Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[YUNIKORN-2487] Force REPRODUCIBLE_BUILDS=1 when generating release artifacts #176

Closed
wants to merge 1 commit into from
Closed

[YUNIKORN-2487] Force REPRODUCIBLE_BUILDS=1 when generating release artifacts #176

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
25 changes: 24 additions & 1 deletion release-top-level-artifacts/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,8 @@ All dependencies are included in the image.
NOTE: the scheduler can be used without a web UI build or deployed.

## Building
Run the `make` command to build docker images.
Run the `make` command to build docker images. To generate verifiable, reproducible binaries,
run `make REPRODUCIBLE_BUILDS=1`

```shell script
make
Expand Down Expand Up @@ -108,6 +109,28 @@ located in the [User Guide](https://yunikorn.apache.org/docs/).

The convenience build images are multi-architecture images. Supported architectures are `amd64` and `arm64`.

## Reproducible builds
Building YuniKorn from source generates reproducible build artifacts which
depend only on the version of YuniKorn built and the go compiler version used.

This release was compiled by the official release manager using Go version `@GO_VERSION@`
and generated binary artifacts with the following SHA-512 checksums:

### linux/amd64
```
@AMD64_BINARIES@
```

### linux/arm64
```
@ARM64_BINARIES@
```

To verify your own binaries, be sure to execute your build in reproducible mode:
```shell script
make REPRODUCIBLE_BUILDS=1
```

## Testing the build
Running the unit tests is supported via the make command.
It will run the tests for all parts of YuniKorn in order:
Expand Down
4 changes: 2 additions & 2 deletions tools/build-release.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -265,7 +265,7 @@ def build_web_and_generate_hashes(staging_dir, release_name, arch):
unpack_staging_tarball(staging_dir, tmp_dir, release_name)
web_dir = os.path.join(release_dir, "web")
os.chdir(web_dir)
retcode = subprocess.call(['make', 'HOST_ARCH=' + arch, 'build_server_prod'])
retcode = subprocess.call(['make', 'REPRODUCIBLE_BUILDS=1', 'HOST_ARCH=' + arch, 'build_server_prod'])
if retcode:
fail("failed to build yunikorn-web (%s)" % arch)
hash = get_checksum("build/prod/yunikorn-web", "yunikorn-web")
Expand All @@ -285,7 +285,7 @@ def build_shim_and_generate_hashes(staging_dir, release_name, arch):
unpack_staging_tarball(staging_dir, tmp_dir, release_name)
shim_dir = os.path.join(release_dir, "k8shim")
os.chdir(shim_dir)
retcode = subprocess.call(['make', 'HOST_ARCH=' + arch, 'scheduler', 'plugin', 'admission'])
retcode = subprocess.call(['make', 'REPRODUCIBLE_BUILDS=1', 'HOST_ARCH=' + arch, 'scheduler', 'plugin', 'admission'])
if retcode:
fail("failed to build yunikorn-k8shim (%s)" % arch)
adm_hash = get_checksum("build/bin/yunikorn-admission-controller", "yunikorn-admission-controller")
Expand Down
Loading