[Git][reproducible-builds/reproducible-website][master] JVM/Gradle: add note about potential non-determistic behavior

Chris Lamb (@lamby) gitlab at salsa.debian.org
Sat Dec 6 19:33:24 UTC 2025 


Chris Lamb pushed to branch master at Reproducible Builds / reproducible-website


Commits:
0beb497b by Robert Stupp at 2025-12-06T19:29:11+00:00
JVM/Gradle: add note about potential non-determistic behavior

The added note describes a likely rare, but possible race leading to non-reproducible `pom.xml` files.

- - - - -


1 changed file:

- _docs/jvm.md


Changes:

=====================================
_docs/jvm.md
=====================================
@@ -94,6 +94,41 @@ tasks.withType<AbstractArchiveTask>().configureEach {
 }
 ```
 
+#### Configuring `MavenPublication`
+
+`MavenPublication.withXml()` allows users to modify the content of the generated `pom.xml` files.
+Using for example `withXml()` in the configuration lambda when registering a `MavenPublication`
+leads to deterministic behavior and no reproducible build issues should be encountered.
+
+On the other hand, using `MavenPublication.withXml()` with the `MavenPublication` in a configuration
+of a `GenerateMavenPom` task can, however, lead to non-reproducible builds when using
+`withXml().asNode().appendNode()`.
+Other elements, like the `<dependencies>` section, may nor may not be already be present, leading to
+a non-deterministic order of the (example) `<parent>` and `<dependencies>` elements.
+
+Generally, the order of configuration lambdas for a `MavenPublication` matters here.
+Both for configuration lambdas added for the `MavenPublication` and for a `GenerateMavenPom` task.
+
+Safe example:
+```kotlin
+publishing.publications.register<MavenPublication>("myMavenPublication") {
+  withXml {
+    val parentNode = asNode().appendNode("parent")
+    parentNode.appendNode("groupId", "org.example")
+    parentNode.appendNode("artifactId", "my-parent")
+    parentNode.appendNode("version", "1.0")
+  }
+}
+```
+Unsafe example:
+```kotlin
+tasks.named<GenerateMavenPom>("generatePomFileForMavenPublication").configure {
+  mavenPublication.withXml {
+    // ...
+  }
+}
+```
+
 ### `sbt`
 
 When using [sbt](https://www.scala-sbt.org/), a build tool popular with Scala projects, you can use the



View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-website/-/commit/0beb497be09f6d908423a82da5bbea2062fdbd11

-- 
View it on GitLab: https://salsa.debian.org/reproducible-builds/reproducible-website/-/commit/0beb497be09f6d908423a82da5bbea2062fdbd11
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.reproducible-builds.org/pipermail/rb-commits/attachments/20251206/f37f5bc5/attachment.htm>

More information about the rb-commits mailing list