Reproducible Build Check #3
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Reproducible Build Check | |
| on: | |
| schedule: | |
| - cron: '0 0 * * *' | |
| workflow_dispatch: | |
| jobs: | |
| check: | |
| name: Verify Deterministic Build | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v5 | |
| with: | |
| ref: main | |
| - name: Set up JDK 21 | |
| uses: actions/setup-java@v5 | |
| with: | |
| java-version: 21 | |
| distribution: 'temurin' | |
| cache: maven | |
| - name: π¦ Install | |
| run: mvn clean install -pl "!tests" -DskipTests -B --no-transfer-progress | |
| - name: π Verify Reproducibility | |
| run: mvn clean verify artifact:compare -pl "!tests" -DskipTests -B --no-transfer-progress | |
| - name: π Generate Visual Report | |
| if: always() | |
| run: | | |
| echo "## π Reproducible Build Report" >> $GITHUB_STEP_SUMMARY | |
| # Find the generated comparison file (Maven Artifact Plugin creates a .buildcompare file) | |
| COMPARE_FILE=$(find . -type f -name "*.buildcompare" | head -n 1) | |
| if [ -f "$COMPARE_FILE" ]; then | |
| # Extract the values | |
| OK=$(grep '^ok=' "$COMPARE_FILE" | cut -d'=' -f2) | |
| KO=$(grep '^ko=' "$COMPARE_FILE" | cut -d'=' -f2) | |
| IGNORED=$(grep '^ignored=' "$COMPARE_FILE" | cut -d'=' -f2) | |
| # Draw a Markdown Table | |
| echo "| Result | Count |" >> $GITHUB_STEP_SUMMARY | |
| echo "|--------|-------|" >> $GITHUB_STEP_SUMMARY | |
| echo "| β **OK** | **$OK** |" >> $GITHUB_STEP_SUMMARY | |
| echo "| β **Failed (KO)** | **$KO** |" >> $GITHUB_STEP_SUMMARY | |
| echo "| β οΈ **Ignored** | **$IGNORED** |" >> $GITHUB_STEP_SUMMARY | |
| echo "" >> $GITHUB_STEP_SUMMARY | |
| # Provide specific feedback | |
| if [ "$KO" -gt 0 ]; then | |
| echo "### π¨ Reproducibility Drift Detected!" >> $GITHUB_STEP_SUMMARY | |
| echo "The following files differ from the reference build:" >> $GITHUB_STEP_SUMMARY | |
| echo "\`\`\`text" >> $GITHUB_STEP_SUMMARY | |
| # Extract the koFiles string, remove quotes, and print each file on a new line | |
| grep '^koFiles=' "$COMPARE_FILE" | cut -d'=' -f2 | tr -d '"' | tr ' ' '\n' >> $GITHUB_STEP_SUMMARY | |
| echo "\`\`\`" >> $GITHUB_STEP_SUMMARY | |
| else | |
| echo "### π 100% Reproducible!" >> $GITHUB_STEP_SUMMARY | |
| echo "The build is perfectly deterministic." >> $GITHUB_STEP_SUMMARY | |
| fi | |
| else | |
| echo "β οΈ **Could not find the \`.buildcompare\` file.** The Maven plugin might have failed before generating the report." >> $GITHUB_STEP_SUMMARY | |
| fi |