Use commit time as source date for reproducable builds

HeroCC · Oct 3, 2024 · 2888f71 · 2888f71
1 parent eabd850
commit 2888f71
Showing 1 changed file with 15 additions and 4 deletions.
diff --git a/.github/workflows/docker-publish.yaml b/.github/workflows/docker-publish.yaml
@@ -23,6 +23,7 @@ jobs:
         run: |
           platform=${{ matrix.arch }}
           echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV
+          echo "COMMIT_TIMESTAMP=$(git log -1 --pretty=%ct)" >> $GITHUB_ENV
 
       - name: Set up QEMU
         uses: docker/setup-qemu-action@v3
@@ -33,6 +34,8 @@ jobs:
       - name: Build base by digest for cache
         id: build
         uses: docker/build-push-action@v6
+        env:
+          SOURCE_DATE_EPOCH: ${{ env.COMMIT_TIMESTAMP }}
         with:
           platforms: ${{ matrix.platform }}
           file: docker/Dockerfile
@@ -58,12 +61,11 @@ jobs:
         run: |
           platform=${{ matrix.arch }}
           echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV
+          echo "COMMIT_TIMESTAMP=$(git log -1 --pretty=%ct)" >> $GITHUB_ENV
 
       - name: Docker meta
         id: meta
         uses: docker/metadata-action@v5
-        env:
-          DOCKER_METADATA_ANNOTATIONS_LEVELS: manifest,index
         with:
           images: ${{ env.REGISTRY_IMAGE }}
 
@@ -83,12 +85,12 @@ jobs:
       - name: Build and cache by digest
         id: build
         uses: docker/build-push-action@v6
+        env:
+          SOURCE_DATE_EPOCH: ${{ env.COMMIT_TIMESTAMP }}
         with:
           platforms: ${{ matrix.arch }}
-          annotations: ${{ steps.meta.outputs.annotations }}
           file: docker/Dockerfile
           target: ${{ matrix.flavor }}
-          labels: ${{ steps.meta.outputs.labels }}
           cache-from: type=gha,scope=${{ env.PLATFORM_PAIR }}
           cache-to: type=gha,mode=max,scope=${{ env.PLATFORM_PAIR }}
 
@@ -97,12 +99,19 @@ jobs:
     needs:
       - build
     steps:
+      - name: Prepare
+        run: |
+          echo "COMMIT_TIMESTAMP=$(git log -1 --pretty=%ct)" >> $GITHUB_ENV
+
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
 
       - name: Docker meta
         id: meta
         uses: docker/metadata-action@v5
+        env:
+          DOCKER_METADATA_ANNOTATIONS_LEVELS: manifest,index
+          SOURCE_DATE_EPOCH: ${{ env.COMMIT_TIMESTAMP }}
         with:
           images: ${{ env.REGISTRY_IMAGE }}
           tags: |
@@ -125,6 +134,8 @@ jobs:
       - name: Build and push by digest
         id: build
         uses: docker/build-push-action@v6
+        env:
+          SOURCE_DATE_EPOCH: ${{ env.COMMIT_TIMESTAMP }}
         with:
           platforms: ${{ matrix.arch }}
           annotations: ${{ steps.meta.outputs.annotations }}