From b7ecc1c240f92252f061745d287accc886f3a742 Mon Sep 17 00:00:00 2001
From: Ivan Gabaldon <igabaldon@inetol.net>
Date: Sat, 20 Sep 2025 11:33:23 +0200
Subject: [enh] container: reproducible layers (#5222)

* [enh] container: reproducible layers

We are not aiming for reproducibility compliance, but we look to make most
builder layers reproducible without caching at least for a short period of time
(until the builder's base image changes or the child dependencies of a
requirements.txt package are updated).

This feature is only available on Podman.

This targets https://github.com/searxng/searxng/pull/5086 main goal.

* [fix] misc: apply suggestions

Suggested: https://github.com/searxng/searxng/pull/5222#discussion_r2364630496
Suggested: https://github.com/searxng/searxng/pull/5222#discussion_r2364630511

* [enh] container: prevent useless layer
---
 utils/lib_sxng_container.sh | 19 +++++++++++++++----
 1 file changed, 15 insertions(+), 4 deletions(-)

(limited to 'utils')

diff --git a/utils/lib_sxng_container.sh b/utils/lib_sxng_container.sh
index 73947bdba..27d6c5414 100644
--- a/utils/lib_sxng_container.sh
+++ b/utils/lib_sxng_container.sh
@@ -85,9 +85,20 @@ container.build() {
         info_msg "Set \$DOCKER_TAG: $DOCKER_TAG"
         info_msg "Set \$GIT_URL: $GIT_URL"
 
+        # change cmp to lockfile when available
+        timestamp_requirements_main=$(git log -1 --format='%ct' ./requirements.txt)
+        timestamp_requirements_server=$(git log -1 --format='%ct' ./requirements-server.txt)
+        if [[ "$timestamp_requirements_main" -ge "$timestamp_requirements_server" ]]; then
+            timestamp_venv="$timestamp_requirements_main"
+        else
+            timestamp_venv="$timestamp_requirements_server"
+        fi
+
+        timestamp_searx_settings=$(git log -1 --format='%ct' ./searx/settings.yml)
+
         if [ "$container_engine" = "podman" ]; then
-            params_build_builder="build --format=oci --platform=$platform --layers --identity-label=false"
-            params_build=$params_build_builder
+            params_build_builder="build --format=oci --platform=$platform --layers --identity-label=false --timestamp=$timestamp_venv"
+            params_build="build --format=oci --platform=$platform --layers --identity-label=false"
         else
             params_build_builder="build --platform=$platform"
             params_build=$params_build_builder
@@ -102,8 +113,8 @@ container.build() {
 
         # shellcheck disable=SC2086
         "$container_engine" $params_build_builder \
-            --build-arg="TIMESTAMP=$(git log -1 --date=format:'%Y%m%d%H%M.%S' --format='%ad')" \
-            --build-arg="TIMESTAMP_SETTINGS=$(git log -1 --date=format:'%Y%m%d%H%M.%S' --format='%ad' ./searx/settings.yml)" \
+            --build-arg="TIMESTAMP_VENV=$timestamp_venv" \
+            --build-arg="TIMESTAMP_SETTINGS=$timestamp_searx_settings" \
             --tag="localhost/$CONTAINER_IMAGE_ORGANIZATION/$CONTAINER_IMAGE_NAME:builder" \
             --file="./container/builder.dockerfile" \
             .
-- 
cgit v1.2.3