Add different types of diff that cause reproducibility differences in Java

cmd/stabilize/diffs/build-manifest.md

@@ -0,0 +1,101 @@
+# Build Manifests
+
+## Build Environment
+
+```diff
+@@ -1,6 +1,6 @@
+ Manifest-Version: 1.0
+ Archiver-Version: Plexus Archiver
+-Built-By: runner
++Built-By: aman
+ Build-Jdk: 11.0.24
+```
+[URL](http://130.237.222.185/chains-reproducible-central/com.github.sitture/env-config/1.9.0/env-config-1.9.0.jar.diffoscope.json)
+
+
+`Built-By` attribute indicates the user of the system that built the artifact.
+This information can be different across builds and it is better to stabilize this information.
+
+
+```diff
+@@ -9,52 +9,7 @@
+ SCM-Git-Commit-Dirty: false
+ SCM-Git-Commit-ID: b8b0e095af45ed8b3212b934ce46f2dcb54fdea6
+ SCM-Git-Commit-ID-Abbrev: b8b0e09
+ SCM-Git-Commit-ID-Description: v1_0_1
+ SCM-Git-Commit-Timestamp: 2022-01-06T10:16:03Z
+
+-Name: org/jrivard/xmlchai/XmlChaiInternalUtils.class
+-SHA-256-Digest: LhOQqdSd5g2HbXN9WsOsXrqI+h4cFKS3MjNe8b275Do=
+-
+-Name: org/jrivard/xmlchai/XmlDocument.class
+-SHA-256-Digest: ZhMKA2QSfPIoZGG9+MBr0OZU97oFRvWyAMbgblFoFIM=
+...
+```
+[URL](http://130.237.222.185/chains-reproducible-central/org.jrivard.xmlchai/xmlchai/0.1.0/xmlchai-0.1.0.jar.diffoscope.json)
+
+Signatures of Java classiles cannot be replicated and hence they are always different if rebuilt by a third-party.
+For any rebuild, it is better to stabilize the manifest by removing the signatures.
+
+
+```diff
+-#Generated by Maven Integration for Eclipse
+-#Wed Aug 09 20:30:38 PDT 2023
+-m2e.projectLocation=C\\:\\\\Users\\\\gary\\\\git\\\\spdx-maven-plugin
+-m2e.projectName=spdx-maven-plugin
+-groupId=org.spdx
+ artifactId=spdx-maven-plugin
++groupId=org.spdx
+ version=0.7.0
+```
+[URL](http://130.237.222.185/chains-reproducible-central/org.spdx/spdx-maven-plugin/0.7.0/spdx-maven-plugin-0.7.0.jar.diffoscope.json)
+
+`m2e` attributes appear if artifacts are built with maven build tool embedded into the eclipse IDE.
+These attributes can be removed by running the stabilizer.
+
+## Rebuild Process
+
+```diff
+-Created-By: 17.0.8.1+0 (Homebrew)
++Created-By: 17.0.12+7-Ubuntu-1ubuntu222.04 (Ubuntu)
+```
+[URL](http://130.237.222.185/chains-reproducible-central/commons-net/commons-net/3.10.0/commons-net-3.10.0-ftp.jar.diffoscope.json)
+
+```diff
+-Implementation-Build-Java-Vendor: AdoptOpenJDK\r
+-Implementation-Build-Java-Version: 15\r
++Implementation-Build-Java-Vendor: Oracle Corporation\r
++Implementation-Build-Java-Version: 15.0.2\r
+ Implementation-Title: LDAP Chai Library\r
+ Implementation-URL: https://github.com/ldapchai/ldapchai\r
+ Implementation-Vendor: LDAP Chai Project\r
+ Implementation-Version: 0.8.0\r
+```
+[URL](http://130.237.222.185/chains-reproducible-central/com.github.ldapchai/ldapchai/0.8.0/ldapchai-0.8.0.jar.diffoscope.json)
+
+Java Version and Java Vendor are important information for rebuilding.
+They should be used to fix the workflow strategy.
+
+## Dynamic Properties
+
+```diff
+@@ -4,15 +4,15 @@\n Archive-UID: 854FF0D1B8B9E20E9476A6658AEF997E0ACB09ED6F9B593E086D2C8FBD8
+  3DBA8
+ Implementation-Build-Java-Version: 8
+ Implementation-Title: LDAP Chai Library
+ Implementation-URL: https://github.com/ldapchai/ldapchai
+ Implementation-Vendor: LDAP Chai Project
+ Implementation-Version: 0.8.6
+-SCM-Git-Branch: master
++SCM-Git-Branch: a9de4ccc8db9a4862f3819f3dfb63e57a6450bdf
+ SCM-Git-Commit-Dirty: false
+ SCM-Git-Commit-ID: a9de4ccc8db9a4862f3819f3dfb63e57a6450bdf
+ SCM-Git-Commit-ID-Abbrev: a9de4cc
+ SCM-Git-Commit-ID-Description: v0_8_6
+ SCM-Git-Commit-Timestamp: 2024-08-26T16:07:08Z
+ SCM-Git-Remote-Origin-URL: https://github.com/ldapchai/ldapchai.git
+```
+[URL](http://130.237.222.185/chains-reproducible-central/com.github.ldapchai/ldapchai/0.8.6/ldapchai-0.8.6.jar.diffoscope.json)
+
+Branch refs are volatile attributes and can change from build to build.
+It can be removed from the manifest before comparison.