make reproducibility mandatory

MoeMahhouk · MoeMahhouk · commit 760f937fa149 · 2025-06-19T12:35:59.000Z
diff --git a/.github/workflows/checks.yml b/.github/workflows/checks.yml
@@ -80,3 +80,33 @@ jobs:
           go mod tidy
           git update-index -q --really-refresh
           git diff-index HEAD
+
+  reproducibility-test:
+    name: Test Reproducible Builds
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: '1.24'
+          cache: true
+
+      - name: Set SOURCE_DATE_EPOCH for reproducible builds
+        run: echo "SOURCE_DATE_EPOCH=$(git log -1 --format=%ct)" >> $GITHUB_ENV
+
+      - name: Test reproducible builds
+        run: |
+          # Install GoReleaser
+          go install github.com/goreleaser/goreleaser/v2@latest
+          
+          # Run reproducibility test
+          make package-test-reproducible
+          
+          echo "✅ Reproducibility test passed"
+        env:
+          SOURCE_DATE_EPOCH: ${{ env.SOURCE_DATE_EPOCH }}
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -10,8 +10,38 @@ permissions:
   packages: write
 
 jobs:
+  reproducibility-test:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: '1.24'
+          cache: true
+
+      - name: Set SOURCE_DATE_EPOCH for reproducible builds
+        run: echo "SOURCE_DATE_EPOCH=$(git log -1 --format=%ct)" >> $GITHUB_ENV
+
+      - name: Test reproducible builds
+        run: |
+          # Install GoReleaser
+          go install github.com/goreleaser/goreleaser/v2@latest
+          
+          # Run reproducibility test
+          make package-test-reproducible
+          
+          echo "✅ Reproducibility test passed"
+        env:
+          SOURCE_DATE_EPOCH: ${{ env.SOURCE_DATE_EPOCH }}
+
   release:
     runs-on: ubuntu-latest
+    needs: reproducibility-test  # Only run if reproducibility test passes
     steps:
       - name: Checkout
         uses: actions/checkout@v4
@@ -46,7 +76,7 @@ jobs:
 
       - name: Run GoReleaser (Release)
         uses: goreleaser/goreleaser-action@v6
-        if: startsWith(github.ref, 'refs/tags/') && !inputs.snapshot
+        if: startsWith(github.ref, 'refs/tags/')
         with:
           distribution: goreleaser
           version: "~> v2"
@@ -57,19 +87,6 @@ jobs:
           GPG_KEY_PATH: ${{ steps.import_gpg.outputs.keyid && format('/tmp/gpg-{0}.key', steps.import_gpg.outputs.keyid) || '' }}
           NFPM_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
 
-      - name: Run GoReleaser (Snapshot)
-        uses: goreleaser/goreleaser-action@v6
-        if: inputs.snapshot || (!startsWith(github.ref, 'refs/tags/'))
-        with:
-          distribution: goreleaser
-          version: "~> v2"
-          args: release --snapshot --clean
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          SOURCE_DATE_EPOCH: ${{ env.SOURCE_DATE_EPOCH }}
-          GPG_KEY_PATH: ${{ steps.import_gpg.outputs.keyid && format('/tmp/gpg-{0}.key', steps.import_gpg.outputs.keyid) || '' }}
-          NFPM_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
-
       - name: Upload artifacts
         uses: actions/upload-artifact@v4
         with:
@@ -102,34 +119,3 @@ jobs:
             echo "❌ No AMD64 .deb file found for testing"
             exit 1
           fi
-
-  reproducibility-test:
-    runs-on: ubuntu-latest
-    needs: release
-    if: always()
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-
-      - name: Set up Go
-        uses: actions/setup-go@v5
-        with:
-          go-version: '1.24'
-          cache: true
-
-      - name: Set SOURCE_DATE_EPOCH for reproducible builds
-        run: echo "SOURCE_DATE_EPOCH=$(git log -1 --format=%ct)" >> $GITHUB_ENV
-
-      - name: Test reproducible builds
-        run: |
-          # Install GoReleaser
-          go install github.com/goreleaser/goreleaser/v2@latest
-          
-          # Run reproducibility test
-          make package-test-reproducible
-          
-          echo "✅ Reproducibility test passed"
-        env:
-          SOURCE_DATE_EPOCH: ${{ env.SOURCE_DATE_EPOCH }}
