release: 2.2.45 — soften unrecognized-PKG-magic warning (jailbroken-P… #100
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: ci | |
| # Runs on every push to main and every PR. No user-controlled inputs | |
| # interpolate into shell commands anywhere in this file — all `run:` | |
| # blocks use static strings only. | |
| on: | |
| push: | |
| branches: [main] | |
| # Explicitly *not* tags — tag pushes are the release workflow's | |
| # trigger. Leaving this list out would inherit the "all refs" | |
| # default and double-fire on `vX.Y.Z` tags that point at HEAD, | |
| # wasting a full CI run on a commit the release workflow is | |
| # already validating end-to-end. | |
| tags-ignore: ['**'] | |
| pull_request: | |
| workflow_dispatch: | |
| # One concurrency group per ref: if you push twice in a row (e.g. | |
| # CHANGELOG typo fix on main), the first run cancels instead of | |
| # keeping two redundant jobs alive. | |
| concurrency: | |
| group: ci-${{ github.ref }} | |
| cancel-in-progress: true | |
| permissions: | |
| contents: read | |
| env: | |
| CARGO_TERM_COLOR: always | |
| jobs: | |
| # ───────────────────────────────────────────────────────────────────── | |
| # Version sync gate. VERSION (repo root) is the canonical source of | |
| # truth; downstream files (payload config.h, Tauri conf, Cargo.toml, | |
| # package manifests) must all match it. Runs first because if this | |
| # fails there's no point burning cycles on clippy/tests for a release | |
| # that would ship with mismatched version strings on the payload | |
| # binary vs the desktop bundle. | |
| # ───────────────────────────────────────────────────────────────────── | |
| version-sync: | |
| name: version sync (VERSION is canonical) | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - uses: actions/checkout@v5 | |
| - uses: actions/setup-node@v5 | |
| with: | |
| node-version: 22 | |
| - name: Verify downstream files match VERSION | |
| run: node scripts/update-version.js --check | |
| # ───────────────────────────────────────────────────────────────────── | |
| # Rust workspace (engine + core + ftx2-proto). Format, clippy, tests. | |
| # Gates PRs that touch any Rust code. | |
| # ───────────────────────────────────────────────────────────────────── | |
| rust-engine: | |
| name: rust (engine workspace) | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - uses: actions/checkout@v5 | |
| - name: Install Rust stable | |
| uses: dtolnay/rust-toolchain@stable | |
| with: | |
| components: rustfmt, clippy | |
| - name: Cache cargo registry + target | |
| uses: actions/cache@v5 | |
| with: | |
| path: | | |
| ~/.cargo/registry | |
| ~/.cargo/git | |
| engine/target | |
| key: ${{ runner.os }}-engine-cargo-${{ hashFiles('engine/Cargo.lock') }} | |
| restore-keys: ${{ runner.os }}-engine-cargo- | |
| - name: cargo fmt | |
| working-directory: engine | |
| run: cargo fmt --all -- --check | |
| - name: cargo clippy | |
| working-directory: engine | |
| run: cargo clippy --workspace -- -D warnings | |
| - name: cargo test | |
| working-directory: engine | |
| env: | |
| RUST_BACKTRACE: 1 | |
| run: cargo test --workspace -- --nocapture | |
| # ───────────────────────────────────────────────────────────────────── | |
| # Engine/core target portability. This is intentionally separate from | |
| # the full release matrix: PRs get a fast compile-only signal that the | |
| # host-side engine code still type-checks for the OS/arch combinations | |
| # we ship, while release.yml remains the authoritative bundle builder. | |
| # ───────────────────────────────────────────────────────────────────── | |
| rust-engine-targets: | |
| name: rust engine target (${{ matrix.target }}) | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - os: ubuntu-24.04 | |
| target: x86_64-unknown-linux-gnu | |
| # Native arm64 runner — cross-compiling to aarch64 from x86_64 | |
| # ubuntu-24.04 fails because blake3's NEON SIMD path needs | |
| # aarch64-linux-gnu-gcc (not preinstalled, and bringing it in | |
| # would mean threading TARGET_CC env vars through every step). | |
| # Matches release.yml's arm64 build leg. | |
| - os: ubuntu-24.04-arm | |
| target: aarch64-unknown-linux-gnu | |
| - os: macos-14 | |
| target: aarch64-apple-darwin | |
| - os: macos-14 | |
| target: x86_64-apple-darwin | |
| - os: windows-2022 | |
| target: x86_64-pc-windows-msvc | |
| - os: windows-2022 | |
| target: aarch64-pc-windows-msvc | |
| runs-on: ${{ matrix.os }} | |
| steps: | |
| - uses: actions/checkout@v5 | |
| - name: Install Rust stable | |
| uses: dtolnay/rust-toolchain@stable | |
| with: | |
| targets: ${{ matrix.target }} | |
| - name: cargo check core | |
| working-directory: engine | |
| run: cargo check -p ps5upload-core --target ${{ matrix.target }} | |
| - name: cargo check engine | |
| working-directory: engine | |
| run: cargo check -p ps5upload-engine --target ${{ matrix.target }} | |
| # ───────────────────────────────────────────────────────────────────── | |
| # Rust desktop shell (client/src-tauri). Uses its own workspace so | |
| # it doesn't share target/ with the engine. Tauri pulls heavy | |
| # system deps on Linux (webkit/gtk), so we cache aggressively. | |
| # ───────────────────────────────────────────────────────────────────── | |
| rust-desktop: | |
| name: rust desktop (${{ matrix.os }}) | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| os: [ubuntu-24.04, macos-14, windows-2022] | |
| runs-on: ${{ matrix.os }} | |
| steps: | |
| - uses: actions/checkout@v5 | |
| - name: Install Rust stable | |
| uses: dtolnay/rust-toolchain@stable | |
| with: | |
| components: clippy | |
| - name: Install Tauri Linux deps | |
| if: runner.os == 'Linux' | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y \ | |
| libgtk-3-dev \ | |
| libwebkit2gtk-4.1-dev \ | |
| libappindicator3-dev \ | |
| librsvg2-dev \ | |
| libsoup-3.0-dev \ | |
| libjavascriptcoregtk-4.1-dev \ | |
| patchelf \ | |
| build-essential | |
| - name: Cache cargo target | |
| uses: actions/cache@v5 | |
| with: | |
| path: | | |
| ~/.cargo/registry | |
| ~/.cargo/git | |
| client/src-tauri/target | |
| key: ${{ matrix.os }}-desktop-cargo-${{ hashFiles('client/src-tauri/Cargo.lock') }} | |
| restore-keys: ${{ matrix.os }}-desktop-cargo- | |
| # tauri.conf.json bundles two out-of-tree resources: the PS5 | |
| # payload (ps5upload.elf.gz) and the engine sidecar binary. | |
| # cargo check parses those resource paths and errors out if | |
| # anything is missing, long before any code compiles. Stub the | |
| # payload .gz (we don't need a real ELF for type-checking, just | |
| # a file at that path) and build the engine binary for real so | |
| # its target path exists. The stub's bytes are a valid empty | |
| # gzip stream so any runtime decompression would at least not | |
| # fault — but CI only checks, never runs, so the shape is what | |
| # matters. | |
| - name: Stub payload resource | |
| shell: bash | |
| run: | | |
| mkdir -p payload | |
| printf '\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\x03\x03\x00\x00\x00\x00\x00\x00\x00\x00\x00' > payload/ps5upload.elf.gz | |
| - name: Build engine sidecar (needed as a Tauri resource) | |
| working-directory: engine | |
| run: cargo build --release -p ps5upload-engine | |
| - name: cargo check | |
| working-directory: client/src-tauri | |
| run: cargo check --all-targets | |
| - name: cargo clippy | |
| working-directory: client/src-tauri | |
| run: cargo clippy --all-targets -- -D warnings | |
| - name: cargo test | |
| working-directory: client/src-tauri | |
| env: | |
| RUST_BACKTRACE: 1 | |
| run: cargo test | |
| # ───────────────────────────────────────────────────────────────────── | |
| # Client frontend — TypeScript typecheck, ESLint, Vitest, Vite build. | |
| # ───────────────────────────────────────────────────────────────────── | |
| client-frontend: | |
| name: client (ts + vite) | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - uses: actions/checkout@v5 | |
| - uses: actions/setup-node@v5 | |
| with: | |
| node-version: 22 | |
| cache: npm | |
| cache-dependency-path: client/package-lock.json | |
| - name: Install deps | |
| working-directory: client | |
| run: npm ci --no-audit --no-fund | |
| - name: TypeScript typecheck | |
| working-directory: client | |
| run: npm run typecheck | |
| - name: ESLint | |
| working-directory: client | |
| run: npm run lint | |
| - name: Vitest | |
| working-directory: client | |
| run: npm test | |
| - name: Vite production build | |
| working-directory: client | |
| run: npm run build:vite | |
| # ───────────────────────────────────────────────────────────────────── | |
| # Repo scripts and hygiene. Runs the same parser/audit layer exposed by | |
| # `make lint-scripts` / `npm run scripts:check`. | |
| # ───────────────────────────────────────────────────────────────────── | |
| repo-scripts: | |
| name: repo scripts | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| os: [ubuntu-24.04, macos-14, windows-2022] | |
| runs-on: ${{ matrix.os }} | |
| steps: | |
| - uses: actions/checkout@v5 | |
| - uses: actions/setup-node@v5 | |
| with: | |
| node-version: 22 | |
| - name: Check script syntax | |
| run: npm run scripts:check | |
| - name: Audit scripts | |
| run: npm run scripts:audit | |
| # ───────────────────────────────────────────────────────────────────── | |
| # Coverage reports. This is a reporting job, not the primary gate: | |
| # rust-engine and client-frontend above fail fast on correctness. | |
| # Artifacts contain HTML + lcov for trend tracking and local inspection. | |
| # ───────────────────────────────────────────────────────────────────── | |
| coverage: | |
| name: coverage reports | |
| runs-on: ubuntu-24.04 | |
| # Reporting job — not a gate. cargo-llvm-cov occasionally trails | |
| # rustc's profraw format version (we hit "raw profile version | |
| # mismatch: ... expected version = 9" when rustc bumped to v10), | |
| # and we don't want a coverage tool's release cadence to block | |
| # PRs on unrelated correctness work. The artifact is for trend | |
| # inspection, not enforcement. | |
| continue-on-error: true | |
| steps: | |
| - uses: actions/checkout@v5 | |
| - uses: actions/setup-node@v5 | |
| with: | |
| node-version: 22 | |
| cache: npm | |
| cache-dependency-path: client/package-lock.json | |
| - name: Install client deps | |
| working-directory: client | |
| run: npm ci --no-audit --no-fund | |
| - name: Install Rust stable | |
| uses: dtolnay/rust-toolchain@stable | |
| with: | |
| components: llvm-tools-preview | |
| - name: Install cargo-llvm-cov | |
| uses: taiki-e/install-action@cargo-llvm-cov | |
| - name: Generate coverage | |
| run: npm run coverage | |
| - name: Upload coverage artifact | |
| uses: actions/upload-artifact@v6 | |
| with: | |
| name: coverage-reports | |
| path: | | |
| coverage/ | |
| client/coverage/ | |
| # ───────────────────────────────────────────────────────────────────── | |
| # Payload ELF — compile against the ps5-payload-sdk so we catch any | |
| # breakage to the C code. Doesn't upload artifacts; release.yml does | |
| # that on tagged runs. Keeps PR feedback loop tight. | |
| # ───────────────────────────────────────────────────────────────────── | |
| payload: | |
| name: payload (ELF) | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - uses: actions/checkout@v5 | |
| - name: Install payload toolchain | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y clang lld unzip | |
| # Pin SDK tag — keep in sync with release.yml. v0.38 ships the | |
| # 11.x + 12.x kernel offsets we rely on. | |
| - name: Download PS5 Payload SDK | |
| env: | |
| PS5_SDK_TAG: v0.38 | |
| run: | | |
| curl -L -o /tmp/ps5-payload-sdk.zip \ | |
| "https://github.com/ps5-payload-dev/sdk/releases/download/${PS5_SDK_TAG}/ps5-payload-sdk.zip" | |
| sudo unzip -q /tmp/ps5-payload-sdk.zip -d /opt | |
| - name: Build payload | |
| env: | |
| PS5_PAYLOAD_SDK: /opt/ps5-payload-sdk | |
| run: make payload | |
| - name: Verify ELF | |
| run: | | |
| file payload/ps5upload.elf | |
| test -s payload/ps5upload.elf | |
| # Sanity-check the payload is a real build, not a zero-byte | |
| # stub. Current payload is ~600 KB (runtime + takeover + | |
| # register + blake3 SIMD backends); drop the floor to 200 KB | |
| # so legitimate shrinkage from future refactors doesn't false- | |
| # positive while still catching a broken/empty build. | |
| size_bytes=$(stat -c '%s' payload/ps5upload.elf) | |
| echo "ps5upload.elf: ${size_bytes} bytes" | |
| if [ "$size_bytes" -lt 200000 ]; then | |
| echo "::error::payload ELF is smaller than expected — build may have failed silently" | |
| exit 1 | |
| fi | |
| # ───────────────────────────────────────────────────────────────────── |