almet/dangerzone
1
0
Fork 0
mirror of https://github.com/freedomofpress/dangerzone.git synced 2025-05-17 18:51:50 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 7

WIP: Reproduce

Browse source
This commit is contained in:
Alex Pyrgiotis 2025-01-14 12:25:01 +02:00
parent d53c4d06b5
commit e02dbfdc79
No known key found for this signature in database
GPG key ID: B6C15EBA0357C9AA
3 changed files with 11 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
.github/workflows/ci.yml vendored
View file

@ -492,18 +492,9 @@ jobs:
poetry run jinja2 Dockerfile.in Dockerfile.env > out poetry run jinja2 Dockerfile.in Dockerfile.env > out
diff Dockerfile out diff Dockerfile out
- name: Get current date - name: Build Dangerzone container image
id: date run: |
run: echo "date=$(date +'%Y-%m-%d')" >> $GITHUB_OUTPUT python3 ./install/common/build-image.py --no-save
- name: Restore container cache
uses: actions/cache/restore@v4
with:
key: v3-${{ steps.date.outputs.date }}-${{ hashFiles('Dockerfile', 'dangerzone/conversion/*.py', 'dangerzone/container/*', 'install/common/build-image.py') }}
path: |-
share/container.tar.gz
share/image-id.txt
fail-on-cache-miss: true
- name: Reproduce the same container image - name: Reproduce the same container image
run: | run: |

10
.github/workflows/scan.yml vendored
View file

@ -21,13 +21,17 @@ jobs:
sudo apt install pipx sudo apt install pipx
pipx install poetry pipx install poetry
pipx inject poetry poetry-plugin-export pipx inject poetry poetry-plugin-export
poetry install --only package
- name: Bump date of Debian snapshot archive
run: |
date=$(date "+%Y%m%d")
sed -i "s/DEBIAN_ARCHIVE_DATE=[0-9]\+/DEBIAN_ARCHIVE_DATE=${date}/" Dockerfile.env
poetry run jinja2 Dockerfile.in Dockerfile.env > Dockerfile
- name: Build container image - name: Build container image
run: python3 ./install/common/build-image.py --runtime docker --no-save run: python3 ./install/common/build-image.py --runtime docker --no-save
- name: Get image tag - name: Get image tag
id: tag id: tag
run: | run: echo "tag=$(cat share/image-id.txt)" >> $GITHUB_OUTPUT
tag=$(docker images dangerzone.rocks/dangerzone --format '{{ .Tag }}')
echo "tag=$tag" >> $GITHUB_OUTPUT
# NOTE: Scan first without failing, else we won't be able to read the scan # NOTE: Scan first without failing, else we won't be able to read the scan
# report. # report.
- name: Scan container image (no fail) - name: Scan container image (no fail)

2
dev_scripts/reproduce.py
View file

@ -36,7 +36,7 @@ def git_commit_get():
def git_verify(commit, source): def git_verify(commit, source):
if not commit in source: if not commit in source:
raise RuntimeError( raise RuntimeError(
f"Image '{image}' does not seem to be built from commit '{commit}'" f"Image '{source}' does not seem to be built from commit '{commit}'"
) )