Test official instructions for installing Dangerzone #365
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Test official instructions for installing Dangerzone | |
# ==================================================== | |
# | |
# The installation instructions have been copied from our INSTALL.md file. | |
# NOTE: When you change either place, please make sure to keep the two files in | |
# sync. | |
# NOTE: Because the commands run as root, the use of sudo is not necessary. | |
name: Test official instructions for installing Dangerzone | |
on: | |
schedule: | |
- cron: '0 0 * * *' # Run every day at 00:00 UTC. | |
workflow_dispatch: | |
jobs: | |
install-from-apt-repo: | |
name: "Install Dangerzone on ${{ matrix.distro}} ${{ matrix.version }}" | |
runs-on: ubuntu-latest | |
container: ${{ matrix.distro }}:${{ matrix.version }} | |
strategy: | |
matrix: | |
include: | |
- distro: ubuntu | |
version: "24.10" # oracular | |
- distro: ubuntu | |
version: "24.04" # noble | |
- distro: ubuntu | |
version: "22.04" # jammy | |
- distro: ubuntu | |
version: "20.04" # focal | |
- distro: debian | |
version: "trixie" # 13 | |
- distro: debian | |
version: "12" # bookworm | |
- distro: debian | |
version: "11" # bullseye | |
steps: | |
- name: Add Podman repo for Ubuntu Focal | |
if: matrix.distro == 'ubuntu' && matrix.version == 20.04 | |
run: | | |
apt-get update && apt-get -y install curl wget gnupg2 | |
. /etc/os-release | |
sh -c "echo 'deb http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_${VERSION_ID}/ /' \ | |
> /etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list" | |
wget -nv https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable/xUbuntu_${VERSION_ID}/Release.key -O- \ | |
| apt-key add - | |
apt update | |
apt-get install python-all -y | |
- name: Add GPG key for the packages.freedom.press | |
run: | | |
apt-get update && apt-get install -y gnupg2 ca-certificates | |
dirmngr # NOTE: This is a command that's necessary only in containers | |
gpg --keyserver hkps://keys.openpgp.org \ | |
--no-default-keyring --keyring ./fpf-apt-tools-archive-keyring.gpg \ | |
--recv-keys "DE28 AB24 1FA4 8260 FAC9 B8BA A7C9 B385 2260 4281" | |
mkdir -p /etc/apt/keyrings/ | |
mv fpf-apt-tools-archive-keyring.gpg /etc/apt/keyrings | |
- name: Add packages.freedom.press to our APT sources | |
run: | | |
. /etc/os-release | |
echo "deb [signed-by=/etc/apt/keyrings/fpf-apt-tools-archive-keyring.gpg] \ | |
https://packages.freedom.press/apt-tools-prod ${VERSION_CODENAME?} main" \ | |
| tee /etc/apt/sources.list.d/fpf-apt-tools.list | |
- name: Install Dangerzone | |
run: | | |
apt update | |
apt install -y dangerzone | |
install-from-yum-repo: | |
name: "Install Dangerzone on ${{ matrix.distro}} ${{ matrix.version }}" | |
runs-on: ubuntu-latest | |
container: ${{ matrix.distro }}:${{ matrix.version }} | |
strategy: | |
matrix: | |
include: | |
- distro: fedora | |
version: 39 | |
- distro: fedora | |
version: 40 | |
- distro: fedora | |
version: 41 | |
steps: | |
- name: Add packages.freedom.press to our YUM sources | |
run: | | |
dnf install -y 'dnf-command(config-manager)' | |
dnf-3 config-manager --add-repo=https://packages.freedom.press/yum-tools-prod/dangerzone/dangerzone.repo | |
- name: Replace 'rawhide' string with Fedora version | |
# The previous command has created a `dangerzone.repo` file. The | |
# config-manager plugin should have substituted the $releasever variable | |
# with the Fedora version number. However, for unreleased Fedora | |
# versions, this gets translated to "rawhide", even though they do have | |
# a number. To fix this, we need to substitute the "rawhide" string | |
# witht the proper Fedora version. | |
run: | | |
source /etc/os-release | |
sed -i "s/rawhide/${VERSION_ID}/g" /etc/yum.repos.d/dangerzone.repo | |
- name: Install Dangerzone | |
# FIXME: We add the `-y` flag here, in lieu of a better way to check the | |
# Dangerzone signature. | |
run: dnf install -y dangerzone |