Switch build target from main.go to a package.

This changes the way go embeds versions in the binary. Today, Grype can't determine which k3s version is used in k3s itself because it's built with the file. Here's what a scan looks like: ``` NAME INSTALLED FIXED-IN TYPE VULNERABILITY SEVERITY github.com/k3s-io/k3s (devel) 1.24.17 go-module GHSA-m4hf-6vgr-75r2 High ``` If you make this switch, the scanner can correctly determine the version instead of (devel). Signed-off-by: Dan Lorenc <[email protected]>
k3s-io · Sep 12, 2023 · 56c1f39 · 56c1f39
1 parent 550dd05
commit 56c1f39
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/scripts/build b/scripts/build
@@ -134,7 +134,7 @@ if [ ! -x ${INSTALLBIN}/cni ]; then
 fi
 
 echo Building k3s
-CGO_ENABLED=1 "${GO}" build $BLDFLAGS -tags "$TAGS" -gcflags="all=${GCFLAGS}" -ldflags "$VERSIONFLAGS $LDFLAGS $STATIC" -o bin/k3s ./cmd/server/main.go
+CGO_ENABLED=1 "${GO}" build $BLDFLAGS -tags "$TAGS" -gcflags="all=${GCFLAGS}" -ldflags "$VERSIONFLAGS $LDFLAGS $STATIC" -o bin/k3s ./cmd/server
 ln -s k3s ./bin/containerd
 ln -s k3s ./bin/crictl
 ln -s k3s ./bin/ctr