From 9413b9fb197ae047876a12ba71725613af4e26bb Mon Sep 17 00:00:00 2001
From: Guilherme Macedo <guilherme@gmacedo.com>
Date: Thu, 9 Jan 2025 10:10:22 -0300
Subject: [PATCH] VEX related improvements in the build process

Signed-off-by: Guilherme Macedo <guilherme@gmacedo.com>
---
 Makefile           | 5 ++++-
 package/Dockerfile | 5 +++++
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/Makefile b/Makefile
index f8f6ed21..954165c1 100644
--- a/Makefile
+++ b/Makefile
@@ -76,7 +76,10 @@ $(SETUP_ENVTEST):
 
 .PHONY: operator
 operator:
-	CGO_ENABLED=0 go build -o bin/eks-operator main.go
+	CGO_ENABLED=0 go build -ldflags \
+            "-X github.com/rancher/eks-operator/pkg/version.GitCommit=$(GIT_COMMIT) \
+             -X github.com/rancher/eks-operator/pkg/version.Version=$(TAG)" \
+        -o bin/eks-operator .
 
 .PHONY: generate-go
 generate-go: $(MOCKGEN)
diff --git a/package/Dockerfile b/package/Dockerfile
index 053f5132..a7837056 100644
--- a/package/Dockerfile
+++ b/package/Dockerfile
@@ -11,6 +11,11 @@ RUN rm -rf /tmp/* /var/tmp/* /usr/share/doc/packages/*
 ENV KUBECONFIG="/home/eks-operator/.kube/config"
 ENV SSL_CERT_DIR="/etc/rancher/ssl"
 
+# Once this image is migrated to be SLSA compliant and the Go build happens
+# inside a build layer, we must pass the version and commit ID to the build,
+# similar to what was done in https://github.com/rancher/aks-operator/pull/803 .
+# This is just a reference for future changes, because it's needed for our VEX
+# work.
 COPY bin/eks-operator /usr/bin/
 COPY package/entrypoint.sh /usr/bin
 RUN chmod +x /usr/bin/entrypoint.sh