Is there any effort to make the builds reproducible, so people check that the source code matches the image?
I don’t think that this is technically possible, at least not in a way which would give you a 100% certainity.
You could try to reverse-engineer the binaries but that will only give you a rough idea of what the original source code looked like.
Another approach would be to compile the source yourself and then check the binaries against each other to see if there are any differences. However, this would probably not work as the compiled binaries will never exactly match each other even if the source code is the same (depends on the settings of your build environment, compiler used, etc.).
So the only way with which you can completely verify that the image matches the corresponding source code whilst also being the least time-intensive way is to actually compile the images for your phone yourself in your own build environment. There are a bunch of tutorials in this forum on how to do this - just give it a quick search.
Otherwise, you always have to put some trust in /e/ that the images don’t contain any malicious bits.
What you still could do is checking the signature of the image you are downloading. This won’t tell you anything about the original source but it will tell you if the image has been tampered/replaced on the server or while being downloaded which will also help you to reduce the risk of a compromised phone.