refinements and addressing feedback

MoeMahhouk · MoeMahhouk · commit 3494cbbf751e · 2025-06-19T09:43:26.000Z
diff --git a/.github/workflows/checks.yml b/.github/workflows/checks.yml
@@ -64,10 +64,10 @@ jobs:
         run: go install mvdan.cc/gofumpt@v0.4.0
 
       - name: Install staticcheck
-        run: go install honnef.co/go/tools/cmd/staticcheck@latest
+        run: go install honnef.co/go/tools/cmd/staticcheck@v0.6.1
 
       - name: Install golangci-lint
-        run: go install github.com/golangci/golangci-lint/cmd/golangci-lint@latest
+        run: go install github.com/golangci/golangci-lint/cmd/golangci-lint@v1.64.8
 
       # - name: Install NilAway
       #   run: go install go.uber.org/nilaway/cmd/nilaway@v0.0.0-20240821220108-c91e71c080b7
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -4,13 +4,6 @@ on:
   push:
     tags:
       - 'v*'
-  workflow_dispatch:
-    inputs:
-      snapshot:
-        description: 'Create snapshot release'
-        required: false
-        default: false
-        type: boolean
 
 permissions:
   contents: write
diff --git a/.goreleaser.yaml b/.goreleaser.yaml
@@ -206,7 +206,7 @@ release:
   mode: append
   
   # Create release draft
-  draft: false
+  draft: true
   
   # Mark as prerelease if version contains prerelease identifiers
   prerelease: auto
diff --git a/Makefile b/Makefile
@@ -115,77 +115,8 @@ package-local: ## Build packages locally for testing
 
 .PHONY: package-test-reproducible
 package-test-reproducible: ## Test reproducible builds
-	@echo "🔄 Testing reproducible builds..."
-	@mkdir -p ./test-reproducible
-	@echo "  Building first version (with packages)..."
-	@if goreleaser release --snapshot --clean >/dev/null 2>&1; then \
-		echo "    ✅ First build completed"; \
-		cp -r ./dist ./test-reproducible/build1; \
-	else \
-		echo "❌ First build failed"; \
-		echo "Running with verbose output:"; \
-		goreleaser release --snapshot --clean; \
-		rm -rf ./test-reproducible; \
-		exit 1; \
-	fi
-	@sleep 2
-	@echo "  Building second version (with packages)..."
-	@if goreleaser release --snapshot --clean >/dev/null 2>&1; then \
-		echo "    ✅ Second build completed"; \
-		cp -r ./dist ./test-reproducible/build2; \
-	else \
-		echo "❌ Second build failed"; \
-		echo "Running with verbose output:"; \
-		goreleaser release --snapshot --clean; \
-		rm -rf ./test-reproducible; \
-		exit 1; \
-	fi
-	@echo "  Comparing packages and binaries..."
-	@BUILD1_DEBS=$$(find ./test-reproducible/build1 -name "*.deb" | wc -l); \
-	BUILD2_DEBS=$$(find ./test-reproducible/build2 -name "*.deb" | wc -l); \
-	BUILD1_BINS=$$(find ./test-reproducible/build1 -type f -name "go-template-*" | wc -l); \
-	BUILD2_BINS=$$(find ./test-reproducible/build2 -type f -name "go-template-*" | wc -l); \
-	echo "    Found $$BUILD1_DEBS .deb packages and $$BUILD1_BINS binaries in first build"; \
-	echo "    Found $$BUILD2_DEBS .deb packages and $$BUILD2_BINS binaries in second build"; \
-	if [ "$$BUILD1_DEBS" -eq 0 ] && [ "$$BUILD1_BINS" -eq 0 ]; then \
-		echo "❌ No build artifacts found in first build"; \
-		find ./test-reproducible/build1 -type f | head -10; \
-		rm -rf ./test-reproducible; \
-		exit 1; \
-	fi
-	@echo "  Comparing binary checksums..."
-	@find ./test-reproducible/build1 -type f -name "go-template-*" -exec sha256sum {} \; | sed 's|./test-reproducible/build1/||' | sort > ./test-reproducible/checksums1_bins.txt
-	@find ./test-reproducible/build2 -type f -name "go-template-*" -exec sha256sum {} \; | sed 's|./test-reproducible/build2/||' | sort > ./test-reproducible/checksums2_bins.txt
-	@echo "  Comparing package checksums..."
-	@find ./test-reproducible/build1 -name "*.deb" -exec sha256sum {} \; | sed 's|./test-reproducible/build1/||' | sort > ./test-reproducible/checksums1_debs.txt
-	@find ./test-reproducible/build2 -name "*.deb" -exec sha256sum {} \; | sed 's|./test-reproducible/build2/||' | sort > ./test-reproducible/checksums2_debs.txt
-	@if diff ./test-reproducible/checksums1_bins.txt ./test-reproducible/checksums2_bins.txt >/dev/null 2>&1; then \
-		BINS_MATCH=true; \
-	else \
-		BINS_MATCH=false; \
-	fi; \
-	if diff ./test-reproducible/checksums1_debs.txt ./test-reproducible/checksums2_debs.txt >/dev/null 2>&1; then \
-		DEBS_MATCH=true; \
-	else \
-		DEBS_MATCH=false; \
-	fi; \
-	if [ "$$BINS_MATCH" = "true" ] && [ "$$DEBS_MATCH" = "true" ]; then \
-		echo "✅ Both binaries and packages are reproducible!"; \
-	else \
-		echo "❌ Builds are NOT reproducible!"; \
-		if [ "$$BINS_MATCH" = "false" ]; then \
-			echo "Binary differences:"; \
-			diff ./test-reproducible/checksums1_bins.txt ./test-reproducible/checksums2_bins.txt || true; \
-		fi; \
-		if [ "$$DEBS_MATCH" = "false" ]; then \
-			echo "Package differences:"; \
-			diff ./test-reproducible/checksums1_debs.txt ./test-reproducible/checksums2_debs.txt || true; \
-		fi; \
-		rm -rf ./test-reproducible; \
-		exit 1; \
-	fi
-	@rm -rf ./test-reproducible
-	@echo "🎉 Reproducibility test passed"
+	@chmod +x scripts/test-reproducible.sh
+	@./scripts/test-reproducible.sh
 
 .PHONY: package-install-local
 package-install-local: package-local ## Install locally built package
diff --git a/scripts/test-reproducible.sh b/scripts/test-reproducible.sh
@@ -0,0 +1,49 @@
+#!/bin/bash
+set -e
+
+echo "🔄 Testing reproducible builds..."
+
+# Create test directory
+mkdir -p ./test-reproducible
+
+# Build first version
+echo "  Building first version..."
+SOURCE_DATE_EPOCH=$(git log -1 --format=%ct) goreleaser release --snapshot --clean >/dev/null 2>&1 || {
+    echo "❌ First build failed"
+    goreleaser release --snapshot --clean
+    rm -rf ./test-reproducible
+    exit 1
+}
+cp -r ./dist ./test-reproducible/build1
+
+# Wait to ensure different build times
+sleep 2
+
+# Build second version
+echo "  Building second version..."
+SOURCE_DATE_EPOCH=$(git log -1 --format=%ct) goreleaser release --snapshot --clean >/dev/null 2>&1 || {
+    echo "❌ Second build failed"
+    goreleaser release --snapshot --clean
+    rm -rf ./test-reproducible
+    exit 1
+}
+cp -r ./dist ./test-reproducible/build2
+
+# Compare builds
+echo "  Comparing builds..."
+find ./test-reproducible/build1 -name "*.deb" -exec sha256sum {} \; | sed 's|./test-reproducible/build1/||' | sort > ./test-reproducible/checksums1.txt
+find ./test-reproducible/build2 -name "*.deb" -exec sha256sum {} \; | sed 's|./test-reproducible/build2/||' | sort > ./test-reproducible/checksums2.txt
+
+if diff ./test-reproducible/checksums1.txt ./test-reproducible/checksums2.txt >/dev/null 2>&1; then
+    echo "✅ Builds are reproducible!"
+else
+    echo "❌ Builds are NOT reproducible!"
+    echo "Differences:"
+    diff ./test-reproducible/checksums1.txt ./test-reproducible/checksums2.txt || true
+    rm -rf ./test-reproducible
+    exit 1
+fi
+
+# Cleanup
+rm -rf ./test-reproducible
+echo "🎉 Reproducibility test passed"
