From 800671fdf4b722e17f725922adb219e351925e82 Mon Sep 17 00:00:00 2001 From: luigimak Date: Sun, 5 Apr 2026 18:42:25 +0200 Subject: [PATCH 1/2] feat(ci): dynamic SUSFS version extraction - Extract SUSFS_BASE_VERSION at runtime from susfs4ksu GitLab repo via raw file API (kernel_patches/include/linux/susfs.h), fetched inside the existing hash resolution loop - Retry version fetch up to 3 times with 5s delay, consistent with hash resolution retry strategy already in place - Warn if version cannot be extracted after retries - Expose susfs_base_version as output from set-op-model job - Set susfs_base_version=unknown when SUSFS is disabled for the device Source: https://github.com/WildKernels/OnePlus_KernelSU_SUSFS/pull/166 --- .github/workflows/build-kernel-release.yml | 33 ++++++++++++++++++++-- 1 file changed, 31 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build-kernel-release.yml b/.github/workflows/build-kernel-release.yml index c89f0cc..1bfcd6c 100644 --- a/.github/workflows/build-kernel-release.yml +++ b/.github/workflows/build-kernel-release.yml @@ -131,6 +131,7 @@ jobs: ksu_resolved_hash: ${{ steps.set-matrix.outputs.ksu_resolved_hash }} ksu_options_normalized: ${{ steps.set-matrix.outputs.ksu_options_normalized }} susfs_resolved_hash: ${{ steps.set-matrix.outputs.susfs_resolved_hash }} + susfs_base_version: ${{ steps.set-matrix.outputs.susfs_base_version }} steps: - name: đŸ“Ĩ Checkout Code (to access configs/) uses: actions/checkout@v6 @@ -294,9 +295,9 @@ jobs: RETRY_COUNT=0 RETRY_DELAY=5 susfs_resolved="" + susfs_base_version="unknown" until [ $RETRY_COUNT -ge $MAX_RETRIES ]; do - # We query the commit endpoint which accepts Branch, Tag, or SHA RESULT=$(curl -s --fail \ "https://gitlab.com/api/v4/projects/${PROJECT_ID}/repository/commits/${susfs_ref}") EXIT_CODE=$? @@ -304,6 +305,27 @@ jobs: if [ $EXIT_CODE -eq 0 ] && [ -n "$RESULT" ]; then susfs_resolved=$(echo "$RESULT" | jq -r '.id') echo " ✅ Resolved: $susfs_key → $susfs_resolved" + + # Single loop: fetch SUSFS_VERSION from susfs.h using same ref + VER_RETRY=0 + VER_MAX_RETRIES=3 + VER_RETRY_DELAY=5 + until [ $VER_RETRY -ge $VER_MAX_RETRIES ]; do + RAW_CONTENT=$(curl -s --fail \ + "https://gitlab.com/api/v4/projects/${PROJECT_ID}/repository/files/kernel_patches%2Finclude%2Flinux%2Fsusfs.h/raw?ref=${susfs_ref}") + if [ $? -eq 0 ] && [ -n "$RAW_CONTENT" ]; then + extracted=$(echo "$RAW_CONTENT" | grep '#define SUSFS_VERSION' | awk -F'"' '{print $2}') + if [ -n "$extracted" ]; then + susfs_base_version="$extracted" + echo " ✅ SUSFS_VERSION = $susfs_base_version" + break + fi + fi + VER_RETRY=$((VER_RETRY + 1)) + echo "::warning::Failed to fetch susfs.h (Attempt $VER_RETRY/$VER_MAX_RETRIES). Retrying in ${VER_RETRY_DELAY}s..." + sleep $VER_RETRY_DELAY + done + break fi @@ -312,17 +334,24 @@ jobs: sleep $RETRY_DELAY done - # Final Validation + # Final Validation — SUSFS hash if [ -z "$susfs_resolved" ] || [ "$susfs_resolved" = "null" ]; then echo "::error::Could not resolve SUSFS ref '$susfs_ref' for $susfs_key on GitLab." exit 1 fi + + # Final Validation — SUSFS version + if [ "$susfs_base_version" = "unknown" ]; then + echo "::warning::Could not extract SUSFS_VERSION from susfs.h after $VER_MAX_RETRIES attempts." + fi else susfs_resolved="unknown" + susfs_base_version="unknown" echo "ℹī¸ SUSFS disabled for this device, skipping resolution" fi echo "susfs_resolved_hash=$susfs_resolved" >> "$GITHUB_OUTPUT" + echo "susfs_base_version=$susfs_base_version" >> "$GITHUB_OUTPUT" # Inject susfs_resolved_hash into matrix merged_matrix=$(echo "$merged_matrix" | jq \ From 927fd05a0e9e8b339ca22f54f2cca2b383ab1b91 Mon Sep 17 00:00:00 2001 From: luigimak Date: Sun, 5 Apr 2026 22:44:33 +0200 Subject: [PATCH 2/2] refactor(ci): migrate GitLab SUSFS API calls from REST to GraphQL - Replace two separate REST calls (commit hash + file content) with a single GraphQL query fetching both SHA and susfs.h blob in one call - Replace PROJECT_ID (REST URL-encoded) with GITLAB_PROJECT_PATH (GraphQL full path) - Consistent with main repo GraphQL approach --- .github/workflows/build-kernel-release.yml | 49 ++++++++-------------- 1 file changed, 17 insertions(+), 32 deletions(-) diff --git a/.github/workflows/build-kernel-release.yml b/.github/workflows/build-kernel-release.yml index 1bfcd6c..8cf4d53 100644 --- a/.github/workflows/build-kernel-release.yml +++ b/.github/workflows/build-kernel-release.yml @@ -268,8 +268,7 @@ jobs: merged_matrix=$(echo "$merged_matrix" | jq --arg resolved_sha "$resolved_sha" 'map(.ksu_resolved_hash = $resolved_sha)') # SUSFS hash fetch - SUSFS_REPO="https://gitlab.com/simonpunk/susfs4ksu.git" - PROJECT_ID="simonpunk%2fsusfs4ksu" + GITLAB_PROJECT_PATH="simonpunk/susfs4ksu" android_ver=$(echo "$merged_matrix" | jq -r '.[0].android_version') kernel_ver=$(echo "$merged_matrix" | jq -r '.[0].kernel_version') susfs_key="${android_ver}-${kernel_ver}" @@ -289,8 +288,11 @@ jobs: susfs_enabled=$(echo "$merged_matrix" | jq -r '.[0].susfs') if [ "$susfs_enabled" = "true" ]; then - echo "🔍 Resolving SUSFS hash for: $susfs_key (ref: $susfs_ref)" + echo "🔍 Resolving SUSFS hash and version for: $susfs_key (ref: $susfs_ref)" + # Single GraphQL query: fetch commit SHA + susfs.h blob in one call + GL_QUERY="{ project(fullPath: \"${GITLAB_PROJECT_PATH}\") { repository { ch: commit(ref: \"${susfs_ref}\") { sha } blobs(paths: [\"kernel_patches/include/linux/susfs.h\"], ref: \"${susfs_ref}\") { nodes { rawBlob } } } } }" + MAX_RETRIES=3 RETRY_COUNT=0 RETRY_DELAY=5 @@ -298,39 +300,22 @@ jobs: susfs_base_version="unknown" until [ $RETRY_COUNT -ge $MAX_RETRIES ]; do - RESULT=$(curl -s --fail \ - "https://gitlab.com/api/v4/projects/${PROJECT_ID}/repository/commits/${susfs_ref}") + RESPONSE=$(curl -s --fail -G "https://gitlab.com/api/graphql" --data-urlencode "query=$GL_QUERY") EXIT_CODE=$? - if [ $EXIT_CODE -eq 0 ] && [ -n "$RESULT" ]; then - susfs_resolved=$(echo "$RESULT" | jq -r '.id') - echo " ✅ Resolved: $susfs_key → $susfs_resolved" - - # Single loop: fetch SUSFS_VERSION from susfs.h using same ref - VER_RETRY=0 - VER_MAX_RETRIES=3 - VER_RETRY_DELAY=5 - until [ $VER_RETRY -ge $VER_MAX_RETRIES ]; do - RAW_CONTENT=$(curl -s --fail \ - "https://gitlab.com/api/v4/projects/${PROJECT_ID}/repository/files/kernel_patches%2Finclude%2Flinux%2Fsusfs.h/raw?ref=${susfs_ref}") - if [ $? -eq 0 ] && [ -n "$RAW_CONTENT" ]; then - extracted=$(echo "$RAW_CONTENT" | grep '#define SUSFS_VERSION' | awk -F'"' '{print $2}') - if [ -n "$extracted" ]; then - susfs_base_version="$extracted" - echo " ✅ SUSFS_VERSION = $susfs_base_version" - break - fi - fi - VER_RETRY=$((VER_RETRY + 1)) - echo "::warning::Failed to fetch susfs.h (Attempt $VER_RETRY/$VER_MAX_RETRIES). Retrying in ${VER_RETRY_DELAY}s..." - sleep $VER_RETRY_DELAY - done - - break + if [ $EXIT_CODE -eq 0 ] && [ -n "$RESPONSE" ]; then + susfs_resolved=$(echo "$RESPONSE" | jq -r '.data.project.repository.ch.sha // empty') + if [ -n "$susfs_resolved" ] && [ "$susfs_resolved" != "null" ]; then + echo " ✅ Resolved: $susfs_key → $susfs_resolved" + extracted=$(echo "$RESPONSE" | jq -r '.data.project.repository.blobs.nodes[0].rawBlob // empty' | grep '#define SUSFS_VERSION' | awk -F'"' '{print $2}') + susfs_base_version="${extracted:-unknown}" + echo " ✅ SUSFS_VERSION = $susfs_base_version" + break + fi fi RETRY_COUNT=$((RETRY_COUNT + 1)) - echo "::warning::GitLab API failed (Attempt $RETRY_COUNT/$MAX_RETRIES). Retrying..." + echo "::warning::GitLab GraphQL API failed (Attempt $RETRY_COUNT/$MAX_RETRIES). Retrying..." sleep $RETRY_DELAY done @@ -342,7 +327,7 @@ jobs: # Final Validation — SUSFS version if [ "$susfs_base_version" = "unknown" ]; then - echo "::warning::Could not extract SUSFS_VERSION from susfs.h after $VER_MAX_RETRIES attempts." + echo "::warning::Could not extract SUSFS_VERSION from susfs.h after $MAX_RETRIES attempts." fi else susfs_resolved="unknown"