build.Containerfile: reproducible reference build via docker/podman

2025-07-06 09:28:49 +00:00 · 2022-01-07 15:35:53 +01:00 · 2022-01-07 15:35:53 +01:00 · 89fa32ef56
commit 89fa32ef56
parent a866d66f6c
2 changed files with 44 additions and 0 deletions
--- a/.dockerignore
+++ b/.dockerignore
@ -0,0 +1,5 @@
+**/.*
+**/build.Containerfile
+**/local.properties
+**/build
+**/*.iml
--- a/build.Containerfile
+++ b/build.Containerfile
@ -0,0 +1,39 @@
+#
+# Reproducible reference build
+#
+# Usage:
+# docker build --file build.Containerfile --output <outputdir> .
+# or
+# podman build --file build.Containerfile --output <outputdir> .
+#
+# The unsigned APKs are written to the specified output directory.
+# Use `apksigner` to sign before installing via `adb install`.
+#
+
+FROM debian:bullseye-backports AS build-stage
+
+# install debian packages
+ENV DEBIAN_FRONTEND noninteractive
+RUN /usr/bin/apt-get update && \
+    /usr/bin/apt-get --yes install openjdk-11-jdk-headless gradle sdkmanager && \
+    /bin/ln -fs /usr/share/zoneinfo/CET /etc/localtime && \
+    /usr/sbin/dpkg-reconfigure --frontend noninteractive tzdata && \
+    /usr/sbin/adduser --disabled-login --gecos "" builder
+
+# give up privileges
+USER builder
+
+# copy source code
+WORKDIR /home/builder
+COPY --chown=builder / .
+
+# accept SDK licenses
+ENV ANDROID_HOME /home/builder/android-sdk
+RUN yes | /usr/bin/sdkmanager --licenses >/dev/null
+
+# build
+RUN /usr/bin/gradle --no-build-cache --no-daemon --no-parallel clean :oeffi:assembleRelease
+
+# export build output
+FROM scratch AS export-stage
+COPY --from=build-stage /home/builder/oeffi/build/outputs/apk/*/release/oeffi-*-release-unsigned.apk /