add upload/download buffer size setting #17
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: obfuscate | |
| on: | |
| push: | |
| tags: | |
| - '**' # Push events to every tag including hierarchical tags like v1.0/beta | |
| schedule: | |
| - cron: '41 19 * * 4' # UTC+8 every friday 03:41 | |
| workflow_dispatch: # Trigger manually | |
| jobs: | |
| build: | |
| permissions: | |
| id-token: write | |
| contents: write | |
| attestations: write | |
| runs-on: ubuntu-latest | |
| env: | |
| projName: cfxhttp | |
| actionRunsUrl: 'https://github.com/vrnobody/cfxhttp/actions/runs/' | |
| steps: | |
| - name: Checkout main | |
| uses: actions/checkout@v4 | |
| - name: Checkout latest tag | |
| run: | | |
| git fetch --tags --force | |
| latestTag=$(git describe --tags "$(git rev-list --tags --max-count=1)") | |
| git checkout $latestTag | |
| echo "TAG=${latestTag}" >> "$GITHUB_ENV" | |
| - name: Setup node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: '20' | |
| - name: Install obfuscator | |
| run: npm install javascript-obfuscator | |
| - name: Do obfuscate | |
| run: | | |
| ./node_modules/.bin/javascript-obfuscator ./src/index.js --output ./src/_worker.js \ | |
| --control-flow-flattening true \ | |
| --dead-code-injection true \ | |
| --rename-globals true \ | |
| --string-array-encoding 'rc4' \ | |
| --transform-object-keys true \ | |
| --unicode-escape-sequence true | |
| - name: Create assets | |
| uses: vimtor/[email protected] | |
| with: | |
| files: ./src/_worker.js | |
| dest: ${{ env.projName }}.zip | |
| - name: Calc sha256sum | |
| run: | | |
| echo DATE="$(date +'%Y-%m-%d %H:%M')" >> "$GITHUB_ENV" | |
| pkg="${projName}.zip" | |
| hash="$(sha256sum ${pkg} | awk '{ print $1 }')" | |
| echo CHECKSUM="${hash}" >> "$GITHUB_ENV" | |
| echo "${pkg} sha256: ${hash}" >> "$GITHUB_STEP_SUMMARY" | |
| - name: Attest | |
| uses: actions/attest-build-provenance@v1 | |
| with: | |
| subject-path: "${{ env.projName }}.zip" | |
| - name: Publish Release | |
| uses: softprops/action-gh-release@v2 | |
| with: | |
| name: "${{ env.TAG }} ${{ env.DATE }}" | |
| tag_name: "${{ env.TAG }}" | |
| body: | | |
| `${{ env.projName }}.zip` 是 `${{ env.TAG }}` 混淆后的代码 | |
| SHA256: ${{ env.CHECKSUM }} | |
| Action ID: [${{ github.run_id }}](${{ env.actionRunsUrl }}${{ github.run_id }}) | |
| `Source code (zip)` 里面有明文代码 | |
| 更新日志:[update-log.md](https://github.com/vrnobody/cfxhttp/blob/main/docs/update-log.md) | |
| 这个发布使用 [attestations](https://docs.github.com/zh/actions/security-for-github-actions/using-artifact-attestations/using-artifact-attestations-to-establish-provenance-for-builds) 来保证,混淆后的代码没有夹带私货。 | |
| 当然,自己使用明文源代码做混淆更安全。 | |
| `${{ env.projName }}.zip` is the obfuscated code of `${{ env.TAG }}`. | |
| `Source code (zip)` contains the plain text source code. | |
| draft: false | |
| prerelease: false | |
| files: "${{ env.projName }}.zip" |