Feature #5630: Reproducible builds
Lower the workload caused by reproducible builds Jenkins jobs
Currently, when I push a commit to a base branch, 3 ISOs are built from the same commit:
- one ISO is built by the
- two ISOs are built by the
reproducibly_build_Tails_ISO_$branchjob and then compared.
We really need to build only 2 of these ISOs to get what we want, so there's room for improvement wrt. our CI infrastructure latency and throughput => usefulness.
I suggest instead having any successful
build_Tails_ISO_$branch job trigger another job, that would:
- get as input the ISO built by
build_Tails_ISO_$branch(a checksum would be enough in the best case, but we really need that ISO to compare when they differ), and any relevant parameter e.g. the commit ID and base branch commit ID;
- build a second ISO image (ideally with different build settings e.g. a time offset applied and a different CPU, but this is certainly not a blocker for this ticket)
- run diffoscope to compare these ISOs
- if these ISOs are the same, then delete all artifacts; otherwise, archive both ISO build artifacts + the diffoscope output
This looks very similar to what we already do for the
test_Tails_ISO_* jobs, so I expect it will be pretty cheap to implement.
And as a bonus, in most cases the 2 ISOs will be built on two different isobuilders, which increases the value of the reproducibility testing :)
- Assignee changed from intrigeri to bertagaz
I'll take care of it unless you want it.
As you wish. That's easy and fun to set up and good to play with our Jenkins jobs setup, but if you ever want to do something else, feel free to reassign to me.
Please go ahead.