HHH-18488 Configure archive tasks to produce reproducible archives

This commit is contained in:
marko-bekhta 2023-09-06 16:27:12 +02:00 committed by Steve Ebersole
parent 43745c9372
commit e87a64d976
4 changed files with 67 additions and 2 deletions

View File

@ -38,7 +38,6 @@ plugins {
apply from: file( 'gradle/module.gradle' ) apply from: file( 'gradle/module.gradle' )
// ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ // ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
// Release Task // Release Task

View File

@ -0,0 +1,53 @@
#!/usr/bin/env bash
# This is a simple script to check if builds are reproducible. The steps are:
# 1. Build ORM with `./gradlew --no-daemon clean publishToMavenLocal --no-build-cache -Dmaven.repo.local=some-path/out/build1`
# 2. Build ORM with `./gradlew --no-daemon clean publishToMavenLocal --no-build-cache -Dmaven.repo.local=some-path/out/build2` second time pointing to a different local maven repository to publish
# 3. Compare the build results with sh ./ci/compare-build-results.sh some-path/out/build1 some-path/out/build2
# 4. The generated .buildcompare file will also contain the diffscope commands to see/compare the problematic build artifacts
outputDir1=$1
outputDir2=$2
outputDir1=${outputDir1%/}
outputDir2=${outputDir2%/}
ok=()
okFiles=()
ko=()
koFiles=()
for f in `find ${outputDir1} -type f | grep -v "javadoc.jar$" | grep -v "maven-metadata-local.xml$" | sort`
do
flocal=${f#$outputDir1}
# echo "comparing ${flocal}"
sha1=`shasum -a 512 $f | cut -f 1 -d ' '`
sha2=`shasum -a 512 $outputDir2$flocal | cut -f 1 -d ' '`
# echo "$sha1"
# echo "$sha2"
if [ "$sha1" = "$sha2" ]; then
ok+=($flocal)
okFiles+=(${flocal##*/})
else
ko+=($flocal)
koFiles+=(${flocal##*/})
fi
done
# generate .buildcompare
buildcompare=".buildcompare"
echo "ok=${#ok[@]}" >> ${buildcompare}
echo "ko=${#ko[@]}" >> ${buildcompare}
echo "okFiles=\"${okFiles[@]}\"" >> ${buildcompare}
echo "koFiles=\"${koFiles[@]}\"" >> ${buildcompare}
echo "" >> ${buildcompare}
echo "# see what caused the mismatch in the checksum by executing the following diffscope commands" >> ${buildcompare}
for f in ${ko[@]}
do
echo "# diffoscope $outputDir1$f $outputDir2$f" >> ${buildcompare}
done
if [ ${#ko[@]} -eq 0 ]; then
exit 0
else
exit 1
fi

View File

@ -57,6 +57,15 @@ if ( !project.description ) {
project.description = "The Hibernate ORM $project.name module" project.description = "The Hibernate ORM $project.name module"
} }
// ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
// Reproducible Builds
// https://docs.gradle.org/current/userguide/working_with_files.html#sec:reproducible_archives
// Configure archive tasks to produce reproducible archives:
tasks.withType(AbstractArchiveTask).configureEach {
preserveFileTimestamps = false
reproducibleFileOrder = true
}
// ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ // ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
// Configurations and Dependencies // Configurations and Dependencies

View File

@ -57,6 +57,10 @@ gradlePlugin {
} }
} }
tasks.withType(AbstractArchiveTask).configureEach {
preserveFileTimestamps = false
reproducibleFileOrder = true
}
test { test {
useJUnitPlatform() useJUnitPlatform()
@ -153,4 +157,4 @@ gradle.taskGraph.whenReady { tg ->
} }
} }
} }
} }