Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: reproducible-build-test | |
| on: | |
| workflow_dispatch: {} | |
| push: | |
| schedule: | |
| - cron: "0 1 */2 * *" | |
| jobs: | |
| build: | |
| name: build reproducible binaries | |
| runs-on: ${{ matrix.runner }} | |
| strategy: | |
| matrix: | |
| include: | |
| - runner: warp-ubuntu-2404-x64-32x | |
| machine: machine-1 | |
| - runner: warp-ubuntu-2204-x64-32x | |
| machine: machine-2 | |
| steps: | |
| - uses: actions/checkout@v5 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Install rust | |
| run: | | |
| curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y | |
| - name: Build reproducible binary with Docker | |
| run: | | |
| RUST_TOOLCHAIN=$(rustc --version | cut -d' ' -f2) | |
| docker build \ | |
| --build-arg "RUST_TOOLCHAIN=${RUST_TOOLCHAIN}" \ | |
| -f docker/Dockerfile.reproducible -t rbuilder:release \ | |
| --output type=local,dest=./target . | |
| - name: Calculate SHA256 | |
| id: sha256 | |
| run: | | |
| sha256sum target/rbuilder-operator > rbuilder-operator.sha256 | |
| echo "hash=$(cat rbuilder-operator.sha256 | cut -d' ' -f1)" >> $GITHUB_OUTPUT | |
| echo "Binary SHA256 on ${{ matrix.machine }}: $(cat rbuilder-operator.sha256)" | |
| - name: Upload the hash | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: rbuilder-operator-${{ matrix.machine }} | |
| path: | | |
| rbuilder-operator.sha256 | |
| retention-days: 1 | |
| compare: | |
| name: compare reproducible binaries | |
| needs: build | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Download artifacts from machine-1 | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: rbuilder-operator-machine-1 | |
| path: machine-1/ | |
| - name: Download artifacts from machine-2 | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: rbuilder-operator-machine-2 | |
| path: machine-2/ | |
| - name: Compare SHA256 hashes | |
| run: | | |
| echo "=== SHA256 Comparison ===" | |
| echo "Machine 1 hash:" | |
| cat machine-1/rbuilder-operator.sha256 | |
| echo "Machine 2 hash:" | |
| cat machine-2/rbuilder-operator.sha256 | |
| HASH1=$(cat machine-1/rbuilder-operator.sha256 | cut -d' ' -f1) | |
| HASH2=$(cat machine-2/rbuilder-operator.sha256 | cut -d' ' -f1) | |
| echo "Extracted hashes:" | |
| echo "Machine 1: $HASH1" | |
| echo "Machine 2: $HASH2" | |
| if [ "$HASH1" = "$HASH2" ]; then | |
| echo "✅ SUCCESS: Binaries are identical (reproducible build verified)" | |
| echo "SHA256: $HASH1" | |
| else | |
| echo "❌ FAILURE: Binaries differ (reproducible build failed)" | |
| echo "Machine 1 SHA256: $HASH1" | |
| echo "Machine 2 SHA256: $HASH2" | |
| exit 1 | |
| fi |