Feature: Locally reproducible builds

[infeo]

Closes #106.

[coderabbitai]

Walkthrough

The PR updates pom.xml to enable reproducible builds by adding project.build.outputTimestamp and wiring it into an exec-maven-plugin execution (--date=${project.build.outputTimestamp}). It centralizes Maven plugin version management by introducing version properties for many plugins (clean, install, deploy, enforcer, compiler, shade, exec, surefire, jar, source, javadoc, gpg, resources, central-publishing) and replacing hard-coded plugin versions with ${...}.version property references. A changelog entry for locally reproducible builds was added. No build lifecycle semantics or core plugin executions were altered beyond versioning and the new timestamp argument.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Suggested reviewers

• overheadhunter

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'Feature: Locally reproducible builds' clearly and specifically summarizes the main objective of the pull request.
Description check	✅ Passed	The description 'Closes #106' is directly related to the changeset and indicates the linked issue being addressed.
Linked Issues check	✅ Passed	The pull request successfully implements the main objective from issue #106 by introducing locally reproducible builds through Maven configuration changes.
Out of Scope Changes check	✅ Passed	All changes in the pull request are directly related to implementing reproducible builds, with no out-of-scope modifications detected.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 0

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

pom.xml (1)

16-50: Add explicit maven-resources-plugin declaration to use the pinned version property.

The mvn-resources.version property is defined but never applied to any plugin configuration. Without an explicit plugin declaration, Maven will use the default resources plugin version from the local Maven distribution, undermining the reproducible-builds goal. Add the plugin declaration to pin the version.

🔧 Proposed fix

 			<plugin>
 				<groupId>org.apache.maven.plugins</groupId>
 				<artifactId>maven-deploy-plugin</artifactId>
 				<version>${mvn-deploy.version}</version>
 			</plugin>
+			<plugin>
+				<groupId>org.apache.maven.plugins</groupId>
+				<artifactId>maven-resources-plugin</artifactId>
+				<version>${mvn-resources.version}</version>
+			</plugin>