Skip to content

Implement Reproducible Builds and Stabilize Standalone Deployment#1606

Open
GMishx wants to merge 1 commit intoeclipse-sw360:mainfrom
siemens:feat/reproducible
Open

Implement Reproducible Builds and Stabilize Standalone Deployment#1606
GMishx wants to merge 1 commit intoeclipse-sw360:mainfrom
siemens:feat/reproducible

Conversation

@GMishx
Copy link
Copy Markdown
Member

@GMishx GMishx commented Apr 7, 2026

Summary

This PR implements a deterministic build process for the Next.js frontend, ensuring bit-for-bit identical Docker images and resolving runtime stability issues in standalone mode.

Key Changes

  • Reproducible Pipeline: Added scripts/run-deterministic-build.sh to handle manifest normalization, JSON sorting, and timestamp fixing (1970-01-01).
  • Manifest Cleanup: Added scripts/remove-preview-field.js to normalize volatile preview metadata and prevent 500 errors at runtime.
  • Standalone Stability: Disabled telemetry globally and preserved core trace files to resolve startup module errors.
  • Docker Hardening: Optimized the Dockerfile for Podman/OCI compatibility and ensured secure secret bridging for AUTH_SECRET and NEXT_SERVER_ACTIONS_ENCRYPTION_KEY.
  • CI/CD Integration: Simplified GitHub Actions to pass secrets directly into the build process.

Testing

  • Verified 100% bit-parity between successive builds.
  • Verified successful container startup and navigation in standalone mode.
  • Verified ls -laR shows correct normalized timestamps.

Note: PR depends on #1605

@GMishx GMishx requested review from amritkv and deo002 as code owners April 7, 2026 18:50
@GMishx
Copy link
Copy Markdown
Member Author

GMishx commented Apr 7, 2026

Question @deo002 @amritkv , should we have test for reproducible builds in the CI too?

@GMishx GMishx force-pushed the feat/reproducible branch 3 times, most recently from 641f777 to 838aa3d Compare April 8, 2026 06:27
@amritkv amritkv self-assigned this Apr 10, 2026
@amritkv
Copy link
Copy Markdown
Member

amritkv commented Apr 10, 2026

Question @deo002 @amritkv , should we have test for reproducible builds in the CI too?

Hey @GMishx ! Yes, we can have that in CI too.

@GMishx
feat: Implement reproducible builds
a101f91 
This commit implements a deterministic build process for the Next.js
frontend by standardizing environment variables and normalizing output
manifests.
Key improvements:
- Enhanced scripts to handle constant encryption keys and cleanup.
- Added 'pnpm reproducible-build' script to package.json.
- Updated Dockerfile to leverage the reproducible build mode by default.
- Added detailed documentation to README.md.

These changes ensure bit-for-bit identical build outputs across runs,
enhancing supply chain security and auditing.

Signed-off-by: Gaurav Mishra <mishra.gaurav@siemens.com>
@GMishx GMishx force-pushed the feat/reproducible branch from 47818ba to a101f91 Compare April 10, 2026 06:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@amritkv amritkv Awaiting requested review from amritkv amritkv is a code owner

@deo002 deo002 Awaiting requested review from deo002 deo002 is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

@amritkv amritkv

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@GMishx @amritkv