From 3f3bd3978bd971d908992fff7102832e846f6e9f Mon Sep 17 00:00:00 2001
From: elseif <elseif@live.cn>
Date: Wed, 18 Jun 2025 13:04:42 +0800
Subject: [PATCH] self_hosted_patch.yml

Signed-off-by: elseif <elseif@live.cn>
---
 .github/workflows/self_hosted_patch.yml | 370 ++++++++++++++++++++++++
 1 file changed, 370 insertions(+)
 create mode 100644 .github/workflows/self_hosted_patch.yml

diff --git a/.github/workflows/self_hosted_patch.yml b/.github/workflows/self_hosted_patch.yml
new file mode 100644
index 0000000..0832ffc
--- /dev/null
+++ b/.github/workflows/self_hosted_patch.yml
@@ -0,0 +1,370 @@
+# This workflow will install Python dependencies, run tests and lint with a single version of Python
+# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-python
+
+name: Self Hosted Patch
+
+on:
+  workflow_dispatch:
+    inputs:
+      arch:
+        description: 'Architecture (x86, arm64)'
+        required: true
+        default: 'x86'
+        type: choice
+        options:
+          - x86
+          - arm64
+      channel:
+        description: 'Channel (stable, testing)'
+        required: true
+        default: 'stable'
+        type: choice
+        options:
+          - stable
+          - testing
+      version:
+        description: "Version ('', 7.17, 7.17.1, 7.17.2,...)"
+        required: false
+        default: ''
+        type: string
+      buildtime:
+        description: "Build Time"
+        required: false
+        default: ''
+        type: string
+permissions:
+  contents: write
+
+env:
+  CUSTOM_LICENSE_PRIVATE_KEY: ${{ secrets.CUSTOM_LICENSE_PRIVATE_KEY }}
+  CUSTOM_LICENSE_PUBLIC_KEY: ${{ secrets.CUSTOM_LICENSE_PUBLIC_KEY }}
+  CUSTOM_NPK_SIGN_PRIVATE_KEY: ${{ secrets.CUSTOM_NPK_SIGN_PRIVATE_KEY }}
+  CUSTOM_NPK_SIGN_PUBLIC_KEY: ${{ secrets.CUSTOM_NPK_SIGN_PUBLIC_KEY }}
+  CUSTOM_CLOUD_PUBLIC_KEY: ${{ secrets.CUSTOM_CLOUD_PUBLIC_KEY }}
+  MIKRO_LICENSE_PUBLIC_KEY: ${{ secrets.MIKRO_LICENSE_PUBLIC_KEY }}
+  MIKRO_NPK_SIGN_PUBLIC_KEY: ${{ secrets.MIKRO_NPK_SIGN_PUBLIC_KEY }}
+  MIKRO_CLOUD_PUBLIC_KEY: ${{ secrets.MIKRO_CLOUD_PUBLIC_KEY }}
+  MIKRO_LICENCE_URL: ${{ secrets.MIKRO_LICENCE_URL }}
+  CUSTOM_LICENCE_URL: ${{ secrets.CUSTOM_LICENCE_URL }}
+  MIKRO_UPGRADE_URL: ${{ secrets.MIKRO_UPGRADE_URL }}
+  CUSTOM_UPGRADE_URL: ${{ secrets.CUSTOM_UPGRADE_URL }}
+  MIKRO_RENEW_URL: ${{ secrets.MIKRO_RENEW_URL }}
+  CUSTOM_RENEW_URL: ${{ secrets.CUSTOM_RENEW_URL }}
+  MIKRO_CLOUD_URL: ${{ secrets.MIKRO_CLOUD_URL }}
+  CUSTOM_CLOUD_URL: ${{ secrets.CUSTOM_CLOUD_URL }}
+
+
+jobs:
+  Set_BuildTime:
+    runs-on: self-hosted
+    outputs:
+      BUILD_TIME: ${{ steps.set_buildtime.outputs.BUILD_TIME }}
+    steps:
+      - name: Set build time
+        id: set_buildtime
+        run: |
+          _BUILD_TIME=${{ github.event.inputs.buildtime }}
+          if [ -z "$_BUILD_TIME" ]; then
+            echo "BUILD_TIME=$(date +'%s')" >> $GITHUB_OUTPUT
+          else
+             echo "BUILD_TIME=$_BUILD_TIME" >> $GITHUB_OUTPUT
+          fi
+          
+  Patch_RouterOS:
+    needs: Set_BuildTime
+    runs-on: self-hosted
+    strategy:
+      matrix:
+        arch: ${{ fromJSON(format('["{0}"]', github.event.inputs.arch || 'x86')) }}
+        channel: ${{ fromJSON(format('["{0}"]', github.event.inputs.channel || 'stable')) }}
+    env:
+      TZ: 'Asia/Shanghai'
+      LATEST_VERSION: ""
+      ARCH: ""
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
+        
+    - name: Set up Python
+      uses: actions/setup-python@v5
+      with:
+        python-version: '3.11' 
+
+    - name: Get latest routeros version
+      id: get_latest
+      run: |
+        echo $(uname -a)
+        LATEST_VERSION=${{ github.event.inputs.version }}
+        if [ -z  "$_LATEST_VERSION" ]; then
+          LATEST_VERSION=$(wget -nv -O - https://${{ env.MIKRO_UPGRADE_URL }}/routeros/NEWESTa7.${{ matrix.channel }} | cut -d ' ' -f1)
+        fi
+        echo Latest Version:$LATEST_VERSION
+        if [ "${{ github.event_name }}" == "schedule" ]; then
+          _LATEST_VERSION=$(wget -nv -O - https://${{ env.CUSTOM_UPGRADE_URL }}/routeros/NEWESTa7.${{ matrix.channel }} | cut -d ' ' -f1)
+          if [ "$_LATEST_VERSION" == "$LATEST_VERSION" ]; then
+            echo "No new version found"
+            echo "has_new_version=false" >> $GITHUB_OUTPUT
+            exit 0
+          fi
+        fi
+        echo "has_new_version=true" >> $GITHUB_OUTPUT
+        BUILD_TIME=${{ needs.Set_BuildTime.outputs.BUILD_TIME }}
+        echo Build Time:$BUILD_TIME
+        wget -nv -O CHANGELOG https://${{ env.MIKRO_UPGRADE_URL }}/routeros/$LATEST_VERSION/CHANGELOG
+        cat CHANGELOG
+        echo "LATEST_VERSION=${LATEST_VERSION}" >> $GITHUB_ENV
+        echo "BUILD_TIME=${BUILD_TIME}" >> $GITHUB_ENV
+        if [ "${{ matrix.arch }}" == "x86" ]; then
+          ARCH=''
+        elif [ "${{ matrix.arch }}" == "arm64" ]; then
+          ARCH='-arm64'
+        fi
+        echo "ARCH=$ARCH" >> $GITHUB_ENV
+        sudo apt-get update > /dev/null
+        
+    - name: Cache Squashfs
+      if: steps.get_latest.outputs.has_new_version == 'true'
+      id: cache-squashfs
+      uses: actions/cache@v4
+      with:
+        path: |
+          python3.sfs
+          option.sfs
+        key: busybox-python3-squashfs-${{ matrix.arch }}    
+        
+    - name: Create Squashfs for option and python3
+      if: steps.get_latest.outputs.has_new_version == 'true' && steps.cache-squashfs.outputs.cache-hit != 'true'
+      run: |
+        sudo mkdir -p ./option-root/bin/
+        if [ "${{ matrix.arch }}" == "x86" ]; then
+          sudo cp busybox/busybox_x86 ./option-root/bin/busybox
+          sudo chmod +x ./option-root/bin/busybox
+          sudo cp keygen/keygen_x86 ./option-root/bin/keygen
+          sudo chmod +x ./option-root/bin/keygen
+        elif [ "${{ matrix.arch }}" == "arm64" ]; then
+          sudo cp busybox/busybox_aarch64 ./option-root/bin/busybox
+          sudo chmod +x ./option-root/bin/busybox
+          sudo cp keygen/keygen_aarch64 ./option-root/bin/keygen
+          sudo chmod +x ./option-root/bin/keygen
+        fi
+        sudo chmod +x ./busybox/busybox_x86
+        COMMANDS=$(./busybox/busybox_x86 --list)
+        for cmd in $COMMANDS; do
+            sudo ln -sf /pckg/option/bin/busybox ./option-root/bin/$cmd
+        done
+        sudo mksquashfs option-root option.sfs -quiet -comp xz -no-xattrs -b 256k
+        sudo rm -rf option-root
+        if [ "${{ matrix.arch }}" == "x86" ]; then
+          sudo wget -O cpython.tar.gz -nv https://github.com/indygreg/python-build-standalone/releases/download/20241016/cpython-3.11.10+20241016-x86_64-unknown-linux-musl-install_only_stripped.tar.gz
+        elif [ "${{ matrix.arch }}" == "arm64" ]; then
+          sudo wget -O cpython.tar.gz -nv https://github.com/indygreg/python-build-standalone/releases/download/20241016/cpython-3.11.10+20241016-aarch64-unknown-linux-gnu-install_only_stripped.tar.gz
+        fi
+        sudo tar -xf cpython.tar.gz
+        sudo rm cpython.tar.gz
+        sudo rm -rf ./python/include
+        sudo rm -rf ./python/share
+        sudo mksquashfs python python3.sfs -quiet -comp xz -no-xattrs -b 256k
+        sudo rm -rf ./python
+
+    - name: Cache mikrotik-${{ env.LATEST_VERSION }}${{ env.ARCH }}.iso
+      if: steps.get_latest.outputs.has_new_version == 'true'
+      id: cache-mikrotik
+      uses: actions/cache@v4
+      with:
+        path: |
+          mikrotik.iso
+        key: mikrotik-${{ env.LATEST_VERSION }}-${{ matrix.arch }}
+
+    - name: Get mikrotik-${{ env.LATEST_VERSION }}${{ env.ARCH }}.iso
+      if: steps.get_latest.outputs.has_new_version == 'true' && steps.cache-mikrotik.outputs.cache-hit != 'true'
+      run: |
+          sudo wget -nv -O mikrotik.iso https://download.mikrotik.com/routeros/$LATEST_VERSION/mikrotik-$LATEST_VERSION$ARCH.iso
+
+
+    - name: Patch mikrotik-${{ env.LATEST_VERSION }}${{ env.ARCH }}.iso
+      if: steps.get_latest.outputs.has_new_version == 'true'
+      run: |
+        sudo apt-get install -y mkisofs xorriso > /dev/null
+        sudo mkdir ./iso 
+        sudo mount -o loop,ro mikrotik.iso ./iso
+        sudo mkdir ./new_iso
+        sudo cp -r ./iso/* ./new_iso/
+        sudo rsync -a ./iso/ ./new_iso/
+        sudo umount ./iso
+        sudo rm -rf ./iso
+        sudo mv ./new_iso/routeros-$LATEST_VERSION$ARCH.npk ./
+        sudo -E python3 patch.py npk routeros-$LATEST_VERSION$ARCH.npk
+        NPK_FILES=$(find ./new_iso/*.npk)
+        for file in $NPK_FILES; do
+            sudo -E python3 npk.py sign $file $file
+        done
+        sudo cp -f routeros-$LATEST_VERSION$ARCH.npk ./new_iso/
+        sudo -E python3 npk.py create ./new_iso/gps-$LATEST_VERSION$ARCH.npk ./option-$LATEST_VERSION$ARCH.npk option ./option.sfs -desc="busybox"
+        sudo cp option-$LATEST_VERSION$ARCH.npk ./new_iso/
+        sudo -E python3 npk.py create ./new_iso/gps-$LATEST_VERSION$ARCH.npk ./python3-$LATEST_VERSION$ARCH.npk python3 ./python3.sfs -desc="python 3.11.9"
+        sudo cp python3-$LATEST_VERSION$ARCH.npk ./new_iso/
+        sudo mkdir ./efiboot
+        sudo mount -o loop ./new_iso/efiboot.img ./efiboot
+        if [ "${{ matrix.arch }}" == "x86" ]; then
+          sudo -E python3 patch.py kernel ./efiboot/linux.x86_64
+          sudo cp ./efiboot/linux.x86_64 ./BOOTX64.EFI
+          sudo cp ./BOOTX64.EFI ./new_iso/isolinux/linux
+          sudo umount ./efiboot
+          sudo mkisofs -o mikrotik-$LATEST_VERSION$ARCH.iso \
+                      -V "MikroTik $LATEST_VERSION ${{ matrix.arch }}" \
+                      -sysid "" -preparer "MiKroTiK" \
+                      -publisher "" -A "MiKroTiK RouterOS" \
+                      -input-charset utf-8 \
+                      -b isolinux/isolinux.bin \
+                      -c isolinux/boot.cat \
+                      -no-emul-boot \
+                      -boot-load-size 4 \
+                      -boot-info-table \
+                      -eltorito-alt-boot \
+                      -e efiboot.img \
+                      -no-emul-boot \
+                      -R -J \
+                      ./new_iso
+        elif [ "${{ matrix.arch }}" == "arm64" ]; then
+          sudo -E python3 patch.py kernel ./efiboot/EFI/BOOT/BOOTAA64.EFI
+          sudo umount ./efiboot
+          sudo xorriso -as mkisofs -o mikrotik-$LATEST_VERSION$ARCH.iso \
+                      -V "MikroTik $LATEST_VERSION ${{ matrix.arch }}" \
+                      -sysid "" -preparer "MiKroTiK" \
+                      -publisher "" -A "MiKroTiK RouterOS" \
+                      -input-charset utf-8 \
+                      -b efiboot.img \
+                      -no-emul-boot \
+                      -R -J \
+                      ./new_iso
+        fi
+        sudo rm -rf ./efiboot
+        sudo mkdir ./all_packages
+        sudo cp ./new_iso/*.npk ./all_packages/
+        sudo rm -rf ./new_iso
+        cd ./all_packages
+        sudo zip ../all_packages-${{ matrix.arch }}-$LATEST_VERSION.zip *.npk
+        cd ..
+        
+
+    - name: Cache chr-${{ env.LATEST_VERSION }}${{ env.ARCH }}.img.zip
+      if: steps.get_latest.outputs.has_new_version == 'true' 
+      id: cache-chr-img
+      uses: actions/cache@v4
+      with:
+        path: |
+          chr.img
+        key: chr-${{ env.LATEST_VERSION }}-${{ matrix.arch }}.img
+
+    - name: Get chr-${{ env.LATEST_VERSION }}${{ env.ARCH }}.img
+      if: steps.get_latest.outputs.has_new_version == 'true' && steps.cache-chr-img.outputs.cache-hit != 'true'
+      run: |
+          sudo wget -nv -O chr.img.zip https://download.mikrotik.com/routeros/$LATEST_VERSION/chr-$LATEST_VERSION$ARCH.img.zip
+          sudo unzip chr.img.zip
+          sudo rm chr.img.zip
+          sudo mv chr-$LATEST_VERSION$ARCH.img chr.img
+
+    - name: Create chr-${{ env.LATEST_VERSION }}${{ env.ARCH }}.img
+      if: steps.get_latest.outputs.has_new_version == 'true'
+      run: |
+        sudo modprobe nbd
+        sudo apt-get install -y qemu-utils > /dev/null
+        truncate --size 128M chr-$LATEST_VERSION$ARCH.img
+        sgdisk --clear --set-alignment=2 \
+            --new=1::+32M --typecode=1:8300 --change-name=1:"RouterOS Boot" --attributes=1:set:2 \
+            --new=2::-0 --typecode=2:8300 --change-name=2:"RouterOS" \
+            --gpttombr=1:2 \
+            chr-$LATEST_VERSION$ARCH.img
+        dd if=chr.img of=mbr.bin bs=1 count=446 skip=0
+        dd if=chr-$LATEST_VERSION$ARCH.img of=pt.bin bs=1 count=66 skip=446
+        echo -e "\x80" | dd of=pt.bin  bs=1 count=1  conv=notrunc
+        sgdisk --mbrtogpt --clear --set-alignment=2 \
+            --new=1::+32M --typecode=1:8300 --change-name=1:"RouterOS Boot" --attributes=1:set:2 \
+            --new=2::-0 --typecode=2:8300 --change-name=2:"RouterOS" \
+            chr-$LATEST_VERSION$ARCH.img
+        dd if=mbr.bin of=chr-$LATEST_VERSION$ARCH.img  bs=1 count=446 conv=notrunc
+        dd if=pt.bin of=chr-$LATEST_VERSION$ARCH.img  bs=1 count=66 seek=446 conv=notrunc
+        sudo qemu-nbd -c /dev/nbd0 -f raw chr-$LATEST_VERSION$ARCH.img
+        sudo mkfs.vfat -n "Boot" /dev/nbd0p1
+        sudo mkfs.ext4 -F -L "RouterOS"  -m 0 /dev/nbd0p2
+        sudo mkdir -p ./img/{boot,routeros}
+        sudo mount /dev/nbd0p1 ./img/boot/
+        if [ "${{ matrix.arch }}" == "x86" ]; then
+          sudo cp chr.img chr-$LATEST_VERSION$ARCH-legacy-bios.img 
+          sudo qemu-nbd -c /dev/nbd1 -f raw chr-$LATEST_VERSION$ARCH-legacy-bios.img
+          sudo -E python3 patch.py block /dev/nbd1p1 EFI/BOOT/BOOTX64.EFI
+          sudo mkdir -p ./chr/{boot,routeros}
+          sudo mount /dev/nbd1p1 ./chr/boot/
+          sudo mkdir -p  ./img/boot/EFI/BOOT
+          sudo cp ./chr/boot/EFI/BOOT/BOOTX64.EFI ./img/boot/EFI/BOOT/BOOTX64.EFI
+          sudo umount /dev/nbd1p1
+          sudo shred -v -n 1 -z /dev/nbd1p2 
+          sudo mkfs.ext4 -F -L "RouterOS"  -m 0 /dev/nbd1p2
+          sudo mount /dev/nbd1p2 ./chr/routeros/
+          sudo mkdir -p ./chr/routeros/{var/pdb/{system,option},boot,rw}
+          sudo cp ./all_packages/option-$LATEST_VERSION$ARCH.npk ./chr/routeros/var/pdb/option/image
+          sudo cp ./all_packages/routeros-$LATEST_VERSION$ARCH.npk ./chr/routeros/var/pdb/system/image
+          sudo umount /dev/nbd1p2
+          sudo qemu-nbd -d /dev/nbd1
+          sudo rm -rf ./chr
+
+          sudo qemu-img convert -f raw -O qcow2 chr-$LATEST_VERSION$ARCH-legacy-bios.img chr-$LATEST_VERSION$ARCH-legacy-bios.qcow2
+          sudo qemu-img convert -f raw -O vmdk chr-$LATEST_VERSION$ARCH-legacy-bios.img chr-$LATEST_VERSION$ARCH-legacy-bios.vmdk
+          sudo qemu-img convert -f raw -O vpc chr-$LATEST_VERSION$ARCH-legacy-bios.img chr-$LATEST_VERSION$ARCH-legacy-bios.vhd
+          sudo qemu-img convert -f raw -O vhdx chr-$LATEST_VERSION$ARCH-legacy-bios.img chr-$LATEST_VERSION$ARCH-legacy-bios.vhdx
+          sudo qemu-img convert -f raw -O vdi chr-$LATEST_VERSION$ARCH-legacy-bios.img chr-$LATEST_VERSION$ARCH-legacy-bios.vdi
+
+          sudo zip chr-$LATEST_VERSION$ARCH-legacy-bios.qcow2.zip chr-$LATEST_VERSION$ARCH-legacy-bios.qcow2
+          sudo zip chr-$LATEST_VERSION$ARCH-legacy-bios.vmdk.zip chr-$LATEST_VERSION$ARCH-legacy-bios.vmdk
+          sudo zip chr-$LATEST_VERSION$ARCH-legacy-bios.vhd.zip chr-$LATEST_VERSION$ARCH-legacy-bios.vhd
+          sudo zip chr-$LATEST_VERSION$ARCH-legacy-bios.vhdx.zip chr-$LATEST_VERSION$ARCH-legacy-bios.vhdx
+          sudo zip chr-$LATEST_VERSION$ARCH-legacy-bios.vdi.zip chr-$LATEST_VERSION$ARCH-legacy-bios.vdi
+          sudo zip chr-$LATEST_VERSION$ARCH-legacy-bios.img.zip chr-$LATEST_VERSION$ARCH-legacy-bios.img
+
+          sudo rm chr-$LATEST_VERSION$ARCH-legacy-bios.qcow2
+          sudo rm chr-$LATEST_VERSION$ARCH-legacy-bios.vmdk
+          sudo rm chr-$LATEST_VERSION$ARCH-legacy-bios.vhd
+          sudo rm chr-$LATEST_VERSION$ARCH-legacy-bios.vhdx
+          sudo rm chr-$LATEST_VERSION$ARCH-legacy-bios.vdi
+          sudo rm chr-$LATEST_VERSION$ARCH-legacy-bios.img
+
+        elif [ "${{ matrix.arch }}" == "arm64" ]; then
+          sudo qemu-nbd -c /dev/nbd1 -f raw chr.img
+          sudo mkdir -p ./chr/boot
+          sudo mount /dev/nbd1p1 ./chr/boot/
+          sudo -E python3 patch.py kernel ./chr/boot/EFI/BOOT/BOOTAA64.EFI -O ./BOOTAA64.EFI 
+          sudo mkdir -p  ./img/boot/EFI/BOOT
+          sudo cp ./BOOTAA64.EFI ./img/boot/EFI/BOOT/BOOTAA64.EFI
+          sudo umount /dev/nbd1p1
+          sudo rm -rf ./chr
+          sudo qemu-nbd -d /dev/nbd1
+        fi
+        sudo umount /dev/nbd0p1
+        sudo mount  /dev/nbd0p2 ./img/routeros/
+        sudo mkdir -p ./img/routeros/{var/pdb/{system,option},boot,rw}
+        sudo cp ./all_packages/option-$LATEST_VERSION$ARCH.npk ./img/routeros/var/pdb/option/image
+        sudo cp ./all_packages/routeros-$LATEST_VERSION$ARCH.npk ./img/routeros/var/pdb/system/image
+        sudo umount /dev/nbd0p2
+        sudo rm -rf ./img
+        sudo qemu-nbd -d /dev/nbd0
+
+        sudo qemu-img convert -f raw -O qcow2 chr-$LATEST_VERSION$ARCH.img chr-$LATEST_VERSION$ARCH.qcow2
+        sudo qemu-img convert -f raw -O vmdk chr-$LATEST_VERSION$ARCH.img chr-$LATEST_VERSION$ARCH.vmdk
+        sudo qemu-img convert -f raw -O vpc chr-$LATEST_VERSION$ARCH.img chr-$LATEST_VERSION$ARCH.vhd
+        sudo qemu-img convert -f raw -O vhdx chr-$LATEST_VERSION$ARCH.img chr-$LATEST_VERSION$ARCH.vhdx
+        sudo qemu-img convert -f raw -O vdi chr-$LATEST_VERSION$ARCH.img chr-$LATEST_VERSION$ARCH.vdi
+
+        sudo zip chr-$LATEST_VERSION$ARCH.qcow2.zip chr-$LATEST_VERSION$ARCH.qcow2
+        sudo zip chr-$LATEST_VERSION$ARCH.vmdk.zip chr-$LATEST_VERSION$ARCH.vmdk
+        sudo zip chr-$LATEST_VERSION$ARCH.vhd.zip chr-$LATEST_VERSION$ARCH.vhd
+        sudo zip chr-$LATEST_VERSION$ARCH.vhdx.zip chr-$LATEST_VERSION$ARCH.vhdx
+        sudo zip chr-$LATEST_VERSION$ARCH.vdi.zip chr-$LATEST_VERSION$ARCH.vdi
+        sudo zip chr-$LATEST_VERSION$ARCH.img.zip chr-$LATEST_VERSION$ARCH.img
+
+        sudo rm chr-$LATEST_VERSION$ARCH.qcow2
+        sudo rm chr-$LATEST_VERSION$ARCH.vmdk
+        sudo rm chr-$LATEST_VERSION$ARCH.vhd
+        sudo rm chr-$LATEST_VERSION$ARCH.vhdx
+        sudo rm chr-$LATEST_VERSION$ARCH.vdi
+        sudo rm chr-$LATEST_VERSION$ARCH.img
+