jdaugherty opened a new pull request, #14670:
URL: https://github.com/apache/grails-core/pull/14670
This PR is working towards reproducible builds.
You can run the script:
etc/bin/test-reproducible-build.sh
to do 2 builds, back to back, and compare their jar files to see what does
not match. This PR does not fully solve reproducible grails build.
It does:
1. Set `SOURCE_DATE_EPOCH` in github actions to ensure the build date is
always as of the commit date
2. Use SOURCE_DATE_EPOCH in the gradle build, and set it as properties in
case future processes need to use them
3. Adds a helper groovy script `generate-build-artifact-hashes` to generate
hashes for any jar files that are considered distributed
4. adds the test script previously mentioned
5. fixes sourcejar configuration
6. sets common encodings so across all platforms sources / docs /etc are
treated the same
7. Removes "Built-By" and "Created-By" manifest attributes for reproducible
manifests
8. Configures jars per Gradle's reproducibility recommendations: i.e. do not
preserve timestamps, reproducible file order, and common permissions
9. disables jar files in projects that "staging" projects, such as
documentation builds, test reporting, etc
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
