From 4e97bee58ca5dbc6d02d3f2b33cf471cf77b0da4 Mon Sep 17 00:00:00 2001
From: Alex Pyrgiotis <alex.p@freedom.press>
Date: Mon, 11 Dec 2023 15:25:41 +0200
Subject: [PATCH] WIP: Test official installation instructions

---
 .github/workflows/check_repos.yml | 87 +++++++++++++++++++++++++++++++
 INSTALL.md                        |  8 +--
 2 files changed, 92 insertions(+), 3 deletions(-)
 create mode 100644 .github/workflows/check_repos.yml

diff --git a/.github/workflows/check_repos.yml b/.github/workflows/check_repos.yml
new file mode 100644
index 000000000..d4085a18d
--- /dev/null
+++ b/.github/workflows/check_repos.yml
@@ -0,0 +1,87 @@
+# Test official instructions for installing Dangerzone
+# ====================================================
+#
+# The installation instructions have been copied from our INSTALL.md file.
+# NOTE: When you change either place, please make sure to keep the two files in
+# sync.
+name: Test official instructions for installing Dangerzone
+on:
+  # TODO: Remove these two triggers, as we will run only nightly checks
+  push:
+  pull_request:
+    branches: [ main ]
+  schedule:
+    - cron: '0 0 * * *' # Run every day at 00:00 UTC.
+
+jobs:
+  install-from-apt-repo:
+    runs-on: ubuntu-latest
+    container: ${{ matrix.distro }}:${{ matrix.version }}
+    strategy:
+      matrix:
+        include:
+          - distro: ubuntu
+            version: "23.10"  # mantic
+          - distro: ubuntu
+            version: "23.04"  # lunar
+          - distro: ubuntu
+            version: "22.04"  # jammy
+          - distro: ubuntu
+            version: "20.04"  # focal
+          - distro: debian
+            version: "trixie"  # 13
+          - distro: debian
+            version: "12"  # bookworm
+          - distro: debian
+            version: "11"  # bullseye
+    steps:
+      - name: Add Podman repo for Ubuntu Focal
+        if: matrix.distro == 'ubuntu' && matrix.version == 20.04
+        run: |
+          apt-get update && apt-get -y install curl wget gnupg2
+          . /etc/os-release
+          sh -c "echo 'deb http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_${VERSION_ID}/ /' \
+            > /etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list"
+          wget -nv https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable/xUbuntu_${VERSION_ID}/Release.key -O- \
+            | apt-key add -
+          apt update
+          apt-get install python-all -y
+
+      - name: Add GPG key for the packages.freedom.press
+        run: |
+          apt-get update && apt-get install -y gnupg2 ca-certificates
+          dirmngr  # NOTE: This is a command that's necessary only in containers
+          gpg --keyserver hkps://keys.openpgp.org \
+              --no-default-keyring --keyring ./fpf-apt-tools-archive-keyring.gpg \
+              --recv-keys "DE28 AB24 1FA4 8260 FAC9 B8BA A7C9 B385 2260 4281"
+          mkdir -p /etc/apt/keyrings/
+          mv fpf-apt-tools-archive-keyring.gpg /etc/apt/keyrings
+
+      - name: Add packages.freedom.press to our APT sources
+        run: |
+          . /etc/os-release
+          echo deb [signed-by=/etc/apt/keyrings/fpf-apt-tools-archive-keyring.gpg] \
+              https://packages.freedom.press/apt-tools-prod ${VERSION_CODENAME?} main \
+              | tee /etc/apt/sources.list.d/fpf-apt-tools.list
+
+      - name: Install Dangerzone
+        run: |
+          apt update
+          apt install -y dangerzone
+
+  install-from-yum-repo:
+    runs-on: ubuntu-latest
+    container: ${{ matrix.distro }}:${{ matrix.version }}
+    strategy:
+      matrix:
+        include:
+          - distro: fedora
+            version: 38
+    steps:
+      - name: Add packages.freedom.press to our YUM sources
+        run: |
+          dnf install -y 'dnf-command(config-manager)'
+          dnf config-manager --add-repo=https://packages.freedom.press/yum-tools-prod/dangerzone/dangerzone.repo
+
+      - name: Install Dangerzone
+        run: dnf install -y dangerzone
diff --git a/INSTALL.md b/INSTALL.md
index d87063dfc..6b62759d6 100644
--- a/INSTALL.md
+++ b/INSTALL.md
@@ -32,8 +32,8 @@ Dangerzone is available for:
   copied from the [official Podman blog](https://podman.io/new/2021/06/16/new.html):
 
   ```bash
-  sudo apt-get install curl wget gnupg2 -y
-  source /etc/os-release
+  sudo apt-get update && sudo apt-get install curl wget gnupg2 -y
+  . /etc/os-release
   sudo sh -c "echo 'deb http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_${VERSION_ID}/ /' \
     > /etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list"
   wget -nv https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable/xUbuntu_${VERSION_ID}/Release.key -O- \
@@ -54,6 +54,7 @@ Add our repository following these instructions:
 Download the GPG key for the repo:
 
 ```sh
+sudo apt-get update && sudo apt-get install gnupg2 ca-certificates -y
 gpg --keyserver hkps://keys.openpgp.org \
     --no-default-keyring --keyring ./fpf-apt-tools-archive-keyring.gpg \
     --recv-keys "DE28 AB24 1FA4 8260 FAC9 B8BA A7C9 B385 2260 4281"
@@ -64,7 +65,7 @@ sudo mv fpf-apt-tools-archive-keyring.gpg /etc/apt/keyrings
 Add the URL of the repo in your APT sources:
 
 ```sh
-source /etc/os-release
+. /etc/os-release
 echo deb [signed-by=/etc/apt/keyrings/fpf-apt-tools-archive-keyring.gpg] \
     https://packages.freedom.press/apt-tools-prod ${VERSION_CODENAME?} main \
     | sudo tee /etc/apt/sources.list.d/fpf-apt-tools.list
@@ -98,6 +99,7 @@ sudo apt install -y dangerzone
 Type the following commands in a terminal:
 
 ```
+sudo dnf install 'dnf-command(config-manager)'
 sudo dnf config-manager --add-repo=https://packages.freedom.press/yum-tools-prod/dangerzone/dangerzone.repo
 sudo dnf install dangerzone
 ```