Reproducible builds with GitHub Actions
Table of contents
SOURCE_DATE_EPOCH is a
standardized environment variable
for instructing build tools to produce a reproducible output.
Setting the environment variable for a build makes the timestamps in the
image index, config, and file metadata reflect the specified Unix time.
To set the environment variable in GitHub Actions,
use the built-in env property on the build step.
Unix epoch timestamps
The following example sets the SOURCE_DATE_EPOCH variable to 0, Unix epoch.
name: ci
on:
push:
branches:
- "main"
jobs:
docker:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Build
uses: docker/build-push-action@v5
with:
context: .
tags: user/app:latest
env:
SOURCE_DATE_EPOCH: 0name: ci
on:
push:
branches:
- "main"
jobs:
docker:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Build
uses: docker/bake-action@v4
env:
SOURCE_DATE_EPOCH: 0Git commit timestamps
The following example sets SOURCE_DATE_EPOCH to the Git commit timestamp.
name: ci
on:
push:
branches:
- "main"
jobs:
docker:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- run: echo "TIMESTAMP=$(git log -1 --pretty=%ct)" >> $GITHUB_ENV
- name: Build
uses: docker/build-push-action@v5
with:
context: .
tags: user/app:latest
env:
SOURCE_DATE_EPOCH: ${{ env.TIMESTAMP }}name: ci
on:
push:
branches:
- "main"
jobs:
docker:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- run: echo "TIMESTAMP=$(git log -1 --pretty=%ct)" >> $GITHUB_ENV
- name: Build
uses: docker/bake-action@v4
env:
SOURCE_DATE_EPOCH: ${{ env.TIMESTAMP }}Additional information
For more information about the SOURCE_DATE_EPOCH support in BuildKit,
see
BuildKit documentation.