From e02dbfdc7932fef6331557d942f1374fb385e8f3 Mon Sep 17 00:00:00 2001
From: Alex Pyrgiotis <alex.p@freedom.press>
Date: Tue, 14 Jan 2025 12:25:01 +0200
Subject: [PATCH] WIP: Reproduce

---
 .github/workflows/ci.yml   | 15 +++------------
 .github/workflows/scan.yml | 10 +++++++---
 dev_scripts/reproduce.py   |  2 +-
 3 files changed, 11 insertions(+), 16 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index fc92043ff..ec06d0b05 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -492,18 +492,9 @@ jobs:
           poetry run jinja2 Dockerfile.in Dockerfile.env > out
           diff Dockerfile out
 
-      - name: Get current date
-        id: date
-        run: echo "date=$(date +'%Y-%m-%d')" >> $GITHUB_OUTPUT
-
-      - name: Restore container cache
-        uses: actions/cache/restore@v4
-        with:
-          key: v3-${{ steps.date.outputs.date }}-${{ hashFiles('Dockerfile', 'dangerzone/conversion/*.py', 'dangerzone/container/*', 'install/common/build-image.py') }}
-          path: |-
-            share/container.tar.gz
-            share/image-id.txt
-          fail-on-cache-miss: true
+      - name: Build Dangerzone container image
+        run: |
+          python3 ./install/common/build-image.py --no-save
 
       - name: Reproduce the same container image
         run: |
diff --git a/.github/workflows/scan.yml b/.github/workflows/scan.yml
index c4bd6a35c..f7c187fc9 100644
--- a/.github/workflows/scan.yml
+++ b/.github/workflows/scan.yml
@@ -21,13 +21,17 @@ jobs:
           sudo apt install pipx
           pipx install poetry
           pipx inject poetry poetry-plugin-export
+          poetry install --only package
+      - name: Bump date of Debian snapshot archive
+        run: |
+          date=$(date "+%Y%m%d")
+          sed -i "s/DEBIAN_ARCHIVE_DATE=[0-9]\+/DEBIAN_ARCHIVE_DATE=${date}/" Dockerfile.env
+          poetry run jinja2 Dockerfile.in Dockerfile.env > Dockerfile
       - name: Build container image
         run: python3 ./install/common/build-image.py --runtime docker --no-save
       - name: Get image tag
         id: tag
-        run: |
-          tag=$(docker images dangerzone.rocks/dangerzone --format '{{ .Tag }}')
-          echo "tag=$tag" >> $GITHUB_OUTPUT
+        run: echo "tag=$(cat share/image-id.txt)" >> $GITHUB_OUTPUT
       # NOTE: Scan first without failing, else we won't be able to read the scan
       # report.
       - name: Scan container image (no fail)
diff --git a/dev_scripts/reproduce.py b/dev_scripts/reproduce.py
index b37d69f6f..0c05c4c87 100755
--- a/dev_scripts/reproduce.py
+++ b/dev_scripts/reproduce.py
@@ -36,7 +36,7 @@ def git_commit_get():
 def git_verify(commit, source):
     if not commit in source:
         raise RuntimeError(
-            f"Image '{image}' does not seem to be built from commit '{commit}'"
+            f"Image '{source}' does not seem to be built from commit '{commit}'"
         )