workflows/release: Make tar archive reproducible

This is just a general good practice, but I hit a weird issue
where trying to unpack this tarball in a github action failed
because we changed ownership to the runner when run as root.

Signed-off-by: Colin Walters <walters@verbum.org>
This commit is contained in:
Colin Walters 2024-04-30 09:59:46 -04:00
parent 38bf3f6e1b
commit 9f7b93b3ee
2 changed files with 5 additions and 1 deletions

View file

@ -170,7 +170,8 @@ if $os in ['macos-latest'] or $USE_UBUNTU {
print $'(char nl)(ansi g)Archive contents:(ansi reset)'; hr-line; ls $dest | print
tar -czf $archive $dest
# https://reproducible-builds.org/docs/archives/
tar --sort=name $"--mtime=@($env.SOURCE_DATE_EPOCH)" --owner=0 --group=0 --numeric-owner '--pax-option=exthdr.name=%d/PaxHeaders/%f,delete=atime,delete=ctime' -czf $archive $dest
print $'archive: ---> ($archive)'; ls $archive
# REF: https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/
echo $"archive=($archive)" | save --append $env.GITHUB_OUTPUT

View file

@ -75,6 +75,9 @@ jobs:
steps:
- uses: actions/checkout@v4.1.3
- name: Set SOURCE_DATE_EPOCH
run: echo "SOURCE_DATE_EPOCH=$(git log -1 --pretty=%ct)" >> $GITHUB_ENV
- name: Update Rust Toolchain Target
run: |
echo "targets = ['${{matrix.target}}']" >> rust-toolchain.toml