What steps did you take and what happened:

Run the following when on tag v0.14.0 or commit 4aa2a11c0c5e6362c1ce04d736ec2fd1997bdaf8

git log --date=format:'%Y-%m-%dT%H:%M:%SZ' -1 --pretty=%ad

get 2022-01-20T11:24:40Z

Run

docker run -it aquasec/starboard:0.14.0 version

get 2022-01-20T11:03:24Z

🤔

What did you expect to happen:

I'd expect it to be the same or after. This might be a timezone thing but the format 2022-01-21T15:49:27Z should be in UTC...

It does look like the container is built with goreleaser (https://github.com/aquasecurity/starboard/blob/main/.github/workflows/release.yaml#L189-L195) and the goreleaser docs say it uses UTC so I'm a bit confused

.Date | current UTC date in RFC 3339 format https://goreleaser.com/customization/templates/

at the end of the day this is why I dislike non-reproducable values like "build time" baked into artifacts

That's an interesting observation @06kellyjac All build info is indeed injected by GoReleaser with linker flags. We don't handle it manually. If that's a concern it should be handled by GoReleaser.