From 41eb81447c3b5189d5341c70b0215fe3533c0f99 Mon Sep 17 00:00:00 2001
From: Christian Decker <decker.christian@gmail.com>
Date: Sat, 16 Dec 2023 13:50:15 +0100
Subject: [PATCH 1/3] docker: Use `git clone` as the build basis for
 reprobuilds

We used to use the zip archive, which comes with some baggage,
especially for some of the submodule-based dependencies. Using `git
clone` ensures that we have a clean snapshot, based on the latest
commit, and we can skip some of the wildcard operations on zip files.

Changelog-None
---
 contrib/reprobuild/Dockerfile.focal | 13 +++++++------
 contrib/reprobuild/Dockerfile.jammy | 13 +++++++------
 2 files changed, 14 insertions(+), 12 deletions(-)

diff --git a/contrib/reprobuild/Dockerfile.focal b/contrib/reprobuild/Dockerfile.focal
index 0dd8b1d2c5d1..a02e552ceb73 100644
--- a/contrib/reprobuild/Dockerfile.focal
+++ b/contrib/reprobuild/Dockerfile.focal
@@ -58,11 +58,12 @@ RUN cd /tmp/ && \
 RUN mkdir /build
 WORKDIR /build
 
-CMD poetry export -o requirements.txt --without-hashes \
+# We mount the repo into `/repo` and then we take a snapshot of it
+# first by cloning it. This ensures we're not including any
+# uncommitted changes in the working directory on the host. Notice
+# that we no longer take the zipfile.
+CMD git clone /repo . \
+    && poetry export -o requirements.txt --without-hashes \
     && pip install -r requirements.txt \
-	&& mkdir -p /repro \
-	&& cd /repro \
-	&& unzip /build/release/*.zip \
-	&& cd clightning* \
     && tools/repro-build.sh \
-	&& cp *.xz /build/release/
+    && cp *.xz /repo/release/
diff --git a/contrib/reprobuild/Dockerfile.jammy b/contrib/reprobuild/Dockerfile.jammy
index 024067b2d979..6c97db546e4d 100644
--- a/contrib/reprobuild/Dockerfile.jammy
+++ b/contrib/reprobuild/Dockerfile.jammy
@@ -59,11 +59,12 @@ RUN cd /tmp/ && \
 RUN mkdir /build
 WORKDIR /build
 
-CMD poetry export -o requirements.txt --without-hashes \
+# We mount the repo into `/repo` and then we take a snapshot of it
+# first by cloning it. This ensures we're not including any
+# uncommitted changes in the working directory on the host. Notice
+# that we no longer take the zipfile.
+CMD git clone /repo . \
+    && poetry export -o requirements.txt --without-hashes \
     && pip install -r requirements.txt \
-	&& mkdir -p /repro \
-	&& cd /repro \
-	&& unzip /build/release/*.zip \
-	&& cd clightning* \
     && tools/repro-build.sh \
-	&& cp *.xz /build/release/
+    && cp *.xz /repo/release/

From 8f6cff6dc153f793ea0b1f00abf15ed125088d7b Mon Sep 17 00:00:00 2001
From: Christian Decker <decker.christian@gmail.com>
Date: Fri, 22 Dec 2023 12:55:28 +0100
Subject: [PATCH 2/3] meta: Fix the `tools/build-release.sh` script to match
 repro instructions

---
 tools/build-release.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tools/build-release.sh b/tools/build-release.sh
index a75b4287b239..81dc210d16e3 100755
--- a/tools/build-release.sh
+++ b/tools/build-release.sh
@@ -161,7 +161,7 @@ for target in $TARGETS; do
             # Capitalize the first letter of distro
             D=$(echo "$d" | awk '{print toupper(substr($0,1,1))substr($0,2)}')
 			echo "Building Ubuntu $D Image"
-			docker run --rm -v "$(pwd)":/build -e FORCE_MTIME="$MTIME" -e FORCE_VERSION="$VERSION" -ti cl-repro-"$d"
+			docker run --rm -v "$(pwd)":/repo -e FORCE_MTIME="$MTIME" -e FORCE_VERSION="$VERSION" -ti cl-repro-"$d"
             echo "Ubuntu $D Image Built"
 		done
         ;;
@@ -257,7 +257,7 @@ if [ "$VERIFY_RELEASE" = "true" ]; then
     fi
     sumfile="$(pwd)/${sumfile}"
     cd release/
-    # Check that the release captains sum matches. Ignore missing entries as we 
+    # Check that the release captains sum matches. Ignore missing entries as we
     # do not have a repro build for Fedora. Strictly this is not necessary here
     # as we compare our checksums with the release captains checksums later, but
     # it gives a direct hint which specific checksums don't match if so.

From 95c36fb08982cec4e923bf5068a40fd777e065b6 Mon Sep 17 00:00:00 2001
From: Christian Decker <decker.christian@gmail.com>
Date: Sat, 23 Dec 2023 14:28:06 +0100
Subject: [PATCH 3/3] gci: Add build step to PyPI publication

---
 .github/workflows/pypi.yml | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/pypi.yml b/.github/workflows/pypi.yml
index b3f7d05dc25f..720da3dfdf5f 100644
--- a/.github/workflows/pypi.yml
+++ b/.github/workflows/pypi.yml
@@ -61,9 +61,9 @@ jobs:
         WORKDIR: ${{ matrix.WORKDIR }}
       run: |
         export VERSION=$(git describe --abbrev=0).post$(git describe --abbrev=1 | awk -F "-" '{print $2}')
-        cd ${{ env.WORKDIR}}
+        cd ${{ env.WORKDIR }}
         make upgrade-version NEW_VERSION=$VERSION
-        poetry build
+        poetry build --no-interaction
 
     - name: Publish distribution 📦 to Test PyPI
       if: github.repository == 'ElementsProject/lightning'
@@ -71,19 +71,21 @@ jobs:
         POETRY_PYPI_TOKEN_TESTPYPI: ${{ secrets.TEST_PYPI_API_TOKEN }}
         WORKDIR: ${{ matrix.WORKDIR }}
       run: |
-        cd ${{ env.WORKDIR}}
+        cd ${{ env.WORKDIR }}
         python3 -m pip config set global.timeout 150
         poetry config repositories.testpypi https://test.pypi.org/legacy/
+        poetry build  --no-interaction
         poetry publish --repository testpypi --no-interaction --skip-existing
 
     - name: Publish distribution 📦 to PyPI
-      if: startsWith(github.ref, 'refs/tags') && github.repository == 'ElementsProject/lightning'
+      if: startsWith(github.ref, 'refs/tags/v') && github.repository == 'ElementsProject/lightning'
       env:
         POETRY_PYPI_TOKEN_PYPI: ${{ secrets.PYPI_API_TOKEN }}
         WORKDIR: ${{ matrix.WORKDIR }}
       run: |
-        cd ${{ env.WORKDIR}}
+        cd ${{ env.WORKDIR }}
         export VERSION=$(git describe --abbrev=0)
         make upgrade-version NEW_VERSION=$VERSION
         python3 -m pip config set global.timeout 150
+        poetry build  --no-interaction
         poetry publish --no-interaction