Use pnpm in reproducible builds

reproducible-builds/Dockerfile

@@ -51,6 +51,9 @@ RUN curl -o- "https://raw.githubusercontent.com/nvm-sh/nvm/v${NVM_VERSION}/insta
 ENV NODE_PATH=$NVM_DIR/v$NODE_VERSION/lib/node_modules
 ENV PATH=$NVM_DIR/versions/node/v$NODE_VERSION/bin:$PATH
 
+# Install pnpm
+RUN npm install -g pnpm@10.3.0
+
 RUN git config --global --add safe.directory /project
 
 COPY docker-entrypoint.sh /usr/local/bin/

reproducible-builds/README.md

@@ -38,16 +38,16 @@ $ cd Signal-Desktop/
 
 This will download Signal Desktop's source code under the `Signal-Desktop` directory.
 
-Now, select the version/branch you would like to verify. For instance, if you are trying to build `7.22.0`, then do:
+Now, select the version/branch you would like to verify. For instance, if you are trying to build `7.45.0`, then do:
 
 ```bash
-$ git checkout tags/v7.22.0
+$ git checkout tags/v7.45.0
 ```
 
 > [!NOTE]
-> This guide uses `v7.22.0` as the placeholder version. You may want to change this version to the most recent one. All the versions are available here: https://github.com/signalapp/Signal-Desktop/tags. Older versions may however not be reproducible.
+> This guide uses `v7.45.0` as the placeholder version. You may want to change this version to the most recent one. All the versions are available here: https://github.com/signalapp/Signal-Desktop/tags. Older versions may however not be reproducible.
 
-At this point we are now on the branch of the source code used to build version `v7.22.0`. Before continuing, make sure your shell is in the `reproducible-builds` directory:
+At this point we are now on the branch of the source code used to build version `v7.45.0`. Before continuing, make sure your shell is in the `reproducible-builds` directory:
 
 ```bash
 $ cd reproducible-builds/
@@ -67,7 +67,7 @@ $ ./build.sh public
 
 This bash script will create the Docker container where Signal Desktop will be built, then download the required dependencies and start the build inside the container.
 
-After the build is completed, the resulting file will be available in the `Signal-Desktop/release` folder. In our case, the file is named `signal-desktop_7.22.0_amd64.deb`.
+After the build is completed, the resulting file will be available in the `Signal-Desktop/release` folder. In our case, the file is named `signal-desktop_7.45.0_amd64.deb`.
 
 ### Verifying the build
 
@@ -100,10 +100,10 @@ If the checksums from the official build and your own build match, then the two
 > Do not compare your output against the checksums given below! They only serve as a visual example of what the output would look like. Yours will look different!
 
 ```bash
-$ sha256sum ../release/signal-desktop_7.22.0_amd64-OUR_BUILD.deb signal-desktop_7.22.0_amd64_OFFICIAL_BUILD.deb
+$ sha256sum ../release/signal-desktop_7.45.0_amd64-OUR_BUILD.deb signal-desktop_7.45.0_amd64_OFFICIAL_BUILD.deb
 
-0df3d06f74c6855559ef079b368326ca18e144a28ede559fd76648a62ec3eed7  ../release/signal-desktop_7.22.0_amd64-OUR_BUILD.deb
-0df3d06f74c6855559ef079b368326ca18e144a28ede559fd76648a62ec3eed7  signal-desktop_7.22.0_amd64_OFFICIAL_BUILD.deb
+0df3d06f74c6855559ef079b368326ca18e144a28ede559fd76648a62ec3eed7  ../release/signal-desktop_7.45.0_amd64-OUR_BUILD.deb
+0df3d06f74c6855559ef079b368326ca18e144a28ede559fd76648a62ec3eed7  signal-desktop_7.45.0_amd64_OFFICIAL_BUILD.deb
 ```
 
 ### What to do if the checksums don't match

reproducible-builds/build.sh

@@ -39,5 +39,6 @@ docker run --rm \
   -w /project \
   --user "$(id -u):$(id -g)" \
   -e NPM_CONFIG_CACHE=/tmp/.npm-cache \
+  -e PNPM_HOME=/tmp/.pnpm-home \
   -e SOURCE_DATE_EPOCH=$source_date_epoch \
   signal-desktop $1

reproducible-builds/docker-entrypoint.sh

@@ -4,6 +4,9 @@
 
 trap '[[ $pid ]] && kill $pid; exit' EXIT
 
+set -x
+set -e
+
 # This is the default entrypoint for the when running the build container.
 # Usage: docker-entrypoint.sh [BUILD_TYPE]
 
@@ -31,31 +34,31 @@ echo "BUILD_TYPE: ${BUILD_TYPE}"
 # UNIX timestamp will be generated at the time of the build, and is non-deterministic.
 echo "SOURCE_DATE_EPOCH: ${SOURCE_DATE_EPOCH}"
 
-npm install
-npm run clean-transpile
+pnpm install
+pnpm run clean-transpile
 cd sticker-creator
-npm install
-npm run build
+pnpm install
+pnpm run build
 cd ..
-npm run generate
+pnpm run generate
 
 if [ "${BUILD_TYPE}" = "public" ]; then
-  npm run prepare-beta-build
+  pnpm run prepare-beta-build
 elif [ "${BUILD_TYPE}" = "alpha" ]; then
-  npm run prepare-alpha-version
-  npm run prepare-alpha-build
+  pnpm run prepare-alpha-version
+  pnpm run prepare-alpha-build
 elif [ "${BUILD_TYPE}" = "axolotl" ]; then
-  npm run prepare-axolotl-version
-  npm run prepare-axolotl-build
+  pnpm run prepare-axolotl-version
+  pnpm run prepare-axolotl-build
 elif [ "${BUILD_TYPE}" = "adhoc" ]; then
-  npm run prepare-adhoc-version
-  npm run prepare-adhoc-build
+  pnpm run prepare-adhoc-version
+  pnpm run prepare-adhoc-build
 elif [ "${BUILD_TYPE}" = "staging" ]; then
-  npm run prepare-alpha-version
-  npm run prepare-staging-build
+  pnpm run prepare-alpha-version
+  pnpm run prepare-staging-build
 elif [ "${BUILD_TYPE}" = "test" ]; then
-  npm run prepare-alpha-version
-  npm run prepare-alpha-build
+  pnpm run prepare-alpha-version
+  pnpm run prepare-alpha-build
 elif [ "${BUILD_TYPE}" = "dev" ]; then
   echo "dev build, using package.json as is"
 else
@@ -63,4 +66,4 @@ else
   exit 1
 fi
 
-npm run build-linux
+pnpm run build-linux

sticker-creator/package.json

@@ -10,7 +10,7 @@
   "type": "module",
   "scripts": {
     "dev": "vite",
-    "build": "npm run build:protos && tsc && vite build --base=./",
+    "build": "pnpm run build:protos && tsc && vite build --base=./",
     "check:types": "tsc --noEmit",
     "preview": "vite preview",
     "lint": "run-p eslint prettier:format",
@@ -75,9 +75,11 @@
   },
   "pnpm": {
     "onlyBuiltDependencies": [
-      "es5-ext",
       "esbuild",
       "protobufjs"
+    ],
+    "ignoredBuiltDependencies": [
+      "es5-ext"
     ]
   }
 }