Skip to content

Commit dfc0225

Browse files
developer-guydeveloper-guy
committed
chore(reproducibility): add buildid= and trimpath
Signed-off-by: Batuhan Apaydın <[email protected]>
1 parent 598af89 commit dfc0225

File tree

2 files changed

+18
-4
lines changed

2 files changed

+18
-4
lines changed

.goreleaser.yaml

Lines changed: 6 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -22,14 +22,17 @@ builds:
2222
mod_timestamp: &build-timestamp '{{ .CommitTimestamp }}'
2323
env: &build-env
2424
- CGO_ENABLED=0
25+
flags: &build-flags
26+
- -trimpath
2527
ldflags: &build-ldflags |
28+
-buildid=
2629
-w
2730
-s
2831
-extldflags '-static'
2932
-X github.com/anchore/grype/internal/version.version={{.Version}}
3033
-X github.com/anchore/grype/internal/version.syftVersion={{.Env.SYFT_VERSION}}
3134
-X github.com/anchore/grype/internal/version.gitCommit={{.Commit}}
32-
-X github.com/anchore/grype/internal/version.buildDate={{.Date}}
35+
-X github.com/anchore/grype/internal/version.buildDate={{.Env.BUILD_DATE}}
3336
-X github.com/anchore/grype/internal/version.gitDescription={{.Summary}}
3437

3538
- id: darwin-build
@@ -102,7 +105,7 @@ dockers:
102105
use: buildx
103106
build_flag_templates:
104107
- "--platform=linux/amd64"
105-
- "--build-arg=BUILD_DATE={{.Date}}"
108+
- "--build-arg=BUILD_DATE={{.Env.BUILD_DATE}}"
106109
- "--build-arg=BUILD_VERSION={{.Version}}"
107110
- "--build-arg=VCS_REF={{.FullCommit}}"
108111
- "--build-arg=VCS_URL={{.GitURL}}"
@@ -116,7 +119,7 @@ dockers:
116119
use: buildx
117120
build_flag_templates:
118121
- "--platform=linux/arm64/v8"
119-
- "--build-arg=BUILD_DATE={{.Date}}"
122+
- "--build-arg=BUILD_DATE={{.Env.BUILD_DATE}}"
120123
- "--build-arg=BUILD_VERSION={{.Version}}"
121124
- "--build-arg=VCS_REF={{.FullCommit}}"
122125
- "--build-arg=VCS_URL={{.GitURL}}"

Makefile

Lines changed: 12 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -9,6 +9,14 @@ RELEASE_CMD=$(TEMPDIR)/goreleaser release --rm-dist
99
SNAPSHOT_CMD=$(RELEASE_CMD) --skip-publish --snapshot
1010
VERSION=$(shell git describe --dirty --always --tags)
1111

12+
# https://reproducible-builds.org/docs/source-date-epoch/
13+
DATE_FMT = +%Y-%m-%dT%H:%M:%SZ
14+
ifdef SOURCE_DATE_EPOCH
15+
BUILD_DATE ?= $(shell date -u -d "@$(SOURCE_DATE_EPOCH)" "$(DATE_FMT)" 2>/dev/null || date -u -r "$(SOURCE_DATE_EPOCH)" "$(DATE_FMT)" 2>/dev/null || date -u "$(DATE_FMT)")
16+
else
17+
BUILD_DATE ?= $(shell date "$(DATE_FMT)")
18+
endif
19+
1220
# formatting variables
1321
BOLD := $(shell tput -T linux bold)
1422
PURPLE := $(shell tput -T linux setaf 5)
@@ -206,6 +214,7 @@ $(SNAPSHOTDIR): ## Build snapshot release binaries and packages
206214

207215
# build release snapshots
208216
bash -c "\
217+
BUILD_DATE=$(BUILD_DATE) \
209218
SKIP_SIGNING=true \
210219
SYFT_VERSION=$(SYFT_VERSION)\
211220
$(SNAPSHOT_CMD) --skip-sign --config $(TEMPDIR)/goreleaser.yaml"
@@ -222,7 +231,8 @@ snapshot-with-signing: ## Build snapshot release binaries and packages (with dum
222231

223232
# build release snapshots
224233
bash -c "\
225-
SYFT_VERSION=$(SYFT_VERSION)\
234+
SYFT_VERSION=$(SYFT_VERSION) \
235+
BUILD_DATE=$(BUILD_DATE) \
226236
$(SNAPSHOT_CMD) --config $(TEMPDIR)/goreleaser.yaml || (cat .github/scripts/apple-signing/log/*.txt && false)"
227237

228238
# remove the keychain with the trusted self-signed cert automatically
@@ -265,6 +275,7 @@ release: clean-dist CHANGELOG.md ## Build and publish final binaries and packag
265275
# note: notarization cannot be done in parallel, thus --parallelism 1
266276
bash -c "\
267277
SYFT_VERSION=$(SYFT_VERSION)\
278+
BUILD_DATE=$(BUILD_DATE) \
268279
$(RELEASE_CMD) \
269280
--config $(TEMPDIR)/goreleaser.yaml \
270281
--parallelism 1 \

0 commit comments

Comments
 (0)