Fix the merge artifact issue (#367)

Author: agrasth

build/build.go

@@ -166,6 +166,9 @@ func (b *Build) ToBuildInfo() (*entities.BuildInfo, error) {
 	if err != nil {
 		return nil, err
 	}
+	// Sort generated build infos by Started timestamp (oldest first)
+	// This ensures artifacts are merged in chronological order
+	sortBuildInfosByTimestamp(generatedBuildsInfo)
 	for _, v := range generatedBuildsInfo {
 		buildInfo.Append(v)
 	}
@@ -209,6 +212,20 @@ func (b *Build) getGeneratedBuildsInfo() ([]*entities.BuildInfo, error) {
 	return generatedBuildsInfo, nil
 }
 
+// sortBuildInfosByTimestamp sorts build infos by their Started timestamp (oldest first).
+// This ensures that when merging, newer artifacts replace older ones correctly.
+func sortBuildInfosByTimestamp(buildInfos []*entities.BuildInfo) {
+	sort.Slice(buildInfos, func(i, j int) bool {
+		timeI, errI := time.Parse(entities.TimeFormat, buildInfos[i].Started)
+		timeJ, errJ := time.Parse(entities.TimeFormat, buildInfos[j].Started)
+		// If parsing fails, maintain original order for those items
+		if errI != nil || errJ != nil {
+			return false
+		}
+		return timeI.Before(timeJ)
+	})
+}
+
 func (b *Build) SaveBuildInfo(buildInfo *entities.BuildInfo) (err error) {
 	buildJson, err := json.Marshal(buildInfo)
 	if err != nil {

build/build_test.go

@@ -1,10 +1,11 @@
 package build
 
 import (
-	"github.com/jfrog/build-info-go/entities"
-	"github.com/stretchr/testify/assert"
 	"os"
 	"testing"
+
+	"github.com/jfrog/build-info-go/entities"
+	"github.com/stretchr/testify/assert"
 )
 
 func TestCollectEnv(t *testing.T) {
@@ -79,3 +80,71 @@ func TestCollectEnv(t *testing.T) {
 		})
 	}
 }
+
+func TestSortBuildInfosByTimestamp(t *testing.T) {
+	tests := []struct {
+		name          string
+		buildInfos    []*entities.BuildInfo
+		expectedOrder []string // Expected order of Started timestamps
+	}{
+		{
+			name: "already sorted",
+			buildInfos: []*entities.BuildInfo{
+				{Name: "build1", Started: "2026-01-30T10:00:00.000+0000"},
+				{Name: "build2", Started: "2026-01-30T11:00:00.000+0000"},
+				{Name: "build3", Started: "2026-01-30T12:00:00.000+0000"},
+			},
+			expectedOrder: []string{
+				"2026-01-30T10:00:00.000+0000",
+				"2026-01-30T11:00:00.000+0000",
+				"2026-01-30T12:00:00.000+0000",
+			},
+		},
+		{
+			name: "reverse order",
+			buildInfos: []*entities.BuildInfo{
+				{Name: "build3", Started: "2026-01-30T12:00:00.000+0000"},
+				{Name: "build2", Started: "2026-01-30T11:00:00.000+0000"},
+				{Name: "build1", Started: "2026-01-30T10:00:00.000+0000"},
+			},
+			expectedOrder: []string{
+				"2026-01-30T10:00:00.000+0000",
+				"2026-01-30T11:00:00.000+0000",
+				"2026-01-30T12:00:00.000+0000",
+			},
+		},
+		{
+			name: "mixed order - Maven install then deploy scenario",
+			buildInfos: []*entities.BuildInfo{
+				{Name: "deploy", Started: "2026-01-30T10:05:30.000+0000"},  // deploy (later)
+				{Name: "install", Started: "2026-01-30T10:05:00.000+0000"}, // install (earlier)
+			},
+			expectedOrder: []string{
+				"2026-01-30T10:05:00.000+0000", // install first
+				"2026-01-30T10:05:30.000+0000", // deploy second
+			},
+		},
+		{
+			name:          "empty list",
+			buildInfos:    []*entities.BuildInfo{},
+			expectedOrder: []string{},
+		},
+		{
+			name: "single item",
+			buildInfos: []*entities.BuildInfo{
+				{Name: "build1", Started: "2026-01-30T10:00:00.000+0000"},
+			},
+			expectedOrder: []string{"2026-01-30T10:00:00.000+0000"},
+		},
+	}
+
+	for _, tc := range tests {
+		t.Run(tc.name, func(t *testing.T) {
+			sortBuildInfosByTimestamp(tc.buildInfos)
+			for i, expected := range tc.expectedOrder {
+				assert.Equal(t, expected, tc.buildInfos[i].Started,
+					"Position %d: expected %s, got %s", i, expected, tc.buildInfos[i].Started)
+			}
+		})
+	}
+}

entities/buildinfo.go

@@ -2,19 +2,28 @@ package entities
 
 import (
 	"errors"
+	"fmt"
+	"os"
 	"regexp"
 	"sort"
 	"strings"
 	"time"
 
 	"github.com/jfrog/build-info-go/utils/compareutils"
+	"github.com/jfrog/gofrog/log"
 	"golang.org/x/exp/maps"
 	"golang.org/x/exp/slices"
 
 	cdx "github.com/CycloneDX/cyclonedx-go"
 	"github.com/jfrog/gofrog/stringutils"
 )
 
+// MergeArtifactsByNameEnv controls whether artifacts with the same name but different SHA1s
+// should be merged (keeping the newer one). This handles non-deterministic builds like Maven SNAPSHOTs.
+// Set to "FALSE" to disable name-based merging and only use SHA1 comparison.
+// Default: enabled (any value other than "FALSE")
+const MergeArtifactsByNameEnv = "JFROG_CLI_MERGE_BUILD_INFO_ARTIFACTS_BY_NAME"
+
 type ModuleType string
 
 const (
@@ -255,20 +264,70 @@ func mergeModules(merge *Module, into *Module) {
 }
 
 func mergeArtifacts(mergeArtifacts *[]Artifact, intoArtifacts *[]Artifact) {
-	for _, mergeArtifact := range *mergeArtifacts {
+	mergeByNameEnabled := strings.ToUpper(os.Getenv(MergeArtifactsByNameEnv)) != "FALSE"
+	log.Debug(fmt.Sprintf("Merge artifacts by name enabled: %v", mergeByNameEnabled))
+
+	for _, newArtifact := range *mergeArtifacts {
 		exists := false
-		for _, artifact := range *intoArtifacts {
-			if mergeArtifact.Sha1 == artifact.Sha1 {
+
+		// PRIORITY 1: Check SHA1 - if checksums match, artifact already exists (skip it)
+		for _, existingArtifact := range *intoArtifacts {
+			if newArtifact.Sha1 == existingArtifact.Sha1 {
 				exists = true
 				break
 			}
 		}
+
+		// PRIORITY 2: If SHA1 doesn't match, check by artifact name
+		// This handles non-deterministic builds (Maven WAR with timestamps, etc.)
+		// where rebuilding produces different checksums for the same logical artifact.
+		if !exists && mergeByNameEnabled {
+			for i, existingArtifact := range *intoArtifacts {
+				if newArtifact.Name == existingArtifact.Name && isSameLogicalArtifact(existingArtifact, newArtifact) {
+					// Same logical artifact but different checksum
+					// Use incoming artifact (from later merge operation)
+					log.Warn(fmt.Sprintf("Artifact '%s' has different checksums (%s vs %s). Using incoming artifact.",
+						newArtifact.Name, existingArtifact.Sha1, newArtifact.Sha1))
+					(*intoArtifacts)[i] = newArtifact
+					exists = true
+					break
+				}
+			}
+		}
+
+		// No match found - add as new artifact
 		if !exists {
-			*intoArtifacts = append(*intoArtifacts, mergeArtifact)
+			*intoArtifacts = append(*intoArtifacts, newArtifact)
 		}
 	}
 }
 
+// isSameLogicalArtifact checks if two artifacts represent the same logical artifact.
+// Returns true if they are in the same directory and same repository.
+func isSameLogicalArtifact(existing, new Artifact) bool {
+	// Check if paths are in the same directory
+	if extractPathDir(existing.Path) != extractPathDir(new.Path) {
+		return false
+	}
+
+	// Check repo - reject if BOTH have repos AND they differ
+	if existing.OriginalDeploymentRepo != "" && new.OriginalDeploymentRepo != "" &&
+		existing.OriginalDeploymentRepo != new.OriginalDeploymentRepo {
+		return false
+	}
+
+	return true
+}
+
+// extractPathDir extracts the directory portion from an artifact path
+func extractPathDir(path string) string {
+	lastSlash := strings.LastIndex(path, "/")
+	if lastSlash == -1 {
+		return ""
+	}
+	return path[:lastSlash]
+}
+
 func mergeDependenciesLists(dependenciesToAdd, intoDependencies *[]Dependency) {
 	for i, dependencyToAdd := range *dependenciesToAdd {
 		exists := false