mirrors/oeffi
1
0
Fork 0
mirror of https://gitlab.com/oeffi/oeffi.git synced 2025-07-06 17:38:48 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

build.Containerfile: use disorderfs to improve build reproducibility

Browse source
This commit is contained in:
Andreas Schildbach 2023-09-04 01:03:16 +02:00
parent 42e3ffbc77
commit 843edcb001
1 changed files with 18 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

24
build.Containerfile
View file

@ -1,13 +1,17 @@
#
# Reproducible reference build
#
# Usage:
#
# docker build --file build.Containerfile --output <outputdir> .
# or
# podman build --file build.Containerfile --output <outputdir> .
#
# The unsigned APKs are written to the specified output directory.
# Use `apksigner` to sign before installing via `adb install`.
# For improved reproducibility, the project directory entries can be ordered
# like this:
#
# buildah build --cap-add=sys_admin --device /dev/fuse --file build.Containerfile --output <outputdir> .
#
# In any case, the unsigned APKs are written to the specified output
# directory. Use `apksigner` to sign before installing via `adb install`.
#
FROM debian:bullseye-backports AS build-stage
@ -15,9 +19,10 @@ FROM debian:bullseye-backports AS build-stage
# install debian packages
ENV DEBIAN_FRONTEND noninteractive
RUN /usr/bin/apt-get update && \
/usr/bin/apt-get --yes install openjdk-11-jdk-headless gradle sdkmanager && \
/usr/bin/apt-get --yes install disorderfs openjdk-11-jdk-headless gradle sdkmanager && \
/bin/ln -fs /usr/share/zoneinfo/CET /etc/localtime && \
/usr/sbin/dpkg-reconfigure --frontend noninteractive tzdata && \
/bin/ln -s /proc/self/mounts /etc/mtab && \
/usr/sbin/adduser --disabled-login --gecos "" builder
# give up privileges
@ -32,7 +37,14 @@ ENV ANDROID_HOME /home/builder/android-sdk
RUN yes | /usr/bin/sdkmanager --licenses >/dev/null
# build project
RUN /usr/bin/gradle --project-dir project/ --no-build-cache --no-daemon --no-parallel clean :oeffi:assembleRelease
RUN if [ -e /dev/fuse ] ; \
then /bin/mv project project.u && /bin/mkdir project && \
/usr/bin/disorderfs --sort-dirents=yes --reverse-dirents=no project.u project ; \
fi && \
/usr/bin/gradle --project-dir project/ --no-build-cache --no-daemon --no-parallel clean :oeffi:assembleRelease && \
if [ -e /dev/fuse ] ; \
then /bin/fusermount -u project | true && /bin/rmdir project && /bin/mv project.u project ; \
fi
# export build output
FROM scratch AS export-stage