.github/workflows/stealth-push.yaml

name: Static Stealth Build & www push
on: [workflow_dispatch]

permissions:
  contents: write

env:
  OPENSSL_VER: 1.1.1w
  BINDIR: ${{ github.ref == 'refs/heads/master' && 'bin' || 'beta/bin' }}
  # OPENSSL_OPTS: no-tests no-dso no-threads no-shared
  OPENSSL_OPTS: no-tests no-dso no-threads no-shared no-zlib no-bf no-cast no-dh no-md2 no-mdc2 no-rc2 no-rc4 no-rc5 no-idea no-md4 no-rmd160 no-dsa no-ssl no-ssl2 -no-tls1_3 no-camellia no-seed no-afalgeng no-autoerrinit no-autoload-config no-capieng no-cms no-comp no-ct no-dgram no-engine no-err no-filenames no-gost no-ocsp no-hw-padlock no-pic no-srtp no-ssl-trace no-ui-console no-ssl3-method no-tls1-method no-tls1_1-method no-dtls1-method no-dtls1_2-method no-deprecated

jobs:
  MacOS:
    runs-on: macos-13
    steps:
      - uses: actions/checkout@v3
      - name: Compile
        run: |
          brew install automake
          ./bootstrap
          ./configure --prefix=/opt --enable-static --enable-stealth
          make all
          strip tools/gs-netcat
          mv tools/gs-netcat tools/gs-netcat_mini-macOS-x86_64
      - name: Upload artifacts
        uses: actions/upload-artifact@v3
        with:
          name: gsnc
          path: tools/gs-netcat_mini-macOS-x86_64

  MacOS-arm64:
    runs-on: macos-14
    steps:
      - uses: actions/checkout@v3
      - name: Compile
        run: |
          brew install automake
          ./bootstrap
          ./configure --prefix=/opt --enable-static --enable-stealth
          make all
          strip tools/gs-netcat
          mv tools/gs-netcat tools/gs-netcat_mini-macOS-arm64
      - name: Upload artifacts
        uses: actions/upload-artifact@v3
        with:
          name: gsnc
          path: tools/gs-netcat_mini-macOS-arm64

# https://github.com/vmactions/openbsd-vm
  OpenBSD:
    env:
      OS: "openbsd"
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: Starting the VM
        uses: vmactions/openbsd-vm@v1
        with:
          usesh: true
          prepare: |
            pkg_info -Q tar
            pkg_info -Q autoconf
            pkg_info -Q automake
            pkg_add curl
            #pkg_add autoconf-2.72p0
            pkg_add automake-1.16.5
            pkg_add openssl-3.0.8
            pkg_add gcc-11.2.0p3
            pkg_add gmake
            pkg_add tar
          # NOTE: ${OPENSSL_VER} is not passed to VM. Must use ${{ env.OPENSSL_VER }}
          run: |
            curl -SsfL https://www.openssl.org/source/openssl-${{ env.OPENSSL_VER }}.tar.gz | tar -xzf - -C /tmp/
            ( cd /tmp/openssl-${{ env.OPENSSL_VER }} && \
            ./Configure --prefix=/opt ${{ env.OPENSSL_OPTS }} BSD-generic64 && \
            make install_sw )
            rm -rf rm -rf /tmp/openssl-${{ env.OPENSSL_VER }} /opt/bin/openssl /opt/bin/c_rehash
            export AUTOCONF_VERSION=2.69
            export AUTOMAKE_VERSION=1.16
            ./bootstrap
            ./configure --enable-static --prefix=/opt --enable-stealth
            make all
            strip tools/gs-netcat
            mv tools/gs-netcat tools/gs-netcat_mini-${{ env.OS }}-x86_64
      - name: Upload artifacts
        uses: actions/upload-artifact@v3
        with:
          name: gsnc
          path: tools/gs-netcat_mini-${{ env.OS }}-x86_64

  FreeBSD:
    env:
      OS: "freebsd"
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: Starting the VM
        uses: vmactions/freebsd-vm@v1
        with:
          usesh: true
          prepare: |
            pkg install -y curl automake autoconf gcc
          run: |
            curl -SsfL https://www.openssl.org/source/openssl-${{ env.OPENSSL_VER }}.tar.gz | tar -xzf - -C /tmp/
            ( cd /tmp/openssl-${{ env.OPENSSL_VER }} && \
            ./Configure --prefix=/opt ${{ env.OPENSSL_OPTS }} BSD-generic64 && \
            make install_sw )
            rm -rf rm -rf /tmp/openssl-${{ env.OPENSSL_VER }} /opt/bin/openssl /opt/bin/c_rehash
            ./bootstrap
            ./configure --enable-static --prefix=/opt --enable-stealth
            make -C lib libgsocket.a && make -C tools gs-netcat
            strip tools/gs-netcat
            md5sum tools/gs-netcat
            tools/gs-netcat -g
            mv tools/gs-netcat tools/gs-netcat_mini-${{ env.OS }}-x86_64
      - name: Upload artifacts
        uses: actions/upload-artifact@v3
        with:
          name: gsnc
          path: tools/gs-netcat_mini-${{ env.OS }}-x86_64

  Linux-Cross-Compile:
    strategy:
      matrix:
        # arch: [x86_64, aarch64, mips64, mips32, mipsel, i686, arm, armv6, armv7l, powerpc, powerpc64, powerpcle, powerpc64le]
        include:
          - arch: x86_64
            cc: x86_64-linux-musl
            ssl: linux-generic64
            # UPX apps get SIGSTOP on grsec/SELinux 3.10/CentOS Linux 7 (Core)
            upx: 1
          - arch: aarch64
            cc: aarch64-linux-musl
            ssl: linux-generic64
            upx: 1
          - arch: mips64
            cc: mips64-linux-musl
            ssl: linux64-mips64
          - arch: mips32
            cc: mips-linux-muslsf
            ssl: linux-mips32
          - arch: mipsel
            cc: mipsel-linux-muslsf
            ssl: linux-mips32
          - arch: i686
            cc: i686-linux-musl
            ssl: linux-generic32
          - arch: arm
            cc: arm-linux-musleabi
            ssl: linux-generic32
          - arch: armv6
            cc: armv6-linux-musleabi
            ssl: linux-generic32
          - arch: armv7l
            cc: armv7l-linux-musleabihf
            ssl: linux-generic32
          - arch: powerpc
            cc: powerpc-linux-muslsf  # Big Endian, 32bit
            ssl: linux-generic32
          - arch: powerpc64
            cc: powerpc64-linux-musl  # Big Endian, 64bit
            ssl: linux-generic64
          - arch: powerpcle
            cc: powerpcle-linux-muslsf # Little Endian, 32bit
            ssl: linux-generic32
          - arch: powerpc64le
            cc: powerpc64le-linux-musl # Little Endian, 64bit
            ssl: linux-generic64
    runs-on: ubuntu-latest
    container:
      image: muslcc/x86_64:${{ matrix.cc }}
      options: --user root
    steps:
      - uses: actions/checkout@v3
      - name: Add build dependencies
        run: |
          apk add --update --no-cache --no-progress bash perl make curl upx tar dpkg autoconf automake patchelf

      - name: Cache SSL
        id: cachessl
        uses: actions/cache@v3
        with:
          path: /opt
          key: ${{ matrix.arch }}-ssl

      - name: Generate OpenSSL
        if: steps.cachessl.outputs.cache-hit != 'true'
        run: |
          curl -SsfL https://www.openssl.org/source/openssl-${{ env.OPENSSL_VER }}.tar.gz | tar -xzf - -C /tmp/
          ( cd /tmp/openssl-${{ env.OPENSSL_VER }} && \
          ./Configure --prefix=/opt ${{ env.OPENSSL_OPTS }} ${{ matrix.ssl }} && \
          make install_sw )
          rm -rf rm -rf /tmp/openssl-${{ env.OPENSSL_VER }} /opt/bin/openssl /opt/bin/c_rehash

      - name: SaveCache
        if: steps.cachessl.outputs.cache-hit != 'true'
        uses: actions/cache/save@v3
        with:
          path: /opt
          key: ${{ matrix.arch }}-ssl

      - name: Compile-${{ matrix.arch }}
        run: |
          [ ! -d /opt/dist ] && mkdir -p /opt/dist
          ./bootstrap
          ./configure --prefix=/opt --enable-realprefix=/usr --enable-static --host=${{ matrix.arch }} --enable-stealth
          make all
          strip tools/gs-netcat
          if [ "${{ matrix.upx }}" != '' ]; then
            upx tools/gs-netcat
            #patchelf --add-needed linux-vdso.so.1 tools/gs-netcat
            perl -i -0777 -pe 's/^(.{64})(.{0,256})UPX!.{4}/$1$2\0\0\0\0\0\0\0\0/s' tools/gs-netcat
            perl -i -0777 -pe 's/^(.{64})(.{0,256})\x7fELF/$1$2\0\0\0\0/s' tools/gs-netcat
            cat tools/gs-netcat \
            | perl -e 'local($/);$_=<>;s/(.*)(\$Info:[^\0]*)(.*)/print "$1";print "\0"x length($2); print "$3"/es;' \
            | perl -e 'local($/);$_=<>;s/(.*)(\$Id:[^\0]*)(.*)/print "$1";print "\0"x length($2); print "$3"/es;' \
            | perl -e 'local($/);$_=<>;s/(.*)(PROT_EXEC\|PROT_WRI[^\0]*)(.*)/print "$1";print "\0"x length($2); print "$3"/es;' >x
            cat x>tools/gs-netcat
            rm -f x
            perl -i -0777 -pe 's/UPX!/\0\0\0\0/sg' tools/gs-netcat
            # bbe -b 64:256 -e 'y/UPX/AAA/' gs-pl -o foo
          fi
          mv tools/gs-netcat tools/gs-netcat_mini-linux-${{ matrix.arch }}

      - name: Upload artifacts
        uses: actions/upload-artifact@v3
        with:
          name: gsnc
          path: tools/gs-netcat_mini-linux-${{ matrix.arch }}

  deploy:
    needs: [Linux-Cross-Compile, MacOS, OpenBSD, FreeBSD]
    name: Deploy to gsocket.io
    runs-on: ubuntu-latest
    steps:
      - name: Add build dependencies
        uses: actions/checkout@v3

      - name: Download artifacts
        uses: actions/download-artifact@v3
        with:
          path: /tmp
      
      - name: Deploy to gsocket.io/bin
        env:
          SSH_DEPLOY_KEY: ${{ secrets.SSH_DEPLOY_KEY }}
        run: |
          mkdir ~/.ssh && echo "$SSH_DEPLOY_KEY" >~/.ssh/id_ed25519 && chmod 600 ~/.ssh/id_ed25519
          cd /tmp
          git clone -b gh-pages --single-branch git@github.com:hackerschoice/gsocket.io.git
          cd gsocket.io/${BINDIR:-/dev/null}
          mv /tmp/gsnc/gs-netcat_* .
          pwd
          ls -alR
          git config --local user.name "GitHub Action"
          git config --local user.email "root@proton.thc.org"
          git add gs-netcat_* && git commit -m "stealth binary" && git push