Add poetry as CI container build dependency

Due to the new build-image.py, which now uses `poetry export` we need to explicitly install poetry in the CI before building the container image.
2025-04-28 18:02:38 +02:00 · 2023-12-19 17:52:30 +00:00 · 2023-12-19 17:52:30 +00:00 · 773fcfa75b
commit 773fcfa75b
parent 80db7bb02e
4 changed files with 26 additions and 13 deletions
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@ -95,23 +95,27 @@ jobs:
          command: ./dev_scripts/qa.py --check-refs

  build-container-image:
-    working_directory: /app
-    docker:
-      - image: docker:dind
+    machine:
+      image: ubuntu-2004:202111-01
    steps:
      - checkout
+      - run: *install-podman
+      - run:
+          name: Prepare cache directory
+          command: |
+            sudo mkdir -p /caches
+            sudo chown -R $USER:$USER /caches
      - run: *calculate-cache-key
      - restore_cache: *restore-cache
-      - setup_remote_docker
+      # setup_remote_docker
      - run:
          name: Build Dangerzone image
          command: |
            if [ -f "/caches/container.tar.gz" ]; then
              echo "Already cached, skipping"
            else
-              docker build dangerzone/ -f Dockerfile \
-              --cache-from=dangerzone.rocks/dangerzone \
-              --tag dangerzone.rocks/dangerzone
+              sudo pip3 install poetry
+              python3 ./install/common/build-image.py
            fi
      - run:
          name: Save Dangerzone image and image-id.txt to cache
@ -120,9 +124,9 @@ jobs:
              echo "Already cached, skipping"
            else
              mkdir -p /caches
-              docker save -o /caches/container.tar dangerzone.rocks/dangerzone
+              podman save -o /caches/container.tar dangerzone.rocks/dangerzone
              gzip -f /caches/container.tar
-              docker image ls dangerzone.rocks/dangerzone | grep "dangerzone.rocks/dangerzone" | tr -s ' ' | cut -d' ' -f3 > /caches/image-id.txt
+              podman image ls dangerzone.rocks/dangerzone | grep "dangerzone.rocks/dangerzone" | tr -s ' ' | cut -d' ' -f3 > /caches/image-id.txt
            fi
      - run: *calculate-cache-key
      - save_cache:
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@ -62,6 +62,9 @@ jobs:
              --version ${{ env.version }} \
              build-dev

+      - name: Install container build dependencies
+        run: sudo apt install pipx && pipx install poetry
+
      - name: Build Dangerzone image
        run: python3 ./install/common/build-image.py

--- a/.github/workflows/scan.yml
+++ b/.github/workflows/scan.yml
@ -12,8 +12,10 @@ jobs:
    steps:
      - name: Checkout
        uses: actions/checkout@v3
+      - name: Install container build dependencies
+        run: sudo apt install pipx && pipx install poetry
      - name: Build container image
-        run: docker build dangerzone/ -f Dockerfile --tag dangerzone.rocks/dangerzone:latest
+        run: python3 ./install/common/build-image.py
      # NOTE: Scan first without failing, else we won't be able to read the scan
      # report.
      - name: Scan container image (no fail)
--- a/install/common/build-image.py
+++ b/install/common/build-image.py
@ -72,9 +72,13 @@ def main():


 def export_container_pip_dependencies():
-    container_requirements_txt = subprocess.check_output(
-        ["poetry", "export", "--only", "container"], universal_newlines=True
-    )
+    try:
+        container_requirements_txt = subprocess.check_output(
+            ["poetry", "export", "--only", "container"], universal_newlines=True
+        )
+    except subprocess.CalledProcessError as e:
+        print("FAILURE", e.returncode, e.output)
+    print(f"REQUIREMENTS: {container_requirements_txt}")
    # XXX Export container dependencies and exclude pymupdfb since it is not needed in container
    req_txt_pymupdfb_stripped = container_requirements_txt.split("pymupdfb")[0]
    with open(Path(BUILD_CONTEXT) / REQUIREMENTS_TXT, "w") as f: