Reproducible Build Check #4
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Reproducible Build Check | |
| on: | |
| schedule: | |
| - cron: '0 0 * * *' | |
| workflow_dispatch: | |
| jobs: | |
| check: | |
| name: Verify Deterministic Build | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v5 | |
| with: | |
| ref: main | |
| - name: Set up JDK 21 | |
| uses: actions/setup-java@v5 | |
| with: | |
| java-version: 21 | |
| distribution: 'temurin' | |
| cache: maven | |
| - name: π¦ Install | |
| run: mvn clean install -pl "!tests" -DskipTests -B --no-transfer-progress | |
| - name: π Verify Reproducibility | |
| run: mvn clean verify artifact:compare -pl "!tests" -DskipTests -B --no-transfer-progress | |
| - name: π Generate Visual Report | |
| if: always() | |
| run: | | |
| echo "## π Reproducible Build Report" >> $GITHUB_STEP_SUMMARY | |
| TOTAL_OK=0 | |
| TOTAL_KO=0 | |
| TOTAL_IGNORED=0 | |
| ALL_KO_FILES="" | |
| # Find all generated comparison files | |
| COMPARE_FILES=$(find . -type f -name "*.buildcompare") | |
| if [ -n "$COMPARE_FILES" ]; then | |
| for COMPARE_FILE in $COMPARE_FILES; do | |
| # Extract the values, defaulting to 0 if not found | |
| OK=$(grep '^ok=' "$COMPARE_FILE" | cut -d'=' -f2 || echo "0") | |
| KO=$(grep '^ko=' "$COMPARE_FILE" | cut -d'=' -f2 || echo "0") | |
| IGNORED=$(grep '^ignored=' "$COMPARE_FILE" | cut -d'=' -f2 || echo "0") | |
| # Aggregate the counts | |
| TOTAL_OK=$((TOTAL_OK + ${OK:-0})) | |
| TOTAL_KO=$((TOTAL_KO + ${KO:-0})) | |
| TOTAL_IGNORED=$((TOTAL_IGNORED + ${IGNORED:-0})) | |
| # Aggregate failed files if any exist in this module | |
| if [ "${KO:-0}" -gt 0 ]; then | |
| FILES=$(grep '^koFiles=' "$COMPARE_FILE" | cut -d'=' -f2 | tr -d '"') | |
| ALL_KO_FILES="$ALL_KO_FILES $FILES" | |
| fi | |
| done | |
| # Draw a Markdown Table with aggregated results | |
| echo "| Result | Count |" >> $GITHUB_STEP_SUMMARY | |
| echo "|--------|-------|" >> $GITHUB_STEP_SUMMARY | |
| echo "| β **OK** | **$TOTAL_OK** |" >> $GITHUB_STEP_SUMMARY | |
| echo "| β **Failed (KO)** | **$TOTAL_KO** |" >> $GITHUB_STEP_SUMMARY | |
| echo "| β οΈ **Ignored** | **$TOTAL_IGNORED** |" >> $GITHUB_STEP_SUMMARY | |
| echo "" >> $GITHUB_STEP_SUMMARY | |
| # Provide specific feedback | |
| if [ "$TOTAL_KO" -gt 0 ]; then | |
| echo "### π¨ Reproducibility Drift Detected!" >> $GITHUB_STEP_SUMMARY | |
| echo "The following files differ from the reference build:" >> $GITHUB_STEP_SUMMARY | |
| echo "\`\`\`text" >> $GITHUB_STEP_SUMMARY | |
| # Print each file on a new line, cleaning up extra spaces | |
| echo "$ALL_KO_FILES" | tr ' ' '\n' | grep -v '^$' >> $GITHUB_STEP_SUMMARY | |
| echo "\`\`\`" >> $GITHUB_STEP_SUMMARY | |
| else | |
| echo "### π 100% Reproducible!" >> $GITHUB_STEP_SUMMARY | |
| echo "The build is perfectly deterministic across all modules." >> $GITHUB_STEP_SUMMARY | |
| fi | |
| else | |
| echo "β οΈ **Could not find any \`.buildcompare\` files.** The Maven plugin might have failed before generating the report." >> $GITHUB_STEP_SUMMARY | |
| fi |