diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 7c3f518bf..4be436693 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -35,11 +35,17 @@ rust-nightly: - RUSTDOCFLAGS="-Dwarnings" cargo doc --all-features --document-private-items build-repro: + rules: + - if: $CI_PIPELINE_SOURCE == "schedule" + - if: $CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_TAG != null stage: build image: rust:1.54.0-alpine3.14 script: - ./maint/reproducible_build.sh artifacts: paths: - - arti-bin + - arti-linux + - arti-windows.exe expire_in: 1 day + tags: + - TPA diff --git a/maint/reproducible_build.sh b/maint/reproducible_build.sh index 8140a5866..2f35455a2 100755 --- a/maint/reproducible_build.sh +++ b/maint/reproducible_build.sh @@ -25,20 +25,12 @@ cd /arti ## use tmpfs to store dependancies sources. It has been observed that what ## filesystem these files reside on has an impact on the resulting binary. ## We put these in a tmpfs as a way to stabilize the result. -# TODO CI /dev/shm is too small to store sources, at the moment we rely on -# a but in docker that gives a bigger than intended tmpfs in an effort to hide -# the cgroup control fs. This does not actually interact with cgroups, but -# should be removed as soon as /dev/shm get increased -if mount | grep '/sys/fs/cgroup type tmpfs' > /dev/null; then - mkdir -p /sys/fs/cgroup/registry /usr/local/cargo/registry - ln -s /sys/fs/cgroup/registry /usr/local/cargo/registry/src -else - mkdir -p /dev/shm/registry /usr/local/cargo/registry - ln -s /dev/shm/registry /usr/local/cargo/registry/src -fi +mkdir -p /dev/shm/registry /usr/local/cargo/registry +ln -s /dev/shm/registry /usr/local/cargo/registry/src ## add missing dependancies -apk add --no-cache musl-dev perl make git +apk add --no-cache musl-dev perl make git mingw-w64-gcc +rustup target add x86_64-pc-windows-gnu ## bring back the Cargo.lock where dependancies version are strictly defined mv misc/Cargo.lock Cargo.lock @@ -47,10 +39,15 @@ mv misc/Cargo.lock Cargo.lock ## feature "static" enable compiling some C dependancies instead of linking ## to system libraries. It is required to get a well behaving result. cargo build -p arti --target x86_64-unknown-linux-musl --release --features static +mv /arti/target/x86_64-unknown-linux-musl/release/arti "$here"/arti-linux + +## PE contains a timestamp of when they were built. Don't insert this value +export RUSTFLAGS="$RUSTFLAGS -C link-arg=-Wl,--no-insert-timestamp" +cargo build -p arti --target x86_64-pc-windows-gnu --release --features static +mv /arti/target/x86_64-pc-windows-gnu/release/arti.exe "$here"/arti-windows.exe set +x -echo branch: "$(git rev-parse --abbrev-ref HEAD)" -echo commit: "$(git rev-parse HEAD)" -echo build hash: "$(sha256sum target/x86_64-unknown-linux-musl/release/arti | cut -d " " -f 1)" - -mv /arti/target/x86_64-unknown-linux-musl/release/arti "$here"/arti-bin +echo "branch :" "$(git rev-parse --abbrev-ref HEAD)" +echo "commit :" "$(git rev-parse HEAD)" +echo "Linux hash :" "$(sha256sum "$here"/arti-linux | cut -d " " -f 1)" +echo "Windows hash :" "$(sha256sum "$here"/arti-windows.exe | cut -d " " -f 1)"