docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #19613 from dvdksn/build-gha-reproducible-builds 

build(gha): add reproducible builds example (source_date_epoch)
This commit is contained in:
David Karlsson 2024-03-13 14:45:24 +01:00 committed by GitHub
parent 882caa01fb 784f7ebaa7
commit 7e5929d9d5
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 144 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

142
content/build/ci/github-actions/reproducible-builds.md Normal file
View File

@ -0,0 +1,142 @@
---
title: Reproducible builds with GitHub Actions
description: How to create reproducible builds in GitHub Actions using the SOURCE_EPOCH environment variable
keywords: build, buildx, github actions, ci, gha, reproducible builds, SOURCE_DATE_EPOCH
---
`SOURCE_DATE_EPOCH` is a [standardized environment variable][source_date_epoch]
for instructing build tools to produce a reproducible output.
Setting the environment variable for a build makes the timestamps in the
image index, config, and file metadata reflect the specified Unix time.
[source_date_epoch]: https://reproducible-builds.org/docs/source-date-epoch/
To set the environment variable in GitHub Actions,
use the built-in `env` property on the build step.
## Unix epoch timestamps
The following example sets the `SOURCE_DATE_EPOCH` variable to 0, Unix epoch.
{{< tabs group="action" >}}
{{< tab name="`docker/build-push-action`" >}}
```yaml
name: ci
on:
push:
branches:
- "main"
jobs:
docker:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Build
uses: docker/build-push-action@v5
with:
context: .
tags: user/app:latest
env:
SOURCE_DATE_EPOCH: 0
```
{{< /tab >}}
{{< tab name="`docker/bake-action`" >}}
```yaml
name: ci
on:
push:
branches:
- "main"
jobs:
docker:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Build
uses: docker/bake-action@v4
env:
SOURCE_DATE_EPOCH: 0
```
{{< /tab >}}
{{< /tabs >}}
## Git commit timestamps
The following example sets `SOURCE_DATE_EPOCH` to the Git commit timestamp.
{{< tabs group="action" >}}
{{< tab name="`docker/build-push-action`" >}}
```yaml
name: ci
on:
push:
branches:
- "main"
jobs:
docker:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- run: echo "TIMESTAMP=$(git log -1 --pretty=%ct)" >> $GITHUB_ENV
- name: Build
uses: docker/build-push-action@v5
with:
context: .
tags: user/app:latest
env:
SOURCE_DATE_EPOCH: ${{ env.TIMESTAMP }}
```
{{< /tab >}}
{{< tab name="`docker/bake-action`" >}}
```yaml
name: ci
on:
push:
branches:
- "main"
jobs:
docker:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- run: echo "TIMESTAMP=$(git log -1 --pretty=%ct)" >> $GITHUB_ENV
- name: Build
uses: docker/bake-action@v4
env:
SOURCE_DATE_EPOCH: ${{ env.TIMESTAMP }}
```
{{< /tab >}}
{{< /tabs >}}
## Additional information
For more information about the `SOURCE_DATE_EPOCH` support in BuildKit,
see [BuildKit documentation](https://github.com/moby/buildkit/blob/master/docs/build-repro.md#source_date_epoch).

2
data/toc.yaml
View File

@ -1918,6 +1918,8 @@ Manuals:
title: SBOM and provenance attestations
- path: /build/ci/github-actions/annotations/
title: Annotations
- path: /build/ci/github-actions/reproducible-builds/
title: Reproducible builds
- path: /build/release-notes/
title: Release notes
- sectiontitle: Docker Compose