From 7c7d76e98d7679bbdaa08f4e466feba2afbf52e4 Mon Sep 17 00:00:00 2001
From: Guilherme Macedo <guilherme@gmacedo.com>
Date: Thu, 9 Jan 2025 13:59:15 -0300
Subject: [PATCH] VEX related improvements in the build process

Signed-off-by: Guilherme Macedo <guilherme@gmacedo.com>
---
 Makefile           | 5 ++++-
 package/Dockerfile | 5 +++++
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/Makefile b/Makefile
index 60aab7e6..4bf1e058 100644
--- a/Makefile
+++ b/Makefile
@@ -79,7 +79,10 @@ $(SETUP_ENVTEST):
 
 .PHONY: operator
 operator:
-	CGO_ENABLED=0 go build -o bin/gke-operator main.go
+	CGO_ENABLED=0 go build -ldflags \
+            "-X github.com/rancher/gke-operator/pkg/version.GitCommit=$(GIT_COMMIT) \
+             -X github.com/rancher/gke-operator/pkg/version.Version=$(TAG)" \
+        -o bin/gke-operator .
 
 .PHONY: generate-go
 generate-go: $(MOCKGEN)
diff --git a/package/Dockerfile b/package/Dockerfile
index 6f34945c..d24d1f69 100644
--- a/package/Dockerfile
+++ b/package/Dockerfile
@@ -11,6 +11,11 @@ RUN rm -rf /tmp/* /var/tmp/* /usr/share/doc/packages/*
 ENV KUBECONFIG="/home/gke-operator/.kube/config"
 ENV SSL_CERT_DIR="/etc/rancher/ssl"
 
+# Once this image is migrated to be SLSA compliant and the Go build happens
+# inside a build layer, we must pass the version and commit ID to the build,
+# similar to what was done in https://github.com/rancher/aks-operator/pull/803 .
+# This is just a reference for future changes, because it's needed for our VEX
+# work.
 COPY bin/gke-operator /usr/bin/
 COPY package/entrypoint.sh /usr/bin
 RUN chmod +x /usr/bin/entrypoint.sh