CI: remove focal and add resolute Ubuntu builds

.dockerignore

@@ -8,3 +8,4 @@ release/
 focal/
 jammy/
 noble/
+resolute/

.github/workflows/release.yml

@@ -14,18 +14,12 @@ on:
         required: true
       skip_validation:
         description: Skip release validation for untagged commit testing
-        default: no
-        type: choice
-        options:
-          - yes
-          - no
+        default: false
+        type: boolean
       create_release:
         description: Create a draft release
-        default: no
-        type: choice
-        options:
-          - yes
-          - no
+        default: false
+        type: boolean
 
 jobs:
   check:
@@ -54,7 +48,7 @@ jobs:
           echo "Determined version: $VERSION"
 
       - name: Validate release
-        if: github.event_name != 'workflow_dispatch' || github.event.inputs.skip_validation != 'yes'
+        if: ${{ !(github.event_name == 'workflow_dispatch' && github.event.inputs.skip_validation) }}
         run: tools/check-release.sh --version=${VERSION}
 
       - name: Catpure version output
@@ -72,9 +66,9 @@ jobs:
       matrix:
         target:
           - 'bin-Fedora'
-          - 'bin-Ubuntu-focal'
           - 'bin-Ubuntu-jammy'
           - 'bin-Ubuntu-noble'
+          - 'bin-Ubuntu-resolute'
     steps:
       - name: Git checkout
         uses: actions/checkout@v6
@@ -99,7 +93,7 @@ jobs:
       - name: Build release
         run: |
           # Allow build release to execute if manually triggered for testing
-          if [ "${{ github.event_name }}" == "workflow_dispatch" && github.event.inputs.skip_validation == 'yes' ]; then
+          if [[ "${{ github.event_name }}" == "workflow_dispatch" && "${{ github.event.inputs.skip_validation }}" == "true" ]]; then
             tools/build-release.sh ${{ matrix.target }} --force-version "${{ env.version }}" --force-unclean --force-mtime "$(date +%Y-%m-%d)"
           else
             tools/build-release.sh ${{ matrix.target }}
@@ -187,7 +181,7 @@ jobs:
           echo "release_title=$RELEASE_TITLE" >> "$GITHUB_OUTPUT"
 
       - name: Prepare release draft
-        if: github.event_name == 'push' || (github.event_name == 'workflow_dispatch' && github.event.inputs.create_release == 'yes')
+        if: ${{ github.event_name == 'push' || (github.event_name == 'workflow_dispatch' && github.event.inputs.create_release) }}
         uses: softprops/action-gh-release@v3
         with:
           name: "${{ env.version }} ${{ steps.release_data.outputs.release_title }}"

.github/workflows/repro.yml

@@ -14,7 +14,7 @@ jobs:
     strategy:
       fail-fast: false    # Let each build finish.
       matrix:
-        version: ['focal', 'jammy', 'noble']
+        version: ['jammy', 'noble', 'resolute']
     steps:
       - name: Git checkout
         uses: actions/checkout@v6
@@ -93,6 +93,7 @@ jobs:
         with:
           server_address: smtp.gmail.com
           server_port: 587
+          secure: true
           username: ${{ secrets.EMAIL_USERNAME }}
           password: ${{ secrets.EMAIL_PASSWORD }}
           from: ${{ secrets.EMAIL_USERNAME }}

.gitignore

@@ -101,6 +101,7 @@ bionic/
 focal/
 jammy/
 noble/
+resolute/
 release/
 .vscode/
 .cache/

contrib/cl-repro.sh

@@ -1,6 +1,6 @@
 #!/bin/sh
-# This script creates base images for focal, jammy, and noble. Then it builds the
-# cl-repro-focal, cl-repro-jammy, and cl-repro-noble builder images. The base images are created using
+# This script creates base images for jammy, noble, and resolute. Then it builds the
+# cl-repro-jammy, cl-repro-noble, and cl-repro-resolute builder images. The base images are created using
 # debootstrap, and the cl-repro images are created using the Dockerfiles in
 # contrib/reprobuild. These builder images will finally be used to build the
 # reproducible binaries.
@@ -14,7 +14,7 @@ LIGHTNING_DIR=$PWD
 LIGHTNING_DIR=$(echo "$LIGHTNING_DIR" | sed 's|/contrib$||')
 echo "Lightning Directory: $LIGHTNING_DIR"
 
-for v in focal jammy noble; do
+for v in jammy noble resolute; do
   echo "Building base image for $v"
   sudo docker run -v "$LIGHTNING_DIR":/build ubuntu:$v \
 	bash -c "apt-get update && apt-get install -y debootstrap && debootstrap $v /build/$v"

contrib/reprobuild/Dockerfile.focal → contrib/reprobuild/Dockerfile.resolute

@@ -1,4 +1,4 @@
-FROM focal
+FROM ubuntu:resolute
 
 ENV TZ=UTC
 RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone
@@ -18,41 +18,29 @@ RUN apt-get update \
     file \
     gettext \
     git \
+    curl \
+    libsqlite3-dev \
     libpq-dev \
     libsodium23 \
     libsodium-dev \
+    lowdown \
     libtool \
     m4 \
     sudo \
     unzip \
     wget \
-    zip \
-    && cd /tmp \
-    && wget https://github.com/kristapsdz/lowdown/archive/refs/tags/VERSION_1_0_2.tar.gz \
-    && tar -xzf VERSION_1_0_2.tar.gz \
-    && cd lowdown-VERSION_1_0_2 \
-    && ./configure \
-    && make \
-    && make install \
-    && ldconfig \
-    && cd / \
-    && rm -rf /tmp/VERSION_1_0_2.tar.gz /tmp/lowdown-VERSION_1_0_2
-
-# Ensure correct ownership
-RUN chown root:root /etc/sudoers
-RUN chown root:root /usr/lib/sudo/sudoers.so
+    jq \
+    zip
 
-# Download and install jq from official repository
-RUN wget -O /usr/local/bin/jq https://github.com/jqlang/jq/releases/download/jq-1.6/jq-linux64 \
-    && chmod +x /usr/local/bin/jq
+# Configure /repo/.git as 'safe.directory'
+RUN git config --global --add safe.directory /repo/.git
 
-# install Python3.10 (more reproducible than relying on python3-setuptools)
+# Install Python3.10 (more reproducible than relying on python3-setuptools)
 RUN git clone https://github.com/pyenv/pyenv.git /root/.pyenv && \
     apt-get install -y --no-install-recommends \
     libbz2-dev \
     libffi-dev \
     libreadline-dev \
-    libsqlite3-dev \
     libssl-dev \
     zlib1g-dev && \
     pyenv install 3.10.0 && \

doc/getting-started/advanced-setup/repro.md

@@ -41,20 +41,20 @@ the non-updated repos).
 
 The following table lists the codenames of distributions that we currently support:
 
-- Ubuntu 20.04:
-  - Distribution Version: 20.04
-  - Codename: focal
 - Ubuntu 22.04:
   - Distribution Version: 22.04
   - Codename: jammy
 - Ubuntu 24.04:
   - Distribution Version: 24.04
   - Codename: noble
+- Ubuntu 26.04:
+  - Distribution Version: 26.04
+  - Codename: resolute
 
 Depending on your host OS release you might not have `debootstrap` manifests for versions newer than your host OS. Due to this we run the `debootstrap` commands in a container of the latest version itself:
 
 ```shell
-for v in focal jammy noble; do
+for v in jammy noble resolute; do
   echo "Building base image for $v"
   docker run --rm -v $(pwd):/build ubuntu:$v \
 	bash -c "apt-get update && apt-get install -y debootstrap && debootstrap $v /build/$v"
@@ -86,9 +86,9 @@ For this purpose we have a number of Dockerfiles in the [`contrib/reprobuild`](h
 We can then build the builder image by calling `docker build` and passing it the `Dockerfile`:
 
 ```shell
-docker build -t cl-repro-focal - < contrib/reprobuild/Dockerfile.focal
 docker build -t cl-repro-jammy - < contrib/reprobuild/Dockerfile.jammy
 docker build -t cl-repro-noble - < contrib/reprobuild/Dockerfile.noble
+docker build -t cl-repro-resolute - < contrib/reprobuild/Dockerfile.resolute
 ```
 
 Since we pass the `Dockerfile` through `stdin` the build command will not create a context, i.e., the current directory is not passed to `docker` and it'll be independent of the currently checked out version. This also means that you will be able to reuse the docker image for future builds, and don't have to repeat this dance every time. Verifying the `Dockerfile` therefore is  
@@ -102,9 +102,9 @@ Finally, after finishing the environment setup we can perform the actual build.
 We'll need the release directory available for this, so create it now if it doesn't exist:`mkdir release`, then we can simply execute the following command inside the git repository (remember to checkout the tag you are trying to build):
 
 ```bash
-docker run --rm -v $(pwd):/repo -ti cl-repro-focal
 docker run --rm -v $(pwd):/repo -ti cl-repro-jammy
 docker run --rm -v $(pwd):/repo -ti cl-repro-noble
+docker run --rm -v $(pwd):/repo -ti cl-repro-resolute
 ```
 
 The last few lines of output also contain the `sha256sum` hashes of all artifacts, so if you're just verifying the build those are the lines that are of interest to you:
@@ -123,7 +123,7 @@ The release captain is in charge of creating the manifest, whereas contributors
 ## Script build-release
 1: Pull latest code from master
 
-2: Run the `tools/build-release.sh bin-Fedora bin-Ubuntu sign` script. This will create a release directory, build binaries for Fedora, and build binaries for Ubuntu (Focal, Jammy, and Noble). Finally, it will sign the ZIP, Fedora, and Ubuntu builds.
+2: Run the `tools/build-release.sh bin-Fedora bin-Ubuntu sign` script. This will create a release directory, build binaries for Fedora, and build binaries for Ubuntu (Jammy, Noble, and Resolute). Finally, it will sign the ZIP, Fedora, and Ubuntu builds.
 
 ## Manual
 The release captain creates the manifest as follows:
@@ -143,7 +143,7 @@ gpg -sb --armor SHA256SUMS
 
 2: Copy above files in the lightning directory.
 
-3: Run `tools/build-release.sh --verify` script. It will build binaries for Ubuntu (Focal, Jammy & Noble), verify zip & Ubuntu builds while copying Fedora checksums from the release captain's file.
+3: Run `tools/build-release.sh --verify` script. It will build binaries for Ubuntu (Jammy, Noble & Resolute), verify zip & Ubuntu builds while copying Fedora checksums from the release captain's file.
 
 4. Then send the resulting `release/SHA256SUMS.asc` file to the release captain so it can be merged with the other signatures into `SHASUMS.asc`.
 
@@ -200,9 +200,9 @@ Producing output similar to the following:
 ```shell
 sha256sum: clightning-v24.11-Fedora-35-amd64.tar.gz: No such file or directory
 clightning-v24.11-Fedora-35-amd64.tar.gz: FAILED open or read
-clightning-v24.11-Ubuntu-20.04.tar.xz: OK
 clightning-v24.11-Ubuntu-22.04.tar.xz: OK
 clightning-v24.11-Ubuntu-24.04.tar.xz: OK
+clightning-v24.11-Ubuntu-26.04.tar.xz: OK
 clightning-v24.11.zip: OK
 sha256sum: WARNING: 1 listed file could not be read
 ```

tools/build-release.sh

@@ -1,6 +1,10 @@
 #! /bin/sh
 set -e
 
+echo "RAW ARGS: [$*]"
+echo "ARG COUNT: $#"
+echo "ARG1: [$1]"
+
 # When run inside docker (from below), we do build and drop result in /release
 if [ "$1" = "--inside-docker" ]; then
     echo "Inside docker: starting build"
@@ -32,44 +36,54 @@ SUDO=
 ALL_TARGETS="bin-Fedora bin-Ubuntu docker sign"
 # ALL_TARGETS="bin-Fedora bin-Ubuntu tarball deb docker sign"
 
-for arg; do
-    case "$arg" in
-    --force-version=*)
-        FORCE_VERSION=${arg#*=}
-        ;;
-    --force-unclean)
-        FORCE_UNCLEAN=true
-        ;;
-    --force-mtime=*)
-        FORCE_MTIME=${arg#*=}
-        ;;
-    --verify)
-        VERIFY_RELEASE=true
-        ;;
-    --without-zip)
-        WITHOUT_ZIP=true
-        ;;
-    --sudo)
-        SUDO=sudo
-        ;;
-    --help)
-        echo "Usage: [--force-version=<ver>] [--force-unclean] [--force-mtime=YYYY-MM-DD] [--verify] [TARGETS]"
-        echo Known targets: "$ALL_TARGETS"
-        echo "Example: tools/build-release.sh"
-        echo "Example: tools/build-release.sh --force-version=v23.05 --force-unclean --force-mtime=2023-05-01 bin-Fedora bin-Ubuntu sign"
-        echo "Example: tools/build-release.sh --verify"
-        echo "Example: tools/build-release.sh --force-version=v23.05 --force-unclean --force-mtime=2023-05-01 --verify"
-        echo "Example: tools/build-release.sh docker"
-        echo "Example: tools/build-release.sh --force-version=v23.05 --force-unclean --force-mtime=2023-05-01 docker"
-        exit 0
-        ;;
-    -*)
-        echo "Unknown arg $arg" >&2
-        exit 1
-        ;;
-    *)
-        break
-        ;;
+TARGETS=""
+
+while [ $# -gt 0 ]; do
+    case "$1" in
+        --force-version=*)
+            FORCE_VERSION=${1#*=}
+            ;;
+        --force-version)
+            shift
+            FORCE_VERSION=$1
+            ;;
+        --force-unclean)
+            FORCE_UNCLEAN=true
+            ;;
+        --force-mtime=*)
+            FORCE_MTIME=${1#*=}
+            ;;
+        --force-mtime)
+            shift
+            FORCE_MTIME=$1
+            ;;
+        --verify)
+            VERIFY_RELEASE=true
+            ;;
+        --without-zip)
+            WITHOUT_ZIP=true
+            ;;
+        --sudo)
+            SUDO=sudo
+            ;;
+        --help)
+            echo "Usage: [--force-version=<ver>] [--force-unclean] [--force-mtime=YYYY-MM-DD] [--verify] [TARGETS]"
+            echo Known targets: "$ALL_TARGETS"
+            echo "Example: tools/build-release.sh"
+            echo "Example: tools/build-release.sh --force-version=v23.05 --force-unclean --force-mtime=2023-05-01 bin-Fedora bin-Ubuntu sign"
+            echo "Example: tools/build-release.sh --verify"
+            echo "Example: tools/build-release.sh --force-version=v23.05 --force-unclean --force-mtime=2023-05-01 --verify"
+            echo "Example: tools/build-release.sh docker"
+            echo "Example: tools/build-release.sh --force-version=v23.05 --force-unclean --force-mtime=2023-05-01 docker"
+            exit 0
+            ;;
+        -*)
+            echo "Unknown arg $1" >&2
+            exit 1
+            ;;
+        *)
+            TARGETS="$TARGETS $1"
+            ;;
     esac
     shift
 done
@@ -124,11 +138,7 @@ if [ "$VERIFY_RELEASE" = "true" ]; then
     fi
 fi
 
-if [ "$#" = 0 ]; then
-    TARGETS=" $ALL_TARGETS "
-else
-    TARGETS=" $* "
-fi
+TARGETS=${TARGETS:-$ALL_TARGETS}
 
 RELEASEDIR="$(pwd)/release"
 BARE_VERSION="$(echo "${VERSION}" | sed 's/^v//g')"
@@ -184,7 +194,7 @@ for target in $TARGETS; do
         ;;
     Ubuntu*)
         distributions=${platform#Ubuntu-}
-        [ "$distributions" = "Ubuntu" ] && distributions="focal jammy noble"
+        [ "$distributions" = "Ubuntu" ] && distributions="jammy noble resolute"
         for d in $distributions; do
             # Capitalize the first letter of distro
             D=$(echo "$d" | awk '{print toupper(substr($0,1,1))substr($0,2)}')