Skip to content

docs: add blog article about reproducible builds. #195

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 10 commits into from
Sep 16, 2025
Merged

docs: add blog article about reproducible builds. #195

merged 10 commits into from
Sep 16, 2025

Conversation

sebtiem
Copy link
Contributor

@sebtiem sebtiem commented Aug 15, 2025

No description provided.

@netlify Netlify
Copy link

netlify bot commented Aug 15, 2025
edited
Loading

Deploy Preview for open-elements ready!

Name Link
🔨 Latest commit 3f8b11d
🔍 Latest deploy log https://app.netlify.com/projects/open-elements/deploys/68c91c1c29a657000839eee7
😎 Deploy Preview https://deploy-preview-195--open-elements.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.
Lighthouse
Lighthouse		 1 paths audited
Performance: 64
Accessibility: 72
Best Practices: 92
SEO: 92
PWA: 70
View the detailed breakdown and full score reports

To edit notification comments on pull requests, go to your Netlify project configuration.

hendrikebbers
hendrikebbers reviewed Aug 28, 2025
View reviewed changes
content/posts/2025-08-x-support-and-care-reproducible-builds.md Outdated
But what about reproducability?
Let's run _mvn clean verify artifact:compare_ and find out.
(Screenshot)
Oh. We are not? No, even worse: we are practically never. Having a look at the generated .buildinfo-file while executing the Artifact plugin again shows that our hash is changing with every build.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please add the buildinfo-file here

content/posts/2025-08-x-support-and-care-reproducible-builds.md Outdated
Oh. We are not? No, even worse: we are practically never. Having a look at the generated .buildinfo-file while executing the Artifact plugin again shows that our hash is changing with every build.
The console gives us some hints, and it looks like, we didn't make our homework properly.
Let's add the property project.build.outputTimestamp to the pom with a default value. Otherwise, our build timestamp will vary everytime we build and therefore the corresponding hash is also changing everytime.
Now we can consider our build reproducible! So we are save. But how long? What happens, if I modify the JVM, I build my project with?
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Well, we should try it and see that it is reproducible

Copy link
Contributor Author

@sebtiem sebtiem Sep 12, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

When the build is reproducible, there is no output anymore.

sparsick
sparsick suggested changes Sep 11, 2025
View reviewed changes
@sebtiem sebtiem changed the title Draft: docs: add blog article about reproducible builds. docs: add blog article about reproducible builds. Sep 16, 2025
@sebtiem sebtiem merged commit e4465fa into OpenElements:main Sep 16, 2025
4 of 5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hendrikebbers hendrikebbers hendrikebbers left review comments

+1 more reviewer

@sparsick sparsick sparsick requested changes

Reviewers whose approvals may not affect merge requirements
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@sebtiem @sparsick @hendrikebbers