build timestamp in the container seems to be before the tag was created?
06kellyjac opened this issue · comments
What steps did you take and what happened:
Run the following when on tag v0.14.0
or commit 4aa2a11c0c5e6362c1ce04d736ec2fd1997bdaf8
git log --date=format:'%Y-%m-%dT%H:%M:%SZ' -1 --pretty=%ad
get 2022-01-20T11:24:40Z
Run
docker run -it aquasec/starboard:0.14.0 version
get 2022-01-20T11:03:24Z
🤔
What did you expect to happen:
I'd expect it to be the same or after. This might be a timezone thing but the format 2022-01-21T15:49:27Z
should be in UTC...
It does look like the container is built with goreleaser (https://github.com/aquasecurity/starboard/blob/main/.github/workflows/release.yaml#L189-L195) and the goreleaser docs say it uses UTC so I'm a bit confused
.Date | current UTC date in RFC 3339 format
https://goreleaser.com/customization/templates/
at the end of the day this is why I dislike non-reproducable values like "build time" baked into artifacts
That's an interesting observation @06kellyjac All build info is indeed injected by GoReleaser with linker flags. We don't handle it manually. If that's a concern it should be handled by GoReleaser.