In general you should store in source control everything you need to build anything, but nothing that you actually build. Some people do keep the build products in source control, but I consider that to be a smell - an indication of a deeper problem, usually an inability to reliably recreate builds.I think in the context of CI or when using most build tools this approach is quite correct. We have limited control on the build environment and the products it creates. Better to start afresh each time. But there is a problem with this: this is a not in fact a reproducible build; it is a reproducible build process -- which is not at all the same thing. In my view a reproducible build is an activity that, when given a specific set of input artifacts (all at a given revision), will create a bit for bit identical output to the previous build. In practice this is hard to achieve for two reasons
- We usually have poor control or knowledge of the environment on which the build is performed. E.g. exactly which 3rd party libraries are used, are we certain that no old copies of artifacts are being used in the build.
- Things such as date and time differences can modify the built files in trivial ways.
- Which source files (and versions) were used as input. This includes files such as build scripts
- Shows under which configuration the files were built (should relate back to the software tools, libraries etc. used). Note that this mean all system build environments should be subject to rigorous change control.
powered by performancing firefox