--include-sources is re-uploading unconditionally

[Swatinem]

On windows 10, with sentry-cli@1.57.0, using --include-source will always re-upload the sources even if they were already uploaded.
When I skip this switch, I get the expected > Nothing to upload, all files are on the server

[jan-auer]

This is a problem with symbolic's SourceBundleWriter. It generates a ZIP archive of files, which has the current system date in the header. This means that the file hash changes every time, and thus sources are re-uploaded.

To combat this, we could consider multiple approaches:

• Exclude the date time from the ZIP header. I haven't checked if that's easily possible, but it would at least integrate well with the current chunk upload.
• Figure out a secondary mechanism to check if sources should be bundled. This would require changes in Sentry's chunk upload, as that upload currently has no concept of what's in a file and simply checks for the file's content hash.

[github-actions]

This issue has gone three weeks without activity. In another week, I will close it.

But! If you comment or otherwise update it, I will reset the clock, and if you label it Status: Backlog or Status: In Progress, I will leave it alone ... forever!

---

"A weed is but an unloved flower." ― Ella Wheeler Wilcox 🥀

[kamilogorek]

If that would be doable directly in symbolic, that would be great. If not, let me know and I'll reopen this issue and see if we can work around it here.

[Swatinem]

Reopening, this is still a problem, though not a particularly severe one I would say.
In the rare case that someone tries re-uploading the same directly with --include-sources, the source bundle is not correctly deduplicated. This leads to another upload, and a deduplication step on the server side, along with suboptimal caching in symbolicator.
It also violates reproducibility.