Current situation:
- At the moment, the release pipeline (a. k. a. RP) checks the head commits every time that it runs to make the packages. it usually happens that more commits have made it into the branch or the tag. That results into the packages being different depending on the time they are made. Both core code and extensions are included here.
- Docker base images are also not referenced by explicit hashes, but tags that might get repushed to the container registries. This allows easy access to updated base images during build, but also might lead to different build results on every run
Ideal situation:
- the first time that we run a build the hash commits of the required repositories are stored. On posterior builds those same hashes will be used.
Acceptance Criteria:
- given a mw and wb version we release the same package no matter the moment it happens
Notes:
- it may make sense to timebox a short investigation into Earthly (T343424) or other tools that may make our lives easier in this regard
Some idea was sketched here https://github.com/wmde/wikibase-release-pipeline/pull/422/files