diff --git a/.circleci/config.yml b/.circleci/config.yml index 911612a..c10be97 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -95,23 +95,27 @@ jobs: command: ./dev_scripts/qa.py --check-refs build-container-image: - working_directory: /app - docker: - - image: docker:dind + machine: + image: ubuntu-2004:202111-01 steps: - checkout + - run: *install-podman + - run: + name: Prepare cache directory + command: | + sudo mkdir -p /caches + sudo chown -R $USER:$USER /caches - run: *calculate-cache-key - restore_cache: *restore-cache - - setup_remote_docker + # setup_remote_docker - run: name: Build Dangerzone image command: | if [ -f "/caches/container.tar.gz" ]; then echo "Already cached, skipping" else - docker build dangerzone/ -f Dockerfile \ - --cache-from=dangerzone.rocks/dangerzone \ - --tag dangerzone.rocks/dangerzone + sudo pip3 install poetry + python3 ./install/common/build-image.py fi - run: name: Save Dangerzone image and image-id.txt to cache @@ -120,9 +124,9 @@ jobs: echo "Already cached, skipping" else mkdir -p /caches - docker save -o /caches/container.tar dangerzone.rocks/dangerzone + podman save -o /caches/container.tar dangerzone.rocks/dangerzone gzip -f /caches/container.tar - docker image ls dangerzone.rocks/dangerzone | grep "dangerzone.rocks/dangerzone" | tr -s ' ' | cut -d' ' -f3 > /caches/image-id.txt + podman image ls dangerzone.rocks/dangerzone | grep "dangerzone.rocks/dangerzone" | tr -s ' ' | cut -d' ' -f3 > /caches/image-id.txt fi - run: *calculate-cache-key - save_cache: diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 966ae2b..2168099 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -62,6 +62,9 @@ jobs: --version ${{ env.version }} \ build-dev + - name: Install container build dependencies + run: sudo apt install pipx && pipx install poetry + - name: Build Dangerzone image run: python3 ./install/common/build-image.py diff --git a/.github/workflows/scan.yml b/.github/workflows/scan.yml index 2bb8a4c..7f5a87a 100644 --- a/.github/workflows/scan.yml +++ b/.github/workflows/scan.yml @@ -12,8 +12,10 @@ jobs: steps: - name: Checkout uses: actions/checkout@v3 + - name: Install container build dependencies + run: sudo apt install pipx && pipx install poetry - name: Build container image - run: docker build dangerzone/ -f Dockerfile --tag dangerzone.rocks/dangerzone:latest + run: python3 ./install/common/build-image.py # NOTE: Scan first without failing, else we won't be able to read the scan # report. - name: Scan container image (no fail) diff --git a/install/common/build-image.py b/install/common/build-image.py index 08fc01a..c4c8f14 100644 --- a/install/common/build-image.py +++ b/install/common/build-image.py @@ -72,9 +72,13 @@ def main(): def export_container_pip_dependencies(): - container_requirements_txt = subprocess.check_output( - ["poetry", "export", "--only", "container"], universal_newlines=True - ) + try: + container_requirements_txt = subprocess.check_output( + ["poetry", "export", "--only", "container"], universal_newlines=True + ) + except subprocess.CalledProcessError as e: + print("FAILURE", e.returncode, e.output) + print(f"REQUIREMENTS: {container_requirements_txt}") # XXX Export container dependencies and exclude pymupdfb since it is not needed in container req_txt_pymupdfb_stripped = container_requirements_txt.split("pymupdfb")[0] with open(Path(BUILD_CONTEXT) / REQUIREMENTS_TXT, "w") as f: