Description
At IzzyOnDroid we support Reproducible Builds (see: Reproducible Builds, special client support and more at IzzyOnDroid). Trying for yours, I first failed: your Github workflow here states to use JDK-11, but trying with that:
FAILURE: Build failed with an exception.
* Where:
Build file '/build/repo/app/build.gradle.kts' line: 1
* What went wrong:
An exception occurred applying plugin request [id: 'com.android.application']
> Failed to apply plugin 'com.android.internal.application'.
> Android Gradle plugin requires Java 17 to run. You are currently using Java 11.
Your current JDK is located in /usr/lib/jvm/java-11-openjdk-amd64
You can try some of the following options:
- changing the IDE settings.
- changing the JAVA_HOME environment variable.
- changing `org.gradle.java.home` in `gradle.properties`.
So the workflow must be wrong. Trying again with JDK-17 I was able to successfully generate the APK using ./gradlew assembleRelease, but the resulting APKs were not identical: the dex diff was huge. Was that APK really built from a clean tree at the commit the tag points to? The embedded commit hash in META-INF/version-control-info.textproto of your APK states feceb96959e48c73ffbb284b77c45e6a61f5916a, which matches. But funnily my build from the very same commit lacks that file. And while androidx.activity_activity-ktx.version in your APK states "1.9.0", it states "1.8.1" in mine. This very much looks like built from a dirty tree after that commit was made – with some dependencies updated but not committed. Could that be? If so, could you please provide an APK built from a clean tree at a given commit, so I can check again?
We'd appreciate if you could help making your build reproducible. We've also prepared some hints on reproducible builds for that.
Looking forward to your reply!