> which is to reliably produce the same build even if the source changes
Please elaborate, in my mind that is dealt with by a git tag on the main project. I mean, you only need to pin the commit of the main project in your build server in order to get a reproducible build.
