Feature/reproducible builds console#151
Feature/reproducible builds console#151developerzohaib786 wants to merge 1 commit intoapache:mainfrom
Conversation
|
@jbonofre @binarycat0 @dimas-b I have also update the readme to match the actual project structure (uses react-router-dom not TanStack Router): |
There was a problem hiding this comment.
+1 to reproducible builds. Thanks, @developerzohaib786 !
Changes LGTM, but I'm not a UI expert 😅
@binarycat0 @jbonofre WDYT?
There was a problem hiding this comment.
Thank you for the contribution and for your interest in the apache/polaris-tools project.
In its current form, this PR is difficult to review and merge. It contains a large number of changes that are not directly related to the stated goal, which makes the diff unnecessarily complex and increases the risk of unintended side effects. In this project, PRs expected to be focused on a single, well-defined problem.
I recommend reducing this PR to only the changes strictly required for the intended feature or fix, and moving unrelated refactoring or experimental work to separate PRs or discussions.
Additionally, I noticed that parts of this contribution may have been generated with the help of AI tools. While the use of AI-assisted development is not prohibited, such code often requires extra validation, refinement, and alignment with the project’s conventions and architecture before it can be considered for merging.
Please also make sure to follow the contribution guidelines before submitting code:
https://polaris.apache.org/community/contributing-guidelines/#before-you-begin-contributing-code
YES i can make it possible by only focusing on only one thing (reproduceable builds) i think for this purpose pakage-lock.json and docker file would not be changed. we will open an another issue to discuss and work on other features later |
developerzohaib786
force-pushed
the
feature/reproducible-builds-console
branch
from
827b3a2 to
aba2308
Compare
Self TestingMinimal Changesthere are only two changes in docker file adding npm ci to install dependencies and package-lock.json fille to copy 
npm ci command testing successful
First build
Second build
as i properly know that the procedure of building : source code -> dist folder -> sha256 hasesh. and hashes of both builds are matching i tested by my own self. here is the screenshots build 1 sha256 hashes
build 2 sha256 hashes
both hashes are matching |
|
@binarycat0 i will open new issue to discuss other build and install problem |
|
@developerzohaib786 can you please rebase and clean the PR ? It looks like a large part of the PR is generated by AI. While it's OK, it would be better if you can focus on your own change addressing the issue (reproducible build). |
|
@developerzohaib786 also, please rebase and resolve conflict. |
|
@jbonofre yes some part is ai generated but with due respect not full pull request as you know AI can't take the context of such a large codebase. if you would prefer, i can remove the devbox.json and readme changes and submit them as a separate pull request. please let me know which approach you prefer ?? Thank U |
|
@developerzohaib786 if you can focus on the actual required changes, it will simplify the review. Also please rebase and fix conflict. Thanks. |
developerzohaib786
force-pushed
the
feature/reproducible-builds-console
branch
from
581d483 to
54686f6
Compare
Self testing resultsinstalling dependencies via npm ci and first build via npm build
second build
|
How to test this pull request ?Step 1:install dependencies via npm ci Step 2:do first build via npm build Step 3:clean and rebuild |
…ache#151. changes: - add devbox.json to pin node.js version for consistent environment fixes apache#163
|
@binarycat0 @dimas-b @jbonofre please review updates on this pull request. so i can take another issue and work on it. also if changes needed in this pull request i will do. kindly review. |
binarycat0
left a comment
binarycat0
left a comment
There was a problem hiding this comment.
Thanks for your contribution. I left a couple comments, please review.
Also, I checked the initial Issue and I'm not sure if it's really an issue or not. Could you validate with @snazy if this is necessary?
Thanks again.
console/vite.config.ts
Outdated
| }, | ||
| }, | ||
| }, | ||
| server: { |
There was a problem hiding this comment.
This part was removed in purpose by commit 6400f26#diff-89e288dad28206c4dba769912bafe2033718daf741530aebeac099ed16d740eaL35
|
|
||
| # Install dependencies | ||
| RUN npm install | ||
| RUN npm ci |
There was a problem hiding this comment.
Is it necessary to use install-clean instead of install?
developerzohaib786
force-pushed
the
feature/reproducible-builds-console
branch
from
49bf4dc to
10b481a
Compare
|
@binarycat0 any updates on this pull request? |
|
I will take a look tomorrow. |
|
@developerzohaib786 Hello. I see that CI job is broken because of the changes @snazy Hello, could you validate the build changes if it meets the requirements? |
|
|
||
| # Install dependencies | ||
| RUN npm install | ||
| RUN npm ci |
There was a problem hiding this comment.
I think install is required before ci.
| .PHONY: install | ||
| install: | ||
| npm install | ||
| npm ci |
There was a problem hiding this comment.
I think install is required before ci.
console/vite.config.ts
Outdated
| assetFileNames: "assets/[name]-[hash][extname]", | ||
| manualChunks: (id) => { | ||
| if (id.includes("node_modules")) { | ||
| return "vendor" |
|
@binarycat0 I will take a look as well (see my previous comment). I'm not sure the PR is good yet (a few comments to verify). |
…ting and sourcemaps for determinism
developerzohaib786
force-pushed
the
feature/reproducible-builds-console
branch
from
10b481a to
6e80749
Compare
CI was failing because npm ci requires package_lock.json to be present. I havve updated the Dockerfile to copy both package.json and packagelock.json. As i am beginner and I have not much experience of CI/CD pipelines, read some documentation and get some explanation from AI and issue is fixed now and i am getting familiar with real world things and practices. |
|
@binarycat0 @jbonofre i have tested locally the current code and reproduceable builds are working. please test the current code as soon as possible and if any changes still required I will be available to solve |
|
@jbonofre @binarycat0 please take this up |
4 participants
fixes #95
I have tested and everything is working fine and here is the proof
Verifying devbox.json
the nodejs 22.12.0 is available in json content
Verifying package.json has pinned versions
As there is no ^ prefix in any dependency version so there is no output
Verifying that the npm ci has clean install
Clean build # 1
Build # 1 Sha256 hash
Clean build # 2
Build # 2 Sha256 hash