Spike reproducible builds

[edd]

Builds on different devices produce different build hashes (tested on linux/amd64 vs osx/arm). See if using a docker image to run the build produces consistent hashes (see an example setup at https://scribe.rip/@shakyShane/lets-talk-about-docker-artifacts-27454560384f)

Spike parameters

• Can we use a lightweight docker based build image to produce a version of trading that always produces exactly the same output every time, whether it is run on a Github runner, locally on an M1/M2 mac or Intel mac or x64 linux?
• The actual hash implementation we care about is https://docs.ipfs.tech/concepts/hashing/ however this would suffice* (I think - possibly untrue):

tar -czvf trading.tar.gz -C dist/apps/trading/.next/ .
sha256sum trading.tar.gz

Tasks

• [ ] Try out docker image for reproducible builds

What's next

Assuming this works, then we can use the same technique to produce artifacts in github for every release. Hopefully after that we can then:

• Produce an IPFS hash in advance for a release of all apps
• Switch our CI pipelines to pull the build artifact from github, rather than building many times for each environment

Notes

• NX cloud cache is fine. Ideally it should work with or without the cache. If in doubt, skip cache.
• Ensure consistent node versions
• Ensure yarn is using the lock and not deviating or upgrading anything
• nix also exists

#2355 is related but split out