From 948c0a713fd0df4860a3bf83b1a10031aa6f5012 Mon Sep 17 00:00:00 2001 From: CN-JS-HuiBai Date: Thu, 16 Apr 2026 19:26:55 +0800 Subject: [PATCH] =?UTF-8?q?=E7=A7=BB=E9=99=A4Github=20Workflows?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/CRONET_GO_VERSION | 1 - .github/FUNDING.yml | 1 - .github/ISSUE_TEMPLATE/bug_report.yml | 88 -- .github/ISSUE_TEMPLATE/bug_report_zh.yml | 88 -- .github/build_alpine_apk.sh | 81 -- .github/build_openwrt_apk.sh | 80 -- .github/deb2ipk.sh | 28 - .github/detect_track.sh | 33 - .github/renovate.json | 28 - .github/setup_go_for_macos1013.sh | 45 - .github/setup_go_for_windows7.sh | 46 - .github/update_clients.sh | 14 - .github/update_cronet.sh | 13 - .github/update_cronet_dev.sh | 13 - .github/update_dependencies.sh | 5 - .github/workflows/build.yml | 1019 ---------------------- .github/workflows/docker.yml | 295 ------- .github/workflows/lint.yml | 40 - .github/workflows/linux.yml | 243 ------ .github/workflows/stale.yml | 16 - 20 files changed, 2177 deletions(-) delete mode 100644 .github/CRONET_GO_VERSION delete mode 100644 .github/FUNDING.yml delete mode 100644 .github/ISSUE_TEMPLATE/bug_report.yml delete mode 100644 .github/ISSUE_TEMPLATE/bug_report_zh.yml delete mode 100755 .github/build_alpine_apk.sh delete mode 100755 .github/build_openwrt_apk.sh delete mode 100755 .github/deb2ipk.sh delete mode 100755 .github/detect_track.sh delete mode 100644 .github/renovate.json delete mode 100755 .github/setup_go_for_macos1013.sh delete mode 100755 .github/setup_go_for_windows7.sh delete mode 100755 .github/update_clients.sh delete mode 100755 .github/update_cronet.sh delete mode 100755 .github/update_cronet_dev.sh delete mode 100755 .github/update_dependencies.sh delete mode 100644 .github/workflows/build.yml delete mode 100644 .github/workflows/docker.yml delete mode 100644 .github/workflows/lint.yml delete mode 100644 .github/workflows/linux.yml delete mode 100644 .github/workflows/stale.yml diff --git a/.github/CRONET_GO_VERSION b/.github/CRONET_GO_VERSION deleted file mode 100644 index f8f1198f..00000000 --- a/.github/CRONET_GO_VERSION +++ /dev/null @@ -1 +0,0 @@ -e4926ba205fae5351e3d3eeafff7e7029654424a diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml deleted file mode 100644 index 55134afb..00000000 --- a/.github/FUNDING.yml +++ /dev/null @@ -1 +0,0 @@ -github: nekohasekai \ No newline at end of file diff --git a/.github/ISSUE_TEMPLATE/bug_report.yml b/.github/ISSUE_TEMPLATE/bug_report.yml deleted file mode 100644 index 0d76b981..00000000 --- a/.github/ISSUE_TEMPLATE/bug_report.yml +++ /dev/null @@ -1,88 +0,0 @@ -name: Bug report -description: "Report sing-box bug" -body: - - type: dropdown - attributes: - label: Operating system - description: Operating system type - options: - - iOS - - macOS - - Apple tvOS - - Android - - Windows - - Linux - - Others - validations: - required: true - - type: input - attributes: - label: System version - description: Please provide the operating system version - validations: - required: true - - type: dropdown - attributes: - label: Installation type - description: Please provide the sing-box installation type - options: - - Original sing-box Command Line - - sing-box for iOS Graphical Client - - sing-box for macOS Graphical Client - - sing-box for Apple tvOS Graphical Client - - sing-box for Android Graphical Client - - Third-party graphical clients that advertise themselves as using sing-box (Windows) - - Third-party graphical clients that advertise themselves as using sing-box (Android) - - Others - validations: - required: true - - type: input - attributes: - description: Graphical client version - label: If you are using a graphical client, please provide the version of the client. - - type: textarea - attributes: - label: Version - description: If you are using the original command line program, please provide the output of the `sing-box version` command. - render: shell - - type: textarea - attributes: - label: Description - description: Please provide a detailed description of the error. - validations: - required: true - - type: textarea - attributes: - label: Reproduction - description: Please provide the steps to reproduce the error, including the configuration files and procedures that can locally (not dependent on the remote server) reproduce the error using the original command line program of sing-box. - validations: - required: true - - type: textarea - attributes: - label: Logs - description: |- - In addition, if you encounter a crash with the graphical client, please also provide crash logs. - For Apple platform clients, please check `Settings - View Service Log` for crash logs. - For the Android client, please check the `/sdcard/Android/data/io.nekohasekai.sfa/files/stderr.log` file for crash logs. - render: shell - - type: checkboxes - id: supporter - attributes: - label: Supporter - options: - - label: I am a [sponsor](https://github.com/sponsors/nekohasekai/) - - type: checkboxes - attributes: - label: Integrity requirements - description: |- - Please check all of the following options to prove that you have read and understood the requirements, otherwise this issue will be closed. - Sing-box is not a project aimed to please users who can't make any meaningful contributions and gain unethical influence. If you deceive here to deliberately waste the time of the developers, you will be permanently blocked. - options: - - label: I confirm that I have read the documentation, understand the meaning of all the configuration items I wrote, and did not pile up seemingly useful options or default values. - required: true - - label: I confirm that I have provided the server and client configuration files and process that can be reproduced locally, instead of a complicated client configuration file that has been stripped of sensitive data. - required: true - - label: I confirm that I have provided the simplest configuration that can be used to reproduce the error I reported, instead of depending on remote servers, TUN, graphical interface clients, or other closed-source software. - required: true - - label: I confirm that I have provided the complete configuration files and logs, rather than just providing parts I think are useful out of confidence in my own intelligence. - required: true \ No newline at end of file diff --git a/.github/ISSUE_TEMPLATE/bug_report_zh.yml b/.github/ISSUE_TEMPLATE/bug_report_zh.yml deleted file mode 100644 index cea9ebf7..00000000 --- a/.github/ISSUE_TEMPLATE/bug_report_zh.yml +++ /dev/null @@ -1,88 +0,0 @@ -name: 错误反馈 -description: "提交 sing-box 漏洞" -body: - - type: dropdown - attributes: - label: 操作系统 - description: 请提供操作系统类型 - options: - - iOS - - macOS - - Apple tvOS - - Android - - Windows - - Linux - - 其他 - validations: - required: true - - type: input - attributes: - label: 系统版本 - description: 请提供操作系统版本 - validations: - required: true - - type: dropdown - attributes: - label: 安装类型 - description: 请提供该 sing-box 安装类型 - options: - - sing-box 原始命令行程序 - - sing-box for iOS 图形客户端程序 - - sing-box for macOS 图形客户端程序 - - sing-box for Apple tvOS 图形客户端程序 - - sing-box for Android 图形客户端程序 - - 宣传使用 sing-box 的第三方图形客户端程序 (Windows) - - 宣传使用 sing-box 的第三方图形客户端程序 (Android) - - 其他 - validations: - required: true - - type: input - attributes: - description: 图形客户端版本 - label: 如果您使用图形客户端程序,请提供该程序版本。 - - type: textarea - attributes: - label: 版本 - description: 如果您使用原始命令行程序,请提供 `sing-box version` 命令的输出。 - render: shell - - type: textarea - attributes: - label: 描述 - description: 请提供错误的详细描述。 - validations: - required: true - - type: textarea - attributes: - label: 重现方式 - description: 请提供重现错误的步骤,必须包括可以在本地(不依赖与远程服务器)使用 sing-box 原始命令行程序重现错误的配置文件与流程。 - validations: - required: true - - type: textarea - attributes: - label: 日志 - description: |- - 此外,如果您遭遇图形界面应用程序崩溃,请附加提供崩溃日志。 - 对于 Apple 平台图形客户端程序,请检查 `Settings - View Service Log` 以导出崩溃日志。 - 对于 Android 图形客户端程序,请检查 `/sdcard/Android/data/io.nekohasekai.sfa/files/stderr.log` 文件以导出崩溃日志。 - render: shell - - type: checkboxes - id: supporter - attributes: - label: 支持我们 - options: - - label: 我已经 [赞助](https://github.com/sponsors/nekohasekai/) - - type: checkboxes - attributes: - label: 完整性要求 - description: |- - 请勾选以下所有选项以证明您已经阅读并理解了以下要求,否则该 issue 将被关闭。 - sing-box 不是讨好无法作出任何意义上的贡献的最终用户并获取非道德影响力的项目,如果您在此处欺骗以故意浪费开发者的时间,您将被永久封锁。 - options: - - label: 我保证阅读了文档,了解所有我编写的配置文件项的含义,而不是大量堆砌看似有用的选项或默认值。 - required: true - - label: 我保证提供了可以在本地重现该问题的服务器、客户端配置文件与流程,而不是一个脱敏的复杂客户端配置文件。 - required: true - - label: 我保证提供了可用于重现我报告的错误的最简配置,而不是依赖远程服务器、TUN、图形界面客户端或者其他闭源软件。 - required: true - - label: 我保证提供了完整的配置文件与日志,而不是出于对自身智力的自信而仅提供了部分认为有用的部分。 - required: true diff --git a/.github/build_alpine_apk.sh b/.github/build_alpine_apk.sh deleted file mode 100755 index aaaa04f9..00000000 --- a/.github/build_alpine_apk.sh +++ /dev/null @@ -1,81 +0,0 @@ -#!/usr/bin/env bash - -set -e -o pipefail - -ARCHITECTURE="$1" -VERSION="$2" -BINARY_PATH="$3" -OUTPUT_PATH="$4" - -if [ -z "$ARCHITECTURE" ] || [ -z "$VERSION" ] || [ -z "$BINARY_PATH" ] || [ -z "$OUTPUT_PATH" ]; then - echo "Usage: $0 " - exit 1 -fi - -PROJECT=$(cd "$(dirname "$0")/.."; pwd) - -# Convert version to APK format: -# 1.13.0-beta.8 -> 1.13.0_beta8-r0 -# 1.13.0-rc.3 -> 1.13.0_rc3-r0 -# 1.13.0 -> 1.13.0-r0 -APK_VERSION=$(echo "$VERSION" | sed -E 's/-([a-z]+)\.([0-9]+)/_\1\2/') -APK_VERSION="${APK_VERSION}-r0" - -ROOT_DIR=$(mktemp -d) -trap 'rm -rf "$ROOT_DIR"' EXIT - -# Binary -install -Dm755 "$BINARY_PATH" "$ROOT_DIR/usr/bin/sing-box" - -# Config files -install -Dm644 "$PROJECT/release/config/config.json" "$ROOT_DIR/etc/sing-box/config.json" -install -Dm755 "$PROJECT/release/config/sing-box.initd" "$ROOT_DIR/etc/init.d/sing-box" -install -Dm644 "$PROJECT/release/config/sing-box.confd" "$ROOT_DIR/etc/conf.d/sing-box" - -# Service files -install -Dm644 "$PROJECT/release/config/sing-box.service" "$ROOT_DIR/usr/lib/systemd/system/sing-box.service" -install -Dm644 "$PROJECT/release/config/sing-box@.service" "$ROOT_DIR/usr/lib/systemd/system/sing-box@.service" - -# Completions -install -Dm644 "$PROJECT/release/completions/sing-box.bash" "$ROOT_DIR/usr/share/bash-completion/completions/sing-box.bash" -install -Dm644 "$PROJECT/release/completions/sing-box.fish" "$ROOT_DIR/usr/share/fish/vendor_completions.d/sing-box.fish" -install -Dm644 "$PROJECT/release/completions/sing-box.zsh" "$ROOT_DIR/usr/share/zsh/site-functions/_sing-box" - -# License -install -Dm644 "$PROJECT/LICENSE" "$ROOT_DIR/usr/share/licenses/sing-box/LICENSE" - -# APK metadata -PACKAGES_DIR="$ROOT_DIR/lib/apk/packages" -mkdir -p "$PACKAGES_DIR" - -# .conffiles -cat > "$PACKAGES_DIR/.conffiles" <<'EOF' -/etc/conf.d/sing-box -/etc/init.d/sing-box -/etc/sing-box/config.json -EOF - -# .conffiles_static (sha256 checksums) -while IFS= read -r conffile; do - sha256=$(sha256sum "$ROOT_DIR$conffile" | cut -d' ' -f1) - echo "$conffile $sha256" -done < "$PACKAGES_DIR/.conffiles" > "$PACKAGES_DIR/.conffiles_static" - -# .list (all files, excluding lib/apk/packages/ metadata) -(cd "$ROOT_DIR" && find . -type f -o -type l) \ - | sed 's|^\./|/|' \ - | grep -v '^/lib/apk/packages/' \ - | sort > "$PACKAGES_DIR/.list" - -# Build APK -apk mkpkg \ - --info "name:sing-box" \ - --info "version:${APK_VERSION}" \ - --info "description:The universal proxy platform." \ - --info "arch:${ARCHITECTURE}" \ - --info "license:GPL-3.0-or-later with name use or association addition" \ - --info "origin:sing-box" \ - --info "url:https://sing-box.sagernet.org/" \ - --info "maintainer:nekohasekai " \ - --files "$ROOT_DIR" \ - --output "$OUTPUT_PATH" diff --git a/.github/build_openwrt_apk.sh b/.github/build_openwrt_apk.sh deleted file mode 100755 index 49e1c131..00000000 --- a/.github/build_openwrt_apk.sh +++ /dev/null @@ -1,80 +0,0 @@ -#!/usr/bin/env bash - -set -e -o pipefail - -ARCHITECTURE="$1" -VERSION="$2" -BINARY_PATH="$3" -OUTPUT_PATH="$4" - -if [ -z "$ARCHITECTURE" ] || [ -z "$VERSION" ] || [ -z "$BINARY_PATH" ] || [ -z "$OUTPUT_PATH" ]; then - echo "Usage: $0 " - exit 1 -fi - -PROJECT=$(cd "$(dirname "$0")/.."; pwd) - -# Convert version to APK format: -# 1.13.0-beta.8 -> 1.13.0_beta8-r0 -# 1.13.0-rc.3 -> 1.13.0_rc3-r0 -# 1.13.0 -> 1.13.0-r0 -APK_VERSION=$(echo "$VERSION" | sed -E 's/-([a-z]+)\.([0-9]+)/_\1\2/') -APK_VERSION="${APK_VERSION}-r0" - -ROOT_DIR=$(mktemp -d) -trap 'rm -rf "$ROOT_DIR"' EXIT - -# Binary -install -Dm755 "$BINARY_PATH" "$ROOT_DIR/usr/bin/sing-box" - -# Config files -install -Dm644 "$PROJECT/release/config/config.json" "$ROOT_DIR/etc/sing-box/config.json" -install -Dm644 "$PROJECT/release/config/openwrt.conf" "$ROOT_DIR/etc/config/sing-box" -install -Dm755 "$PROJECT/release/config/openwrt.init" "$ROOT_DIR/etc/init.d/sing-box" -install -Dm644 "$PROJECT/release/config/openwrt.keep" "$ROOT_DIR/lib/upgrade/keep.d/sing-box" - -# Completions -install -Dm644 "$PROJECT/release/completions/sing-box.bash" "$ROOT_DIR/usr/share/bash-completion/completions/sing-box.bash" -install -Dm644 "$PROJECT/release/completions/sing-box.fish" "$ROOT_DIR/usr/share/fish/vendor_completions.d/sing-box.fish" -install -Dm644 "$PROJECT/release/completions/sing-box.zsh" "$ROOT_DIR/usr/share/zsh/site-functions/_sing-box" - -# License -install -Dm644 "$PROJECT/LICENSE" "$ROOT_DIR/usr/share/licenses/sing-box/LICENSE" - -# APK metadata -PACKAGES_DIR="$ROOT_DIR/lib/apk/packages" -mkdir -p "$PACKAGES_DIR" - -# .conffiles -cat > "$PACKAGES_DIR/.conffiles" <<'EOF' -/etc/config/sing-box -/etc/sing-box/config.json -EOF - -# .conffiles_static (sha256 checksums) -while IFS= read -r conffile; do - sha256=$(sha256sum "$ROOT_DIR$conffile" | cut -d' ' -f1) - echo "$conffile $sha256" -done < "$PACKAGES_DIR/.conffiles" > "$PACKAGES_DIR/.conffiles_static" - -# .list (all files, excluding lib/apk/packages/ metadata) -(cd "$ROOT_DIR" && find . -type f -o -type l) \ - | sed 's|^\./|/|' \ - | grep -v '^/lib/apk/packages/' \ - | sort > "$PACKAGES_DIR/.list" - -# Build APK -apk mkpkg \ - --info "name:sing-box" \ - --info "version:${APK_VERSION}" \ - --info "description:The universal proxy platform." \ - --info "arch:${ARCHITECTURE}" \ - --info "license:GPL-3.0-or-later" \ - --info "origin:sing-box" \ - --info "url:https://sing-box.sagernet.org/" \ - --info "maintainer:nekohasekai " \ - --info "depends:ca-bundle kmod-inet-diag kmod-tun firewall4 kmod-nft-queue" \ - --info "provider-priority:100" \ - --script "pre-deinstall:${PROJECT}/release/config/openwrt.prerm" \ - --files "$ROOT_DIR" \ - --output "$OUTPUT_PATH" diff --git a/.github/deb2ipk.sh b/.github/deb2ipk.sh deleted file mode 100755 index 0b820533..00000000 --- a/.github/deb2ipk.sh +++ /dev/null @@ -1,28 +0,0 @@ -#!/usr/bin/env bash -# mod from https://gist.github.com/pldubouilh/c5703052986bfdd404005951dee54683 - -set -e -o pipefail - -PROJECT=$(dirname "$0")/../.. -TMP_PATH=`mktemp -d` -cp $2 $TMP_PATH -pushd $TMP_PATH - -DEB_NAME=`ls *.deb` -ar x $DEB_NAME - -mkdir control -pushd control -tar xf ../control.tar.gz -rm md5sums -sed "s/Architecture:\\ \w*/Architecture:\\ $1/g" ./control -i -cat control -tar czf ../control.tar.gz ./* -popd - -DEB_NAME=${DEB_NAME%.deb} -tar czf $DEB_NAME.ipk control.tar.gz data.tar.gz debian-binary -popd - -cp $TMP_PATH/$DEB_NAME.ipk $3 -rm -r $TMP_PATH diff --git a/.github/detect_track.sh b/.github/detect_track.sh deleted file mode 100755 index 124ca6e2..00000000 --- a/.github/detect_track.sh +++ /dev/null @@ -1,33 +0,0 @@ -#!/usr/bin/env bash -set -euo pipefail - -branches=$(git branch -r --contains HEAD) -if echo "$branches" | grep -q 'origin/stable'; then - track=stable -elif echo "$branches" | grep -q 'origin/testing'; then - track=testing -elif echo "$branches" | grep -q 'origin/oldstable'; then - track=oldstable -else - echo "ERROR: HEAD is not on any known release branch (stable/testing/oldstable)" >&2 - exit 1 -fi - -if [[ "$track" == "stable" ]]; then - tag=$(git describe --tags --exact-match HEAD 2>/dev/null || true) - if [[ -n "$tag" && "$tag" == *"-"* ]]; then - track=beta - fi -fi - -case "$track" in - stable) name=sing-box; docker_tag=latest ;; - beta) name=sing-box-beta; docker_tag=latest-beta ;; - testing) name=sing-box-testing; docker_tag=latest-testing ;; - oldstable) name=sing-box-oldstable; docker_tag=latest-oldstable ;; -esac - -echo "track=${track} name=${name} docker_tag=${docker_tag}" >&2 -echo "TRACK=${track}" >> "$GITHUB_ENV" -echo "NAME=${name}" >> "$GITHUB_ENV" -echo "DOCKER_TAG=${docker_tag}" >> "$GITHUB_ENV" diff --git a/.github/renovate.json b/.github/renovate.json deleted file mode 100644 index e24ff248..00000000 --- a/.github/renovate.json +++ /dev/null @@ -1,28 +0,0 @@ -{ - "$schema": "https://docs.renovatebot.com/renovate-schema.json", - "commitMessagePrefix": "[dependencies]", - "extends": [ - "config:base", - ":disableRateLimiting" - ], - "baseBranches": [ - "unstable" - ], - "golang": { - "enabled": false - }, - "packageRules": [ - { - "matchManagers": [ - "github-actions" - ], - "groupName": "github-actions" - }, - { - "matchManagers": [ - "dockerfile" - ], - "groupName": "Dockerfile" - } - ] -} \ No newline at end of file diff --git a/.github/setup_go_for_macos1013.sh b/.github/setup_go_for_macos1013.sh deleted file mode 100755 index 9889d236..00000000 --- a/.github/setup_go_for_macos1013.sh +++ /dev/null @@ -1,45 +0,0 @@ -#!/usr/bin/env bash - -set -euo pipefail - -VERSION="1.25.9" -PATCH_COMMITS=( - "afe69d3cec1c6dcf0f1797b20546795730850070" - "1ed289b0cf87dc5aae9c6fe1aa5f200a83412938" -) -CURL_ARGS=( - -fL - --silent - --show-error -) - -if [[ -n "${GITHUB_TOKEN:-}" ]]; then - CURL_ARGS+=(-H "Authorization: Bearer ${GITHUB_TOKEN}") -fi - -mkdir -p "$HOME/go" -cd "$HOME/go" -wget "https://dl.google.com/go/go${VERSION}.darwin-arm64.tar.gz" -tar -xzf "go${VERSION}.darwin-arm64.tar.gz" -#cp -a go go_bootstrap -mv go go_osx -cd go_osx - -# these patch URLs only work on golang1.25.x -# that means after golang1.26 release it must be changed -# see: https://github.com/SagerNet/go/commits/release-branch.go1.25/ -# revert: -# 33d3f603c1: "cmd/link/internal/ld: use 12.0.0 OS/SDK versions for macOS linking" -# 937368f84e: "crypto/x509: change how we retrieve chains on darwin" - -for patch_commit in "${PATCH_COMMITS[@]}"; do - curl "${CURL_ARGS[@]}" "https://github.com/SagerNet/go/commit/${patch_commit}.diff" | patch --verbose -p 1 -done - -# Rebuild is not needed: we build with CGO_ENABLED=1, so Apple's external -# linker handles LC_BUILD_VERSION via MACOSX_DEPLOYMENT_TARGET, and the -# stdlib (crypto/x509) is compiled from patched src automatically. -#cd src -#GOROOT_BOOTSTRAP="$HOME/go/go_bootstrap" ./make.bash -#cd ../.. -#rm -rf go_bootstrap "go${VERSION}.darwin-arm64.tar.gz" diff --git a/.github/setup_go_for_windows7.sh b/.github/setup_go_for_windows7.sh deleted file mode 100755 index e8c36596..00000000 --- a/.github/setup_go_for_windows7.sh +++ /dev/null @@ -1,46 +0,0 @@ -#!/usr/bin/env bash - -set -euo pipefail - -VERSION="1.25.9" -PATCH_COMMITS=( - "466f6c7a29bc098b0d4c987b803c779222894a11" - "1bdabae205052afe1dadb2ad6f1ba612cdbc532a" - "a90777dcf692dd2168577853ba743b4338721b06" - "f6bddda4e8ff58a957462a1a09562924d5f3d05c" - "bed309eff415bcb3c77dd4bc3277b682b89a388d" - "34b899c2fb39b092db4fa67c4417e41dc046be4b" -) -CURL_ARGS=( - -fL - --silent - --show-error -) - -if [[ -n "${GITHUB_TOKEN:-}" ]]; then - CURL_ARGS+=(-H "Authorization: Bearer ${GITHUB_TOKEN}") -fi - -mkdir -p "$HOME/go" -cd "$HOME/go" -wget "https://dl.google.com/go/go${VERSION}.linux-amd64.tar.gz" -tar -xzf "go${VERSION}.linux-amd64.tar.gz" -mv go go_win7 -cd go_win7 - -# modify from https://github.com/restic/restic/issues/4636#issuecomment-1896455557 -# these patch URLs only work on golang1.25.x -# that means after golang1.26 release it must be changed -# see: https://github.com/MetaCubeX/go/commits/release-branch.go1.25/ -# revert: -# 693def151adff1af707d82d28f55dba81ceb08e1: "crypto/rand,runtime: switch RtlGenRandom for ProcessPrng" -# 7c1157f9544922e96945196b47b95664b1e39108: "net: remove sysSocket fallback for Windows 7" -# 48042aa09c2f878c4faa576948b07fe625c4707a: "syscall: remove Windows 7 console handle workaround" -# a17d959debdb04cd550016a3501dd09d50cd62e7: "runtime: always use LoadLibraryEx to load system libraries" -# fixes: -# bed309eff415bcb3c77dd4bc3277b682b89a388d: "Fix os.RemoveAll not working on Windows7" -# 34b899c2fb39b092db4fa67c4417e41dc046be4b: "Revert \"os: remove 5ms sleep on Windows in (*Process).Wait\"" - -for patch_commit in "${PATCH_COMMITS[@]}"; do - curl "${CURL_ARGS[@]}" "https://github.com/MetaCubeX/go/commit/${patch_commit}.diff" | patch --verbose -p 1 -done diff --git a/.github/update_clients.sh b/.github/update_clients.sh deleted file mode 100755 index c77afbb4..00000000 --- a/.github/update_clients.sh +++ /dev/null @@ -1,14 +0,0 @@ -#!/usr/bin/env bash - -PROJECTS=$(dirname "$0")/../.. - -function updateClient() { - pushd clients/$1 - git fetch - git reset FETCH_HEAD --hard - popd - git add clients/$1 -} - -updateClient "apple" -updateClient "android" diff --git a/.github/update_cronet.sh b/.github/update_cronet.sh deleted file mode 100755 index 17716b83..00000000 --- a/.github/update_cronet.sh +++ /dev/null @@ -1,13 +0,0 @@ -#!/usr/bin/env bash - -set -e -o pipefail - -SCRIPT_DIR=$(dirname "$0") -PROJECTS=$SCRIPT_DIR/../.. - -git -C $PROJECTS/cronet-go fetch origin main -git -C $PROJECTS/cronet-go fetch origin go -go get -x github.com/sagernet/cronet-go/all@$(git -C $PROJECTS/cronet-go rev-parse origin/go) -go get -x github.com/sagernet/cronet-go@$(git -C $PROJECTS/cronet-go rev-parse origin/go) -go mod tidy -git -C $PROJECTS/cronet-go rev-parse origin/go > "$SCRIPT_DIR/CRONET_GO_VERSION" diff --git a/.github/update_cronet_dev.sh b/.github/update_cronet_dev.sh deleted file mode 100755 index 13f7090c..00000000 --- a/.github/update_cronet_dev.sh +++ /dev/null @@ -1,13 +0,0 @@ -#!/usr/bin/env bash - -set -e -o pipefail - -SCRIPT_DIR=$(dirname "$0") -PROJECTS=$SCRIPT_DIR/../.. - -git -C $PROJECTS/cronet-go fetch origin dev -git -C $PROJECTS/cronet-go fetch origin go_dev -go get -x github.com/sagernet/cronet-go/all@$(git -C $PROJECTS/cronet-go rev-parse origin/go_dev) -go get -x github.com/sagernet/cronet-go@$(git -C $PROJECTS/cronet-go rev-parse origin/go_dev) -go mod tidy -git -C $PROJECTS/cronet-go rev-parse origin/dev > "$SCRIPT_DIR/CRONET_GO_VERSION" diff --git a/.github/update_dependencies.sh b/.github/update_dependencies.sh deleted file mode 100755 index 4702ddfe..00000000 --- a/.github/update_dependencies.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/usr/bin/env bash - -PROJECTS=$(dirname "$0")/../.. -go get -x github.com/sagernet/$1@$(git -C $PROJECTS/$1 rev-parse HEAD) -go mod tidy diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml deleted file mode 100644 index 9d144536..00000000 --- a/.github/workflows/build.yml +++ /dev/null @@ -1,1019 +0,0 @@ -name: Build - -on: - workflow_dispatch: - inputs: - version: - description: "Version name" - required: true - type: string - build: - description: "Build type" - required: true - type: choice - default: "All" - options: - - All - - Binary - - Android - - Apple - - app-store - - iOS - - macOS - - tvOS - - macOS-standalone - - publish-android - push: - branches: - - stable - - testing - - unstable - -concurrency: - group: ${{ github.workflow }}-${{ github.ref }}-${{ github.event_name }}-${{ inputs.build }} - cancel-in-progress: true - -jobs: - calculate_version: - name: Calculate version - runs-on: ubuntu-latest - outputs: - version: ${{ steps.outputs.outputs.version }} - steps: - - name: Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5 - with: - fetch-depth: 0 - - name: Setup Go - uses: actions/setup-go@v5 - with: - go-version: ~1.25.9 - - name: Check input version - if: github.event_name == 'workflow_dispatch' - run: |- - echo "version=${{ inputs.version }}" - echo "version=${{ inputs.version }}" >> "$GITHUB_ENV" - - name: Calculate version - if: github.event_name != 'workflow_dispatch' - run: |- - go run -v ./cmd/internal/read_tag --ci --nightly - - name: Set outputs - id: outputs - run: |- - echo "version=$version" >> "$GITHUB_OUTPUT" - build: - name: Build binary - if: github.event_name != 'workflow_dispatch' || inputs.build == 'All' || inputs.build == 'Binary' - runs-on: ubuntu-latest - needs: - - calculate_version - strategy: - matrix: - include: - - { os: linux, arch: amd64, variant: purego, naive: true } - - { os: linux, arch: amd64, variant: glibc, naive: true } - - { os: linux, arch: amd64, variant: musl, naive: true, debian: amd64, rpm: x86_64, pacman: x86_64, alpine: x86_64, openwrt: "x86_64" } - - - { os: linux, arch: arm64, variant: purego, naive: true } - - { os: linux, arch: arm64, variant: glibc, naive: true } - - { os: linux, arch: arm64, variant: musl, naive: true, debian: arm64, rpm: aarch64, pacman: aarch64, alpine: aarch64, openwrt: "aarch64_cortex-a53 aarch64_cortex-a72 aarch64_cortex-a76 aarch64_generic" } - - - { os: linux, arch: "386", go386: sse2 } - - { os: linux, arch: "386", variant: glibc, naive: true, go386: sse2 } - - { os: linux, arch: "386", variant: musl, naive: true, go386: sse2, debian: i386, rpm: i386, alpine: x86, openwrt: "i386_pentium4" } - - - { os: linux, arch: arm, goarm: "7" } - - { os: linux, arch: arm, variant: glibc, naive: true, goarm: "7" } - - { os: linux, arch: arm, variant: musl, naive: true, goarm: "7", debian: armhf, rpm: armv7hl, pacman: armv7hl, alpine: armv7, openwrt: "arm_cortex-a5_vfpv4 arm_cortex-a7_neon-vfpv4 arm_cortex-a7_vfpv4 arm_cortex-a8_vfpv3 arm_cortex-a9_neon arm_cortex-a9_vfpv3-d16 arm_cortex-a15_neon-vfpv4" } - - - { os: linux, arch: mipsle, gomips: hardfloat, naive: true, variant: glibc } - - { os: linux, arch: mipsle, gomips: softfloat, naive: true, variant: musl, debian: mipsel, rpm: mipsel, openwrt: "mipsel_24kc mipsel_74kc mipsel_mips32" } - - { os: linux, arch: mips64le, gomips: hardfloat, naive: true, variant: glibc, debian: mips64el, rpm: mips64el } - - { os: linux, arch: riscv64, naive: true, variant: glibc } - - { os: linux, arch: riscv64, naive: true, variant: musl, debian: riscv64, rpm: riscv64, alpine: riscv64, openwrt: "riscv64_generic" } - - { os: linux, arch: loong64, naive: true, variant: glibc } - - { os: linux, arch: loong64, naive: true, variant: musl, debian: loongarch64, rpm: loongarch64, alpine: loongarch64, openwrt: "loongarch64_generic" } - - - { os: linux, arch: "386", go386: softfloat, openwrt: "i386_pentium-mmx" } - - { os: linux, arch: arm, goarm: "5", openwrt: "arm_arm926ej-s arm_cortex-a7 arm_cortex-a9 arm_fa526 arm_xscale" } - - { os: linux, arch: arm, goarm: "6", debian: armel, rpm: armv6hl, openwrt: "arm_arm1176jzf-s_vfp" } - - { os: linux, arch: mips, gomips: softfloat, openwrt: "mips_24kc mips_4kec mips_mips32" } - - { os: linux, arch: mipsle, gomips: hardfloat, openwrt: "mipsel_24kc_24kf" } - - { os: linux, arch: mipsle, gomips: softfloat } - - { os: linux, arch: mips64, gomips: softfloat, openwrt: "mips64_mips64r2 mips64_octeonplus" } - - { os: linux, arch: mips64le, gomips: hardfloat } - - { os: linux, arch: mips64le, gomips: softfloat, openwrt: "mips64el_mips64r2" } - - { os: linux, arch: s390x, debian: s390x, rpm: s390x } - - { os: linux, arch: ppc64le, debian: ppc64el, rpm: ppc64le } - - { os: linux, arch: riscv64 } - - { os: linux, arch: loong64 } - - - { os: windows, arch: amd64, legacy_win7: true, legacy_name: "windows-7" } - - { os: windows, arch: "386", legacy_win7: true, legacy_name: "windows-7" } - - - { os: android, arch: arm64, ndk: "aarch64-linux-android23" } - - { os: android, arch: arm, ndk: "armv7a-linux-androideabi23" } - - { os: android, arch: amd64, ndk: "x86_64-linux-android23" } - - { os: android, arch: "386", ndk: "i686-linux-android23" } - steps: - - name: Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5 - with: - fetch-depth: 0 - - name: Setup Go - if: ${{ ! matrix.legacy_win7 }} - uses: actions/setup-go@v5 - with: - go-version: ~1.25.9 - - name: Cache Go for Windows 7 - if: matrix.legacy_win7 - id: cache-go-for-windows7 - uses: actions/cache@v4 - with: - path: | - ~/go/go_win7 - key: go_win7_1258 - - name: Setup Go for Windows 7 - if: matrix.legacy_win7 && steps.cache-go-for-windows7.outputs.cache-hit != 'true' - env: - GITHUB_TOKEN: ${{ github.token }} - run: |- - .github/setup_go_for_windows7.sh - - name: Setup Go for Windows 7 - if: matrix.legacy_win7 - run: |- - echo "PATH=$HOME/go/go_win7/bin:$PATH" >> $GITHUB_ENV - echo "GOROOT=$HOME/go/go_win7" >> $GITHUB_ENV - - name: Setup Android NDK - if: matrix.os == 'android' - uses: nttld/setup-ndk@v1 - with: - ndk-version: r28 - local-cache: true - - name: Clone cronet-go - if: matrix.naive - run: | - set -xeuo pipefail - CRONET_GO_VERSION=$(cat .github/CRONET_GO_VERSION) - git init ~/cronet-go - git -C ~/cronet-go remote add origin https://github.com/sagernet/cronet-go.git - git -C ~/cronet-go fetch --depth=1 origin "$CRONET_GO_VERSION" - git -C ~/cronet-go checkout FETCH_HEAD - git -C ~/cronet-go submodule update --init --recursive --depth=1 - - name: Regenerate Debian keyring - if: matrix.naive - run: | - set -xeuo pipefail - rm -f ~/cronet-go/naiveproxy/src/build/linux/sysroot_scripts/keyring.gpg - cd ~/cronet-go - GPG_TTY=/dev/null ./naiveproxy/src/build/linux/sysroot_scripts/generate_keyring.sh - - name: Cache Chromium toolchain - if: matrix.naive - id: cache-chromium-toolchain - uses: actions/cache@v4 - with: - path: | - ~/cronet-go/naiveproxy/src/third_party/llvm-build/ - ~/cronet-go/naiveproxy/src/gn/out/ - ~/cronet-go/naiveproxy/src/chrome/build/pgo_profiles/ - ~/cronet-go/naiveproxy/src/out/sysroot-build/ - key: chromium-toolchain-${{ matrix.arch }}-${{ matrix.variant }}-${{ hashFiles('.github/CRONET_GO_VERSION') }} - - name: Download Chromium toolchain - if: matrix.naive - run: | - set -xeuo pipefail - cd ~/cronet-go - if [[ "${{ matrix.variant }}" == "musl" ]]; then - go run ./cmd/build-naive --target=linux/${{ matrix.arch }} --libc=musl download-toolchain - else - go run ./cmd/build-naive --target=linux/${{ matrix.arch }} download-toolchain - fi - - name: Set Chromium toolchain environment - if: matrix.naive - run: | - set -xeuo pipefail - cd ~/cronet-go - if [[ "${{ matrix.variant }}" == "musl" ]]; then - go run ./cmd/build-naive --target=linux/${{ matrix.arch }} --libc=musl env >> $GITHUB_ENV - else - go run ./cmd/build-naive --target=linux/${{ matrix.arch }} env >> $GITHUB_ENV - fi - - name: Set tag - run: |- - git ls-remote --exit-code --tags origin v${{ needs.calculate_version.outputs.version }} || echo "PUBLISHED=false" >> "$GITHUB_ENV" - git tag v${{ needs.calculate_version.outputs.version }} -f - - name: Set build tags - run: | - set -xeuo pipefail - if [[ "${{ matrix.naive }}" == "true" ]]; then - TAGS=$(cat release/DEFAULT_BUILD_TAGS) - else - TAGS=$(cat release/DEFAULT_BUILD_TAGS_OTHERS) - fi - if [[ "${{ matrix.variant }}" == "purego" ]]; then - TAGS="${TAGS},with_purego" - elif [[ "${{ matrix.variant }}" == "musl" ]]; then - TAGS="${TAGS},with_musl" - fi - echo "BUILD_TAGS=${TAGS}" >> "${GITHUB_ENV}" - - name: Set shared ldflags - run: | - echo "LDFLAGS_SHARED=$(cat release/LDFLAGS)" >> "${GITHUB_ENV}" - - name: Build (purego) - if: matrix.variant == 'purego' - run: | - set -xeuo pipefail - mkdir -p dist - go build -v -trimpath -o dist/sing-box -tags "${BUILD_TAGS}" \ - -ldflags "-X 'github.com/sagernet/sing-box/constant.Version=${{ needs.calculate_version.outputs.version }}' ${LDFLAGS_SHARED} -s -w -buildid=" \ - ./cmd/sing-box - env: - CGO_ENABLED: "0" - GOOS: ${{ matrix.os }} - GOARCH: ${{ matrix.arch }} - GO386: ${{ matrix.go386 }} - GOARM: ${{ matrix.goarm }} - GOMIPS: ${{ matrix.gomips }} - GOMIPS64: ${{ matrix.gomips }} - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - name: Extract libcronet.so - if: matrix.variant == 'purego' && matrix.naive - run: | - cd ~/cronet-go - CGO_ENABLED=0 go run -v ./cmd/build-naive extract-lib --target ${{ matrix.os }}/${{ matrix.arch }} -o $GITHUB_WORKSPACE/dist - - name: Build (glibc) - if: matrix.variant == 'glibc' - run: | - set -xeuo pipefail - mkdir -p dist - go build -v -trimpath -o dist/sing-box -tags "${BUILD_TAGS}" \ - -ldflags "-X 'github.com/sagernet/sing-box/constant.Version=${{ needs.calculate_version.outputs.version }}' ${LDFLAGS_SHARED} -s -w -buildid=" \ - ./cmd/sing-box - env: - CGO_ENABLED: "1" - GOOS: linux - GOARCH: ${{ matrix.arch }} - GO386: ${{ matrix.go386 }} - GOARM: ${{ matrix.goarm }} - GOMIPS: ${{ matrix.gomips }} - GOMIPS64: ${{ matrix.gomips }} - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - name: Build (musl) - if: matrix.variant == 'musl' - run: | - set -xeuo pipefail - mkdir -p dist - go build -v -trimpath -o dist/sing-box -tags "${BUILD_TAGS}" \ - -ldflags "-X 'github.com/sagernet/sing-box/constant.Version=${{ needs.calculate_version.outputs.version }}' ${LDFLAGS_SHARED} -s -w -buildid=" \ - ./cmd/sing-box - env: - CGO_ENABLED: "1" - GOOS: linux - GOARCH: ${{ matrix.arch }} - GO386: ${{ matrix.go386 }} - GOARM: ${{ matrix.goarm }} - GOMIPS: ${{ matrix.gomips }} - GOMIPS64: ${{ matrix.gomips }} - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - name: Build (non-variant) - if: matrix.os != 'android' && matrix.variant == '' - run: | - set -xeuo pipefail - mkdir -p dist - go build -v -trimpath -o dist/sing-box -tags "${BUILD_TAGS}" \ - -ldflags "-X 'github.com/sagernet/sing-box/constant.Version=${{ needs.calculate_version.outputs.version }}' ${LDFLAGS_SHARED} -s -w -buildid=" \ - ./cmd/sing-box - env: - CGO_ENABLED: "0" - GOOS: ${{ matrix.os }} - GOARCH: ${{ matrix.arch }} - GO386: ${{ matrix.go386 }} - GOARM: ${{ matrix.goarm }} - GOMIPS: ${{ matrix.gomips }} - GOMIPS64: ${{ matrix.gomips }} - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - name: Build Android - if: matrix.os == 'android' - run: | - set -xeuo pipefail - go install -v ./cmd/internal/build - export CC='${{ matrix.ndk }}-clang' - export CXX="${CC}++" - mkdir -p dist - GOOS=$BUILD_GOOS GOARCH=$BUILD_GOARCH build go build -v -trimpath -o dist/sing-box -tags "${BUILD_TAGS}" \ - -ldflags "-X 'github.com/sagernet/sing-box/constant.Version=${{ needs.calculate_version.outputs.version }}' ${LDFLAGS_SHARED} -s -w -buildid=" \ - ./cmd/sing-box - env: - CGO_ENABLED: "1" - BUILD_GOOS: ${{ matrix.os }} - BUILD_GOARCH: ${{ matrix.arch }} - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - name: Set name - run: |- - DIR_NAME="sing-box-${{ needs.calculate_version.outputs.version }}-${{ matrix.os }}-${{ matrix.arch }}" - if [[ -n "${{ matrix.goarm }}" ]]; then - DIR_NAME="${DIR_NAME}v${{ matrix.goarm }}" - elif [[ -n "${{ matrix.go386 }}" && "${{ matrix.go386 }}" != 'sse2' ]]; then - DIR_NAME="${DIR_NAME}-${{ matrix.go386 }}" - elif [[ -n "${{ matrix.gomips }}" && "${{ matrix.gomips }}" != 'hardfloat' ]]; then - DIR_NAME="${DIR_NAME}-${{ matrix.gomips }}" - elif [[ -n "${{ matrix.legacy_name }}" ]]; then - DIR_NAME="${DIR_NAME}-legacy-${{ matrix.legacy_name }}" - fi - if [[ "${{ matrix.variant }}" == "glibc" ]]; then - DIR_NAME="${DIR_NAME}-glibc" - elif [[ "${{ matrix.variant }}" == "musl" ]]; then - DIR_NAME="${DIR_NAME}-musl" - fi - echo "DIR_NAME=${DIR_NAME}" >> "${GITHUB_ENV}" - PKG_VERSION="${{ needs.calculate_version.outputs.version }}" - PKG_VERSION="${PKG_VERSION//-/\~}" - echo "PKG_VERSION=${PKG_VERSION}" >> "${GITHUB_ENV}" - - name: Package DEB - if: matrix.debian != '' - run: | - set -xeuo pipefail - sudo gem install fpm - sudo apt-get update - sudo apt-get install -y debsigs - cp .fpm_systemd .fpm - fpm -t deb \ - -v "$PKG_VERSION" \ - -p "dist/sing-box_${{ needs.calculate_version.outputs.version }}_${{ matrix.os }}_${{ matrix.debian }}.deb" \ - --architecture ${{ matrix.debian }} \ - dist/sing-box=/usr/bin/sing-box - curl -Lo '/tmp/debsigs.diff' 'https://gitlab.com/debsigs/debsigs/-/commit/160138f5de1ec110376d3c807b60a37388bc7c90.diff' - sudo patch /usr/bin/debsigs < '/tmp/debsigs.diff' - rm -rf $HOME/.gnupg - gpg --pinentry-mode loopback --passphrase "${{ secrets.GPG_PASSPHRASE }}" --import < $HOME/.rpmmacros <> $GITHUB_ENV - echo "GOROOT=$HOME/go/go_osx" >> $GITHUB_ENV - - name: Set tag - run: |- - git ls-remote --exit-code --tags origin v${{ needs.calculate_version.outputs.version }} || echo "PUBLISHED=false" >> "$GITHUB_ENV" - git tag v${{ needs.calculate_version.outputs.version }} -f - - name: Set build tags - run: | - set -xeuo pipefail - if [[ "${{ matrix.legacy_osx }}" != "true" ]]; then - TAGS=$(cat release/DEFAULT_BUILD_TAGS) - else - TAGS=$(cat release/DEFAULT_BUILD_TAGS_OTHERS) - fi - echo "BUILD_TAGS=${TAGS}" >> "${GITHUB_ENV}" - - name: Set shared ldflags - run: | - echo "LDFLAGS_SHARED=$(cat release/LDFLAGS)" >> "${GITHUB_ENV}" - - name: Build - run: | - set -xeuo pipefail - mkdir -p dist - go build -v -trimpath -o dist/sing-box -tags "${BUILD_TAGS}" \ - -ldflags "-X 'github.com/sagernet/sing-box/constant.Version=${{ needs.calculate_version.outputs.version }}' ${LDFLAGS_SHARED} -s -w -buildid=" \ - ./cmd/sing-box - env: - CGO_ENABLED: "1" - GOOS: darwin - GOARCH: ${{ matrix.arch }} - MACOSX_DEPLOYMENT_TARGET: ${{ matrix.legacy_osx && '10.13' || '' }} - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - name: Set name - run: |- - DIR_NAME="sing-box-${{ needs.calculate_version.outputs.version }}-darwin-${{ matrix.arch }}" - if [[ -n "${{ matrix.legacy_name }}" ]]; then - DIR_NAME="${DIR_NAME}-legacy-${{ matrix.legacy_name }}" - fi - echo "DIR_NAME=${DIR_NAME}" >> "${GITHUB_ENV}" - - name: Archive - run: | - set -xeuo pipefail - cd dist - mkdir -p "${DIR_NAME}" - cp ../LICENSE "${DIR_NAME}" - cp sing-box "${DIR_NAME}" - tar -czvf "${DIR_NAME}.tar.gz" "${DIR_NAME}" - rm -r "${DIR_NAME}" - - name: Cleanup - run: rm dist/sing-box - - name: Upload artifact - uses: actions/upload-artifact@v4 - with: - name: binary-darwin_${{ matrix.arch }}${{ matrix.legacy_name && format('-legacy-{0}', matrix.legacy_name) }} - path: "dist" - build_windows: - name: Build Windows binaries - if: github.event_name != 'workflow_dispatch' || inputs.build == 'All' || inputs.build == 'Binary' - runs-on: windows-latest - needs: - - calculate_version - strategy: - matrix: - include: - - { arch: amd64, naive: true } - - { arch: "386" } - - { arch: arm64, naive: true } - steps: - - name: Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5 - with: - fetch-depth: 0 - - name: Setup Go - uses: actions/setup-go@v5 - with: - go-version: ^1.25.4 - - name: Set tag - run: |- - git ls-remote --exit-code --tags origin v${{ needs.calculate_version.outputs.version }} || echo "PUBLISHED=false" >> "$env:GITHUB_ENV" - git tag v${{ needs.calculate_version.outputs.version }} -f - - name: Build - if: matrix.naive - run: | - $TAGS = Get-Content release/DEFAULT_BUILD_TAGS_WINDOWS - $LDFLAGS_SHARED = Get-Content release/LDFLAGS - mkdir -p dist - go build -v -trimpath -o dist/sing-box.exe -tags "$TAGS" ` - -ldflags "-X 'github.com/sagernet/sing-box/constant.Version=${{ needs.calculate_version.outputs.version }}' $LDFLAGS_SHARED -s -w -buildid=" ` - ./cmd/sing-box - env: - CGO_ENABLED: "0" - GOOS: windows - GOARCH: ${{ matrix.arch }} - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - name: Build - if: ${{ !matrix.naive }} - run: | - $TAGS = Get-Content release/DEFAULT_BUILD_TAGS_OTHERS - $LDFLAGS_SHARED = Get-Content release/LDFLAGS - mkdir -p dist - go build -v -trimpath -o dist/sing-box.exe -tags "$TAGS" ` - -ldflags "-X 'github.com/sagernet/sing-box/constant.Version=${{ needs.calculate_version.outputs.version }}' $LDFLAGS_SHARED -s -w -buildid=" ` - ./cmd/sing-box - env: - CGO_ENABLED: "0" - GOOS: windows - GOARCH: ${{ matrix.arch }} - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - name: Extract libcronet.dll - if: matrix.naive - run: | - $CRONET_GO_VERSION = Get-Content .github/CRONET_GO_VERSION - $env:CGO_ENABLED = "0" - go run -v "github.com/sagernet/cronet-go/cmd/build-naive@$CRONET_GO_VERSION" extract-lib --target windows/${{ matrix.arch }} -o dist - - name: Archive - if: matrix.naive - run: | - $DIR_NAME = "sing-box-${{ needs.calculate_version.outputs.version }}-windows-${{ matrix.arch }}" - mkdir "dist/$DIR_NAME" - Copy-Item LICENSE "dist/$DIR_NAME" - Copy-Item "dist/sing-box.exe" "dist/$DIR_NAME" - Copy-Item "dist/libcronet.dll" "dist/$DIR_NAME" - Compress-Archive -Path "dist/$DIR_NAME" -DestinationPath "dist/$DIR_NAME.zip" - Remove-Item -Recurse "dist/$DIR_NAME" - - name: Archive - if: ${{ !matrix.naive }} - run: | - $DIR_NAME = "sing-box-${{ needs.calculate_version.outputs.version }}-windows-${{ matrix.arch }}" - mkdir "dist/$DIR_NAME" - Copy-Item LICENSE "dist/$DIR_NAME" - Copy-Item "dist/sing-box.exe" "dist/$DIR_NAME" - Compress-Archive -Path "dist/$DIR_NAME" -DestinationPath "dist/$DIR_NAME.zip" - Remove-Item -Recurse "dist/$DIR_NAME" - - name: Cleanup - if: matrix.naive - run: Remove-Item dist/sing-box.exe, dist/libcronet.dll - - name: Cleanup - if: ${{ !matrix.naive }} - run: Remove-Item dist/sing-box.exe - - name: Upload artifact - uses: actions/upload-artifact@v4 - with: - name: binary-windows_${{ matrix.arch }} - path: "dist" - build_android: - name: Build Android - if: (github.event_name != 'workflow_dispatch' || inputs.build == 'All' || inputs.build == 'Android') && github.ref != 'refs/heads/oldstable' - runs-on: ubuntu-latest - needs: - - calculate_version - steps: - - name: Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5 - with: - fetch-depth: 0 - submodules: 'recursive' - - name: Setup Go - uses: actions/setup-go@v5 - with: - go-version: ~1.25.9 - - name: Setup Android NDK - id: setup-ndk - uses: nttld/setup-ndk@v1 - with: - ndk-version: r28 - - name: Setup OpenJDK - run: |- - sudo apt update && sudo apt install -y openjdk-17-jdk-headless - /usr/lib/jvm/java-17-openjdk-amd64/bin/java --version - - name: Set tag - run: |- - git ls-remote --exit-code --tags origin v${{ needs.calculate_version.outputs.version }} || echo "PUBLISHED=false" >> "$GITHUB_ENV" - git tag v${{ needs.calculate_version.outputs.version }} -f - - name: Build library - run: |- - make lib_install - export PATH="$PATH:$(go env GOPATH)/bin" - make lib_android - env: - JAVA_HOME: /usr/lib/jvm/java-17-openjdk-amd64 - ANDROID_NDK_HOME: ${{ steps.setup-ndk.outputs.ndk-path }} - - name: Checkout main branch - if: github.ref == 'refs/heads/stable' && github.event_name != 'workflow_dispatch' - run: |- - cd clients/android - git checkout main - - name: Checkout dev branch - if: github.ref == 'refs/heads/testing' - run: |- - cd clients/android - git checkout dev - - name: Gradle cache - uses: actions/cache@v4 - with: - path: ~/.gradle - key: gradle-${{ hashFiles('**/*.gradle') }} - - name: Update version - if: github.event_name == 'workflow_dispatch' - run: |- - go run -v ./cmd/internal/update_android_version --ci - - name: Update nightly version - if: github.event_name != 'workflow_dispatch' - run: |- - go run -v ./cmd/internal/update_android_version --ci --nightly - - name: Build - run: |- - mkdir clients/android/app/libs - cp *.aar clients/android/app/libs - cd clients/android - ./gradlew :app:assembleOtherRelease :app:assembleOtherLegacyRelease - env: - JAVA_HOME: /usr/lib/jvm/java-17-openjdk-amd64 - ANDROID_NDK_HOME: ${{ steps.setup-ndk.outputs.ndk-path }} - LOCAL_PROPERTIES: ${{ secrets.LOCAL_PROPERTIES }} - - name: Prepare upload - run: |- - mkdir -p dist - #cp clients/android/app/build/outputs/apk/play/release/*.apk dist - cp clients/android/app/build/outputs/apk/other/release/*.apk dist - cp clients/android/app/build/outputs/apk/otherLegacy/release/*.apk dist - VERSION_CODE=$(grep VERSION_CODE clients/android/version.properties | cut -d= -f2) - VERSION_NAME=$(grep VERSION_NAME clients/android/version.properties | cut -d= -f2) - cat > dist/SFA-version-metadata.json << EOF - { - "version_code": ${VERSION_CODE}, - "version_name": "${VERSION_NAME}" - } - EOF - cat dist/SFA-version-metadata.json - - name: Upload artifact - uses: actions/upload-artifact@v4 - with: - name: binary-android-apks - path: 'dist' - publish_android: - name: Publish Android - if: github.event_name == 'workflow_dispatch' && inputs.build == 'publish-android' && github.ref != 'refs/heads/oldstable' - runs-on: ubuntu-latest - needs: - - calculate_version - steps: - - name: Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5 - with: - fetch-depth: 0 - submodules: 'recursive' - - name: Setup Go - uses: actions/setup-go@v5 - with: - go-version: ~1.25.9 - - name: Setup Android NDK - id: setup-ndk - uses: nttld/setup-ndk@v1 - with: - ndk-version: r28 - - name: Setup OpenJDK - run: |- - sudo apt update && sudo apt install -y openjdk-17-jdk-headless - /usr/lib/jvm/java-17-openjdk-amd64/bin/java --version - - name: Set tag - run: |- - git ls-remote --exit-code --tags origin v${{ needs.calculate_version.outputs.version }} || echo "PUBLISHED=false" >> "$GITHUB_ENV" - git tag v${{ needs.calculate_version.outputs.version }} -f - - name: Build library - run: |- - make lib_install - export PATH="$PATH:$(go env GOPATH)/bin" - make lib_android - env: - JAVA_HOME: /usr/lib/jvm/java-17-openjdk-amd64 - ANDROID_NDK_HOME: ${{ steps.setup-ndk.outputs.ndk-path }} - - name: Checkout main branch - if: github.ref == 'refs/heads/stable' && github.event_name != 'workflow_dispatch' - run: |- - cd clients/android - git checkout main - - name: Checkout dev branch - if: github.ref == 'refs/heads/testing' - run: |- - cd clients/android - git checkout dev - - name: Gradle cache - uses: actions/cache@v4 - with: - path: ~/.gradle - key: gradle-${{ hashFiles('**/*.gradle') }} - - name: Build - run: |- - go run -v ./cmd/internal/update_android_version --ci - mkdir clients/android/app/libs - cp *.aar clients/android/app/libs - cd clients/android - echo -n "$SERVICE_ACCOUNT_CREDENTIALS" | base64 --decode > service-account-credentials.json - ./gradlew :app:publishPlayReleaseBundle - env: - JAVA_HOME: /usr/lib/jvm/java-17-openjdk-amd64 - ANDROID_NDK_HOME: ${{ steps.setup-ndk.outputs.ndk-path }} - LOCAL_PROPERTIES: ${{ secrets.LOCAL_PROPERTIES }} - SERVICE_ACCOUNT_CREDENTIALS: ${{ secrets.SERVICE_ACCOUNT_CREDENTIALS }} - build_apple: - name: Build Apple clients - runs-on: macos-26 - if: false # github.event_name != 'workflow_dispatch' || inputs.build == 'All' || inputs.build == 'Apple' || inputs.build == 'app-store' || inputs.build == 'iOS' || inputs.build == 'macOS' || inputs.build == 'tvOS' || inputs.build == 'macOS-standalone' - needs: - - calculate_version - strategy: - matrix: - include: - - name: iOS - if: ${{ github.event_name != 'workflow_dispatch' || inputs.build == 'All' || inputs.build == 'Apple' || inputs.build == 'app-store'|| inputs.build == 'iOS' }} - platform: ios - scheme: SFI - destination: 'generic/platform=iOS' - archive: build/SFI.xcarchive - upload: SFI/Upload.plist - - name: macOS - if: ${{ github.event_name != 'workflow_dispatch' || inputs.build == 'All' || inputs.build == 'Apple' || inputs.build == 'app-store'|| inputs.build == 'macOS' }} - platform: macos - scheme: SFM - destination: 'generic/platform=macOS' - archive: build/SFM.xcarchive - upload: SFI/Upload.plist - - name: tvOS - if: ${{ github.event_name != 'workflow_dispatch' || inputs.build == 'All' || inputs.build == 'Apple' || inputs.build == 'app-store'|| inputs.build == 'tvOS' }} - platform: tvos - scheme: SFT - destination: 'generic/platform=tvOS' - archive: build/SFT.xcarchive - upload: SFI/Upload.plist - - name: macOS-standalone - if: ${{ github.event_name != 'workflow_dispatch' || inputs.build == 'All' || inputs.build == 'Apple' || inputs.build == 'macOS-standalone' }} - platform: macos - scheme: SFM.System - destination: 'generic/platform=macOS' - archive: build/SFM.System.xcarchive - export: SFM.System/Export.plist - export_path: build/SFM.System - steps: - - name: Checkout - if: matrix.if - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5 - with: - fetch-depth: 0 - submodules: 'recursive' - - name: Setup Go - if: matrix.if - uses: actions/setup-go@v5 - with: - go-version: ~1.25.9 - - name: Set tag - if: matrix.if - run: |- - git ls-remote --exit-code --tags origin v${{ needs.calculate_version.outputs.version }} || echo "PUBLISHED=false" >> "$GITHUB_ENV" - git tag v${{ needs.calculate_version.outputs.version }} -f - echo "VERSION=${{ needs.calculate_version.outputs.version }}" >> "$GITHUB_ENV" - - name: Checkout main branch - if: matrix.if && github.ref == 'refs/heads/stable' && github.event_name != 'workflow_dispatch' - run: |- - cd clients/apple - git checkout main - - name: Checkout dev branch - if: matrix.if && github.ref == 'refs/heads/testing' - run: |- - cd clients/apple - git checkout dev - - name: Setup certificates - if: matrix.if - run: |- - CERTIFICATE_PATH=$RUNNER_TEMP/Certificates.p12 - KEYCHAIN_PATH=$RUNNER_TEMP/certificates.keychain-db - echo -n "$CERTIFICATES_P12" | base64 --decode -o $CERTIFICATE_PATH - security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH - security set-keychain-settings -lut 21600 $KEYCHAIN_PATH - security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH - security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH - security set-key-partition-list -S apple-tool:,apple: -k "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH - security list-keychain -d user -s $KEYCHAIN_PATH - - PROFILES_ZIP_PATH=$RUNNER_TEMP/Profiles.zip - echo -n "$PROVISIONING_PROFILES" | base64 --decode -o $PROFILES_ZIP_PATH - - PROFILES_PATH="$HOME/Library/MobileDevice/Provisioning Profiles" - mkdir -p "$PROFILES_PATH" - unzip $PROFILES_ZIP_PATH -d "$PROFILES_PATH" - - ASC_KEY_PATH=$RUNNER_TEMP/Key.p12 - echo -n "$ASC_KEY" | base64 --decode -o $ASC_KEY_PATH - - xcrun notarytool store-credentials "notarytool-password" \ - --key $ASC_KEY_PATH \ - --key-id $ASC_KEY_ID \ - --issuer $ASC_KEY_ISSUER_ID - - echo "ASC_KEY_PATH=$ASC_KEY_PATH" >> "$GITHUB_ENV" - echo "ASC_KEY_ID=$ASC_KEY_ID" >> "$GITHUB_ENV" - echo "ASC_KEY_ISSUER_ID=$ASC_KEY_ISSUER_ID" >> "$GITHUB_ENV" - env: - CERTIFICATES_P12: ${{ secrets.CERTIFICATES_P12 }} - P12_PASSWORD: ${{ secrets.P12_PASSWORD }} - KEYCHAIN_PASSWORD: ${{ secrets.P12_PASSWORD }} - PROVISIONING_PROFILES: ${{ secrets.PROVISIONING_PROFILES }} - ASC_KEY: ${{ secrets.ASC_KEY }} - ASC_KEY_ID: ${{ secrets.ASC_KEY_ID }} - ASC_KEY_ISSUER_ID: ${{ secrets.ASC_KEY_ISSUER_ID }} - - name: Build library - if: matrix.if - run: |- - make lib_install - export PATH="$PATH:$(go env GOPATH)/bin" - go run ./cmd/internal/build_libbox -target apple -platform ${{ matrix.platform }} - mv Libbox.xcframework clients/apple - - name: Update macOS version - if: matrix.if && matrix.name == 'macOS' && github.event_name == 'workflow_dispatch' - run: |- - MACOS_PROJECT_VERSION=$(go run -v ./cmd/internal/app_store_connect next_macos_project_version) - echo "MACOS_PROJECT_VERSION=$MACOS_PROJECT_VERSION" - echo "MACOS_PROJECT_VERSION=$MACOS_PROJECT_VERSION" >> "$GITHUB_ENV" - - name: Update version - if: matrix.if && matrix.name != 'iOS' - run: |- - go run -v ./cmd/internal/update_apple_version --ci - - name: Build - if: matrix.if - run: |- - cd clients/apple - xcodebuild archive \ - -scheme "${{ matrix.scheme }}" \ - -configuration Release \ - -destination "${{ matrix.destination }}" \ - -archivePath "${{ matrix.archive }}" \ - -allowProvisioningUpdates \ - -authenticationKeyPath $ASC_KEY_PATH \ - -authenticationKeyID $ASC_KEY_ID \ - -authenticationKeyIssuerID $ASC_KEY_ISSUER_ID - - name: Upload to App Store Connect - if: matrix.if && matrix.name != 'macOS-standalone' && github.event_name == 'workflow_dispatch' - run: |- - go run -v ./cmd/internal/app_store_connect cancel_app_store ${{ matrix.platform }} - cd clients/apple - xcodebuild -exportArchive \ - -archivePath "${{ matrix.archive }}" \ - -exportOptionsPlist ${{ matrix.upload }} \ - -allowProvisioningUpdates \ - -authenticationKeyPath $ASC_KEY_PATH \ - -authenticationKeyID $ASC_KEY_ID \ - -authenticationKeyIssuerID $ASC_KEY_ISSUER_ID - - name: Publish to TestFlight - if: matrix.if && matrix.name != 'macOS-standalone' && github.event_name == 'workflow_dispatch' && github.ref =='refs/heads/testing' - run: |- - go run -v ./cmd/internal/app_store_connect publish_testflight ${{ matrix.platform }} - - name: Build image - if: matrix.if && matrix.name == 'macOS-standalone' && github.event_name == 'workflow_dispatch' - run: |- - pushd clients/apple - xcodebuild -exportArchive \ - -archivePath "${{ matrix.archive }}" \ - -exportOptionsPlist ${{ matrix.export }} \ - -exportPath "${{ matrix.export_path }}" - brew install create-dmg - create-dmg \ - --volname "sing-box" \ - --volicon "${{ matrix.export_path }}/SFM.app/Contents/Resources/AppIcon.icns" \ - --icon "SFM.app" 0 0 \ - --hide-extension "SFM.app" \ - --app-drop-link 0 0 \ - --skip-jenkins \ - SFM.dmg "${{ matrix.export_path }}/SFM.app" - xcrun notarytool submit "SFM.dmg" --wait --keychain-profile "notarytool-password" - cd "${{ matrix.archive }}" - zip -r SFM.dSYMs.zip dSYMs - popd - - mkdir -p dist - cp clients/apple/SFM.dmg "dist/SFM-${VERSION}-universal.dmg" - cp "clients/apple/${{ matrix.archive }}/SFM.dSYMs.zip" "dist/SFM-${VERSION}-universal.dSYMs.zip" - - name: Upload image - if: matrix.if && matrix.name == 'macOS-standalone' && github.event_name == 'workflow_dispatch' - uses: actions/upload-artifact@v4 - with: - name: binary-macos-dmg - path: 'dist' - upload: - name: Upload builds - if: "!failure() && github.event_name == 'workflow_dispatch' && (inputs.build == 'All' || inputs.build == 'Binary' || inputs.build == 'Android' || inputs.build == 'Apple' || inputs.build == 'macOS-standalone')" - runs-on: ubuntu-latest - needs: - - calculate_version - - build - - build_darwin - - build_windows - - build_android - - build_apple - steps: - - name: Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5 - with: - fetch-depth: 0 - - name: Cache ghr - uses: actions/cache@v4 - id: cache-ghr - with: - path: | - ~/go/bin/ghr - key: ghr - - name: Setup ghr - if: steps.cache-ghr.outputs.cache-hit != 'true' - run: |- - cd $HOME - git clone https://github.com/nekohasekai/ghr ghr - cd ghr - go install -v . - - name: Set tag - run: |- - git ls-remote --exit-code --tags origin v${{ needs.calculate_version.outputs.version }} || echo "PUBLISHED=false" >> "$GITHUB_ENV" - git tag v${{ needs.calculate_version.outputs.version }} -f - echo "VERSION=${{ needs.calculate_version.outputs.version }}" >> "$GITHUB_ENV" - - name: Download builds - uses: actions/download-artifact@v5 - with: - path: dist - merge-multiple: true - - name: Upload builds - if: ${{ env.PUBLISHED == 'false' }} - run: |- - export PATH="$PATH:$HOME/go/bin" - ghr --replace --draft --prerelease -p 5 "v${VERSION}" dist - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - name: Replace builds - if: ${{ env.PUBLISHED != 'false' }} - run: |- - export PATH="$PATH:$HOME/go/bin" - ghr --replace -p 5 "v${VERSION}" dist - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml deleted file mode 100644 index 2ec65bda..00000000 --- a/.github/workflows/docker.yml +++ /dev/null @@ -1,295 +0,0 @@ -name: Publish Docker Images - -on: - #push: - # branches: - # - stable - # - testing - release: - types: - - published - workflow_dispatch: - inputs: - tag: - description: "The tag version you want to build" - -env: - REGISTRY_IMAGE: ghcr.io/sagernet/sing-box - -jobs: - build_binary: - name: Build binary - runs-on: ubuntu-latest - strategy: - fail-fast: true - matrix: - include: - # Naive-enabled builds (musl) - - { arch: amd64, naive: true, docker_platform: "linux/amd64" } - - { arch: arm64, naive: true, docker_platform: "linux/arm64" } - - { arch: "386", naive: true, docker_platform: "linux/386" } - - { arch: arm, goarm: "7", naive: true, docker_platform: "linux/arm/v7" } - - { arch: mipsle, gomips: softfloat, naive: true, docker_platform: "linux/mipsle" } - - { arch: riscv64, naive: true, docker_platform: "linux/riscv64" } - - { arch: loong64, naive: true, docker_platform: "linux/loong64" } - # Non-naive builds - - { arch: arm, goarm: "6", docker_platform: "linux/arm/v6" } - - { arch: ppc64le, docker_platform: "linux/ppc64le" } - - { arch: s390x, docker_platform: "linux/s390x" } - steps: - - name: Get commit to build - id: ref - run: |- - if [[ -z "${{ github.event.inputs.tag }}" ]]; then - ref="${{ github.ref_name }}" - else - ref="${{ github.event.inputs.tag }}" - fi - echo "ref=$ref" - echo "ref=$ref" >> $GITHUB_OUTPUT - - name: Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5 - with: - ref: ${{ steps.ref.outputs.ref }} - fetch-depth: 0 - - name: Setup Go - uses: actions/setup-go@v5 - with: - go-version: ~1.25.9 - - name: Clone cronet-go - if: matrix.naive - run: | - set -xeuo pipefail - CRONET_GO_VERSION=$(cat .github/CRONET_GO_VERSION) - git init ~/cronet-go - git -C ~/cronet-go remote add origin https://github.com/sagernet/cronet-go.git - git -C ~/cronet-go fetch --depth=1 origin "$CRONET_GO_VERSION" - git -C ~/cronet-go checkout FETCH_HEAD - git -C ~/cronet-go submodule update --init --recursive --depth=1 - - name: Regenerate Debian keyring - if: matrix.naive - run: | - set -xeuo pipefail - rm -f ~/cronet-go/naiveproxy/src/build/linux/sysroot_scripts/keyring.gpg - cd ~/cronet-go - GPG_TTY=/dev/null ./naiveproxy/src/build/linux/sysroot_scripts/generate_keyring.sh - - name: Cache Chromium toolchain - if: matrix.naive - id: cache-chromium-toolchain - uses: actions/cache@v4 - with: - path: | - ~/cronet-go/naiveproxy/src/third_party/llvm-build/ - ~/cronet-go/naiveproxy/src/gn/out/ - ~/cronet-go/naiveproxy/src/chrome/build/pgo_profiles/ - ~/cronet-go/naiveproxy/src/out/sysroot-build/ - key: chromium-toolchain-${{ matrix.arch }}-musl-${{ hashFiles('.github/CRONET_GO_VERSION') }} - - name: Download Chromium toolchain - if: matrix.naive - run: | - set -xeuo pipefail - cd ~/cronet-go - go run ./cmd/build-naive --target=linux/${{ matrix.arch }} --libc=musl download-toolchain - - name: Set version - run: | - set -xeuo pipefail - VERSION=$(go run ./cmd/internal/read_tag) - echo "VERSION=${VERSION}" >> "${GITHUB_ENV}" - - name: Set Chromium toolchain environment - if: matrix.naive - run: | - set -xeuo pipefail - cd ~/cronet-go - go run ./cmd/build-naive --target=linux/${{ matrix.arch }} --libc=musl env >> $GITHUB_ENV - - name: Set build tags - run: | - set -xeuo pipefail - if [[ "${{ matrix.naive }}" == "true" ]]; then - TAGS="$(cat release/DEFAULT_BUILD_TAGS),with_musl" - else - TAGS=$(cat release/DEFAULT_BUILD_TAGS_OTHERS) - fi - echo "BUILD_TAGS=${TAGS}" >> "${GITHUB_ENV}" - - name: Set shared ldflags - run: | - echo "LDFLAGS_SHARED=$(cat release/LDFLAGS)" >> "${GITHUB_ENV}" - - name: Build (naive) - if: matrix.naive - run: | - set -xeuo pipefail - go build -v -trimpath -o sing-box -tags "${BUILD_TAGS}" \ - -ldflags "-X 'github.com/sagernet/sing-box/constant.Version=${VERSION}' ${LDFLAGS_SHARED} -s -w -buildid=" \ - ./cmd/sing-box - env: - CGO_ENABLED: "1" - GOOS: linux - GOARCH: ${{ matrix.arch }} - GOARM: ${{ matrix.goarm }} - GOMIPS: ${{ matrix.gomips }} - - name: Build (non-naive) - if: ${{ ! matrix.naive }} - run: | - set -xeuo pipefail - go build -v -trimpath -o sing-box -tags "${BUILD_TAGS}" \ - -ldflags "-X 'github.com/sagernet/sing-box/constant.Version=${VERSION}' ${LDFLAGS_SHARED} -s -w -buildid=" \ - ./cmd/sing-box - env: - CGO_ENABLED: "0" - GOOS: linux - GOARCH: ${{ matrix.arch }} - GOARM: ${{ matrix.goarm }} - - name: Prepare artifact - run: | - platform=${{ matrix.docker_platform }} - echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV - # Rename binary to include arch info for Dockerfile.binary - BINARY_NAME="sing-box-${{ matrix.arch }}" - if [[ -n "${{ matrix.goarm }}" ]]; then - BINARY_NAME="${BINARY_NAME}v${{ matrix.goarm }}" - fi - mv sing-box "${BINARY_NAME}" - echo "BINARY_NAME=${BINARY_NAME}" >> $GITHUB_ENV - - name: Upload binary - uses: actions/upload-artifact@v4 - with: - name: binary-${{ env.PLATFORM_PAIR }} - path: ${{ env.BINARY_NAME }} - if-no-files-found: error - retention-days: 1 - build_docker: - name: Build Docker image - runs-on: ubuntu-latest - needs: - - build_binary - strategy: - fail-fast: true - matrix: - include: - - { platform: "linux/amd64" } - - { platform: "linux/arm/v6" } - - { platform: "linux/arm/v7" } - - { platform: "linux/arm64" } - - { platform: "linux/386" } - # mipsle: no base Docker image available for this platform - - { platform: "linux/ppc64le" } - - { platform: "linux/riscv64" } - - { platform: "linux/s390x" } - - { platform: "linux/loong64", base_image: "ghcr.io/loong64/alpine:edge" } - steps: - - name: Get commit to build - id: ref - run: |- - if [[ -z "${{ github.event.inputs.tag }}" ]]; then - ref="${{ github.ref_name }}" - else - ref="${{ github.event.inputs.tag }}" - fi - echo "ref=$ref" - echo "ref=$ref" >> $GITHUB_OUTPUT - - name: Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5 - with: - ref: ${{ steps.ref.outputs.ref }} - fetch-depth: 0 - - name: Prepare - run: | - platform=${{ matrix.platform }} - echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV - - name: Download binary - uses: actions/download-artifact@v5 - with: - name: binary-${{ env.PLATFORM_PAIR }} - path: . - - name: Prepare binary - run: | - # Find and make the binary executable - chmod +x sing-box-* - ls -la sing-box-* - - name: Setup QEMU - uses: docker/setup-qemu-action@v3 - - name: Setup Docker Buildx - uses: docker/setup-buildx-action@v3 - - name: Login to GitHub Container Registry - uses: docker/login-action@v3 - with: - registry: ghcr.io - username: ${{ github.repository_owner }} - password: ${{ secrets.GITHUB_TOKEN }} - - name: Docker meta - id: meta - uses: docker/metadata-action@v5 - with: - images: ${{ env.REGISTRY_IMAGE }} - - name: Build and push by digest - id: build - uses: docker/build-push-action@v6 - with: - platforms: ${{ matrix.platform }} - context: . - file: Dockerfile.binary - build-args: | - BASE_IMAGE=${{ matrix.base_image || 'alpine' }} - labels: ${{ steps.meta.outputs.labels }} - outputs: type=image,name=${{ env.REGISTRY_IMAGE }},push-by-digest=true,name-canonical=true,push=true - - name: Export digest - run: | - mkdir -p /tmp/digests - digest="${{ steps.build.outputs.digest }}" - touch "/tmp/digests/${digest#sha256:}" - - name: Upload digest - uses: actions/upload-artifact@v4 - with: - name: digests-${{ env.PLATFORM_PAIR }} - path: /tmp/digests/* - if-no-files-found: error - retention-days: 1 - merge: - if: github.event_name != 'push' - runs-on: ubuntu-latest - needs: - - build_docker - steps: - - name: Get commit to build - id: ref - run: |- - if [[ -z "${{ github.event.inputs.tag }}" ]]; then - ref="${{ github.ref_name }}" - else - ref="${{ github.event.inputs.tag }}" - fi - echo "ref=$ref" - echo "ref=$ref" >> $GITHUB_OUTPUT - - name: Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5 - with: - ref: ${{ steps.ref.outputs.ref }} - fetch-depth: 0 - - name: Detect track - run: bash .github/detect_track.sh - - name: Download digests - uses: actions/download-artifact@v5 - with: - path: /tmp/digests - pattern: digests-* - merge-multiple: true - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - name: Login to GitHub Container Registry - uses: docker/login-action@v3 - with: - registry: ghcr.io - username: ${{ github.repository_owner }} - password: ${{ secrets.GITHUB_TOKEN }} - - name: Create manifest list and push - if: github.event_name != 'push' - working-directory: /tmp/digests - run: | - docker buildx imagetools create \ - -t "${{ env.REGISTRY_IMAGE }}:${{ env.DOCKER_TAG }}" \ - -t "${{ env.REGISTRY_IMAGE }}:${{ steps.ref.outputs.ref }}" \ - $(printf '${{ env.REGISTRY_IMAGE }}@sha256:%s ' *) - - name: Inspect image - if: github.event_name != 'push' - run: | - docker buildx imagetools inspect ${{ env.REGISTRY_IMAGE }}:${{ env.DOCKER_TAG }} - docker buildx imagetools inspect ${{ env.REGISTRY_IMAGE }}:${{ steps.ref.outputs.ref }} diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml deleted file mode 100644 index 2e86bb62..00000000 --- a/.github/workflows/lint.yml +++ /dev/null @@ -1,40 +0,0 @@ -name: Lint - -on: - push: - branches: - - oldstable - - stable - - testing - - unstable - paths-ignore: - - '**.md' - - '.github/**' - - '!.github/workflows/lint.yml' - pull_request: - branches: - - oldstable - - stable - - testing - - unstable - -jobs: - build: - name: Build - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5 - with: - fetch-depth: 0 - - name: Setup Go - uses: actions/setup-go@v5 - with: - go-version: ^1.25 - - name: golangci-lint - uses: golangci/golangci-lint-action@v8 - with: - version: latest - args: --timeout=30m - install-mode: binary - verify: false diff --git a/.github/workflows/linux.yml b/.github/workflows/linux.yml deleted file mode 100644 index 88c1a5fd..00000000 --- a/.github/workflows/linux.yml +++ /dev/null @@ -1,243 +0,0 @@ -name: Build Linux Packages - -on: - #push: - # branches: - # - stable - # - testing - workflow_dispatch: - inputs: - version: - description: "Version name" - required: true - type: string - release: - types: - - published - -jobs: - calculate_version: - name: Calculate version - runs-on: ubuntu-latest - outputs: - version: ${{ steps.outputs.outputs.version }} - steps: - - name: Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5 - with: - fetch-depth: 0 - - name: Setup Go - uses: actions/setup-go@v5 - with: - go-version: ~1.25.9 - - name: Check input version - if: github.event_name == 'workflow_dispatch' - run: |- - echo "version=${{ inputs.version }}" - echo "version=${{ inputs.version }}" >> "$GITHUB_ENV" - - name: Calculate version - if: github.event_name != 'workflow_dispatch' - run: |- - go run -v ./cmd/internal/read_tag --ci --nightly - - name: Set outputs - id: outputs - run: |- - echo "version=$version" >> "$GITHUB_OUTPUT" - build: - name: Build binary - runs-on: ubuntu-latest - needs: - - calculate_version - strategy: - matrix: - include: - # Naive-enabled builds (musl) - - { os: linux, arch: amd64, naive: true, debian: amd64, rpm: x86_64, pacman: x86_64 } - - { os: linux, arch: arm64, naive: true, debian: arm64, rpm: aarch64, pacman: aarch64 } - - { os: linux, arch: "386", naive: true, debian: i386, rpm: i386 } - - { os: linux, arch: arm, goarm: "7", naive: true, debian: armhf, rpm: armv7hl, pacman: armv7hl } - - { os: linux, arch: mipsle, gomips: softfloat, naive: true, debian: mipsel, rpm: mipsel } - - { os: linux, arch: riscv64, naive: true, debian: riscv64, rpm: riscv64 } - - { os: linux, arch: loong64, naive: true, debian: loongarch64, rpm: loongarch64 } - # Non-naive builds (unsupported architectures) - - { os: linux, arch: arm, goarm: "6", debian: armel, rpm: armv6hl } - - { os: linux, arch: mips64le, debian: mips64el, rpm: mips64el } - - { os: linux, arch: s390x, debian: s390x, rpm: s390x } - - { os: linux, arch: ppc64le, debian: ppc64el, rpm: ppc64le } - steps: - - name: Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5 - with: - fetch-depth: 0 - - name: Setup Go - uses: actions/setup-go@v5 - with: - go-version: ~1.25.9 - - name: Clone cronet-go - if: matrix.naive - run: | - set -xeuo pipefail - CRONET_GO_VERSION=$(cat .github/CRONET_GO_VERSION) - git init ~/cronet-go - git -C ~/cronet-go remote add origin https://github.com/sagernet/cronet-go.git - git -C ~/cronet-go fetch --depth=1 origin "$CRONET_GO_VERSION" - git -C ~/cronet-go checkout FETCH_HEAD - git -C ~/cronet-go submodule update --init --recursive --depth=1 - - name: Regenerate Debian keyring - if: matrix.naive - run: | - set -xeuo pipefail - rm -f ~/cronet-go/naiveproxy/src/build/linux/sysroot_scripts/keyring.gpg - cd ~/cronet-go - GPG_TTY=/dev/null ./naiveproxy/src/build/linux/sysroot_scripts/generate_keyring.sh - - name: Cache Chromium toolchain - if: matrix.naive - id: cache-chromium-toolchain - uses: actions/cache@v4 - with: - path: | - ~/cronet-go/naiveproxy/src/third_party/llvm-build/ - ~/cronet-go/naiveproxy/src/gn/out/ - ~/cronet-go/naiveproxy/src/chrome/build/pgo_profiles/ - ~/cronet-go/naiveproxy/src/out/sysroot-build/ - key: chromium-toolchain-${{ matrix.arch }}-musl-${{ hashFiles('.github/CRONET_GO_VERSION') }} - - name: Download Chromium toolchain - if: matrix.naive - run: | - set -xeuo pipefail - cd ~/cronet-go - go run ./cmd/build-naive --target=linux/${{ matrix.arch }} --libc=musl download-toolchain - - name: Set Chromium toolchain environment - if: matrix.naive - run: | - set -xeuo pipefail - cd ~/cronet-go - go run ./cmd/build-naive --target=linux/${{ matrix.arch }} --libc=musl env >> $GITHUB_ENV - - name: Set tag - run: |- - git ls-remote --exit-code --tags origin v${{ needs.calculate_version.outputs.version }} || echo "PUBLISHED=false" >> "$GITHUB_ENV" - git tag v${{ needs.calculate_version.outputs.version }} -f - - name: Set build tags - run: | - set -xeuo pipefail - if [[ "${{ matrix.naive }}" == "true" ]]; then - TAGS="$(cat release/DEFAULT_BUILD_TAGS),with_musl" - else - TAGS=$(cat release/DEFAULT_BUILD_TAGS_OTHERS) - fi - echo "BUILD_TAGS=${TAGS}" >> "${GITHUB_ENV}" - - name: Set shared ldflags - run: | - echo "LDFLAGS_SHARED=$(cat release/LDFLAGS)" >> "${GITHUB_ENV}" - - name: Build (naive) - if: matrix.naive - run: | - set -xeuo pipefail - mkdir -p dist - go build -v -trimpath -o dist/sing-box -tags "${BUILD_TAGS}" \ - -ldflags "-X 'github.com/sagernet/sing-box/constant.Version=${{ needs.calculate_version.outputs.version }}' ${LDFLAGS_SHARED} -s -w -buildid=" \ - ./cmd/sing-box - env: - CGO_ENABLED: "1" - GOOS: linux - GOARCH: ${{ matrix.arch }} - GOARM: ${{ matrix.goarm }} - GOMIPS: ${{ matrix.gomips }} - GOMIPS64: ${{ matrix.gomips }} - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - name: Build (non-naive) - if: ${{ ! matrix.naive }} - run: | - set -xeuo pipefail - mkdir -p dist - go build -v -trimpath -o dist/sing-box -tags "${BUILD_TAGS}" \ - -ldflags "-X 'github.com/sagernet/sing-box/constant.Version=${{ needs.calculate_version.outputs.version }}' ${LDFLAGS_SHARED} -s -w -buildid=" \ - ./cmd/sing-box - env: - CGO_ENABLED: "0" - GOOS: ${{ matrix.os }} - GOARCH: ${{ matrix.arch }} - GOARM: ${{ matrix.goarm }} - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - name: Set mtime - run: |- - TZ=UTC touch -t '197001010000' dist/sing-box - - name: Detect track - run: bash .github/detect_track.sh - - name: Set version - run: |- - PKG_VERSION="${{ needs.calculate_version.outputs.version }}" - PKG_VERSION="${PKG_VERSION//-/\~}" - echo "PKG_VERSION=${PKG_VERSION}" >> "${GITHUB_ENV}" - - name: Package DEB - if: matrix.debian != '' - run: | - set -xeuo pipefail - sudo gem install fpm - sudo apt-get install -y debsigs - cp .fpm_systemd .fpm - fpm -t deb \ - --name "${NAME}" \ - -v "$PKG_VERSION" \ - -p "dist/${NAME}_${{ needs.calculate_version.outputs.version }}_linux_${{ matrix.debian }}.deb" \ - --architecture ${{ matrix.debian }} \ - dist/sing-box=/usr/bin/sing-box - curl -Lo '/tmp/debsigs.diff' 'https://gitlab.com/debsigs/debsigs/-/commit/160138f5de1ec110376d3c807b60a37388bc7c90.diff' - sudo patch /usr/bin/debsigs < '/tmp/debsigs.diff' - rm -rf $HOME/.gnupg - gpg --pinentry-mode loopback --passphrase "${{ secrets.GPG_PASSPHRASE }}" --import < $HOME/.rpmmacros <> "$GITHUB_ENV" - git tag v${{ needs.calculate_version.outputs.version }} -f - echo "VERSION=${{ needs.calculate_version.outputs.version }}" >> "$GITHUB_ENV" - - name: Download builds - uses: actions/download-artifact@v5 - with: - path: dist - merge-multiple: true - - name: Publish packages - if: github.event_name != 'push' - run: |- - ls dist | xargs -I {} curl -F "package=@dist/{}" https://${{ secrets.FURY_TOKEN }}@push.fury.io/sagernet/ diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml deleted file mode 100644 index 1715a943..00000000 --- a/.github/workflows/stale.yml +++ /dev/null @@ -1,16 +0,0 @@ -name: Mark stale issues and pull requests - -on: - schedule: - - cron: "30 1 * * *" - -jobs: - stale: - runs-on: ubuntu-latest - steps: - - uses: actions/stale@v9 - with: - stale-issue-message: 'This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 5 days' - days-before-stale: 60 - days-before-close: 5 - exempt-issue-labels: 'bug,enhancement'