You can build the same version multiple times. And no, versions are usually tied to branches and if you have a build pipeline for each supported branch, the builds most definitely follow versions. Perhaps you are confusing versions with releases?
I’m not following your point. When I say build the same version multiple times, I basically mean rerun the build. Maybe there was a bug in the build but the code isn’t changing. Each time you kick off the build for that pipeline, you will get a new buildid. Even if you change nothing and rerun a build, the build artifacts will likely not be identical. Even just an embedded datetime somewhere can make then not identical.
At some point, the latest build that has gone through your QA process will declared “ready” and promoted to release a.b.c. It’s imperative that you do not run separate build for release.
Why? Because you have a brand new set of artifacts and all the testing you did previously is now out of date and you need to retest everything.
If I wanted to grab a particular build, I just request to some git repo or Nix cache and just let Nix install it, or if there isn’t a pre-built version, Nix can compile with the exact variables.
At the end, Nix can compare the hashes between what the source says and what it built/installed.
If there are new artefacts, Nix will create a separate derivation with a different hash.
Each time you kick off the build for that pipeline, you will get a new buildid.
You shouldn’t be able to rerun the same build with different results.
Nix has a whole host of hermetic build methods to prevent this from happening at all.
Check out Nix. It removes a lot of problems in builds.
It turns building from an unpredictable ritual to a mathematical, deterministic algorithm.
Since you brought an OS package manager into the discussion (which wasn’t what I thought was being discussed), let’s look at from a fedora/rpm perspective. All I’m saying is that after building an rpm they push it through the pipeline. It goes to updates-testing and then later updates. The exact same rpm is promoted to updates from updates-testing. They do not build a new rpm for updates repo.
I see many people who have separate builds for each environment.
AFAIK, build numbers and version numbers are usually seperate: Versions follow builds not the other way around.
You can build the same version multiple times. And no, versions are usually tied to branches and if you have a build pipeline for each supported branch, the builds most definitely follow versions. Perhaps you are confusing versions with releases?
In theory shouldn’t they be the same unless parameters have changed?
I’m not following your point. When I say build the same version multiple times, I basically mean rerun the build. Maybe there was a bug in the build but the code isn’t changing. Each time you kick off the build for that pipeline, you will get a new buildid. Even if you change nothing and rerun a build, the build artifacts will likely not be identical. Even just an embedded datetime somewhere can make then not identical.
At some point, the latest build that has gone through your QA process will declared “ready” and promoted to release a.b.c. It’s imperative that you do not run separate build for release.
Why? Because you have a brand new set of artifacts and all the testing you did previously is now out of date and you need to retest everything.
Listen, I’m a Nix person.
I don’t understand how it works in whatever system you use or any other system, but here’s how I understand about this.
A Nix build/derivation is labeled by the hash of all the variables put into building it.
For example, compiler flags, config, architecture, which version, etc.
It is stored in the format
/nix/store/[Hash]-[Derivation Name]-[Version Number]/.Example:
/nix/store/b6gvzjyb2pg0kjfwrjmg1vfhh54ad73z-firefox-33.1/If I wanted to grab a particular build, I just request to some git repo or Nix cache and just let Nix install it, or if there isn’t a pre-built version, Nix can compile with the exact variables.
At the end, Nix can compare the hashes between what the source says and what it built/installed.
If there are new artefacts, Nix will create a separate derivation with a different hash.
You shouldn’t be able to rerun the same build with different results.
Nix has a whole host of hermetic build methods to prevent this from happening at all.
Check out Nix. It removes a lot of problems in builds.
It turns building from an unpredictable ritual to a mathematical, deterministic algorithm.
All it takes is a compiler embedding a timestamp somewhere in the output. You are aware that repeated builds is a pretty big effort right? In fact Fedora 41 has a change to make sure rpm builds are reproducible: https://fedoraproject.org/wiki/Releases/41/ChangeSet#Reproducible_Package_Builds
It is not the same build.
A variable (a timestamp) is being changed, so by definition it is not the same build.
Since you brought an OS package manager into the discussion (which wasn’t what I thought was being discussed), let’s look at from a fedora/rpm perspective. All I’m saying is that after building an rpm they push it through the pipeline. It goes to updates-testing and then later updates. The exact same rpm is promoted to updates from updates-testing. They do not build a new rpm for updates repo.
I see many people who have separate builds for each environment.
Nix is not an OS package manager by default.
It is a system for reproducible builds that can have many uses.
One example is NixOS, a system for reproducible system states.
Nix on its own is more like deterministic Make.