search

cilium / cilium-cli

CLI to install, manage & troubleshoot Kubernetes clusters running Cilium
https://cilium.io
Apache License 2.0
435 stars 208 forks source link

curl'ing `stable.txt` from `cilium/cilium` makes builds unreproducible. #2870

Open Foxboron opened 5 days ago

Foxboron commented 5 days ago

Bug report

Currently the build is requiring to curl a stable.txt file from cilium/cilium upon building. It's unclear to me why this is needed, but as we are fetching from a continuously moving source the implication is that past releases of cilium-cli is going to be unreproducible as the build inputs will be moving.

This value should be hard coded pr release, and not fetched from main.

General Information

N/A

How to reproduce the issue

  1. Build a past executable with the stable.txt curl and see the checksum be different.
Foxboron commented 5 days ago

And to be clear, this is relevant for downstream packagers as there is no clear indication what the CILIUM_VERSION should be for any version of cilium-cli. The current version of v0.16.20 is going to have either v1.16.4 or v1.16.3 embedded into the binary.