name: Release on: push: branches: - main tags: - 'v*' paths-ignore: - '**.md' - 'docs/**' - '.github/**' - '!.github/workflows/release.yml' jobs: build: permissions: write-all strategy: fail-fast: false matrix: job: - { name: 'hiddify-core-android', os: 'ubuntu-latest', target: 'android' } - { name: 'hiddify-core-linux-amd64', os: 'ubuntu-20.04', target: 'linux-amd64' } - { name: "hiddify-core-windows-amd64", os: 'ubuntu-latest', target: 'windows-amd64', aarch: 'x64' } - { name: "hiddify-core-macos-universal", os: 'macos-11', target: 'macos-universal' } - { name: "hiddify-core-ios", os: "macos-11", target: "ios" } # linux custom - {name: hiddify-cli-linux-amd64, goos: linux, goarch: amd64, goamd64: v1, target: 'linux-custom', os: 'ubuntu-20.04'} - {name: hiddify-cli-linux-amd64-v3, goos: linux, goarch: amd64, goamd64: v3, target: 'linux-custom', os: 'ubuntu-20.04'} - {name: hiddify-cli-linux-386, goos: linux, goarch: 386, target: 'linux-custom', os: 'ubuntu-20.04'} - {name: hiddify-cli-linux-arm64, goos: linux, goarch: arm64, target: 'linux-custom', os: 'ubuntu-20.04'} - {name: hiddify-cli-linux-armv5, goos: linux, goarch: arm, goarm: 5, target: 'linux-custom', os: 'ubuntu-20.04'} - {name: hiddify-cli-linux-armv6, goos: linux, goarch: arm, goarm: 6, target: 'linux-custom', os: 'ubuntu-20.04'} - {name: hiddify-cli-linux-armv7, goos: linux, goarch: arm, goarm: 7, target: 'linux-custom', os: 'ubuntu-20.04'} - {name: hiddify-cli-linux-mips-softfloat, goos: linux, goarch: mips, gomips: softfloat, target: 'linux-custom', os: 'ubuntu-20.04'} - {name: hiddify-cli-linux-mips-hardfloat, goos: linux, goarch: mips, gomips: hardfloat, target: 'linux-custom', os: 'ubuntu-20.04'} - {name: hiddify-cli-linux-mipsel-softfloat, goos: linux, goarch: mipsle, gomips: softfloat, target: 'linux-custom', os: 'ubuntu-20.04'} - {name: hiddify-cli-linux-mipsel-hardfloat, goos: linux, goarch: mipsle, gomips: hardfloat, target: 'linux-custom', os: 'ubuntu-20.04'} - {name: hiddify-cli-linux-mips64, goos: linux, goarch: mips64, target: 'linux-custom', os: 'ubuntu-20.04'} - {name: hiddify-cli-linux-mips64el, goos: linux, goarch: mips64le, target: 'linux-custom', os: 'ubuntu-20.04'} - {name: hiddify-cli-linux-s390x, goos: linux, goarch: s390x, target: 'linux-custom', os: 'ubuntu-20.04'} runs-on: ${{ matrix.job.os }} env: GOOS: ${{ matrix.job.goos }} GOARCH: ${{ matrix.job.goarch }} GOAMD64: ${{ matrix.job.goamd64 }} GOARM: ${{ matrix.job.goarm }} GOMIPS: ${{ matrix.job.gomips }} steps: - name: Checkout uses: actions/checkout@v3 with: fetch-depth: 0 - name: Setup Go uses: actions/setup-go@v5 with: go-version-file: 'go.mod' check-latest: false - name: Setup Java if: startsWith(matrix.job.target,'android') uses: actions/setup-java@v3 with: distribution: 'zulu' java-version: '17' - name: Setup NDK if: startsWith(matrix.job.target,'android') uses: nttld/setup-ndk@v1.4.0 id: setup-ndk with: ndk-version: r26b add-to-path: true local-cache: false link-to-sdk: true - name: Setup MinGW if: startsWith(matrix.job.target,'windows') uses: egor-tensin/setup-mingw@v2 with: platform: ${{ matrix.job.aarch }} - name: Setup macos if: startsWith(matrix.job.target,'macos') || startsWith(matrix.job.target,'ios') run: | brew install create-dmg tree coreutils - name: Build run: | make -j$(($(nproc) + 1)) ${{ matrix.job.target }} - name: zip run: | tree rm -f /*.h */*.h rm ./hiddify-libcore*sources* ||echo "no source" rm ./hiddify-libcore-macos-a*.dylib || echo "no macos arm and amd" files=$(ls | grep -E '^(libcore\.(dll|so|dylib|aar)|webui|Libcore.xcframework|lib|HiddifyCli(\.exe)?)$') echo tar -czvf ${{ matrix.job.name }}.tar.gz $files tar -czvf ${{ matrix.job.name }}.tar.gz $files working-directory: bin - uses: actions/upload-artifact@v4 if: ${{ success() }} with: name: ${{ matrix.job.name }} path: bin/*.tar.gz retention-days: 1 upload-prerelease: permissions: write-all if: ${{ github.ref_type=='branch' }} needs: [build] runs-on: ubuntu-latest steps: - uses: actions/download-artifact@v4 with: merge-multiple: true pattern: hiddify-* path: bin/ - name: Display Files Structure run: tree working-directory: bin - name: Delete Current Release Assets uses: 8Mi-Tech/delete-release-assets-action@main with: github_token: ${{ secrets.GITHUB_TOKEN }} tag: 'draft' deleteOnlyFromDrafts: false - name: Create or Update Draft Release uses: softprops/action-gh-release@v1 if: ${{ success() }} env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: files: ./bin/*.tar.gz name: 'draft' tag_name: 'draft' prerelease: true upload-release: permissions: write-all if: ${{ github.ref_type=='tag' }} needs: [build] runs-on: ubuntu-latest steps: - uses: actions/download-artifact@v4 with: merge-multiple: true pattern: hiddify-* path: bin/ - name: Display Files Structure run: ls -R working-directory: bin - name: Upload Release uses: softprops/action-gh-release@v1 if: ${{ success() }} env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: tag_name: ${{ github.ref_name }} files: bin/*.tar.gz make-upload-docker: permissions: write-all if: ${{ github.ref_type=='tag' }} needs: [upload-release] runs-on: ubuntu-latest # permissions: # contents: read # packages: write # # This is used to complete the identity challenge # # with sigstore/fulcio when running outside of PRs. # id-token: write steps: - uses: actions/download-artifact@v4 with: merge-multiple: true pattern: hiddify-* path: bin/ - name: Checkout repository uses: actions/checkout@v3 # Install the cosign tool except on PR # https://github.com/sigstore/cosign-installer - name: Install cosign uses: sigstore/cosign-installer@6e04d228eb30da1757ee4e1dd75a0ec73a653e06 #v3.1.1 with: cosign-release: 'v2.1.1' # Set up BuildKit Docker container builder to be able to build # multi-platform images and export cache # https://github.com/docker/setup-buildx-action - name: Set up Docker Buildx uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 # Login against a Docker registry except on PR # https://github.com/docker/login-action - name: Log into registry ghcr.io uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} # Extract metadata (tags, labels) for Docker # https://github.com/docker/metadata-action - name: Extract Docker metadata id: meta uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 # v5.0.0 with: images: ghcr.io/hiddify/hiddify-next-core # Build and push Docker image with Buildx (don't push on PR) # https://github.com/docker/build-push-action - name: Build and push Docker image id: build-and-push uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5.0.0 with: context: ./docker/ push: true tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} cache-from: type=gha cache-to: type=gha,mode=max # Sign the resulting Docker image digest except on PRs. # This will only write to the public Rekor transparency log when the Docker # repository is public to avoid leaking data. If you would like to publish # transparency data even for private images, pass --force to cosign below. # https://github.com/sigstore/cosign - name: Sign the published Docker image env: # https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable TAGS: ${{ steps.meta.outputs.tags }} DIGEST: ${{ steps.build-and-push.outputs.digest }} # This step uses the identity token to provision an ephemeral certificate # against the sigstore community Fulcio instance. run: echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST}