WIP: Do not push end-user envs to ghcr.

freedomofpress · Sep 17, 2024 · a0be4d6 · a0be4d6
1 parent 7ed8526
commit a0be4d6
Show file tree

Hide file tree

Showing 2 changed files with 37 additions and 86 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -8,11 +8,15 @@ env:
   REGISTRY_USER: ${{ github.actor }}
   REGISTRY_PASSWORD: ${{ github.token }}
 
-# Each day, rebuild the following images:
+# Each day, build and publish to ghcr.io:
 #
 # - the dangerzone.rocks/dangerzone container image
-# - the dev environments used to run the tests
-# - the end-user environments used to install the packages
+# - the dangerzone.rocks/build/{debian,ubuntu,fedora}:version
+#   dev environments used to run the tests
+#
+# End-user environments are not published to the GHCR because
+# they need .rpm or .deb files to be built, which is what we
+# want to test.
 
 jobs:
   build-dev-environment:
@@ -64,81 +68,6 @@ jobs:
             dangerzone.rocks/build/${{ matrix.distro }}:${{ matrix.version }} \
             ${{ env.IMAGE_REGISTRY }}/dangerzone.rocks/build/${{ matrix.distro }}:${{ matrix.version }}
 
-  build-enduser-environment:
-    name: "Build enduser-env (${{ matrix.distro }}-${{ matrix.version }})"
-    runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        include:
-          - distro: ubuntu
-            version: "20.04"
-          - distro: ubuntu
-            version: "22.04"
-          - distro: ubuntu
-            version: "23.10"
-          - distro: ubuntu
-            version: "24.04"
-          - distro: debian
-            version: bullseye
-          - distro: debian
-            version: bookworm
-          - distro: debian
-            version: trixie
-          - distro: fedora
-            version: "39"
-          - distro: fedora
-            version: "40"
-
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-
-      - uses: actions/setup-python@v5
-        with:
-          python-version: "3.10"
-
-      ### TODO: On fedora: add --download-pyside6 ?
-      - name: Build dev environment
-        run: |
-          ./dev_scripts/env.py --distro ${{ matrix.distro }} \
-              --version ${{ matrix.version }} \
-              build
-
-      - name: Configure Podman for Debian Bullseye specifically
-        if: matrix.distro == 'debian' && matrix.version == 'bullseye'
-        run: |
-          # Create a Podman config specifically for Bullseye (see #388).
-          mkdir bullseye_fix
-          cd bullseye_fix
-          cat > containers.conf <<EOF
-          [engine]
-          cgroup_manager="cgroupfs"
-          events_logger="file"
-          EOF
-
-          # Copy the Podman config into the container image we created for the
-          # Dangerzone environment.
-          cat > Dockerfile.bullseye <<EOF
-          FROM dangerzone.rocks/debian:bullseye-backports
-          RUN mkdir -p /home/user/.config/containers
-          COPY containers.conf /home/user/.config/containers/
-          EOF
-
-          # Create a new image from the Dangerzone environment and re-tag it.
-          podman build -t dangerzone.rocks/debian:bullseye-backports \
-              -f Dockerfile.bullseye .
-
-      - name: Login to GHCR
-        run: |
-          echo ${{ github.token }} | podman login ghcr.io -u USERNAME --password-stdin
-
-      ### TODO: push bullseye-backport instead.
-      - name: Push To GHCR
-        run: |
-          podman push \
-            dangerzone.rocks/${{ matrix.distro }}:${{ matrix.version }} \
-            ${{ env.IMAGE_REGISTRY }}/dangerzone.rocks/${{ matrix.distro }}:${{ matrix.version }}
-
   build-container-image:
     runs-on: ubuntu-latest
     steps:

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -189,14 +189,35 @@ jobs:
           name: dangerzone.deb
           path: "deb_dist/"
 
-      - name: Login to GHCR
+      - name: Build end-user environment
         run: |
-          echo ${{ github.token }} | podman login ghcr.io -u USERNAME --password-stdin
+          ./dev_scripts/env.py --distro ${{ matrix.distro }} \
+              --version ${{ matrix.version }} \
+              build
 
-      - name: Install end-user env from GHCR
+      - name: Configure Podman for Debian Bullseye specifically
+        if: matrix.distro == 'debian' && matrix.version == 'bullseye'
         run: |
-          podman pull \
-            ${{ env.IMAGE_REGISTRY }}/dangerzone.rocks/${{ matrix.distro }}:${{ matrix.version }}
+          # Create a Podman config specifically for Bullseye (see #388).
+          mkdir bullseye_fix
+          cd bullseye_fix
+          cat > containers.conf <<EOF
+          [engine]
+          cgroup_manager="cgroupfs"
+          events_logger="file"
+          EOF
+
+          # Copy the Podman config into the container image we created for the
+          # Dangerzone environment.
+          cat > Dockerfile.bullseye <<EOF
+          FROM dangerzone.rocks/debian:bullseye-backports
+          RUN mkdir -p /home/user/.config/containers
+          COPY containers.conf /home/user/.config/containers/
+          EOF
+
+          # Create a new image from the Dangerzone environment and re-tag it.
+          podman build -t dangerzone.rocks/debian:bullseye-backports \
+              -f Dockerfile.bullseye .
 
       - name: Run a test command
         run: |
@@ -249,10 +270,11 @@ jobs:
       - name: Reclaim some storage space
         run: podman system reset -f
 
-      - name: Install end-user env from GHCR
+      - name: Build end-user environment
         run: |
-          podman pull \
-            ${{ env.IMAGE_REGISTRY }}/dangerzone.rocks/fedora:${{ matrix.version }}
+          ./dev_scripts/env.py --distro ${{ matrix.distro }} \
+              --version ${{ matrix.version }} \
+              build --download-pyside6
 
       - name: Run a test command
         run: |