --waitretry=3 --no-dns-cache https://github.com/Zxilly/go-size-analyzer/releases/download/v1.0.8/go-size-analyzer_1.0.8_linux_amd64.deb -O gsa.deb
sudo dpkg -i gsa.deb
# s/tun2socks*.aar/firestack*.aar; see: make-aar
#
# Archive: firestack-debug.aar
# inflating: AndroidManifest.xml
# inflating: proguard.txt
# inflating: classes.jar
# inflating: jni/armeabi-v7a/libgojni.so
# inflating: jni/arm64-v8a/libgojni.so
# inflating: jni/x86/libgojni.so
# inflating: jni/x86_64/libgojni.so
# inflating: R.txt
# creating: res/
# /usr/bin/jar
unzip firestack-debug.aar
which jar && jar tf ./classes.jar
gsa jni/arm64-v8a/*.so -f text --verbose
#pip install sqlelf
#sqlelf jni/arm64-v8a/libgojni.so --sql \
# "SELECT mnemonic, COUNT(*) from elf_instructions GROUP BY mnemonic ORDER BY 2 DESC LIMIT 20"
#sqlelf jni/arm64-v8a/libgojni.so --sql \
# "SELECT * from elf_headers"
# determine NEEDED entries
#sqlelf jni/arm64-v8a/libgojni.so --sql \
# "SELECT elf_strings.path, elf_strings.value
# FROM elf_dynamic_entries
# INNER JOIN elf_strings ON elf_dynamic_entries.value = elf_strings.offset
# WHERE elf_dynamic_entries.tag = 'NEEDED'"
# determine the largest functions
#sqlelf jni/arm64-v8a/libgojni.so --sql \
# "SELECT name AS function_name, (high_pc - low_pc) AS function_size
# FROM dwarf_dies
# WHERE tag = 'DW_TAG_subprogram'
# ORDER BY function_size DESC
# LIMIT 50;"
shell: bash
# github.com/actions/upload-artifact
- name: ๐Ÿš€ Upload
uses: actions/upload-artifact@v4
if: success()
with:
name: firestack-aar-${{ github.sha }} # must be unique
path: firestack*.aar # see: make-aar
retention-days: 52 # 0-90; 90 is max
if-no-files-found: error # error, warn (default), ignore
compression-level: 9 # 0-9; 9 is max
checker:
name: ๐Ÿ” Security checker
runs-on: ubuntu-latest
permissions:
security-events: write
id-token: write
env:
GO111MODULE: on
steps:
- name: ๐Ÿฅ Checkout
uses: actions/checkout@v4
- name: ๐Ÿ•ต๏ธ Gosec Scanner
uses: securego/gosec@master
with:
# github.com/securego/gosec/issues/1219
# we let the report trigger content trigger a failure using the GitHub Security features.
args: '-no-fail -fmt sarif -out results.sarif ./...'
- name: ๐Ÿ“ก Upload to code-scanning
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: results.sarif
# from: github.com/golangci/golangci-lint-action
golangci-lint:
name: ๐Ÿงญ Lint
runs-on: ubuntu-latest
permissions:
# Required: allow read access to the content for analysis.
contents: read
# Optional: allow read access to pull request. Use with `only-new-issues` option.
pull-requests: read
# Optional: Allow write access to checks to allow the action to annotate code in the PR.
checks: write
steps:
- name: ๐Ÿฅ Checkout
uses: actions/checkout@v4
- name: ๐Ÿผ Set up Go
uses: actions/setup-go@v5
with:
go-version: '>=1.23'
cache: false
# github.com/tailscale/tailscale/blob/93324cc7b/.github/workflows/depaware.yml
# consolidated in: github.com/tailscale/tailscale/commit/4022796484
- name: ๐Ÿ“ฆ Depaware
run: |
go run github.com/tailscale/depaware github.com/celzero/firestack/intra
go run github.com/tailscale/depaware github.com/celzero/firestack/tunnel
- name: ๐Ÿ… Lint
uses: golangci/[email protected]
with:
args: --config=.golangci.yml --issues-exit-code=0
- name: ๐Ÿ“ก Staticheck
uses: dominikh/[email protected]
with:
version: "latest"
install-go: false