Switch build target from main.go to a package. #8342
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
In order to reduce the size of the build container, builds are run without access to the full contents of the .git dir. This prevents golang from being able to determine VCS stamps. We should probably add cc @dereknola |
|
👀 I am in support of building without the VCS. |
|
@dlorenc are you up for adding that build flag to this PR? |
brandond
approved these changes
Sep 27, 2023
This changes the way go embeds versions in the binary. Today, Grype can't determine which k3s version is used in k3s itself because it's built with the file. Here's what a scan looks like: ``` NAME INSTALLED FIXED-IN TYPE VULNERABILITY SEVERITY github.com/k3s-io/k3s (devel) 1.24.17 go-module GHSA-m4hf-6vgr-75r2 High ``` If you make this switch, the scanner can correctly determine the version instead of (devel). Signed-off-by: Dan Lorenc <dlorenc@chainguard.dev>
Signed-off-by: Derek Nola <derek.nola@suse.com>
Codecov ReportAll modified lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## master #8342 +/- ##
===========================================
+ Coverage 19.55% 51.18% +31.62%
===========================================
Files 84 144 +60
Lines 7904 14964 +7060
===========================================
+ Hits 1546 7660 +6114
+ Misses 6123 6093 -30
- Partials 235 1211 +976
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
dereknola
approved these changes
Oct 9, 2023
brandond
pushed a commit
to brandond/k3s
that referenced
this pull request
Oct 12, 2023
* Switch build target from main.go to a package. * Dont build with vcs Signed-off-by: Dan Lorenc <dlorenc@chainguard.dev> Signed-off-by: Derek Nola <derek.nola@suse.com> Co-authored-by: Derek Nola <derek.nola@suse.com> (cherry picked from commit 3d25e9f) Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
brandond
pushed a commit
to brandond/k3s
that referenced
this pull request
Oct 12, 2023
* Switch build target from main.go to a package. * Dont build with vcs Signed-off-by: Dan Lorenc <dlorenc@chainguard.dev> Signed-off-by: Derek Nola <derek.nola@suse.com> Co-authored-by: Derek Nola <derek.nola@suse.com> (cherry picked from commit 3d25e9f) Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
brandond
pushed a commit
to brandond/k3s
that referenced
this pull request
Oct 12, 2023
* Switch build target from main.go to a package. * Dont build with vcs Signed-off-by: Dan Lorenc <dlorenc@chainguard.dev> Signed-off-by: Derek Nola <derek.nola@suse.com> Co-authored-by: Derek Nola <derek.nola@suse.com> (cherry picked from commit 3d25e9f) Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
This was referenced Oct 12, 2023
brandond
pushed a commit
to brandond/k3s
that referenced
this pull request
Oct 13, 2023
* Switch build target from main.go to a package. * Dont build with vcs Signed-off-by: Dan Lorenc <dlorenc@chainguard.dev> Signed-off-by: Derek Nola <derek.nola@suse.com> Co-authored-by: Derek Nola <derek.nola@suse.com> (cherry picked from commit 3d25e9f) Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
brandond
pushed a commit
that referenced
this pull request
Oct 13, 2023
* Switch build target from main.go to a package. * Dont build with vcs Signed-off-by: Dan Lorenc <dlorenc@chainguard.dev> Signed-off-by: Derek Nola <derek.nola@suse.com> Co-authored-by: Derek Nola <derek.nola@suse.com> (cherry picked from commit 3d25e9f) Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
brandond
pushed a commit
that referenced
this pull request
Oct 13, 2023
* Switch build target from main.go to a package. * Dont build with vcs Signed-off-by: Dan Lorenc <dlorenc@chainguard.dev> Signed-off-by: Derek Nola <derek.nola@suse.com> Co-authored-by: Derek Nola <derek.nola@suse.com> (cherry picked from commit 3d25e9f) Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
brandond
pushed a commit
that referenced
this pull request
Oct 13, 2023
* Switch build target from main.go to a package. * Dont build with vcs Signed-off-by: Dan Lorenc <dlorenc@chainguard.dev> Signed-off-by: Derek Nola <derek.nola@suse.com> Co-authored-by: Derek Nola <derek.nola@suse.com> (cherry picked from commit 3d25e9f) Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
This was referenced Nov 1, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Proposed Changes
This changes the way go embeds versions in the binary. Today, Grype can't determine which k3s version is used in k3s itself because it's built with the file. Here's what a scan looks like:
If you make this switch, the scanner can correctly determine the version instead of (devel).
Types of Changes
Bugfix
Verification
Build k3s and scan it.
Testing
Linked Issues
User-Facing Change
Further Comments