Skip to content
CI

CI #850

Sign in to view logs

CI

CI #850

Workflow file for this run

.github/workflows/reprotest.yml at a9e2991
---
name: CI
on:
merge_group:
push:
pull_request:
schedule:
- cron: "0 6 * * *"
env:
POETRY_VERSION: 2.1.3
jobs:
keys:
runs-on: ubuntu-latest
container: debian:trixie
steps:
- name: Bootstrap Debian system package dependencies
run: |
apt-get update && apt-get install --yes --no-install-recommends make sudo git git-lfs ca-certificates \
gpg gpg-agent
- uses: actions/checkout@v6
with:
persist-credentials: false
lfs: true
- name: Check that all public keys are valid and not expired
# The easiest way to do this is just to import everything into GPG and
# have it list expired keys, returning nonzero if there are any.
run: |
gpg --import pubkeys/*.pub
gpg --list-keys | (grep "expired" && exit 1 || exit 0)
reprotest:
runs-on: ubuntu-latest
container: debian:bookworm
steps:
- name: Bootstrap Debian system package dependencies
run: |
apt-get update && apt-get install --yes --no-install-recommends make sudo git git-lfs ca-certificates \
pipx
pipx install poetry==$POETRY_VERSION
pipx ensurepath
echo "${HOME}/.local/bin" >> ${GITHUB_PATH}
- uses: actions/checkout@v6
with:
persist-credentials: false
lfs: true
- name: Install additional packages and Python dependencies
run: |
# Installs Python & bootstrap wheels, and initializes a virtualenv at .venv
make install-deps
# Install poetry deps into the .venv
poetry install --no-ansi
- name: Test wheel reproducibility
run: |
# Necessary to enable git operations without permission issues
git config --global --add safe.directory "*"
# Necessary to run checks as non-root user, to avoid reproducibility issues
adduser --system ci --ingroup root
chown ci:root -R .
sudo -u ci bash -c "source .venv/bin/activate && pytest -vvs tests/test_reproducible_wheels.py"