-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Publish a release with #4204 #4219
Comments
While the next version of JIB is getting prepared for release, you may try this workaround: I'm using multi-module Gradle project with dependencies {
// Other dependencies
implementation("com.google.cloud.tools:jib-gradle-plugin:3.4.1")
constraints {
implementation("org.apache.commons:commons-compress") {
version {
strictly("1.21")
because("For reproducibility of JIB images")
}
}
}
} Unrelated to JIB, but related to Spring Boot and Jar packaging tasks: I also added these blocks: springBoot {
buildInfo {
excludes.set(setOf("time"))
}
}
tasks.withType<org.springframework.boot.gradle.tasks.bundling.BootJar> {
isPreserveFileTimestamps = false
isReproducibleFileOrder = true
}
tasks.withType<Jar> {
isPreserveFileTimestamps = false
isReproducibleFileOrder = true
} Now running |
We are also impacted by this and we use Bazel. A release soon would be very much appreciated. |
jib-gradle-plugin:3.4.2 and jib-maven-plugin:3.4.2 have been released with the fix in #4204! Thanks again for your help @izogfif and @@bjornbugge! |
We use Jib primarily for reproducibility, so #4141 has been a big challenge for us. We are excited about the fix #4204 that were merged two weeks ago. Can a new release be created?
Environment:
All
Description of the issue:
Jib builds are not reproducible when run with the latest release unless we are very careful to install the right version of commons-compress
Expected behavior:
We can use the fix in #4204 without building our own JARs.
The text was updated successfully, but these errors were encountered: