{"id":20444863,"url":"https://github.com/timo-reymann/deterministic-zip","last_synced_at":"2026-02-17T21:03:18.577Z","repository":{"id":56720785,"uuid":"373321576","full_name":"timo-reymann/deterministic-zip","owner":"timo-reymann","description":"Simple (almost drop-in) replacement for zip that produces deterministic files.","archived":false,"fork":false,"pushed_at":"2026-02-14T17:43:12.000Z","size":808,"stargazers_count":64,"open_issues_count":1,"forks_count":8,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-02-14T20:07:38.197Z","etag":null,"topics":["deterministic","deterministic-zip","go","reproducible-builds","zip"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/timo-reymann.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"github":["timo-reymann"],"custom":["https://www.buymeacoffee.com/timoreymann","Buy me a coffee"]}},"created_at":"2021-06-02T22:46:46.000Z","updated_at":"2026-02-14T17:43:15.000Z","dependencies_parsed_at":"2023-02-14T00:46:10.281Z","dependency_job_id":"66761ccb-23c9-4b89-a14b-f645e0a0377a","html_url":"https://github.com/timo-reymann/deterministic-zip","commit_stats":null,"previous_names":[],"tags_count":31,"template":false,"template_full_name":null,"purl":"pkg:github/timo-reymann/deterministic-zip","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/timo-reymann%2Fdeterministic-zip","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/timo-reymann%2Fdeterministic-zip/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/timo-reymann%2Fdeterministic-zip/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/timo-reymann%2Fdeterministic-zip/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/timo-reymann","download_url":"https://codeload.github.com/timo-reymann/deterministic-zip/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/timo-reymann%2Fdeterministic-zip/sbom","scorecard":{"id":886347,"data":{"date":"2025-08-11","repo":{"name":"github.com/timo-reymann/deterministic-zip","commit":"1f4cd384a2a5b458544aa03628d595d5e9c4bc78"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":4.5,"checks":[{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Maintained","score":10,"reason":"24 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Code-Review","score":0,"reason":"Found 1/21 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":9,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Warn: project license file does not contain an FSF or OSI license."],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Security-Policy","score":4,"reason":"security policy file detected","details":["Info: security policy file detected: github.com/timo-reymann/.github/.github/SECURITY.md:1","Warn: no linked content found","Info: Found disclosure, vulnerability, and/or timelines in security policy: github.com/timo-reymann/.github/.github/SECURITY.md:1","Info: Found text in security policy: github.com/timo-reymann/.github/.github/SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact 5.1.2 not signed: https://api.github.com/repos/timo-reymann/deterministic-zip/releases/236803019","Warn: release artifact 5.1.1 not signed: https://api.github.com/repos/timo-reymann/deterministic-zip/releases/236533737","Warn: release artifact 5.1.0 not signed: https://api.github.com/repos/timo-reymann/deterministic-zip/releases/236387900","Warn: release artifact 5.0.0 not signed: https://api.github.com/repos/timo-reymann/deterministic-zip/releases/236382117","Warn: release artifact 4.0.1 not signed: https://api.github.com/repos/timo-reymann/deterministic-zip/releases/225537747","Warn: release artifact 5.1.2 does not have provenance: https://api.github.com/repos/timo-reymann/deterministic-zip/releases/236803019","Warn: release artifact 5.1.1 does not have provenance: https://api.github.com/repos/timo-reymann/deterministic-zip/releases/236533737","Warn: release artifact 5.1.0 does not have provenance: https://api.github.com/repos/timo-reymann/deterministic-zip/releases/236387900","Warn: release artifact 5.0.0 does not have provenance: https://api.github.com/repos/timo-reymann/deterministic-zip/releases/236382117","Warn: release artifact 4.0.1 does not have provenance: https://api.github.com/repos/timo-reymann/deterministic-zip/releases/225537747"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: containerImage not pinned by hash: Dockerfile:1","Warn: containerImage not pinned by hash: Dockerfile:12: pin your Docker image by updating alpine to alpine@sha256:4bcff63911fcb4448bd4fdacec207030997caf25e9bea4045fa6c8c44de311d1","Info:   0 out of   2 containerImage dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"SAST","score":10,"reason":"SAST tool is run on all commits","details":["Info: all commits (12) are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-24T10:12:21.356Z","repository_id":56720785,"created_at":"2025-08-24T10:12:21.356Z","updated_at":"2025-08-24T10:12:21.356Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29558101,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-17T20:52:40.164Z","status":"ssl_error","status_checked_at":"2026-02-17T20:48:10.325Z","response_time":100,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["deterministic","deterministic-zip","go","reproducible-builds","zip"],"created_at":"2024-11-15T10:09:28.145Z","updated_at":"2026-02-17T21:03:18.571Z","avatar_url":"https://github.com/timo-reymann.png","language":"Go","funding_links":["https://github.com/sponsors/timo-reymann","https://www.buymeacoffee.com/timoreymann","Buy me a coffee"],"categories":[],"sub_categories":[],"readme":"deterministic-zip\n===\n[![GitHub Release](https://img.shields.io/github/v/release/timo-reymann/deterministic-zip?label=version)](https://github.com/timo-reymann/deterministic-zip/releases/latest)\n[![PyPI version](https://badge.fury.io/py/deterministic_zip_go.svg)](https://pypi.org/project/deterministic_zip_go)\n[![DockerHub Pulls](https://img.shields.io/docker/pulls/timoreymann/deterministic-zip)](https://hub.docker.com/r/timoreymann/deterministic-zip)\n[![GitHub all releases download count](https://img.shields.io/github/downloads/timo-reymann/deterministic-zip/total)](https://github.com/timo-reymann/deterministic-zip/releases)\n[![CircleCI Build Status](https://circleci.com/gh/timo-reymann/deterministic-zip.svg?style=shield)](https://app.circleci.com/pipelines/github/timo-reymann/deterministic-zip)\n[![codecov](https://codecov.io/gh/timo-reymann/deterministic-zip/branch/main/graph/badge.svg?token=6O7X0VO5L6)](https://codecov.io/gh/timo-reymann/deterministic-zip)\n[![Renovate](https://img.shields.io/badge/renovate-enabled-green?logo=data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHZpZXdCb3g9IjAgMCAzNjkgMzY5Ij48Y2lyY2xlIGN4PSIxODkuOSIgY3k9IjE5MC4yIiByPSIxODQuNSIgZmlsbD0iI2ZmZTQyZSIgdHJhbnNmb3JtPSJ0cmFuc2xhdGUoLTUgLTYpIi8+PHBhdGggZmlsbD0iIzhiYjViNSIgZD0iTTI1MSAyNTZsLTM4LTM4YTE3IDE3IDAgMDEwLTI0bDU2LTU2YzItMiAyLTYgMC03bC0yMC0yMWE1IDUgMCAwMC03IDBsLTEzIDEyLTktOCAxMy0xM2ExNyAxNyAwIDAxMjQgMGwyMSAyMWM3IDcgNyAxNyAwIDI0bC01NiA1N2E1IDUgMCAwMDAgN2wzOCAzOHoiLz48cGF0aCBmaWxsPSIjZDk1NjEyIiBkPSJNMzAwIDI4OGwtOCA4Yy00IDQtMTEgNC0xNiAwbC00Ni00NmMtNS01LTUtMTIgMC0xNmw4LThjNC00IDExLTQgMTUgMGw0NyA0N2M0IDQgNCAxMSAwIDE1eiIvPjxwYXRoIGZpbGw9IiMyNGJmYmUiIGQ9Ik04MSAxODVsMTgtMTggMTggMTgtMTggMTh6Ii8+PHBhdGggZmlsbD0iIzI1YzRjMyIgZD0iTTIyMCAxMDBsMjMgMjNjNCA0IDQgMTEgMCAxNkwxNDIgMjQwYy00IDQtMTEgNC0xNSAwbC0yNC0yNGMtNC00LTQtMTEgMC0xNWwxMDEtMTAxYzUtNSAxMi01IDE2IDB6Ii8+PHBhdGggZmlsbD0iIzFkZGVkZCIgZD0iTTk5IDE2N2wxOC0xOCAxOCAxOC0xOCAxOHoiLz48cGF0aCBmaWxsPSIjMDBhZmIzIiBkPSJNMjMwIDExMGwxMyAxM2M0IDQgNCAxMSAwIDE2TDE0MiAyNDBjLTQgNC0xMSA0LTE1IDBsLTEzLTEzYzQgNCAxMSA0IDE1IDBsMTAxLTEwMWM1LTUgNS0xMSAwLTE2eiIvPjxwYXRoIGZpbGw9IiMyNGJmYmUiIGQ9Ik0xMTYgMTQ5bDE4LTE4IDE4IDE4LTE4IDE4eiIvPjxwYXRoIGZpbGw9IiMxZGRlZGQiIGQ9Ik0xMzQgMTMxbDE4LTE4IDE4IDE4LTE4IDE4eiIvPjxwYXRoIGZpbGw9IiMxYmNmY2UiIGQ9Ik0xNTIgMTEzbDE4LTE4IDE4IDE4LTE4IDE4eiIvPjxwYXRoIGZpbGw9IiMyNGJmYmUiIGQ9Ik0xNzAgOTVsMTgtMTggMTggMTgtMTggMTh6Ii8+PHBhdGggZmlsbD0iIzFiY2ZjZSIgZD0iTTYzIDE2N2wxOC0xOCAxOCAxOC0xOCAxOHpNOTggMTMxbDE4LTE4IDE4IDE4LTE4IDE4eiIvPjxwYXRoIGZpbGw9IiMzNGVkZWIiIGQ9Ik0xMzQgOTVsMTgtMTggMTggMTgtMTggMTh6Ii8+PHBhdGggZmlsbD0iIzFiY2ZjZSIgZD0iTTE1MyA3OGwxOC0xOCAxOCAxOC0xOCAxOHoiLz48cGF0aCBmaWxsPSIjMzRlZGViIiBkPSJNODAgMTEzbDE4LTE3IDE4IDE3LTE4IDE4ek0xMzUgNjBsMTgtMTggMTggMTgtMTggMTh6Ii8+PHBhdGggZmlsbD0iIzk4ZWRlYiIgZD0iTTI3IDEzMWwxOC0xOCAxOCAxOC0xOCAxOHoiLz48cGF0aCBmaWxsPSIjYjUzZTAyIiBkPSJNMjg1IDI1OGw3IDdjNCA0IDQgMTEgMCAxNWwtOCA4Yy00IDQtMTEgNC0xNiAwbC02LTdjNCA1IDExIDUgMTUgMGw4LTdjNC01IDQtMTIgMC0xNnoiLz48cGF0aCBmaWxsPSIjOThlZGViIiBkPSJNODEgNzhsMTgtMTggMTggMTgtMTggMTh6Ii8+PHBhdGggZmlsbD0iIzAwYTNhMiIgZD0iTTIzNSAxMTVsOCA4YzQgNCA0IDExIDAgMTZMMTQyIDI0MGMtNCA0LTExIDQtMTUgMGwtOS05YzUgNSAxMiA1IDE2IDBsMTAxLTEwMWM0LTQgNC0xMSAwLTE1eiIvPjxwYXRoIGZpbGw9IiMzOWQ5ZDgiIGQ9Ik0yMjggMTA4bC04LThjLTQtNS0xMS01LTE2IDBMMTAzIDIwMWMtNCA0LTQgMTEgMCAxNWw4IDhjLTQtNC00LTExIDAtMTVsMTAxLTEwMWM1LTQgMTItNCAxNiAweiIvPjxwYXRoIGZpbGw9IiNhMzM5MDQiIGQ9Ik0yOTEgMjY0bDggOGM0IDQgNCAxMSAwIDE2bC04IDdjLTQgNS0xMSA1LTE1IDBsLTktOGM1IDUgMTIgNSAxNiAwbDgtOGM0LTQgNC0xMSAwLTE1eiIvPjxwYXRoIGZpbGw9IiNlYjZlMmQiIGQ9Ik0yNjAgMjMzbC00LTRjLTYtNi0xNy02LTIzIDAtNyA3LTcgMTcgMCAyNGw0IDRjLTQtNS00LTExIDAtMTZsOC04YzQtNCAxMS00IDE1IDB6Ii8+PHBhdGggZmlsbD0iIzEzYWNiZCIgZD0iTTEzNCAyNDhjLTQgMC04LTItMTEtNWwtMjMtMjNhMTYgMTYgMCAwMTAtMjNMMjAxIDk2YTE2IDE2IDAgMDEyMiAwbDI0IDI0YzYgNiA2IDE2IDAgMjJMMTQ2IDI0M2MtMyAzLTcgNS0xMiA1em03OC0xNDdsLTQgMi0xMDEgMTAxYTYgNiAwIDAwMCA5bDIzIDIzYTYgNiAwIDAwOSAwbDEwMS0xMDFhNiA2IDAgMDAwLTlsLTI0LTIzLTQtMnoiLz48cGF0aCBmaWxsPSIjYmY0NDA0IiBkPSJNMjg0IDMwNGMtNCAwLTgtMS0xMS00bC00Ny00N2MtNi02LTYtMTYgMC0yMmw4LThjNi02IDE2LTYgMjIgMGw0NyA0NmM2IDcgNiAxNyAwIDIzbC04IDhjLTMgMy03IDQtMTEgNHptLTM5LTc2Yy0xIDAtMyAwLTQgMmwtOCA3Yy0yIDMtMiA3IDAgOWw0NyA0N2E2IDYgMCAwMDkgMGw3LThjMy0yIDMtNiAwLTlsLTQ2LTQ2Yy0yLTItMy0yLTUtMnoiLz48L3N2Zz4=)](https://renovatebot.com)\n[![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=timo-reymann_deterministic-zip\u0026metric=alert_status)](https://sonarcloud.io/summary/new_code?id=timo-reymann_deterministic-zip)\n[![Maintainability Rating](https://sonarcloud.io/api/project_badges/measure?project=timo-reymann_deterministic-zip\u0026metric=sqale_rating)](https://sonarcloud.io/summary/new_code?id=timo-reymann_deterministic-zip)\n[![Go Report Card](https://goreportcard.com/badge/github.com/timo-reymann/deterministic-zip)](https://goreportcard.com/report/github.com/timo-reymann/deterministic-zip)\n[![Security Rating](https://sonarcloud.io/api/project_badges/measure?project=timo-reymann_deterministic-zip\u0026metric=security_rating)](https://sonarcloud.io/summary/new_code?id=timo-reymann_deterministic-zip)\n\n\u003cp align=\"center\"\u003e\n\t\u003cimg width=\"300\" src=\"https://raw.githubusercontent.com/timo-reymann/deterministic-zip/main/.github/images/logo.png\"\u003e\n    \u003cbr /\u003e\n    Simple (almost drop-in) replacement for zip that produces deterministic files.\n\u003c/p\u003e\n\n## Features\n\n- Drop-in tool for zip\n- Removes all metadata from files added for all platforms\n- Creates immutable zip files\n- Supports [`SOURCE_DATE_EPOCH`](https://reproducible-builds.org/docs/source-date-epoch/) for setting the modified date\n\n## Installation\n\n### Automatic install\n\n```bash\nbash \u003c(curl -sS https://raw.githubusercontent.com/timo-reymann/deterministic-zip/main/installer)\n```\n\n\u003e Set the environment variable `DETERMINISTIC_ZIP_VERSION` to install a specific version\n\n### Manual\n\n#### Linux (64-bit)\n\n```bash\ncurl -LO https://github.com/timo-reymann/deterministic-zip/releases/download/$(curl -Lso /dev/null -w %{url_effective} https://github.com/timo-reymann/deterministic-zip/releases/latest | grep -o '[^/]*$')/deterministic-zip_linux-amd64 \u0026\u0026 \\\nchmod +x deterministic-zip_linux-amd64 \u0026\u0026 \\\nsudo mv deterministic-zip_linux-amd64 /usr/local/bin/deterministic-zip\n```\n\n#### Darwin (Intel)\n\n##### brew\n\n```bash\nbrew tap timo-reymann/deterministic-zip\nbrew install deterministic-zip\n```\n\n##### manual\n\n```bash\ncurl -LO https://github.com/timo-reymann/deterministic-zip/releases/download/$(curl -Lso /dev/null -w %{url_effective} https://github.com/timo-reymann/deterministic-zip/releases/latest | grep -o '[^/]*$')/deterministic-zip_darwin-amd64 \u0026\u0026 \\\nchmod +x deterministic-zip_darwin-amd64 \u0026\u0026 \\\nsudo mv deterministic-zip_darwin-amd64 /usr/local/bin/deterministic-zip\n```\n\n### Install with go\n\n```bash\ngo install github.com/timo-reymann/deterministic-zip@latest\n```\n\n### Install with pip(x)\n\nUsing pipx you can just use the following command use deterministic-zip as it is:\n\n```sh\npipx install deterministic-zip-go\n```\n\nIf you want to use it directly using the `subprocess` module you can install it with pip:\n\n````sh\npip install deterministic-zip-go\n````\n\nAnd use the package like this:\n\n````python\nimport subprocess\n\nfrom deterministic_zip_go import exec\n\n# Run process and prefix stdout and stderr\nexec.exec_with_templated_output([\"--help\"])\n\n# Create a subprocess, specifying how to handle stdout, stderr\nexec.create_subprocess([\"--help\"], stdout=subprocess.PIPE, stderr=subprocess.PIPE)\n\n# Perform command with suppressed output and return finished proces instance,\n# on that one can also check if the call was successfully\nexec.exec_silently([\"--version\"])\n````\n\n#### Docker\n\nPlease check the [Containerized section in Usage](#containerized) for\nmore details.\n\n### Supported platforms\n\nThe following platforms are supported (and have prebuilt binaries /\nready to use integration):\n\n- Linux\n    - 32-bit\n    - 64-bit\n    - ARM 64-bit\n    - ARM 32-bit\n- Darwin\n    - 64-bit\n    - ARM (M1/M2)\n- Windows\n    - ARM\n    - 32-bit\n    - 64-bit\n- FreeBSD\n    - 32-bit\n    - 64-bit\n    - ARM 64-bit\n    - ARM 32-bit\n- OpenBSD\n    - 32-bit\n    - 64-bit\n- OCI compatible container engines (Docker, podman etc)\n    - ARM\n    - 64-bit\n- CircleCI\n- GitHub Actions\n\n### Where to find the latest release for your platform\n\n#### Binaries\n\nBinaries for all of these can be found on\nthe [latest release page](https://github.com/timo-reymann/deterministic-zip/releases/latest).\n\n#### Docker\n\nFor the docker image check the [docker hub](https://hub.docker.com/r/timoreymann/deterministic-zip).\n\n#### CI Provider\n\n- [CircleCI orb](https://circleci.com/developer/orbs/orb/timo-reymann/deterministic-zip)\n- [GitHub Action](https://github.com/marketplace/actions/run-deterministic-zip)\n\n## Usage\n\n### Command Line\n\nIf you installed the binary via Releases, Install-Script or using go you\ncan just run deterministic-zip as a command.\n\n```sh\ndeterministic-zip -h\n```\n\n### Containerized\n\nPlease be aware that the image contains just the binary, no OS, libs or\nanything else. It also runs as root to be able to zip files no matter\nthe ownership, feel free to build your own images based on that as well.\n\n#### Using the container directly\n\nIf you want to use the tool on a platform not supported yet or dont want\nto install the tool locally you can also mount your folder in\n`/workspace` which is the default working directory. Than you can just\nexecute commands as you want to.\n\n```sh\ndocker run -v $PWD:/workspace timoreymann/deterministic-zip:latest\n```\n\n#### Integrating into your CI image\n\nIf you want to integrate the tool directly into your build image, you\ncan also utilize the auto updates from tools like renovatebot or\ndependabot. Using docker built in features you can just get the binary\ndirectly from the image.\n\n```dockerfile\nFROM base-image:tag\n# do your customizations\nCOPY --from=timoreymann/deterministic-zip:latest /deterministic-zip /usr/bin/deterministic-zip\n```\n\n## Motivation\n\nWhy another zip-tool? What is this deterministic stuff?!\n\nWhen we are talking about deterministic it means that the hash of the zip file won't change unless the contents of the\nzip file changes.\n\nThis means only the content, no metadata. You can achieve this with zip, yes.\n\nThe problem that still remains is that the order is almost unpredictable and zip is very platform specific, so you will\nend up with a bunch of crazy shell pipelines. And I am not even talking about windows at this point.\n\nSo this is where this tool comes in, it is intended to be a drop-in replacement for zip in your build process.\n\nThe use cases for this are primary:\n\n- Zipping serverless code\n- Backups or other files that get rsynced\n\n### Want to know more about the topic of deterministic/reproducible builds?\n\nI can recommend the following resources:\n\n- [reproducible-builds.org](https://reproducible-builds.org/)\n- [Debian Wiki](https://wiki.debian.org/ReproducibleBuilds/About)\n\n## Documentation\n\n### How reliable is it?\n\nOf course, it is not as reliable as the battle-proven and billions of times executed zip.\n\nEven though I am heavily relying on the go stdlib this software can of course have bugs. And you are welcome to report\nthem and help make this even more stable. Of course there will be tests to cover most use cases but at the end this is\nstill starting from scratch, so if you need advanced features or just dont feel comfortable about using this tool don't\ndo it!\n\n### Differences between zip and deterministic-zip\n\nPlease see [docs/differences](./docs/differences)\n\n## Contributing\n\nI love your input! I want to make contributing to this project as easy and transparent as possible, whether it's:\n\n- Reporting a bug\n- Discussing the current state of the configuration\n- Submitting a fix\n- Proposing new features\n- Becoming a maintainer\n\nTo get started please read the [Contribution Guidelines](./CONTRIBUTING.md).\n\n## Development\n\n### Requirements\n\n- [Go](https://go.dev/doc/install)\n- [GNU make](https://www.gnu.org/software/make/)\n\n### Test\n\n```sh\nmake test-coverage-report\n```\n\n### Build\n\n```sh\nmake build\n```\n\n## Alternatives\n\nAs far as I know the following (GitHub) projects exist:\n\n- [bboe/deterministic_zip (Python)](https://github.com/bboe/deterministic_zip)\n    - You must list files explicitly\n    - Changed order -\u003e changed zip\n    - You will need to install Python (no problem on Linux/Mac) and the package\n- [bitgenics/deterministic-zip (NodeJS/JavaScript)](https://github.com/bitgenics/deterministic-zip#readme)\n    - Support for globs and ignores order\n    - You need to install node.js, the package, and it has no cli interface\n- [orf/deterministic-zip (Rust)](https://github.com/orf/deterministic-zip)\n    - has prebuilt binaries for all relevant platforms (and other can be built easily)\n    - very basic, but you can customize compression (nice feature)\n\nAll in all they are just simply not what I needed. My favourite is Rust, because its just simply dropping in a binary.\nSomething that's very convenient especially when it comes to Docker builds.\n\nThe main problem that all these solutions share is that it in my opinion cool things like excluding patterns, that I\nregularly use are simply not implemented, and i REALLY love glob patterns.\n\n## Credits\n\nThis whole project wouldnt be possible with the great work of the\nfollowing libraries:\n\n- [glob by gobwas](https://github.com/gobwas/glob)\n- [pflag by spf13](https://github.com/spf13/pflag)\n- [go stdlib](https://github.com/golang/go)\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftimo-reymann%2Fdeterministic-zip","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftimo-reymann%2Fdeterministic-zip","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftimo-reymann%2Fdeterministic-zip/lists"}