WIP: Reproduce

freedomofpress · Jan 14, 2025 · e02dbfd · e02dbfd
1 parent d53c4d0
commit e02dbfd
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 16 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -492,18 +492,9 @@ jobs:
           poetry run jinja2 Dockerfile.in Dockerfile.env > out
           diff Dockerfile out
 
-      - name: Get current date
-        id: date
-        run: echo "date=$(date +'%Y-%m-%d')" >> $GITHUB_OUTPUT
-
-      - name: Restore container cache
-        uses: actions/cache/restore@v4
-        with:
-          key: v3-${{ steps.date.outputs.date }}-${{ hashFiles('Dockerfile', 'dangerzone/conversion/*.py', 'dangerzone/container/*', 'install/common/build-image.py') }}
-          path: |-
-            share/container.tar.gz
-            share/image-id.txt
-          fail-on-cache-miss: true
+      - name: Build Dangerzone container image
+        run: |
+          python3 ./install/common/build-image.py --no-save
 
       - name: Reproduce the same container image
         run: |

diff --git a/.github/workflows/scan.yml b/.github/workflows/scan.yml
@@ -21,13 +21,17 @@ jobs:
           sudo apt install pipx
           pipx install poetry
           pipx inject poetry poetry-plugin-export
+          poetry install --only package
+      - name: Bump date of Debian snapshot archive
+        run: |
+          date=$(date "+%Y%m%d")
+          sed -i "s/DEBIAN_ARCHIVE_DATE=[0-9]\+/DEBIAN_ARCHIVE_DATE=${date}/" Dockerfile.env
+          poetry run jinja2 Dockerfile.in Dockerfile.env > Dockerfile
       - name: Build container image
         run: python3 ./install/common/build-image.py --runtime docker --no-save
       - name: Get image tag
         id: tag
-        run: |
-          tag=$(docker images dangerzone.rocks/dangerzone --format '{{ .Tag }}')
-          echo "tag=$tag" >> $GITHUB_OUTPUT
+        run: echo "tag=$(cat share/image-id.txt)" >> $GITHUB_OUTPUT
       # NOTE: Scan first without failing, else we won't be able to read the scan
       # report.
       - name: Scan container image (no fail)

diff --git a/dev_scripts/reproduce.py b/dev_scripts/reproduce.py
@@ -36,7 +36,7 @@ def git_commit_get():
 def git_verify(commit, source):
     if not commit in source:
         raise RuntimeError(
-            f"Image '{image}' does not seem to be built from commit '{commit}'"
+            f"Image '{source}' does not seem to be built from commit '{commit}'"
         )