Skip to content

Commit

Permalink
Build and tag Dangerzone images
Browse files Browse the repository at this point in the history
Build Dangerzone images and tag them with a unique ID that stems from
the Git reop. Note that using tags as image IDs instead of regular image
IDs breaks the current Dangerzone expectations, but this will be
addressed in subsequent commits.
  • Loading branch information
apyrgio committed Dec 10, 2024
1 parent 20152fa commit 6a5e76f
Show file tree
Hide file tree
Showing 4 changed files with 36 additions and 20 deletions.
2 changes: 2 additions & 0 deletions .github/workflows/build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -74,6 +74,8 @@ jobs:
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0

- name: Get current date
id: date
Expand Down
4 changes: 3 additions & 1 deletion .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,8 @@ jobs:
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0

- name: Get current date
id: date
Expand Down Expand Up @@ -249,7 +251,7 @@ jobs:
install-deb:
name: "install-deb (${{ matrix.distro }} ${{ matrix.version }})"
runs-on: ubuntu-latest
needs:
needs:
- build-deb
strategy:
matrix:
Expand Down
2 changes: 2 additions & 0 deletions .github/workflows/scan.yml
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,8 @@ jobs:
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Install container build dependencies
run: sudo apt install pipx && pipx install poetry
- name: Build container image
Expand Down
48 changes: 29 additions & 19 deletions install/common/build-image.py
Original file line number Diff line number Diff line change
Expand Up @@ -2,12 +2,13 @@
import gzip
import os
import platform
import secrets
import subprocess
import sys
from pathlib import Path

BUILD_CONTEXT = "dangerzone/"
TAG = "dangerzone.rocks/dangerzone:latest"
IMAGE_NAME = "dangerzone.rocks/dangerzone"
REQUIREMENTS_TXT = "container-pip-requirements.txt"
if platform.system() in ["Darwin", "Windows"]:
CONTAINER_RUNTIME = "docker"
Expand Down Expand Up @@ -44,8 +45,31 @@ def main():
)
args = parser.parse_args()

tarball_path = Path("share") / "container.tar.gz"
image_id_path = Path("share") / "image-id.txt"

print(f"Building for architecture '{ARCH}'")

# Designate a unique tag for this image, depending on the Git commit it was created
# from:
# 1. If created from a Git tag (e.g., 0.8.0), the image tag will be `0.8.0`.
# 2. If created from a commit, it will be something like `0.8.0-31-g6bdaa7a`.
# 3. If the contents of the Git repo are dirty, we will append a unique identifier
# for this run, something like `0.8.0-31-g6bdaa7a-fdcb` or `0.8.0-fdcb`.
dirty_ident = secrets.token_hex(2)
tag = (
subprocess.check_output(
["git", "describe", "--first-parent", f"--dirty=-{dirty_ident}"],
)
.decode()
.strip()[1:] # remove the "v" prefix of the tag.
)
image_name_tagged = IMAGE_NAME + ":" + tag

print(f"Will tag the container image as '{image_name_tagged}'")
with open(image_id_path, "w") as f:
f.write(tag)

print("Exporting container pip dependencies")
with ContainerPipDependencies():
if not args.use_cache:
Expand All @@ -59,6 +83,7 @@ def main():
check=True,
)

# Build the container image, and tag it with the calculated tag
print("Building container image")
cache_args = [] if args.use_cache else ["--no-cache"]
subprocess.run(
Expand All @@ -74,7 +99,7 @@ def main():
"-f",
"Dockerfile",
"--tag",
TAG,
image_name_tagged,
],
check=True,
)
Expand All @@ -85,15 +110,15 @@ def main():
[
CONTAINER_RUNTIME,
"save",
TAG,
image_name_tagged,
],
stdout=subprocess.PIPE,
)

print("Compressing container image")
chunk_size = 4 << 20
with gzip.open(
"share/container.tar.gz",
tarball_path,
"wb",
compresslevel=args.compress_level,
) as gzip_f:
Expand All @@ -105,21 +130,6 @@ def main():
break
cmd.wait(5)

print("Looking up the image id")
image_id = subprocess.check_output(
[
args.runtime,
"image",
"list",
"--format",
"{{.ID}}",
TAG,
],
text=True,
)
with open("share/image-id.txt", "w") as f:
f.write(image_id)


class ContainerPipDependencies:
"""Generates PIP dependencies within container"""
Expand Down

0 comments on commit 6a5e76f

Please sign in to comment.