Skip to content

feat: export SOURCE_DATE_EPOCH for build commands #284

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Nov 20, 2025
Merged

feat: export SOURCE_DATE_EPOCH for build commands #284

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
36 changes: 36 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -297,6 +297,42 @@ Leeway supports built-in build arguments:
- `__git_commit` contains the current Git commit if the build is executed from within a Git working copy. If this variable is used and the build is not executed from within a Git working copy the variable resolution will fail. If the package sources contain uncommitted files/directories, then `__pkg_version` will be appended to `__git_commit`
- `__git_commit_short` shortened version of `__git_commit` to the first 7 characters.

## Environment Variables

Build commands have access to the following environment variables:

### `SOURCE_DATE_EPOCH`

Unix timestamp for reproducible builds. Contains the git commit timestamp (or value from `SOURCE_DATE_EPOCH` environment variable if set before running leeway).

This enables deterministic timestamps without requiring .git directory, which is useful in CI environments with shallow clones.

**Example usage:**

```yaml
packages:
- name: app
type: go
config:
buildCommand:
- sh
- -c
- |
# SOURCE_DATE_EPOCH is automatically set by leeway
go build -ldflags "-X main.BuildTime=$SOURCE_DATE_EPOCH" -o app
```

**Benefits:**
- Works without .git directory (CI-friendly)
- Standard approach ([reproducible-builds.org](https://reproducible-builds.org/docs/source-date-epoch/))
- Same timestamp used for tar archives and Docker images

**Docker builds:**

For Docker packages, leeway automatically enables BuildKit (`DOCKER_BUILDKIT=1`) and exports `SOURCE_DATE_EPOCH`. For deterministic Docker images, see PR #285 which passes the value as a build arg (requires `ARG SOURCE_DATE_EPOCH` in Dockerfiles).

BuildKit is the default builder since Docker Engine v23.0 and is always used in Docker Desktop.

## Package Variants
Leeway supports build-time variance through "package variants". Those variants are defined on the workspace level and can modify the list of sources, environment variables and config of packages.
For example consider a `WORKSPACE.YAML` with this variants section:
Expand Down
12 changes: 12 additions & 0 deletions pkg/leeway/build.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2590,6 +2590,18 @@ func executeCommandsForPackage(buildctx *buildContext, p *Package, wd string, co

env := append(os.Environ(), p.Environment...)
env = append(env, fmt.Sprintf("%s=%s", EnvvarWorkspaceRoot, p.C.W.Origin))

// Export SOURCE_DATE_EPOCH for reproducible builds
// BuildKit (Docker >= v23.0) automatically uses this for deterministic image timestamps
mtime, err := p.getDeterministicMtime()
if err == nil {
env = append(env, fmt.Sprintf("SOURCE_DATE_EPOCH=%d", mtime))
}

// Enable BuildKit to ensure SOURCE_DATE_EPOCH is used for Docker builds
// BuildKit is default since Docker v23.0, but we set it explicitly for older versions
env = append(env, "DOCKER_BUILDKIT=1")

for _, cmd := range commands {
if len(cmd) == 0 {
continue // Skip empty commands
Expand Down
Loading