Builds aren't deterministic - Githubissues

jenkins-infra / uplink

A simple telemetry service for Jenkins instances.

https://uplink.jenkins.io/

GNU Affero General Public License v3.0

1 stars 2 forks source link

Builds aren't deterministic #50

Closed lemeurherve closed 1 year ago

lemeurherve commented 1 year ago

Reproduction steps

Notice the use of npm install (not deterministic) in the Dockerfile and in the Makefile:
- https://github.com/jenkins-infra/uplink/blob/72808854ccdadaa52bcf32e85a4367605b96e331/Dockerfile#L8
- https://github.com/jenkins-infra/uplink/blob/72808854ccdadaa52bcf32e85a4367605b96e331/Makefile#L33

Expected Results

Builds are using npm ci to use exclusively the package-lock.json file updated manually by contributors so they're deterministic.

Actual Results

Builds are using npm install and thus aren't deterministic.

Anything else?

No response

lemeurherve commented 1 year ago

Closed by mistake.