diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml new file mode 100644 index 000000000..84c47816e --- /dev/null +++ b/.github/workflows/build.yml @@ -0,0 +1,695 @@ +name: freedomofpress/dangerzone/build +on: + push: + branches: + - main +jobs: + run-lint: + runs-on: ubuntu-latest + container: + image: debian:bookworm + steps: + - uses: actions/checkout@v4.1.0 + - name: Install dev. dependencies + run: |- + apt-get update + apt-get install -y git make python3 python3-poetry --no-install-recommends + poetry install --no-ansi --only lint,test + - name: Run linters to enforce code style + run: poetry run make lint + - name: Check that the QA script is up to date with the docs + run: "./dev_scripts/qa.py --check-refs" + build-container-image: + runs-on: ubuntu-20.04 + steps: + - uses: actions/checkout@v4.1.0 + - name: Install Podman in Ubuntu Focal + run: "./install/linux/install-podman-ubuntu-focal.sh" + - name: Prepare cache directory + run: |- + sudo mkdir -p /caches + sudo chown -R $USER:$USER /caches + - name: Caculating container cache key + run: |- + mkdir -p /caches/ + cd dangerzone/conversion/ + cat common.py doc_to_pixels.py pixels_to_pdf.py | sha1sum | cut -d' ' -f1 > /caches/cache-id.txt + cd ../../ + - name: restore_cache + uses: actions/cache@v3.3.2 + with: + key: v1-{{ checksum "Dockerfile" }}-{{ checksum "/caches/cache-id.txt" }} + path: |- + /caches/container.tar.gz + /caches/image-id.txt + - name: Build Dangerzone image + run: |- + if [ -f "/caches/container.tar.gz" ]; then + echo "Already cached, skipping" + else + sudo pip3 install poetry + python3 ./install/common/build-image.py + fi + - name: Save Dangerzone image and image-id.txt to cache + run: |- + if [ -f "/caches/container.tar.gz" ]; then + echo "Already cached, skipping" + else + mkdir -p /caches + podman save -o /caches/container.tar dangerzone.rocks/dangerzone + gzip -f /caches/container.tar + podman image ls dangerzone.rocks/dangerzone | grep "dangerzone.rocks/dangerzone" | tr -s ' ' | cut -d' ' -f3 > /caches/image-id.txt + fi + - name: Caculating container cache key + run: |- + mkdir -p /caches/ + cd dangerzone/conversion/ + cat common.py doc_to_pixels.py pixels_to_pdf.py | sha1sum | cut -d' ' -f1 > /caches/cache-id.txt + cd ../../ + convert-test-docs: + runs-on: ubuntu-20.04 + needs: + - build-container-image + steps: + - uses: actions/checkout@v4.1.0 + - name: Install Podman in Ubuntu Focal + run: "./install/linux/install-podman-ubuntu-focal.sh" + - name: Install poetry dependencies + run: |- + sudo pip3 install poetry + # This flag is important, due to an open upstream Poetry issue: + # https://github.com/python-poetry/poetry/issues/7184 + poetry install --no-ansi + - name: Install test dependencies + run: sudo apt-get install -y libqt5gui5 libxcb-cursor0 --no-install-recommends + - name: Prepare cache directory + run: |- + sudo mkdir -p /caches + sudo chown -R $USER:$USER /caches + - name: Caculating container cache key + run: |- + mkdir -p /caches/ + cd dangerzone/conversion/ + cat common.py doc_to_pixels.py pixels_to_pdf.py | sha1sum | cut -d' ' -f1 > /caches/cache-id.txt + cd ../../ + - name: restore_cache + uses: actions/cache@v3.3.2 + with: + key: v1-{{ checksum "Dockerfile" }}-{{ checksum "/caches/cache-id.txt" }} + path: + - "/caches/container.tar.gz" + - "/caches/image-id.txt" + - name: Copy container image into package + run: |- + cp /caches/container.tar.gz share/ + cp /caches/image-id.txt share/ + - name: run automated tests + run: poetry run make test + ci-ubuntu-noble: + runs-on: ubuntu-20.04 + needs: + - build-container-image + steps: + - uses: actions/checkout@v4.1.0 + - name: Install Podman in Ubuntu Focal + run: "./install/linux/install-podman-ubuntu-focal.sh" + - name: Prepare cache directory + run: |- + sudo mkdir -p /caches + sudo chown -R $USER:$USER /caches + - name: Caculating container cache key + run: |- + mkdir -p /caches/ + cd dangerzone/conversion/ + cat common.py doc_to_pixels.py pixels_to_pdf.py | sha1sum | cut -d' ' -f1 > /caches/cache-id.txt + cd ../../ + - name: restore_cache + uses: actions/cache@v3.3.2 + with: + key: v1-{{ checksum "Dockerfile" }}-{{ checksum "/caches/cache-id.txt" }} + path: + - "/caches/container.tar.gz" + - "/caches/image-id.txt" + - name: Copy container image into package + run: |- + cp /caches/container.tar.gz share/ + cp /caches/image-id.txt share/ + - name: Prepare Dangerzone environment + run: "./dev_scripts/env.py --distro ubuntu --version 24.04 build-dev" + - name: Run CI tests + run: |- + ./dev_scripts/env.py --distro ubuntu --version 24.04 run --dev \ + bash -c 'cd dangerzone; poetry run make test' + ci-ubuntu-mantic: + runs-on: ubuntu-20.04 + needs: + - build-container-image + steps: + - uses: actions/checkout@v4.1.0 + - name: Install Podman in Ubuntu Focal + run: "./install/linux/install-podman-ubuntu-focal.sh" + - name: Prepare cache directory + run: |- + sudo mkdir -p /caches + sudo chown -R $USER:$USER /caches + - name: Caculating container cache key + run: |- + mkdir -p /caches/ + cd dangerzone/conversion/ + cat common.py doc_to_pixels.py pixels_to_pdf.py | sha1sum | cut -d' ' -f1 > /caches/cache-id.txt + cd ../../ + - name: restore_cache + uses: actions/cache@v3.3.2 + with: + key: v1-{{ checksum "Dockerfile" }}-{{ checksum "/caches/cache-id.txt" }} + path: + - "/caches/container.tar.gz" + - "/caches/image-id.txt" + - name: Copy container image into package + run: |- + cp /caches/container.tar.gz share/ + cp /caches/image-id.txt share/ + - name: Prepare Dangerzone environment + run: "./dev_scripts/env.py --distro ubuntu --version 23.10 build-dev" + - name: Run CI tests + run: |- + ./dev_scripts/env.py --distro ubuntu --version 23.10 run --dev \ + bash -c 'cd dangerzone; poetry run make test' + ci-ubuntu-jammy: + runs-on: ubuntu-20.04 + needs: + - build-container-image + steps: + - uses: actions/checkout@v4.1.0 + - name: Install Podman in Ubuntu Focal + run: "./install/linux/install-podman-ubuntu-focal.sh" + - name: Prepare cache directory + run: |- + sudo mkdir -p /caches + sudo chown -R $USER:$USER /caches + - name: Caculating container cache key + run: |- + mkdir -p /caches/ + cd dangerzone/conversion/ + cat common.py doc_to_pixels.py pixels_to_pdf.py | sha1sum | cut -d' ' -f1 > /caches/cache-id.txt + cd ../../ + - name: restore_cache + uses: actions/cache@v3.3.2 + with: + key: v1-{{ checksum "Dockerfile" }}-{{ checksum "/caches/cache-id.txt" }} + path: + - "/caches/container.tar.gz" + - "/caches/image-id.txt" + - name: Copy container image into package + run: |- + cp /caches/container.tar.gz share/ + cp /caches/image-id.txt share/ + - name: Prepare Dangerzone environment + run: "./dev_scripts/env.py --distro ubuntu --version 22.04 build-dev" + - name: Run CI tests + run: |- + ./dev_scripts/env.py --distro ubuntu --version 22.04 run --dev \ + bash -c 'cd dangerzone; poetry run make test' + ci-ubuntu-focal: + runs-on: ubuntu-20.04 + needs: + - build-container-image + steps: + - uses: actions/checkout@v4.1.0 + - name: Install Podman in Ubuntu Focal + run: "./install/linux/install-podman-ubuntu-focal.sh" + - name: Prepare cache directory + run: |- + sudo mkdir -p /caches + sudo chown -R $USER:$USER /caches + - name: Caculating container cache key + run: |- + mkdir -p /caches/ + cd dangerzone/conversion/ + cat common.py doc_to_pixels.py pixels_to_pdf.py | sha1sum | cut -d' ' -f1 > /caches/cache-id.txt + cd ../../ + - name: restore_cache + uses: actions/cache@v3.3.2 + with: + key: v1-{{ checksum "Dockerfile" }}-{{ checksum "/caches/cache-id.txt" }} + path: + - "/caches/container.tar.gz" + - "/caches/image-id.txt" + - name: Copy container image into package + run: |- + cp /caches/container.tar.gz share/ + cp /caches/image-id.txt share/ + - name: Prepare Dangerzone environment + run: "./dev_scripts/env.py --distro ubuntu --version 20.04 build-dev" + - name: Run CI tests + run: |- + ./dev_scripts/env.py --distro ubuntu --version 20.04 run --dev \ + bash -c 'cd dangerzone; poetry run make test' + ci-debian-trixie: + runs-on: ubuntu-20.04 + needs: + - build-container-image + steps: + - uses: actions/checkout@v4.1.0 + - name: Install Podman in Ubuntu Focal + run: "./install/linux/install-podman-ubuntu-focal.sh" + - name: Prepare cache directory + run: |- + sudo mkdir -p /caches + sudo chown -R $USER:$USER /caches + - name: Caculating container cache key + run: |- + mkdir -p /caches/ + cd dangerzone/conversion/ + cat common.py doc_to_pixels.py pixels_to_pdf.py | sha1sum | cut -d' ' -f1 > /caches/cache-id.txt + cd ../../ + - name: restore_cache + uses: actions/cache@v3.3.2 + with: + key: v1-{{ checksum "Dockerfile" }}-{{ checksum "/caches/cache-id.txt" }} + path: + - "/caches/container.tar.gz" + - "/caches/image-id.txt" + - name: Copy container image into package + run: |- + cp /caches/container.tar.gz share/ + cp /caches/image-id.txt share/ + - name: Prepare Dangerzone environment + run: "./dev_scripts/env.py --distro debian --version trixie build-dev" + - name: Run CI tests + run: |- + ./dev_scripts/env.py --distro debian --version trixie run --dev \ + bash -c 'cd dangerzone; poetry run make test' + ci-debian-bookworm: + runs-on: ubuntu-20.04 + needs: + - build-container-image + steps: + - uses: actions/checkout@v4.1.0 + - name: Install Podman in Ubuntu Focal + run: "./install/linux/install-podman-ubuntu-focal.sh" + - name: Prepare cache directory + run: |- + sudo mkdir -p /caches + sudo chown -R $USER:$USER /caches + - name: Caculating container cache key + run: |- + mkdir -p /caches/ + cd dangerzone/conversion/ + cat common.py doc_to_pixels.py pixels_to_pdf.py | sha1sum | cut -d' ' -f1 > /caches/cache-id.txt + cd ../../ + - name: restore_cache + uses: actions/cache@v3.3.2 + with: + key: v1-{{ checksum "Dockerfile" }}-{{ checksum "/caches/cache-id.txt" }} + path: + - "/caches/container.tar.gz" + - "/caches/image-id.txt" + - name: Copy container image into package + run: |- + cp /caches/container.tar.gz share/ + cp /caches/image-id.txt share/ + - name: Prepare Dangerzone environment + run: "./dev_scripts/env.py --distro debian --version bookworm build-dev" + - name: Run CI tests + run: |- + ./dev_scripts/env.py --distro debian --version bookworm run --dev \ + bash -c 'cd dangerzone; poetry run make test' + ci-debian-bullseye: + runs-on: ubuntu-latest + needs: + - build-container-image + steps: + - uses: actions/checkout@v4.1.0 + - name: Install Podman in Ubuntu Focal + run: "./install/linux/install-podman-ubuntu-focal.sh" + - name: Configure Podman for Ubuntu 22.04 + run: |- + # This config circumvents the following issues: + # * https://github.com/containers/podman/issues/6368 + # * https://github.com/containers/podman/issues/10987 + mkdir -p ~/.config/containers + cat > ~/.config/containers/containers.conf \< /caches/cache-id.txt + cd ../../ + - name: restore_cache + uses: actions/cache@v3.3.2 + with: + key: v1-{{ checksum "Dockerfile" }}-{{ checksum "/caches/cache-id.txt" }} + path: + - "/caches/container.tar.gz" + - "/caches/image-id.txt" + - name: Copy container image into package + run: |- + cp /caches/container.tar.gz share/ + cp /caches/image-id.txt share/ + - name: Prepare Dangerzone environment + run: "./dev_scripts/env.py --distro debian --version bullseye build-dev" + - name: Configure Podman for Debian Bullseye + run: |- + # Copy the Podman config into the container image we created for the + # Dangerzone environment. + cp ~/.config/containers/containers.conf containers.conf + cat > Dockerfile.bullseye \< /caches/cache-id.txt + cd ../../ + - name: restore_cache + uses: actions/cache@v3.3.2 + with: + key: v1-{{ checksum "Dockerfile" }}-{{ checksum "/caches/cache-id.txt" }} + path: + - "/caches/container.tar.gz" + - "/caches/image-id.txt" + - name: Copy container image into package + run: |- + cp /caches/container.tar.gz share/ + cp /caches/image-id.txt share/ + - name: Prepare Dangerzone environment + run: "./dev_scripts/env.py --distro fedora --version 40 build-dev" + - name: Run CI tests + run: |- + ./dev_scripts/env.py --distro fedora --version 40 run --dev \ + bash -c 'cd dangerzone; poetry run make test' + ci-fedora-39: + runs-on: ubuntu-20.04 + needs: + - build-container-image + steps: + - uses: actions/checkout@v4.1.0 + - name: Install Podman in Ubuntu Focal + run: "./install/linux/install-podman-ubuntu-focal.sh" + - name: Prepare cache directory + run: |- + sudo mkdir -p /caches + sudo chown -R $USER:$USER /caches + - name: Caculating container cache key + run: |- + mkdir -p /caches/ + cd dangerzone/conversion/ + cat common.py doc_to_pixels.py pixels_to_pdf.py | sha1sum | cut -d' ' -f1 > /caches/cache-id.txt + cd ../../ + - name: restore_cache + uses: actions/cache@v3.3.2 + with: + key: v1-{{ checksum "Dockerfile" }}-{{ checksum "/caches/cache-id.txt" }} + path: + - "/caches/container.tar.gz" + - "/caches/image-id.txt" + - name: Copy container image into package + run: |- + cp /caches/container.tar.gz share/ + cp /caches/image-id.txt share/ + - name: Prepare Dangerzone environment + run: "./dev_scripts/env.py --distro fedora --version 39 build-dev" + - name: Run CI tests + run: |- + ./dev_scripts/env.py --distro fedora --version 39 run --dev \ + bash -c 'cd dangerzone; poetry run make test' + build-ubuntu-mantic: + runs-on: ubuntu-latest + container: + image: ubuntu:23.10 + needs: + - build-container-image + steps: + - name: Install dependencies (deb) + run: |- + export DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true + apt-get update + apt-get install -y dh-python python3 python3-stdeb + - uses: actions/checkout@v4.1.0 + - name: Caculating container cache key + run: |- + mkdir -p /caches/ + cd dangerzone/conversion/ + cat common.py doc_to_pixels.py pixels_to_pdf.py | sha1sum | cut -d' ' -f1 > /caches/cache-id.txt + cd ../../ + - name: restore_cache + uses: actions/cache@v3.3.2 + with: + key: v1-{{ checksum "Dockerfile" }}-{{ checksum "/caches/cache-id.txt" }} + path: + - "/caches/container.tar.gz" + - "/caches/image-id.txt" + - name: Copy container image into package + run: |- + cp /caches/container.tar.gz share/ + cp /caches/image-id.txt share/ + - name: Build the .deb package + run: |- + ./install/linux/build-deb.py + ls -lh deb_dist/ + build-ubuntu-jammy: + runs-on: ubuntu-latest + container: + image: ubuntu:22.04 + needs: + - build-container-image + steps: + - name: Install dependencies (deb) + run: |- + export DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true + apt-get update + apt-get install -y dh-python python3 python3-stdeb + - uses: actions/checkout@v4.1.0 + - name: Caculating container cache key + run: |- + mkdir -p /caches/ + cd dangerzone/conversion/ + cat common.py doc_to_pixels.py pixels_to_pdf.py | sha1sum | cut -d' ' -f1 > /caches/cache-id.txt + cd ../../ + - name: restore_cache + uses: actions/cache@v3.3.2 + with: + key: v1-{{ checksum "Dockerfile" }}-{{ checksum "/caches/cache-id.txt" }} + path: + - "/caches/container.tar.gz" + - "/caches/image-id.txt" + - name: Copy container image into package + run: |- + cp /caches/container.tar.gz share/ + cp /caches/image-id.txt share/ + - name: Build the .deb package + run: |- + ./install/linux/build-deb.py + ls -lh deb_dist/ + build-ubuntu-focal: + runs-on: ubuntu-latest + container: + image: ubuntu:20.04 + needs: + - build-container-image + steps: + - name: Install dependencies (deb) + run: |- + export DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true + apt-get update + apt-get install -y dh-python python3 python3-stdeb + - name: Install python-all package + run: |- + export DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true + apt-get update + apt-get install -y python-all + - uses: actions/checkout@v4.1.0 + - name: Caculating container cache key + run: |- + mkdir -p /caches/ + cd dangerzone/conversion/ + cat common.py doc_to_pixels.py pixels_to_pdf.py | sha1sum | cut -d' ' -f1 > /caches/cache-id.txt + cd ../../ + - name: restore_cache + uses: actions/cache@v3.3.2 + with: + key: v1-{{ checksum "Dockerfile" }}-{{ checksum "/caches/cache-id.txt" }} + path: + - "/caches/container.tar.gz" + - "/caches/image-id.txt" + - name: Copy container image into package + run: |- + cp /caches/container.tar.gz share/ + cp /caches/image-id.txt share/ + - name: Build the .deb package + run: |- + ./install/linux/build-deb.py + ls -lh deb_dist/ + build-debian-bullseye: + runs-on: ubuntu-latest + container: + image: debian:bullseye + needs: + - build-container-image + steps: + - name: Install dependencies (deb) + run: |- + export DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true + apt-get update + apt-get install -y dh-python python3 python3-stdeb + - uses: actions/checkout@v4.1.0 + - name: Caculating container cache key + run: |- + mkdir -p /caches/ + cd dangerzone/conversion/ + cat common.py doc_to_pixels.py pixels_to_pdf.py | sha1sum | cut -d' ' -f1 > /caches/cache-id.txt + cd ../../ + - name: restore_cache + uses: actions/cache@v3.3.2 + with: + key: v1-{{ checksum "Dockerfile" }}-{{ checksum "/caches/cache-id.txt" }} + path: + - "/caches/container.tar.gz" + - "/caches/image-id.txt" + - name: Copy container image into package + run: |- + cp /caches/container.tar.gz share/ + cp /caches/image-id.txt share/ + - name: Build the .deb package + run: |- + ./install/linux/build-deb.py + ls -lh deb_dist/ + build-debian-bookworm: + runs-on: ubuntu-latest + container: + image: debian:bookworm + needs: + - build-container-image + steps: + - name: Install dependencies (deb) + run: |- + export DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true + apt-get update + apt-get install -y dh-python python3 python3-stdeb + - uses: actions/checkout@v4.1.0 + - name: Caculating container cache key + run: |- + mkdir -p /caches/ + cd dangerzone/conversion/ + cat common.py doc_to_pixels.py pixels_to_pdf.py | sha1sum | cut -d' ' -f1 > /caches/cache-id.txt + cd ../../ + - name: restore_cache + uses: actions/cache@v3.3.2 + with: + key: v1-{{ checksum "Dockerfile" }}-{{ checksum "/caches/cache-id.txt" }} + path: + - "/caches/container.tar.gz" + - "/caches/image-id.txt" + - name: Copy container image into package + run: |- + cp /caches/container.tar.gz share/ + cp /caches/image-id.txt share/ + - name: Build the .deb package + run: |- + ./install/linux/build-deb.py + ls -lh deb_dist/ + build-fedora-40: + runs-on: ubuntu-latest + container: + image: fedora:40 + needs: + - build-container-image + steps: + - name: Install dependencies (rpm) + run: |- + dnf install -y rpm-build python3 python3-devel python3-poetry-core pipx + pipx install poetry + - uses: actions/checkout@v4.1.0 + - name: Caculating container cache key + run: |- + mkdir -p /caches/ + cd dangerzone/conversion/ + cat common.py doc_to_pixels.py pixels_to_pdf.py | sha1sum | cut -d' ' -f1 > /caches/cache-id.txt + cd ../../ + - name: restore_cache + uses: actions/cache@v3.3.2 + with: + key: v1-{{ checksum "Dockerfile" }}-{{ checksum "/caches/cache-id.txt" }} + path: + - "/caches/container.tar.gz" + - "/caches/image-id.txt" + - name: Copy container image into package + run: |- + cp /caches/container.tar.gz share/ + cp /caches/image-id.txt share/ + - name: Build the .rpm package + run: |- + PATH=/root/.local/bin:$PATH ./install/linux/build-rpm.py + ls -lh dist/ + - name: Build the Qubes .rpm package + run: |- + PATH=/root/.local/bin:$PATH ./install/linux/build-rpm.py --qubes + ls -lh dist/ + build-fedora-39: + runs-on: ubuntu-latest + container: + image: fedora:39 + needs: + - build-container-image + steps: + - name: Install dependencies (rpm) + run: |- + dnf install -y rpm-build python3 python3-devel python3-poetry-core pipx + pipx install poetry + - uses: actions/checkout@v4.1.0 + - name: Caculating container cache key + run: |- + mkdir -p /caches/ + cd dangerzone/conversion/ + cat common.py doc_to_pixels.py pixels_to_pdf.py | sha1sum | cut -d' ' -f1 > /caches/cache-id.txt + cd ../../ + - name: restore_cache + uses: actions/cache@v3.3.2 + with: + key: v1-{{ checksum "Dockerfile" }}-{{ checksum "/caches/cache-id.txt" }} + path: + - "/caches/container.tar.gz" + - "/caches/image-id.txt" + - name: Copy container image into package + run: |- + cp /caches/container.tar.gz share/ + cp /caches/image-id.txt share/ + - name: Build the .rpm package + run: |- + PATH=/root/.local/bin:$PATH ./install/linux/build-rpm.py + ls -lh dist/ + - name: Build the Qubes .rpm package + run: |- + PATH=/root/.local/bin:$PATH ./install/linux/build-rpm.py --qubes + ls -lh dist/