Make our Dangerzone image reproducible #688
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build dev environments | |
on: | |
pull_request: | |
push: | |
branches: | |
- main | |
- "test/**" | |
schedule: | |
- cron: "0 0 * * *" # Run every day at 00:00 UTC. | |
permissions: | |
packages: write | |
env: | |
IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }} | |
REGISTRY_USER: ${{ github.actor }} | |
REGISTRY_PASSWORD: ${{ github.token }} | |
# Each day, build and publish to ghcr.io: | |
# | |
# - the dangerzone/dangerzone container image | |
# - the dangerzone/build/{debian,ubuntu,fedora}:version | |
# dev environments used to run the tests | |
# | |
# End-user environments are not published to the GHCR because | |
# they need .rpm or .deb files to be built, which is what we | |
# want to test. | |
jobs: | |
build-dev-environment: | |
name: "Build dev-env (${{ matrix.distro }}-${{ matrix.version }})" | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
include: | |
- distro: ubuntu | |
version: "20.04" | |
- distro: ubuntu | |
version: "22.04" | |
- distro: ubuntu | |
version: "24.04" | |
- distro: ubuntu | |
version: "24.10" | |
- distro: debian | |
version: bullseye | |
- distro: debian | |
version: bookworm | |
- distro: debian | |
version: trixie | |
- distro: fedora | |
version: "40" | |
- distro: fedora | |
version: "41" | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- uses: actions/setup-python@v5 | |
with: | |
python-version: "3.10" | |
- name: Login to GHCR | |
run: | | |
echo ${{ github.token }} | podman login ghcr.io -u USERNAME --password-stdin | |
- name: Build dev environment | |
run: | | |
./dev_scripts/env.py --distro ${{ matrix.distro }} \ | |
--version ${{ matrix.version }} \ | |
build-dev --sync | |
build-container-image: | |
runs-on: ubuntu-24.04 | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Get current date | |
id: date | |
run: echo "date=$(date +'%Y-%m-%d')" >> $GITHUB_OUTPUT | |
- name: Cache container image | |
id: cache-container-image | |
uses: actions/cache@v4 | |
with: | |
key: v4-${{ steps.date.outputs.date }}-${{ hashFiles('Dockerfile', 'dangerzone/conversion/*.py', 'dangerzone/container_helpers/*', 'install/common/build-image.py') }} | |
path: | | |
share/container.tar.gz | |
share/image-id.txt | |
- name: Build and push Dangerzone image | |
if: ${{ steps.cache-container-image.outputs.cache-hit != 'true' }} | |
run: | | |
sudo apt-get install -y python3-poetry | |
python3 ./install/common/build-image.py | |
echo ${{ github.token }} | podman login ghcr.io -u USERNAME --password-stdin | |
gunzip -c share/container.tar.gz | podman load | |
tag=$(cat share/image-id.txt) | |
podman push \ | |
dangerzone.rocks/dangerzone:$tag \ | |
${{ env.IMAGE_REGISTRY }}/dangerzone/dangerzone:tag |