mirror of
https://github.com/freedomofpress/dangerzone.git
synced 2025-05-03 20:21:49 +02:00
6a5e76f2b4
Build Dangerzone images and tag them with a unique ID that stems from the Git reop. Note that using tags as image IDs instead of regular image IDs breaks the current Dangerzone expectations, but this will be addressed in subsequent commits.
102 lines
3 KiB
YAML
102 lines
3 KiB
YAML
name: Build dev environments
|
|
on:
|
|
pull_request:
|
|
push:
|
|
branches:
|
|
- main
|
|
- "test/**"
|
|
schedule:
|
|
- cron: "0 0 * * *" # Run every day at 00:00 UTC.
|
|
|
|
permissions:
|
|
packages: write
|
|
|
|
env:
|
|
IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }}
|
|
REGISTRY_USER: ${{ github.actor }}
|
|
REGISTRY_PASSWORD: ${{ github.token }}
|
|
|
|
# Each day, build and publish to ghcr.io:
|
|
#
|
|
# - the dangerzone/dangerzone container image
|
|
# - the dangerzone/build/{debian,ubuntu,fedora}:version
|
|
# dev environments used to run the tests
|
|
#
|
|
# End-user environments are not published to the GHCR because
|
|
# they need .rpm or .deb files to be built, which is what we
|
|
# want to test.
|
|
|
|
jobs:
|
|
build-dev-environment:
|
|
name: "Build dev-env (${{ matrix.distro }}-${{ matrix.version }})"
|
|
runs-on: ubuntu-latest
|
|
strategy:
|
|
matrix:
|
|
include:
|
|
- distro: ubuntu
|
|
version: "20.04"
|
|
- distro: ubuntu
|
|
version: "22.04"
|
|
- distro: ubuntu
|
|
version: "24.04"
|
|
- distro: ubuntu
|
|
version: "24.10"
|
|
- distro: debian
|
|
version: bullseye
|
|
- distro: debian
|
|
version: bookworm
|
|
- distro: debian
|
|
version: trixie
|
|
- distro: fedora
|
|
version: "40"
|
|
- distro: fedora
|
|
version: "41"
|
|
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v4
|
|
|
|
- uses: actions/setup-python@v5
|
|
with:
|
|
python-version: "3.10"
|
|
|
|
- name: Login to GHCR
|
|
run: |
|
|
echo ${{ github.token }} | podman login ghcr.io -u USERNAME --password-stdin
|
|
|
|
- name: Build dev environment
|
|
run: |
|
|
./dev_scripts/env.py --distro ${{ matrix.distro }} \
|
|
--version ${{ matrix.version }} \
|
|
build-dev --sync
|
|
|
|
build-container-image:
|
|
runs-on: ubuntu-24.04
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
with:
|
|
fetch-depth: 0
|
|
|
|
- name: Get current date
|
|
id: date
|
|
run: echo "date=$(date +'%Y-%m-%d')" >> $GITHUB_OUTPUT
|
|
|
|
- name: Cache container image
|
|
id: cache-container-image
|
|
uses: actions/cache@v4
|
|
with:
|
|
key: v2-${{ steps.date.outputs.date }}-${{ hashFiles('Dockerfile', 'dangerzone/conversion/common.py', 'dangerzone/conversion/doc_to_pixels.py', 'dangerzone/conversion/pixels_to_pdf.py', 'poetry.lock', 'gvisor_wrapper/entrypoint.py') }}
|
|
path: |
|
|
share/container.tar.gz
|
|
share/image-id.txt
|
|
|
|
- name: Build and push Dangerzone image
|
|
if: ${{ steps.cache-container-image.outputs.cache-hit != 'true' }}
|
|
run: |
|
|
sudo apt-get install -y python3-poetry
|
|
python3 ./install/common/build-image.py
|
|
echo ${{ github.token }} | podman login ghcr.io -u USERNAME --password-stdin
|
|
gunzip -c share/container.tar.gz | podman load
|
|
podman push \
|
|
dangerzone.rocks/dangerzone \
|
|
${{ env.IMAGE_REGISTRY }}/dangerzone/dangerzone
|