Agenda
-
What are reproducible builds?
-
Why are they useful?
-
Demo time!
What are reproducible builds?
“Reproducible builds are a set of software development practices that create an independently-verifiable path from source to binary code.” – reproducible-builds.org
Ingredients
-
Transforming a given source must always create the same result
-
The build environment should either be recorded or pre-defined
-
Users should be given a way to:
-
recreate a close enough build environment
-
perform the build process
-
validate that the output matches the original build
from reproducible-builds.org
Ingredients
- Transforming a given source must always create the same result ✘
- The build environment should either be recorded or pre-defined✔
- Users should be given a way to:
- recreate a close enough build environment✔
- perform the build process✔
- validate that the output matches the original build✘
from reproducible-builds.org
“It works on my machine!” – Every developer at some point in their career
Why reproducible builds?
-
The runtime version of java is directly tied to your code
-
You can always recreate old versions of your application
-
It’s easily verifiable, if Java caused the error or something else
Why reproducible builds?
-
Everything, from build tools, over dependencies to runtime environment as code
-
Basically no time to get started with development
-
Extremely simple ci pipelines
-
Every developer gets updates of the necessary tools without intervention