Update reproducible-build-check.yml

sherlockwisdom · web-flow · commit 9d8a93c420f8 · 2026-03-13T21:24:26.000+01:00
diff --git a/.github/workflows/reproducible-build-check.yml b/.github/workflows/reproducible-build-check.yml
@@ -5,10 +5,9 @@ on:
     branches: [ "staging" ]
 
 jobs:
-  reproducible-build:
-    name: Verify Reproducible Build
+  build-1:
+    name: Build 1
     runs-on: ubuntu-latest
-
     steps:
       - name: Checkout repository
         uses: actions/checkout@v4
@@ -17,7 +16,7 @@ jobs:
         working-directory: ci
         run: docker build -t deku_rep_build_release .
 
-      - name: First build
+      - name: Build APK
         run: |
           docker run --rm \
             -v "$(pwd)":/project \
@@ -28,21 +27,31 @@ jobs:
             deku_rep_build_release \
             ./gradlew assembleRelease \
               --no-daemon \
-              --max-workers=1 \
-              -Dorg.gradle.jvmargs="-Xmx4g -XX:MaxMetaspaceSize=512m" \
+              --max-workers=2 \
+              --console=plain \
+              -Dorg.gradle.jvmargs="-Xmx2048m -Xms512m -XX:MaxMetaspaceSize=512m -Dfile.encoding=UTF-8" \
+              -Dkotlin.daemon.jvm.options="-Xmx512m,-Xss1m" \
               -Dkotlin.compiler.execution.strategy=in-process
 
-      - name: Hash first APK
-        id: sha1
-        run: |
-          hash=$(sha256sum app/build/outputs/apk/release/app-release-unsigned.apk)
-          echo "value=$hash" >> "$GITHUB_OUTPUT"
-          echo "First build: $hash"
+      - name: Upload APK
+        uses: actions/upload-artifact@v4
+        with:
+          name: apk-build-1
+          path: app/build/outputs/apk/release/app-release-unsigned.apk
+          retention-days: 1
+
+  build-2:
+    name: Build 2
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
 
-      - name: Remove first APK
-        run: rm app/build/outputs/apk/release/app-release-unsigned.apk
+      - name: Build Docker image
+        working-directory: ci
+        run: docker build -t deku_rep_build_release .
 
-      - name: Second build
+      - name: Build APK
         run: |
           docker run --rm \
             -v "$(pwd)":/project \
@@ -55,21 +64,38 @@ jobs:
               --no-daemon \
               --max-workers=2 \
               --console=plain \
-              -Dorg.gradle.jvmargs="-Xmx1024m -Xms256m -XX:MaxMetaspaceSize=384m -Dfile.encoding=UTF-8" \
+              -Dorg.gradle.jvmargs="-Xmx2048m -Xms512m -XX:MaxMetaspaceSize=512m -Dfile.encoding=UTF-8" \
               -Dkotlin.daemon.jvm.options="-Xmx512m,-Xss1m" \
               -Dkotlin.compiler.execution.strategy=in-process
 
-      - name: Hash second APK
-        id: sha2
-        run: |
-          hash=$(sha256sum app/build/outputs/apk/release/app-release-unsigned.apk)
-          echo "value=$hash" >> "$GITHUB_OUTPUT"
-          echo "Second build: $hash"
+      - name: Upload APK
+        uses: actions/upload-artifact@v4
+        with:
+          name: apk-build-2
+          path: app/build/outputs/apk/release/app-release-unsigned.apk
+          retention-days: 1
+
+  compare:
+    name: Compare APKs
+    runs-on: ubuntu-latest
+    needs: [ build-1, build-2 ]
+    steps:
+      - name: Download APK from build 1
+        uses: actions/download-artifact@v4
+        with:
+          name: apk-build-1
+          path: apk-build-1
+
+      - name: Download APK from build 2
+        uses: actions/download-artifact@v4
+        with:
+          name: apk-build-2
+          path: apk-build-2
 
       - name: Compare hashes
         run: |
-          SHA1="${{ steps.sha1.outputs.value }}"
-          SHA2="${{ steps.sha2.outputs.value }}"
+          SHA1=$(sha256sum apk-build-1/app-release-unsigned.apk | awk '{ print $1 }')
+          SHA2=$(sha256sum apk-build-2/app-release-unsigned.apk | awk '{ print $1 }')
           echo "Build 1: $SHA1"
           echo "Build 2: $SHA2"
           if [ "$SHA1" = "$SHA2" ]; then
