You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@logging.apache.org by vy...@apache.org on 2022/12/12 11:41:49 UTC

[logging-log4j-tools] branch master updated: Make builds reproducible along with verification

This is an automated email from the ASF dual-hosted git repository.

vy pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/logging-log4j-tools.git


The following commit(s) were added to refs/heads/master by this push:
     new dd07264  Make builds reproducible along with verification
dd07264 is described below

commit dd072642a5c5e9de4882cb2aa0ff77c060013476
Author: Volkan Yazıcı <vo...@yazi.ci>
AuthorDate: Mon Dec 12 12:42:26 2022 +0100

    Make builds reproducible along with verification
---
 .github/workflows/build.yml | 15 ++++++++++++---
 pom.xml                     |  3 +++
 2 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 9f5f4fd..df8e796 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -45,14 +45,23 @@ jobs:
           architecture: x64
           cache: maven
 
-      - name: Build with Maven
+      # `install` is required to verify reproducible builds: https://maven.apache.org/guides/mini/guide-reproducible-builds.html#how-to-test-my-maven-build-reproducibility
+      - name: Build using Maven
         shell: bash
         run: |
           ./mvnw \
             --show-version --batch-mode --errors --no-transfer-progress \
-            -DtrimStackTrace=false \
             -DskipTests=true \
-            verify
+            install
+
+      # `artifact:compare` is required to verify reproducible builds: https://maven.apache.org/guides/mini/guide-reproducible-builds.html#how-to-test-my-maven-build-reproducibility
+      - name: Verify using Maven
+        shell: bash
+        run: |
+          ./mvnw \
+            --show-version --batch-mode --errors --no-transfer-progress \
+            -DtrimStackTrace=false \
+            verify artifact:compare
 
   merge:
 
diff --git a/pom.xml b/pom.xml
index 7f6b61c..78fc9aa 100644
--- a/pom.xml
+++ b/pom.xml
@@ -57,6 +57,9 @@
     <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
     <java.version>1.8</java.version>
 
+    <!-- `project.build.outputTimestamp` is required for reproducible builds: https://maven.apache.org/guides/mini/guide-reproducible-builds.html -->
+    <project.build.outputTimestamp>0</project.build.outputTimestamp>
+
     <!-- plugin versions -->
     <flatten-maven-plugin.version>1.3.0</flatten-maven-plugin.version>