From 5f94e3822b7d6bc73412dfc6e93a0a0be479296f Mon Sep 17 00:00:00 2001
From: Fanju <98313711+Fanju6@users.noreply.github.com>
Date: Fri, 27 Feb 2026 15:50:40 +0800
Subject: [PATCH 1/5] Update workflow triggers for syncing to KernelSU repo

---
 .github/workflows/Sync to KernelSU Repo | 65 +++++++++++++++++++++++++
 1 file changed, 65 insertions(+)
 create mode 100644 .github/workflows/Sync to KernelSU Repo

diff --git a/.github/workflows/Sync to KernelSU Repo b/.github/workflows/Sync to KernelSU Repo
new file mode 100644
index 0000000..e2ebc93
--- /dev/null
+++ b/.github/workflows/Sync to KernelSU Repo	
@@ -0,0 +1,65 @@
+name: Sync to KernelSU Repo
+
+# 触发条件
+on:
+  push:
+    branches:
+      - main
+  release:
+    types: [published]
+  workflow_dispatch:
+
+jobs:
+  sync:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Source Code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0 # 获取所有历史记录和分支
+
+      - name: Sync Source Code and Tags
+        # 将代码和标签推送到下游仓库
+        env:
+          # 使用带有目标仓库写入权限的 PAT 进行鉴权
+          DEST_REPO: "https://${{ secrets.SYNC_PAT }}@github.com/KernelSU-Modules-Repo/netproxy.git"
+        run: |
+          git remote add downstream "$DEST_REPO"
+          
+          # 强制推送所有分支和标签
+          git push downstream --all --force
+          git push downstream --tags --force
+          
+          echo "源代码与标签同步完成！"
+
+      - name: Sync Latest Release
+        # 仅在发布新 Release 或手动触发时运行此步骤
+        if: github.event_name == 'release' || github.event_name == 'workflow_dispatch'
+        env:
+          GH_TOKEN: ${{ secrets.SYNC_PAT }}
+          UPSTREAM_REPO: ${{ github.repository }} # 当前仓库 (Fanju6/NetProxy-Magisk)
+          DEST_REPO: "KernelSU-Modules-Repo/netproxy" # 目标仓库
+        run: |
+          # 1. 获取主仓库最新 Release 的标签名
+          LATEST_TAG=$(gh release view --repo $UPSTREAM_REPO --json tagName -q .tagName)
+          echo "主仓库最新 Release 标签: $LATEST_TAG"
+          
+          # 2. 检查下游仓库是否已经存在该 Release
+          if gh release view $LATEST_TAG --repo $DEST_REPO &>/dev/null; then
+            echo "下游仓库已存在 Release $LATEST_TAG，无需重复同步。"
+          else
+            echo "下游仓库缺失 Release $LATEST_TAG，开始同步..."
+            
+            # 3. 创建临时目录并下载主仓库的所有附件
+            mkdir -p release_assets
+            gh release download $LATEST_TAG --repo $UPSTREAM_REPO --dir release_assets
+            
+            # 4. 获取主仓库 Release 的标题和更新日志
+            TITLE=$(gh release view $LATEST_TAG --repo $UPSTREAM_REPO --json name -q .name)
+            NOTES=$(gh release view $LATEST_TAG --repo $UPSTREAM_REPO --json body -q .body)
+            
+            # 5. 在下游仓库创建相同的 Release 并上传附件
+            gh release create $LATEST_TAG ./release_assets/* --repo $DEST_REPO --title "$TITLE" --notes "$NOTES"
+            
+            echo "Release $LATEST_TAG 同步成功！"
+          fi

From 6844bc8db6e6416750ee8430129ecd9c011c063c Mon Sep 17 00:00:00 2001
From: Fanju <98313711+Fanju6@users.noreply.github.com>
Date: Fri, 27 Feb 2026 15:52:24 +0800
Subject: [PATCH 2/5] Add GitHub Actions workflow for syncing to KernelSU repo

---
 .../{Sync to KernelSU Repo => Sync to KernelSU Repo.yml}          | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename .github/workflows/{Sync to KernelSU Repo => Sync to KernelSU Repo.yml} (100%)

diff --git a/.github/workflows/Sync to KernelSU Repo b/.github/workflows/Sync to KernelSU Repo.yml
similarity index 100%
rename from .github/workflows/Sync to KernelSU Repo
rename to .github/workflows/Sync to KernelSU Repo.yml

From c96cd275ab2d1da77d141f536e3e97ca548abc7c Mon Sep 17 00:00:00 2001
From: Fanju <98313711+Fanju6@users.noreply.github.com>
Date: Fri, 27 Feb 2026 15:56:20 +0800
Subject: [PATCH 3/5] Refine GitHub Actions workflow for syncing repo

Updated GitHub Actions workflow to prevent credential takeover and modified destination repository URL format.
---
 .github/workflows/Sync to KernelSU Repo.yml | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/Sync to KernelSU Repo.yml b/.github/workflows/Sync to KernelSU Repo.yml
index e2ebc93..eecb144 100644
--- a/.github/workflows/Sync to KernelSU Repo.yml	
+++ b/.github/workflows/Sync to KernelSU Repo.yml	
@@ -16,17 +16,17 @@ jobs:
       - name: Checkout Source Code
         uses: actions/checkout@v4
         with:
-          fetch-depth: 0 # 获取所有历史记录和分支
+          fetch-depth: 0 
+          # 关键修复：禁止 checkout 插件接管 Git 凭据
+          persist-credentials: false 
 
       - name: Sync Source Code and Tags
-        # 将代码和标签推送到下游仓库
         env:
-          # 使用带有目标仓库写入权限的 PAT 进行鉴权
-          DEST_REPO: "https://${{ secrets.SYNC_PAT }}@github.com/KernelSU-Modules-Repo/netproxy.git"
+          DEST_REPO: "https://x-access-token:${{ secrets.SYNC_PAT }}@github.com/KernelSU-Modules-Repo/netproxy.git"
         run: |
+          # 后续代码保持不变
           git remote add downstream "$DEST_REPO"
           
-          # 强制推送所有分支和标签
           git push downstream --all --force
           git push downstream --tags --force
           

From f4e41b7d3e34b3306dc8434f6e9fa6492cae498e Mon Sep 17 00:00:00 2001
From: Fanju <98313711+Fanju6@users.noreply.github.com>
Date: Fri, 27 Feb 2026 16:01:24 +0800
Subject: [PATCH 4/5] Modify sync workflow to handle protected tags

Update tag synchronization to skip protected tags.
---
 .github/workflows/Sync to KernelSU Repo.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/Sync to KernelSU Repo.yml b/.github/workflows/Sync to KernelSU Repo.yml
index eecb144..3ce3cb1 100644
--- a/.github/workflows/Sync to KernelSU Repo.yml	
+++ b/.github/workflows/Sync to KernelSU Repo.yml	
@@ -24,13 +24,13 @@ jobs:
         env:
           DEST_REPO: "https://x-access-token:${{ secrets.SYNC_PAT }}@github.com/KernelSU-Modules-Repo/netproxy.git"
         run: |
-          # 后续代码保持不变
           git remote add downstream "$DEST_REPO"
           
           git push downstream --all --force
-          git push downstream --tags --force
           
-          echo "源代码与标签同步完成！"
+          git push downstream --tags || true
+          
+          echo "源代码推送完成！已跳过受保护的标签。"
 
       - name: Sync Latest Release
         # 仅在发布新 Release 或手动触发时运行此步骤

From 7a8632faafde15594c418772463d0ce9a5aebe1a Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 27 Feb 2026 09:20:02 +0000
Subject: [PATCH 5/5] ci(deps): bump actions/checkout from 4 to 6

Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 6.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v4...v6)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/Sync to KernelSU Repo.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/Sync to KernelSU Repo.yml b/.github/workflows/Sync to KernelSU Repo.yml
index 3ce3cb1..35df733 100644
--- a/.github/workflows/Sync to KernelSU Repo.yml	
+++ b/.github/workflows/Sync to KernelSU Repo.yml	
@@ -14,7 +14,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout Source Code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
         with:
           fetch-depth: 0 
           # 关键修复：禁止 checkout 插件接管 Git 凭据