Merge pull request '[CHORE] Support reproducible builds' (#4970) from gusted/forgejo-reproducible-builds into forgejo

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4970 Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org> Reviewed-by: Michael Kriese <michael.kriese@gmx.de> Reviewed-by: Radosław Piliszek <radek@piliszek.it>
2024-09-21 17:38:58 +02:00 · 2024-08-20 18:14:33 +00:00 · 2024-08-20 18:14:33 +00:00 · 5b81cab0ed
commit 5b81cab0ed
parent 9111eb3473 be46795975
2 changed files with 22 additions and 1 deletions
--- a/2
+++ b/2
@ -36,7 +36,7 @@ WORKDIR ${GOPATH}/src/code.gitea.io/gitea
 RUN make clean
 RUN make frontend
 RUN go build contrib/environment-to-ini/environment-to-ini.go && xx-verify environment-to-ini
-RUN make RELEASE_VERSION=$RELEASE_VERSION go-check generate-backend static-executable && xx-verify gitea
+RUN make RELEASE_VERSION=$RELEASE_VERSION GOFLAGS="-trimpath" LDFLAGS="-buildid=" go-check generate-backend static-executable && xx-verify gitea

 # Copy local files
 COPY docker/root /tmp/local
--- a/21
+++ b/21
@ -268,6 +268,7 @@ help:
 	@echo " - tidy                             run go mod tidy"
 	@echo " - test[\#TestSpecificName]         run unit test"
 	@echo " - test-sqlite[\#TestSpecificName]  run integration test for sqlite"
+	@echo " - reproduce-build\#version         build a reproducible binary for the specified release version"

 ###
 # Check system and environment requirements
@ -890,6 +891,26 @@ release-sources: | $(DIST_DIRS)
 release-docs: | $(DIST_DIRS) docs
 	tar -czf $(DIST)/release/gitea-docs-$(VERSION).tar.gz -C ./docs .

+.PHONY: reproduce-build
+reproduce-build:
+# Start building the Dockerfile with the RELEASE_VERSION tag set. GOPROXY is set
+# for convience, because the default of the Dockerfile is `direct` which can be
+# quite slow.
+	@docker build --build-arg="RELEASE_VERSION=$(RELEASE_VERSION)" --build-arg="GOPROXY=$(shell $(GO) env GOPROXY)" --tag "forgejo-reproducibility" .
+	@id=$$(docker create forgejo-reproducibility); \
+	docker cp $$id:/app/gitea/gitea ./forgejo; \
+	docker rm -v $$id; \
+	docker image rm forgejo-reproducibility:latest
+
+.PHONY: reproduce-build\#%
+reproduce-build\#%:
+	@git switch -d "$*"
+# All the current variables are based on information before the git checkout happened.
+# Call the makefile again, so these variables are correct and can be used for building
+# a reproducible binary. Always execute git switch -, to go back to the previous branch.
+	@make reproduce-build; \
+	(code=$$?; git switch -; exit $${code})
+
 ###
 # Dependency management
 ###