mirror of
https://github.com/freedomofpress/dangerzone.git
synced 2025-04-28 18:02:38 +02:00
3eac00b873
Now that our image tarball is not tagged as 'latest', we must first grab
the image tag first, and then refer to it. We can grab the tag either
from `share/image-id.txt` (if available) or with:
docker load dangerzone.rocks/dangerzone --format {{ .Tag }}
103 lines
3 KiB
YAML
103 lines
3 KiB
YAML
name: Build dev environments
|
|
on:
|
|
pull_request:
|
|
push:
|
|
branches:
|
|
- main
|
|
- "test/**"
|
|
schedule:
|
|
- cron: "0 0 * * *" # Run every day at 00:00 UTC.
|
|
|
|
permissions:
|
|
packages: write
|
|
|
|
env:
|
|
IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }}
|
|
REGISTRY_USER: ${{ github.actor }}
|
|
REGISTRY_PASSWORD: ${{ github.token }}
|
|
|
|
# Each day, build and publish to ghcr.io:
|
|
#
|
|
# - the dangerzone/dangerzone container image
|
|
# - the dangerzone/build/{debian,ubuntu,fedora}:version
|
|
# dev environments used to run the tests
|
|
#
|
|
# End-user environments are not published to the GHCR because
|
|
# they need .rpm or .deb files to be built, which is what we
|
|
# want to test.
|
|
|
|
jobs:
|
|
build-dev-environment:
|
|
name: "Build dev-env (${{ matrix.distro }}-${{ matrix.version }})"
|
|
runs-on: ubuntu-latest
|
|
strategy:
|
|
matrix:
|
|
include:
|
|
- distro: ubuntu
|
|
version: "20.04"
|
|
- distro: ubuntu
|
|
version: "22.04"
|
|
- distro: ubuntu
|
|
version: "24.04"
|
|
- distro: ubuntu
|
|
version: "24.10"
|
|
- distro: debian
|
|
version: bullseye
|
|
- distro: debian
|
|
version: bookworm
|
|
- distro: debian
|
|
version: trixie
|
|
- distro: fedora
|
|
version: "40"
|
|
- distro: fedora
|
|
version: "41"
|
|
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v4
|
|
|
|
- uses: actions/setup-python@v5
|
|
with:
|
|
python-version: "3.10"
|
|
|
|
- name: Login to GHCR
|
|
run: |
|
|
echo ${{ github.token }} | podman login ghcr.io -u USERNAME --password-stdin
|
|
|
|
- name: Build dev environment
|
|
run: |
|
|
./dev_scripts/env.py --distro ${{ matrix.distro }} \
|
|
--version ${{ matrix.version }} \
|
|
build-dev --sync
|
|
|
|
build-container-image:
|
|
runs-on: ubuntu-24.04
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
with:
|
|
fetch-depth: 0
|
|
|
|
- name: Get current date
|
|
id: date
|
|
run: echo "date=$(date +'%Y-%m-%d')" >> $GITHUB_OUTPUT
|
|
|
|
- name: Cache container image
|
|
id: cache-container-image
|
|
uses: actions/cache@v4
|
|
with:
|
|
key: v3-${{ steps.date.outputs.date }}-${{ hashFiles('Dockerfile', 'dangerzone/conversion/common.py', 'dangerzone/conversion/doc_to_pixels.py', 'dangerzone/conversion/pixels_to_pdf.py', 'poetry.lock', 'gvisor_wrapper/entrypoint.py') }}
|
|
path: |
|
|
share/container.tar.gz
|
|
share/image-id.txt
|
|
|
|
- name: Build and push Dangerzone image
|
|
if: ${{ steps.cache-container-image.outputs.cache-hit != 'true' }}
|
|
run: |
|
|
sudo apt-get install -y python3-poetry
|
|
python3 ./install/common/build-image.py
|
|
echo ${{ github.token }} | podman login ghcr.io -u USERNAME --password-stdin
|
|
gunzip -c share/container.tar.gz | podman load
|
|
tag=$(cat share/image-id.txt)
|
|
podman push \
|
|
dangerzone.rocks/dangerzone:$tag \
|
|
${{ env.IMAGE_REGISTRY }}/dangerzone/dangerzone:tag
|