From da49af597d0e7da4b857e92c310d69cc8a601700 Mon Sep 17 00:00:00 2001
From: Conor Schaefer <conor@penumbralabs.xyz>
Date: Wed, 5 Mar 2025 12:27:35 -0800
Subject: [PATCH] build: make zip file exports deterministic

As long as the zip files are exported from the same git commit, the
resulting archives should be byte-for-byte identical. Having fully
reproducible builds will require comprehensive dependency pinning,
e.g. via nix flake or similar, to ensure that the wasm artifacts are
built identically, but for now, simply clobbering the timestamps of the
exported asset files provides decent reproducibility.
---
 scripts/build-for-deployment.sh | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/scripts/build-for-deployment.sh b/scripts/build-for-deployment.sh
index 02946cd568..6ef0d745e5 100755
--- a/scripts/build-for-deployment.sh
+++ b/scripts/build-for-deployment.sh
@@ -29,12 +29,16 @@ while getopts "o:r:" opt; do
 done
 
 cd "$REPO_ROOT" || exit 2
+pnpm install
 pnpm build
 
 cd "$REPO_ROOT/apps/minifront/dist" || exit 2
-zip -r minifront.zip ./*
+# clobber timestamps for the input files to unix epoch, for reproducible zip files.
+find . -type f -exec touch -t 197001010000.00 {} +
+zip -r -X minifront.zip ./*
 mv minifront.zip "${OUTPUT_DIR}"
 
 cd "$REPO_ROOT/apps/node-status/dist" || exit 2
-zip -r node-status.zip ./*
+find . -type f -exec touch -t 197001010000.00 {} +
+zip -r -X node-status.zip ./*
 mv node-status.zip "${OUTPUT_DIR}"