Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: improve build reproducability #3091

Merged
merged 4 commits into from
Nov 5, 2024
Merged

Conversation

gartnera
Copy link
Member

@gartnera gartnera commented Nov 4, 2024

Description

Attempt to make builds bit perfect reproducable. If this is successful, two machines performing a build with the same code should build a binary with the exact same hash.

Steps taken:

  • use stable time for build time
    • just leave this unset in localnet/CI
    • use commit timestamp in goreleaser
  • set empty buildid as this is usually random
  • strip debug symbols as these are not stable
  • set strict sha256 on goreleaser cross version

Make targets are now:

  • make release-snapshot: build a release without a tag
  • make release-build-only: build a release with a tag but without uploading the artifacts
  • make release: build a release with a tag and upload the artifacts

goreleaser reference

goreleaser output
  node git:(improve-build-reproducability) ✗ make release-snapshot
docker run --rm --privileged -e CGO_ENABLED=1 -v /var/run/docker.sock:/var/run/docker.sock -v `pwd`:/go/src/github.com/zeta-chain/node -w /go/src/github.com/zeta-chain/node -e "GITHUB_TOKEN=" ghcr.io/goreleaser/goreleaser-cross:v1.22.7@sha256:24b2d75007f0ec8e35d01f3a8efa40c197235b200a1a91422d78b851f67ecce4 --clean --skip=validate --skip=publish --snapshot
  • only configurations files on  version: 2  are supported, yours is  version: 0 , please update your configuration
  • skipping announce, publish and validate...
  • loading environment variables
  • getting and validating git state
    • git state                                      commit=af1baddd318097e2dd23dbbd446f86fe484fc1aa branch=improve-build-reproducability current_tag=v12.3.0-rc previous_tag=v12.1.0 dirty=true
    • pipe skipped                                   reason=disabled during snapshot mode
  • parsing tag
  • setting defaults
  • snapshotting
    • building snapshot...                           version=v12.3.0-rc-next
  • running before hooks
    • running                                        hook=go mod download
    • running                                        hook=go mod tidy
    • took: 57s
  • checking distribution directory
    • cleaning dist
  • setting up metadata
  • writing release metadata
  • loading go mod information
  • build prerequisites
  • building binaries
    • building                                       binary=dist/zetaclientd_linux_amd64_v1/zetaclientd-linux-amd64
    • building                                       binary=dist/zetacored_darwin_arm64/zetacored-darwin-arm64
    • building                                       binary=dist/zetacored_linux_arm64/zetacored-linux-arm64
    • building                                       binary=dist/zetacored_windows_amd64_v1/zetacored-windows-amd64.exe
    • building                                       binary=dist/zetaclientd_linux_arm64/zetaclientd-linux-arm64
    • building                                       binary=dist/zetacored_darwin_amd64_v1/zetacored-darwin-amd64
    • building                                       binary=dist/zetacored_linux_amd64_v1/zetacored-linux-amd64
    • took: 2m48s
  • archives
    • skip archiving                                 binary=zetacored-linux-amd64 name=zetacored-linux-amd64
    • skip archiving                                 binary=zetaclientd-linux-amd64 name=zetaclientd-linux-amd64
    • skip archiving                                 binary=zetacored-linux-arm64 name=zetacored-linux-arm64
    • skip archiving                                 binary=zetaclientd-linux-arm64 name=zetaclientd-linux-arm64
    • skip archiving                                 binary=zetacored-darwin-arm64 name=zetacored-darwin-arm64
    • skip archiving                                 binary=zetacored-windows-amd64.exe name=zetacored-windows-amd64.exe
    • skip archiving                                 binary=zetacored-darwin-amd64 name=zetacored-darwin-amd64
  • calculating checksums
  • writing artifacts metadata
  • release succeeded after 3m49s
  • thanks for using goreleaser!
  node git:(improve-build-reproducability) ✗ cat dist/checksums.txt
323fb7defda08ffc7686d34030f67cdba1481932481bc92c1a43cf60c419afbf  zetaclientd-linux-amd64
242a7035d6b7eae273bb8bfa672877fc052f03fc0cd1b725696bb47235891793  zetaclientd-linux-arm64
e718df515a9789b784067702fda4a7b446f4bca4410d1d103abcd89b23f12730  zetacored-darwin-amd64
bc88222b7726521e6a55c88fd16ea3ccb1137359e379e7f20c7860545eb29af2  zetacored-darwin-arm64
3111a51160ee01f231a82603591a1fa4043cb87769c73bb184e9467b50778ed4  zetacored-linux-amd64
304276695b3cb9995ad4c7aa1813b3e618180083fe64e9ce6e322ac4c3afc555  zetacored-linux-arm64
a6912c62f5259eb4687b5e3e6589e1f606f43374d929ea0e64b6b47e8c3ce6e8  zetacored-windows-amd64.exe
make install-zetacore output
  node git:(improve-build-reproducability) ✗ export GOBIN=~/tmp/gobin
  node git:(improve-build-reproducability) ✗ make install-zetacore; sha256sum ~/tmp/gobin/zetacored
--> Installing zetacored
d919c999a06c86309e627769edc4c3a5f7cf3854e18885d7f969ddef37319ffe  /Users/alex/tmp/gobin/zetacored
  node git:(improve-build-reproducability) ✗ rm ~/tmp/gobin/zetacored
  node git:(improve-build-reproducability) ✗ make install-zetacore; sha256sum ~/tmp/gobin/zetacored
--> Installing zetacored
d919c999a06c86309e627769edc4c3a5f7cf3854e18885d7f969ddef37319ffe  /Users/alex/tmp/gobin/zetacored
ci-testing-node workflow runs

first run: https://github.com/zeta-chain/ci-testing-node/actions/runs/11674433708

  Downloads cat checksums.txt
6d53dc94191579ebe6f1c5e5399343d901a25154424d445d188454d4241fc8b3  zetaclientd-linux-amd64
25ef3e667a72564c5dcd8b67236fccf8fa8184df1c3f706d613170bc040d5ef6  zetaclientd-linux-arm64
03eee8a920f930df25d23ec584b97e8947b148fbee25d583b0ccfc40c6e013f4  zetacored-darwin-amd64
795507364b57d75126fc7d46edaa1d13e9fe5fd89f6a70b0dbb95533ba8c3380  zetacored-darwin-arm64
3821cf19cf9d9adae1e9b2f9b7880814308b03ea09da5c16877f392f419c0f7c  zetacored-linux-amd64
8d9c941f934d2ae6d6dc2132433fd989dc226703a3a03558480f76adf658a39d  zetacored-linux-arm64
527a57682cc112c98de97b0954db842a8920a1f1fd25f6dd998f9a9d4fe11cbf  zetacored-windows-amd64.exe

second run: https://github.com/zeta-chain/ci-testing-node/actions/runs/11674641533

  Downloads cat checksums.txt
6d53dc94191579ebe6f1c5e5399343d901a25154424d445d188454d4241fc8b3  zetaclientd-linux-amd64
25ef3e667a72564c5dcd8b67236fccf8fa8184df1c3f706d613170bc040d5ef6  zetaclientd-linux-arm64
03eee8a920f930df25d23ec584b97e8947b148fbee25d583b0ccfc40c6e013f4  zetacored-darwin-amd64
795507364b57d75126fc7d46edaa1d13e9fe5fd89f6a70b0dbb95533ba8c3380  zetacored-darwin-arm64
3821cf19cf9d9adae1e9b2f9b7880814308b03ea09da5c16877f392f419c0f7c  zetacored-linux-amd64
8d9c941f934d2ae6d6dc2132433fd989dc226703a3a03558480f76adf658a39d  zetacored-linux-arm64
527a57682cc112c98de97b0954db842a8920a1f1fd25f6dd998f9a9d4fe11cbf  zetacored-windows-amd64.exe

Summary by CodeRabbit

  • New Features

    • Introduced input parameters to control pre-release checks and release processes.
    • Added a step to ensure the changelog is updated before a release.
    • Enhanced version consistency checks for the upgrade handler.
  • Bug Fixes

    • Improved handling of existing release tags to prevent conflicts.
  • Refactor

    • Streamlined the build and release commands in the Makefile.
    • Updated linker flags in the build configuration for better clarity and maintainability.

@gartnera gartnera added the UPGRADE_LIGHT_TESTS Run make start-upgrade-test-light label Nov 4, 2024
Copy link
Contributor

coderabbitai bot commented Nov 4, 2024

Important

Review skipped

Auto incremental reviews are disabled on this repository.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

📝 Walkthrough
📝 Walkthrough

Walkthrough

The changes in this pull request involve modifications to the .github/workflows/publish-release.yml, .goreleaser.yaml, and Makefile files. Key updates include the addition of input parameters for controlling pre-release checks, enhancements to the build configuration for zetacored, and a restructuring of commands in the Makefile to streamline the release process. These adjustments aim to improve the overall functionality and maintainability of the build and release workflows.

Changes

File Change Summary
.github/workflows/publish-release.yml - Added input parameters: skip_checks and skip_release (both boolean, default false).
- Renamed step from "Release build dry-run" to "Build release snapshot" and changed command to make release-snapshot.
- Introduced a step to check for updates in CHANGELOG.md, exiting with an error if none are found.
- Added a step to verify major version in upgrade handler matches user input.
- Adjusted tag creation process to handle existing tags more gracefully.
.goreleaser.yaml - Added new linker flags for zetacored: main.version, main.commit, main.date.
- Updated BuildTime to use {{ .CommitDate }}.
- Removed duplicate and unnecessary linker flags.
- Commented out darwin and windows under zetaclientd build configuration.
Makefile - Introduced GORELEASER variable for Docker command encapsulation.
- Updated GOLANG_CROSS_VERSION to include SHA256 checksum.
- Removed BUILDTIME from ldflags and added -buildid=.
- Refactored release commands to utilize GORELEASER, replacing release-dry-run with release-snapshot.

Possibly related PRs

  • ci: cleanup release workflow #2845: This PR modifies the same workflow file .github/workflows/publish-release.yml, enhancing input parameter descriptions and simplifying logic, which is closely related to the changes made in the main PR regarding input parameters and workflow functionality.

Suggested labels

no-changelog

Suggested reviewers

  • lumtis
  • skosito
  • CryptoFewka
  • julianrubino

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share
🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>, please review it.
    • Generate unit testing code for this file.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
    • @coderabbitai generate unit testing code for this file.
    • @coderabbitai modularize this function.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
    • @coderabbitai read src/utils.ts and generate unit testing code.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
    • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

  • @coderabbitai pause to pause the reviews on a PR.
  • @coderabbitai resume to resume the paused reviews.
  • @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
  • @coderabbitai full review to do a full review from scratch and review all the files again.
  • @coderabbitai summary to regenerate the summary of the PR.
  • @coderabbitai resolve resolve all the CodeRabbit review comments.
  • @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
  • @coderabbitai help to get help.

Other keywords and placeholders

  • Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
  • Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
  • Add @coderabbitai anywhere in the PR title to generate the title automatically.

Documentation and Community

  • Visit our Documentation for detailed information on how to use CodeRabbit.
  • Join our Discord Community to get help, request features, and share feedback.
  • Follow us on X/Twitter for updates and announcements.

@gartnera gartnera requested a review from a team November 4, 2024 23:01
@gartnera gartnera marked this pull request as ready for review November 4, 2024 23:01
@github-actions github-actions bot added the ci Changes to CI pipeline or github actions label Nov 4, 2024
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🧹 Outside diff range and nitpick comments (2)
.github/workflows/publish-release.yml (2)

Line range hint 82-92: Fix case sensitivity in changelog filename.

The script uses changelog.md but the error message refers to CHANGELOG.md. This inconsistency could cause issues on case-sensitive filesystems.

Apply this fix:

-          CHANGELOG_DIFF=$(git diff ${DEVELOP_SHA}..${CURRENT_BRANCH_SHA} -- changelog.md)
+          CHANGELOG_DIFF=$(git diff ${DEVELOP_SHA}..${CURRENT_BRANCH_SHA} -- CHANGELOG.md)
🧰 Tools
🪛 yamllint

[error] 54-54: trailing spaces

(trailing-spaces)


Line range hint 164-177: Improve release tag handling robustness.

The current tag handling implementation has several potential issues:

  1. Using sleep for API synchronization is fragile
  2. No error handling for tag deletion failures
  3. No verification of successful tag recreation

Consider this more robust implementation:

-          create_tag=$(git push --tags || echo "tag exists")
-          if [[ $create_tag == "tag exists" ]]; then
-            echo "Delete existing tag to re-create"
-            git tag -d ${GITHUB_TAG_MAJOR_VERSION}
-            git push --delete origin ${GITHUB_TAG_MAJOR_VERSION}
-            echo "sleep for 5 seconds to let github catch up."
-            sleep 5
-            echo "Re-Create Tag."
-            git tag ${GITHUB_TAG_MAJOR_VERSION}
-            git push --tags      
+          if ! git push --tags 2>/dev/null; then
+            echo "Attempting to recreate tag..."
+            if ! git tag -d ${GITHUB_TAG_MAJOR_VERSION} && \
+               ! git push --delete origin ${GITHUB_TAG_MAJOR_VERSION}; then
+              echo "Failed to delete existing tag"
+              exit 1
+            fi
+            # Verify tag is gone
+            if git ls-remote --tags origin | grep -q ${GITHUB_TAG_MAJOR_VERSION}; then
+              echo "Failed to delete remote tag"
+              exit 1
+            fi
+            if ! git tag ${GITHUB_TAG_MAJOR_VERSION} && \
+               ! git push --tags; then
+              echo "Failed to recreate tag"
+              exit 1
+            fi
+          fi
🧰 Tools
🪛 yamllint

[error] 54-54: trailing spaces

(trailing-spaces)

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between 44c377a and af1badd.

📒 Files selected for processing (3)
  • .github/workflows/publish-release.yml (1 hunks)
  • .goreleaser.yaml (1 hunks)
  • Makefile (2 hunks)
🔇 Additional comments (7)
.goreleaser.yaml (2)

61-66: Excellent reproducibility improvements!

The changes effectively address build reproducibility:

  • Using CommitDate ensures stable timestamps
  • Empty buildid removes non-deterministic build IDs
  • Strip flags (-s -w) remove debug symbols

These modifications align perfectly with the goal of achieving bit-perfect builds across different machines.


Line range hint 78-80: Please clarify the platform support reduction.

The Darwin and Windows builds for zetaclientd have been commented out. This significantly reduces platform support:

    goos:
      - linux
      # - darwin
      # - windows

Was this intentional? If so, please:

  1. Document the rationale for this change
  2. Update relevant documentation to reflect the reduced platform support
  3. Consider adding a migration guide for affected users
.github/workflows/publish-release.yml (2)

Line range hint 196-211: LGTM: Excellent addition of build provenance attestation.

The implementation of build provenance attestation is a valuable addition that:

  1. Enhances supply chain security
  2. Provides verifiable build artifacts
  3. Complements the reproducible build objectives
🧰 Tools
🪛 yamllint

[error] 54-54: trailing spaces

(trailing-spaces)


51-53: LGTM: Build snapshot step aligns with reproducibility goals.

The change from release-dry-run to release-snapshot better reflects the actual purpose of this step and aligns with the PR's objective of ensuring reproducible builds.

Let's verify the make target exists:

✅ Verification successful

Verified: The release-snapshot make target is correctly defined and configured

The release-snapshot make target exists in the Makefile and is properly configured to run goreleaser in snapshot mode with appropriate flags:

  • Uses --clean for clean builds
  • Skips validation and publishing with --skip=validate --skip=publish
  • Enables snapshot mode with --snapshot
🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Verify the release-snapshot target exists in Makefile
rg -A 3 '^release-snapshot:' Makefile

Length of output: 143

Makefile (3)

443-454: LGTM! Release commands are well-structured.

The changes improve the release process by:

  1. Providing clear command separation (snapshot vs. build-only)
  2. Using the standardized GORELEASER variable
  3. Adding proper validation for release environment

32-37: Build flags changes enhance reproducibility.

The modifications effectively address build reproducibility:

  1. -buildid= ensures consistent build IDs
  2. Removal of BUILDTIME prevents timestamp variations

Let's verify the impact of build flags:

✅ Verification successful

Build flags are consistently applied across all build targets

The verification confirms that:

  • The build flags (including -buildid=) are uniformly applied via BUILD_FLAGS variable across all build targets
  • No remaining timestamp-related flags exist
  • The flags are properly used in all go install commands throughout the Makefile
  • Different build configurations (standard, test, HSM) maintain consistent base flags
🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check if build flags are consistently applied across build targets
# Expected: Flags should be present in all relevant build commands

# Check build flags in go install commands
rg -A 2 "go install.*BUILD_FLAGS" 

# Check if any timestamp or build ID related flags remain
rg "buildtime|buildid" 

Length of output: 353


Script:

#!/bin/bash
# Let's verify the build flags more comprehensively

# Check all go build/install commands in Makefile
rg -A 5 "go (build|install)" Makefile

# Check for any other build flag definitions or usages
rg "BUILD_FLAGS|LDFLAGS" Makefile

# Check if there are any other files containing build configurations
fd Makefile
fd "\.mk$"

Length of output: 2356


15-26: LGTM! Build configuration ensures reproducibility.

The changes effectively standardize the build environment by:

  1. Pinning the Go version with SHA256 verification
  2. Using Docker to provide a consistent build environment
  3. Setting required environment variables

Let's verify the Docker image hash:

✅ Verification successful

✓ Verified: Docker image configuration is correct and secure

The verification confirms:

  • The specified goreleaser-cross v1.22.7 tag exists in the official repository
  • The SHA256 hash 24b2d75007f0ec8e35d01f3a8efa40c197235b200a1a91422d78b851f67ecce4 matches the official container image
  • The image was published on 2024-09-09 and is properly tagged

The Makefile's build configuration ensures reproducible builds by correctly pinning to a verified, immutable container image.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify the goreleaser Docker image exists and matches the expected hash
# Expected: Image exists and hash matches

docker pull ghcr.io/goreleaser/goreleaser-cross:v1.22.7@sha256:24b2d75007f0ec8e35d01f3a8efa40c197235b200a1a91422d78b851f67ecce4

Length of output: 353


Script:

#!/bin/bash
# Let's verify the image existence and tag using GitHub API
gh api -H "Accept: application/vnd.oci.image.index.v1+json" /v2/goreleaser/goreleaser-cross/manifests/v1.22.7 || \
gh api -H "Accept: application/vnd.docker.distribution.manifest.v2+json" /v2/goreleaser/goreleaser-cross/manifests/v1.22.7

# Also check if this version exists in their releases
gh api repos/goreleaser/goreleaser-cross/releases | jq '.[] | select(.tag_name=="v1.22.7")'

# Let's also verify the Makefile configuration
rg -A 2 'GOLANG_CROSS_VERSION' Makefile

Length of output: 1281


Script:

#!/bin/bash
# Let's verify the image using a different approach
# Check if the version exists in the goreleaser-cross repository
gh api repos/goreleaser/goreleaser-cross/tags | jq '.[] | select(.name=="v1.22.7")'

# Check the container registry directly
gh api \
  -H "Accept: application/vnd.github+json" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  /orgs/goreleaser/packages/container/goreleaser-cross/versions | \
  jq '.[] | select(.metadata.container.tags[] | contains("v1.22.7"))'

# Let's also check the repository's workflow files for this version
rg -l "v1.22.7" .github/workflows/

Length of output: 7631

.goreleaser.yaml Show resolved Hide resolved
@CharlieMc0
Copy link
Member

Something must have changed since you posted your checksums. make release-dry-run no longer exists and it seems to be make release-build-only now. I tried to build and got different hashes than you.

cat dist/checksums.txt
55aff5d779581ebdb6d1febc5892bf3672ebd3e36f3c192db3c00d56eaee7690  zetaclientd-linux-amd64
3f6e67c1862ca45e8029ad90197c9877c747032a32996794749a1f668f729202  zetaclientd-linux-arm64
8f1878f5bcd2c5a2d68de0298a8f2d07b13db70d539a6f0a9a8339bbc8b30a33  zetacored-darwin-amd64
d258fb369b373cbd51051c9b7a88ed4d4bcc6c782bc8d7d401e2a639e29f595e  zetacored-darwin-arm64
7153317b7d6a87ad0cc22793f24f10560043495705ca3f018aca430284ab0c5c  zetacored-linux-amd64
f512ed637d08692bc568aef99d3aff0c1941f91965baa92eca2e41b14c228b38  zetacored-linux-arm64
16f3145ba6db23c38e17387c28e689c2e6fdc48a372afba15aa19d91c05997b2  zetacored-windows-amd64.exe
make release-build-only
docker run --rm --privileged -e CGO_ENABLED=1 -v /var/run/docker.sock:/var/run/docker.sock -v `pwd`:/go/src/github.com/zeta-chain/node -w /go/src/github.com/zeta-chain/node -e "GITHUB_TOKEN=" ghcr.io/goreleaser/goreleaser-cross:v1.22.7@sha256:24b2d75007f0ec8e35d01f3a8efa40c197235b200a1a91422d78b851f67ecce4 --clean --skip=validate --skip=publish
Unable to find image 'ghcr.io/goreleaser/goreleaser-cross:v1.22.7@sha256:24b2d75007f0ec8e35d01f3a8efa40c197235b200a1a91422d78b851f67ecce4' locally
ghcr.io/goreleaser/goreleaser-cross@sha256:24b2d75007f0ec8e35d01f3a8efa40c197235b200a1a91422d78b851f67ecce4: Pulling from goreleaser/goreleaser-cross
80dae1b9d879: Already exists
6231767d61c3: Already exists
e555047dd1c4: Already exists
a9d737685139: Pull complete
13c49844fa6f: Pull complete
d26660356d07: Pull complete
e88338069871: Pull complete
cc862bd25e23: Pull complete
Digest: sha256:24b2d75007f0ec8e35d01f3a8efa40c197235b200a1a91422d78b851f67ecce4
Status: Downloaded newer image for ghcr.io/goreleaser/goreleaser-cross@sha256:24b2d75007f0ec8e35d01f3a8efa40c197235b200a1a91422d78b851f67ecce4
  • only configurations files on  version: 2  are supported, yours is  version: 0 , please update your configuration
  • skipping announce, publish and validate...
  • loading environment variables
  • getting and validating git state
    • git state                                      commit=af1baddd318097e2dd23dbbd446f86fe484fc1aa branch=improve-build-reproducability current_tag=v12.3.0-rc previous_tag=v12.1.0 dirty=true
    • pipe skipped                                   reason=validation is disabled
  • parsing tag
  • setting defaults
  • running before hooks
    • running                                        hook=go mod download
    • running                                        hook=go mod tidy
    • took: 46s
  • checking distribution directory
    • cleaning dist
  • setting up metadata
  • writing release metadata
  • loading go mod information
  • build prerequisites
  • building binaries
    • building                                       binary=dist/zetaclientd_linux_amd64_v1/zetaclientd-linux-amd64
    • building                                       binary=dist/zetacored_darwin_amd64_v1/zetacored-darwin-amd64
    • building                                       binary=dist/zetaclientd_linux_arm64/zetaclientd-linux-arm64
    • building                                       binary=dist/zetacored_linux_arm64/zetacored-linux-arm64
    • building                                       binary=dist/zetacored_linux_amd64_v1/zetacored-linux-amd64
    • building                                       binary=dist/zetacored_windows_amd64_v1/zetacored-windows-amd64.exe
    • building                                       binary=dist/zetacored_darwin_arm64/zetacored-darwin-arm64
    • took: 3m58s
  • generating changelog
  • archives
    • skip archiving                                 binary=zetacored-darwin-arm64 name=zetacored-darwin-arm64
    • skip archiving                                 binary=zetacored-linux-arm64 name=zetacored-linux-arm64
    • skip archiving                                 binary=zetacored-linux-amd64 name=zetacored-linux-amd64
    • skip archiving                                 binary=zetacored-windows-amd64.exe name=zetacored-windows-amd64.exe
    • skip archiving                                 binary=zetacored-darwin-amd64 name=zetacored-darwin-amd64
    • skip archiving                                 binary=zetaclientd-linux-arm64 name=zetaclientd-linux-arm64
    • skip archiving                                 binary=zetaclientd-linux-amd64 name=zetaclientd-linux-amd64
  • calculating checksums
  • writing artifacts metadata
  • release succeeded after 4m49s
  • thanks for using goreleaser!

@gartnera
Copy link
Member Author

gartnera commented Nov 5, 2024

Something must have changed since you posted your checksums. make release-dry-run no longer exists and it seems to be make release-build-only now. I tried to build and got different hashes than you.

Sorry yeah it's make release-snapshot if you don't have a tag now. And I had a tag because I had pulled from ci-testing-node. I've updated the output.

@gartnera gartnera requested a review from CharlieMc0 November 5, 2024 16:44
Copy link
Member

@CharlieMc0 CharlieMc0 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good.

@CharlieMc0
Copy link
Member

My updated checksums after using make release-snapshot

cat dist/checksums.txt
323fb7defda08ffc7686d34030f67cdba1481932481bc92c1a43cf60c419afbf  zetaclientd-linux-amd64
242a7035d6b7eae273bb8bfa672877fc052f03fc0cd1b725696bb47235891793  zetaclientd-linux-arm64
e718df515a9789b784067702fda4a7b446f4bca4410d1d103abcd89b23f12730  zetacored-darwin-amd64
bc88222b7726521e6a55c88fd16ea3ccb1137359e379e7f20c7860545eb29af2  zetacored-darwin-arm64
3111a51160ee01f231a82603591a1fa4043cb87769c73bb184e9467b50778ed4  zetacored-linux-amd64
304276695b3cb9995ad4c7aa1813b3e618180083fe64e9ce6e322ac4c3afc555  zetacored-linux-arm64
a6912c62f5259eb4687b5e3e6589e1f606f43374d929ea0e64b6b47e8c3ce6e8  zetacored-windows-amd64.exe

@gartnera gartnera force-pushed the improve-build-reproducability branch from af1badd to 91a4510 Compare November 5, 2024 22:37
@gartnera gartnera enabled auto-merge November 5, 2024 22:37
@gartnera gartnera added this pull request to the merge queue Nov 5, 2024
Merged via the queue into develop with commit ad73744 Nov 5, 2024
39 checks passed
@gartnera gartnera deleted the improve-build-reproducability branch November 5, 2024 23:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
ci Changes to CI pipeline or github actions UPGRADE_LIGHT_TESTS Run make start-upgrade-test-light
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants