Skip to content

WIP: nightlies

WIP: nightlies #1

Workflow file for this run

name: Nightlies
on:
push:
# schedule:
# - cron: "0 0 * * *"
defaults:
run:
shell: bash
jobs:
build-debs:
strategy:
matrix:
debian_version:
- bullseye
- bookworm
runs-on: ubuntu-latest
# We only run dch/podman in this container, so it's fine to run all in bookworm
container: debian:bookworm
outputs:
artifact_id: ${{ steps.upload.outputs.artifact-id }}
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v4
with:
repository: "freedomofpress/securedrop-builder"
path: "securedrop-builder"
lfs: true
- name: Install dependencies
run: |
apt-get update && apt-get install --yes devscripts podman
- name: Build packages
run: |
CURRENT_VERSION=$(dpkg-parsechangelog -S Version)
VERSION_TO_BUILD="$CURRENT_VERSION.dev$(date +%Y%m%d%H%M%S)"
dch --distribution unstable --newversion $VERSION_TO_BUILD+buster "This is an automated build."
DEBIAN_VERSION=${{ matrix.debian_version }} BUILDER=securedrop-builder ./scripts/build-debs.sh
- uses: actions/upload-artifact@v4
id: upload
with:
name: build-${{ matrix.debian_version }}
path: build
if-no-files-found: error
reproducible-debs:
runs-on: ubuntu-latest
container: debian:bookworm
needs:
- build-debs
steps:
- name: Install dependencies
run: |
apt-get update && apt-get install --yes git git-lfs
- uses: actions/download-artifact@v4
with:
pattern: "*${{ matrix.debian_version }}"
- uses: actions/checkout@v4
with:
repository: "freedomofpress/securedrop-apt-test"
path: "securedrop-apt-test"
lfs: true
- name: Commit and push
run: |
cd securedrop-apt-test
mv -v ../build-bullseye/*.deb workstation/bullseye-nightlies/
mv -v ../build-bookworm/*.deb workstation/bookworm-nightlies/
git add .
git commit -m "Automated SecureDrop workstation build"