WIP: Come on ci, do something

.github/workflows/ci.yml

@@ -497,4 +497,4 @@ jobs:
 
       - name: Reproduce the same container image
         run: |
-          ./dev_scripts/reproduce.py --source podman://dangerzone.rocks/dangerzone:$(cat share/image-id.txt)
+          ./dev_scripts/reproduce-image.py

dev_scripts/reproduce-image.py

@@ -16,6 +16,7 @@ DIFFOCI_CHECKSUM = "01d25fe690196945a6bd510d30559338aa489c034d3a1b895a0d82a4b860
 DIFFOCI_PATH = (
     pathlib.Path.home() / ".local" / "share" / "dangerzone-dev" / "helpers" / "diffoci"
 )
+IMAGE_NAME = "dangerzone.rocks/dangerzone"
 
 
 def run(*args):
@@ -32,6 +33,10 @@ def git_commit_get():
     return run("git", "rev-parse", "--short", "HEAD").decode().strip()
 
 
+def git_determine_tag():
+    return run("git", "describe", "--long", "--first-parent").decode().strip()
+
+
 def git_verify(commit, source):
     if not commit in source:
         raise RuntimeError(
@@ -108,6 +113,11 @@ def build_image(tag, use_cache=False):
 
 
 def parse_args():
+    image_tag = git_determine_tag()
+    # TODO: Remove the local "podman://" prefix once we have started pushing images to a
+    # remote.
+    default_image_name = "podman://" + IMAGE_NAME + ":" + image_tag
+
     parser = argparse.ArgumentParser(
         prog=sys.argv[0],
         description="Dev script for verifying container image reproducibility",
@@ -115,7 +125,12 @@ def parse_args():
     parser.add_argument(
         "--source",
         required=True,
-        help="The source image name that you want to reproduce (in diffoci format)",
+        default=default_image_name,
+        help=(
+            "The name of the image that you want to reproduce. If the image resides in"
+            " the local Docker / Podman engine, you can prefix it with podman:// or"
+            f" docker:// accordingly (default: {default_image_name})"
+        ),
     )
     parser.add_argument(
         "--use-cache",

docs/developer/reproducibility.md

@@ -45,15 +45,23 @@ trigger a CI error.
 
 ### Reproducing the image
 
-For a simple way to reproduce a Dangerzone container image, either local or
-pushed to a container registry, you can checkout the commit this image was built
-from (you can find it from the image tag in its `g<commit>` portion), and run
-the following command in a Linux environment:
+For a simple way to reproduce a Dangerzone container image, you can checkout the
+commit this image was built from (you can find it from the image tag in its
+`g<commit>` portion), and run the following command in a Linux environment:
 
 ```
-./dev_scripts/reproduce.py <image>
+./dev_scripts/reproduce-image.py --source <image>
 ```
 
 This command will download the `diffoci` helper, build a container image from
 the current Git commit, and ensure that the built image matches the source one,
 with the exception of image names and file timestamps.
+
+> [!TIP]
+> If the source image is not pushed to a registry, and is local instead, you
+> can prefix it with `docker://` or `podman://` accordingly, so that `diffoci`
+> can load it from the local Docker / Podman container engine. For example:
+>
+> ```
+> ./dev_scripts/reproduce.py --source podman://dangerzone.rocks/dangerzone:0.8.0-125-g725ce3b
+> ```