almet/dangerzone
1
0
Fork 0
mirror of https://github.com/freedomofpress/dangerzone.git synced 2025-04-28 18:02:38 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 11
dangerzone/.github/workflows/check_repos.yml
Alex Pyrgiotis 4a48a2551b
Drop Ubuntu 20.04 (Focal) support 
Drop Ubuntu 20.04 (Focal) support, because it's nearing its end-of-life
date. By doing so, we can remove several workarounds and notices we had
in place for this version, and most importantly, remove the pin to our
vendored PyMuPDF package.

Refs #1018
Refs #965
2025-03-17 15:40:25 +02:00

102 lines
4.2 KiB
YAML
Raw Blame History

# Test official instructions for installing Dangerzone
# ====================================================
#
# The installation instructions have been copied from our INSTALL.md file.
# NOTE: When you change either place, please make sure to keep the two files in
# sync.
# NOTE: Because the commands run as root, the use of sudo is not necessary.
name: Test official instructions for installing Dangerzone
on:
schedule:
- cron: '0 0 * * *' # Run every day at 00:00 UTC.
workflow_dispatch:
jobs:
install-from-apt-repo:
name: "Install Dangerzone on ${{ matrix.distro}} ${{ matrix.version }}"
runs-on: ubuntu-latest
container: ${{ matrix.distro }}:${{ matrix.version }}
strategy:
matrix:
include:
- distro: ubuntu
version: "24.10" # oracular
- distro: ubuntu
version: "24.04" # noble
- distro: ubuntu
version: "22.04" # jammy
- distro: debian
version: "trixie" # 13
- distro: debian
version: "12" # bookworm
- distro: debian
version: "11" # bullseye
steps:
- name: Add packages.freedom.press PGP key (gpg)
if: matrix.version != 'trixie'
run: |
apt-get update && apt-get install -y gnupg2 ca-certificates
dirmngr # NOTE: This is a command that's necessary only in containers
# The key needs to be in the GPG keybox database format so the
# signing subkey is detected by apt-secure.
gpg --keyserver hkps://keys.openpgp.org \
--no-default-keyring --keyring ./fpf-apt-tools-archive-keyring.gpg \
--recv-keys "DE28 AB24 1FA4 8260 FAC9 B8BA A7C9 B385 2260 4281"
mkdir -p /etc/apt/keyrings/
mv ./fpf-apt-tools-archive-keyring.gpg /etc/apt/keyrings/.
- name: Add packages.freedom.press PGP key (sq)
if: matrix.version == 'trixie'
run: |
apt-get update && apt-get install -y ca-certificates sq
mkdir -p /etc/apt/keyrings/
# On debian trixie, apt-secure uses `sqv` to verify the signatures
# so we need to retrieve PGP keys and store them using the base64 format.
sq network keyserver \
--server hkps://keys.openpgp.org \
search "DE28 AB24 1FA4 8260 FAC9 B8BA A7C9 B385 2260 4281" \
--output /etc/apt/keyrings/fpf-apt-tools-archive-keyring.gpg
- name: Add packages.freedom.press to our APT sources
run: |
. /etc/os-release
echo "deb [signed-by=/etc/apt/keyrings/fpf-apt-tools-archive-keyring.gpg] \
https://packages.freedom.press/apt-tools-prod ${VERSION_CODENAME?} main" \
| tee /etc/apt/sources.list.d/fpf-apt-tools.list
- name: Install Dangerzone
run: |
apt update
apt install -y dangerzone
install-from-yum-repo:
name: "Install Dangerzone on ${{ matrix.distro}} ${{ matrix.version }}"
runs-on: ubuntu-latest
container: ${{ matrix.distro }}:${{ matrix.version }}
strategy:
matrix:
include:
- distro: fedora
version: 40
- distro: fedora
version: 41
steps:
- name: Add packages.freedom.press to our YUM sources
run: |
dnf install -y 'dnf-command(config-manager)'
dnf-3 config-manager --add-repo=https://packages.freedom.press/yum-tools-prod/dangerzone/dangerzone.repo
- name: Replace 'rawhide' string with Fedora version
# The previous command has created a `dangerzone.repo` file. The
# config-manager plugin should have substituted the $releasever variable
# with the Fedora version number. However, for unreleased Fedora
# versions, this gets translated to "rawhide", even though they do have
# a number. To fix this, we need to substitute the "rawhide" string
# witht the proper Fedora version.
run: |
source /etc/os-release
sed -i "s/rawhide/${VERSION_ID}/g" /etc/yum.repos.d/dangerzone.repo
- name: Install Dangerzone
# FIXME: We add the `-y` flag here, in lieu of a better way to check the
# Dangerzone signature.
run: dnf install -y dangerzone
Reference in a new issue View git blame Copy permalink