build(cli): fix reproducible build failures and add nightly workflow

- Hardcode Unix line endings (&#xA;) and use `<fixcrlf>` in the
  maven-antrun-plugin to prevent OS-specific line separators in
  dependencies.properties.
- Set `<addMavenDescriptor>false</addMavenDescriptor>` in the
  maven-jar-plugin to prevent OS-specific pom.properties generation.
- Add an explicit execution block for maven-jar-plugin before the
  maven-assembly-plugin to resolve race conditions, ensuring the fresh
  JAR is built before it gets zipped.
- Create .github/workflows/reproducibility.yml to run artifact:compare
  nightly (excluding the tests module) with a visual Markdown summary.

Author: jknack

.github/workflows/reproducibility.yml

@@ -0,0 +1,66 @@
+name: Reproducible Build Check
+
+on:
+  schedule:
+    - cron: '0 0 * * *'
+  workflow_dispatch:
+
+jobs:
+  check:
+    name: Verify Deterministic Build
+    runs-on: ubuntu-latest
+    continue-on-error: true
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v5
+        with:
+          ref: main
+
+      - name: Set up JDK 21
+        uses: actions/setup-java@v5
+        with:
+          java-version: 21
+          distribution: 'temurin'
+          cache: maven
+
+      - name: Verify Reproducibility
+        run: mvn clean verify artifact:compare -pl "!tests" -DskipTests -B --no-transfer-progress
+
+      - name: 📊 Generate Visual Report
+        if: always()
+        run: |
+          echo "## 🔍 Reproducible Build Report" >> $GITHUB_STEP_SUMMARY
+
+          # Find the generated comparison file (Maven Artifact Plugin creates a .buildcompare file)
+          COMPARE_FILE=$(find . -type f -name "*.buildcompare" | head -n 1)
+
+          if [ -f "$COMPARE_FILE" ]; then
+            # Extract the values
+            OK=$(grep '^ok=' "$COMPARE_FILE" | cut -d'=' -f2)
+            KO=$(grep '^ko=' "$COMPARE_FILE" | cut -d'=' -f2)
+            IGNORED=$(grep '^ignored=' "$COMPARE_FILE" | cut -d'=' -f2)
+
+            # Draw a Markdown Table
+            echo "| Result | Count |" >> $GITHUB_STEP_SUMMARY
+            echo "|--------|-------|" >> $GITHUB_STEP_SUMMARY
+            echo "| ✅ **OK** | **$OK** |" >> $GITHUB_STEP_SUMMARY
+            echo "| ❌ **Failed (KO)** | **$KO** |" >> $GITHUB_STEP_SUMMARY
+            echo "| ⚠️ **Ignored** | **$IGNORED** |" >> $GITHUB_STEP_SUMMARY
+            echo "" >> $GITHUB_STEP_SUMMARY
+
+            # Provide specific feedback
+            if [ "$KO" -gt 0 ]; then
+               echo "### 🚨 Reproducibility Drift Detected!" >> $GITHUB_STEP_SUMMARY
+               echo "The following files differ from the reference build:" >> $GITHUB_STEP_SUMMARY
+               echo "\`\`\`text" >> $GITHUB_STEP_SUMMARY
+               # Extract the koFiles string, remove quotes, and print each file on a new line
+               grep '^koFiles=' "$COMPARE_FILE" | cut -d'=' -f2 | tr -d '"' | tr ' ' '\n' >> $GITHUB_STEP_SUMMARY
+               echo "\`\`\`" >> $GITHUB_STEP_SUMMARY
+            else
+               echo "### 🎉 100% Reproducible!" >> $GITHUB_STEP_SUMMARY
+               echo "The build is perfectly deterministic." >> $GITHUB_STEP_SUMMARY
+            fi
+          else
+            echo "⚠️ **Could not find the \`.buildcompare\` file.** The Maven plugin might have failed before generating the report." >> $GITHUB_STEP_SUMMARY
+          fi

modules/jooby-cli/pom.xml

@@ -128,7 +128,8 @@
                     <sortfilter/>
                   </filterchain>
                 </loadfile>
-                <echo message="# dependencies:${line.separator}${filtered.dependencies}" file="${cli.dependencies}" />
+                <echo message="# dependencies:&#xA;${filtered.dependencies}" file="${cli.dependencies}" />
+                <fixcrlf srcdir="${project.build.outputDirectory}" includes="dependencies.properties" eol="lf" />
               </target>
             </configuration>
           </execution>
@@ -165,6 +166,28 @@
           </execution>
         </executions>
       </plugin>
+      <plugin>
+        <groupId>org.apache.maven.plugins</groupId>
+        <artifactId>maven-jar-plugin</artifactId>
+        <version>${maven-jar-plugin.version}</version>
+        <executions>
+          <execution>
+            <id>default-jar</id>
+            <phase>package</phase>
+            <goals>
+              <goal>jar</goal>
+            </goals>
+          </execution>
+        </executions>
+        <configuration>
+          <archive>
+            <manifestEntries>
+              <Automatic-Module-Name>${Module-Name}</Automatic-Module-Name>
+            </manifestEntries>
+            <addMavenDescriptor>false</addMavenDescriptor>
+          </archive>
+        </configuration>
+      </plugin>
       <plugin>
         <groupId>org.apache.maven.plugins</groupId>
         <artifactId>maven-assembly-plugin</artifactId>
@@ -186,19 +209,6 @@
           </execution>
         </executions>
       </plugin>
-
-      <plugin>
-        <groupId>org.apache.maven.plugins</groupId>
-        <artifactId>maven-jar-plugin</artifactId>
-        <version>${maven-jar-plugin.version}</version>
-        <configuration>
-          <archive>
-            <manifestEntries>
-              <Automatic-Module-Name>${Module-Name}</Automatic-Module-Name>
-            </manifestEntries>
-          </archive>
-        </configuration>
-      </plugin>
     </plugins>
   </build>
 </project>