Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Assert that builds are reproducible #811

Closed
sophiewigmore opened this issue Aug 3, 2022 · 2 comments · Fixed by #818 or paketo-buildpacks/bundle-install#423
Closed

Assert that builds are reproducible #811

sophiewigmore opened this issue Aug 3, 2022 · 2 comments · Fixed by #818 or paketo-buildpacks/bundle-install#423
Assignees

Comments

@sophiewigmore
Copy link
Member

Describe the Enhancement

Builds with this buildpack should be reproducible, meaning given identical inputs, the SHAs of resulting buildpack-built images are the same. This means, for a given app, if I run:

pack build my-app -b paketo-buildpacks/ruby

and then run

pack build my-app-copy -b paketo-buildpacks/ruby

with the same source code and configurations, the resulting image SHAs should be the same.

Currently, builds are not reproducible because of SBOMs included in the final app image. See paketo-buildpacks/packit#367 and paketo-buildpacks/packit#368. But once those issues are resolved and a new version of packit has been released, we should expect that the buildpack builds are reproducible.

Possible Solution

Add assertions to integration tests that show that two builds with the same inputs produce identical outputs.

Motivation

Build reproducibility is a selling point of CNBs that we want to provide to Paketo buildpack users. We want to know if future implementation decisions compromise build reproducibility.

@sophiewigmore sophiewigmore moved this to ❓Not scoped in Paketo Workstreams Aug 3, 2022
@robdimsdale robdimsdale moved this from ❓Not scoped to 📝 Todo in Paketo Workstreams Aug 9, 2022
@ForestEckhardt ForestEckhardt self-assigned this Aug 16, 2022
@ForestEckhardt ForestEckhardt moved this from 📝 Todo to 🚧 In Progress in Paketo Workstreams Aug 16, 2022
@ForestEckhardt ForestEckhardt removed their assignment Sep 6, 2022
@fg-j fg-j moved this from 🚧 In Progress to 📝 Todo in Paketo Workstreams Sep 8, 2022
@arjun024 arjun024 self-assigned this Feb 15, 2023
@arjun024 arjun024 moved this from 📝 Todo to 🚧 In Progress in Paketo Workstreams Feb 15, 2023
@arjun024 arjun024 moved this from 🚧 In Progress to 📝 Todo in Paketo Workstreams Feb 23, 2023
@arjun024 arjun024 removed their assignment Mar 1, 2023
@simonjjones simonjjones moved this from 📝 Todo to 🚧 In Progress in Paketo Workstreams Apr 5, 2023
@github-project-automation github-project-automation bot moved this from 🚧 In Progress to ✅ Done in Paketo Workstreams Apr 5, 2023
@ryanmoran ryanmoran reopened this Apr 5, 2023
@ryanmoran ryanmoran moved this from ✅ Done to 🚧 In Progress in Paketo Workstreams Apr 10, 2023
@github-project-automation github-project-automation bot moved this from 🚧 In Progress to ✅ Done in Paketo Workstreams Apr 11, 2023
@ryanmoran ryanmoran reopened this Apr 13, 2023
@ryanmoran ryanmoran moved this from ✅ Done to 🚧 In Progress in Paketo Workstreams Apr 13, 2023
@ryanmoran
Copy link
Member

The only piece of the Ruby buildpack keeping us from completing this item is the rails-assets buildpack. Unfortunately, getting Rails assets to play nicely appears to be exceedingly hard. Rails (specifically, the sprockets gem) appears to be making a number of changes to cache and mapping files. The differing files are entirely opaque as they are binary file formats. Understanding what has changed and why would be quite complicated. Until such time as the Rails core team revamps asset packaging to be more reproducible, we are likely out of luck.

@robdimsdale
Copy link
Member

So it sounds like there's no more work we can do here, and instead we should document the known limitations. I'll take that responsibility and assign myself the issue.

@sophiewigmore sophiewigmore moved this from 🚧 In Progress to 📨 PR Opened in Paketo Workstreams May 3, 2023
@thitch97 thitch97 closed this as completed May 4, 2023
@github-project-automation github-project-automation bot moved this from 📨 PR Opened to ✅ Done in Paketo Workstreams May 4, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
Archived in project
6 participants