Skip to content

feat: add deterministic build support for consistent layer caching#4

Draft
klit79 wants to merge 8 commits intospring-boot-actions:v4from
klit79:feat/deterministic-builds
Draft

feat: add deterministic build support for consistent layer caching#4
klit79 wants to merge 8 commits intospring-boot-actions:v4from
klit79:feat/deterministic-builds

Conversation

@klit79
Copy link

@klit79 klit79 commented Dec 16, 2025
edited
Loading

Problem

Spring Boot layer extraction creates files with random timestamps and ownership, causing Docker layer hashes to change even when dependencies are unchanged. This forces full re-downloads on every image pull.

Solution

Add deterministic: true option that normalizes:

  • Timestamps to 2023-01-01
  • Ownership to root:root (0:0)
  • Permissions to 644/755

Usage

- uses: spring-boot-actions/spring-boot-bake@v4
  with:
    deterministic: true

Result

✅ Same dependencies = same layer hash = Docker caches properly
✅ Image pulls download only changed layers (~20MB vs ~800MB)
✅ Backward compatible (defaults to false)

Trade-off: Files show fixed timestamp instead of actual build time.

socheatsok78 and others added 5 commits September 7, 2024 09:32
@socheatsok78
Merge pull request spring-boot-actions#3 from spring-boot-actions/trunk
3736282 
Experimental support for both `tools` and `layertools` for `-Djarmode` option
@socheatsok78
Update java-entrypoint.sh
3e9bbc3
@socheatsok78
Update README.md
3574643
@klit79
feat: add deterministic build support for consistent layer caching
0bb4a53 
Add optional `deterministic` input to normalize file timestamps and
permissions in extracted Spring Boot layers. This ensures identical
file contents produce identical Docker layer hashes, enabling proper
layer caching across builds.

Changes:
- Add `deterministic` input to action.yml (default: false)
- Update spring-boot-bake.sh to pass deterministic flag
- Modify Dockerfile to normalize timestamps (202301010000.00) and
  permissions (644/755) when deterministic=true
- Applied to both jarmode=tools and jarmode=layertools extraction

Benefits:
- Dramatically reduces image pull times (only changed layers download)
- Fixes issue where dependency layers re-download on every pull
- Backward compatible (opt-in feature)
- Works with all cache backends (registry, GHA, inline)

Usage:
  uses: spring-boot-actions/spring-boot-bake@v4
  with:
    deterministic: true
@klit79
fix: normalize file ownership in deterministic builds
da9693b 
- add chown 0:0 to reset ownership to root for all extracted files
- update comments to reflect ownership normalization alongside timestamps and permissions
- apply ownership reset in both Spring Boot 3.2+ and legacy extraction paths
@klit79 klit79 force-pushed the feat/deterministic-builds branch from 715fbee to da9693b Compare December 16, 2025 10:12
@klit79 klit79 changed the base branch from main to v4 December 16, 2025 10:16
@klit79 klit79 marked this pull request as draft December 16, 2025 10:17
@klit79 klit79 force-pushed the feat/deterministic-builds branch from 120cbb5 to 7a9cb83 Compare December 16, 2025 12:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@klit79 @socheatsok78