# Test official instructions for installing Dangerzone # ==================================================== # # The installation instructions have been copied from our INSTALL.md file. # NOTE: When you change either place, please make sure to keep the two files in # sync. # NOTE: Because the commands run as root, the use of sudo is not necessary. name: Test official instructions for installing Dangerzone on: schedule: - cron: '0 0 * * *' # Run every day at 00:00 UTC. workflow_dispatch: jobs: install-from-apt-repo: name: "Install Dangerzone on ${{ matrix.distro}} ${{ matrix.version }}" runs-on: ubuntu-latest container: ${{ matrix.distro }}:${{ matrix.version }} strategy: matrix: include: - distro: ubuntu version: "24.10" # oracular - distro: ubuntu version: "24.04" # noble - distro: ubuntu version: "22.04" # jammy - distro: ubuntu version: "20.04" # focal - distro: debian version: "trixie" # 13 - distro: debian version: "12" # bookworm - distro: debian version: "11" # bullseye steps: - name: Add Podman repo for Ubuntu Focal if: matrix.distro == 'ubuntu' && matrix.version == 20.04 run: | apt-get update && apt-get -y install curl wget gnupg2 . /etc/os-release sh -c "echo 'deb http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_${VERSION_ID}/ /' \ > /etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list" wget -nv https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable/xUbuntu_${VERSION_ID}/Release.key -O- \ | apt-key add - apt update apt-get install python-all -y - name: Add GPG key for the packages.freedom.press run: | apt-get update && apt-get install -y gnupg2 ca-certificates dirmngr # NOTE: This is a command that's necessary only in containers gpg --keyserver hkps://keys.openpgp.org \ --no-default-keyring --keyring ./fpf-apt-tools-archive-keyring.gpg \ --recv-keys "DE28 AB24 1FA4 8260 FAC9 B8BA A7C9 B385 2260 4281" # Export the GPG key in armor mode because sequoia needs it this way # (sqv is used on debian trixie by default to check the keys) mkdir -p /etc/apt/keyrings/ gpg --no-default-keyring --keyring ./fpf-apt-tools-archive-keyring.gpg \ --armor --export "DE28 AB24 1FA4 8260 FAC9 B8BA A7C9 B385 2260 4281" \ > /etc/apt/keyrings/fpf-apt-tools-archive-keyring.gpg - name: Add packages.freedom.press to our APT sources run: | . /etc/os-release echo "deb [signed-by=/etc/apt/keyrings/fpf-apt-tools-archive-keyring.gpg] \ https://packages.freedom.press/apt-tools-prod ${VERSION_CODENAME?} main" \ | tee /etc/apt/sources.list.d/fpf-apt-tools.list - name: Install Dangerzone run: | apt update apt install -y dangerzone install-from-yum-repo: name: "Install Dangerzone on ${{ matrix.distro}} ${{ matrix.version }}" runs-on: ubuntu-latest container: ${{ matrix.distro }}:${{ matrix.version }} strategy: matrix: include: - distro: fedora version: 40 - distro: fedora version: 41 steps: - name: Add packages.freedom.press to our YUM sources run: | dnf install -y 'dnf-command(config-manager)' dnf-3 config-manager --add-repo=https://packages.freedom.press/yum-tools-prod/dangerzone/dangerzone.repo - name: Replace 'rawhide' string with Fedora version # The previous command has created a `dangerzone.repo` file. The # config-manager plugin should have substituted the $releasever variable # with the Fedora version number. However, for unreleased Fedora # versions, this gets translated to "rawhide", even though they do have # a number. To fix this, we need to substitute the "rawhide" string # witht the proper Fedora version. run: | source /etc/os-release sed -i "s/rawhide/${VERSION_ID}/g" /etc/yum.repos.d/dangerzone.repo - name: Install Dangerzone # FIXME: We add the `-y` flag here, in lieu of a better way to check the # Dangerzone signature. run: dnf install -y dangerzone