Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Assert that builds are reproducible #109

Open
ryanmoran opened this issue Aug 8, 2022 · 0 comments
Open

Assert that builds are reproducible #109

ryanmoran opened this issue Aug 8, 2022 · 0 comments

Comments

@ryanmoran
Copy link
Member

Describe the Enhancement

Builds with this buildpack should be reproducible, meaning given identical inputs, the SHAs of resulting buildpack-built images are the same. This means, for a given app, if I run:

pack build my-app -b paketo-buildpacks/web-servers

and then run

pack build my-app-copy -b paketo-buildpacks/web-servers

with the same source code and configurations, the resulting image SHAs should be the same.

Currently, builds are not reproducible because of SBOMs included in the final app image. See paketo-buildpacks/packit#367 and paketo-buildpacks/packit#368. But once those issues are resolved and a new version of packit has been released, we should expect that the buildpack builds are reproducible.

Possible Solution

Add assertions to integration tests that show that two builds with the same inputs produce identical outputs.

Motivation

Build reproducibility is a selling point of CNBs that we want to provide to Paketo buildpack users. We want to know if future implementation decisions compromise build reproducibility.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ryanmoran