From 89fa32ef567f05344cb68c319d30789bbcd39d15 Mon Sep 17 00:00:00 2001 From: Andreas Schildbach Date: Fri, 7 Jan 2022 15:35:53 +0100 Subject: [PATCH] build.Containerfile: reproducible reference build via docker/podman --- .dockerignore | 5 +++++ build.Containerfile | 39 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 44 insertions(+) create mode 100644 .dockerignore create mode 100644 build.Containerfile diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000..63ab206 --- /dev/null +++ b/.dockerignore @@ -0,0 +1,5 @@ +**/.* +**/build.Containerfile +**/local.properties +**/build +**/*.iml diff --git a/build.Containerfile b/build.Containerfile new file mode 100644 index 0000000..45c9cb5 --- /dev/null +++ b/build.Containerfile @@ -0,0 +1,39 @@ +# +# Reproducible reference build +# +# Usage: +# docker build --file build.Containerfile --output . +# or +# podman build --file build.Containerfile --output . +# +# The unsigned APKs are written to the specified output directory. +# Use `apksigner` to sign before installing via `adb install`. +# + +FROM debian:bullseye-backports AS build-stage + +# install debian packages +ENV DEBIAN_FRONTEND noninteractive +RUN /usr/bin/apt-get update && \ + /usr/bin/apt-get --yes install openjdk-11-jdk-headless gradle sdkmanager && \ + /bin/ln -fs /usr/share/zoneinfo/CET /etc/localtime && \ + /usr/sbin/dpkg-reconfigure --frontend noninteractive tzdata && \ + /usr/sbin/adduser --disabled-login --gecos "" builder + +# give up privileges +USER builder + +# copy source code +WORKDIR /home/builder +COPY --chown=builder / . + +# accept SDK licenses +ENV ANDROID_HOME /home/builder/android-sdk +RUN yes | /usr/bin/sdkmanager --licenses >/dev/null + +# build +RUN /usr/bin/gradle --no-build-cache --no-daemon --no-parallel clean :oeffi:assembleRelease + +# export build output +FROM scratch AS export-stage +COPY --from=build-stage /home/builder/oeffi/build/outputs/apk/*/release/oeffi-*-release-unsigned.apk /