feat(component): Add deterministic component fingerprints#47
Merged
dmcilvaney merged 1 commit intomicrosoft:mainfrom Apr 25, 2026
Merged
Conversation
Contributor
There was a problem hiding this comment.
Pull request overview
Adds a new internal fingerprinting utility intended to compute deterministic “component fingerprints” from resolved component configuration plus additional build context.
Changes:
- Introduces
internal/fingerprintpackage withComputeIdentityto produce a SHA256-based fingerprint and an inputs breakdown. - Adds a comprehensive test suite covering many config/input variations.
- Exports
OpenProjectRepoin synthetic history code and addshashstructure/v2dependency.
Reviewed changes
Copilot reviewed 5 out of 6 changed files in this pull request and generated 8 comments.
Show a summary per file
| File | Description |
|---|---|
| internal/fingerprint/fingerprint.go | New fingerprint computation logic (config hashing + overlay file hashing + SHA256 combiner). |
| internal/fingerprint/fingerprint_test.go | New tests asserting determinism and expected sensitivity/insensitivity to various inputs. |
| internal/fingerprint/doc.go | Package documentation for the new fingerprint module. |
| internal/app/azldev/core/sources/synthistory.go | Renames openProjectRepo to exported OpenProjectRepo and updates call site. |
| go.mod | Adds github.com/mitchellh/hashstructure/v2 dependency. |
| go.sum | Adds checksums for the new dependency. |
dmcilvaney
force-pushed
the
damcilva/component_change_detection_parts/5
branch
from
a7d028e to
3fb8df7
Compare
dmcilvaney
force-pushed
the
damcilva/component_change_detection_parts/5
branch
from
3fb8df7 to
759c099
Compare
dmcilvaney
force-pushed
the
damcilva/component_change_detection_parts/5
branch
from
0140c52 to
94e19ff
Compare
reubeno
reviewed
Apr 11, 2026
Member
reubeno
left a comment
reubeno
left a comment
There was a problem hiding this comment.
Apart from the individual comments, my main question... what's your thoughts on how we can ensure that this algorithm stays in sync with the component and overlay definitions as the latter evolve?
| OverlayFileHashes map[string]string `json:"overlayFileHashes,omitempty"` | ||
| // AffectsCommitCount is the number of "Affects: <component>" commits in the project repo. | ||
| AffectsCommitCount int `json:"affectsCommitCount"` | ||
| // Distro is the effective distro name. |
Member
There was a problem hiding this comment.
Why does this need to be tracked?
| func ComputeIdentity( | ||
| fs opctx.FS, | ||
| component projectconfig.ComponentConfig, | ||
| distroRef projectconfig.DistroReference, |
Member
There was a problem hiding this comment.
Is this the distro that the component is being built for or the distro that the component's spec may have come from? Can we document and clarify?
Contributor
Author
There was a problem hiding this comment.
It should be the effective distro for the component, ie if one is set, pick that, otherwise the global default.
Contributor
Author
There was a problem hiding this comment.
That said, we can probably drop it to just ReleaseVer, that might be the only bit we really care about.
dmcilvaney
force-pushed
the
damcilva/component_change_detection_parts/5
branch
from
7faa755 to
5b443e3
Compare
reubeno
approved these changes
Apr 25, 2026
Add a fingerprint package that computes deterministic SHA256 identity hashes for components based on all resolved build inputs: - Config hash (via hashstructure, respecting fingerprint:"-" tags) - Source identity (upstream commit or local content hash) - Overlay file content hashes - Manual bump counter (from lock file) - Distro release version (e.g., "3.0") Inputs are combined with domain-separated field labels for collision resistance. Overlay hashes are sorted by path for determinism. Also adds: - fingerprint:"-" tags on non-build-input fields (RenderedSpecDir, SpecSource.Path, ComponentOverlay.Source) - Overlay.SourceFiles() helper for content hashing - Reflection test enforcing tag discipline on all fingerprinted structs - 675 lines of unit tests covering all input dimensions
dmcilvaney
force-pushed
the
damcilva/component_change_detection_parts/5
branch
from
5b443e3 to
13639ed
Compare
Contributor
Author
|
Rebased to address go.mod conflict. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.