If you have an option to containerize the app, Jib may be what you are looking for. Plugs into Maven, and the same source/content always generates the same image - https://github.com/GoogleContainerTools/jib

And this is the best explanation of Jib [1], but it’s hard to find via Google. It’s how all builds for every ecosystem should work IMO.

1. https://phauer.com/2019/no-fat-jar-in-docker-image/

> Any idea if there is a project to try to improve things with maven or with another JVM tool? (Grade, sbt, etc.)

We've found SBT to be less reproducible than Maven. In particular, its "configuration file" (build.sbt) is actually executable Scala code (and highly imperative too, e.g. appending to mutable dependency lists). I've seen projects which choose different dependencies based on env var settings, string matches, etc.

I've also seen projects which add pre/post steps to a test suite, for spinning-up and tearing-down a mock database (the dynamodb-local SBT plugin). The crazy part about that, is that SBT only becomes aware of the plugin when it's about to execute the test suite; hence it doesn't appear in any dependency lists, so we can't automatically fetch it ahead-of-time. By the way, that plugin itself works by downloading and running a "latest.zip" file from an AWS URL....

Huawei just published a paper (Towards Build Verifiability for Java-based Systems[0]) on trying to get the JVM ecosystem reproducible. It looks like it's early days, but I'm paying attention.

[0]https://arxiv.org/abs/2202.05906

https://reproducible-builds.org/docs/jvm/ Which links to https://maven.apache.org/guides/mini/guide-reproducible-buil...

Haven't tried this myself as I don't particularly like maven. It should be possible though