Lower the workload caused by reproducible builds Jenkins jobs

Originally created by @intrigeri on #12633 (Redmine)

Currently, when I push a commit to a base branch, 3 ISOs are built from the same commit:

one ISO is built by the build_Tails_ISO_$branch job;
two ISOs are built by the reproducibly_build_Tails_ISO_$branch job and then compared.

We really need to build only 2 of these ISOs to get what we want, so there’s room for improvement wrt. our CI infrastructure latency and throughput => usefulness.

I suggest instead having any successful build_Tails_ISO_$branch job trigger another job, that would:

get as input the ISO built by build_Tails_ISO_$branch (a checksum would be enough in the best case, but we really need that ISO to compare when they differ), and any relevant parameter e.g. the commit ID and base branch commit ID;
build a second ISO image (ideally with different build settings e.g. a time offset applied and a different CPU, but this is certainly not a blocker for this ticket)
run diffoscope to compare these ISOs
if these ISOs are the same, then delete all artifacts; otherwise, archive both ISO build artifacts + the diffoscope output

This looks very similar to what we already do for the test_Tails_ISO_* jobs, so I expect it will be pretty cheap to implement.

And as a bonus, in most cases the 2 ISOs will be built on two different isobuilders, which increases the value of the reproducibility testing :)

Feature Branch: puppet-tails:feature/12633-lower-reproducible-builds-workload;jenkins-jobs:feature/12633-lower-reproducible-builds-workload

Parent Task: tails#5630 (closed)

Related issues

Related to tails#13436 (closed)
Related to #14924 (closed)
Related to #14944 (closed)
Related to tails#14946 (closed)
Related to tails#14871
Related to #14875 (closed)

Edited May 15, 2020 by intrigeri

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information