mirror of
https://github.com/simplex-chat/simplex-chat.git
synced 2026-05-14 19:05:27 +00:00
ci: reproducible builds/refactor (#5808)
* ci: reproducible builds/refactor * ci: fix mac desktop upload * ci: docker shell abort on error * scripts: add reproduce script * ci: add new reproduce workflow * scripts/reproduce-builds: change repo back to official
This commit is contained in:
sh
Executable
+96
@@ -0,0 +1,96 @@
|
||||
#!/usr/bin/env bash
|
||||
#
|
||||
# Licensed to the Apache Software Foundation (ASF) under one
|
||||
# or more contributor license agreements. See the NOTICE file
|
||||
# distributed with this work for additional information
|
||||
# regarding copyright ownership. The ASF licenses this file
|
||||
# to you under the Apache License, Version 2.0 (the
|
||||
# "License"); you may not use this file except in compliance
|
||||
# with the License. You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing,
|
||||
# software distributed under the License is distributed on an
|
||||
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
# KIND, either express or implied. See the License for the
|
||||
# specific language governing permissions and limitations
|
||||
# under the License.
|
||||
#
|
||||
# Taken from: https://github.com/apache/arrow/blob/main/ci/scripts/util_free_space.sh
|
||||
|
||||
set -eux
|
||||
|
||||
df -h
|
||||
echo "::group::/usr/local/*"
|
||||
du -hsc /usr/local/*
|
||||
echo "::endgroup::"
|
||||
# ~1GB
|
||||
sudo rm -rf \
|
||||
/usr/local/aws-sam-cil \
|
||||
/usr/local/julia* || :
|
||||
echo "::group::/usr/local/bin/*"
|
||||
du -hsc /usr/local/bin/*
|
||||
echo "::endgroup::"
|
||||
# ~1GB (From 1.2GB to 214MB)
|
||||
sudo rm -rf \
|
||||
/usr/local/bin/aliyun \
|
||||
/usr/local/bin/azcopy \
|
||||
/usr/local/bin/bicep \
|
||||
/usr/local/bin/cmake-gui \
|
||||
/usr/local/bin/cpack \
|
||||
/usr/local/bin/helm \
|
||||
/usr/local/bin/hub \
|
||||
/usr/local/bin/kubectl \
|
||||
/usr/local/bin/minikube \
|
||||
/usr/local/bin/node \
|
||||
/usr/local/bin/packer \
|
||||
/usr/local/bin/pulumi* \
|
||||
/usr/local/bin/sam \
|
||||
/usr/local/bin/stack \
|
||||
/usr/local/bin/terraform || :
|
||||
# 142M
|
||||
sudo rm -rf /usr/local/bin/oc || : \
|
||||
echo "::group::/usr/local/share/*"
|
||||
du -hsc /usr/local/share/*
|
||||
echo "::endgroup::"
|
||||
# 506MB
|
||||
sudo rm -rf /usr/local/share/chromium || :
|
||||
# 1.3GB
|
||||
sudo rm -rf /usr/local/share/powershell || :
|
||||
echo "::group::/usr/local/lib/*"
|
||||
du -hsc /usr/local/lib/*
|
||||
echo "::endgroup::"
|
||||
# 15GB
|
||||
sudo rm -rf /usr/local/lib/android || :
|
||||
# 341MB
|
||||
sudo rm -rf /usr/local/lib/heroku || :
|
||||
# 1.2GB
|
||||
sudo rm -rf /usr/local/lib/node_modules || :
|
||||
echo "::group::/opt/*"
|
||||
du -hsc /opt/*
|
||||
echo "::endgroup::"
|
||||
# 679MB
|
||||
sudo rm -rf /opt/az || :
|
||||
echo "::group::/opt/microsoft/*"
|
||||
du -hsc /opt/microsoft/*
|
||||
echo "::endgroup::"
|
||||
# 197MB
|
||||
sudo rm -rf /opt/microsoft/powershell || :
|
||||
echo "::group::/opt/hostedtoolcache/*"
|
||||
du -hsc /opt/hostedtoolcache/*
|
||||
echo "::endgroup::"
|
||||
# 5.3GB
|
||||
sudo rm -rf /opt/hostedtoolcache/CodeQL || :
|
||||
# 1.4GB
|
||||
sudo rm -rf /opt/hostedtoolcache/go || :
|
||||
# 489MB
|
||||
sudo rm -rf /opt/hostedtoolcache/PyPy || :
|
||||
# 376MB
|
||||
sudo rm -rf /opt/hostedtoolcache/node || :
|
||||
# Remove Web browser packages
|
||||
sudo apt purge -y \
|
||||
firefox \
|
||||
google-chrome-stable \
|
||||
microsoft-edge-stable
|
||||
df -h
|
||||
@@ -0,0 +1,120 @@
|
||||
#!/usr/bin/env sh
|
||||
set -eu
|
||||
|
||||
TAG="$1"
|
||||
|
||||
tempdir="$(mktemp -d)"
|
||||
init_dir="$PWD"
|
||||
|
||||
repo_name="simplex-chat"
|
||||
repo="https://github.com/simplex-chat/${repo_name}"
|
||||
|
||||
cabal_local='ignore-project: False
|
||||
package direct-sqlcipher
|
||||
flags: +openssl'
|
||||
|
||||
export DOCKER_BUILDKIT=1
|
||||
|
||||
cleanup() {
|
||||
docker exec -t builder sh -c 'rm -rf ./dist-newstyle' 2>/dev/null || :
|
||||
rm -rf -- "$tempdir"
|
||||
docker rm --force builder 2>/dev/null || :
|
||||
docker image rm local 2>/dev/null || :
|
||||
cd "$init_dir"
|
||||
}
|
||||
trap 'cleanup' EXIT INT
|
||||
|
||||
mkdir -p "$init_dir/$TAG/from-source" "$init_dir/$TAG/prebuilt"
|
||||
|
||||
git -C "$tempdir" clone "$repo.git" &&\
|
||||
cd "$tempdir/${repo_name}" &&\
|
||||
git checkout "$TAG"
|
||||
|
||||
for os in 20.04 22.04; do
|
||||
os_url="$(printf '%s' "$os" | tr '.' '_')"
|
||||
|
||||
# Build image
|
||||
docker build \
|
||||
--no-cache \
|
||||
--build-arg TAG=${os} \
|
||||
--build-arg GHC=9.6.3 \
|
||||
-f "$tempdir/${repo_name}/Dockerfile.build" \
|
||||
-t local \
|
||||
.
|
||||
|
||||
printf '%s' "$cabal_local" > "$tempdir/${repo_name}/cabal.project.local"
|
||||
|
||||
# Run container in background
|
||||
docker run -t -d \
|
||||
--name builder \
|
||||
-v "$tempdir/${repo_name}:/project" \
|
||||
local
|
||||
|
||||
docker exec \
|
||||
-t \
|
||||
builder \
|
||||
sh -c 'cabal clean && cabal update && cabal build -j --enable-tests && mkdir -p /out && for i in simplex-chat; do bin=$(find /project/dist-newstyle -name "$i" -type f -executable) && chmod +x "$bin" && mv "$bin" /out/; done && strip /out/simplex-chat'
|
||||
|
||||
docker cp \
|
||||
builder:/out/simplex-chat \
|
||||
"$init_dir/$TAG/from-source/simplex-chat-ubuntu-${os_url}-x86-64"
|
||||
|
||||
# Download prebuilt postgresql binary
|
||||
curl -L \
|
||||
--output-dir "$init_dir/$TAG/prebuilt/" \
|
||||
-O \
|
||||
"$repo/releases/download/${TAG}/simplex-chat-ubuntu-${os_url}-x86-64"
|
||||
|
||||
# Important! Remove dist-newstyle for the next interation
|
||||
docker exec \
|
||||
-t \
|
||||
builder \
|
||||
sh -c 'rm -rf ./dist-newstyle'
|
||||
|
||||
# Also restore git to previous state
|
||||
git reset --hard && git clean -dfx
|
||||
|
||||
# Stop containers, delete images
|
||||
docker stop builder
|
||||
docker rm --force builder
|
||||
docker image rm local
|
||||
done
|
||||
|
||||
# Cleanup
|
||||
rm -rf -- "$tempdir"
|
||||
cd "$init_dir"
|
||||
|
||||
# Final stage: compare hashes
|
||||
|
||||
# Path to binaries
|
||||
path_bin="$init_dir/$TAG"
|
||||
|
||||
# Assume everything is okay for now
|
||||
bad=0
|
||||
|
||||
# Check hashes for all binaries
|
||||
for file in "$path_bin"/from-source/*; do
|
||||
# Extract binary name
|
||||
app="$(basename $file)"
|
||||
|
||||
# Compute hash for compiled binary
|
||||
compiled=$(sha256sum "$path_bin/from-source/$app" | awk '{print $1}')
|
||||
# Compute hash for prebuilt binary
|
||||
prebuilt=$(sha256sum "$path_bin/prebuilt/$app" | awk '{print $1}')
|
||||
|
||||
# Compare
|
||||
if [ "$compiled" != "$prebuilt" ]; then
|
||||
# If hashes doesn't match, set bad...
|
||||
bad=1
|
||||
|
||||
# ... and print affected binary
|
||||
printf "%s - sha256sum hash doesn't match\n" "$app"
|
||||
fi
|
||||
done
|
||||
|
||||
# If everything is still okay, compute checksums file
|
||||
if [ "$bad" = 0 ]; then
|
||||
sha256sum "$path_bin"/from-source/* | sed -e "s|$PWD/||g" -e 's|from-source/||g' > "$path_bin/_sha256sums"
|
||||
|
||||
printf 'Checksums computed - %s\n' "$path_bin/_sha256sums"
|
||||
fi
|
||||
Reference in New Issue
Block a user