stevedlawrence opened a new issue, #1139: URL: https://github.com/apache/daffodil-vscode/issues/1139
The .vsix file generated by `vsce package` contains timestamps that prevent it from being easily reproducible. It looks like everything inside the zip is reproducible, so the vsix file itself is likely the only issue. I believe all the daffodil and daffodil-sbt releases are reproducible, so this is the last remaining piece that when fixed will allow us to switch to tag/CI based [automated release building/signing](https://infra.apache.org/release-signing.html#automated-release-signing), which should make the release process significantly easier. I've done some digging and it looks like the issue is vsce includes the mtimes of the files in the zip/vsix file. I've tried adding a new script in build/yarn-scripts.ts that is run just before we package the vsix file to change all the timestamps to SOURCE_DATE_EPOCH if defined. This works for most files included in the vsix file, but there are a couple that vsce generates during the package process that I don't think we can modify like that. So this likely is not a complete solution. Another option is to create a PR to vscode-vsce to update it to use SOURCE_DATE_EPOCH when creating the vsix. I've skimmed vscode-vsce and think it could probably done with just a few lines, but I'm not all that familiar with node.js or how to test those kinds of changes. Also, even if we did make the changes, it requires getting a PR merged and updating the dependency to it. The first is probably doable, but daffodil-vscode depends on a pretty old version of vscode-vsce--is there anything blocking us from updating to a newer version if one were released with this kind of fix? An alternative approach might be to just add a post processing script that unzips the contexts of the vsix file to a temp directory, modifies all the timestamps to SOURCE_DATE_EPOCH, and then rezips it. That's a bit of a pain, but doesn't have any dependency concerns. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
