Make builds of distributed Maven artifacts reproducible

eclipse / steady

Analyses your Java applications for open-source dependencies with known vulnerabilities, using both static analysis and testing to determine code context and usage for greater accuracy. https://eclipse.github.io/steady/

Apache License 2.0

537 stars 123 forks source link

Make builds of distributed Maven artifacts reproducible #452

Closed henrikplate closed 4 years ago

henrikplate commented 4 years ago

Updated plugins to versions that support reproducible builds. Added script to facilitate the bumping of versions before and after a release.

Check reproducibility of distributed maven artifacts with

mvn clean install -e -DskipTests
mvn clean verify -e -DskipTests artifact:buildinfo

More information at

https://maven.apache.org/guides/mini/guide-reproducible-builds.html
https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=74682318.

TODOs
[ ] Tests
[ ] Documentation

eclipse / steady

Make builds of distributed Maven artifacts reproducible #452

TODOs

`TODO`s