From f853f84d033e29b59a13097e855f45ea3898cade Mon Sep 17 00:00:00 2001 From: BarbossHack Date: Mon, 17 Nov 2025 10:06:07 +0100 Subject: [PATCH 1/2] ci: free up disk space before executing reproducible script (#6441) * ci: free up disk space before executing reproducible script * ci: use cleanup script template instead Co-authored-by: sh <37271604+shumvgolove@users.noreply.github.com> --------- Co-authored-by: sh <37271604+shumvgolove@users.noreply.github.com> --- .github/workflows/reproduce-schedule.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/reproduce-schedule.yml b/.github/workflows/reproduce-schedule.yml index 7d28d6f70c..7364976467 100644 --- a/.github/workflows/reproduce-schedule.yml +++ b/.github/workflows/reproduce-schedule.yml @@ -23,6 +23,10 @@ jobs: grep -i "tag_name" | \ awk -F \" '{print "TAG="$4}' >> $GITHUB_ENV + # Otherwise we run out of disk space with Docker build + - name: Free disk space + shell: bash + run: ./scripts/ci/linux_util_free_space.sh - name: Execute reproduce script run: | ${GITHUB_WORKSPACE}/scripts/simplex-chat-reproduce-builds.sh "$TAG" || : From 247ab16a74af2c76a63dd8b9ee8fee3e6cf8a406 Mon Sep 17 00:00:00 2001 From: sh <37271604+shumvgolove@users.noreply.github.com> Date: Thu, 20 Nov 2025 09:33:37 +0000 Subject: [PATCH 2/2] ci/reproducible builds: pin Java version (#6447) * ci/reproducible builds: pin Java version * ci/reproducible builds: fix aarch64 builds * ci/reproducible builds: chech java hash --- Dockerfile.build | 28 +++++++++++++++++++++++----- 1 file changed, 23 insertions(+), 5 deletions(-) diff --git a/Dockerfile.build b/Dockerfile.build index 3c841cfb25..fddc96b6c2 100644 --- a/Dockerfile.build +++ b/Dockerfile.build @@ -6,7 +6,9 @@ FROM ubuntu:${TAG} AS build ARG GHC=9.6.3 ARG CABAL=3.10.2.0 -ARG JAVA=17 +ARG JAVA_VER=17.0.17.10.1 +ARG JAVA_HASH_AMD64=e3e11daa5c22a45153bbeff1a0c21bf08631791e4e8d8ed14deba31c7cf9af1a +ARG JAVA_HASH_ARM64=2b460859b681757b33a7591b6238ecaf51569d05d2684984e5f0a89c6514acbc ENV TZ=Etc/UTC \ DEBIAN_FRONTEND=noninteractive @@ -44,10 +46,26 @@ RUN apt-get update && \ # depends on libjpeg.so.8 and liblcms2.so.2 which are NOT copied into final # /usr/lib/runtime/lib directory and I do not have time to figure out gradle.kotlin # to fix this :( -RUN curl --proto '=https' --tlsv1.2 -sSf 'https://apt.corretto.aws/corretto.key' | gpg --dearmor -o /usr/share/keyrings/corretto-keyring.gpg &&\ - echo "deb [signed-by=/usr/share/keyrings/corretto-keyring.gpg] https://apt.corretto.aws stable main" > /etc/apt/sources.list.d/corretto.list &&\ - apt update &&\ - apt install -y java-${JAVA}-amazon-corretto-jdk +RUN export JAVA_FILENAME='java-corretto.deb' \ + JAVA_VER_MAJOR=$(printf "${JAVA_VER}" | awk -F. '{print $1}') \ + JAVA_VER_DEB=$(printf "${JAVA_VER}" | sed 's/\.1$/-1/') && \ + case "$(uname -m)" in \ + x86_64) export JAVA_ARCH='amd64' JAVA_HASH="$JAVA_HASH_AMD64" ;; \ + aarch64) export JAVA_ARCH='arm64' JAVA_HASH="$JAVA_HASH_ARM64" ;; \ + *) echo "unknown arch $(uname -m)" && exit 1 ;; \ + esac && \ + curl --proto '=https' --tlsv1.2 -sSf \ + "https://corretto.aws/downloads/resources/${JAVA_VER}/java-${JAVA_VER_MAJOR}-amazon-corretto-jdk_${JAVA_VER_DEB}_${JAVA_ARCH}.deb" \ + -o "${JAVA_FILENAME}" && \ + if echo "${JAVA_HASH} ${JAVA_FILENAME}" | sha256sum -c -; then \ + if apt install -y ./"${JAVA_FILENAME}"; then \ + rm ./"${JAVA_FILENAME}"; \ + else \ + echo "Failed to install Java Corretto" && exit 1; \ + fi \ + else \ + echo "Checksum mismatch" && exit 1; \ + fi # Specify bootstrap Haskell versions ENV BOOTSTRAP_HASKELL_GHC_VERSION=${GHC}