- changed status to open
Reproducible builds
Try to make builds 100% deterministic and reporducible: i.e. all builds with the same docker image, revision and environment params must be 100% identical.
Comments (6)
-
reporter -
reporter Use pinned Java 8 image to build the binary
This is Debian build of OpenJDK 8u302-b08 for Linux x64.
Ref #157.
→ <<cset 8a1f05366b28>>
-
reporter Common sources of non-determinism are now eliminated. However, it seems that the generated archives are still OS-dependent: the file access rights are different between Windows and Linux builds.
-
reporter - changed status to closed
-
reporter - changed status to open
File permissions inside the archive are still a thing. For CI the files are world-writable and for local builds they aren't, breaking compatibility.
-
reporter Another source of certain non-determinism is the baked-in build number. The build number is tied to the Pipelines' build count. It makes it harder to ensure that Github Actions produce the same binary. The difference isn't even useful to distinguish Github-built vs Bitbucket-built binaries because these numbers may potentially clash (and it will make no sense once we have fully reproducible builds anyway).
- Log in to comment