Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

upgrade Felix maven-bundle-plugin for Reproducible #36

Merged
merged 1 commit into from
Feb 10, 2022
Merged

upgrade Felix maven-bundle-plugin for Reproducible #36

merged 1 commit into from
Feb 10, 2022

Conversation

hboutemy
Copy link
Member

@hboutemy hboutemy commented Feb 2, 2022

fix for bundle:manifest

@mboapache
Copy link
Contributor

The change looks good. Thank you!

We are planning to merge this pull request once we are done with the current JDO release 3.2.

@hboutemy
Copy link
Member Author

hboutemy commented Feb 4, 2022
edited
Loading

thank you
FYI, this 3.2 release (before this update) has only 1 non reproducible output: https://github.com/jvm-repo-rebuild/reproducible-central#org.apache.jdo:jdo

and you can check reproducibility by simply doing

mvn clean install
mvn clean package artifact:compare

@mboapache mboapache merged commit ce801b8 into apache:main Feb 10, 2022
@tzaeschke
Copy link
Contributor

@hboutemy I had a look around and I do not fully understand how this works, maybe you can help or point us to some additional documentation?

  • mvn clean install & mvn clean package artifact:compare: What is the purpose? As far as I understand it simply compares two local builds that were created on the same machine + environment. This will never detect problems resulting from different environments...?
  • Should the second line be mvn clean verify artifact:compare?
  • At what point in the release process is this best executed? It feels like it would need to be in the middle of release:perform in order to compare the final build (including version numbers) but before it is being uploaded. Still, it would only compare builds executed on the same environment....?

References:

@hboutemy
Copy link
Member Author

This will never detect problems resulting from different environments...

you're right. There are many reproducibility problems that are not because environments are different, but even on the same env, 2 builds give different results: if you look at the jdo issue for 3.2 release, it's not because of environment https://github.com/jvm-repo-rebuild/reproducible-central/blob/master/content/org/apache/jdo/jdo-3.2.diffoscope .

Should the second line be mvn clean verify artifact:compare?

as you wish: output is expected to be done at package stage, verify is not expected to add anything. But you can and should customize the command to match your build expectations

At what point in the release process is this best executed?

it is not expected to be executed during the release process: it's expected to be executed when you develop.
Once the release is done, people outside your project will try to rebuild (obviously with different environment) and check they can get the same output as you: if they find an issue, it's too late for the release, it will have to be fixed for the next release, so during the development phase before the next release: hence the provided test commands to run during development

Once you have a release that was reproducible, in general, next ones are also reproducible, because build structure does not change often.

@hboutemy hboutemy deleted the patch-1 branch February 17, 2022 18:56
@tzaeschke
Copy link
Contributor

@hboutemy I forgot: thanks for the info!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@hboutemy @mboapache @tzaeschke