almet/dangerzone
1
0
Fork 0
mirror of https://github.com/freedomofpress/dangerzone.git synced 2025-04-28 18:02:38 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 11

Build and tag Dangerzone images

Browse source 
Build Dangerzone images and tag them with a unique ID that stems from
the Git reop. Note that using tags as image IDs instead of regular image
IDs breaks the current Dangerzone expectations, but this will be
addressed in subsequent commits.
This commit is contained in:
Alex Pyrgiotis 2024-12-02 16:51:26 +02:00
parent 20152fac13
commit 6a5e76f2b4
No known key found for this signature in database
GPG key ID: B6C15EBA0357C9AA
4 changed files with 36 additions and 20 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.github/workflows/build.yml vendored
View file

@ -74,6 +74,8 @@ jobs:
runs-on: ubuntu-24.04 runs-on: ubuntu-24.04
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Get current date - name: Get current date
id: date id: date

2
.github/workflows/ci.yml vendored
View file

@ -48,6 +48,8 @@ jobs:
runs-on: ubuntu-24.04 runs-on: ubuntu-24.04
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Get current date - name: Get current date
id: date id: date

2
.github/workflows/scan.yml vendored
View file

@ -14,6 +14,8 @@ jobs:
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Install container build dependencies - name: Install container build dependencies
run: sudo apt install pipx && pipx install poetry run: sudo apt install pipx && pipx install poetry
- name: Build container image - name: Build container image

48
install/common/build-image.py
View file

@ -2,12 +2,13 @@ import argparse
import gzip import gzip
import os import os
import platform import platform
import secrets
import subprocess import subprocess
import sys import sys
from pathlib import Path from pathlib import Path
BUILD_CONTEXT = "dangerzone/" BUILD_CONTEXT = "dangerzone/"
TAG = "dangerzone.rocks/dangerzone:latest" IMAGE_NAME = "dangerzone.rocks/dangerzone"
REQUIREMENTS_TXT = "container-pip-requirements.txt" REQUIREMENTS_TXT = "container-pip-requirements.txt"
if platform.system() in ["Darwin", "Windows"]: if platform.system() in ["Darwin", "Windows"]:
CONTAINER_RUNTIME = "docker" CONTAINER_RUNTIME = "docker"
@ -44,8 +45,31 @@ def main():
) )
args = parser.parse_args() args = parser.parse_args()
tarball_path = Path("share") / "container.tar.gz"
image_id_path = Path("share") / "image-id.txt"
print(f"Building for architecture '{ARCH}'") print(f"Building for architecture '{ARCH}'")
# Designate a unique tag for this image, depending on the Git commit it was created
# from:
# 1. If created from a Git tag (e.g., 0.8.0), the image tag will be `0.8.0`.
# 2. If created from a commit, it will be something like `0.8.0-31-g6bdaa7a`.
# 3. If the contents of the Git repo are dirty, we will append a unique identifier
# for this run, something like `0.8.0-31-g6bdaa7a-fdcb` or `0.8.0-fdcb`.
dirty_ident = secrets.token_hex(2)
tag = (
subprocess.check_output(
["git", "describe", "--first-parent", f"--dirty=-{dirty_ident}"],
)
.decode()
.strip()[1:] # remove the "v" prefix of the tag.
)
image_name_tagged = IMAGE_NAME + ":" + tag
print(f"Will tag the container image as '{image_name_tagged}'")
with open(image_id_path, "w") as f:
f.write(tag)
print("Exporting container pip dependencies") print("Exporting container pip dependencies")
with ContainerPipDependencies(): with ContainerPipDependencies():
if not args.use_cache: if not args.use_cache:
@ -59,6 +83,7 @@ def main():
check=True, check=True,
) )
# Build the container image, and tag it with the calculated tag
print("Building container image") print("Building container image")
cache_args = [] if args.use_cache else ["--no-cache"] cache_args = [] if args.use_cache else ["--no-cache"]
subprocess.run( subprocess.run(
@ -74,7 +99,7 @@ def main():
"-f", "-f",
"Dockerfile", "Dockerfile",
"--tag", "--tag",
TAG, image_name_tagged,
], ],
check=True, check=True,
) )
@ -85,7 +110,7 @@ def main():
[ [
CONTAINER_RUNTIME, CONTAINER_RUNTIME,
"save", "save",
TAG, image_name_tagged,
], ],
stdout=subprocess.PIPE, stdout=subprocess.PIPE,
) )
@ -93,7 +118,7 @@ def main():
print("Compressing container image") print("Compressing container image")
chunk_size = 4 << 20 chunk_size = 4 << 20
with gzip.open( with gzip.open(
"share/container.tar.gz", tarball_path,
"wb", "wb",
compresslevel=args.compress_level, compresslevel=args.compress_level,
) as gzip_f: ) as gzip_f:
@ -105,21 +130,6 @@ def main():
break break
cmd.wait(5) cmd.wait(5)
print("Looking up the image id")
image_id = subprocess.check_output(
[
args.runtime,
"image",
"list",
"--format",
"{{.ID}}",
TAG,
],
text=True,
)
with open("share/image-id.txt", "w") as f:
f.write(image_id)
class ContainerPipDependencies: class ContainerPipDependencies:
"""Generates PIP dependencies within container""" """Generates PIP dependencies within container"""