Shows Binary reproducibility by thirdparty icon on the adoptium.net

[SehrishHussain]

Description of change

This PR introduces build attestation support for Temurin binaries and surfaces a reproducibility indicator in the Release Results UI when a third party attestation is available. Closes #554

useAttestations hook

useAttestations provides a cached, checksum based view of build attestations for a given release.

• It is a dedicated hook for resolving third party build attestations for a given Temurin release.
• Fetches attestations using the release_name endpoint and joins them to binaries via checksum, without modifying existing release or binary data structures.
• Normalizes the API response into a lookup object keyed by target_checksum, enabling O(1) attestation checks during rendering.
• Deduplicates incoming checksums up front to avoid redundant processing and ensure predictable fetch behavior.
• Maintains an internal cache using useRef so that:
  - previously resolved checksums are not refetched on rerender
  - cache updates do not trigger unnecessary component rerenders
• Explicitly tracks unresolved checksums and only processes those that have not yet been cached.
• Handles partial results gracefully:
  • checksums not present in the API response are cached as undefined
  • a 404 response is treated as “no attestations available” and cached accordingly
  • non-404 errors are surfaced via an error state
• Guards against state updates after unmount using a cancellation flag.
• Exposes a minimal, stable interface (attestations, isLoading, error) suitable for reuse across multiple views (e.g. Releases, Marketplace).

UI reference

I’ve attached a screenshot showing how the reproducibility indicator appears alongside existing certification icons on the Latest Release page. The icon shows a tooltip as well, however icon design can be improved. Suggestions required.

Open question

This PR currently surfaces the attestation indicator on the Latest Releases page only.

I appreciate your guidance on how you’d like the reproducibility indicator to appear in the UI on the Marketplace page (e.g. placement alongside existing badges, visibility rules, or any differences from the Release Results view).

Added unit tests for the useAttestations hook as well; all tests pass locally.

Checklist

• npm test and npm run build passes
• documentation is changed or added (if applicable)
• permission has been obtained to add new logo (if applicable)
• contribution guidelines followed here

[netlify]

✅ Deploy Preview for adoptium-next ready!

Name	Link
🔨 Latest commit	2ab6326
🔍 Latest deploy log	https://app.netlify.com/projects/adoptium-next/deploys/695df8163822d500080527e8
😎 Deploy Preview	https://deploy-preview-643--adoptium-next.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[codecov]

Codecov Report

❌ Patch coverage is 70.88608% with 23 lines in your changes missing coverage. Please review.
✅ Project coverage is 76.58%. Comparing base (e9046ed) to head (2ab6326).
⚠️ Report is 2 commits behind head on main.

Files with missing lines	Patch %	Lines
...c/components/Marketplace/AllReleasesCard/index.tsx	4.54%	19 Missing and 2 partials ⚠️
...mponents/Temurin/Releases/ReleaseResults/index.tsx	89.47%	2 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #643      +/-   ##
==========================================
+ Coverage   76.26%   76.58%   +0.32%     
==========================================
  Files         175      176       +1     
  Lines        3295     3353      +58     
  Branches     1028     1045      +17     
==========================================
+ Hits         2513     2568      +55     
- Misses        664      667       +3     
  Partials      118      118              

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[SehrishHussain]

@andrew-m-leonard @smlambert Can you take a look at the PR and leave your suggestions about Marketplace page please.

[smlambert]

Hi Sehrish, can you try with the 3rd image listed in #554 (comment) as it has a lighter edge which will show up better. I can create a few other options with more contrast also.

[SehrishHussain]

@smlambert How does this look like? If you want to try something with more contrast we will give it a try too.

[smlambert]

If you want to try something with more contrast we will give it a try too.

That is improved, but I will share a couple of other revisions with you shortly. thanks!

[smlambert]