shemnon
commented
2 months ago You will want these two options set in lots of places
- preserveFileTimestamps = false
- reproducibleFileOrder = true
It appears Gradle took away dirMode and fileMode settings, hopefully it's because they made it consistent. This old and incompatible plugin may have other useful insights - https://github.com/Johni0702/gradle-reproducible-builds-plugin?tab=readme-ov-file
macfarla
As a release manager, I want the SHA for the release artifacts to be deterministic (based on github commit), so that if we have to re-run a workflow using the same commit as input, the artifacts that result are verifiably identical.
Current hypothesis is that timestamp is also baked in and that's why the sha produced is not deterministic