From 04f6782f1d7baa09783efa46294b8561be9c9dee Mon Sep 17 00:00:00 2001 From: Pedro Pombeiro Date: Wed, 9 Jan 2019 14:59:39 +0100 Subject: [PATCH] Lock down git dependencies --- desktop/docker/linux/Dockerfile | 15 ++++++++++++--- desktop/docker/linux/Makefile | 4 ++++ desktop/docker/windows/Dockerfile | 8 ++++++-- desktop/docker/windows/Makefile | 3 +++ .../desktop/CMakeLists.txt | 2 ++ 5 files changed, 27 insertions(+), 5 deletions(-) diff --git a/desktop/docker/linux/Dockerfile b/desktop/docker/linux/Dockerfile index 11b0e6f7ac..2bb40793eb 100644 --- a/desktop/docker/linux/Dockerfile +++ b/desktop/docker/linux/Dockerfile @@ -1,6 +1,8 @@ FROM ubuntu:16.04 AS qt_build ARG QT_VERSION +ARG REACT_NATIVE_DESKTOP_COMMIT_SHA +ARG QT_CI_COMMIT_SHA RUN apt-get update && apt-get -y install \ git libx11-xcb1 libxss1 libasound2 libfontconfig1 libdbus-1-3 && \ @@ -14,8 +16,13 @@ ENV QT_CI_PACKAGES qt.qt5.5112.gcc_64,qt.qt5.5112.qtwebengine.gcc_64 # We run this as part of a separate container to reduce number of stages. # We also remove some of the static-linked binaries since they are so big. # Crucial ones: qmake,rcc,moc,uic,qdbuscpp2xml,qdbusxml2cpp,lrelease,lupdate,lconvert +# NOTE: Unfortunately GitHub doesn't support cloning a specific SHA1, so we need to +# resort to git fetch (https://stackoverflow.com/questions/3489173/how-to-clone-git-repository-with-specific-revision-changeset) ADD qt-opensource-linux-x64-${QT_VERSION}.run /tmp/ -RUN git clone --depth=1 https://github.com/benlau/qtci.git /tmp/qtci && \ +RUN mkdir -p /tmp/qtci && cd /tmp/qtci && \ + git init && git remote add origin https://github.com/benlau/qtci.git && \ + git fetch --depth=1 origin ${QT_CI_COMMIT_SHA} && \ + git reset --hard FETCH_HEAD && \ /tmp/qtci/bin/extract-qt-installer --disable-progress-report \ /tmp/qt-opensource-linux-x64-${QT_VERSION}.run /opt/qt-all && \ find /opt/qt-all/${QT_VERSION}/gcc_64/bin -type f -regextype posix-egrep -regex \ @@ -65,8 +72,10 @@ RUN cd /tmp && wget -q https://cmake.org/files/v3.12/cmake-3.12.2-Linux-x86_64.t RUN curl -sL https://raw.githubusercontent.com/technomancy/leiningen/stable/bin/lein -o /usr/bin/lein && \ chmod +x /usr/bin/lein && /usr/bin/lein version -RUN cd /tmp && \ - git clone --depth=1 https://github.com/status-im/react-native-desktop.git && \ +RUN mkdir -p /tmp/react-native-desktop && cd /tmp/react-native-desktop && \ + git init && git remote add origin https://github.com/status-im/react-native-desktop.git && \ + git fetch --depth=1 origin ${REACT_NATIVE_DESKTOP_COMMIT_SHA} && \ + git reset --hard FETCH_HEAD && \ cp -r /tmp/react-native-desktop/react-native-cli /opt && \ cd /opt/react-native-cli && \ npm update && npm install -g && \ diff --git a/desktop/docker/linux/Makefile b/desktop/docker/linux/Makefile index 3ab29d3bd7..701d82267c 100644 --- a/desktop/docker/linux/Makefile +++ b/desktop/docker/linux/Makefile @@ -6,6 +6,8 @@ QT_VER_MJR = 5.11 QT_ARCHIVE = qt-opensource-linux-x64-$(QT_VERSION).run QT_MD5SUM = 974fda61267cfb6e45984ee5f0a285f8 QT_URL = https://download.qt.io/archive/qt +QT_CI_COMMIT_SHA = 55ffd9f225708b3aa1443851cfa8dead2c1f9959 +REACT_NATIVE_DESKTOP_COMMIT_SHA = 2a76c435a27f0bf6c089f74222212b3a58e10385 # WARNING: Remember to change the tag when updating the image IMAGE_TAG = 1.1.1 @@ -14,6 +16,8 @@ IMAGE_NAME = statusteam/linux-desktop-ubuntu:$(IMAGE_TAG) build: $(QT_ARCHIVE) docker build \ --build-arg="QT_VERSION=$(QT_VERSION)" \ + --build-arg="QT_CI_COMMIT_SHA=$(QT_CI_COMMIT_SHA)" \ + --build-arg="REACT_NATIVE_DESKTOP_COMMIT_SHA=$(REACT_NATIVE_DESKTOP_COMMIT_SHA)" \ --label="commit=$(GIT_COMMIT)" \ -t $(IMAGE_NAME) . diff --git a/desktop/docker/windows/Dockerfile b/desktop/docker/windows/Dockerfile index 864b1b6410..85d357fe79 100644 --- a/desktop/docker/windows/Dockerfile +++ b/desktop/docker/windows/Dockerfile @@ -1,5 +1,7 @@ FROM ubuntu:16.04 +ARG REACT_NATIVE_DESKTOP_COMMIT_SHA + ENV LANG en_US.UTF-8 ENV LC_ALL en_US.UTF-8 ENV LANGUAGE en_US.UTF-8 @@ -37,8 +39,10 @@ RUN cd /tmp && wget -q https://cmake.org/files/v3.12/cmake-3.12.2-Linux-x86_64.t RUN curl -sL https://raw.githubusercontent.com/technomancy/leiningen/stable/bin/lein -o /usr/bin/lein && \ chmod +x /usr/bin/lein && /usr/bin/lein version -RUN cd /tmp && \ - git clone --depth=1 https://github.com/status-im/react-native-desktop.git && \ +RUN mkdir -p /tmp/react-native-desktop && cd /tmp/react-native-desktop && \ + git init && git remote add origin https://github.com/status-im/react-native-desktop.git && \ + git fetch --depth=1 origin ${REACT_NATIVE_DESKTOP_COMMIT_SHA} && \ + git reset --hard FETCH_HEAD && \ cp -r /tmp/react-native-desktop/react-native-cli /opt && \ cd /opt/react-native-cli && \ npm update && npm install -g && \ diff --git a/desktop/docker/windows/Makefile b/desktop/docker/windows/Makefile index 965847935a..633a866d53 100644 --- a/desktop/docker/windows/Makefile +++ b/desktop/docker/windows/Makefile @@ -4,8 +4,11 @@ GIT_COMMIT = $(shell git rev-parse --short HEAD) IMAGE_TAG = 1.1.1 IMAGE_NAME = statusteam/windows-desktop-ubuntu:$(IMAGE_TAG) +REACT_NATIVE_DESKTOP_COMMIT_SHA = 2a76c435a27f0bf6c089f74222212b3a58e10385 + build: docker build \ + --build-arg="REACT_NATIVE_DESKTOP_COMMIT_SHA=$(REACT_NATIVE_DESKTOP_COMMIT_SHA)" \ --label="commit=$(GIT_COMMIT)" \ -t $(IMAGE_NAME) . diff --git a/modules/react-native-desktop-notification/desktop/CMakeLists.txt b/modules/react-native-desktop-notification/desktop/CMakeLists.txt index bd0a32ea97..58c6299f9a 100755 --- a/modules/react-native-desktop-notification/desktop/CMakeLists.txt +++ b/modules/react-native-desktop-notification/desktop/CMakeLists.txt @@ -68,6 +68,8 @@ endif() ExternalProject_Add(SnoreNotify_ep GIT_REPOSITORY https://github.com/status-im/snorenotify.git + GIT_TAG 9d54904e4896ab6c3c3a52f97381e5948b455970 + GIT_SHALLOW TRUE CMAKE_ARGS ${SnoreNotify_CMAKE_ARGS} BUILD_BYPRODUCTS ${SnoreNotify_STATIC_LIB} ${SnoreNotify_LIBS} ${SnoreNotifyBackend_STATIC_LIB} ${SnoreNotifyBackendSettings_STATIC_LIB} ${SnoreNotifySettings_STATIC_LIB}