diff --git a/Dockerfile b/Dockerfile index 736a2c694c..4453d9abf3 100644 --- a/Dockerfile +++ b/Dockerfile @@ -36,7 +36,7 @@ WORKDIR ${GOPATH}/src/code.gitea.io/gitea RUN make clean RUN make frontend RUN go build contrib/environment-to-ini/environment-to-ini.go && xx-verify environment-to-ini -RUN make RELEASE_VERSION=$RELEASE_VERSION go-check generate-backend static-executable && xx-verify gitea +RUN make RELEASE_VERSION=$RELEASE_VERSION GOFLAGS="-trimpath" LDFLAGS="-buildid=" go-check generate-backend static-executable && xx-verify gitea # Copy local files COPY docker/root /tmp/local diff --git a/Makefile b/Makefile index e3ae021b27..26c53d733c 100644 --- a/Makefile +++ b/Makefile @@ -268,6 +268,7 @@ help: @echo " - tidy run go mod tidy" @echo " - test[\#TestSpecificName] run unit test" @echo " - test-sqlite[\#TestSpecificName] run integration test for sqlite" + @echo " - reproduce-build\#version build a reproducible binary for the specified release version" ### # Check system and environment requirements @@ -890,6 +891,26 @@ release-sources: | $(DIST_DIRS) release-docs: | $(DIST_DIRS) docs tar -czf $(DIST)/release/gitea-docs-$(VERSION).tar.gz -C ./docs . +.PHONY: reproduce-build +reproduce-build: +# Start building the Dockerfile with the RELEASE_VERSION tag set. GOPROXY is set +# for convience, because the default of the Dockerfile is `direct` which can be +# quite slow. + @docker build --build-arg="RELEASE_VERSION=$(RELEASE_VERSION)" --build-arg="GOPROXY=$(shell $(GO) env GOPROXY)" --tag "forgejo-reproducibility" . + @id=$$(docker create forgejo-reproducibility); \ + docker cp $$id:/app/gitea/gitea ./forgejo; \ + docker rm -v $$id; \ + docker image rm forgejo-reproducibility:latest + +.PHONY: reproduce-build\#% +reproduce-build\#%: + @git switch -d "$*" +# All the current variables are based on information before the git checkout happened. +# Call the makefile again, so these variables are correct and can be used for building +# a reproducible binary. Always execute git switch -, to go back to the previous branch. + @make reproduce-build; \ + (code=$$?; git switch -; exit $${code}) + ### # Dependency management ###