WIP: Reproduce

2025-05-17 10:41:49 +02:00 · 2025-01-14 12:25:01 +02:00 · 2025-01-14 12:25:01 +02:00 · e02dbfdc79
commit e02dbfdc79
parent d53c4d06b5
3 changed files with 11 additions and 16 deletions
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@ -492,18 +492,9 @@ jobs:
          poetry run jinja2 Dockerfile.in Dockerfile.env > out
          diff Dockerfile out

-      - name: Get current date
-        id: date
-        run: echo "date=$(date +'%Y-%m-%d')" >> $GITHUB_OUTPUT
-
-      - name: Restore container cache
-        uses: actions/cache/restore@v4
-        with:
-          key: v3-${{ steps.date.outputs.date }}-${{ hashFiles('Dockerfile', 'dangerzone/conversion/*.py', 'dangerzone/container/*', 'install/common/build-image.py') }}
-          path: |-
-            share/container.tar.gz
-            share/image-id.txt
-          fail-on-cache-miss: true
+      - name: Build Dangerzone container image
+        run: |
+          python3 ./install/common/build-image.py --no-save

      - name: Reproduce the same container image
        run: |
--- a/.github/workflows/scan.yml
+++ b/.github/workflows/scan.yml
@ -21,13 +21,17 @@ jobs:
          sudo apt install pipx
          pipx install poetry
          pipx inject poetry poetry-plugin-export
+          poetry install --only package
+      - name: Bump date of Debian snapshot archive
+        run: |
+          date=$(date "+%Y%m%d")
+          sed -i "s/DEBIAN_ARCHIVE_DATE=[0-9]\+/DEBIAN_ARCHIVE_DATE=${date}/" Dockerfile.env
+          poetry run jinja2 Dockerfile.in Dockerfile.env > Dockerfile
      - name: Build container image
        run: python3 ./install/common/build-image.py --runtime docker --no-save
      - name: Get image tag
        id: tag
-        run: |
-          tag=$(docker images dangerzone.rocks/dangerzone --format '{{ .Tag }}')
-          echo "tag=$tag" >> $GITHUB_OUTPUT
+        run: echo "tag=$(cat share/image-id.txt)" >> $GITHUB_OUTPUT
      # NOTE: Scan first without failing, else we won't be able to read the scan
      # report.
      - name: Scan container image (no fail)
--- a/dev_scripts/reproduce.py
+++ b/dev_scripts/reproduce.py
@ -36,7 +36,7 @@ def git_commit_get():
 def git_verify(commit, source):
    if not commit in source:
        raise RuntimeError(
-            f"Image '{image}' does not seem to be built from commit '{commit}'"
+            f"Image '{source}' does not seem to be built from commit '{commit}'"
        )