name: CI/CD run-name: "CI/CD: release version ${{ github.ref_name }}" on: push: tags: - "v*" workflow_dispatch: permissions: contents: write # ── Global defaults ───────────────────────────────────────────────────────── env: CARGO_TERM_COLOR: always CARGO_INCREMENTAL: 0 RUST_BACKTRACE: short jobs: check-and-test: name: Check & Test runs-on: ubuntu-latest steps: - name: Checkout code uses: actions/checkout@v4 - name: Bump version based on tag if: startsWith(github.ref, 'refs/tags/v') run: python scripts/bump_version.py ${{ github.ref_name }} - name: Setup Rust toolchain uses: dtolnay/rust-toolchain@stable with: toolchain: stable - name: Restore Cargo cache uses: actions/cache@v4 with: path: | ~/.cargo/registry/index/ ~/.cargo/registry/cache/ ~/.cargo/git/db/ target/ key: cargo-check-${{ hashFiles('**/Cargo.lock') }} restore-keys: cargo-check- - name: Install musl-tools run: sudo apt-get update && sudo apt-get install -y musl-tools - name: cargo check run: cargo check --workspace - name: cargo test run: cargo test --workspace --lib publish-release-matrix: name: Release for ${{ matrix.target }} needs: check-and-test runs-on: ${{ matrix.os }} strategy: fail-fast: false matrix: include: # ── Windows ────────────────────────────────────────────────────── - os: windows-latest target: x86_64-pc-windows-msvc artifact_name: ostp.exe release_name: ostp-windows-amd64.zip wintun_arch: amd64 - os: windows-latest target: i686-pc-windows-msvc artifact_name: ostp.exe release_name: ostp-windows-386.zip wintun_arch: x86 - os: windows-latest target: aarch64-pc-windows-msvc artifact_name: ostp.exe release_name: ostp-windows-arm64.zip wintun_arch: arm64 # ── macOS ───────────────────────────────────────────────────────── - os: macos-latest target: x86_64-apple-darwin artifact_name: ostp release_name: ostp-darwin-amd64.tar.gz - os: macos-latest target: aarch64-apple-darwin artifact_name: ostp release_name: ostp-darwin-arm64.tar.gz # ── Linux native ────────────────────────────────────────────────── - os: ubuntu-latest target: x86_64-unknown-linux-musl artifact_name: ostp release_name: ostp-linux-amd64.tar.gz - os: ubuntu-latest target: i686-unknown-linux-musl artifact_name: ostp release_name: ostp-linux-386.tar.gz use_cross: true # ── Linux cross ─────────────────────────────────────────────────── - os: ubuntu-latest target: aarch64-unknown-linux-musl artifact_name: ostp release_name: ostp-linux-arm64.tar.gz use_cross: true - os: ubuntu-latest target: armv7-unknown-linux-musleabihf artifact_name: ostp release_name: ostp-linux-armv7.tar.gz use_cross: true - os: ubuntu-latest target: x86_64-unknown-freebsd artifact_name: ostp release_name: ostp-freebsd-amd64.tar.gz use_cross: true - os: ubuntu-latest target: mipsel-unknown-linux-musl artifact_name: ostp release_name: ostp-linux-mipsle.tar.gz use_cross: true toolchain: nightly - os: ubuntu-latest target: riscv64gc-unknown-linux-gnu artifact_name: ostp release_name: ostp-linux-riscv64.tar.gz use_cross: true steps: - name: Checkout code uses: actions/checkout@v4 - name: Bump version based on tag if: startsWith(github.ref, 'refs/tags/v') run: python scripts/bump_version.py ${{ github.ref_name }} # ── Rust toolchain ───────────────────────────────────────────────────── - name: Setup Rust toolchain uses: dtolnay/rust-toolchain@stable with: toolchain: ${{ matrix.toolchain || 'stable' }} targets: ${{ !matrix.use_cross && matrix.target || '' }} # ── Cargo cache (shared per target) ─────────────────────────────────── - name: Restore Cargo cache uses: actions/cache@v4 with: path: | ~/.cargo/registry/index/ ~/.cargo/registry/cache/ ~/.cargo/git/db/ target/ key: cargo-${{ matrix.target }}-${{ hashFiles('**/Cargo.lock') }} restore-keys: | cargo-${{ matrix.target }}- # ── MUSL tools for native Linux musl builds ──────────────────────────── - name: Install musl-tools if: ${{ matrix.os == 'ubuntu-latest' && !matrix.use_cross }} run: sudo apt-get update && sudo apt-get install -y musl-tools # ── Native build ─────────────────────────────────────────────────────── - name: Build (native) if: ${{ !matrix.use_cross }} shell: bash run: cargo build --release --target ${{ matrix.target }} --bin ostp # ── Cross build ──────────────────────────────────────────────────────── - name: Restore cross binary cache if: ${{ matrix.use_cross }} id: cross-cache uses: actions/cache@v4 with: path: ~/.cargo/bin/cross key: cross-bin-${{ runner.os }}-v1 - name: Install cross (if not cached) if: ${{ matrix.use_cross && steps.cross-cache.outputs.cache-hit != 'true' }} run: cargo install cross --git https://github.com/cross-rs/cross.git --locked - name: Build (cross) if: ${{ matrix.use_cross }} run: cross build --release --target ${{ matrix.target }} --bin ostp # ── Driver dependencies ──────────────────────────────────────────────── - name: Download wintun (Windows) if: ${{ matrix.os == 'windows-latest' }} shell: pwsh run: | $ProgressPreference = 'SilentlyContinue' $dir = "target/${{ matrix.target }}/release" Invoke-WebRequest -Uri "https://www.wintun.net/builds/wintun-0.14.1.zip" -OutFile "$dir/wt.zip" Expand-Archive "$dir/wt.zip" -DestinationPath "$dir/wt_tmp" -Force Get-ChildItem "$dir/wt_tmp" -Filter "wintun.dll" -Recurse | Where-Object { $_.FullName -match 'bin[\\/]${{ matrix.wintun_arch }}[\\/]' } | Copy-Item -Destination "$dir/" Remove-Item "$dir/wt.zip","$dir/wt_tmp" -Recurse -Force # ── Package ──────────────────────────────────────────────────────────── - name: Package (Windows) if: ${{ matrix.os == 'windows-latest' }} shell: pwsh run: | $dir = "target/${{ matrix.target }}/release" $files = @("ostp.exe") if (Test-Path "$dir/wintun.dll") { $files += "wintun.dll" } Push-Location $dir Compress-Archive -Path $files -DestinationPath "../../../${{ matrix.release_name }}" -Force Pop-Location - name: Package (Unix) if: ${{ matrix.os != 'windows-latest' }} run: | dir="target/${{ matrix.target }}/release" FILES="${{ matrix.artifact_name }}" tar -czf "${{ matrix.release_name }}" -C "$dir" $FILES # ── Upload ───────────────────────────────────────────────────────────── - name: Upload to GitHub Release if: ${{ startsWith(github.ref, 'refs/tags/') }} uses: softprops/action-gh-release@v2 with: files: ${{ matrix.release_name }} env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} build-windows-gui: name: Build Windows GUI (Tauri) - ${{ matrix.arch }} needs: check-and-test runs-on: windows-latest strategy: matrix: include: - arch: amd64 target: x86_64-pc-windows-msvc - arch: arm64 target: aarch64-pc-windows-msvc steps: - uses: actions/checkout@v4 - name: Bump version based on tag if: startsWith(github.ref, 'refs/tags/v') run: python scripts/bump_version.py ${{ github.ref_name }} - name: Setup Node.js uses: actions/setup-node@v4 with: node-version: 20 - name: Setup Rust toolchain uses: dtolnay/rust-toolchain@stable with: targets: ${{ matrix.target }} - name: Install Tauri CLI run: npm install -g @tauri-apps/cli - name: Cache cargo uses: actions/cache@v4 with: path: | ~/.cargo/registry/index/ ~/.cargo/registry/cache/ ~/.cargo/git/db/ target/ key: cargo-windows-gui-${{ matrix.target }}-${{ hashFiles('**/Cargo.lock') }} - name: Download wintun shell: pwsh run: | $ProgressPreference = 'SilentlyContinue' # Download wintun New-Item -ItemType Directory -Force -Path "target/${{ matrix.target }}/release" Invoke-WebRequest -Uri "https://www.wintun.net/builds/wintun-0.14.1.zip" -OutFile "target/wt.zip" Expand-Archive "target/wt.zip" -DestinationPath "target/wt_tmp" -Force Get-ChildItem "target/wt_tmp" -Filter "wintun.dll" -Recurse | Where-Object { $_.FullName -match 'bin[\\/]${{ matrix.arch }}[\\/]' } | Copy-Item -Destination "target/${{ matrix.target }}/release/wintun.dll" -Force - name: Build Tauri App working-directory: ostp-gui run: | npm install cargo build -p ostp-tun-helper --release --target ${{ matrix.target }} npx tauri build --no-bundle --target ${{ matrix.target }} - name: Package Portable ZIP shell: pwsh run: | $dir = "ostp-gui-dist" New-Item -ItemType Directory -Force -Path $dir Copy-Item "ostp-gui/src-tauri/target/${{ matrix.target }}/release/ostp-gui.exe" $dir Copy-Item "target/${{ matrix.target }}/release/ostp-tun-helper.exe" $dir Copy-Item "target/${{ matrix.target }}/release/wintun.dll" $dir Compress-Archive -Path "$dir/*" -DestinationPath "ostp-windows-gui-${{ matrix.arch }}.zip" -Force - name: Upload to GitHub Release if: ${{ startsWith(github.ref, 'refs/tags/') }} uses: softprops/action-gh-release@v2 with: files: ostp-windows-gui-${{ matrix.arch }}.zip env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} build-linux-gui: name: Build Linux GUI (Tauri) - ${{ matrix.arch }} needs: check-and-test runs-on: ubuntu-latest strategy: matrix: include: - arch: amd64 target: x86_64-unknown-linux-gnu steps: - uses: actions/checkout@v4 - name: Bump version based on tag if: startsWith(github.ref, 'refs/tags/v') run: python scripts/bump_version.py ${{ github.ref_name }} - name: Setup Node.js uses: actions/setup-node@v4 with: node-version: 20 - name: Setup Rust toolchain uses: dtolnay/rust-toolchain@stable with: targets: ${{ matrix.target }} - name: Install Linux Dependencies run: | sudo apt-get update sudo apt-get install -y libwebkit2gtk-4.1-dev libappindicator3-dev librsvg2-dev patchelf - name: Install Tauri CLI run: npm install -g @tauri-apps/cli - name: Cache cargo uses: actions/cache@v4 with: path: | ~/.cargo/registry/index/ ~/.cargo/registry/cache/ ~/.cargo/git/db/ target/ key: cargo-linux-gui-${{ matrix.target }}-${{ hashFiles('**/Cargo.lock') }} - name: Build Tauri App working-directory: ostp-gui run: | npm install npx tauri build --no-bundle --target ${{ matrix.target }} - name: Package Portable Tarball run: | mkdir ostp-linux-gui-${{ matrix.arch }} cp ostp-gui/src-tauri/target/${{ matrix.target }}/release/ostp-gui ostp-linux-gui-${{ matrix.arch }}/ tar -czf ostp-linux-gui-${{ matrix.arch }}.tar.gz ostp-linux-gui-${{ matrix.arch }} - name: Upload to GitHub Release if: ${{ startsWith(github.ref, 'refs/tags/') }} uses: softprops/action-gh-release@v2 with: files: ostp-linux-gui-${{ matrix.arch }}.tar.gz env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} build-macos-gui: name: Build macOS GUI (Tauri) - ${{ matrix.arch }} needs: check-and-test runs-on: macos-latest strategy: matrix: include: - arch: amd64 target: x86_64-apple-darwin - arch: arm64 target: aarch64-apple-darwin steps: - uses: actions/checkout@v4 - name: Bump version based on tag if: startsWith(github.ref, 'refs/tags/v') run: python scripts/bump_version.py ${{ github.ref_name }} - name: Setup Node.js uses: actions/setup-node@v4 with: node-version: 20 - name: Setup Rust toolchain uses: dtolnay/rust-toolchain@stable with: targets: ${{ matrix.target }} - name: Install Tauri CLI run: npm install -g @tauri-apps/cli - name: Cache cargo uses: actions/cache@v4 with: path: | ~/.cargo/registry/index/ ~/.cargo/registry/cache/ ~/.cargo/git/db/ target/ key: cargo-macos-gui-${{ matrix.target }}-${{ hashFiles('**/Cargo.lock') }} - name: Build Tauri App working-directory: ostp-gui run: | npm install npx tauri build --no-bundle --target ${{ matrix.target }} - name: Package Portable Tarball run: | mkdir ostp-macos-gui-${{ matrix.arch }} cp ostp-gui/src-tauri/target/${{ matrix.target }}/release/ostp-gui ostp-macos-gui-${{ matrix.arch }}/ tar -czf ostp-macos-gui-${{ matrix.arch }}.tar.gz ostp-macos-gui-${{ matrix.arch }} - name: Upload to GitHub Release if: ${{ startsWith(github.ref, 'refs/tags/') }} uses: softprops/action-gh-release@v2 with: files: ostp-macos-gui-${{ matrix.arch }}.tar.gz env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} build-android: name: Build Android Client (Flutter) - ${{ matrix.arch }} needs: check-and-test runs-on: ubuntu-latest strategy: matrix: include: - arch: arm64-v8a rust_target: aarch64-linux-android flutter_target: android-arm64 - arch: armeabi-v7a rust_target: armv7-linux-androideabi flutter_target: android-arm tun2socks_arch: linux-armv7 steps: - uses: actions/checkout@v4 - name: Bump version based on tag if: startsWith(github.ref, 'refs/tags/v') run: python scripts/bump_version.py ${{ github.ref_name }} - name: Setup Java uses: actions/setup-java@v3 with: distribution: 'zulu' java-version: '17' - name: Setup Flutter uses: subosito/flutter-action@v2 with: flutter-version: '3.41.6' channel: 'stable' - name: Setup Rust toolchain uses: dtolnay/rust-toolchain@stable with: targets: ${{ matrix.rust_target }} - name: Setup Android NDK uses: nttld/setup-ndk@v1 with: ndk-version: r26b - name: Install cargo-ndk run: cargo install cargo-ndk - name: Build Android APK shell: bash working-directory: ostp-flutter run: | # 1. Compile JNI mkdir -p android/app/src/main/jniLibs/${{ matrix.arch }} cd ../ostp-jni cargo ndk -t ${{ matrix.arch }} -o "../ostp-flutter/android/app/src/main/jniLibs" build --release cd ../ostp-flutter # 3. Build Flutter APK flutter build apk --release --target-platform ${{ matrix.flutter_target }} # 4. Copy to output cp build/app/outputs/flutter-apk/app-release.apk ostp-android-${{ matrix.arch }}.apk - name: Upload to GitHub Release if: ${{ startsWith(github.ref, 'refs/tags/') }} uses: softprops/action-gh-release@v2 with: files: ostp-flutter/ostp-android-${{ matrix.arch }}.apk env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}