I have Golang aws lambda project. I deploy it on github actinos using terraform scripts. I have situation like: Build #1
-rwxr-xr-x 1 runner docker 14717304 Jan 1 2022 aTest
-rw-r--r-- 1 runner docker 7776780 Jan 1 2022 aTest.zip
I do 1 change in some file that is even not imported in any other file and Build #2
-rwxr-xr-x 1 runner docker 14717304 Jan 1 2022 aTest
-rw-r--r-- 1 runner docker 7776755 Jan 1 2022 aTest.zip
zips sizes are changed but binary not
here is important part of my Makefile
build: ## Build Linux binary with path consistent with passed functionction layere (layer) and functionction name (function)
build: resolve-env
@$(BUILD_FLAGS) ${GOCMD} build ${LDFLAGS} -o ${BINARY_PATH} ${GO_PKG}
@touch -t 202201010000.00 ${BINARY_PATH}
.PHONY: package
package: build
@cd ${DST} && ${ZIPCMD} -X -q --latest-time ${ABS_ZIP_PATH} ${function}
@touch -t 202201010000.00 ${ABS_ZIP_PATH}
when I do the same change locally, and run build using terraform or tool called: "act" there is no such change.. only on github actions. I need to keep the same size, which affects sha256sum ( to avoid deploying each lambda ). What can be the reason ?
This answer focuses on the reproducible build of the go binaries.
Though it shows that the go binaries have the same size, I doubt that the contents are different. Please check the hash of binaries to confirm that first.
To get a reproducible build, besides other obvious requirements, you also need to:
CGO_ENABLED=0
already (this information is provided by another question which has already been deleted).-trimpath
flag. Maybe the GitHub action will always place the source code in the same directory. To be safe, let's specify this option.-buildvcs=false
. By default ("auto"), version control information is stamped into the binary if it's available. This explains why two commits with only difference in the readme file produce different binaries.References: