Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ci: make containers reproducible #48

Merged
merged 1 commit into from
Jan 23, 2025

Conversation

cbs228
Copy link
Owner

@cbs228 cbs228 commented Jan 23, 2025

Make containers reproducible by:

  • using a dated debian tag; and
  • enabling the snapshot server URL
  • enabling SOURCE_DATE_EPOCH and container file timestamping
  • using a tmpfs for /var/log
  • removing unreproducible files

The instructions are heavily influenced by 1.

Add git safe.directory exemptions everywhere in case the /src filesystem is mounted as a different uid. This is very common in containerized build environments.

Also move each container into its own build context directory. The filesystem layout now matches the container registry URL.

Containerization is an unending time sink—there is always something more to be done.

Make containers reproducible by:

* using a dated debian tag; and
* enabling the snapshot server URL
* enabling SOURCE_DATE_EPOCH and container file timestamping
* using a tmpfs for /var/log
* removing unreproducible files

The instructions are heavily influenced by [1].

Add git `safe.directory` exemptions everywhere in case the
`/src` filesystem is mounted as a different uid. This is very
common in containerized build environments.

Also move each container into its own build context directory.
The filesystem layout now matches the container registry URL.

Containerization is an unending time sink—there is always
something more to be done.

[1]: siemens/kas@bb51bd7
@cbs228 cbs228 merged commit 2eb2eab into develop Jan 23, 2025
10 checks passed
@cbs228 cbs228 deleted the feature/ci_container_reproducible branch January 23, 2025 03:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant