Add poetry as CI container build dependency

Due to the new build-image.py, which now uses `poetry export` we need to
explicitly install poetry in the CI before building the container image.

.circleci/config.yml

@@ -95,23 +95,27 @@ jobs:
           command: ./dev_scripts/qa.py --check-refs
 
   build-container-image:
-    working_directory: /app
+    machine:
-    docker:
+      image: ubuntu-2004:202111-01
-      - image: docker:dind
     steps:
       - checkout
+      - run: *install-podman
+      - run:
+          name: Prepare cache directory
+          command: |
+            sudo mkdir -p /caches
+            sudo chown -R $USER:$USER /caches
       - run: *calculate-cache-key
       - restore_cache: *restore-cache
-      - setup_remote_docker
+      # setup_remote_docker
       - run:
           name: Build Dangerzone image
           command: |
             if [ -f "/caches/container.tar.gz" ]; then
               echo "Already cached, skipping"
             else
-              docker build dangerzone/ -f Dockerfile \
+              sudo pip3 install poetry
-              --cache-from=dangerzone.rocks/dangerzone \
+              python3 ./install/common/build-image.py
-              --tag dangerzone.rocks/dangerzone
             fi
       - run:
           name: Save Dangerzone image and image-id.txt to cache
@@ -120,9 +124,9 @@ jobs:
               echo "Already cached, skipping"
             else
               mkdir -p /caches
-              docker save -o /caches/container.tar dangerzone.rocks/dangerzone
+              podman save -o /caches/container.tar dangerzone.rocks/dangerzone
               gzip -f /caches/container.tar
-              docker image ls dangerzone.rocks/dangerzone | grep "dangerzone.rocks/dangerzone" | tr -s ' ' | cut -d' ' -f3 > /caches/image-id.txt
+              podman image ls dangerzone.rocks/dangerzone | grep "dangerzone.rocks/dangerzone" | tr -s ' ' | cut -d' ' -f3 > /caches/image-id.txt
             fi
       - run: *calculate-cache-key
       - save_cache:

.github/workflows/ci.yml

@@ -62,6 +62,9 @@ jobs:
               --version ${{ env.version }} \
               build-dev
 
+      - name: Install container build dependencies
+        run: sudo apt install pipx && pipx install poetry
+
       - name: Build Dangerzone image
         run: python3 ./install/common/build-image.py
 

.github/workflows/scan.yml

@@ -12,8 +12,10 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v3
+      - name: Install container build dependencies
+        run: sudo apt install pipx && pipx install poetry
       - name: Build container image
-        run: docker build dangerzone/ -f Dockerfile --tag dangerzone.rocks/dangerzone:latest
+        run: python3 ./install/common/build-image.py
       # NOTE: Scan first without failing, else we won't be able to read the scan
       # report.
       - name: Scan container image (no fail)

install/common/build-image.py

@@ -72,9 +72,13 @@ def main():
 
 
 def export_container_pip_dependencies():
-    container_requirements_txt = subprocess.check_output(
+    try:
-        ["poetry", "export", "--only", "container"], universal_newlines=True
+        container_requirements_txt = subprocess.check_output(
-    )
+            ["poetry", "export", "--only", "container"], universal_newlines=True
+        )
+    except subprocess.CalledProcessError as e:
+        print("FAILURE", e.returncode, e.output)
+    print(f"REQUIREMENTS: {container_requirements_txt}")
     # XXX Export container dependencies and exclude pymupdfb since it is not needed in container
     req_txt_pymupdfb_stripped = container_requirements_txt.split("pymupdfb")[0]
     with open(Path(BUILD_CONTEXT) / REQUIREMENTS_TXT, "w") as f: