so we are trying to get a deterministic docker build with pants put together for our developers. Unfortunately bootstrapping and installing pants into docker generates different image checksums, which result functionally same images being published, just with different sha256s. Is there a way to get a docker build to deterministically set up a pants environment? Any hints on a potential way of doing this?

Can you identify what changes between the two? E.g. https://stackoverflow.com/a/46179863/1256624 Without knowing for sure, I'd guess it might be file system timestamps. I don't know if there's a mode to install with fixed timestamps, but I imagine post-processing (in the same

RUN

step) with some combination of

find

and

touch

could be used

I'll have to do that. Thanks for the pointers, and I'll try to report back what I find.

Thanks. Once we know what the cause is, we can consider if/how we can expand https://github.com/pantsbuild/scie-pants to handle this natively, in addition to whatever short-term workaround

try setting

SOURCE_DATE_EPOCH=0

in the host environment. At least when using

buildx

that will clear timestamps.

Hi there, just checking in: Did you discover what was causing the differences?

not yet. had to do a cludge to get things working for now.