@@ -49,11 +49,51 @@ runs:
4949 shell : bash
5050 run : |
5151 set -euo pipefail
52+ echo "::group::Validate inputs"
5253 model='${{ inputs.model }}'
53- if [[ -z "$model" ]]; then
54- echo "Empty model not allowed"; exit 1
54+ soc='${{ inputs.soc }}'
55+ branch='${{ inputs.branch }}'
56+ manifest='${{ inputs.manifest }}'
57+ optimize='${{ inputs.optimize_level }}'
58+
59+ # Non-empty checks
60+ [[ -n "$model" ]] || { echo "Input 'model' cannot be empty"; exit 1; }
61+ [[ -n "$soc" ]] || { echo "Input 'soc' cannot be empty"; exit 1; }
62+ [[ -n "$branch" ]] || { echo "Input 'branch' cannot be empty"; exit 1; }
63+ [[ -n "$manifest" ]] || { echo "Input 'manifest' cannot be empty"; exit 1; }
64+
65+ # Basic format checks
66+ # soc: allow letters, digits, underscores, dashes (e.g., sm8650)
67+ if ! [[ "$soc" =~ ^[A-Za-z0-9_-]+$ ]]; then
68+ echo "Input 'soc' contains invalid characters. Allowed : letters, digits, underscore, dash"; exit 1
69+ fi
70+ # branch: allow common ref patterns; spaces not allowed
71+ if ! [[ "$branch" =~ ^[A-Za-z0-9._/-]+$ ]]; then
72+ echo "Input 'branch' contains invalid characters. Allowed : letters, digits, ., _, -, /"; exit 1
73+ fi
74+ # manifest: either HTTPS URL ending with .xml, or a filename ending with .xml (no spaces)
75+ if [[ "$manifest" == http*://* ]]; then
76+ if ! [[ "$manifest" =~ ^https:// ]]; then
77+ echo "Manifest URL must be HTTPS"; exit 1
78+ fi
79+ if ! [[ "$manifest" =~ \.xml($|\?) ]]; then
80+ echo "Manifest URL should point to an XML file (.xml)"; exit 1
81+ fi
82+ else
83+ if ! [[ "$manifest" =~ \.xml$ ]]; then
84+ echo "Manifest filename must end with .xml"; exit 1
85+ fi
86+ if [[ "$manifest" =~ [[:space:]] ]]; then
87+ echo "Manifest filename cannot contain spaces"; exit 1
88+ fi
5589 fi
90+ # Optimize level validation
91+ case "$optimize" in
92+ O2|O3) ;;
93+ *) echo "optimize_level must be O2 or O3; got '$optimize'"; exit 1 ;;
94+ esac
5695 echo "Input validation OK."
96+ echo "::endgroup::"
5797
5898 - name : Install Minimal Dependencies
5999 shell : bash
@@ -166,6 +206,8 @@ runs:
166206 cd susfs4ksu
167207 if git rev-parse --verify "origin/$SUSFS_BRANCH" >/dev/null 2>&1 || git rev-parse --verify "$SUSFS_BRANCH" >/dev/null 2>&1; then
168208 git checkout "$SUSFS_BRANCH"
209+ SUSFS_COMMIT_SHA=$(git rev-parse HEAD)
210+ echo "SUSFS_COMMIT_SHA=$SUSFS_COMMIT_SHA" >> $GITHUB_ENV
169211 else
170212 echo "Error: SUSFS branch or ref '$SUSFS_BRANCH' not found."
171213 exit 1
@@ -202,6 +244,10 @@ runs:
202244 curl --fail --location --proto '=https' -LSs "https://raw.githubusercontent.com/KernelSU-Next/KernelSU-Next/next/kernel/setup.sh" | bash -s "${{ inputs.ksun_branch }}"
203245 fi
204246 git submodule update --init --recursive
247+ cd KernelSU-Next
248+ KSUN_COMMIT_SHA=$(git rev-parse HEAD)
249+ echo "KSUN_COMMIT_SHA=$KSUN_COMMIT_SHA" >> $GITHUB_ENV
250+ cd ..
205251
206252name : Apply SUSFS Patches
207253 shell : bash
@@ -260,7 +306,41 @@ runs:
260306 sed -i '/#include <trace\/hooks\/blk.h>/a #include <trace\/hooks\/fs.h>' ./fs/namespace.c
261307 fi
262308 fi
263- patch -p1 < 50_add_susfs_in_${{ env.SUSFS_KERNEL_BRANCH }}.patch || true
309+
310+ # Fake kernel patch to fix failures
311+ fake_patched=0
312+ if [ "${{ env.ANDROID_VER }}" = "android15" ] && [ "${{ env.KERNEL_VER }}" = "6.6" ]; then
313+ if ! grep -qxF $'\tunsigned int nr_subpages = __PAGE_SIZE / PAGE_SIZE;' ./fs/proc/task_mmu.c; then
314+ echo "nr_subpages Line not found. Fake Patching!"
315+ sed -i -e '/int ret = 0, copied = 0;/a \\tunsigned int nr_subpages \= __PAGE_SIZE \/ PAGE_SIZE;' -e '/int ret = 0, copied = 0;/a \\tpagemap_entry_t \*res = NULL;' ./fs/proc/task_mmu.c
316+ fake_patched=1
317+ fi
318+ fi
319+ if [ "${{ env.ANDROID_VER }}" = "android12" ] && [ "${{ env.KERNEL_VER }}" = "5.10" ]; then
320+ if ! grep -qxF $'\tif (!vma_pages(vma))' ./fs/proc/task_mmu.c; then
321+ echo "vma_pages Line not found. Fake Patching!"
322+ fake_patched=1
323+ fi
324+ fi
325+
326+ patch -p1 < 50_add_susfs_in_${{ env.SUSFS_KERNEL_BRANCH }}.patch
327+
328+ # Revert Fake kernel patch
329+ if [ "$fake_patched" = 1 ]; then
330+ if [ "${{ env.ANDROID_VER }}" = "android15" ] && [ "${{ env.KERNEL_VER }}" = "6.6" ]; then
331+ if grep -qxF $'\tunsigned int nr_subpages = __PAGE_SIZE / PAGE_SIZE;' ./fs/proc/task_mmu.c; then
332+ echo "nr_subpages Line found. Revert Fake Patching!"
333+ sed -i -e '/unsigned int nr_subpages \= __PAGE_SIZE \/ PAGE_SIZE;/d' -e '/pagemap_entry_t \*res = NULL;/d' ./fs/proc/task_mmu.c
334+ fi
335+ fi
336+ if [ "${{ env.ANDROID_VER }}" = "android12" ] && [ "${{ env.KERNEL_VER }}" = "5.10" ]; then
337+ if grep -qxF $'\t\tgoto show_pad;' ./fs/proc/task_mmu.c; then
338+ echo "vma_pages Line found. Revert Fake Patching!"
339+ sed -i -e 's/goto show_pad;/return 0;/' ./fs/proc/task_mmu.c
340+ fi
341+ fi
342+ fi
343+
264344 KERNEL_VERSION="${{ env.KERNEL_VER }}"
265345 MIN_VERSION="5.16"
266346 if [ "$(printf '%s\n' "$KERNEL_VERSION" "$MIN_VERSION" | sort -V | head -n1)" = "$KERNEL_VERSION" ]; then
@@ -269,7 +349,7 @@ runs:
269349 else
270350 echo "Kernel >= $MIN_VERSION, skipping ptrace patch"
271351 fi
272- if [ "${{ inputs.model }}" == "OPAce5Pro" ] || [ "${{ inputs.model }}" == "OP13-CN " ] || [ "${{ inputs.model }}" == "OP13-GLO " ]; then
352+ if [ "${{ inputs.model }}" == "OPAce5Pro" ] || [ "${{ inputs.model }}" == "OP13-PJZ " ] || [ "${{ inputs.model }}" == "OP13-CPH " ]; then
273353 echo "Patching hmbird!"
274354 echo 'obj-y += hmbird_patch.o' >> ./drivers/Makefile
275355 patch -p1 -F 3 < "../../../kernel_patches/oneplus/hmbird/hmbird_kernel_patch.patch"
@@ -278,7 +358,7 @@ runs:
278358 rm -rf ext.c ext.h build_policy.c slim.h slim_sysctl.c
279359 patch -p1 -F 3 < "../../../../../kernel_patches/oneplus/hmbird/hmbird_files_patch.patch"
280360 else
281- echo "Not OPAce5Pro / OP13-CN / OP13-GLO , skipping fengchi patch"
361+ echo "Not OPAce5Pro / OP13-PJZ / OP13-CPH , skipping fengchi patch"
282362 fi
283363
284364name : Apply KSUN Hooks
@@ -294,7 +374,7 @@ runs:
294374 set -euo pipefail
295375 cd "$CONFIG/kernel_platform/common"
296376 curl -Ls "https://raw.githubusercontent.com/fatalcoder524/kernel_patches_additional/refs/heads/main/random_qstr.patch" | patch -p1 --forward
297-
377+
298378name : Add KernelSU-Next and SUSFS Configuration Settings
299379 shell : bash
300380 run : |
@@ -319,6 +399,7 @@ runs:
319399 CONFIG_KSU_SUSFS_HIDE_KSU_SUSFS_SYMBOLS=y
320400 CONFIG_KSU_SUSFS_SPOOF_CMDLINE_OR_BOOTCONFIG=y
321401 CONFIG_KSU_SUSFS_OPEN_REDIRECT=y
402+ CONFIG_KSU_SUSFS_SUS_MAP=y
322403 CONFIG_KSU_SUSFS_SUS_SU=n
323404 CONFIG_TMPFS_XATTR=y
324405 CONFIG_TMPFS_POSIX_ACL=y
@@ -409,12 +490,19 @@ runs:
409490
410491name : Build Kernel
411492 shell : bash
493+ env :
494+ PYTHONWARNINGS : " ignore:invalid escape sequence"
412495 run : |
413496 set -euo pipefail
497+ echo "::group::Build kernel"
414498 KERNEL_PATH="$GITHUB_WORKSPACE/$CONFIG/kernel_platform"
415499 COMMON="$KERNEL_PATH/common"
416500 cd "$COMMON"
417501 : > "$COMMON/.scmversion"
502+
503+ # Ensure Python warnings are suppressed for scripts invoked by make
504+ export PYTHONWARNINGS="${PYTHONWARNINGS}"
505+
418506 if [ -n "${CLANG_BIN_PATH:-}" ] && [ -x "${CLANG_BIN_PATH}/clang" ]; then
419507 export PATH="${CLANG_BIN_PATH}:$PATH"
420508 fi
@@ -427,30 +515,43 @@ runs:
427515 OUT=out
428516 mkdir -p "$OUT"
429517 make O="$OUT" gki_defconfig
518+
519+ # LOCALVERSION branding
430520 if [ -n "${CUSTOM_LOCALVERSION:-}" ]; then
431521 scripts/config --file "$OUT/.config" --set-str LOCALVERSION "${CUSTOM_LOCALVERSION}"
432522 scripts/config --file "$OUT/.config" -d LOCALVERSION_AUTO || true
433523 sed -i 's/scm_version="$(scm_version --short)"/scm_version=""/' scripts/setlocalversion
434524 fi
525+
526+ # Optimize level config and flags
435527 if [ "${{ inputs.optimize_level }}" = "O3" ]; then
436528 scripts/config --file "$OUT/.config" -d CC_OPTIMIZE_FOR_PERFORMANCE
437529 scripts/config --file "$OUT/.config" -e CC_OPTIMIZE_FOR_PERFORMANCE_O3
438- export KCFLAGS ="-Wno-error -pipe -O3 -fno-stack-protector "
530+ KCFLAGS_EXTRA ="-O3 "
439531 else
440532 scripts/config --file "$OUT/.config" -e CC_OPTIMIZE_FOR_PERFORMANCE
441533 scripts/config --file "$OUT/.config" -d CC_OPTIMIZE_FOR_PERFORMANCE_O3
442- export KCFLAGS ="-Wno-error -pipe -O2 -fno-stack-protector "
534+ KCFLAGS_EXTRA ="-O2 "
443535 fi
444- export KCPPFLAGS="-DCONFIG_OPTIMIZE_INLINING"
536+
537+ # Consistent flags; include -pipe and disable stack protector
538+ KCFLAGS="-Wno-error -pipe -fno-stack-protector ${KCFLAGS_EXTRA}"
539+ KCPPFLAGS="-DCONFIG_OPTIMIZE_INLINING"
540+
541+ # Regenerate defaults after config edits
445542 make O="$OUT" olddefconfig
543+
446544 echo "Starting build with $(nproc --all) threads..."
447545 set -o pipefail
448- make -j"$(nproc --all)" O="$OUT" 2>&1 | tee build.log
546+ make -j"$(nproc --all)" O="$OUT" KCFLAGS="$KCFLAGS" KCPPFLAGS="$KCPPFLAGS" 2>&1 | tee build.log
547+
449548 IMG="$OUT/arch/arm64/boot/Image"
450549 if [ ! -f "$IMG" ]; then
451- echo "Kernel Image missing"; exit 1
550+ echo "Kernel Image missing"
551+ exit 1
452552 fi
453553 sha256sum "$IMG" | tee "$OUT/Image.sha256"
554+ echo "::endgroup::"
454555
455556name : Collect Build Stats / Validate Image
456557 id : collect_stats
@@ -499,11 +600,11 @@ runs:
499600 cd "$GITHUB_WORKSPACE/AnyKernel3"
500601
501602 # Optional hmbird patch logic
502- if [ "${{ inputs.model }}" == "OPAce5Pro" ] || [ "${{ inputs.model }}" == "OP13-CN " ] || [ "${{ inputs.model }}" == "OP13-GLO " ]; then
603+ if [ "${{ inputs.model }}" == "OPAce5Pro" ] || [ "${{ inputs.model }}" == "OP13-PJZ " ] || [ "${{ inputs.model }}" == "OP13-CPH " ]; then
503604 cp "$GITHUB_WORKSPACE/kernel_patches/oneplus/hmbird/bins/"* ./tools/ 2>/dev/null || true
504605 patch -F 3 < "$GITHUB_WORKSPACE/kernel_patches/oneplus/hmbird/ak3_hmbird_patch.patch"
505606 fi
506-
607+
507608 ZIP_NAME="AnyKernel3_${{ inputs.model }}_${{ env.KERNEL_FULL_VER }}_Next_${KSUVER}_${SUSVER}.zip"
508609 ARTIFACTS_DIR="$CONFIG_DIR/artifacts"
509610 mkdir -p "$ARTIFACTS_DIR"
@@ -516,7 +617,7 @@ runs:
516617
517618 # Output for later steps (optional)
518619 echo "zip_name=$ZIP_NAME" >> "$GITHUB_OUTPUT"
519-
620+
520621 - name : Final Build Summary
521622 shell : bash
522623 run : |
@@ -527,8 +628,10 @@ runs:
527628 echo "Kernel base: ${{ env.KERNEL_VER }}"
528629 echo "Kernel full: ${{ env.KERNEL_FULL_VER }}"
529630 echo "Kernel Uname: ${{ env.KERNEL_UNAME }}"
530- echo "KSU Version: ${KSUVER:-unknown}"
631+ echo "KSUN Version: ${KSUVER:-unknown}"
632+ echo "KSUN commit SHA: ${{ env.KSUN_COMMIT_SHA }}"
531633 echo "SUSFS Version: ${SUSVER:-unknown}"
634+ echo "SUSFS commit SHA: ${{ env.SUSFS_COMMIT_SHA }}"
532635 echo "Optimization: ${{ inputs.optimize_level }}"
533636 echo "Image SHA256: ${{ steps.collect_stats.outputs.image_sha256 }}"
534637 echo "Compiler: ${CLANG_VERSION:-unknown}"
@@ -541,17 +644,18 @@ runs:
541644 echo "- Android: ${{ env.ANDROID_VER }}"
542645 echo "- Kernel Version: ${{ steps.save_metadata.outputs.kernel_version }}"
543646 echo "- Kernel Uname: ${{ env.KERNEL_UNAME }}"
544- echo "- KSU Version: ${KSUVER:-unknown}"
545- echo "- SUSFS Version: ${SUSVER:-unknown }"
647+ echo "- KSUN Version: ${KSUVER:-unknown}"
648+ echo "- KSUN commit SHA: [${{ env.KSUN_COMMIT_SHA }}](https://github.com/KernelSU-Next/KernelSU-Next/commit/${{ env.KSUN_COMMIT_SHA }})"
649+ echo "- SUSFS Version: ${SUSVER:-unknown}"
650+ echo "- SUSFS commit SHA: [${{ env.SUSFS_COMMIT_SHA }}](https://gitlab.com/simonpunk/susfs4ksu/-/commit/${{ env.SUSFS_COMMIT_SHA }})"
546651 echo "- Optimization: ${{ inputs.optimize_level }}"
547652 echo "- Image SHA256: ${{ steps.collect_stats.outputs.image_sha256 }}"
548653 echo "- Warnings Count: ${{ steps.collect_stats.outputs.warnings_count }}"
549654 } >> "$GITHUB_STEP_SUMMARY"
550-
655+
551656name : Upload Artifacts
552657 if : success() && steps.create_zip.conclusion == 'success'
553658 uses : actions/upload-artifact@v4
554659 with :
555660 name : kernel-${{ env.CONFIG }}
556661 path : ${{ env.CONFIG }}/artifacts/
557-
0 commit comments