Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add vcsinfo when building with goreleaser (#3993)
Currently in Go, a release that is built via `go build main.go` will always be labeled with its version as being `(devel)` (even if building from the [git tag commit](golang/go#50603)): ```sh go version -m /usr/local/bin/nats-server | grep nats-server/v2 dep github.com/nats-io/nats-server/v2 (devel) ``` And in order to include the release version of the module in the binary it has to be built using `go install`: ```sh go install github.com/nats-io/nats-server/v2@v2.9.15 | grep nats-server/v2 path github.com/nats-io/nats-server/v2 mod github.com/nats-io/nats-server/v2 v2.9.15 h1:MuwEJheIwpvFgqvbs20W8Ish2azcygjf4Z0liVu2I4c= ``` This changes to build the package with `go build .` which is going to be enough to fix the trivy / grype issues. This also adds the `trimpath` build flag to remove the filesystem paths from where the binary was built. This should help reducing some of the false positives from vulnerability scanners which are not matching with the proper version of the binary as in #3992 with a `malformed version` warning. Fixes #3992
- Loading branch information