Skip to content

feat(ORC-333): add determenistic docker build #668

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 7 commits into from
Mar 31, 2025
Merged

feat(ORC-333): add determenistic docker build #668

merged 7 commits into from
Mar 31, 2025

Conversation

chasingrainbows
Copy link
Contributor

@chasingrainbows chasingrainbows commented Mar 24, 2025
edited
Loading

Description

  1. Added reproducible docker build feature as "experemental"
  2. Added docs/ directory
  3. Updated .dockerignore
  4. Added Makefile
  5. pulled Reproducability validation [SRE-2530] #672

Related Issue/Task

  • Related task: ORC-333
  • Epic: none

How Has This Been Tested?

Describe how you tested the changes:

  • Local tests
  • Manual testing (describe steps)
    Tested locally, by building image multiple times and comparing them via diffoci tool and my python script.
    Also tested with registry:
# WARNING! Nuke all containers/images
docker rm -vf $(docker ps -aq) && docker rmi -f $(docker images -aq)
# Run build
make reproducible-build-oracle
# Add tag
docker tag oracle-reproducible-container:local chasingrainbows846/oracle-reproducible-container:v1
docker push chasingrainbows846/oracle-reproducible-container:v1
# WARNING! Nuke all containers/images once again
docker rm -vf $(docker ps -aq) && docker rmi -f $(docker images -aq)
# Run build once again
make reproducible-build-oracle
# Check
docker image inspect chasingrainbows846/oracle-reproducible-container:v1 --format 'Image hash: {{.Id}}'                                                                                                                                                                      
# Image hash: sha256:<hash>
docker image inspect oracle-reproducible-container:local --format 'Image hash: {{.Id}}'
# Image hash: sha256:<hash>

Also tested locally on machine of another one contributor.

  • Not tested (explain why)

Checklist

  • Documentation updated (if required)
  • New tests added (if applicable)

@chasingrainbows chasingrainbows force-pushed the feature/orc-333-stabilize-docker-image-output branch 9 times, most recently from 05c0715 to ecea503 Compare March 26, 2025 15:02
@chasingrainbows chasingrainbows self-assigned this Mar 26, 2025
@chasingrainbows chasingrainbows force-pushed the feature/orc-333-stabilize-docker-image-output branch from ecea503 to d076f46 Compare March 26, 2025 15:44
F4ever
F4ever reviewed Mar 27, 2025
View reviewed changes
F4ever
F4ever reviewed Mar 27, 2025
View reviewed changes
F4ever
F4ever reviewed Mar 27, 2025
View reviewed changes
F4ever
F4ever reviewed Mar 27, 2025
View reviewed changes
F4ever
F4ever reviewed Mar 27, 2025
View reviewed changes
F4ever
F4ever reviewed Mar 27, 2025
View reviewed changes
F4ever
F4ever reviewed Mar 27, 2025
View reviewed changes
@chasingrainbows chasingrainbows force-pushed the feature/orc-333-stabilize-docker-image-output branch from d076f46 to 58a299b Compare March 27, 2025 14:38
@chasingrainbows chasingrainbows requested a review from F4ever March 27, 2025 18:00
hweawer
hweawer reviewed Mar 28, 2025
View reviewed changes
hweawer
hweawer approved these changes Mar 28, 2025
View reviewed changes
Copy link
Contributor

@hweawer hweawer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, I reproduced the same hash on the subsequent build.

@chasingrainbows chasingrainbows force-pushed the feature/orc-333-stabilize-docker-image-output branch 2 times, most recently from a506fbe to 0144cec Compare March 28, 2025 12:08
amarao and others added 3 commits March 31, 2025 10:19
@amarao
feat: reproducability validation
b42a8a1 
This code validates that we can build the same tar for a given
image twice. It won't check for high-level things (like properly
pinned dependencies), but it checks if there are no stray
non-deterministic files in the image (caches, timestamps, etc).
@chasingrainbows
feat(ORC-333): add determenistic docker build
7504f6e
@chasingrainbows
feat(ORC-333): add determenistic docker build docs
cd4f89f
@chasingrainbows chasingrainbows force-pushed the feature/orc-333-stabilize-docker-image-output branch from 0144cec to c1c0faf Compare March 31, 2025 10:51
@chasingrainbows chasingrainbows requested a review from a team as a code owner March 31, 2025 10:51
choooze
choooze reviewed Mar 31, 2025
View reviewed changes
@F4ever F4ever merged commit 71e34d5 into develop Mar 31, 2025
10 checks passed
@F4ever F4ever deleted the feature/orc-333-stabilize-docker-image-output branch April 15, 2025 02:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@choooze choooze choooze approved these changes

@hweawer hweawer hweawer approved these changes

@F4ever F4ever F4ever approved these changes

@Ziars Ziars Awaiting requested review from Ziars

Assignees

@chasingrainbows chasingrainbows

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@chasingrainbows @choooze @hweawer @F4ever @amarao