Skip to content

ROX-33792: make operator bundle reproducible#19657

Closed
janisz wants to merge 2 commits intomasterfrom
ROX-33792-reproducible-bundle-build
Closed

ROX-33792: make operator bundle reproducible#19657
janisz wants to merge 2 commits intomasterfrom
ROX-33792-reproducible-bundle-build

Conversation

@janisz
Copy link
Copy Markdown
Contributor

@janisz janisz commented Mar 27, 2026

Description

Use SOURCE_DATE_EPOCH from git commit timestamp instead of current time for createdAt annotation. Sort environment variables to ensure deterministic ordering of related images in the bundle CSV.

This allows identical source to produce identical image digests, improving supply chain security and enabling content-addressable storage benefits.

User-facing documentation

Testing and quality

  • the change is production ready: the change is GA, or otherwise the functionality is gated by a feature flag
  • CI results are inspected

Automated testing

  • added unit tests
  • added e2e tests
  • added regression tests
  • added compatibility tests
  • modified existing tests

How I validated my change

CI

@janisz @claude
ROX-33792: make operator bundle builds reproducible
9ddd7f4 
Use SOURCE_DATE_EPOCH from git commit timestamp instead of current time
for createdAt annotation. Sort environment variables to ensure deterministic
ordering of related images in the bundle CSV.

This allows identical source to produce identical image digests, improving
supply chain security and enabling content-addressable storage benefits.

User request: "Compare this two bundles and check if we can make our image
reporducible. Test it locally on master as that could be our third PR"

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
@janisz janisz requested review from a team and rhacs-bot as code owners March 27, 2026 15:36
@janisz janisz requested review from GrimmiMeloni and removed request for a team March 27, 2026 15:36
@rhacs-bot rhacs-bot requested a review from a team March 27, 2026 15:36
@github-actions github-actions bot added area/operator konflux-build Run Konflux in PR. Push commit to trigger it. labels Mar 27, 2026
@janisz @claude
fix(operator): move SOURCE_DATE_EPOCH ARG to bundle.Dockerfile.extra
9197e6b 
bundle.Dockerfile is regenerated by operator-sdk, so the ARG must be
in bundle.Dockerfile.extra which gets appended during the build process.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
@janisz janisz changed the title ROX-33792: make operator bundle builds reproducible ROX-33792: make operator bundle reproducible Mar 27, 2026
@rhacs-bot
Copy link
Copy Markdown
Contributor

rhacs-bot commented Mar 27, 2026
edited
Loading

Images are ready for the commit at 9197e6b.

To use with deploy scripts, first export MAIN_IMAGE_TAG=4.11.x-473-g9197e6b385.

@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Mar 27, 2026

/konflux-retest roxctl-on-push

@janisz janisz closed this Mar 27, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rhacs-bot rhacs-bot Awaiting requested review from rhacs-bot rhacs-bot is a code owner

@GrimmiMeloni GrimmiMeloni Awaiting requested review from GrimmiMeloni GrimmiMeloni is a code owner automatically assigned from stackrox/install

Assignees

No one assigned

Labels

area/operator konflux-build Run Konflux in PR. Push commit to trigger it.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@janisz @rhacs-bot